[MDEV-28548] ER_TABLEACCESS_DENIED_ERROR is missing information about DB Created: 2022-05-12  Updated: 2022-09-30  Resolved: 2022-09-30

Status: Closed
Project: MariaDB Server
Component/s: Server
Affects Version/s: 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9
Fix Version/s: 10.3.37, 10.4.27, 10.5.18, 10.6.11, 10.7.7, 10.8.6, 10.9.4, 10.10.2, 10.11.1

Type: Bug Priority: Minor
Reporter: Anel Husakovic Assignee: Anel Husakovic
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-28455 CREATE TEMPORARY TABLES privilege is ... Closed

 Description    

connect  con1,localhost,foo,,db1;
 
show grants;
 
Grants for foo@localhost
 
GRANT USAGE ON *.* TO `foo`@`localhost`
 
GRANT CREATE ON `db1`.* TO `foo`@`localhost`
 
GRANT CREATE ON `db2`.* TO `foo`@`localhost`
 
create table t(t int);
 
show columns in t;
 
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't'

  • Database should be shown too: 

    ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 'db1.t'



 Comments   
Comment by Vicențiu Ciorbaru [ 2022-05-31 ]

Hi Anel!

Looks like you forgot the null pointer check like I told you here:

https://mariadb.zulipchat.com/#narrow/stream/252587-AskMonty/topic/MDEV-28548/near/282130265

Here is my suggestion:

@@ -7
 
763,9 +7763,13 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
 
     status_var_increment(thd->status_var.access_denied_errors);
 
 
 
     String str;
 
-    str.append(tl->get_db_name());
 
-    str.append('.');
 
-    str.append(tl->get_table_name());
 
+    if (tl)
 
+    {
 
+      str.append(tl->get_db_name());
 
+      str.append('.');
 
+      str.append(tl->get_table_name());
 
+    }
 
+

Also, as a stylistic / readability change, can you please rename all occurrences of your String str to be: String db_and_table.

Ok to push after this.

Comment by Sergei Golubchik [ 2022-06-06 ]

It should be fixed like

--- a/sql/share/errmsg-utf8.txt
 
+++ b/sql/share/errmsg-utf8.txt
 
@@ -3250,7 +3250,7 @@ ER_TABLEACCESS_DENIED_ERROR 42000
 
         cze "%-.100T příkaz nepřístupný pro uživatele: '%s'@'%s' pro tabulku '>
 
         dan "%-.100T-kommandoen er ikke tilladt for brugeren '%s'@'%s' for tab>
 
         nla "%-.100T commando geweigerd voor gebruiker: '%s'@'%s' voor tabel '>
 
-        eng "%-.100T command denied to user '%s'@'%s' for table '%-.192s'"
 
+        eng "%-.100T command denied to user '%s'@'%s' for table %`s.%`s'"
 
         jps "コマンド %-.100T は ユーザー '%s'@'%s' ,テーブル '%-.192s' に対し>
 
         est "%-.100T käsk ei ole lubatud kasutajale '%s'@'%s' tabelis '%-.192s>
 
         fre "La commande '%-.100T' est interdite à l'utilisateur: '%s'@'%s' su>
 
--- a/sql/sql_acl.cc
 
+++ b/sql/sql_acl.cc
 
@@ -7051,7 +7051,8 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
 
                            table_list->grant.want_privilege);
 
         my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
 
                  command, thd->security_ctx->priv_user,
 
-                 thd->security_ctx->host_or_ip, table_list->alias.str);
 
+                 thd->security_ctx->host_or_ip, table_list->db.str,
 
+                 table_list->alias.str);
 
         DBUG_RETURN(-1);
 
       }
 
     }

1. 'db.table' quoting is always wrong, it doesn't escape characters properly and doesn't produce a valid identifier
2. using a helper String makes sense only if the value is different in different invocations. if it's always 'db.table' — it should be in the error message

Comment by Vicențiu Ciorbaru [ 2022-06-06 ]

serg You are right with both points and for point #2 I had considered it, but I wrongly drew the conclusion that we can't change the string message in stable releases. I now realize that this restriction is about adding error messages, not about modifying existing ones.

anel note that Serg's proposed patch, which I agree with means you need to update the translation string for all languages to use the "escaping" syntax with 2 identifiers.

Comment by Anel Husakovic [ 2022-06-06 ]

Hi,
I knew that this could be solution but I didn't know when it is acceptable to change the error message.
I knew we cannot add the error messages to the stable releases, so followed the same logic for changing them.

Comment by Anel Husakovic [ 2022-07-16 ]

PR https://github.com/MariaDB/server/pull/2192

Comment by Vicențiu Ciorbaru [ 2022-07-19 ]

Review done. Please update the patch with the requested changes then send back for review.

Comment by Anel Husakovic [ 2022-08-09 ]

PR updated.

Comment by Anel Husakovic [ 2022-09-30 ]

Pushed with commit 1f51d6c0f65 to 10.3.

Generated at Thu Feb 08 10:01:35 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.