PR #1127 and PR #1150

PR#1127: Fix is_check_constraints.result to be compatibile with 10.3 The patch is done according to the original patch for MDEV-14474 1edd09c and not one which is merged on server d526679. This patch includes: - Rename from `is_check_constraint` to `is_check_constraints` to tests and results - Per review, change the order of fields in IS check_constraints table by adding the column `table_name` before `constraint_name`. According to the standard 2006 there is no `table_name` column. - Original patch and one in `10.3` supports embedded server this patch doesn't support. After the merge `10.3` will not support also. - Don't use patch c8b8b01 to change the length of `CHECK_CLAUSE` field PR#1150: MDEV-18440: Information_schema.check_constraints possible data leak This patch is extension of PR 1127 and includes: - Check for table grants - Additional test according to the MDEV specification

Author: an3l

mysql-test/suite/funcs_1/r/is_check_constraint.result renamed to mysql-test/suite/funcs_1/r/is_check_constraints.result

@@ -119,3 +119,29 @@ disconnect con1;
 connection default;
 DROP USER boo1;
 DROP USER boo2;
+#
+# MDEV-18440: Information_schema.check_constraints possible data leak
+#
+CREATE USER foo;
+CREATE DATABASE db;
+USE db;
+CREATE TABLE t1 (a int, b int, CONSTRAINT CHECK (b > 0));
+INSERT INTO t1 VALUES (1, 2), (2, 3);
+GRANT SELECT (a) ON t1 TO foo;
+SHOW GRANTS FOR foo;
+Grants for foo@%
+GRANT USAGE ON *.* TO 'foo'@'%'
+GRANT SELECT (a) ON `db`.`t1` TO 'foo'@'%'
+SELECT * FROM information_schema.check_constraints;
+CONSTRAINT_CATALOG	CONSTRAINT_SCHEMA	TABLE_NAME	CONSTRAINT_NAME	CHECK_CLAUSE
+def	db	t1	CONSTRAINT_1	`b` > 0
+CONNECT con1,localhost, foo,, db;
+SELECT a FROM t1;
+a
+1
+2
+SELECT * FROM information_schema.check_constraints;
+CONSTRAINT_CATALOG	CONSTRAINT_SCHEMA	TABLE_NAME	CONSTRAINT_NAME	CHECK_CLAUSE
+connection default;
+DROP USER foo;
+DROP DATABASE db;

mysql-test/suite/funcs_1/t/is_check_constraint.test renamed to mysql-test/suite/funcs_1/t/is_check_constraints.test

@@ -40,7 +40,7 @@ CREATE TABLE t1
  CONSTRAINT CHECK (tt > 32), CONSTRAINT CHECK (tt <50),# autogenerated names table constraints
  CONSTRAINT CHK_tt CHECK(tt<100) # named table constraint
 ) ENGINE=InnoDB;
- --sorted_result
+--sorted_result
 SELECT * from information_schema.check_constraints;
 
 ALTER TABLE t1
@@ -55,7 +55,7 @@ start_date DATE,
 end_date DATE,
 CONSTRAINT CHK_dates CHECK(start_date IS NULL) #table constraint
 )ENGINE=Innodb;
- --sorted_result
+--sorted_result
 SELECT * from information_schema.check_constraints;
 
 ALTER TABLE t1
@@ -70,12 +70,12 @@ a int,
 b int check (b>0), # field constraint named 'b'
 CONSTRAINT b check (b>10) # table constraint
 ) ENGINE=InnoDB;
- --sorted_result
+--sorted_result
 SELECT * from information_schema.check_constraints;
 
 DISCONNECT con1;
 CONNECT(con2, localhost, boo2,, test);
- --sorted_result
+--sorted_result
 SELECT * from information_schema.check_constraints;
 
 DISCONNECT con2;
@@ -90,3 +90,28 @@ DISCONNECT con1;
 --CONNECTION default
 DROP USER boo1;
 DROP USER boo2;
+
+--echo #
+--echo # MDEV-18440: Information_schema.check_constraints possible data leak
+--echo #
+
+CREATE USER foo;
+CREATE DATABASE db;
+USE db;
+CREATE TABLE t1 (a int, b int, CONSTRAINT CHECK (b > 0));
+INSERT INTO t1 VALUES (1, 2), (2, 3);
+GRANT SELECT (a) ON t1 TO foo;
+
+SHOW GRANTS FOR foo;
+--sorted_result
+SELECT * FROM information_schema.check_constraints;
+
+CONNECT(con1,localhost, foo,, db);
+SELECT a FROM t1;
+--sorted_result
+SELECT * FROM information_schema.check_constraints;
+
+--CONNECTION default
+
+DROP USER foo;
+DROP DATABASE db;

sql/sql_show.cc

@@ -6526,7 +6526,7 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables,
  LEX_STRING *table_name)
 {
  DBUG_ENTER("get_check_constraints_record");
- if(res)
+ if (res)
  {
  if (thd->is_error())
  push_warning(thd, Sql_condition::WARN_LEVEL_WARN,
@@ -6535,24 +6535,40 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables,
  thd->clear_error();
  DBUG_RETURN(0);
  }
- if(!tables->view)
+ if (!tables->view)
  {
  StringBuffer<MAX_FIELD_WIDTH> str(system_charset_info);
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+ TABLE_LIST table_acl_check;
+ bzero((char*) &table_acl_check, sizeof(table_acl_check));
+#endif
  for (uint i= 0; i < tables->table->s->table_check_constraints; i++)
  {
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+ if (!(thd->col_access & TABLE_ACLS))
+ {
+ table_acl_check.db= db_name->str;
+ table_acl_check.db_length= db_name->length;
+ table_acl_check.table_name= table_name->str;
+ table_acl_check.table_name_length= table_name->length;
+ table_acl_check.grant.privilege= thd->col_access;
+ if (check_grant(thd, TABLE_ACLS, &table_acl_check, FALSE, 1, TRUE))
+ continue;
+ }
+#endif
  Virtual_column_info *check= tables->table->check_constraints[i];
  table->field[0]->store(STRING_WITH_LEN("def"), system_charset_info);
  table->field[3]->store(check->name.str, check->name.length,
  system_charset_info);
+ /* Make sure the string is empty between each print. */
  str.length(0);
  check->print(&str);
  table->field[4]->store(str.ptr(), str.length(), system_charset_info);
  if (schema_table_store_record(thd, table))
  DBUG_RETURN(1);
  }
  }
-
- DBUG_RETURN(0);
+ DBUG_RETURN(res);
 }
 
 static int get_schema_constraints_record(THD *thd, TABLE_LIST *tables,
@@ -9370,11 +9386,14 @@ ST_FIELD_INFO spatial_ref_sys_fields_info[]=
 ST_FIELD_INFO check_constraints_fields_info[]=
 {
  {"CONSTRAINT_CATALOG", FN_REFLEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE},
- {"CONSTRAINT_SCHEMA", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE},
+ {"CONSTRAINT_SCHEMA", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0,
+ OPEN_FULL_TABLE},
  {"TABLE_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE},
- {"CONSTRAINT_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE},
- {"CHECK_CLAUSE", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE},
- {0, 0, MYSQL_TYPE_STRING, 0, 0, 0, SKIP_OPEN_TABLE }
+ {"CONSTRAINT_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0,
+ OPEN_FULL_TABLE},
+ {"CHECK_CLAUSE", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0,
+ OPEN_FULL_TABLE},
+ {0, 0, MYSQL_TYPE_STRING, 0, 0, 0, SKIP_OPEN_TABLE}
 };
 
 /*
@@ -9393,7 +9412,7 @@ ST_SCHEMA_TABLE schema_tables[]=
  {"CHARACTER_SETS", charsets_fields_info, 0,
  fill_schema_charsets, make_character_sets_old_format, 0, -1, -1, 0, 0},
  {"CHECK_CONSTRAINTS", check_constraints_fields_info, 0, get_all_tables, 0,
- get_check_constraints_record, 1, 2, 0, OPTIMIZE_I_S_TABLE|OPEN_TABLE_ONLY},
+  get_check_constraints_record, 1, 2, 0, OPTIMIZE_I_S_TABLE|OPEN_TABLE_ONLY},
  {"COLLATIONS", collation_fields_info, 0,
  fill_schema_collation, make_old_format, 0, -1, -1, 0, 0},
  {"COLLATION_CHARACTER_SET_APPLICABILITY", coll_charset_app_fields_info,