MySQL Lists: commits: bk commit into 5.0 tree (tnurnberg:1.2230) BUG#20214

List:	Commits	« Previous Message Next Message »
From:	Tatjana A Nuernberg	Date:	August 3 2006 12:58pm
Subject:	bk commit into 5.0 tree (tnurnberg:1.2230) BUG#20214
View as plain text
Below is the list of changes that have just been committed into a local
5.0 repository of tnurnberg. When tnurnberg does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2006-08-03 14:58:13+02:00, tnurnberg@stripped +2 -0
  Bug#20214: Incorrect error when user calls SHOW CREATE VIEW on non privileged view
  
  "A SELECT privilege on a view is required for SHOW CREATE VIEW and it will stay
  that way because of compatibility reasons." (see #20136)
  
  a test case to illustrate how the ACLs work in this case (and ensure they will continue
  to do so in the future)

  mysql-test/r/grant.result@stripped, 2006-08-03 14:57:59+02:00, tnurnberg@stripped +75 -0
    Bug#20214: Incorrect error when user calls SHOW CREATE VIEW on non privileged view
    
    a test case to illustrate how the ACLs work in this case (and ensure they will continue
    to do so in the future)

  mysql-test/t/grant.test@stripped, 2006-08-03 14:57:59+02:00, tnurnberg@stripped +123 -0
    Bug#20214: Incorrect error when user calls SHOW CREATE VIEW on non privileged view
    
    a test case to illustrate how the ACLs work in this case (and ensure they will continue
    to do so in the future)

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	tnurnberg
# Host:	salvation.intern.azundris.com
# Root:	/home/tnurnberg/work/mysql-5.0-maint-20214

--- 1.52/mysql-test/r/grant.result	2006-08-03 14:58:28 +02:00
+++ 1.53/mysql-test/r/grant.result	2006-08-03 14:58:28 +02:00
@@ -867,3 +867,78 @@ insert into mysql.user select * from t2;
 flush privileges;
 drop table t2;
 drop table t1;
+CREATE DATABASE mysqltest3;
+use mysqltest3;
+CREATE TABLE t_nn (c1 INT);
+CREATE VIEW  v_nn AS SELECT * FROM t_nn;
+CREATE DATABASE mysqltest2;
+use mysqltest2;
+CREATE TABLE t_nn (c1 INT);
+CREATE VIEW  v_nn AS SELECT * FROM t_nn;
+CREATE VIEW  v_yn AS SELECT * FROM t_nn;
+CREATE VIEW  v_gy AS SELECT * FROM t_nn;
+CREATE VIEW  v_ny AS SELECT * FROM t_nn;
+CREATE VIEW  v_yy AS SELECT * FROM t_nn WHERE c1=55;
+GRANT SHOW VIEW        ON mysqltest2.v_ny TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
+GRANT SELECT           ON mysqltest2.v_yn TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
+GRANT SELECT           ON mysqltest2.*    TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
+GRANT SHOW VIEW,SELECT ON mysqltest2.v_yy TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
+SHOW CREATE VIEW  mysqltest2.v_nn;
+ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
+SHOW CREATE TABLE mysqltest2.v_nn;
+ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
+SHOW CREATE VIEW  mysqltest2.v_yn;
+ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v_yn'
+SHOW CREATE TABLE mysqltest2.v_yn;
+ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v_yn'
+SHOW CREATE TABLE mysqltest2.v_ny;
+View	Create View
+v_ny	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest2`.`v_ny` AS select `mysqltest2`.`t_nn`.`c1` AS `c1` from `mysqltest2`.`t_nn`
+SHOW CREATE VIEW  mysqltest2.v_ny;
+View	Create View
+v_ny	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest2`.`v_ny` AS select `mysqltest2`.`t_nn`.`c1` AS `c1` from `mysqltest2`.`t_nn`
+SHOW CREATE VIEW  mysqltest3.t_nn;
+ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't_nn'
+SHOW CREATE TABLE mysqltest3.t_nn;
+ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't_nn'
+SHOW CREATE VIEW  mysqltest3.v_nn;
+ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
+SHOW CREATE TABLE mysqltest3.v_nn;
+ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
+SHOW CREATE TABLE mysqltest2.t_nn;
+Table	Create Table
+t_nn	CREATE TABLE `t_nn` (
+  `c1` int(11) default NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1
+SHOW CREATE VIEW  mysqltest2.t_nn;
+ERROR HY000: 'mysqltest2.t_nn' is not VIEW
+SHOW CREATE VIEW mysqltest2.v_yy;
+View	Create View
+v_yy	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest2`.`v_yy` AS select `mysqltest2`.`t_nn`.`c1` AS `c1` from `mysqltest2`.`t_nn` where (`mysqltest2`.`t_nn`.`c1` = 55)
+SHOW CREATE TABLE mysqltest2.v_yy;
+View	Create View
+v_yy	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest2`.`v_yy` AS select `mysqltest2`.`t_nn`.`c1` AS `c1` from `mysqltest2`.`t_nn` where (`mysqltest2`.`t_nn`.`c1` = 55)
+SHOW CREATE TABLE mysqltest2.v_nn;
+View	Create View
+v_nn	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v_nn` AS select `t_nn`.`c1` AS `c1` from `t_nn`
+SHOW CREATE VIEW  mysqltest2.v_nn;
+View	Create View
+v_nn	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v_nn` AS select `t_nn`.`c1` AS `c1` from `t_nn`
+SHOW CREATE TABLE mysqltest2.t_nn;
+Table	Create Table
+t_nn	CREATE TABLE `t_nn` (
+  `c1` int(11) default NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1
+SHOW CREATE VIEW mysqltest2.t_nn;
+ERROR HY000: 'mysqltest2.t_nn' is not VIEW
+DROP VIEW  mysqltest2.v_nn;
+DROP VIEW  mysqltest2.v_yn;
+DROP VIEW  mysqltest2.v_ny;
+DROP VIEW  mysqltest2.v_yy;
+DROP TABLE mysqltest2.t_nn;
+DROP DATABASE mysqltest2;
+DROP VIEW  mysqltest3.v_nn;
+DROP TABLE mysqltest3.t_nn;
+DROP DATABASE mysqltest3;
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'mysqltest_1'@'localhost';
+DROP USER 'mysqltest_1'@'localhost';

--- 1.41/mysql-test/t/grant.test	2006-08-03 14:58:28 +02:00
+++ 1.42/mysql-test/t/grant.test	2006-08-03 14:58:28 +02:00
@@ -681,3 +681,126 @@ drop table t2;
 drop table t1;
 
 
+
+#
+# Bug#20214: Incorrect error when user calls SHOW CREATE VIEW on non
+#            privileged view
+#
+
+connection master;
+
+CREATE DATABASE mysqltest3;
+use mysqltest3;
+
+CREATE TABLE t_nn (c1 INT);
+CREATE VIEW  v_nn AS SELECT * FROM t_nn;
+
+CREATE DATABASE mysqltest2;
+use mysqltest2;
+
+CREATE TABLE t_nn (c1 INT);
+CREATE VIEW  v_nn AS SELECT * FROM t_nn;
+CREATE VIEW  v_yn AS SELECT * FROM t_nn;
+CREATE VIEW  v_gy AS SELECT * FROM t_nn;
+CREATE VIEW  v_ny AS SELECT * FROM t_nn;
+CREATE VIEW  v_yy AS SELECT * FROM t_nn WHERE c1=55;
+
+GRANT SHOW VIEW        ON mysqltest2.v_ny TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
+GRANT SELECT           ON mysqltest2.v_yn TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
+GRANT SELECT           ON mysqltest2.*    TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
+GRANT SHOW VIEW,SELECT ON mysqltest2.v_yy TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
+
+connect (mysqltest_1, localhost, mysqltest_1, mysqltest_1,);
+
+# fail because of missing SHOW VIEW (have generic SELECT)
+--error ER_TABLEACCESS_DENIED_ERROR
+SHOW CREATE VIEW  mysqltest2.v_nn;
+--error ER_TABLEACCESS_DENIED_ERROR
+SHOW CREATE TABLE mysqltest2.v_nn;
+
+
+
+# fail because of missing SHOW VIEW
+--error ER_TABLEACCESS_DENIED_ERROR
+SHOW CREATE VIEW  mysqltest2.v_yn;
+--error ER_TABLEACCESS_DENIED_ERROR
+SHOW CREATE TABLE mysqltest2.v_yn;
+
+
+
+# succeed (despite of missing SELECT, having SHOW VIEW bails us out)
+SHOW CREATE TABLE mysqltest2.v_ny;
+
+# succeed (despite of missing SELECT, having SHOW VIEW bails us out)
+SHOW CREATE VIEW  mysqltest2.v_ny;
+
+
+
+# fail because of missing (specific or generic) SELECT
+--error ER_TABLEACCESS_DENIED_ERROR
+SHOW CREATE TABLE mysqltest3.t_nn;
+
+# fail because of missing (specific or generic) SELECT (not because it's not a view!)
+--error ER_TABLEACCESS_DENIED_ERROR
+SHOW CREATE VIEW  mysqltest3.t_nn;
+
+
+
+# fail because of missing missing (specific or generic) SELECT (and SHOW VIEW)
+--error ER_TABLEACCESS_DENIED_ERROR
+SHOW CREATE VIEW  mysqltest3.v_nn;
+--error ER_TABLEACCESS_DENIED_ERROR
+SHOW CREATE TABLE mysqltest3.v_nn;
+
+
+
+# succeed thanks to generic SELECT
+SHOW CREATE TABLE mysqltest2.t_nn;
+
+# fail because it's not a view!  (have generic SELECT though)
+--error ER_WRONG_OBJECT
+SHOW CREATE VIEW  mysqltest2.t_nn;
+
+
+
+# succeed, have SELECT and SHOW VIEW
+SHOW CREATE VIEW mysqltest2.v_yy;
+
+# succeed, have SELECT and SHOW VIEW
+SHOW CREATE TABLE mysqltest2.v_yy;
+
+
+
+#clean-up
+connection master;
+
+# succeed, we're root
+SHOW CREATE TABLE mysqltest2.v_nn;
+SHOW CREATE VIEW  mysqltest2.v_nn;
+
+SHOW CREATE TABLE mysqltest2.t_nn;
+
+# fail because it's not a view!
+--error ER_WRONG_OBJECT
+SHOW CREATE VIEW mysqltest2.t_nn;
+
+
+
+DROP VIEW  mysqltest2.v_nn;
+DROP VIEW  mysqltest2.v_yn;
+DROP VIEW  mysqltest2.v_ny;
+DROP VIEW  mysqltest2.v_yy;
+
+DROP TABLE mysqltest2.t_nn;
+
+DROP DATABASE mysqltest2;
+
+
+
+DROP VIEW  mysqltest3.v_nn;
+DROP TABLE mysqltest3.t_nn;
+
+DROP DATABASE mysqltest3;
+
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'mysqltest_1'@'localhost';
+DROP USER 'mysqltest_1'@'localhost';
Thread
• bk commit into 5.0 tree (tnurnberg:1.2230) BUG#20214	Tatjana A Nuernberg	3 Aug