From: Date: August 15 2006 7:45pm Subject: bk commit into 5.0 tree (evgen:1.2246) BUG#20989 List-Archive: http://lists.mysql.com/commits/10501 X-Bug: 20989 Message-Id: <20060815174529.A46F850C2EC@sunlight.local> Below is the list of changes that have just been committed into a local 5.0 repository of evgen. When evgen does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet@stripped, 2006-08-15 21:45:24+04:00, evgen@stripped +9 -0 Fixed bug#21261: Wrong access rights was required for an insert into a view SELECT right instead of INSERT right was required for an insert into to a view. This wrong behaviour appeared after the fix for bug #20989. Its intention was to ask only SELECT right for all tables except the very first for a complex INSERT query. But that patch has done it in a wrong way and lead to asking a wrong access right for an insert into a view. The setup_tables_and_check_access() function now accepts two want_access parameters. One will be used for the first table and the second for other tables. mysql-test/r/view.result@stripped, 2006-08-15 21:42:29+04:00, evgen@stripped +19 -0 Added a test case for bug#21261: Wrong access rights was required for an insert into a view mysql-test/t/view.test@stripped, 2006-08-15 21:42:25+04:00, evgen@stripped +30 -0 Added a test case for bug#21261: Wrong access rights was required for an insert into a view sql/mysql_priv.h@stripped, 2006-08-15 21:44:09+04:00, evgen@stripped +1 -0 Fixed bug#21261: Wrong access rights was required for an insert into a view The setup_tables_and_check_access() function now accepts two want_access parameters. sql/sql_base.cc@stripped, 2006-08-15 21:44:01+04:00, evgen@stripped +7 -2 Fixed bug#21261: Wrong access rights was required for an insert into a view The setup_tables_and_check_access() function now accepts two want_access parameters. One will be used for the first table and the second for other tables. sql/sql_delete.cc@stripped, 2006-08-15 21:43:57+04:00, evgen@stripped +2 -2 Fixed bug#21261: Wrong access rights was required for an insert into a view Modified to use updated setup_tables_and_check_access() function. sql/sql_insert.cc@stripped, 2006-08-15 21:43:56+04:00, evgen@stripped +1 -1 Fixed bug#21261: Wrong access rights was required for an insert into a view Modified to use updated setup_tables_and_check_access() function. sql/sql_load.cc@stripped, 2006-08-15 21:43:52+04:00, evgen@stripped +1 -0 Fixed bug#21261: Wrong access rights was required for an insert into a view Modified to use updated setup_tables_and_check_access() function. sql/sql_select.cc@stripped, 2006-08-15 21:43:23+04:00, evgen@stripped +1 -1 Fixed bug#21261: Wrong access rights was required for an insert into a view Modified to use updated setup_tables_and_check_access() function. sql/sql_update.cc@stripped, 2006-08-15 21:42:33+04:00, evgen@stripped +2 -2 Fixed bug#21261: Wrong access rights was required for an insert into a view Modified to use updated setup_tables_and_check_access() function. # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: evgen # Host: sunlight.local # Root: /local_work/21261-bug-5.0-mysql --- 1.403/sql/mysql_priv.h 2006-08-15 21:45:29 +04:00 +++ 1.404/sql/mysql_priv.h 2006-08-15 21:45:29 +04:00 @@ -974,6 +974,7 @@ TABLE_LIST *tables, Item **conds, TABLE_LIST **leaves, bool select_insert, + ulong want_access_first, ulong want_access); int setup_wild(THD *thd, TABLE_LIST *tables, List &fields, List *sum_func_list, uint wild_num); --- 1.347/sql/sql_base.cc 2006-08-15 21:45:29 +04:00 +++ 1.348/sql/sql_base.cc 2006-08-15 21:45:29 +04:00 @@ -4563,9 +4563,11 @@ TABLE_LIST *tables, Item **conds, TABLE_LIST **leaves, bool select_insert, + ulong want_access_first, ulong want_access) { TABLE_LIST *leaves_tmp = NULL; + bool first_table= true; if (setup_tables (thd, context, from_clause, tables, conds, &leaves_tmp, select_insert)) @@ -4575,13 +4577,16 @@ *leaves = leaves_tmp; for (; leaves_tmp; leaves_tmp= leaves_tmp->next_leaf) + { if (leaves_tmp->belong_to_view && - check_single_table_access(thd, want_access, leaves_tmp)) + check_single_table_access(thd, first_table ? want_access_first : + want_access, leaves_tmp)) { tables->hide_view_error(thd); return TRUE; } - + first_table= false; + } return FALSE; } --- 1.177/sql/sql_delete.cc 2006-08-15 21:45:29 +04:00 +++ 1.178/sql/sql_delete.cc 2006-08-15 21:45:29 +04:00 @@ -350,7 +350,7 @@ &thd->lex->select_lex.top_join_list, table_list, conds, &select_lex->leaf_tables, FALSE, - DELETE_ACL) || + DELETE_ACL, SELECT_ACL) || setup_conds(thd, table_list, select_lex->leaf_tables, conds) || setup_ftfuncs(select_lex)) DBUG_RETURN(TRUE); @@ -413,7 +413,7 @@ &thd->lex->select_lex.top_join_list, lex->query_tables, &lex->select_lex.where, &lex->select_lex.leaf_tables, FALSE, - DELETE_ACL)) + DELETE_ACL, SELECT_ACL)) DBUG_RETURN(TRUE); --- 1.197/sql/sql_insert.cc 2006-08-15 21:45:29 +04:00 +++ 1.198/sql/sql_insert.cc 2006-08-15 21:45:29 +04:00 @@ -847,7 +847,7 @@ &thd->lex->select_lex.top_join_list, table_list, where, &thd->lex->select_lex.leaf_tables, - select_insert, SELECT_ACL)) + select_insert, INSERT_ACL, SELECT_ACL)) DBUG_RETURN(TRUE); if (insert_into_view && !fields.elements) --- 1.96/sql/sql_load.cc 2006-08-15 21:45:29 +04:00 +++ 1.97/sql/sql_load.cc 2006-08-15 21:45:29 +04:00 @@ -157,6 +157,7 @@ &thd->lex->select_lex.top_join_list, table_list, &unused_conds, &thd->lex->select_lex.leaf_tables, FALSE, + INSERT_ACL | UPDATE_ACL, INSERT_ACL | UPDATE_ACL)) DBUG_RETURN(-1); if (!table_list->table || // do not suport join view --- 1.439/sql/sql_select.cc 2006-08-15 21:45:29 +04:00 +++ 1.440/sql/sql_select.cc 2006-08-15 21:45:29 +04:00 @@ -344,7 +344,7 @@ setup_tables_and_check_access(thd, &select_lex->context, join_list, tables_list, &conds, &select_lex->leaf_tables, FALSE, - SELECT_ACL)) || + SELECT_ACL, SELECT_ACL)) || setup_wild(thd, tables_list, fields_list, &all_fields, wild_num) || select_lex->setup_ref_array(thd, og_num) || setup_fields(thd, (*rref_pointer_array), fields_list, 1, --- 1.194/sql/sql_update.cc 2006-08-15 21:45:29 +04:00 +++ 1.195/sql/sql_update.cc 2006-08-15 21:45:29 +04:00 @@ -627,7 +627,7 @@ &select_lex->top_join_list, table_list, conds, &select_lex->leaf_tables, - FALSE, UPDATE_ACL) || + FALSE, UPDATE_ACL, SELECT_ACL) || setup_conds(thd, table_list, select_lex->leaf_tables, conds) || select_lex->setup_ref_array(thd, order_num) || setup_order(thd, select_lex->ref_pointer_array, @@ -722,7 +722,7 @@ &lex->select_lex.top_join_list, table_list, &lex->select_lex.where, &lex->select_lex.leaf_tables, FALSE, - UPDATE_ACL)) + UPDATE_ACL, SELECT_ACL)) DBUG_RETURN(TRUE); if (setup_fields_with_no_wrap(thd, 0, *fields, 1, 0, 0)) --- 1.169/mysql-test/r/view.result 2006-08-15 21:45:29 +04:00 +++ 1.170/mysql-test/r/view.result 2006-08-15 21:45:29 +04:00 @@ -2850,3 +2850,22 @@ t1 DROP TABLE t1; DROP VIEW IF EXISTS v1; +CREATE DATABASE bug21261DB; +CREATE TABLE t1 (x INT); +CREATE SQL SECURITY INVOKER VIEW v1 AS SELECT x FROM t1; +GRANT INSERT, UPDATE ON v1 TO 'user21261'@'localhost'; +GRANT INSERT, UPDATE ON t1 TO 'user21261'@'localhost'; +CREATE TABLE t2 (y INT); +GRANT SELECT ON t2 TO 'user21261'@'localhost'; +INSERT INTO v1 (x) VALUES (5); +UPDATE v1 SET x=1; +GRANT SELECT ON v1 TO 'user21261'@'localhost'; +UPDATE v1,t2 SET x=1 WHERE x=y; +SELECT * FROM t1; +x +1 +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user21261'@'localhost'; +DROP USER 'user21261'@'localhost'; +DROP VIEW v1; +DROP TABLE t1; +DROP DATABASE bug21261DB; --- 1.154/mysql-test/t/view.test 2006-08-15 21:45:29 +04:00 +++ 1.155/mysql-test/t/view.test 2006-08-15 21:45:29 +04:00 @@ -2718,3 +2718,33 @@ --disable_warnings DROP VIEW IF EXISTS v1; --enable_warnings + +# +# Bug #21261: Wrong access rights was required for an insert to a view +# +CREATE DATABASE bug21261DB; +CONNECT (root,localhost,root,,bug21261DB); +CONNECTION root; + +CREATE TABLE t1 (x INT); +CREATE SQL SECURITY INVOKER VIEW v1 AS SELECT x FROM t1; +GRANT INSERT, UPDATE ON v1 TO 'user21261'@'localhost'; +GRANT INSERT, UPDATE ON t1 TO 'user21261'@'localhost'; +CREATE TABLE t2 (y INT); +GRANT SELECT ON t2 TO 'user21261'@'localhost'; + +CONNECT (user21261, localhost, user21261,, bug21261DB); +CONNECTION user21261; +INSERT INTO v1 (x) VALUES (5); +UPDATE v1 SET x=1; +CONNECTION root; +GRANT SELECT ON v1 TO 'user21261'@'localhost'; +CONNECTION user21261; +UPDATE v1,t2 SET x=1 WHERE x=y; +CONNECTION root; +SELECT * FROM t1; +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user21261'@'localhost'; +DROP USER 'user21261'@'localhost'; +DROP VIEW v1; +DROP TABLE t1; +DROP DATABASE bug21261DB;