Below is the list of changes that have just been committed into a local
5.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2007-03-05 18:46:59+04:00, gluh@stripped +7 -0
Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
if ((user has priviliges on underlying tables) or
(current_user is definer and security context is definer)) and
user has 'SHOW_VIEW_ACL' on view and user has 'SELECT_ACL' on view
then we show body.
mysql-test/r/information_schema.result@stripped, 2007-03-05 18:46:57+04:00, gluh@stripped +28 -7
result fix
mysql-test/r/information_schema_db.result@stripped, 2007-03-05 18:46:58+04:00, gluh@stripped +4 -1
result fix
mysql-test/t/information_schema.test@stripped, 2007-03-05 18:46:58+04:00, gluh@stripped +29 -3
test case
mysql-test/t/information_schema_db.test@stripped, 2007-03-05 18:46:58+04:00, gluh@stripped +0 -1
test case fix
sql/sql_acl.cc@stripped, 2007-03-05 18:46:58+04:00, gluh@stripped +9 -4
checked that user has privileges on underlying table and
set no_privs_on_underlying_tables for top view
sql/sql_show.cc@stripped, 2007-03-05 18:46:58+04:00, gluh@stripped +27 -9
if ((user has priviliges on underlying tables) or
(current_user is definer and security context is definer)) and
user has 'SHOW_VIEW_ACL' on the view and user has 'SELECT_ACL' on the view
then we show body.
sql/table.h@stripped, 2007-03-05 18:46:58+04:00, gluh@stripped +1 -1
'allowed_show' is renamed to 'no_privs_on_underlying_tables'
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: gluh
# Host: eagle.(none)
# Root: /home/gluh/MySQL/Bugs/5.0.22763
--- 1.217/sql/sql_acl.cc 2007-02-22 18:59:55 +04:00
+++ 1.218/sql/sql_acl.cc 2007-03-05 18:46:58 +04:00
@@ -3811,10 +3811,10 @@ bool check_column_grant_in_table_ref(THD
view_privs= get_column_grant(thd, grant, db_name, table_name, name);
if (view_privs & VIEW_ANY_ACL)
{
- table_ref->belong_to_view->allowed_show= TRUE;
+ table_ref->belong_to_view->no_privs_on_underlying_tables= FALSE;
return FALSE;
}
- table_ref->belong_to_view->allowed_show= FALSE;
+ table_ref->belong_to_view->no_privs_on_underlying_tables= TRUE;
my_message(ER_VIEW_NO_EXPLAIN, ER(ER_VIEW_NO_EXPLAIN), MYF(0));
return TRUE;
}
@@ -3829,8 +3829,13 @@ bool check_column_grant_in_table_ref(THD
}
if (grant->want_privilege)
- return check_grant_column(thd, grant, db_name, table_name, name,
- length, sctx);
+ {
+ bool res= check_grant_column(thd, grant, db_name, table_name, name,
+ length, sctx);
+ if (table_ref->belong_to_view)
+ table_ref->belong_to_view->no_privs_on_underlying_tables= res;
+ return res;
+ }
else
return FALSE;
--- 1.341/sql/sql_show.cc 2007-02-22 18:59:55 +04:00
+++ 1.342/sql/sql_show.cc 2007-03-05 18:46:58 +04:00
@@ -390,7 +390,14 @@ mysqld_show_create(THD *thd, TABLE_LIST
/* Only one table for now, but VIEW can involve several tables */
if (open_normal_and_derived_tables(thd, table_list, 0))
{
- if (!table_list->view || thd->net.last_errno != ER_VIEW_INVALID)
+ Security_context *sctx= thd->security_ctx;
+ if (!table_list->view ||
+ !(table_list->view_suid &&
+ !my_strcasecmp(system_charset_info, table_list->definer.user.str,
+ sctx->priv_user) &&
+ !my_strcasecmp(system_charset_info, table_list->definer.host.str,
+ sctx->priv_host) ||
+ !table_list->no_privs_on_underlying_tables))
DBUG_RETURN(TRUE);
/*
@@ -3145,19 +3152,30 @@ static int get_schema_views_record(THD *
if (tables->view)
{
+ bool show_body= 0;
Security_context *sctx= thd->security_ctx;
- if (!tables->allowed_show)
+ if (tables->view_suid &&
+ !my_strcasecmp(system_charset_info, tables->definer.user.str,
+ sctx->priv_user) &&
+ !my_strcasecmp(system_charset_info, tables->definer.host.str,
+ sctx->priv_host) ||
+ !tables->no_privs_on_underlying_tables)
{
- if (!my_strcasecmp(system_charset_info, tables->definer.user.str,
- sctx->priv_user) &&
- !my_strcasecmp(system_charset_info, tables->definer.host.str,
- sctx->priv_host))
- tables->allowed_show= TRUE;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+ {
+ fill_effective_table_privileges(thd, &tables->grant,
+ tables->view_db.str,
+ tables->view_name.str);
+ show_body= (bool) ((tables->grant.privilege & SHOW_VIEW_ACL) &&
+ (tables->grant.privilege & SELECT_ACL));
+ }
+#endif
}
+
restore_record(table, s->default_values);
table->field[1]->store(tables->view_db.str, tables->view_db.length, cs);
table->field[2]->store(tables->view_name.str, tables->view_name.length, cs);
- if (tables->allowed_show)
+ if (show_body)
{
char buff[2048];
String qwe_str(buff, sizeof(buff), cs);
@@ -3192,7 +3210,7 @@ static int get_schema_views_record(THD *
table->field[7]->store(STRING_WITH_LEN("INVOKER"), cs);
if (schema_table_store_record(thd, table))
DBUG_RETURN(1);
- if (res)
+ if (res && thd->net.last_errno != ER_VIEW_INVALID)
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
thd->net.last_errno, thd->net.last_error);
}
--- 1.138/sql/table.h 2007-02-12 16:06:12 +04:00
+++ 1.139/sql/table.h 2007-03-05 18:46:58 +04:00
@@ -581,7 +581,6 @@ typedef struct st_table_list
tables. Unlike 'next_local', this in this list views are *not*
leaves. Created in setup_tables() -> make_leaves_list().
*/
- bool allowed_show;
st_table_list *next_leaf;
Item *where; /* VIEW WHERE clause condition */
Item *check_option; /* WITH CHECK OPTION condition */
@@ -634,6 +633,7 @@ typedef struct st_table_list
bool compact_view_format; /* Use compact format for SHOW CREATE VIEW */
/* view where processed */
bool where_processed;
+ bool no_privs_on_underlying_tables;
/* FRMTYPE_ERROR if any type is acceptable */
enum frm_type_enum required_type;
char timestamp_buffer[20]; /* buffer for timestamp (19+1) */
--- 1.120/mysql-test/r/information_schema.result 2007-02-12 16:06:12 +04:00
+++ 1.121/mysql-test/r/information_schema.result 2007-03-05 18:46:57 +04:00
@@ -656,17 +656,11 @@ where table_schema='test';
table_name
v2
v3
-Warnings:
-Warning 1356 View 'test.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
-Warning 1356 View 'test.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
select table_name from information_schema.views
where table_schema='test';
table_name
v2
v3
-Warnings:
-Warning 1356 View 'test.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
-Warning 1356 View 'test.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
select column_name from information_schema.columns
where table_schema='test';
column_name
@@ -1122,7 +1116,7 @@ select * from information_schema.views
where table_name='v1' or table_name='v2';
TABLE_CATALOG TABLE_SCHEMA TABLE_NAME VIEW_DEFINITION CHECK_OPTION IS_UPDATABLE DEFINER SECURITY_TYPE
NULL test v1 NONE YES root@localhost DEFINER
-NULL test v2 /* ALGORITHM=UNDEFINED */ select 1 AS `1` NONE NO mysqltest_1@localhost DEFINER
+NULL test v2 NONE NO mysqltest_1@localhost DEFINER
drop view v1, v2;
drop table t1;
drop user mysqltest_1@localhost;
@@ -1315,3 +1309,30 @@ TABLE_PRIVILEGES information_schema.TABL
TRIGGERS information_schema.TRIGGERS 1
USER_PRIVILEGES information_schema.USER_PRIVILEGES 1
VIEWS information_schema.VIEWS 1
+create database mysqltest;
+create table mysqltest.t1 (a int);
+create view mysqltest.v1 as select * from mysqltest.t1;
+grant select on mysqltest.* to mysqltest22763@localhost;
+grant show view on mysqltest.* to mysqltest22763@localhost;
+grant create view on mysqltest.* to mysqltest22763@localhost;
+create view mysqltest.v2 as select * from mysqltest.t1;
+select table_schema, table_name, view_definition from information_schema.views
+where table_name = 'v1';
+table_schema table_name view_definition
+mysqltest v1 /* ALGORITHM=UNDEFINED */ select `mysqltest`.`t1`.`a` AS `a` from `mysqltest`.`t1`
+show create view mysqltest.v1;
+View Create View
+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest`.`v1` AS select `mysqltest`.`t1`.`a` AS `a` from `mysqltest`.`t1`
+revoke select on mysqltest.* from mysqltest22763@localhost;
+grant select on mysqltest.v2 to mysqltest22763@localhost;
+select table_schema, table_name, view_definition from information_schema.views
+where table_name = 'v2';
+table_schema table_name view_definition
+mysqltest v2 /* ALGORITHM=UNDEFINED */ select `mysqltest`.`t1`.`a` AS `a` from `mysqltest`.`t1`
+show create view mysqltest.v2;
+View Create View
+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest22763`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest`.`v2` AS select `mysqltest`.`t1`.`a` AS `a` from `mysqltest`.`t1`
+Warnings:
+Warning 1356 View 'mysqltest.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+drop database mysqltest;
+drop user mysqltest22763@localhost;
--- 1.90/mysql-test/t/information_schema.test 2007-02-12 16:06:12 +04:00
+++ 1.91/mysql-test/t/information_schema.test 2007-03-05 18:46:58 +04:00
@@ -971,9 +971,6 @@ SELECT COLUMN_NAME, MD5(COLUMN_DEFAULT),
DROP TABLE bug23037;
DROP FUNCTION get_value;
-
-
-
#
# Bug#22413: EXPLAIN SELECT FROM view with ORDER BY yield server crash
#
@@ -1022,5 +1019,34 @@ where t.table_schema = 'information_sche
(c2.column_type = 'varchar(7)' or c2.column_type = 'varchar(20)')
group by c2.column_type order by num limit 1)
group by t.table_name order by num1, t.table_name;
+
+#
+# Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
+#
+
+create database mysqltest;
+create table mysqltest.t1 (a int);
+create view mysqltest.v1 as select * from mysqltest.t1;
+grant select on mysqltest.* to mysqltest22763@localhost;
+grant show view on mysqltest.* to mysqltest22763@localhost;
+grant create view on mysqltest.* to mysqltest22763@localhost;
+connect (user22763, localhost,mysqltest22763,,test);
+connection user22763;
+create view mysqltest.v2 as select * from mysqltest.t1;
+select table_schema, table_name, view_definition from information_schema.views
+where table_name = 'v1';
+show create view mysqltest.v1;
+
+connection default;
+revoke select on mysqltest.* from mysqltest22763@localhost;
+grant select on mysqltest.v2 to mysqltest22763@localhost;
+connection user22763;
+select table_schema, table_name, view_definition from information_schema.views
+where table_name = 'v2';
+show create view mysqltest.v2;
+
+connection default;
+drop database mysqltest;
+drop user mysqltest22763@localhost;
# End of 5.0 tests.
--- 1.9/mysql-test/r/information_schema_db.result 2006-08-08 12:50:00 +05:00
+++ 1.10/mysql-test/r/information_schema_db.result 2007-03-05 18:46:58 +04:00
@@ -113,7 +113,10 @@ create view v2 as select f1 from testdb_
create view v4 as select f1,f2 from testdb_1.v3;
revoke insert(f1) on v3 from testdb_2@localhost;
show create view v4;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+View Create View
+v4 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_2`@`localhost` SQL SECURITY DEFINER VIEW `test`.`v4` AS select `v3`.`f1` AS `f1`,`v3`.`f2` AS `f2` from `testdb_1`.`v3`
+Warnings:
+Warning 1356 View 'test.v4' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
show fields from v4;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
show fields from v2;
--- 1.7/mysql-test/t/information_schema_db.test 2006-11-13 20:06:41 +04:00
+++ 1.8/mysql-test/t/information_schema_db.test 2007-03-05 18:46:58 +04:00
@@ -133,7 +133,6 @@ connection testdb_1;
revoke insert(f1) on v3 from testdb_2@localhost;
connection testdb_2;
---error 1345
show create view v4;
--error 1345
show fields from v4;
| Thread |
|---|
| • bk commit into 5.0 tree (gluh:1.2433) BUG#22763 | gluh | 5 Mar |
