List:Commits« Previous MessageNext Message »
From:eugene Date:May 11 2007 9:19pm
Subject:bk commit into 5.0 tree (evgen:1.2479) BUG#27878
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of evgen. When evgen does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-05-11 23:19:11+04:00, evgen@stripped +4 -0
  Bug#27878: Unchecked privileges on a view referring to a table from another 
  database.
  
  If a user has a right to update anything in the current database then the 
  access was granted and further checks of access rights for underlying tables
  wasn't done correctly. The check is done before a view is opened and thus no
  check of access rights for underlying tables can be carried out.
  This allows a user to update through a view a table from another database for
  which he hasn't enough rights.
  
  Now the mysql_update() and the mysql_test_update() functions are forces
  re-checking of access rights after a view is opened.

  mysql-test/r/grant.result@stripped, 2007-05-11 23:18:44+04:00, evgen@stripped +19 -0
    Added a test case for the bug#27878: Unchecked privileges on a view referring to a
table from another database.

  mysql-test/t/grant.test@stripped, 2007-05-11 23:18:38+04:00, evgen@stripped +25 -0
    Added a test case for the bug#27878: Unchecked privileges on a view referring to a
table from another database.

  sql/sql_prepare.cc@stripped, 2007-05-11 23:18:53+04:00, evgen@stripped +3 -2
    Bug#27878: Unchecked privileges on a view referring to a table from another 
    database.
    Now the mysql_test_update() function forces re-checking of access rights after
    the view is opened.

  sql/sql_update.cc@stripped, 2007-05-11 23:18:46+04:00, evgen@stripped +3 -2
    Bug#27878: Unchecked privileges on a view referring to a table from another 
    database.
    Now the mysql_update() function forces re-checking of access rights after 
    the view is opened.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	evgen
# Host:	moonbone.local
# Root:	/mnt/gentoo64/work/27878-bug-5.0-opt-mysql

--- 1.216/sql/sql_update.cc	2007-04-26 20:50:57.000000000 +0400
+++ 1.217/sql/sql_update.cc	2007-05-11 23:18:46.000000000 +0400
@@ -173,8 +173,9 @@
   table->quick_keys.clear_all();
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-  /* TABLE_LIST contain right privilages request */
-  want_privilege= table_list->grant.want_privilege;
+  /* Force privilege re-checking for views after they have been opened. */
+  want_privilege= (table_list->view ? UPDATE_ACL :
+                   table_list->grant.want_privilege);
 #endif
   if (mysql_prepare_update(thd, table_list, &conds, order_num, order))
     DBUG_RETURN(1);

--- 1.64/mysql-test/r/grant.result	2007-04-24 13:08:00.000000000 +0400
+++ 1.65/mysql-test/r/grant.result	2007-05-11 23:18:44.000000000 +0400
@@ -1105,4 +1105,23 @@
 DROP DATABASE mysqltest1;
 DROP DATABASE mysqltest2;
 DROP USER mysqltest_1@localhost;
+use test;
+CREATE TABLE t1 (f1 int, f2 int);
+INSERT INTO t1 VALUES(1,1), (2,2);
+CREATE DATABASE db27878;
+GRANT UPDATE(f1) ON t1 TO 'mysqltest_1'@'localhost';
+GRANT SELECT ON `test`.* TO 'mysqltest_1'@'localhost';
+GRANT ALL ON db27878.* TO 'mysqltest_1'@'localhost';
+use db27878;
+CREATE SQL SECURITY INVOKER VIEW db27878.v1 AS SELECT * FROM test.t1;
+use db27878;
+UPDATE v1 SET f2 = 4;
+ERROR HY000: View 'db27878.v1' references invalid table(s) or column(s) or function(s) or
definer/invoker of view lack rights to use them
+SELECT * FROM test.t1;
+f1	f2
+1	1
+2	2
+DROP VIEW v1;
+use test;
+DROP TABLE t1;
 End of 5.0 tests

--- 1.54/mysql-test/t/grant.test	2007-04-24 13:08:00.000000000 +0400
+++ 1.55/mysql-test/t/grant.test	2007-05-11 23:18:38.000000000 +0400
@@ -413,6 +413,7 @@
 connection user1;
 -- error 1142
 alter table t1 rename t2;
+disconnect user1;
 connection root;
 revoke all privileges on mysqltest.t1 from mysqltest_1@localhost;
 delete from mysql.user where user=_binary'mysqltest_1';
@@ -1122,5 +1123,29 @@
 
 DROP USER mysqltest_1@localhost;
 
+#
+# Bug#27878: Unchecked privileges on a view referring to a table from another 
+#            database.
+#
+use test;
+CREATE TABLE t1 (f1 int, f2 int);
+INSERT INTO t1 VALUES(1,1), (2,2);
+CREATE DATABASE db27878;
+GRANT UPDATE(f1) ON t1 TO 'mysqltest_1'@'localhost';
+GRANT SELECT ON `test`.* TO 'mysqltest_1'@'localhost';
+GRANT ALL ON db27878.* TO 'mysqltest_1'@'localhost';
+use db27878;
+CREATE SQL SECURITY INVOKER VIEW db27878.v1 AS SELECT * FROM test.t1;
+connect (user1,localhost,mysqltest_1,,test);
+connection user1;
+use db27878;
+--error 1356
+UPDATE v1 SET f2 = 4;
+SELECT * FROM test.t1;
+disconnect user1;
+connection default;
+DROP VIEW v1;
+use test;
+DROP TABLE t1;
 
 --echo End of 5.0 tests

--- 1.198/sql/sql_prepare.cc	2007-03-28 21:46:37.000000000 +0400
+++ 1.199/sql/sql_prepare.cc	2007-05-11 23:18:53.000000000 +0400
@@ -1164,8 +1164,9 @@
     goto error;
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-  /* TABLE_LIST contain right privilages request */
-  want_privilege= table_list->grant.want_privilege;
+  /* Force privilege re-checking for views after they have been opened. */
+  want_privilege= (table_list->view ? UPDATE_ACL :
+                   table_list->grant.want_privilege);
 #endif
 
   if (mysql_prepare_update(thd, table_list, &select->where,
Thread
bk commit into 5.0 tree (evgen:1.2479) BUG#27878eugene11 May