List:Commits« Previous MessageNext Message »
From:Martin Hansson Date:November 27 2009 12:00am
Subject:bzr commit into mysql-6.0 tree (mhansson:2666) Bug#35600, Bug#36086,
Bug#36963
View as plain text  
#At file:///data0/martin/bzr/6.0bt-privilege-bugs/

------------------------------------------------------------
revno: 2666
revision-id: mhansson@stripped
parent: kgeorge@stripped
committer: Martin Hansson <mhansson@stripped>
branch nick: 6.0bt-privilege-bugs
timestamp: Mon 2008-06-09 16:42:18 +0200
message:
  Bug#36086: SELECT * from views don't check column grants
  This patch also fixes bugs 36963 and 35600.
    
    - In many place a view was confused with an anonymous derived table, 
    i.e. access checking was skipped. Fixed by introducing a predicate 
    to tell the difference between named and anonymous derived tables.
    
    - When inserting fields for "SELECT * ", there was no distinction made
    between base tables and views when it should have. View privileges are 
    checked elsewhere.
    
    - Privileges for TEMPTABLE views should not be checked in check_grant.
modified:
  mysql-test/include/grant_cache.inc
sp1f-grant_cache.test-20011222131331-yyolv3e5rn7cdusubckncfd5rnwmaqqe
  mysql-test/r/grant2.result    
sp1f-grant2.result-20030722200047-flh2uaxcbwah7yfj5uohcoxndutgaced
  mysql-test/r/grant_cache_no_prot.result
sp1f-grant_cache.result-20011222131331-kfo3ynmyzyymd3wnp67ro6663xi6k7jx
  mysql-test/r/view_grant.result
sp1f-view_grant.result-20050404194355-hbbr5ud3thpo5tn65q6eyecswq5mdhwk
  mysql-test/t/grant2.test      
sp1f-grant2.test-20030722200048-galnas2hib5h2ygo4rzcnpblby7awdow
  mysql-test/t/view_grant.test  
sp1f-view_grant.test-20050404194355-y5ik7soywcms7xriyzo72dooviahc7cx
  sql/sql_acl.cc                
sp1f-sql_acl.cc-19700101030959-c4hku3uqxzujthqnndeprbrhamqy6a4i
  sql/sql_base.cc               
sp1f-sql_base.cc-19700101030959-w7tul2gb2n4jzayjwlslj3ybmf3uhk6a
  sql/sql_derived.cc            
sp1f-sql_derived.cc-20020326130604-4qz6ovo2xa6w5eslbmcx76agmnyyvsfh
  sql/sql_parse.cc              
sp1f-sql_parse.cc-19700101030959-ehcre3rwhv5l3mlxqhaxg36ujenxnrcd
  sql/table.cc                  
sp1f-table.cc-19700101030959-nsxtem2adyqzwe6nz4cgrpcmts3o54v7
  sql/table.h                   
sp1f-table.h-19700101030959-dv72bajftxj5fbdjuajquappanuv2ija
per-file comments:
  mysql-test/include/grant_cache.inc
    Bug#36086: Changed test case.
  mysql-test/r/grant2.result
    Bug#36086: Changed test result.
  mysql-test/r/grant_cache_no_prot.result
    Bug#36086: Changed test result.
  mysql-test/r/view_grant.result
    Bug#36086: 
    - Changed test results.
    - Test result.
  mysql-test/t/grant2.test
    Bug#36086: Changed test case.
  mysql-test/t/view_grant.test
    Bug#36086: 
    - Changed test cases.
    - Test case.
  sql/sql_acl.cc
    Bug 35600: In check_grant:
    - Changed the requirement for privilege checking from 
      table->derived != null to check all anonymous derived tables.
    - Use the access methods for getting object and database names.
    
    Bug#36086: In check_grant_all_columns:
    - Updated comment. This function is now called for views as well.
    - The error message should not disclose about column
      names unless the user has privilege to see all column names.
  sql/sql_base.cc
    Bug 36963: 
    - We should call check_grant_all_columns() for views only.
    
    We should not disclose column names in the error message when the user
    has no approprate privilege.
  sql/sql_derived.cc
    Bug#36086: 
    - Updated and doxygenated comment for mysql_derived_prepare().
    - Now we set SELECT_ACL only for *anonymous* derived tables.
  sql/sql_parse.cc
    Bug 35600: 
    - In check_single_table_access:
      Due to the bug, check_grant would raise an error for a
      SHOW_CREATE_TABLE for a TEMPTABLE view, when it should in
      fact not be be invoked in this case. This table privilege
      is instead checked in check_column_grant_in_table_ref.
       
    - In check_access:  
      - replaced table->derived
      - replaced ->db with ->get_database_name() (see table.h)
  sql/table.cc
    Bug#36086: 
        
    - TABLE_LIST::set_underlying_merge(): 
      Commenting only. Doxygenated, corrected spelling, added.
        
    - Implementation of TABLE_LIST::get_type()
      Moved the criteria for classifying a TABLE_LIST from comment 
      to code.
  sql/table.h
    Bug#36086: 
    - Commented GRANT_INFO.
    - Added a Type enum to TABLE_LIST and a get_type() method
    - added get_object_name() and get_database_name() to TABLE_LIST
      in order to hide the disparate representation of these properties.

Attachment: [text/text/x-diff] patch-2666.diff
Thread
bzr commit into mysql-6.0 tree (mhansson:2666) Bug#35600, Bug#36086,Bug#36963Martin Hansson9 Jun