Hi Sergey,
OK to push with a few minor comments.
Sergey Glukhov wrote:
> #At file:///home/gluh/MySQL/bazaar/mysql-5.0-22763/
>
> 2678 Sergey Glukhov 2008-09-05
> Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
> The problem:
> I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
> privileges for a view.
> It leads to discrepancy between SHOW CREATE VIEW and I_S.VIEWS.
Please add a description of the fix.
> modified:
> mysql-test/r/information_schema_db.result
> mysql-test/t/information_schema_db.test
> sql/sql_show.cc
>
> per-file messages:
> mysql-test/r/information_schema_db.result
> test result
> mysql-test/t/information_schema_db.test
> test case
> sql/sql_show.cc
> The problem:
> I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
> privileges for a view.
> It leads to discrepancy between SHOW CREATE VIEW and I_S.VIEWS.
> === modified file 'mysql-test/r/information_schema_db.result'
> --- a/mysql-test/r/information_schema_db.result 2007-10-26 07:01:29 +0000
> +++ b/mysql-test/r/information_schema_db.result 2008-09-05 13:44:28 +0000
> @@ -209,3 +209,24 @@ drop view testdb_1.v1, v2, testdb_1.v3,
> drop database testdb_1;
> drop user testdb_1@localhost;
> drop user testdb_2@localhost;
> +create database testdb_1;
> +create table testdb_1.t1 (a int);
> +create view testdb_1.v1 as select * from testdb_1.t1;
> +grant show view on testdb_1.* to mysqltest_1@localhost;
> +grant select on testdb_1.v1 to mysqltest_1@localhost;
> +select table_schema, table_name, view_definition from information_schema.views
> +where table_name='v1';
> +table_schema table_name view_definition
> +testdb_1 v1 /* ALGORITHM=UNDEFINED */ select `testdb_1`.`t1`.`a` AS `a` from
> `testdb_1`.`t1`
> +show create view testdb_1.v1;
> +View Create View
> +v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW
> `testdb_1`.`v1` AS select `testdb_1`.`t1`.`a` AS `a` from `testdb_1`.`t1`
> +revoke select on testdb_1.v1 from mysqltest_1@localhost;
> +select table_schema, table_name, view_definition from information_schema.views
> +where table_name='v1';
> +table_schema table_name view_definition
> +testdb_1 v1
> +show create view testdb_1.v1;
> +ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 'v1'
> +drop user mysqltest_1@localhost;
> +drop database testdb_1;
>
> === modified file 'mysql-test/t/information_schema_db.test'
> --- a/mysql-test/t/information_schema_db.test 2007-03-23 18:24:03 +0000
> +++ b/mysql-test/t/information_schema_db.test 2008-09-05 13:44:28 +0000
> @@ -82,6 +82,7 @@ drop function func2;
> drop database `inf%`;
> drop procedure mbase.p1;
> drop database mbase;
> +disconnect user1;
>
> #
> # Bug#18282 INFORMATION_SCHEMA.TABLES provides inconsistent info about invalid
> views
> @@ -210,3 +211,32 @@ drop view testdb_1.v1, v2, testdb_1.v3,
> drop database testdb_1;
> drop user testdb_1@localhost;
> drop user testdb_2@localhost;
> +
> +#
> +# Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
> +#
> +create database testdb_1;
> +create table testdb_1.t1 (a int);
> +create view testdb_1.v1 as select * from testdb_1.t1;
> +
> +grant show view on testdb_1.* to mysqltest_1@localhost;
> +grant select on testdb_1.v1 to mysqltest_1@localhost;
> +
> +connect (user1,localhost,mysqltest_1,,test);
> +connection user1;
> +select table_schema, table_name, view_definition from information_schema.views
> +where table_name='v1';
> +show create view testdb_1.v1;
> +
> +connection default;
> +revoke select on testdb_1.v1 from mysqltest_1@localhost;
> +connection user1;
> +select table_schema, table_name, view_definition from information_schema.views
> +where table_name='v1';
> +--error 1142
Use ER_TABLEACCESS_DENIED_ERROR instead of 1142
> +show create view testdb_1.v1;
> +
> +connection default;
> +drop user mysqltest_1@localhost;
> +drop database testdb_1;
> +disconnect user1;
>
> === modified file 'sql/sql_show.cc'
> --- a/sql/sql_show.cc 2008-08-15 20:13:27 +0000
> +++ b/sql/sql_show.cc 2008-09-05 13:44:28 +0000
> @@ -3170,6 +3170,28 @@ static int get_schema_views_record(THD *
> !my_strcasecmp(system_charset_info, tables->definer.host.str,
> sctx->priv_host))
> tables->allowed_show= TRUE;
> +#ifndef NO_EMBEDDED_ACCESS_CHECKS
> + else
> + {
> + if ((thd->col_access & (SHOW_VIEW_ACL|SELECT_ACL)) ==
> + (SHOW_VIEW_ACL|SELECT_ACL))
> + tables->allowed_show= TRUE;
> + else
> + {
> + TABLE_LIST table_list;
> + uint view_access;
> + bzero((char*) &table_list,sizeof(table_list));
Use memset.
> + table_list.db= (char*) tables->view_db.str;
Drop unnecessary cast.
> + table_list.db_length= tables->view_db.length;
AFAICS, there is no reason to assign db_length. You do not assign
table_name_length either..
> + table_list.table_name= tables->view_name.str;
> + table_list.grant.privilege= thd->col_access;
> + view_access= get_table_grant(thd, &table_list);
> + if ((view_access & (SHOW_VIEW_ACL|SELECT_ACL)) ==
> + (SHOW_VIEW_ACL|SELECT_ACL))
> + tables->allowed_show= TRUE;
> + }
> + }
> +#endif
> }
> restore_record(table, s->default_values);
> table->field[1]->store(tables->view_db.str, tables->view_db.length,
> cs);
>
>
OK.
-- Davi
