From: Date: April 26 2006 3:24pm
Subject: bk commit into 5.0 tree (gluh:1.2100) BUG#16681
List-Archive: http://lists.mysql.com/commits/5576
X-Bug: 16681
Message-Id: <20060426132433.300F0528F61@eagle.intranet.mysql.r18.ru>

Below is the list of changes that have just been committed into a local
5.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2100 06/04/26 18:24:22 gluh@stripped +3 -0
  Bug#16681 information_schema shows forbidden VIEW details
  show view definition to users that have the needed privilleges

  sql/sql_show.cc
    1.317 06/04/26 18:24:16 gluh@stripped +32 -3
    Bug#16681 information_schema shows forbidden VIEW details
    show view definition to users that have the needed privilleges

  mysql-test/t/information_schema.test
    1.73 06/04/26 18:24:16 gluh@stripped +19 -0
    Bug#16681 information_schema shows forbidden VIEW details
     test case

  mysql-test/r/information_schema.result
    1.102 06/04/26 18:24:16 gluh@stripped +13 -0
    Bug#16681 information_schema shows forbidden VIEW details
     test case

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	gluh
# Host:	eagle.intranet.mysql.r18.ru
# Root:	/home/gluh/MySQL/Bugs/5.0.17204

--- 1.316/sql/sql_show.cc	Tue Apr 25 15:02:31 2006
+++ 1.317/sql/sql_show.cc	Wed Apr 26 18:24:16 2006
@@ -3066,11 +3066,40 @@ static int get_schema_views_record(THD *
 
   if (tables->view)
   {
+    Security_context *sctx= thd->security_ctx;
+    ulong grant= SHOW_VIEW_ACL;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+    char *save_table_name= tables->table_name;
+    if (!my_strcasecmp(system_charset_info, tables->definer.user.str,
+                       sctx->priv_user) &&
+        !my_strcasecmp(system_charset_info, tables->definer.host.str,
+                       sctx->priv_host))
+      grant= SHOW_VIEW_ACL;
+    else
+    {
+      tables->table_name= tables->view_name.str;
+      if (check_access(thd, SHOW_VIEW_ACL , base_name,
+                       &tables->grant.privilege, 0, 1,
+                       test(tables->schema_table)))
+        grant= get_table_grant(thd, tables);
+      else
+        grant= tables->grant.privilege;
+    }
+    tables->table_name= save_table_name;
+#endif
+
     restore_record(table, s->default_values);
     table->field[1]->store(tables->view_db.str, tables->view_db.length, cs);
-    table->field[2]->store(tables->view_name.str, tables->view_name.length,
-                           cs);
-    table->field[3]->store(tables->query.str, tables->query.length, cs);
+    table->field[2]->store(tables->view_name.str, tables->view_name.length, cs);
+
+    if (grant & SHOW_VIEW_ACL ||
+        !my_strcasecmp(system_charset_info,
+                       tables->definer.user.str,
+                       information_schema_name.str) &&
+	!my_strcasecmp(system_charset_info,
+                       tables->definer.host.str,
+                       information_schema_name.str))
+      table->field[3]->store(tables->query.str, tables->query.length, cs);
 
     if (tables->with_check != VIEW_CHECK_NONE)
     {

--- 1.101/mysql-test/r/information_schema.result	Tue Apr 25 15:02:31 2006
+++ 1.102/mysql-test/r/information_schema.result	Wed Apr 26 18:24:16 2006
@@ -1123,3 +1123,16 @@ delete from proc where name='';
 select routine_name from information_schema.routines;
 routine_name
 use test;
+grant select on test.* to mysqltest_1@localhost;
+create table t1 (id int);
+create view v1 as select * from t1;
+create definer = mysqltest_1@localhost
+sql security definer view v2 as select 1;
+select * from information_schema.views
+where table_name='v1' or table_name='v2';
+TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	VIEW_DEFINITION	CHECK_OPTION	IS_UPDATABLE	DEFINER	SECURITY_TYPE
+NULL	test	v1		NONE	YES	root@localhost	DEFINER
+NULL	test	v2	select 1 AS `1`	NONE	NO	mysqltest_1@localhost	DEFINER
+drop view v1, v2;
+drop table t1;
+drop user mysqltest_1@localhost;

--- 1.72/mysql-test/t/information_schema.test	Tue Apr 25 15:02:31 2006
+++ 1.73/mysql-test/t/information_schema.test	Wed Apr 26 18:24:16 2006
@@ -835,3 +835,22 @@ select routine_name from information_sch
 delete from proc where name='';
 select routine_name from information_schema.routines;
 use test;
+
+#
+# Bug#16681 information_schema shows forbidden VIEW details
+#
+grant select on test.* to mysqltest_1@localhost;
+create table t1 (id int);
+create view v1 as select * from t1;
+create definer = mysqltest_1@localhost
+sql security definer view v2 as select 1;
+
+connect (con16681,localhost,mysqltest_1,,test);
+connection con16681;
+
+select * from information_schema.views
+where table_name='v1' or table_name='v2';
+connection default;
+drop view v1, v2;
+drop table t1;
+drop user mysqltest_1@localhost;