AGAIN I ASK ....
If views are processed in the security context of the user using them,
what role does the name of who created the view play in determining
permissions? ( I think I know what the answer should be, I just want to
hear it from you guys)
Can a user be granted permission to use a view if they do not have rights
to at least some of the underlying columns from the source tables?
What if a user tries to create a view that includes columns they normally
could not reference? Will that succeed? If it succeeds and a user that
normally would have permission to view the base table data uses the new
view would they be blocked from seeing that data because the view was
created by someone restricted from viewing it in the first place?
I am asking these questions,now, so that we have a chance to build the
correct logic into this process before it gets too far along. These should
also be good test cases.
Shawn Green
Database Administrator
Unimin Corporation - Spruce Pine
dlenev@stripped wrote on 09/28/2005 10:43:56 AM:
> Below is the list of changes that have just been committed into a local
> 5.0 repository of dlenev. When dlenev does a push these changes will
> be propagated to the main repository and, within 24 hours after the
> push, to the public repository.
> For information on how to access the public repository
> see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
>
> ChangeSet
> 1.2006 05/09/28 18:43:46 dlenev@stripped +3 -0
> Fix for bug #13546 "Build errors with --with-embedded-server
> --with-embedded-privilege-control options". One more (hopefully last)
build
> failure which was introduced during work on WL#2787 "Add view
definer/owner
> to the view definition..."
>
> sql/sql_parse.cc
> 1.496 05/09/28 18:43:41 dlenev@stripped +3 -3
> check_user():
> Updated function description to refelect the fact that THD::
> user/host/ip/...
> members were moved to separate Security_context class.
>
> sql/sql_acl.cc
> 1.174 05/09/28 18:43:40 dlenev@stripped +2 -2
> acl_getroot():
> Updated function description to refelect the fact that THD::
> user/host/ip/...
> members were moved to separate Security_context class.
>
> libmysqld/lib_sql.cc
> 1.106 05/09/28 18:43:40 dlenev@stripped +9 -8
> create_embedded_thd()/check_embedded_connection():
> Several security related THD members (user, host, ip,
> priv_user, ...) have
> moved to the Security_context class. New THD::security_ctx
> member points to
> active security context.
>
> # This is a BitKeeper patch. What follows are the unified diffs for the
> # set of deltas contained in the patch. The rest of the patch, the part
> # that BitKeeper cares about, is below these diffs.
> # User: dlenev
> # Host: brandersnatch.site
> # Root: /home/dlenev/src/mysql-5.0-bg13546
>
> --- 1.173/sql/sql_acl.cc 2005-09-23 00:46:49 +04:00
> +++ 1.174/sql/sql_acl.cc 2005-09-28 18:43:40 +04:00
> @@ -693,8 +693,8 @@
> SYNOPSIS
> acl_getroot()
> thd thread handle. If all checks are OK,
> - thd->priv_user, thd->master_access are updated.
> - thd->host, thd->ip, thd->user are used for checks.
> + thd->security_ctx->priv_user/master_access are updated.
> + thd->security_ctx->host/ip/user are used for checks.
> mqh user resources; on success mqh is reset, else
> unchanged
> passwd scrambled & crypted password, received from client
>
> --- 1.495/sql/sql_parse.cc 2005-09-26 12:12:20 +04:00
> +++ 1.496/sql/sql_parse.cc 2005-09-28 18:43:41 +04:00
> @@ -246,7 +246,7 @@
>
> SYNOPSIS
> check_user()
> - thd thread handle, thd->{host,user,ip} are used
> + thd thread handle, thd->security_ctx->{host,user,ip} are
used
> command originator of the check: now check_user is called
> during connect and change user procedures; used for
> logging.
> @@ -261,8 +261,8 @@
> are 'IN'.
>
> RETURN VALUE
> - 0 OK; thd->user, thd->master_access, thd->priv_user, thd->db and
> - thd->db_access are updated; OK is sent to client;
> + 0 OK; thd->security_ctx->user/master_access/priv_user/db_access
and
> + thd->db are updated; OK is sent to client;
> -1 access denied or handshake error; error is sent to client;
> >0 error, not sent to client
> */
>
> --- 1.105/libmysqld/lib_sql.cc 2005-09-28 15:59:49 +04:00
> +++ 1.106/libmysqld/lib_sql.cc 2005-09-28 18:43:40 +04:00
> @@ -514,8 +514,8 @@
> thd->db= db;
> thd->db_length= db ? strip_sp(db) : 0;
> #ifndef NO_EMBEDDED_ACCESS_CHECKS
> - thd->db_access= DB_ACLS;
> - thd->master_access= ~NO_ACCESS;
> + thd->security_ctx->db_access= DB_ACLS;
> + thd->security_ctx->master_access= ~NO_ACCESS;
> #endif
> thd->net.query_cache_query= 0;
>
> @@ -542,26 +542,27 @@
> int check_embedded_connection(MYSQL *mysql)
> {
> THD *thd= (THD*)mysql->thd;
> + Security_context *sctx= thd->security_ctx;
> int result;
> char scramble_buff[SCRAMBLE_LENGTH];
> int passwd_len;
>
> if (mysql->options.client_ip)
> {
> - thd->host= my_strdup(mysql->options.client_ip, MYF(0));
> - thd->ip= my_strdup(thd->host, MYF(0));
> + sctx->host= my_strdup(mysql->options.client_ip, MYF(0));
> + sctx->ip= my_strdup(sctx->host, MYF(0));
> }
> else
> - thd->host= (char*)my_localhost;
> - thd->host_or_ip= thd->host;
> + sctx->host= (char*)my_localhost;
> + sctx->host_or_ip= sctx->host;
>
> - if (acl_check_host(thd->host,thd->ip))
> + if (acl_check_host(sctx->host, sctx->ip))
> {
> result= ER_HOST_NOT_PRIVILEGED;
> goto err;
> }
>
> - thd->user= my_strdup(mysql->user, MYF(0));
> + sctx->user= my_strdup(mysql->user, MYF(0));
> if (mysql->passwd && mysql->passwd[0])
> {
> memset(thd->scramble, 55, SCRAMBLE_LENGTH); // dummy scramble
>
> --
> MySQL Internals Mailing List
> For list archives: http://lists.mysql.com/internals
> To unsubscribe: http://lists.mysql.com/internals?unsub=1
>
