Below is the list of changes that have just been committed into a local
5.0 repository of evgen. When evgen does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2006-08-15 21:45:24+04:00, evgen@stripped +9 -0
Fixed bug#21261: Wrong access rights was required for an insert into a view
SELECT right instead of INSERT right was required for an insert into to a view.
This wrong behaviour appeared after the fix for bug #20989. Its intention was
to ask only SELECT right for all tables except the very first for a complex
INSERT query. But that patch has done it in a wrong way and lead to asking
a wrong access right for an insert into a view.
The setup_tables_and_check_access() function now accepts two want_access
parameters. One will be used for the first table and the second for other
tables.
mysql-test/r/view.result@stripped, 2006-08-15 21:42:29+04:00, evgen@stripped +19 -0
Added a test case for bug#21261: Wrong access rights was required for an insert into a view
mysql-test/t/view.test@stripped, 2006-08-15 21:42:25+04:00, evgen@stripped +30 -0
Added a test case for bug#21261: Wrong access rights was required for an insert into a view
sql/mysql_priv.h@stripped, 2006-08-15 21:44:09+04:00, evgen@stripped +1 -0
Fixed bug#21261: Wrong access rights was required for an insert into a view
The setup_tables_and_check_access() function now accepts two want_access
parameters.
sql/sql_base.cc@stripped, 2006-08-15 21:44:01+04:00, evgen@stripped +7 -2
Fixed bug#21261: Wrong access rights was required for an insert into a view
The setup_tables_and_check_access() function now accepts two want_access
parameters. One will be used for the first table and the second for other
tables.
sql/sql_delete.cc@stripped, 2006-08-15 21:43:57+04:00, evgen@stripped +2 -2
Fixed bug#21261: Wrong access rights was required for an insert into a view
Modified to use updated setup_tables_and_check_access() function.
sql/sql_insert.cc@stripped, 2006-08-15 21:43:56+04:00, evgen@stripped +1 -1
Fixed bug#21261: Wrong access rights was required for an insert into a view
Modified to use updated setup_tables_and_check_access() function.
sql/sql_load.cc@stripped, 2006-08-15 21:43:52+04:00, evgen@stripped +1 -0
Fixed bug#21261: Wrong access rights was required for an insert into a view
Modified to use updated setup_tables_and_check_access() function.
sql/sql_select.cc@stripped, 2006-08-15 21:43:23+04:00, evgen@stripped +1 -1
Fixed bug#21261: Wrong access rights was required for an insert into a view
Modified to use updated setup_tables_and_check_access() function.
sql/sql_update.cc@stripped, 2006-08-15 21:42:33+04:00, evgen@stripped +2 -2
Fixed bug#21261: Wrong access rights was required for an insert into a view
Modified to use updated setup_tables_and_check_access() function.
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: evgen
# Host: sunlight.local
# Root: /local_work/21261-bug-5.0-mysql
--- 1.403/sql/mysql_priv.h 2006-08-15 21:45:29 +04:00
+++ 1.404/sql/mysql_priv.h 2006-08-15 21:45:29 +04:00
@@ -974,6 +974,7 @@
TABLE_LIST *tables, Item **conds,
TABLE_LIST **leaves,
bool select_insert,
+ ulong want_access_first,
ulong want_access);
int setup_wild(THD *thd, TABLE_LIST *tables, List<Item> &fields,
List<Item> *sum_func_list, uint wild_num);
--- 1.347/sql/sql_base.cc 2006-08-15 21:45:29 +04:00
+++ 1.348/sql/sql_base.cc 2006-08-15 21:45:29 +04:00
@@ -4563,9 +4563,11 @@
TABLE_LIST *tables,
Item **conds, TABLE_LIST **leaves,
bool select_insert,
+ ulong want_access_first,
ulong want_access)
{
TABLE_LIST *leaves_tmp = NULL;
+ bool first_table= true;
if (setup_tables (thd, context, from_clause, tables, conds,
&leaves_tmp, select_insert))
@@ -4575,13 +4577,16 @@
*leaves = leaves_tmp;
for (; leaves_tmp; leaves_tmp= leaves_tmp->next_leaf)
+ {
if (leaves_tmp->belong_to_view &&
- check_single_table_access(thd, want_access, leaves_tmp))
+ check_single_table_access(thd, first_table ? want_access_first :
+ want_access, leaves_tmp))
{
tables->hide_view_error(thd);
return TRUE;
}
-
+ first_table= false;
+ }
return FALSE;
}
--- 1.177/sql/sql_delete.cc 2006-08-15 21:45:29 +04:00
+++ 1.178/sql/sql_delete.cc 2006-08-15 21:45:29 +04:00
@@ -350,7 +350,7 @@
&thd->lex->select_lex.top_join_list,
table_list, conds,
&select_lex->leaf_tables, FALSE,
- DELETE_ACL) ||
+ DELETE_ACL, SELECT_ACL) ||
setup_conds(thd, table_list, select_lex->leaf_tables, conds) ||
setup_ftfuncs(select_lex))
DBUG_RETURN(TRUE);
@@ -413,7 +413,7 @@
&thd->lex->select_lex.top_join_list,
lex->query_tables, &lex->select_lex.where,
&lex->select_lex.leaf_tables, FALSE,
- DELETE_ACL))
+ DELETE_ACL, SELECT_ACL))
DBUG_RETURN(TRUE);
--- 1.197/sql/sql_insert.cc 2006-08-15 21:45:29 +04:00
+++ 1.198/sql/sql_insert.cc 2006-08-15 21:45:29 +04:00
@@ -847,7 +847,7 @@
&thd->lex->select_lex.top_join_list,
table_list, where,
&thd->lex->select_lex.leaf_tables,
- select_insert, SELECT_ACL))
+ select_insert, INSERT_ACL, SELECT_ACL))
DBUG_RETURN(TRUE);
if (insert_into_view && !fields.elements)
--- 1.96/sql/sql_load.cc 2006-08-15 21:45:29 +04:00
+++ 1.97/sql/sql_load.cc 2006-08-15 21:45:29 +04:00
@@ -157,6 +157,7 @@
&thd->lex->select_lex.top_join_list,
table_list, &unused_conds,
&thd->lex->select_lex.leaf_tables, FALSE,
+ INSERT_ACL | UPDATE_ACL,
INSERT_ACL | UPDATE_ACL))
DBUG_RETURN(-1);
if (!table_list->table || // do not suport join view
--- 1.439/sql/sql_select.cc 2006-08-15 21:45:29 +04:00
+++ 1.440/sql/sql_select.cc 2006-08-15 21:45:29 +04:00
@@ -344,7 +344,7 @@
setup_tables_and_check_access(thd, &select_lex->context, join_list,
tables_list, &conds,
&select_lex->leaf_tables, FALSE,
- SELECT_ACL)) ||
+ SELECT_ACL, SELECT_ACL)) ||
setup_wild(thd, tables_list, fields_list, &all_fields, wild_num) ||
select_lex->setup_ref_array(thd, og_num) ||
setup_fields(thd, (*rref_pointer_array), fields_list, 1,
--- 1.194/sql/sql_update.cc 2006-08-15 21:45:29 +04:00
+++ 1.195/sql/sql_update.cc 2006-08-15 21:45:29 +04:00
@@ -627,7 +627,7 @@
&select_lex->top_join_list,
table_list, conds,
&select_lex->leaf_tables,
- FALSE, UPDATE_ACL) ||
+ FALSE, UPDATE_ACL, SELECT_ACL) ||
setup_conds(thd, table_list, select_lex->leaf_tables, conds) ||
select_lex->setup_ref_array(thd, order_num) ||
setup_order(thd, select_lex->ref_pointer_array,
@@ -722,7 +722,7 @@
&lex->select_lex.top_join_list,
table_list, &lex->select_lex.where,
&lex->select_lex.leaf_tables, FALSE,
- UPDATE_ACL))
+ UPDATE_ACL, SELECT_ACL))
DBUG_RETURN(TRUE);
if (setup_fields_with_no_wrap(thd, 0, *fields, 1, 0, 0))
--- 1.169/mysql-test/r/view.result 2006-08-15 21:45:29 +04:00
+++ 1.170/mysql-test/r/view.result 2006-08-15 21:45:29 +04:00
@@ -2850,3 +2850,22 @@
t1
DROP TABLE t1;
DROP VIEW IF EXISTS v1;
+CREATE DATABASE bug21261DB;
+CREATE TABLE t1 (x INT);
+CREATE SQL SECURITY INVOKER VIEW v1 AS SELECT x FROM t1;
+GRANT INSERT, UPDATE ON v1 TO 'user21261'@'localhost';
+GRANT INSERT, UPDATE ON t1 TO 'user21261'@'localhost';
+CREATE TABLE t2 (y INT);
+GRANT SELECT ON t2 TO 'user21261'@'localhost';
+INSERT INTO v1 (x) VALUES (5);
+UPDATE v1 SET x=1;
+GRANT SELECT ON v1 TO 'user21261'@'localhost';
+UPDATE v1,t2 SET x=1 WHERE x=y;
+SELECT * FROM t1;
+x
+1
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user21261'@'localhost';
+DROP USER 'user21261'@'localhost';
+DROP VIEW v1;
+DROP TABLE t1;
+DROP DATABASE bug21261DB;
--- 1.154/mysql-test/t/view.test 2006-08-15 21:45:29 +04:00
+++ 1.155/mysql-test/t/view.test 2006-08-15 21:45:29 +04:00
@@ -2718,3 +2718,33 @@
--disable_warnings
DROP VIEW IF EXISTS v1;
--enable_warnings
+
+#
+# Bug #21261: Wrong access rights was required for an insert to a view
+#
+CREATE DATABASE bug21261DB;
+CONNECT (root,localhost,root,,bug21261DB);
+CONNECTION root;
+
+CREATE TABLE t1 (x INT);
+CREATE SQL SECURITY INVOKER VIEW v1 AS SELECT x FROM t1;
+GRANT INSERT, UPDATE ON v1 TO 'user21261'@'localhost';
+GRANT INSERT, UPDATE ON t1 TO 'user21261'@'localhost';
+CREATE TABLE t2 (y INT);
+GRANT SELECT ON t2 TO 'user21261'@'localhost';
+
+CONNECT (user21261, localhost, user21261,, bug21261DB);
+CONNECTION user21261;
+INSERT INTO v1 (x) VALUES (5);
+UPDATE v1 SET x=1;
+CONNECTION root;
+GRANT SELECT ON v1 TO 'user21261'@'localhost';
+CONNECTION user21261;
+UPDATE v1,t2 SET x=1 WHERE x=y;
+CONNECTION root;
+SELECT * FROM t1;
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user21261'@'localhost';
+DROP USER 'user21261'@'localhost';
+DROP VIEW v1;
+DROP TABLE t1;
+DROP DATABASE bug21261DB;
Thread |
---|
• bk commit into 5.0 tree (evgen:1.2246) BUG#20989 | eugene | 15 Aug |