Commit fa710dfb authored by unknown's avatar unknown

Merge moonlight.home:/home/tomash/src/mysql_ab/mysql-5.0

into  moonlight.home:/home/tomash/src/mysql_ab/mysql-5.0-bug24404


sql/sql_view.cc:
  Auto merged
mysql-test/r/view_grant.result:
  Manual merge.
mysql-test/t/view_grant.test:
  Manual merge.
parents c9078c40 0541dcad
...@@ -731,3 +731,46 @@ SELECT * FROM v1; ...@@ -731,3 +731,46 @@ SELECT * FROM v1;
ERROR HY000: There is no 'def_17254'@'localhost' registered ERROR HY000: There is no 'def_17254'@'localhost' registered
DROP USER inv_17254@localhost; DROP USER inv_17254@localhost;
DROP DATABASE db17254; DROP DATABASE db17254;
DROP DATABASE IF EXISTS mysqltest_db1;
DROP DATABASE IF EXISTS mysqltest_db2;
DROP USER mysqltest_u1;
DROP USER mysqltest_u2;
CREATE USER mysqltest_u1@localhost;
CREATE USER mysqltest_u2@localhost;
CREATE DATABASE mysqltest_db1;
CREATE DATABASE mysqltest_db2;
GRANT ALL ON mysqltest_db1.* TO mysqltest_u1@localhost WITH GRANT OPTION;
GRANT ALL ON mysqltest_db2.* TO mysqltest_u2@localhost;
CREATE TABLE t1 (i INT);
INSERT INTO t1 VALUES (1);
CREATE VIEW v1 AS SELECT i FROM t1 WHERE 1 IN (SELECT * FROM t1);
CREATE TABLE t2 (s CHAR(7));
INSERT INTO t2 VALUES ('public');
GRANT SELECT ON v1 TO mysqltest_u2@localhost;
GRANT SELECT ON t2 TO mysqltest_u2@localhost;
SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;
i s
1 public
PREPARE stmt1 FROM "SELECT * FROM mysqltest_db1.t2";
EXECUTE stmt1;
s
public
PREPARE stmt2 FROM "SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2";
EXECUTE stmt2;
i s
1 public
REVOKE SELECT ON t2 FROM mysqltest_u2@localhost;
UPDATE t2 SET s = 'private' WHERE s = 'public';
SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;
ERROR 42000: SELECT command denied to user 'mysqltest_u2'@'localhost' for table 't2'
EXECUTE stmt1;
ERROR 42000: SELECT command denied to user 'mysqltest_u2'@'localhost' for table 't2'
EXECUTE stmt2;
ERROR 42000: SELECT command denied to user 'mysqltest_u2'@'localhost' for table 't2'
REVOKE ALL ON mysqltest_db1.* FROM mysqltest_u1@localhost;
REVOKE ALL ON mysqltest_db2.* FROM mysqltest_u2@localhost;
DROP DATABASE mysqltest_db1;
DROP DATABASE mysqltest_db2;
DROP USER mysqltest_u1@localhost;
DROP USER mysqltest_u2@localhost;
End of 5.0 tests.
...@@ -927,6 +927,7 @@ DROP VIEW v2; ...@@ -927,6 +927,7 @@ DROP VIEW v2;
DROP VIEW v1; DROP VIEW v1;
DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u1@localhost;
# #
# Bug#17254: Error for DEFINER security on VIEW provides too much info # Bug#17254: Error for DEFINER security on VIEW provides too much info
# #
...@@ -964,4 +965,74 @@ DROP DATABASE db17254; ...@@ -964,4 +965,74 @@ DROP DATABASE db17254;
disconnect def; disconnect def;
disconnect inv; disconnect inv;
# End of 5.0 tests.
#
# BUG#24404: strange bug with view+permission+prepared statement
#
--disable_warnings
DROP DATABASE IF EXISTS mysqltest_db1;
DROP DATABASE IF EXISTS mysqltest_db2;
--enable_warnings
--error 0,ER_CANNOT_USER
DROP USER mysqltest_u1;
--error 0,ER_CANNOT_USER
DROP USER mysqltest_u2;
CREATE USER mysqltest_u1@localhost;
CREATE USER mysqltest_u2@localhost;
CREATE DATABASE mysqltest_db1;
CREATE DATABASE mysqltest_db2;
GRANT ALL ON mysqltest_db1.* TO mysqltest_u1@localhost WITH GRANT OPTION;
GRANT ALL ON mysqltest_db2.* TO mysqltest_u2@localhost;
connect (conn1, localhost, mysqltest_u1, , mysqltest_db1);
CREATE TABLE t1 (i INT);
INSERT INTO t1 VALUES (1);
# Use view with subquery for better coverage.
CREATE VIEW v1 AS SELECT i FROM t1 WHERE 1 IN (SELECT * FROM t1);
CREATE TABLE t2 (s CHAR(7));
INSERT INTO t2 VALUES ('public');
GRANT SELECT ON v1 TO mysqltest_u2@localhost;
GRANT SELECT ON t2 TO mysqltest_u2@localhost;
connect (conn2, localhost, mysqltest_u2, , mysqltest_db2);
SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;
PREPARE stmt1 FROM "SELECT * FROM mysqltest_db1.t2";
EXECUTE stmt1;
PREPARE stmt2 FROM "SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2";
EXECUTE stmt2;
connection conn1;
# Make table 't2' private.
REVOKE SELECT ON t2 FROM mysqltest_u2@localhost;
UPDATE t2 SET s = 'private' WHERE s = 'public';
connection conn2;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt1;
# Original bug was here: the statement didn't fail.
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt2;
# Cleanup.
disconnect conn2;
disconnect conn1;
connection default;
REVOKE ALL ON mysqltest_db1.* FROM mysqltest_u1@localhost;
REVOKE ALL ON mysqltest_db2.* FROM mysqltest_u2@localhost;
DROP DATABASE mysqltest_db1;
DROP DATABASE mysqltest_db2;
DROP USER mysqltest_u1@localhost;
DROP USER mysqltest_u2@localhost;
--echo End of 5.0 tests.
...@@ -1135,13 +1135,17 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table, ...@@ -1135,13 +1135,17 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
/* /*
Prepare a security context to check underlying objects of the view Prepare a security context to check underlying objects of the view
*/ */
Security_context *save_security_ctx= thd->security_ctx;
if (!(table->view_sctx= (Security_context *) if (!(table->view_sctx= (Security_context *)
thd->stmt_arena->alloc(sizeof(Security_context)))) thd->stmt_arena->alloc(sizeof(Security_context))))
goto err; goto err;
/* Assign the context to the tables referenced in the view */ /* Assign the context to the tables referenced in the view */
for (tbl= view_tables; tbl; tbl= tbl->next_global) if (view_tables)
tbl->security_ctx= table->view_sctx; {
DBUG_ASSERT(view_tables_tail);
for (tbl= view_tables; tbl != view_tables_tail->next_global;
tbl= tbl->next_global)
tbl->security_ctx= table->view_sctx;
}
/* assign security context to SELECT name resolution contexts of view */ /* assign security context to SELECT name resolution contexts of view */
for(SELECT_LEX *sl= lex->all_selects_list; for(SELECT_LEX *sl= lex->all_selects_list;
sl; sl;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment