• Martin Hansson's avatar
    Bug#36086: SELECT * from views don't check column grants · d88ceff0
    Martin Hansson authored
    This patch also fixes bugs 36963 and 35600.
                          
    - In many places a view was confused with an anonymous derived
      table, i.e. access checking was skipped. Fixed by introducing a
      predicate to tell the difference between named and anonymous
      derived tables.
                          
    - When inserting fields for "SELECT * ", there was no 
      distinction between base tables and views, where one should be
      made. View privileges are checked elsewhere.
    
    mysql-test/include/grant_cache.inc:
      Bug#36086: Changed test case.
    mysql-test/r/grant2.result:
      Bug#36086: Changed test result.
    mysql-test/r/grant_cache_no_prot.result:
      Bug#36086: Changed test result.
    mysql-test/r/grant_cache_ps_prot.result:
      Bug#36086: Changed test result.
    mysql-test/r/view_grant.result:
      Bug#36086: Test result.
    mysql-test/t/grant2.test:
      Bug#36086: Changed test case.
    mysql-test/t/view_grant.test:
      Bug#36086: Test case.
    sql/item.cc:
      Bug#36086: Replaced conditional with new methods.
    sql/sql_acl.cc:
      Bug no 35600: 
      In mysql_table_grant:
        Replaced conditional with the new accessor method.
      
      In check_grant:
       - Changed the requirement table->derived != null to 
         checking all anonymous derived tables.
       - Use of the accessor methods for getting object and database 
         names.
          
      Bug#36086: In check_grant_all_columns:
        - Updated comment. This function is now called for views
          as well.
        - The error message should not disclose any column names 
          unless the user has privilege to see all column names.
        - Changed names of Field_iterator_table_ref methods.
    sql/sql_base.cc:
      Bug no 36963: In insert_fields()
        - Commented.
        - We should call check_grant_all_columns() for views in  
          this case.        
        - Changed names of Field_iterator_table_ref methods.
        - We should not disclose column names in the error message
          when the user has no approprate privilege.
    sql/sql_cache.cc:
      Bug#36086: Replaced test with new predicate method.
    sql/sql_derived.cc:
      Bug#36086: commenting only. Updated and doxygenated
      comment for mysql_derived_prepare().
    sql/sql_parse.cc:
      Bug no 35600: 
      - In check_single_table_access:
        Due to the bug, check_grant would raise an error for a
        SHOW CREATE TABLE command for a TEMPTABLE view. It should in
        fact not be be invoked in this case. This table privilege
        is checked already.
        There is a test case for this in information_schema_db.test.
          
      - In check_access: replaced table->derived
    sql/table.cc:
      Bug#36086: 
      
      - In TABLE_LIST::set_underlying_merge(): 
        Commenting only. Doxygenated, corrected spelling,
        added.
      
      - Renamed table_name() and db_name() methods of 
        Field_iterator_table_ref in order to be consistent
        with new methods in TABLE_LIST.
    sql/table.h:
      Bug#36086: 
        - Commented GRANT_INFO.
        - Added a predicate is_anonymous_derived_table() to    
          TABLE_LIST.
        - Added get_table_name() and get_db_name() to   
          TABLE_LIST in order to hide the disparate   
          representation of these properties.
    d88ceff0
view_grant.test 34.2 KB