Commit 25b34c7b authored by unknown's avatar unknown

Merge abotchkov@bk-internal.mysql.com:/home/bk/mysql-5.0-opt

into  mysql.com:/home/hf/work/mrg/mysql-5.0-opt
parents 40609c75 c7831e89
...@@ -773,4 +773,25 @@ DROP DATABASE mysqltest_db1; ...@@ -773,4 +773,25 @@ DROP DATABASE mysqltest_db1;
DROP DATABASE mysqltest_db2; DROP DATABASE mysqltest_db2;
DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u1@localhost;
DROP USER mysqltest_u2@localhost; DROP USER mysqltest_u2@localhost;
CREATE DATABASE db26813;
USE db26813;
CREATE TABLE t1(f1 INT, f2 INT);
CREATE VIEW v1 AS SELECT f1 FROM t1;
CREATE VIEW v2 AS SELECT f1 FROM t1;
CREATE VIEW v3 AS SELECT f1 FROM t1;
CREATE USER u26813@localhost;
GRANT DROP ON db26813.v1 TO u26813@localhost;
GRANT CREATE VIEW ON db26813.v2 TO u26813@localhost;
GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost;
GRANT SELECT ON db26813.t1 TO u26813@localhost;
ALTER VIEW v1 AS SELECT f2 FROM t1;
ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1'
ALTER VIEW v2 AS SELECT f2 FROM t1;
ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2'
ALTER VIEW v3 AS SELECT f2 FROM t1;
SHOW CREATE VIEW v3;
View Create View
v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1`
DROP USER u26813@localhost;
DROP DATABASE db26813;
End of 5.0 tests. End of 5.0 tests.
...@@ -1034,5 +1034,36 @@ DROP DATABASE mysqltest_db2; ...@@ -1034,5 +1034,36 @@ DROP DATABASE mysqltest_db2;
DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u1@localhost;
DROP USER mysqltest_u2@localhost; DROP USER mysqltest_u2@localhost;
#
# Bug#26813: The SUPER privilege is wrongly required to alter a view created
# by another user.
#
connection root;
CREATE DATABASE db26813;
USE db26813;
CREATE TABLE t1(f1 INT, f2 INT);
CREATE VIEW v1 AS SELECT f1 FROM t1;
CREATE VIEW v2 AS SELECT f1 FROM t1;
CREATE VIEW v3 AS SELECT f1 FROM t1;
CREATE USER u26813@localhost;
GRANT DROP ON db26813.v1 TO u26813@localhost;
GRANT CREATE VIEW ON db26813.v2 TO u26813@localhost;
GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost;
GRANT SELECT ON db26813.t1 TO u26813@localhost;
connect (u1,localhost,u26813,,db26813);
connection u1;
--error 1142
ALTER VIEW v1 AS SELECT f2 FROM t1;
--error 1142
ALTER VIEW v2 AS SELECT f2 FROM t1;
ALTER VIEW v3 AS SELECT f2 FROM t1;
connection root;
SHOW CREATE VIEW v3;
DROP USER u26813@localhost;
DROP DATABASE db26813;
disconnect u1;
--echo End of 5.0 tests. --echo End of 5.0 tests.
...@@ -224,6 +224,7 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, ...@@ -224,6 +224,7 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
{ {
LEX *lex= thd->lex; LEX *lex= thd->lex;
bool link_to_local; bool link_to_local;
bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer;
/* first table in list is target VIEW name => cut off it */ /* first table in list is target VIEW name => cut off it */
TABLE_LIST *view= lex->unlink_first_table(&link_to_local); TABLE_LIST *view= lex->unlink_first_table(&link_to_local);
TABLE_LIST *tables= lex->query_tables; TABLE_LIST *tables= lex->query_tables;
...@@ -256,8 +257,9 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, ...@@ -256,8 +257,9 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
/* /*
DEFINER-clause is missing; we have to create default definer in DEFINER-clause is missing; we have to create default definer in
persistent arena to be PS/SP friendly. persistent arena to be PS/SP friendly.
If this is an ALTER VIEW then the current user should be set as
the definer.
*/ */
Query_arena original_arena; Query_arena original_arena;
Query_arena *ps_arena = thd->activate_stmt_arena_if_needed(&original_arena); Query_arena *ps_arena = thd->activate_stmt_arena_if_needed(&original_arena);
...@@ -277,11 +279,11 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, ...@@ -277,11 +279,11 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
- same as current user - same as current user
- current user has SUPER_ACL - current user has SUPER_ACL
*/ */
if (strcmp(lex->definer->user.str, if (definer_check_is_needed &&
thd->security_ctx->priv_user) != 0 || (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 ||
my_strcasecmp(system_charset_info, my_strcasecmp(system_charset_info,
lex->definer->host.str, lex->definer->host.str,
thd->security_ctx->priv_host) != 0) thd->security_ctx->priv_host) != 0))
{ {
if (!(thd->security_ctx->master_access & SUPER_ACL)) if (!(thd->security_ctx->master_access & SUPER_ACL))
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment