Commit 48764da6 authored by gkodinov@dl145s.mysql.com's avatar gkodinov@dl145s.mysql.com

Merge dl145s.mysql.com:/data0/bk/team_tree_merge/MERGE2/mysql-5.0-opt

into  dl145s.mysql.com:/data0/bk/team_tree_merge/MERGE2/mysql-5.1-opt
parents eaf8588c 8d5137c4
...@@ -1477,6 +1477,24 @@ i ...@@ -1477,6 +1477,24 @@ i
1 1
DEALLOCATE PREPARE stmt; DEALLOCATE PREPARE stmt;
DROP TABLE t1, t2; DROP TABLE t1, t2;
CREATE TABLE t1 (i INT);
CREATE VIEW v1 AS SELECT * FROM t1;
INSERT INTO t1 VALUES (1), (2);
SELECT t1.i FROM t1 JOIN v1 ON t1.i = v1.i
WHERE EXISTS (SELECT * FROM t1 WHERE v1.i = 1);
i
1
PREPARE stmt FROM "SELECT t1.i FROM t1 JOIN v1 ON t1.i = v1.i
WHERE EXISTS (SELECT * FROM t1 WHERE v1.i = 1)";
EXECUTE stmt;
i
1
EXECUTE stmt;
i
1
DEALLOCATE PREPARE stmt;
DROP VIEW v1;
DROP TABLE t1;
DROP PROCEDURE IF EXISTS p1; DROP PROCEDURE IF EXISTS p1;
flush status; flush status;
prepare sq from 'show status like "slow_queries"'; prepare sq from 'show status like "slow_queries"';
......
...@@ -714,3 +714,23 @@ DROP FUNCTION f1; ...@@ -714,3 +714,23 @@ DROP FUNCTION f1;
DROP VIEW v2; DROP VIEW v2;
DROP VIEW v1; DROP VIEW v1;
DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u1@localhost;
CREATE DATABASE db17254;
USE db17254;
CREATE TABLE t1 (f1 INT);
INSERT INTO t1 VALUES (10),(20);
CREATE USER def_17254@localhost;
GRANT SELECT ON db17254.* TO def_17254@localhost;
CREATE USER inv_17254@localhost;
GRANT SELECT ON db17254.t1 TO inv_17254@localhost;
GRANT CREATE VIEW ON db17254.* TO def_17254@localhost;
CREATE VIEW v1 AS SELECT * FROM t1;
DROP USER def_17254@localhost;
for a user
SELECT * FROM v1;
ERROR 42000: SELECT command denied to user 'inv_17254'@'localhost' for table 'v1
'
for a superuser
SELECT * FROM v1;
ERROR HY000: There is no 'def_17254'@'localhost' registered
DROP USER inv_17254@localhost;
DROP DATABASE db17254;
...@@ -1514,6 +1514,29 @@ DEALLOCATE PREPARE stmt; ...@@ -1514,6 +1514,29 @@ DEALLOCATE PREPARE stmt;
DROP TABLE t1, t2; DROP TABLE t1, t2;
#
# BUG#20327: Marking of a wrong field leads to a wrong result on select with
# view, prepared statement and subquery.
#
CREATE TABLE t1 (i INT);
CREATE VIEW v1 AS SELECT * FROM t1;
INSERT INTO t1 VALUES (1), (2);
let $query = SELECT t1.i FROM t1 JOIN v1 ON t1.i = v1.i
WHERE EXISTS (SELECT * FROM t1 WHERE v1.i = 1);
eval $query;
eval PREPARE stmt FROM "$query";
# Statement execution should return '1'.
EXECUTE stmt;
# Check re-execution.
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
DROP VIEW v1;
DROP TABLE t1;
# #
# BUG#21856: Prepared Statments: crash if bad create # BUG#21856: Prepared Statments: crash if bad create
# #
......
...@@ -933,4 +933,41 @@ DROP VIEW v2; ...@@ -933,4 +933,41 @@ DROP VIEW v2;
DROP VIEW v1; DROP VIEW v1;
DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u1@localhost;
#
# Bug#17254: Error for DEFINER security on VIEW provides too much info
#
connect (root,localhost,root,,);
connection root;
CREATE DATABASE db17254;
USE db17254;
CREATE TABLE t1 (f1 INT);
INSERT INTO t1 VALUES (10),(20);
CREATE USER def_17254@localhost;
GRANT SELECT ON db17254.* TO def_17254@localhost;
CREATE USER inv_17254@localhost;
GRANT SELECT ON db17254.t1 TO inv_17254@localhost;
GRANT CREATE VIEW ON db17254.* TO def_17254@localhost;
connect (def,localhost,def_17254,,db17254);
connection def;
CREATE VIEW v1 AS SELECT * FROM t1;
connection root;
DROP USER def_17254@localhost;
connect (inv,localhost,inv_17254,,db17254);
connection inv;
--echo for a user
--error 1142
SELECT * FROM v1;
connection root;
--echo for a superuser
--error 1449
SELECT * FROM v1;
DROP USER inv_17254@localhost;
DROP DATABASE db17254;
disconnect def;
disconnect inv;
# End of 5.0 tests. # End of 5.0 tests.
...@@ -4225,6 +4225,12 @@ find_field_in_tables(THD *thd, Item_ident *item, ...@@ -4225,6 +4225,12 @@ find_field_in_tables(THD *thd, Item_ident *item,
{ {
if (found == WRONG_GRANT) if (found == WRONG_GRANT)
return (Field*) 0; return (Field*) 0;
/*
Only views fields should be marked as dependent, not an underlying
fields.
*/
if (!table_ref->belong_to_view)
{ {
SELECT_LEX *current_sel= thd->lex->current_select; SELECT_LEX *current_sel= thd->lex->current_select;
SELECT_LEX *last_select= table_ref->select_lex; SELECT_LEX *last_select= table_ref->select_lex;
......
...@@ -3263,7 +3263,18 @@ bool st_table_list::prepare_view_securety_context(THD *thd) ...@@ -3263,7 +3263,18 @@ bool st_table_list::prepare_view_securety_context(THD *thd)
} }
else else
{ {
my_error(ER_NO_SUCH_USER, MYF(0), definer.user.str, definer.host.str); if (thd->security_ctx->master_access & SUPER_ACL)
{
my_error(ER_NO_SUCH_USER, MYF(0), definer.user.str, definer.host.str);
}
else
{
my_error(ER_ACCESS_DENIED_ERROR, MYF(0),
thd->security_ctx->priv_user,
thd->security_ctx->priv_host,
(thd->password ? ER(ER_YES) : ER(ER_NO)));
}
DBUG_RETURN(TRUE); DBUG_RETURN(TRUE);
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment