Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
bee985af
Commit
bee985af
authored
Jun 21, 2006
by
gkodinov@mysql.com
Browse files
Options
Browse Files
Download
Plain Diff
Merge mysql.com:/home/kgeorge/mysql/5.0/teamclean
into mysql.com:/home/kgeorge/mysql/5.0/B20482
parents
d924f70c
75ca0554
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
63 additions
and
74 deletions
+63
-74
mysql-test/r/view_grant.result
mysql-test/r/view_grant.result
+12
-29
mysql-test/t/view_grant.test
mysql-test/t/view_grant.test
+17
-35
sql/mysql_priv.h
sql/mysql_priv.h
+2
-0
sql/sql_base.cc
sql/sql_base.cc
+1
-1
sql/sql_parse.cc
sql/sql_parse.cc
+31
-9
No files found.
mysql-test/r/view_grant.result
View file @
bee985af
...
@@ -618,32 +618,15 @@ ERROR HY000: There is no 'no-such-user'@'localhost' registered
...
@@ -618,32 +618,15 @@ ERROR HY000: There is no 'no-such-user'@'localhost' registered
DROP VIEW v;
DROP VIEW v;
DROP TABLE t1;
DROP TABLE t1;
USE test;
USE test;
CREATE USER mysqltest_db1@localhost identified by 'PWD';
CREATE DATABASE test1;
GRANT ALL ON mysqltest_db1.* TO mysqltest_db1@localhost WITH GRANT OPTION;
CREATE DATABASE test2;
CREATE SCHEMA mysqltest_db1 ;
CREATE TABLE test1.t0 (a VARCHAR(20));
USE mysqltest_db1 ;
CREATE TABLE test2.t1 (a VARCHAR(20));
CREATE TABLE t1 (f1 INTEGER);
CREATE VIEW test2.t3 AS SELECT * FROM test1.t0;
CREATE VIEW view1 AS
CREATE OR REPLACE VIEW test.v1 AS
SELECT * FROM t1;
SELECT ta.a AS col1, tb.a AS col2 FROM test2.t3 ta, test2.t1 tb;
SHOW CREATE VIEW view1;
DROP VIEW test.v1;
View Create View
DROP VIEW test2.t3;
view1 CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_db1`@`localhost` SQL SECURITY DEFINER VIEW `view1` AS select `t1`.`f1` AS `f1` from `t1`
DROP TABLE test2.t1, test1.t0;
CREATE VIEW view2 AS
DROP DATABASE test2;
SELECT * FROM view1;
DROP DATABASE test1;
# Here comes a suspicious warning
SHOW CREATE VIEW view2;
View Create View
view2 CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_db1`@`localhost` SQL SECURITY DEFINER VIEW `view2` AS select `view1`.`f1` AS `f1` from `view1`
# But the view view2 is usable
SELECT * FROM view2;
f1
CREATE VIEW view3 AS
SELECT * FROM view2;
SELECT * from view3;
f1
DROP VIEW mysqltest_db1.view3;
DROP VIEW mysqltest_db1.view2;
DROP VIEW mysqltest_db1.view1;
DROP TABLE mysqltest_db1.t1;
DROP SCHEMA mysqltest_db1;
DROP USER mysqltest_db1@localhost;
mysql-test/t/view_grant.test
View file @
bee985af
...
@@ -809,40 +809,22 @@ DROP TABLE t1;
...
@@ -809,40 +809,22 @@ DROP TABLE t1;
USE
test
;
USE
test
;
#
#
# Bug#20363: Create view on just created view is now denied
# BUG#20482: failure on Create join view with sources views/tables
# in different schemas
#
#
eval
CREATE
USER
mysqltest_db1
@
localhost
identified
by
'PWD'
;
--
disable_warnings
eval
GRANT
ALL
ON
mysqltest_db1
.*
TO
mysqltest_db1
@
localhost
WITH
GRANT
OPTION
;
CREATE
DATABASE
test1
;
CREATE
DATABASE
test2
;
# The session with the non root user is needed.
--
enable_warnings
--
replace_result
$MASTER_MYPORT
MYSQL_PORT
$MASTER_MYSOCK
MYSQL_SOCK
connect
(
session1
,
localhost
,
mysqltest_db1
,
PWD
,
test
);
CREATE
SCHEMA
mysqltest_db1
;
USE
mysqltest_db1
;
CREATE
TABLE
t1
(
f1
INTEGER
);
CREATE
VIEW
view1
AS
SELECT
*
FROM
t1
;
SHOW
CREATE
VIEW
view1
;
CREATE
VIEW
view2
AS
SELECT
*
FROM
view1
;
--
echo
# Here comes a suspicious warning
SHOW
CREATE
VIEW
view2
;
--
echo
# But the view view2 is usable
SELECT
*
FROM
view2
;
CREATE
VIEW
view3
AS
SELECT
*
FROM
view2
;
SELECT
*
from
view3
;
connection
default
;
CREATE
TABLE
test1
.
t0
(
a
VARCHAR
(
20
));
DROP
VIEW
mysqltest_db1
.
view3
;
CREATE
TABLE
test2
.
t1
(
a
VARCHAR
(
20
));
DROP
VIEW
mysqltest_db1
.
view2
;
CREATE
VIEW
test2
.
t3
AS
SELECT
*
FROM
test1
.
t0
;
DROP
VIEW
mysqltest_db1
.
view1
;
CREATE
OR
REPLACE
VIEW
test
.
v1
AS
DROP
TABLE
mysqltest_db1
.
t1
;
SELECT
ta
.
a
AS
col1
,
tb
.
a
AS
col2
FROM
test2
.
t3
ta
,
test2
.
t1
tb
;
DROP
SCHEMA
mysqltest_db1
;
DROP
USER
mysqltest_db1
@
localhost
;
DROP
VIEW
test
.
v1
;
DROP
VIEW
test2
.
t3
;
DROP
TABLE
test2
.
t1
,
test1
.
t0
;
DROP
DATABASE
test2
;
DROP
DATABASE
test1
;
sql/mysql_priv.h
View file @
bee985af
...
@@ -513,6 +513,8 @@ class THD;
...
@@ -513,6 +513,8 @@ class THD;
void
close_thread_tables
(
THD
*
thd
,
bool
locked
=
0
,
bool
skip_derived
=
0
);
void
close_thread_tables
(
THD
*
thd
,
bool
locked
=
0
,
bool
skip_derived
=
0
);
bool
check_one_table_access
(
THD
*
thd
,
ulong
privilege
,
bool
check_one_table_access
(
THD
*
thd
,
ulong
privilege
,
TABLE_LIST
*
tables
);
TABLE_LIST
*
tables
);
bool
check_single_table_access
(
THD
*
thd
,
ulong
privilege
,
TABLE_LIST
*
tables
);
bool
check_routine_access
(
THD
*
thd
,
ulong
want_access
,
char
*
db
,
char
*
name
,
bool
check_routine_access
(
THD
*
thd
,
ulong
want_access
,
char
*
db
,
char
*
name
,
bool
is_proc
,
bool
no_errors
);
bool
is_proc
,
bool
no_errors
);
bool
check_some_access
(
THD
*
thd
,
ulong
want_access
,
TABLE_LIST
*
table
);
bool
check_some_access
(
THD
*
thd
,
ulong
want_access
,
TABLE_LIST
*
table
);
...
...
sql/sql_base.cc
View file @
bee985af
...
@@ -4546,7 +4546,7 @@ bool setup_tables_and_check_access(THD *thd,
...
@@ -4546,7 +4546,7 @@ bool setup_tables_and_check_access(THD *thd,
for
(;
leaves_tmp
;
leaves_tmp
=
leaves_tmp
->
next_leaf
)
for
(;
leaves_tmp
;
leaves_tmp
=
leaves_tmp
->
next_leaf
)
if
(
leaves_tmp
->
belong_to_view
&&
if
(
leaves_tmp
->
belong_to_view
&&
check_
on
e_table_access
(
thd
,
want_access
,
leaves_tmp
))
check_
singl
e_table_access
(
thd
,
want_access
,
leaves_tmp
))
{
{
tables
->
hide_view_error
(
thd
);
tables
->
hide_view_error
(
thd
);
return
TRUE
;
return
TRUE
;
...
...
sql/sql_parse.cc
View file @
bee985af
...
@@ -4982,11 +4982,10 @@ mysql_execute_command(THD *thd)
...
@@ -4982,11 +4982,10 @@ mysql_execute_command(THD *thd)
/*
/*
Check grants for commands which work only with one table and all other
Check grants for commands which work only with one table.
tables belonging to subselects or implicitly opened tables.
SYNOPSIS
SYNOPSIS
check_
on
e_table_access()
check_
singl
e_table_access()
thd Thread handler
thd Thread handler
privilege requested privilege
privilege requested privilege
all_tables global table list of query
all_tables global table list of query
...
@@ -4996,7 +4995,8 @@ mysql_execute_command(THD *thd)
...
@@ -4996,7 +4995,8 @@ mysql_execute_command(THD *thd)
1 - access denied, error is sent to client
1 - access denied, error is sent to client
*/
*/
bool
check_one_table_access
(
THD
*
thd
,
ulong
privilege
,
TABLE_LIST
*
all_tables
)
bool
check_single_table_access
(
THD
*
thd
,
ulong
privilege
,
TABLE_LIST
*
all_tables
)
{
{
Security_context
*
backup_ctx
=
thd
->
security_ctx
;
Security_context
*
backup_ctx
=
thd
->
security_ctx
;
...
@@ -5021,19 +5021,41 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
...
@@ -5021,19 +5021,41 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
goto
deny
;
goto
deny
;
thd
->
security_ctx
=
backup_ctx
;
thd
->
security_ctx
=
backup_ctx
;
return
0
;
deny:
thd
->
security_ctx
=
backup_ctx
;
return
1
;
}
/*
Check grants for commands which work only with one table and all other
tables belonging to subselects or implicitly opened tables.
SYNOPSIS
check_one_table_access()
thd Thread handler
privilege requested privilege
all_tables global table list of query
RETURN
0 - OK
1 - access denied, error is sent to client
*/
bool
check_one_table_access
(
THD
*
thd
,
ulong
privilege
,
TABLE_LIST
*
all_tables
)
{
if
(
check_single_table_access
(
thd
,
privilege
,
all_tables
))
return
1
;
/* Check rights on tables of subselects and implictly opened tables */
/* Check rights on tables of subselects and implictly opened tables */
TABLE_LIST
*
subselects_tables
;
TABLE_LIST
*
subselects_tables
;
if
((
subselects_tables
=
all_tables
->
next_global
))
if
((
subselects_tables
=
all_tables
->
next_global
))
{
{
if
((
check_table_access
(
thd
,
SELECT_ACL
,
subselects_tables
,
0
)))
if
((
check_table_access
(
thd
,
SELECT_ACL
,
subselects_tables
,
0
)))
goto
deny
;
return
1
;
}
}
return
0
;
return
0
;
deny:
thd
->
security_ctx
=
backup_ctx
;
return
1
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment