Commit 24ac4019 authored by unknown's avatar unknown
Browse files

support of view underlying tables and SP functions security check added (BUG#9505) (WL#2787) 


mysql-test/r/information_schema.result:
  error message changed
mysql-test/r/sp.result:
  error message changed
mysql-test/r/sql_mode.result:
  fixed test suite
mysql-test/r/view.result:
  error message changed
mysql-test/r/view_grant.result:
  test of underlying view tables check
mysql-test/t/sql_mode.test:
  fixed test suite
mysql-test/t/view_grant.test:
  test of underlying view tables check
sql/item.cc:
  check of underlying tables privilege added
sql/item.h:
  Name the resolution context points to the security  context of view (if item belong to the view)
sql/item_func.cc:
  a view error hiding for execution of prepared function belonged to a view
  fixed checking privileges if stored functions belonds to some view
sql/mysql_priv.h:
  refult of derived table processing functions changed to bool
  Security_context added as an argument to find_field_in_table()
sql/share/errmsg.txt:
  error message fixed
sql/sql_acl.cc:
  Storing requested privileges of tables added
  View underlying tables privilege check added
sql/sql_base.cc:
  View underlying tables privilege check added
sql/sql_cache.cc:
  Code cleunup: we should not register underlying tables of view second time
sql/sql_delete.cc:
  ancestor -> merge_underlying_list renaming
sql/sql_derived.cc:
  refult of derived table processing functions changed to bool
  do not give SELECT_ACL for TEMPTABLE views
sql/sql_lex.h:
  The comment added
sql/sql_parse.cc:
  registration of requested privileges added
sql/sql_prepare.cc:
  registration of requested privileges added
sql/sql_update.cc:
  manipulation of requested privileges for underlying tables made the same as for table which we are updating
sql/sql_view.cc:
  underlying tables of view security check support added
sql/table.cc:
  renaming and fixing view preparation methods, methods for checking underlyoing tables security context added
sql/table.h:
  storege for reuested privileges added
parent 33c972e4

mysql-test/r/information_schema.result

+6 −6
Original line number Diff line number Diff line
@@ -648,21 +648,21 @@ select table_name from information_schema.views 
where table_schema='test';

table_name

Warnings:

Warning	1356	View 'test.v2' references invalid table(s) or column(s) or function(s)

Warning	1356	View 'test.v3' references invalid table(s) or column(s) or function(s)

Warning	1356	View 'test.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

Warning	1356	View 'test.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select table_name from information_schema.views

where table_schema='test';

table_name

Warnings:

Warning	1356	View 'test.v2' references invalid table(s) or column(s) or function(s)

Warning	1356	View 'test.v3' references invalid table(s) or column(s) or function(s)

Warning	1356	View 'test.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

Warning	1356	View 'test.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select column_name from information_schema.columns

where table_schema='test';

column_name

f1

Warnings:

Warning	1356	View 'test.v2' references invalid table(s) or column(s) or function(s)

Warning	1356	View 'test.v3' references invalid table(s) or column(s) or function(s)

Warning	1356	View 'test.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

Warning	1356	View 'test.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select index_name from information_schema.statistics where table_schema='test';

index_name

f1_key

mysql-test/r/sp.result

+1 −1
Original line number Diff line number Diff line
@@ -1032,7 +1032,7 @@ a f8() 
3	1

drop function f1|

select * from v1|

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s)

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

create function f1() returns int

return (select sum(data) from t1) + (select sum(data) from v1)|

drop function f1|

mysql-test/r/sql_mode.result

+2 −1
Original line number Diff line number Diff line 
drop table if exists t1;

drop table if exists t1,t2,v1,v2;

drop view if exists t1,t2,v1,v2;

CREATE TABLE `t1` (

a int not null auto_increment,

`pseudo` varchar(35) character set latin2 NOT NULL default '',

mysql-test/r/view.result

+12 −12
Original line number Diff line number Diff line
@@ -574,10 +574,10 @@ create view v1 as select * from t1; 
drop table t1;

create table t1 (col1 char(5),newcol2 char(5));

insert into v1 values('a','aa');

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s)

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

drop table t1;

select * from v1;

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s)

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

drop view v1;

create view v1 (a,a) as select 'a','a';

ERROR 42S21: Duplicate column name 'a'
@@ -809,11 +809,11 @@ create table t1 (s1 int); 
create view v1 as select x1() from t1;

drop function x1;

select * from v1;

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s)

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

show table status;

Name	Engine	Version	Row_format	Rows	Avg_row_length	Data_length	Max_data_length	Index_length	Data_free	Auto_increment	Create_time	Update_time	Check_time	Collation	Checksum	Create_options	Comment

t1	MyISAM	10	Fixed	0	0	0	#	1024	0	NULL	#	#	NULL	latin1_swedish_ci	NULL		

v1	NULL	NULL	NULL	NULL	NULL	NULL	#	NULL	NULL	NULL	#	#	NULL	NULL	NULL	NULL	View 'test.v1' references invalid table(s) or column(s) or function(s)

v1	NULL	NULL	NULL	NULL	NULL	NULL	#	NULL	NULL	NULL	#	#	NULL	NULL	NULL	NULL	View 'test.v1' references invalid table(s) or column(s) or function(s) or define

drop view v1;

drop table t1;

create view v1 as select 99999999999999999999999999999999999999999999999999999 as col1;
@@ -1360,7 +1360,7 @@ test.t1 check status OK 
drop table t1;

check table v1;

Table	Op	Msg_type	Msg_text

test.v1	check	error	View 'test.v1' references invalid table(s) or column(s) or function(s)

test.v1	check	error	View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

drop view v1;

create table t1 (a int);

create table t2 (a int);
@@ -1884,11 +1884,11 @@ CREATE VIEW v6 AS SELECT CONVERT_TZ(col1,'GMT','MET') FROM t2; 
DROP TABLE t1;

CHECK TABLE v1, v2, v3, v4, v5, v6;

Table	Op	Msg_type	Msg_text

test.v1	check	error	View 'test.v1' references invalid table(s) or column(s) or function(s)

test.v1	check	error	View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

test.v2	check	status	OK

test.v3	check	error	View 'test.v3' references invalid table(s) or column(s) or function(s)

test.v3	check	error	View 'test.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

test.v4	check	status	OK

test.v5	check	error	View 'test.v5' references invalid table(s) or column(s) or function(s)

test.v5	check	error	View 'test.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

test.v6	check	status	OK

drop view v1, v2, v3, v4, v5, v6;

drop table t2;
@@ -1908,11 +1908,11 @@ CREATE VIEW v6 AS SELECT f2() FROM t3; 
drop function f1;

CHECK TABLE v1, v2, v3, v4, v5, v6;

Table	Op	Msg_type	Msg_text

test.v1	check	error	View 'test.v1' references invalid table(s) or column(s) or function(s)

test.v1	check	error	View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

test.v2	check	status	OK

test.v3	check	error	View 'test.v3' references invalid table(s) or column(s) or function(s)

test.v3	check	error	View 'test.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

test.v4	check	status	OK

test.v5	check	error	View 'test.v5' references invalid table(s) or column(s) or function(s)

test.v5	check	error	View 'test.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

test.v6	check	status	OK

create function f1 () returns int return (select max(col1) from t1);

DROP TABLE t1;
@@ -2154,7 +2154,7 @@ Field Type Null Key Default Extra 
f4	char(5)	YES		NULL	

ALTER TABLE t1 CHANGE COLUMN f4 f4x CHAR(5);

DESCRIBE v1;

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s)

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

DROP TABLE t1;

DROP VIEW v1;

create table t1 (f1 char);

mysql-test/r/view_grant.result

+167 −0
Original line number Diff line number Diff line
@@ -305,5 +305,172 @@ create table mysqltest.t1 (a int); 
grant all privileges on mysqltest.* to mysqltest_1@localhost;

use mysqltest;

create view v1 as select * from t1;

use test;

revoke all privileges on mysqltest.* from mysqltest_1@localhost;

drop database mysqltest;

create database mysqltest;

create table mysqltest.t1 (a int, b int);

grant select on mysqltest.t1 to mysqltest_1@localhost;

grant create view,select on test.* to mysqltest_1@localhost;

create view v1 as select * from mysqltest.t1;

show create view v1;

View	Create View

v1	CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_1`@`localhost` SQL SECURITY DEFINER VIEW `test`.`v1` AS select `mysqltest`.`t1`.`a` AS `a`,`mysqltest`.`t1`.`b` AS `b` from `mysqltest`.`t1`

revoke select on mysqltest.t1 from mysqltest_1@localhost;

select * from v1;

ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

grant select on mysqltest.t1 to mysqltest_1@localhost;

select * from v1;

a	b

REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost;

drop view v1;

drop database mysqltest;

create database mysqltest;

use mysqltest;

create table t1 (a int);

insert into t1 values (1);

create table t2 (s1 int);

drop function if exists f2;

create function f2 () returns int begin declare v int; select s1 from t2

into v; return v; end//

create algorithm=TEMPTABLE view v1 as select f2() from t1;

create algorithm=MERGE view v2 as select f2() from t1;

create algorithm=TEMPTABLE SQL SECURITY INVOKER view v3 as select f2() from t1;

create algorithm=MERGE SQL SECURITY INVOKER view v4 as select f2() from t1;

create SQL SECURITY INVOKER view v5 as select * from v4;

grant select on v1 to mysqltest_1@localhost;

grant select on v2 to mysqltest_1@localhost;

grant select on v3 to mysqltest_1@localhost;

grant select on v4 to mysqltest_1@localhost;

grant select on v5 to mysqltest_1@localhost;

use mysqltest;

select * from v1;

f2()

NULL

Warnings:

Warning	1329	No data to FETCH

select * from v2;

f2()

NULL

Warnings:

Warning	1329	No data to FETCH

select * from v3;

ERROR HY000: View 'mysqltest.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select * from v4;

ERROR HY000: View 'mysqltest.v4' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select * from v5;

ERROR HY000: View 'mysqltest.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

use test;

drop view v1, v2, v3, v4, v5;

drop function f2;

drop table t1, t2;

use test;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost;

drop database mysqltest;

create database mysqltest;

use mysqltest;

create table t1 (a int);

insert into t1 values (1);

create table t2 (s1 int);

drop function if exists f2;

create function f2 () returns int begin declare v int; select s1 from t2

into v; return v; end//

grant select on t1 to mysqltest_1@localhost;

grant execute on function f2 to mysqltest_1@localhost;

grant create view on mysqltest.* to mysqltest_1@localhost;

use mysqltest;

create algorithm=TEMPTABLE view v1 as select f2() from t1;

create algorithm=MERGE view v2 as select f2() from t1;

create algorithm=TEMPTABLE SQL SECURITY INVOKER view v3 as select f2() from t1;

create algorithm=MERGE SQL SECURITY INVOKER view v4 as select f2() from t1;

use test;

create view v5 as select * from v1;

revoke execute on function f2 from mysqltest_1@localhost;

select * from v1;

ERROR HY000: View 'mysqltest.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select * from v2;

ERROR HY000: View 'mysqltest.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select * from v3;

f2()

NULL

Warnings:

Warning	1329	No data to FETCH

select * from v4;

f2()

NULL

Warnings:

Warning	1329	No data to FETCH

select * from v5;

ERROR HY000: View 'mysqltest.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

drop view v1, v2, v3, v4, v5;

drop function f2;

drop table t1, t2;

use test;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost;

drop database mysqltest;

create database mysqltest;

use mysqltest;

create table t1 (a int);

create table v1 (a int);

insert into t1 values (1);

grant select on t1 to mysqltest_1@localhost;

grant select on v1 to mysqltest_1@localhost;

grant create view on mysqltest.* to mysqltest_1@localhost;

drop table v1;

use mysqltest;

create algorithm=TEMPTABLE view v1 as select *, a as b from t1;

create algorithm=MERGE view v2 as select *, a as b from t1;

create algorithm=TEMPTABLE SQL SECURITY INVOKER view v3 as select *, a as b from t1;

create algorithm=MERGE SQL SECURITY INVOKER view v4 as select *, a as b from t1;

create view v5 as select * from v1;

use test;

revoke select on t1 from mysqltest_1@localhost;

select * from v1;

ERROR HY000: View 'mysqltest.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select * from v2;

ERROR HY000: View 'mysqltest.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select * from v3;

a	b

1	1

select * from v4;

a	b

1	1

select * from v5;

ERROR HY000: View 'mysqltest.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

drop table t1;

use test;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost;

drop database mysqltest;

create database mysqltest;

use mysqltest;

create table t1 (a int);

insert into t1 values (1);

create algorithm=TEMPTABLE view v1 as select *, a as b from t1;

create algorithm=MERGE view v2 as select *, a as b from t1;

create algorithm=TEMPTABLE SQL SECURITY INVOKER view v3 as select *, a as b from t1;

create algorithm=MERGE SQL SECURITY INVOKER view v4 as select *, a as b from t1;

create SQL SECURITY INVOKER view v5 as select * from v4;

grant select on v1 to mysqltest_1@localhost;

grant select on v2 to mysqltest_1@localhost;

grant select on v3 to mysqltest_1@localhost;

grant select on v4 to mysqltest_1@localhost;

grant select on v5 to mysqltest_1@localhost;

use mysqltest;

select * from v1;

a	b

1	1

select * from v2;

a	b

1	1

select * from v3;

ERROR HY000: View 'mysqltest.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select * from v4;

ERROR HY000: View 'mysqltest.v4' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

select * from v5;

ERROR HY000: View 'mysqltest.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

use test;

drop view v1, v2, v3, v4, v5;

drop table t1;

use test;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost;

drop database mysqltest;