Commit 2d98d243 authored by unknown's avatar unknown
Browse files

Bug#16681 information_schema shows forbidden VIEW details 

show view definition to users that have the needed privilleges


mysql-test/r/information_schema.result:
  Bug#16681 information_schema shows forbidden VIEW details
  test case
mysql-test/t/information_schema.test:
  Bug#16681 information_schema shows forbidden VIEW details
  test case
parent 0792cd92

mysql-test/r/information_schema.result

+13 −0
Original line number Diff line number Diff line
@@ -1108,3 +1108,16 @@ routine_name 


delete from proc where name='';

use test;

grant select on test.* to mysqltest_1@localhost;

create table t1 (id int);

create view v1 as select * from t1;

create definer = mysqltest_1@localhost

sql security definer view v2 as select 1;

select * from information_schema.views

where table_name='v1' or table_name='v2';

TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	VIEW_DEFINITION	CHECK_OPTION	IS_UPDATABLE	DEFINER	SECURITY_TYPE

NULL	test	v1		NONE	YES	root@localhost	DEFINER

NULL	test	v2	select 1 AS `1`	NONE	NO	mysqltest_1@localhost	DEFINER

drop view v1, v2;

drop table t1;

drop user mysqltest_1@localhost;

mysql-test/t/information_schema.test

+19 −0
Original line number Diff line number Diff line
@@ -822,3 +822,22 @@ INSERT INTO `proc` VALUES ('test','','PROCEDURE','','SQL','CONTAINS_SQL', 
select routine_name from information_schema.routines;

delete from proc where name='';

use test;



#

# Bug#16681 information_schema shows forbidden VIEW details

#

grant select on test.* to mysqltest_1@localhost;

create table t1 (id int);

create view v1 as select * from t1;

create definer = mysqltest_1@localhost

sql security definer view v2 as select 1;



connect (con16681,localhost,mysqltest_1,,test);

connection con16681;



select * from information_schema.views

where table_name='v1' or table_name='v2';

connection default;

drop view v1, v2;

drop table t1;

drop user mysqltest_1@localhost;

sql/sql_show.cc

+25 −3
Original line number Diff line number Diff line
@@ -3076,10 +3076,32 @@ static int get_schema_views_record(THD *thd, struct st_table_list *tables, 


  if (tables->view)

  {

    Security_context *sctx= thd->security_ctx;

    ulong grant= SHOW_VIEW_ACL;

#ifndef NO_EMBEDDED_ACCESS_CHECKS

    char *save_table_name= tables->table_name;

    if (!my_strcasecmp(system_charset_info, tables->definer.user.str,

                       sctx->priv_user) &&

        !my_strcasecmp(system_charset_info, tables->definer.host.str,

                       sctx->priv_host))

      grant= SHOW_VIEW_ACL;

    else

    {

      tables->table_name= tables->view_name.str;

      if (check_access(thd, SHOW_VIEW_ACL , base_name,

                       &tables->grant.privilege, 0, 1,

                       test(tables->schema_table)))

        grant= get_table_grant(thd, tables);

      else

        grant= tables->grant.privilege;

    }

    tables->table_name= save_table_name;

#endif



    restore_record(table, s->default_values);

    table->field[1]->store(tables->view_db.str, tables->view_db.length, cs);

    table->field[2]->store(tables->view_name.str, tables->view_name.length,

                           cs);

    table->field[2]->store(tables->view_name.str, tables->view_name.length, cs);

    if (grant & SHOW_VIEW_ACL)

      table->field[3]->store(tables->query.str, tables->query.length, cs);



    if (tables->with_check != VIEW_CHECK_NONE)