Loading mysql-test/r/view_grant.result +21 −0 Original line number Diff line number Diff line Loading @@ -773,4 +773,25 @@ DROP DATABASE mysqltest_db1; DROP DATABASE mysqltest_db2; DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u2@localhost; CREATE DATABASE db26813; USE db26813; CREATE TABLE t1(f1 INT, f2 INT); CREATE VIEW v1 AS SELECT f1 FROM t1; CREATE VIEW v2 AS SELECT f1 FROM t1; CREATE VIEW v3 AS SELECT f1 FROM t1; CREATE USER u26813@localhost; GRANT DROP ON db26813.v1 TO u26813@localhost; GRANT CREATE VIEW ON db26813.v2 TO u26813@localhost; GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost; GRANT SELECT ON db26813.t1 TO u26813@localhost; ALTER VIEW v1 AS SELECT f2 FROM t1; ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1' ALTER VIEW v2 AS SELECT f2 FROM t1; ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2' ALTER VIEW v3 AS SELECT f2 FROM t1; SHOW CREATE VIEW v3; View Create View v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1` DROP USER u26813@localhost; DROP DATABASE db26813; End of 5.0 tests. mysql-test/t/view_grant.test +31 −0 Original line number Diff line number Diff line Loading @@ -1034,5 +1034,36 @@ DROP DATABASE mysqltest_db2; DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u2@localhost; # # Bug#26813: The SUPER privilege is wrongly required to alter a view created # by another user. # connection root; CREATE DATABASE db26813; USE db26813; CREATE TABLE t1(f1 INT, f2 INT); CREATE VIEW v1 AS SELECT f1 FROM t1; CREATE VIEW v2 AS SELECT f1 FROM t1; CREATE VIEW v3 AS SELECT f1 FROM t1; CREATE USER u26813@localhost; GRANT DROP ON db26813.v1 TO u26813@localhost; GRANT CREATE VIEW ON db26813.v2 TO u26813@localhost; GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost; GRANT SELECT ON db26813.t1 TO u26813@localhost; connect (u1,localhost,u26813,,db26813); connection u1; --error 1142 ALTER VIEW v1 AS SELECT f2 FROM t1; --error 1142 ALTER VIEW v2 AS SELECT f2 FROM t1; ALTER VIEW v3 AS SELECT f2 FROM t1; connection root; SHOW CREATE VIEW v3; DROP USER u26813@localhost; DROP DATABASE db26813; disconnect u1; --echo End of 5.0 tests. sql/sql_view.cc +8 −6 Original line number Diff line number Diff line Loading @@ -224,6 +224,7 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, { LEX *lex= thd->lex; bool link_to_local; bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer; /* first table in list is target VIEW name => cut off it */ TABLE_LIST *view= lex->unlink_first_table(&link_to_local); TABLE_LIST *tables= lex->query_tables; Loading Loading @@ -256,8 +257,9 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, /* DEFINER-clause is missing; we have to create default definer in persistent arena to be PS/SP friendly. If this is an ALTER VIEW then the current user should be set as the definer. */ Query_arena original_arena; Query_arena *ps_arena = thd->activate_stmt_arena_if_needed(&original_arena); Loading @@ -277,11 +279,11 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, - same as current user - current user has SUPER_ACL */ if (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 || if (definer_check_is_needed && (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 || my_strcasecmp(system_charset_info, lex->definer->host.str, thd->security_ctx->priv_host) != 0) thd->security_ctx->priv_host) != 0)) { if (!(thd->security_ctx->master_access & SUPER_ACL)) { Loading Loading
mysql-test/r/view_grant.result +21 −0 Original line number Diff line number Diff line Loading @@ -773,4 +773,25 @@ DROP DATABASE mysqltest_db1; DROP DATABASE mysqltest_db2; DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u2@localhost; CREATE DATABASE db26813; USE db26813; CREATE TABLE t1(f1 INT, f2 INT); CREATE VIEW v1 AS SELECT f1 FROM t1; CREATE VIEW v2 AS SELECT f1 FROM t1; CREATE VIEW v3 AS SELECT f1 FROM t1; CREATE USER u26813@localhost; GRANT DROP ON db26813.v1 TO u26813@localhost; GRANT CREATE VIEW ON db26813.v2 TO u26813@localhost; GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost; GRANT SELECT ON db26813.t1 TO u26813@localhost; ALTER VIEW v1 AS SELECT f2 FROM t1; ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1' ALTER VIEW v2 AS SELECT f2 FROM t1; ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2' ALTER VIEW v3 AS SELECT f2 FROM t1; SHOW CREATE VIEW v3; View Create View v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1` DROP USER u26813@localhost; DROP DATABASE db26813; End of 5.0 tests.
mysql-test/t/view_grant.test +31 −0 Original line number Diff line number Diff line Loading @@ -1034,5 +1034,36 @@ DROP DATABASE mysqltest_db2; DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u2@localhost; # # Bug#26813: The SUPER privilege is wrongly required to alter a view created # by another user. # connection root; CREATE DATABASE db26813; USE db26813; CREATE TABLE t1(f1 INT, f2 INT); CREATE VIEW v1 AS SELECT f1 FROM t1; CREATE VIEW v2 AS SELECT f1 FROM t1; CREATE VIEW v3 AS SELECT f1 FROM t1; CREATE USER u26813@localhost; GRANT DROP ON db26813.v1 TO u26813@localhost; GRANT CREATE VIEW ON db26813.v2 TO u26813@localhost; GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost; GRANT SELECT ON db26813.t1 TO u26813@localhost; connect (u1,localhost,u26813,,db26813); connection u1; --error 1142 ALTER VIEW v1 AS SELECT f2 FROM t1; --error 1142 ALTER VIEW v2 AS SELECT f2 FROM t1; ALTER VIEW v3 AS SELECT f2 FROM t1; connection root; SHOW CREATE VIEW v3; DROP USER u26813@localhost; DROP DATABASE db26813; disconnect u1; --echo End of 5.0 tests.
sql/sql_view.cc +8 −6 Original line number Diff line number Diff line Loading @@ -224,6 +224,7 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, { LEX *lex= thd->lex; bool link_to_local; bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer; /* first table in list is target VIEW name => cut off it */ TABLE_LIST *view= lex->unlink_first_table(&link_to_local); TABLE_LIST *tables= lex->query_tables; Loading Loading @@ -256,8 +257,9 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, /* DEFINER-clause is missing; we have to create default definer in persistent arena to be PS/SP friendly. If this is an ALTER VIEW then the current user should be set as the definer. */ Query_arena original_arena; Query_arena *ps_arena = thd->activate_stmt_arena_if_needed(&original_arena); Loading @@ -277,11 +279,11 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, - same as current user - current user has SUPER_ACL */ if (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 || if (definer_check_is_needed && (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 || my_strcasecmp(system_charset_info, lex->definer->host.str, thd->security_ctx->priv_host) != 0) thd->security_ctx->priv_host) != 0)) { if (!(thd->security_ctx->master_access & SUPER_ACL)) { Loading
