Commit 6c787151 authored by unknown's avatar unknown
Browse files

Bug #20482: failure on Create join view with sources views/tables in different 

            schemas
The function check_one_table_access() called to check access to tables in 
SELECT/INSERT/UPDATE was doing additional checks/modifications that don't hold
in the context of setup_tables_and_check_access().
That's why the check_one_table() was split into two : the functionality needed by
setup_tables_and_check_access() into check_single_table_access() and the rest of 
the functionality stays in check_one_table_access() that is made to call the new
check_single_table_access() function.


mysql-test/r/view_grant.result:
  Bug #20482: failure on Create join view with sources views/tables in different 
              schemas
  - test suite for the bug
mysql-test/t/view_grant.test:
  Bug #20482: failure on Create join view with sources views/tables in different 
              schemas
  - test suite for the bug
sql/mysql_priv.h:
  Bug #20482: failure on Create join view with sources views/tables in different 
              schemas
  - check_one_table_access split into 2
sql/sql_base.cc:
  Bug #20482: failure on Create join view with sources views/tables in different 
              schemas
  - the new sub-function called
sql/sql_parse.cc:
  Bug #20482: failure on Create join view with sources views/tables in different 
              schemas
  - check_one_table_access() split into two : check_single_table_access() to 
    actually check access to the table(ro) and check_one_table_access() that calls
    check_single_table_access() and checks also the tables belonging to sub selects
    or implicitly opened tables.
parent b47705ab

mysql-test/r/view_grant.result

+12 −0
Original line number Diff line number Diff line
@@ -618,3 +618,15 @@ ERROR HY000: There is no 'no-such-user'@'localhost' registered 
DROP VIEW v;

DROP TABLE t1;

USE test;

CREATE DATABASE test1;

CREATE DATABASE test2;

CREATE TABLE test1.t0 (a VARCHAR(20));

CREATE TABLE test2.t1 (a VARCHAR(20));

CREATE VIEW  test2.t3 AS SELECT * FROM test1.t0;

CREATE OR REPLACE VIEW test.v1 AS 

SELECT ta.a AS col1, tb.a AS col2 FROM test2.t3 ta, test2.t1 tb;

DROP VIEW test.v1;

DROP VIEW test2.t3;

DROP TABLE test2.t1, test1.t0;

DROP DATABASE test2;

DROP DATABASE test1;

mysql-test/t/view_grant.test

+21 −0
Original line number Diff line number Diff line
@@ -807,3 +807,24 @@ SELECT * FROM v; 
DROP VIEW v;

DROP TABLE t1;

USE test;



#

# BUG#20482: failure on Create join view with sources views/tables 

#             in different schemas

#

--disable_warnings

CREATE DATABASE test1;

CREATE DATABASE test2;

--enable_warnings



CREATE TABLE test1.t0 (a VARCHAR(20));

CREATE TABLE test2.t1 (a VARCHAR(20));

CREATE VIEW  test2.t3 AS SELECT * FROM test1.t0;

CREATE OR REPLACE VIEW test.v1 AS 

  SELECT ta.a AS col1, tb.a AS col2 FROM test2.t3 ta, test2.t1 tb;



DROP VIEW test.v1;

DROP VIEW test2.t3;

DROP TABLE test2.t1, test1.t0;

DROP DATABASE test2;

DROP DATABASE test1;

sql/mysql_priv.h

+2 −0
Original line number Diff line number Diff line
@@ -513,6 +513,8 @@ class THD; 
void close_thread_tables(THD *thd, bool locked=0, bool skip_derived=0);

bool check_one_table_access(THD *thd, ulong privilege,

			   TABLE_LIST *tables);

bool check_single_table_access(THD *thd, ulong privilege,

			   TABLE_LIST *tables);

bool check_routine_access(THD *thd,ulong want_access,char *db,char *name,

			  bool is_proc, bool no_errors);

bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table);

sql/sql_base.cc

+1 −1
Original line number Diff line number Diff line
@@ -4545,7 +4545,7 @@ bool setup_tables_and_check_access(THD *thd, 


  for (; leaves_tmp; leaves_tmp= leaves_tmp->next_leaf)

    if (leaves_tmp->belong_to_view && 

        check_one_table_access(thd, want_access,  leaves_tmp))

        check_single_table_access(thd, want_access,  leaves_tmp))

    {

      tables->hide_view_error(thd);

      return TRUE;

sql/sql_parse.cc

+31 −9
Original line number Diff line number Diff line
@@ -4978,11 +4978,10 @@ mysql_execute_command(THD *thd) 




/*

  Check grants for commands which work only with one table and all other

  tables belonging to subselects or implicitly opened tables.

  Check grants for commands which work only with one table.



  SYNOPSIS

    check_one_table_access()

    check_single_table_access()

    thd			Thread handler

    privilege		requested privilege

    all_tables		global table list of query
@@ -4992,7 +4991,8 @@ mysql_execute_command(THD *thd) 
    1 - access denied, error is sent to client

*/



bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)

bool check_single_table_access(THD *thd, ulong privilege, 

                               TABLE_LIST *all_tables)

{

  Security_context * backup_ctx= thd->security_ctx;
@@ -5010,19 +5010,41 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables) 
    goto deny;



  thd->security_ctx= backup_ctx;

  return 0;



deny:

  thd->security_ctx= backup_ctx;

  return 1;

}



/*

  Check grants for commands which work only with one table and all other

  tables belonging to subselects or implicitly opened tables.



  SYNOPSIS

    check_one_table_access()

    thd			Thread handler

    privilege		requested privilege

    all_tables		global table list of query



  RETURN

    0 - OK

    1 - access denied, error is sent to client

*/



bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)

{

  if (check_single_table_access (thd,privilege,all_tables))

    return 1;



  /* Check rights on tables of subselects and implictly opened tables */

  TABLE_LIST *subselects_tables;

  if ((subselects_tables= all_tables->next_global))

  {

    if ((check_table_access(thd, SELECT_ACL, subselects_tables, 0)))

      goto deny;

      return 1;

  }

  return 0;



deny:

  thd->security_ctx= backup_ctx;

  return 1;

}