Commit fa710dfb authored by unknown's avatar unknown
Browse files

Merge moonlight.home:/home/tomash/src/mysql_ab/mysql-5.0 

into  moonlight.home:/home/tomash/src/mysql_ab/mysql-5.0-bug24404


sql/sql_view.cc:
  Auto merged
mysql-test/r/view_grant.result:
  Manual merge.
mysql-test/t/view_grant.test:
  Manual merge.
parents c9078c40 0541dcad

mysql-test/r/view_grant.result

+43 −0
Original line number Diff line number Diff line
@@ -731,3 +731,46 @@ SELECT * FROM v1; 
ERROR HY000: There is no 'def_17254'@'localhost' registered

DROP USER inv_17254@localhost;

DROP DATABASE db17254;

DROP DATABASE IF EXISTS mysqltest_db1;

DROP DATABASE IF EXISTS mysqltest_db2;

DROP USER mysqltest_u1;

DROP USER mysqltest_u2;

CREATE USER mysqltest_u1@localhost;

CREATE USER mysqltest_u2@localhost;

CREATE DATABASE mysqltest_db1;

CREATE DATABASE mysqltest_db2;

GRANT ALL ON mysqltest_db1.* TO mysqltest_u1@localhost WITH GRANT OPTION;

GRANT ALL ON mysqltest_db2.* TO mysqltest_u2@localhost;

CREATE TABLE t1 (i INT);

INSERT INTO t1 VALUES (1);

CREATE VIEW v1 AS SELECT i FROM t1 WHERE 1 IN (SELECT * FROM t1);

CREATE TABLE t2 (s CHAR(7));

INSERT INTO t2 VALUES ('public');

GRANT SELECT ON v1 TO mysqltest_u2@localhost;

GRANT SELECT ON t2 TO mysqltest_u2@localhost;

SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;

i	s

1	public

PREPARE stmt1 FROM "SELECT * FROM mysqltest_db1.t2";

EXECUTE stmt1;

s

public

PREPARE stmt2 FROM "SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2";

EXECUTE stmt2;

i	s

1	public

REVOKE SELECT ON t2 FROM mysqltest_u2@localhost;

UPDATE t2 SET s = 'private' WHERE s = 'public';

SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;

ERROR 42000: SELECT command denied to user 'mysqltest_u2'@'localhost' for table 't2'

EXECUTE stmt1;

ERROR 42000: SELECT command denied to user 'mysqltest_u2'@'localhost' for table 't2'

EXECUTE stmt2;

ERROR 42000: SELECT command denied to user 'mysqltest_u2'@'localhost' for table 't2'

REVOKE ALL ON mysqltest_db1.* FROM mysqltest_u1@localhost;

REVOKE ALL ON mysqltest_db2.* FROM mysqltest_u2@localhost;

DROP DATABASE mysqltest_db1;

DROP DATABASE mysqltest_db2;

DROP USER mysqltest_u1@localhost;

DROP USER mysqltest_u2@localhost;

End of 5.0 tests.

mysql-test/t/view_grant.test

+72 −1
Original line number Diff line number Diff line
@@ -927,6 +927,7 @@ DROP VIEW v2; 
DROP VIEW v1;

DROP USER mysqltest_u1@localhost;





#

# Bug#17254: Error for DEFINER security on VIEW provides too much info

#
@@ -964,4 +965,74 @@ DROP DATABASE db17254; 
disconnect def;

disconnect inv;



# End of 5.0 tests.
 


#

# BUG#24404: strange bug with view+permission+prepared statement

#

--disable_warnings

DROP DATABASE IF EXISTS mysqltest_db1;

DROP DATABASE IF EXISTS mysqltest_db2;

--enable_warnings

--error 0,ER_CANNOT_USER

DROP USER mysqltest_u1;

--error 0,ER_CANNOT_USER

DROP USER mysqltest_u2;



CREATE USER mysqltest_u1@localhost;

CREATE USER mysqltest_u2@localhost;



CREATE DATABASE mysqltest_db1;

CREATE DATABASE mysqltest_db2;



GRANT ALL ON mysqltest_db1.* TO mysqltest_u1@localhost WITH GRANT OPTION;

GRANT ALL ON mysqltest_db2.* TO mysqltest_u2@localhost;



connect (conn1, localhost, mysqltest_u1, , mysqltest_db1);



CREATE TABLE t1 (i INT);

INSERT INTO t1 VALUES (1);



# Use view with subquery for better coverage.

CREATE VIEW v1 AS SELECT i FROM t1 WHERE 1 IN (SELECT * FROM t1);



CREATE TABLE t2 (s CHAR(7));

INSERT INTO t2 VALUES ('public');



GRANT SELECT ON v1 TO mysqltest_u2@localhost;

GRANT SELECT ON t2 TO mysqltest_u2@localhost;



connect (conn2, localhost, mysqltest_u2, , mysqltest_db2);



SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;

PREPARE stmt1 FROM "SELECT * FROM mysqltest_db1.t2";

EXECUTE stmt1;

PREPARE stmt2 FROM "SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2";

EXECUTE stmt2;



connection conn1;

# Make table 't2' private.

REVOKE SELECT ON t2 FROM mysqltest_u2@localhost;

UPDATE t2 SET s = 'private' WHERE s = 'public';



connection conn2;

--error ER_TABLEACCESS_DENIED_ERROR

SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;

--error ER_TABLEACCESS_DENIED_ERROR

EXECUTE stmt1;

# Original bug was here: the statement didn't fail.

--error ER_TABLEACCESS_DENIED_ERROR

EXECUTE stmt2;



# Cleanup.

disconnect conn2;

disconnect conn1;

connection default;

REVOKE ALL ON mysqltest_db1.* FROM mysqltest_u1@localhost;

REVOKE ALL ON mysqltest_db2.* FROM mysqltest_u2@localhost;

DROP DATABASE mysqltest_db1;

DROP DATABASE mysqltest_db2;

DROP USER mysqltest_u1@localhost;

DROP USER mysqltest_u2@localhost;





--echo End of 5.0 tests.

sql/sql_view.cc

+7 −3
Original line number Diff line number Diff line
@@ -1135,13 +1135,17 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table, 
      /*

        Prepare a security context to check underlying objects of the view

      */

      Security_context *save_security_ctx= thd->security_ctx;

      if (!(table->view_sctx= (Security_context *)

            thd->stmt_arena->alloc(sizeof(Security_context))))

        goto err;

      /* Assign the context to the tables referenced in the view */

      for (tbl= view_tables; tbl; tbl= tbl->next_global)

      if (view_tables)

      {

        DBUG_ASSERT(view_tables_tail);

        for (tbl= view_tables; tbl != view_tables_tail->next_global;

             tbl= tbl->next_global)

          tbl->security_ctx= table->view_sctx;

      }

      /* assign security context to SELECT name resolution contexts of view */

      for(SELECT_LEX *sl= lex->all_selects_list;

          sl;