diff options
| author | Sergey Glukhov <Sergey.Glukhov@sun.com> | 2008-10-02 14:37:07 +0500 |
|---|---|---|
| committer | Sergey Glukhov <Sergey.Glukhov@sun.com> | 2008-10-02 14:37:07 +0500 |
| commit | 7e60f71001595df62b92a089869dd67fcc15a1ee (patch) | |
| tree | 39c335a3a7f82e8e9ac0c83930037892a38351c8 | |
| parent | eb3c08069db60d61f41dacb10fd6b73635fec236 (diff) | |
| download | mariadb-git-7e60f71001595df62b92a089869dd67fcc15a1ee.tar.gz | |
Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
The problem:
I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
privileges for a view. It leads to discrepancy between SHOW CREATE VIEW
and I_S.VIEWS.
The fix:
added appropriate check.
mysql-test/r/information_schema_db.result:
test result
mysql-test/t/information_schema_db.test:
test case
sql/sql_show.cc:
The problem:
I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
privileges for a view. It leads to discrepancy between SHOW CREATE VIEW
and I_S.VIEWS.
The fix:
added appropriate check.
| -rw-r--r-- | mysql-test/r/information_schema_db.result | 21 | ||||
| -rw-r--r-- | mysql-test/t/information_schema_db.test | 30 | ||||
| -rw-r--r-- | sql/sql_show.cc | 21 |
3 files changed, 72 insertions, 0 deletions
diff --git a/mysql-test/r/information_schema_db.result b/mysql-test/r/information_schema_db.result index ef63ef719a4..b9c3358f47e 100644 --- a/mysql-test/r/information_schema_db.result +++ b/mysql-test/r/information_schema_db.result @@ -209,3 +209,24 @@ drop view testdb_1.v1, v2, testdb_1.v3, v4; drop database testdb_1; drop user testdb_1@localhost; drop user testdb_2@localhost; +create database testdb_1; +create table testdb_1.t1 (a int); +create view testdb_1.v1 as select * from testdb_1.t1; +grant show view on testdb_1.* to mysqltest_1@localhost; +grant select on testdb_1.v1 to mysqltest_1@localhost; +select table_schema, table_name, view_definition from information_schema.views +where table_name='v1'; +table_schema table_name view_definition +testdb_1 v1 /* ALGORITHM=UNDEFINED */ select `testdb_1`.`t1`.`a` AS `a` from `testdb_1`.`t1` +show create view testdb_1.v1; +View Create View +v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v1` AS select `testdb_1`.`t1`.`a` AS `a` from `testdb_1`.`t1` +revoke select on testdb_1.v1 from mysqltest_1@localhost; +select table_schema, table_name, view_definition from information_schema.views +where table_name='v1'; +table_schema table_name view_definition +testdb_1 v1 +show create view testdb_1.v1; +ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 'v1' +drop user mysqltest_1@localhost; +drop database testdb_1; diff --git a/mysql-test/t/information_schema_db.test b/mysql-test/t/information_schema_db.test index 666f331c7b9..6353e94fd51 100644 --- a/mysql-test/t/information_schema_db.test +++ b/mysql-test/t/information_schema_db.test @@ -82,6 +82,7 @@ drop function func2; drop database `inf%`; drop procedure mbase.p1; drop database mbase; +disconnect user1; # # Bug#18282 INFORMATION_SCHEMA.TABLES provides inconsistent info about invalid views @@ -210,3 +211,32 @@ drop view testdb_1.v1, v2, testdb_1.v3, v4; drop database testdb_1; drop user testdb_1@localhost; drop user testdb_2@localhost; + +# +# Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS +# +create database testdb_1; +create table testdb_1.t1 (a int); +create view testdb_1.v1 as select * from testdb_1.t1; + +grant show view on testdb_1.* to mysqltest_1@localhost; +grant select on testdb_1.v1 to mysqltest_1@localhost; + +connect (user1,localhost,mysqltest_1,,test); +connection user1; +select table_schema, table_name, view_definition from information_schema.views +where table_name='v1'; +show create view testdb_1.v1; + +connection default; +revoke select on testdb_1.v1 from mysqltest_1@localhost; +connection user1; +select table_schema, table_name, view_definition from information_schema.views +where table_name='v1'; +--error ER_TABLEACCESS_DENIED_ERROR +show create view testdb_1.v1; + +connection default; +drop user mysqltest_1@localhost; +drop database testdb_1; +disconnect user1; diff --git a/sql/sql_show.cc b/sql/sql_show.cc index c30e0a00d95..8203622cf6e 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -3170,6 +3170,27 @@ static int get_schema_views_record(THD *thd, TABLE_LIST *tables, !my_strcasecmp(system_charset_info, tables->definer.host.str, sctx->priv_host)) tables->allowed_show= TRUE; +#ifndef NO_EMBEDDED_ACCESS_CHECKS + else + { + if ((thd->col_access & (SHOW_VIEW_ACL|SELECT_ACL)) == + (SHOW_VIEW_ACL|SELECT_ACL)) + tables->allowed_show= TRUE; + else + { + TABLE_LIST table_list; + uint view_access; + memset(&table_list, 0, sizeof(table_list)); + table_list.db= tables->view_db.str; + table_list.table_name= tables->view_name.str; + table_list.grant.privilege= thd->col_access; + view_access= get_table_grant(thd, &table_list); + if ((view_access & (SHOW_VIEW_ACL|SELECT_ACL)) == + (SHOW_VIEW_ACL|SELECT_ACL)) + tables->allowed_show= TRUE; + } + } +#endif } restore_record(table, s->default_values); table->field[1]->store(tables->view_db.str, tables->view_db.length, cs); |