MDEV-7025 ANALYZE SELECT/INSERT/UPDATE/DELETE from a view does not check access permissions on the view

Added access checking for the ANALYZE statement command.
author: Vicențiu Ciorbaru <vicentiu@mariadb.org> 2015-03-04 12:20:10 +0200
committer: Vicențiu Ciorbaru <vicentiu@mariadb.org> 2015-03-10 14:11:02 +0200
commit: 0ed57e34c76ffa5e457e1abb402ada6352fb52b2 (patch)
tree: 60996746ea8a4b783a6dd55ed9c7e0aae0e68a25 /mysql-test/r
parent: c8035da9b8d037b43c27268b37df40e587780bec (diff)
download: mariadb-git-0ed57e34c76ffa5e457e1abb402ada6352fb52b2.tar.gz
4 files changed, 71 insertions, 31 deletions
diff --git a/mysql-test/r/analyze_stmt.result b/mysql-test/r/analyze_stmt.result
index 50063324faf..4e5af76e64d 100644
--- a/mysql-test/r/analyze_stmt.result
+++ b/mysql-test/r/analyze_stmt.result
@@ -315,3 +315,43 @@ id	select_type	table	type	possible_keys	key	key_len	ref	rows	r_rows	filtered	r_f
 1	SIMPLE	t1	ALL	NULL	NULL	NULL	NULL	10	10.00	100.00	100.00	Using where
 1	SIMPLE	t2	ref	a	a	5	test.t1.a	2	0.20	100.00	100.00	Using index
 drop table t1,t2;
+#
+# MDEV-7025 and MDEV-7027 ANALYZE SELECT/INSERT/UPDATE/DELETE from a
+# view does not check access permissions on the underlying table
+#
+create database db;
+use db;
+create table t1 (i int, c varchar(8));
+insert into t1 values (1,'foo'),(2,'bar'),(3,'baz'),(4,'qux');
+create view v1 as select * from t1 where i > 1;
+grant ALL on db.v1 to u1@localhost;
+connect  con1,localhost,u1,,;
+select * from db.t1;
+ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table 't1'
+explain select * from db.t1;
+ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table 't1'
+analyze select * from db.t1;
+ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table 't1'
+select * from db.v1;
+i	c
+2	bar
+3	baz
+4	qux
+explain select * from db.v1;
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+analyze select * from db.v1;
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+UPDATE db.v1 SET i = 5;
+explain UPDATE db.v1 SET i = 5;
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+analyze UPDATE db.v1 SET i = 5;
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+DELETE FROM db.v1 WHERE i = 5;
+explain DELETE FROM db.v1 WHERE i = 5;
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+analyze DELETE FROM db.v1 WHERE i = 5;
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+disconnect con1;
+connection default;
+drop user u1@localhost;
+drop database db;
diff --git a/mysql-test/r/grant_explain_non_select.result b/mysql-test/r/grant_explain_non_select.result
index 85b0ae5c4b4..8bce20f7a95 100644
--- a/mysql-test/r/grant_explain_non_select.result
+++ b/mysql-test/r/grant_explain_non_select.result
@@ -140,7 +140,7 @@ REVOKE ALL PRIVILEGES ON privtest_db.t1 FROM 'privtest'@'localhost';
 CREATE VIEW privtest_db.v1 (a) AS SELECT a FROM privtest_db.t1;
 GRANT SELECT, INSERT, UPDATE, DELETE ON privtest_db.v1 TO 'privtest'@'localhost';
 EXPLAIN SELECT * FROM v1;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 SELECT * FROM v1;
 a
 11
@@ -150,28 +150,28 @@ a
 4
 4
 EXPLAIN INSERT INTO v1 VALUES (10);
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 INSERT INTO v1 VALUES (10);
 EXPLAIN INSERT INTO v1 SELECT * FROM t2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 INSERT INTO v1 SELECT * FROM t2;
 EXPLAIN REPLACE  INTO v1 VALUES (10);
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 REPLACE  INTO v1 VALUES (10);
 EXPLAIN REPLACE INTO v1 SELECT * FROM t2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 REPLACE INTO v1 SELECT * FROM t2;
 EXPLAIN UPDATE v1 SET a = a + 1;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 UPDATE v1 SET a = a + 1;
 EXPLAIN UPDATE v1, t2 SET v1.a = v1.a + 1 WHERE v1.a = t2.a;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 UPDATE v1, t2 SET v1.a = v1.a + 1 WHERE v1.a = t2.a;
 EXPLAIN DELETE FROM v1 WHERE a = 10;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 DELETE FROM v1 WHERE a = 10;
 EXPLAIN DELETE FROM v1 USING v1, t2 WHERE v1.a = t2.a;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 DELETE FROM v1 USING v1, t2 WHERE v1.a = t2.a;
 DROP USER 'privtest'@localhost;
 USE test;
diff --git a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result
index 3bfb8d84904..1af69857371 100644
--- a/mysql-test/r/information_schema.result
+++ b/mysql-test/r/information_schema.result
@@ -240,7 +240,7 @@ where table_schema = 'mysqltest' and table_name = 'v1';
 table_name	column_name	privileges
 v1	c	select
 explain select * from v1;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 drop view v1, mysqltest.v1;
 drop tables mysqltest.t4, mysqltest.t1, t2, t3, t5;
 drop database mysqltest;
diff --git a/mysql-test/r/view_grant.result b/mysql-test/r/view_grant.result
index 8f0ffdda742..550ca12d19e 100644
--- a/mysql-test/r/view_grant.result
+++ b/mysql-test/r/view_grant.result
@@ -91,19 +91,19 @@ Field	Type	Null	Key	Default	Extra
 c	bigint(12)	YES		NULL	
 d	bigint(12)	YES		NULL	
 explain select c from mysqltest.v1;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 show create view mysqltest.v1;
 ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v1'
 explain select c from mysqltest.v2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 show create view mysqltest.v2;
 ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v2'
 explain select c from mysqltest.v3;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 show create view mysqltest.v3;
 ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v3'
 explain select c from mysqltest.v4;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 show create view mysqltest.v4;
 ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v4'
 explain select c from mysqltest.v5;
@@ -115,7 +115,7 @@ show create view mysqltest.v5;
 View	Create View	character_set_client	collation_connection
 v5	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest`.`v5` AS select (`mysqltest`.`t1`.`a` + 1) AS `c`,(`mysqltest`.`t1`.`b` + 1) AS `d` from `mysqltest`.`t1`	latin1	latin1_swedish_ci
 explain select c from mysqltest.v1;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 show create view mysqltest.v1;
 ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v1'
 grant show view on mysqltest.v1 to mysqltest_1@localhost;
@@ -128,15 +128,15 @@ show create view mysqltest.v1;
 View	Create View	character_set_client	collation_connection
 v1	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest`.`v1` AS select (`mysqltest`.`t1`.`a` + 1) AS `c`,(`mysqltest`.`t1`.`b` + 1) AS `d` from `mysqltest`.`t1`	latin1	latin1_swedish_ci
 explain select c from mysqltest.v2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 show create view mysqltest.v2;
 ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v2'
 explain select c from mysqltest.v3;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 show create view mysqltest.v3;
 ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v3'
 explain select c from mysqltest.v4;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 show create view mysqltest.v4;
 ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v4'
 explain select c from mysqltest.v5;
@@ -156,12 +156,12 @@ show create view mysqltest.v2;
 View	Create View	character_set_client	collation_connection
 v2	CREATE ALGORITHM=TEMPTABLE DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest`.`v2` AS select (`mysqltest`.`t1`.`a` + 1) AS `c`,(`mysqltest`.`t1`.`b` + 1) AS `d` from `mysqltest`.`t1`	latin1	latin1_swedish_ci
 explain select c from mysqltest.v3;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 show create view mysqltest.v3;
 View	Create View	character_set_client	collation_connection
 v3	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest`.`v3` AS select (`mysqltest`.`t2`.`a` + 1) AS `c`,(`mysqltest`.`t2`.`b` + 1) AS `d` from `mysqltest`.`t2`	latin1	latin1_swedish_ci
 explain select c from mysqltest.v4;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 show create view mysqltest.v4;
 View	Create View	character_set_client	collation_connection
 v4	CREATE ALGORITHM=TEMPTABLE DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest`.`v4` AS select (`mysqltest`.`t2`.`a` + 1) AS `c`,(`mysqltest`.`t2`.`b` + 1) AS `d` from `mysqltest`.`t2`	latin1	latin1_swedish_ci
@@ -1027,7 +1027,7 @@ grant select, show view on mysqltest1.v1 to quintessa@localhost;
 select * from v1;
 i
 explain select * from v1;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as cecil
 select * from v1;
 ERROR 42000: SELECT command denied to user 'cecil'@'localhost' for table 'v1'
@@ -1043,7 +1043,7 @@ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 select * from v1;
 i
 explain select * from v1;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as fiona
 select * from v2;
 i	j
@@ -1057,14 +1057,14 @@ ERROR 42000: SELECT command denied to user 'fiona'@'localhost' for table 'v1'
 explain select * from t2;
 ERROR 42000: SELECT command denied to user 'fiona'@'localhost' for table 't2'
 explain select * from v2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as greg
 select * from v2;
 i	j
 explain select * from v1;
 ERROR 42000: SELECT command denied to user 'greg'@'localhost' for table 'v1'
 explain select * from v2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as han
 select * from t3;
 ERROR 42000: SELECT command denied to user 'han'@'localhost' for table 't3'
@@ -1084,17 +1084,17 @@ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 select * from v2;
 i	j
 explain select * from v2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as jamie
 select * from v2;
 i	j
 explain select * from v2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as karl
 select * from v2;
 i	j
 explain select * from v2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as lena
 select * from v2;
 ERROR 42000: SELECT command denied to user 'lena'@'localhost' for table 'v2'
@@ -1111,22 +1111,22 @@ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 select * from v2;
 i	j
 explain select * from v2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as olga
 select * from v2;
 i	j
 explain select * from v2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as pjotr
 select * from v2;
 i	j
 explain select * from v2;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as quintessa
 select * from v1;
 i
 explain select * from v1;
-ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
+ERROR HY000: ANALYZE/EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
 ... as root again at last: clean-up time!
 drop user alice@localhost;
 drop user bob@localhost;
author	Vicențiu Ciorbaru <vicentiu@mariadb.org>	2015-03-04 12:20:10 +0200
committer	Vicențiu Ciorbaru <vicentiu@mariadb.org>	2015-03-10 14:11:02 +0200
commit	0ed57e34c76ffa5e457e1abb402ada6352fb52b2 (patch)
tree	60996746ea8a4b783a6dd55ed9c7e0aae0e68a25 /mysql-test/r
parent	c8035da9b8d037b43c27268b37df40e587780bec (diff)
download	mariadb-git-0ed57e34c76ffa5e457e1abb402ada6352fb52b2.tar.gz