Bug#36086: SELECT * from views don't check column grants

This patch also fixes bugs 36963 and 35600. - In many places a view was confused with an anonymous derived table, i.e. access checking was skipped. Fixed by introducing a predicate to tell the difference between named and anonymous derived tables. - When inserting fields for "SELECT * ", there was no distinction between base tables and views, where one should be made. View privileges are checked elsewhere. mysql-test/include/grant_cache.inc: Bug#36086: Changed test case. mysql-test/r/grant2.result: Bug#36086: Changed test result. mysql-test/r/grant_cache_no_prot.result: Bug#36086: Changed test result. mysql-test/r/grant_cache_ps_prot.result: Bug#36086: Changed test result. mysql-test/r/view_grant.result: Bug#36086: Test result. mysql-test/t/grant2.test: Bug#36086: Changed test case. mysql-test/t/view_grant.test: Bug#36086: Test case. sql/item.cc: Bug#36086: Replaced conditional with new methods. sql/sql_acl.cc: Bug no 35600: In mysql_table_grant: Replaced conditional with the new accessor method. In check_grant: - Changed the requirement table->derived != null to checking all anonymous derived tables. - Use of the accessor methods for getting object and database names. Bug#36086: In check_grant_all_columns: - Updated comment. This function is now called for views as well. - The error message should not disclose any column names unless the user has privilege to see all column names. - Changed names of Field_iterator_table_ref methods. sql/sql_base.cc: Bug no 36963: In insert_fields() - Commented. - We should call check_grant_all_columns() for views in this case. - Changed names of Field_iterator_table_ref methods. - We should not disclose column names in the error message when the user has no approprate privilege. sql/sql_cache.cc: Bug#36086: Replaced test with new predicate method. sql/sql_derived.cc: Bug#36086: commenting only. Updated and doxygenated comment for mysql_derived_prepare(). sql/sql_parse.cc: Bug no 35600: - In check_single_table_access: Due to the bug, check_grant would raise an error for a SHOW CREATE TABLE command for a TEMPTABLE view. It should in fact not be be invoked in this case. This table privilege is checked already. There is a test case for this in information_schema_db.test. - In check_access: replaced table->derived sql/table.cc: Bug#36086: - In TABLE_LIST::set_underlying_merge(): Commenting only. Doxygenated, corrected spelling, added. - Renamed table_name() and db_name() methods of Field_iterator_table_ref in order to be consistent with new methods in TABLE_LIST. sql/table.h: Bug#36086: - Commented GRANT_INFO. - Added a predicate is_anonymous_derived_table() to TABLE_LIST. - Added get_table_name() and get_db_name() to TABLE_LIST in order to hide the disparate representation of these properties.
author: Martin Hansson <mhansson@mysql.com> 2008-09-03 16:45:40 +0200
committer: Martin Hansson <mhansson@mysql.com> 2008-09-03 16:45:40 +0200
commit: 3bad2119f9dedc581bf3b9d7335740f563db5803 (patch)
tree: fa2d69a1865665c76918ce941dbff3ea022709da /mysql-test/t/view_grant.test
parent: 8b0e99fe26db6c41ae4bdddd31777e1f63638efe (diff)
download: mariadb-git-3bad2119f9dedc581bf3b9d7335740f563db5803.tar.gz
1 files changed, 68 insertions, 0 deletions
diff --git a/mysql-test/t/view_grant.test b/mysql-test/t/view_grant.test
index cbc66300173..afef5c5bc7b 100644
--- a/mysql-test/t/view_grant.test
+++ b/mysql-test/t/view_grant.test
@@ -1219,3 +1219,71 @@ DROP VIEW v1;
 DROP TABLE t1;
 
 --echo End of 5.1 tests.
+
+#
+# Bug#36086: SELECT * from views don't check column grants
+#
+CREATE USER mysqluser1@localhost;
+CREATE DATABASE mysqltest1;
+
+USE mysqltest1;
+
+CREATE TABLE t1 ( a INT, b INT );
+CREATE TABLE t2 ( a INT, b INT );
+
+CREATE VIEW v1 AS SELECT a, b FROM t1;
+
+GRANT SELECT( a ) ON v1 TO mysqluser1@localhost;
+GRANT UPDATE( b ) ON t2 TO mysqluser1@localhost;
+
+--connect (connection1, localhost, mysqluser1, , test)
+
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM mysqltest1.v1;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+CREATE VIEW v1 AS SELECT * FROM mysqltest1.t2;
+
+--disconnect connection1
+
+--connection default
+
+DROP TABLE t1, t2;
+DROP VIEW v1;
+DROP DATABASE mysqltest1;
+DROP USER mysqluser1@localhost;
+
+#
+# Bug#35600: Security breach via view, I_S table and prepared 
+# statement/stored procedure
+#
+CREATE USER mysqluser1@localhost;
+CREATE DATABASE mysqltest1;
+
+USE mysqltest1;
+
+CREATE VIEW v1 AS SELECT * FROM information_schema.tables LIMIT 1;
+CREATE ALGORITHM = TEMPTABLE VIEW v2 AS SELECT 1 AS A;
+
+--connection default
+GRANT SELECT ON mysqltest1.* to mysqluser1@localhost;
+
+--connect (connection1, localhost, mysqluser1, , test)
+PREPARE stmt_v1     FROM "SELECT * FROM mysqltest1.v1";
+PREPARE stmt_v2 FROM "SELECT * FROM mysqltest1.v2";
+
+--connection default
+REVOKE SELECT ON mysqltest1.* FROM mysqluser1@localhost;
+
+--connection connection1
+
+--error ER_TABLEACCESS_DENIED_ERROR
+EXECUTE stmt_v1;
+--error ER_TABLEACCESS_DENIED_ERROR
+EXECUTE stmt_v2;
+
+--disconnect connection1
+--connection default
+DROP VIEW v1, v2;
+DROP DATABASE mysqltest1;
+DROP USER mysqluser1@localhost;
author	Martin Hansson <mhansson@mysql.com>	2008-09-03 16:45:40 +0200
committer	Martin Hansson <mhansson@mysql.com>	2008-09-03 16:45:40 +0200
commit	3bad2119f9dedc581bf3b9d7335740f563db5803 (patch)
tree	fa2d69a1865665c76918ce941dbff3ea022709da /mysql-test/t/view_grant.test
parent	8b0e99fe26db6c41ae4bdddd31777e1f63638efe (diff)
download	mariadb-git-3bad2119f9dedc581bf3b9d7335740f563db5803.tar.gz