diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2012-01-13 15:50:02 +0100 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2012-01-13 15:50:02 +0100 |
| commit | 4f435bddfd44d40999f88685c61cc04e319d8d6c (patch) | |
| tree | f9d0655a0d901b87f918a736741144b502cba3f6 /sql/sql_view.cc | |
| parent | 8c2bcdf85ff753bceeb5b235f3605e348e6f9e1d (diff) | |
| parent | 6ca4ca7d37fed3b3da18666768de6a2f8c34bc7b (diff) | |
| download | mariadb-git-4f435bddfd44d40999f88685c61cc04e319d8d6c.tar.gz | |
5.3 merge
Diffstat (limited to 'sql/sql_view.cc')
| -rw-r--r-- | sql/sql_view.cc | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/sql/sql_view.cc b/sql/sql_view.cc index 94dffad822e..d39ec82aad1 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -847,7 +847,7 @@ static int mysql_register_view(THD *thd, TABLE_LIST *view, thd->variables.sql_mode|= sql_mode; } - DBUG_PRINT("info", ("View: %s", view_query.c_ptr_safe())); + DBUG_PRINT("info", ("View: %.*s", view_query.length(), view_query.ptr())); /* fill structure */ view->source= thd->lex->create_view_select; @@ -1283,6 +1283,37 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table, if (!table->prelocking_placeholder && (old_lex->sql_command == SQLCOM_SELECT && old_lex->describe)) { + /* + The user we run EXPLAIN as (either the connected user who issued + the EXPLAIN statement, or the definer of a SUID stored routine + which contains the EXPLAIN) should have both SHOW_VIEW_ACL and + SELECT_ACL on the view being opened as well as on all underlying + views since EXPLAIN will disclose their structure. This user also + should have SELECT_ACL on all underlying tables of the view since + this EXPLAIN will disclose information about the number of rows in it. + + To perform this privilege check we create auxiliary TABLE_LIST object + for the view in order a) to avoid trashing "table->grant" member for + original table list element, which contents can be important at later + stage for column-level privilege checking b) get TABLE_LIST object + with "security_ctx" member set to 0, i.e. forcing check_table_access() + to use active user's security context. + + There is no need for creating similar copies of TABLE_LIST elements + for underlying tables since they just have been constructed and thus + have TABLE_LIST::security_ctx == 0 and fresh TABLE_LIST::grant member. + + Finally at this point making sure we have SHOW_VIEW_ACL on the views + will suffice as we implicitly require SELECT_ACL anyway. + */ + + TABLE_LIST view_no_suid; + bzero(static_cast<void *>(&view_no_suid), sizeof(TABLE_LIST)); + view_no_suid.db= table->db; + view_no_suid.table_name= table->table_name; + + DBUG_ASSERT(view_tables == NULL || view_tables->security_ctx == NULL); + if (check_table_access(thd, SELECT_ACL, view_tables, FALSE, UINT_MAX, TRUE) && check_table_access(thd, SHOW_VIEW_ACL, table, FALSE, UINT_MAX, TRUE)) |