diff options
| author | Dmitry Lenev <Dmitry.Lenev@oracle.com> | 2011-01-12 16:28:33 +0300 |
|---|---|---|
| committer | Dmitry Lenev <Dmitry.Lenev@oracle.com> | 2011-01-12 16:28:33 +0300 |
| commit | 7aa999607a5ed0dcf6c93bf511b858afa4563297 (patch) | |
| tree | b0267ce9368e24958136900350d3f3b80004a4c8 /sql/sql_view.cc | |
| parent | bbf40ba3c5cac76b4efd2dc177b9ffaff1ce9266 (diff) | |
| parent | 599457ae2c99944dc9c3a0de6a6792a437abfe7e (diff) | |
| download | mariadb-git-7aa999607a5ed0dcf6c93bf511b858afa4563297.tar.gz | |
Merged fix for bug #58499 "DEFINER-security view selecting from
INVOKER-security view access check wrong" into mysql-5.5 tree.
Diffstat (limited to 'sql/sql_view.cc')
| -rw-r--r-- | sql/sql_view.cc | 42 |
1 files changed, 28 insertions, 14 deletions
diff --git a/sql/sql_view.cc b/sql/sql_view.cc index f569c679776..9b4543bf636 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -1270,6 +1270,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table, TABLE_LIST *view_tables= lex->query_tables; TABLE_LIST *view_tables_tail= 0; TABLE_LIST *tbl; + Security_context *security_ctx; /* Check rights to run commands (EXPLAIN SELECT & SHOW CREATE) which show @@ -1416,26 +1417,39 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table, if (table->view_suid) { /* - Prepare a security context to check underlying objects of the view + For suid views prepare a security context for checking underlying + objects of the view. */ if (!(table->view_sctx= (Security_context *) thd->stmt_arena->alloc(sizeof(Security_context)))) goto err; - /* Assign the context to the tables referenced in the view */ - if (view_tables) - { - DBUG_ASSERT(view_tables_tail); - for (tbl= view_tables; tbl != view_tables_tail->next_global; - tbl= tbl->next_global) - tbl->security_ctx= table->view_sctx; - } - /* assign security context to SELECT name resolution contexts of view */ - for(SELECT_LEX *sl= lex->all_selects_list; - sl; - sl= sl->next_select_in_list()) - sl->context.security_ctx= table->view_sctx; + security_ctx= table->view_sctx; + } + else + { + /* + For non-suid views inherit security context from view's table list. + This allows properly handle situation when non-suid view is used + from within suid view. + */ + security_ctx= table->security_ctx; + } + + /* Assign the context to the tables referenced in the view */ + if (view_tables) + { + DBUG_ASSERT(view_tables_tail); + for (tbl= view_tables; tbl != view_tables_tail->next_global; + tbl= tbl->next_global) + tbl->security_ctx= security_ctx; } + /* assign security context to SELECT name resolution contexts of view */ + for(SELECT_LEX *sl= lex->all_selects_list; + sl; + sl= sl->next_select_in_list()) + sl->context.security_ctx= security_ctx; + /* Setup an error processor to hide error messages issued by stored routines referenced in the view |