diff options
| author | unknown <gluh@mysql.com/gluh.(none)> | 2006-07-25 17:23:25 +0500 |
|---|---|---|
| committer | unknown <gluh@mysql.com/gluh.(none)> | 2006-07-25 17:23:25 +0500 |
| commit | eaf279df12ed9d93ad88d3c0691ea157f90e96ba (patch) | |
| tree | d9933578d1cbee2ab94159c8d1ab7352a08775ab /sql | |
| parent | 29cb371ca931f4f2297eb2c7c443f0af59d45249 (diff) | |
| download | mariadb-git-eaf279df12ed9d93ad88d3c0691ea157f90e96ba.tar.gz | |
Bug#20543 select on information_schema strange warnings, view, different schemas/users
The fix is: if user has privileges to view fields and user has any
(insert,select,delete,update) privileges on underlying view
then 'show fields' and select from I_S.COLUMNS table are sucsessful.
mysql-test/r/information_schema_db.result:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
test result
mysql-test/t/information_schema_db.test:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
test case
sql/sql_acl.cc:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
checked that user has privileges on underlying view and if it's true
set allowed_show to true for top view.
sql/sql_show.cc:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
removed unnecessary rights check.'tables->allowed_show' check is used instead
sql/sql_view.cc:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
skip the check of SHOW_VIEW_ACL privilege on underlying view. It is done later during
execution of find_field_in_table_ref function.
sql/table.h:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
'allowed_show' is set during rights check for view. If true then user has privileges
for 'show create view', etc
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/sql_acl.cc | 15 | ||||
| -rw-r--r-- | sql/sql_show.cc | 27 | ||||
| -rw-r--r-- | sql/sql_view.cc | 3 | ||||
| -rw-r--r-- | sql/table.h | 1 |
4 files changed, 25 insertions, 21 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index ae5ea210a47..6e25878671d 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -3787,9 +3787,24 @@ bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref, if (table_ref->view || table_ref->field_translation) { /* View or derived information schema table. */ + ulong view_privs; grant= &(table_ref->grant); db_name= table_ref->view_db.str; table_name= table_ref->view_name.str; + if (table_ref->belong_to_view && + (thd->lex->sql_command == SQLCOM_SHOW_FIELDS || + thd->lex->sql_command == SQLCOM_SHOW_CREATE)) + { + view_privs= get_column_grant(thd, grant, db_name, table_name, name); + if (view_privs & VIEW_ANY_ACL) + { + table_ref->belong_to_view->allowed_show= TRUE; + return FALSE; + } + table_ref->belong_to_view->allowed_show= FALSE; + my_message(ER_VIEW_NO_EXPLAIN, ER(ER_VIEW_NO_EXPLAIN), MYF(0)); + return TRUE; + } } else { diff --git a/sql/sql_show.cc b/sql/sql_show.cc index cabb04c5f16..6e78596d679 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -3110,31 +3110,18 @@ static int get_schema_views_record(THD *thd, struct st_table_list *tables, if (tables->view) { Security_context *sctx= thd->security_ctx; - ulong grant= SHOW_VIEW_ACL; -#ifndef NO_EMBEDDED_ACCESS_CHECKS - char *save_table_name= tables->table_name; - if (!my_strcasecmp(system_charset_info, tables->definer.user.str, - sctx->priv_user) && - !my_strcasecmp(system_charset_info, tables->definer.host.str, - sctx->priv_host)) - grant= SHOW_VIEW_ACL; - else + if (!tables->allowed_show) { - tables->table_name= tables->view_name.str; - if (check_access(thd, SHOW_VIEW_ACL , base_name, - &tables->grant.privilege, 0, 1, - test(tables->schema_table))) - grant= get_table_grant(thd, tables); - else - grant= tables->grant.privilege; + if (!my_strcasecmp(system_charset_info, tables->definer.user.str, + sctx->priv_user) && + !my_strcasecmp(system_charset_info, tables->definer.host.str, + sctx->priv_host)) + tables->allowed_show= TRUE; } - tables->table_name= save_table_name; -#endif - restore_record(table, s->default_values); table->field[1]->store(tables->view_db.str, tables->view_db.length, cs); table->field[2]->store(tables->view_name.str, tables->view_name.length, cs); - if (grant & SHOW_VIEW_ACL) + if (tables->allowed_show) { char buff[2048]; String qwe_str(buff, sizeof(buff), cs); diff --git a/sql/sql_view.cc b/sql/sql_view.cc index 1561ade78af..90a6cba53f4 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -934,7 +934,8 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table) } } else if (!table->prelocking_placeholder && - old_lex->sql_command == SQLCOM_SHOW_CREATE) + old_lex->sql_command == SQLCOM_SHOW_CREATE && + !table->belong_to_view) { if (check_table_access(thd, SHOW_VIEW_ACL, table, 0)) goto err; diff --git a/sql/table.h b/sql/table.h index eb34867c390..41ab7e7bec8 100644 --- a/sql/table.h +++ b/sql/table.h @@ -569,6 +569,7 @@ typedef struct st_table_list tables. Unlike 'next_local', this in this list views are *not* leaves. Created in setup_tables() -> make_leaves_list(). */ + bool allowed_show; st_table_list *next_leaf; Item *where; /* VIEW WHERE clause condition */ Item *check_option; /* WITH CHECK OPTION condition */ |