diff options
| -rw-r--r-- | mysql-test/r/func_math.result | 8 | ||||
| -rw-r--r-- | mysql-test/r/view_grant.result | 49 | ||||
| -rw-r--r-- | mysql-test/t/func_math.test | 2 | ||||
| -rw-r--r-- | mysql-test/t/view_grant.test | 50 | ||||
| -rw-r--r-- | sql/field.cc | 15 | ||||
| -rw-r--r-- | sql/sql_select.cc | 3 | ||||
| -rw-r--r-- | sql/sql_view.cc | 5 | ||||
| -rw-r--r-- | tests/mysql_client_test.c | 23 |
8 files changed, 126 insertions, 29 deletions
diff --git a/mysql-test/r/func_math.result b/mysql-test/r/func_math.result index 186c67876b2..6a476d12896 100644 --- a/mysql-test/r/func_math.result +++ b/mysql-test/r/func_math.result @@ -372,25 +372,17 @@ pow(cast(-2 as unsigned), 5) pow(18446744073709551614, 5) pow(-2, 5) CREATE TABLE t1 (a timestamp, b varchar(20), c bit(1)); INSERT INTO t1 VALUES('1998-09-23', 'str1', 1), ('2003-03-25', 'str2', 0); SELECT a DIV 900 y FROM t1 GROUP BY y; -Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr -def y y 8 19 11 Y 32800 0 63 y 22201025555 22255916666 SELECT DISTINCT a DIV 900 y FROM t1; -Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr -def y y 8 19 11 Y 32800 0 63 y 22201025555 22255916666 SELECT b DIV 900 y FROM t1 GROUP BY y; -Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr -def y y 8 20 1 Y 32768 0 63 y 0 SELECT c DIV 900 y FROM t1 GROUP BY y; -Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr -def y y 3 1 1 Y 32800 0 63 y 0 DROP TABLE t1; diff --git a/mysql-test/r/view_grant.result b/mysql-test/r/view_grant.result index 49c98d8e03f..8b4aa894130 100644 --- a/mysql-test/r/view_grant.result +++ b/mysql-test/r/view_grant.result @@ -778,15 +778,60 @@ GRANT CREATE VIEW ON db26813.v2 TO u26813@localhost; GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost; GRANT SELECT ON db26813.t1 TO u26813@localhost; ALTER VIEW v1 AS SELECT f2 FROM t1; -ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1' +ERROR 42000: Access denied; you need the SUPER privilege for this operation ALTER VIEW v2 AS SELECT f2 FROM t1; -ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2' +ERROR 42000: Access denied; you need the SUPER privilege for this operation ALTER VIEW v3 AS SELECT f2 FROM t1; +ERROR 42000: Access denied; you need the SUPER privilege for this operation SHOW CREATE VIEW v3; View Create View character_set_client collation_connection v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1` latin1 latin1_swedish_ci DROP USER u26813@localhost; DROP DATABASE db26813; +# +# Bug#29908: A user can gain additional access through the ALTER VIEW. +# +CREATE DATABASE mysqltest_29908; +USE mysqltest_29908; +CREATE TABLE t1(f1 INT, f2 INT); +CREATE USER u29908_1@localhost; +CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1; +CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS +SELECT f1 FROM t1; +GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost; +GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost; +GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost; +CREATE USER u29908_2@localhost; +GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost; +GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost; +GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost; +ALTER VIEW v1 AS SELECT f2 FROM t1; +ERROR 42000: Access denied; you need the SUPER privilege for this operation +ALTER VIEW v2 AS SELECT f2 FROM t1; +ERROR 42000: Access denied; you need the SUPER privilege for this operation +SHOW CREATE VIEW v2; +View Create View +v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1` +ALTER VIEW v1 AS SELECT f2 FROM t1; +SHOW CREATE VIEW v1; +View Create View +v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f2` AS `f2` from `t1` +ALTER VIEW v2 AS SELECT f2 FROM t1; +SHOW CREATE VIEW v2; +View Create View +v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1` +ALTER VIEW v1 AS SELECT f1 FROM t1; +SHOW CREATE VIEW v1; +View Create View +v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f1` AS `f1` from `t1` +ALTER VIEW v2 AS SELECT f1 FROM t1; +SHOW CREATE VIEW v2; +View Create View +v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1` +DROP USER u29908_1@localhost; +DROP USER u29908_2@localhost; +DROP DATABASE mysqltest_29908; +####################################################################### DROP DATABASE IF EXISTS mysqltest1; DROP DATABASE IF EXISTS mysqltest2; CREATE DATABASE mysqltest1; diff --git a/mysql-test/t/func_math.test b/mysql-test/t/func_math.test index 639556d6201..274a953a314 100644 --- a/mysql-test/t/func_math.test +++ b/mysql-test/t/func_math.test @@ -230,12 +230,10 @@ select pow(cast(-2 as unsigned), 5), pow(18446744073709551614, 5), pow(-2, 5); CREATE TABLE t1 (a timestamp, b varchar(20), c bit(1)); INSERT INTO t1 VALUES('1998-09-23', 'str1', 1), ('2003-03-25', 'str2', 0); ---enable_metadata SELECT a DIV 900 y FROM t1 GROUP BY y; SELECT DISTINCT a DIV 900 y FROM t1; SELECT b DIV 900 y FROM t1 GROUP BY y; SELECT c DIV 900 y FROM t1 GROUP BY y; ---disable_metadata DROP TABLE t1; CREATE TABLE t1(a LONGBLOB); diff --git a/mysql-test/t/view_grant.test b/mysql-test/t/view_grant.test index b3bfd1cf544..3be0148f765 100644 --- a/mysql-test/t/view_grant.test +++ b/mysql-test/t/view_grant.test @@ -1040,10 +1040,11 @@ GRANT SELECT ON db26813.t1 TO u26813@localhost; connect (u1,localhost,u26813,,db26813); connection u1; ---error 1142 +--error ER_SPECIFIC_ACCESS_DENIED_ERROR ALTER VIEW v1 AS SELECT f2 FROM t1; ---error 1142 +--error ER_SPECIFIC_ACCESS_DENIED_ERROR ALTER VIEW v2 AS SELECT f2 FROM t1; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR ALTER VIEW v3 AS SELECT f2 FROM t1; connection root; @@ -1053,6 +1054,51 @@ DROP USER u26813@localhost; DROP DATABASE db26813; disconnect u1; +--echo # +--echo # Bug#29908: A user can gain additional access through the ALTER VIEW. +--echo # +connection root; +CREATE DATABASE mysqltest_29908; +USE mysqltest_29908; +CREATE TABLE t1(f1 INT, f2 INT); +CREATE USER u29908_1@localhost; +CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1; +CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS + SELECT f1 FROM t1; +GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost; +GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost; +GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost; +CREATE USER u29908_2@localhost; +GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost; +GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost; +GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost; + +connect (u2,localhost,u29908_2,,mysqltest_29908); +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +ALTER VIEW v1 AS SELECT f2 FROM t1; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +ALTER VIEW v2 AS SELECT f2 FROM t1; +SHOW CREATE VIEW v2; + +connect (u1,localhost,u29908_1,,mysqltest_29908); +ALTER VIEW v1 AS SELECT f2 FROM t1; +SHOW CREATE VIEW v1; +ALTER VIEW v2 AS SELECT f2 FROM t1; +SHOW CREATE VIEW v2; + +connection root; +ALTER VIEW v1 AS SELECT f1 FROM t1; +SHOW CREATE VIEW v1; +ALTER VIEW v2 AS SELECT f1 FROM t1; +SHOW CREATE VIEW v2; + +DROP USER u29908_1@localhost; +DROP USER u29908_2@localhost; +DROP DATABASE mysqltest_29908; +disconnect u1; +disconnect u2; +--echo ####################################################################### + # # BUG#24040: Create View don't succed with "all privileges" on a database. # diff --git a/sql/field.cc b/sql/field.cc index fa93454c757..169ef03dc75 100644 --- a/sql/field.cc +++ b/sql/field.cc @@ -1457,15 +1457,24 @@ void Field_num::add_zerofill_and_unsigned(String &res) const void Field::make_field(Send_field *field) { - if (orig_table->s->db.str && *orig_table->s->db.str) + if (orig_table && orig_table->s->db.str && *orig_table->s->db.str) { field->db_name= orig_table->s->db.str; field->org_table_name= orig_table->s->table_name.str; } else field->org_table_name= field->db_name= ""; - field->table_name= orig_table->alias; - field->col_name= field->org_col_name= field_name; + if (orig_table) + { + field->table_name= orig_table->alias; + field->org_col_name= field_name; + } + else + { + field->table_name= ""; + field->org_col_name= ""; + } + field->col_name= field_name; field->charsetnr= charset()->number; field->length=field_length; field->type=type(); diff --git a/sql/sql_select.cc b/sql/sql_select.cc index ec022d1f72e..008f2f9c70a 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -14800,6 +14800,9 @@ change_to_use_tmp_fields(THD *thd, Item **ref_pointer_array, item_field= (Item*) new Item_field(field); if (!item_field) DBUG_RETURN(TRUE); // Fatal error + + if (item->real_item()->type() != Item::FIELD_ITEM) + field->orig_table= 0; item_field->name= item->name; if (item->type() == Item::REF_ITEM) { diff --git a/sql/sql_view.cc b/sql/sql_view.cc index 00e97ace938..6e27af63e8a 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -223,9 +223,6 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, { LEX *lex= thd->lex; bool link_to_local; -#ifndef NO_EMBEDDED_ACCESS_CHECKS - bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer; -#endif /* first table in list is target VIEW name => cut off it */ TABLE_LIST *view= lex->unlink_first_table(&link_to_local); TABLE_LIST *tables= lex->query_tables; @@ -280,7 +277,7 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, - same as current user - current user has SUPER_ACL */ - if (definer_check_is_needed && + if (lex->definer && (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 || my_strcasecmp(system_charset_info, lex->definer->host.str, diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index 7f0289d93db..50e0511ae96 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -15999,7 +15999,7 @@ static void test_bug21635() char *query_end; MYSQL_RES *result; MYSQL_FIELD *field; - unsigned int field_count, i; + unsigned int field_count, i, j; int rc; DBUG_ENTER("test_bug21635"); @@ -16015,14 +16015,20 @@ static void test_bug21635() myquery(rc); rc= mysql_query(mysql, "CREATE TABLE t1 (i INT)"); myquery(rc); - rc= mysql_query(mysql, "INSERT INTO t1 VALUES (1)"); - myquery(rc); + /* + We need this loop to ensure correct behavior with both constant and + non-constant tables. + */ + for (j= 0; j < 2 ; j++) + { + rc= mysql_query(mysql, "INSERT INTO t1 VALUES (1)"); + myquery(rc); - rc= mysql_real_query(mysql, query, query_end - query); - myquery(rc); + rc= mysql_real_query(mysql, query, query_end - query); + myquery(rc); - result= mysql_use_result(mysql); - DIE_UNLESS(result); + result= mysql_use_result(mysql); + DIE_UNLESS(result); field_count= mysql_field_count(mysql); for (i= 0; i < field_count; ++i) @@ -16038,7 +16044,8 @@ static void test_bug21635() puts("OK"); } - mysql_free_result(result); + mysql_free_result(result); + } rc= mysql_query(mysql, "DROP TABLE t1"); myquery(rc); |