From b5b7b03ff3d0ec92e7bdf8cf2a0f0793b4f3b91d Mon Sep 17 00:00:00 2001
From: "evgen@moonbone.local" <>
Date: Mon, 27 Nov 2006 16:15:32 +0300
Subject: Bug#17254: Error for DEFINER security on VIEW provides too much info

If a view was created with the DEFINER security and later the definer user
was dropped then a SELECT from the view throws the error message saying that
there is no definer user is registered. This is ok for a root but too much
for a mere user.

Now the st_table_list::prepare_view_securety_context() function reveals
the absence of the definer only to a superuser and throws the 'access denied'
error to others.
---
 mysql-test/t/view_grant.test | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

(limited to 'mysql-test/t/view_grant.test')

diff --git a/mysql-test/t/view_grant.test b/mysql-test/t/view_grant.test
index 8bc34cfe148..1da2250f65a 100644
--- a/mysql-test/t/view_grant.test
+++ b/mysql-test/t/view_grant.test
@@ -927,4 +927,41 @@ DROP VIEW v2;
 DROP VIEW v1;
 DROP USER mysqltest_u1@localhost;
 
+#
+# Bug#17254: Error for DEFINER security on VIEW provides too much info
+#
+connect (root,localhost,root,,);
+connection root;
+CREATE DATABASE db17254;
+USE db17254;
+CREATE TABLE t1 (f1 INT);
+INSERT INTO t1 VALUES (10),(20);
+CREATE USER def_17254@localhost;
+GRANT SELECT ON db17254.* TO def_17254@localhost;
+CREATE USER inv_17254@localhost;
+GRANT SELECT ON db17254.t1 TO inv_17254@localhost;
+GRANT CREATE VIEW ON db17254.* TO def_17254@localhost;
+
+connect (def,localhost,def_17254,,db17254);
+connection def;
+CREATE VIEW v1 AS SELECT * FROM t1;
+
+connection root;
+DROP USER def_17254@localhost;
+
+connect (inv,localhost,inv_17254,,db17254);
+connection inv;
+--echo for a user
+--error 1142
+SELECT * FROM v1;
+
+connection root;
+--echo for a superuser
+--error 1449
+SELECT * FROM v1;
+DROP USER inv_17254@localhost;
+DROP DATABASE db17254;
+disconnect def;
+disconnect inv;
+
 # End of 5.0 tests.
-- 
cgit v1.2.1