backport the fix for bug #37191 to 5.1-bugteam
This commit is contained in:
Georgi Kodinov
parent
e60b9650c0
commit
620438fdae
@ -956,6 +956,27 @@ Warnings:
|
|||||||
Warning 1356 View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
|
Warning 1356 View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
|
||||||
DROP VIEW v1;
|
DROP VIEW v1;
|
||||||
DROP TABLE t1;
|
DROP TABLE t1;
|
||||||
|
CREATE USER mysqluser1@localhost;
|
||||||
|
CREATE DATABASE mysqltest1;
|
||||||
|
USE mysqltest1;
|
||||||
|
CREATE TABLE t1 ( a INT );
|
||||||
|
CREATE TABLE t2 ( b INT );
|
||||||
|
INSERT INTO t1 VALUES (1), (2);
|
||||||
|
INSERT INTO t2 VALUES (1), (2);
|
||||||
|
GRANT CREATE VIEW ON mysqltest1.* TO mysqluser1@localhost;
|
||||||
|
GRANT SELECT ON t1 TO mysqluser1@localhost;
|
||||||
|
GRANT INSERT ON t2 TO mysqluser1@localhost;
|
||||||
|
This would lead to failed assertion.
|
||||||
|
CREATE VIEW v1 AS SELECT a, b FROM t1, t2;
|
||||||
|
SELECT * FROM v1;
|
||||||
|
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 'v1'
|
||||||
|
SELECT b FROM v1;
|
||||||
|
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 'v1'
|
||||||
|
DROP TABLE t1, t2;
|
||||||
|
DROP VIEW v1;
|
||||||
|
DROP DATABASE mysqltest1;
|
||||||
|
DROP USER mysqluser1@localhost;
|
||||||
|
USE test;
|
||||||
End of 5.1 tests.
|
End of 5.1 tests.
|
||||||
CREATE USER mysqluser1@localhost;
|
CREATE USER mysqluser1@localhost;
|
||||||
CREATE DATABASE mysqltest1;
|
CREATE DATABASE mysqltest1;
|
||||||
|
|||||||
@ -1218,6 +1218,44 @@ SHOW CREATE VIEW v1;
|
|||||||
DROP VIEW v1;
|
DROP VIEW v1;
|
||||||
DROP TABLE t1;
|
DROP TABLE t1;
|
||||||
|
|
||||||
|
#
|
||||||
|
# Bug#37191: Failed assertion in CREATE VIEW
|
||||||
|
#
|
||||||
|
CREATE USER mysqluser1@localhost;
|
||||||
|
CREATE DATABASE mysqltest1;
|
||||||
|
|
||||||
|
USE mysqltest1;
|
||||||
|
|
||||||
|
CREATE TABLE t1 ( a INT );
|
||||||
|
CREATE TABLE t2 ( b INT );
|
||||||
|
|
||||||
|
INSERT INTO t1 VALUES (1), (2);
|
||||||
|
INSERT INTO t2 VALUES (1), (2);
|
||||||
|
|
||||||
|
GRANT CREATE VIEW ON mysqltest1.* TO mysqluser1@localhost;
|
||||||
|
|
||||||
|
GRANT SELECT ON t1 TO mysqluser1@localhost;
|
||||||
|
GRANT INSERT ON t2 TO mysqluser1@localhost;
|
||||||
|
|
||||||
|
--connect (connection1, localhost, mysqluser1, , mysqltest1)
|
||||||
|
|
||||||
|
--echo This would lead to failed assertion.
|
||||||
|
CREATE VIEW v1 AS SELECT a, b FROM t1, t2;
|
||||||
|
|
||||||
|
--error ER_TABLEACCESS_DENIED_ERROR
|
||||||
|
SELECT * FROM v1;
|
||||||
|
--error ER_TABLEACCESS_DENIED_ERROR
|
||||||
|
SELECT b FROM v1;
|
||||||
|
|
||||||
|
--disconnect connection1
|
||||||
|
--connection default
|
||||||
|
|
||||||
|
DROP TABLE t1, t2;
|
||||||
|
DROP VIEW v1;
|
||||||
|
DROP DATABASE mysqltest1;
|
||||||
|
DROP USER mysqluser1@localhost;
|
||||||
|
USE test;
|
||||||
|
|
||||||
--echo End of 5.1 tests.
|
--echo End of 5.1 tests.
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
@ -564,24 +564,36 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
|
|||||||
fill_effective_table_privileges(thd, &view->grant, view->db,
|
fill_effective_table_privileges(thd, &view->grant, view->db,
|
||||||
view->table_name);
|
view->table_name);
|
||||||
|
|
||||||
|
/*
|
||||||
|
Make sure that the current user does not have more column-level privileges
|
||||||
|
on the newly created view than he/she does on the underlying
|
||||||
|
tables. E.g. it must not be so that the user has UPDATE privileges on a
|
||||||
|
view column of he/she doesn't have it on the underlying table's
|
||||||
|
corresponding column. In that case, return an error for CREATE VIEW.
|
||||||
|
*/
|
||||||
{
|
{
|
||||||
Item *report_item= NULL;
|
Item *report_item= NULL;
|
||||||
|
/*
|
||||||
|
This will hold the intersection of the priviliges on all columns in the
|
||||||
|
view.
|
||||||
|
*/
|
||||||
uint final_priv= VIEW_ANY_ACL;
|
uint final_priv= VIEW_ANY_ACL;
|
||||||
|
|
||||||
for (sl= select_lex; sl; sl= sl->next_select())
|
for (sl= select_lex; sl; sl= sl->next_select())
|
||||||
{
|
|
||||||
DBUG_ASSERT(view->db); /* Must be set in the parser */
|
|
||||||
List_iterator_fast<Item> it(sl->item_list);
|
|
||||||
Item *item;
|
|
||||||
while ((item= it++))
|
|
||||||
{
|
{
|
||||||
|
DBUG_ASSERT(view->db); /* Must be set in the parser */
|
||||||
|
List_iterator_fast<Item> it(sl->item_list);
|
||||||
|
Item *item;
|
||||||
|
while ((item= it++))
|
||||||
|
{
|
||||||
Item_field *fld= item->filed_for_view_update();
|
Item_field *fld= item->filed_for_view_update();
|
||||||
uint priv= (get_column_grant(thd, &view->grant, view->db,
|
uint priv= (get_column_grant(thd, &view->grant, view->db,
|
||||||
view->table_name, item->name) &
|
view->table_name, item->name) &
|
||||||
VIEW_ANY_ACL);
|
VIEW_ANY_ACL);
|
||||||
|
|
||||||
if (fld && !fld->field->table->s->tmp_table)
|
if (fld && !fld->field->table->s->tmp_table)
|
||||||
{
|
{
|
||||||
|
|
||||||
final_priv&= fld->have_privileges;
|
final_priv&= fld->have_privileges;
|
||||||
|
|
||||||
if (~fld->have_privileges & priv)
|
if (~fld->have_privileges & priv)
|
||||||
@ -589,17 +601,15 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!final_priv)
|
if (!final_priv && report_item)
|
||||||
{
|
{
|
||||||
DBUG_ASSERT(report_item);
|
my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
|
||||||
|
"create view", thd->security_ctx->priv_user,
|
||||||
my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
|
|
||||||
"create view", thd->security_ctx->priv_user,
|
|
||||||
thd->security_ctx->priv_host, report_item->name,
|
thd->security_ctx->priv_host, report_item->name,
|
||||||
view->table_name);
|
view->table_name);
|
||||||
res= TRUE;
|
res= TRUE;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user