Bug#26813: The SUPER privilege is wrongly required to alter a view created by

another user. When the DEFINER clause isn't specified in the ALTER statement then it's loaded from the view definition. If the definer differs from the current user then the error is thrown because only a super-user can set other users as a definers. Now if the DEFINER clause is omitted in the ALTER VIEW statement then the definer from the original view is used without check.

Bug#26813: The SUPER privilege is wrongly required to alter a view created by
another user. When the DEFINER clause isn't specified in the ALTER statement then it's loaded from the view definition. If the definer differs from the current user then the error is thrown because only a super-user can set other users as a definers. Now if the DEFINER clause is omitted in the ALTER VIEW statement then the definer from the original view is used without check.
1ac5987a · evgen@moonbone.local · e84584e2 · 1ac5987a · 1ac5987a · 1ac5987a
Commit 1ac5987a authored Mar 22, 2007 by evgen@moonbone.local
Hide whitespace changes
Inline Side-by-side

Showing with 60 additions and 6 deletions

mysql-test/r/view_grant.result mysql-test/r/view_grant.result +21 -0

mysql-test/t/view_grant.test mysql-test/t/view_grant.test +31 -0

sql/sql_view.cc sql/sql_view.cc +8 -6

No files found.
--- a/mysql-test/r/view_grant.result
+++ b/mysql-test/r/view_grant.result
@@ -773,4 +773,25 @@ DROP DATABASE mysqltest_db1;
 DROP DATABASE mysqltest_db2;
 DROP USER mysqltest_u1@localhost;
 DROP USER mysqltest_u2@localhost;
+CREATE DATABASE db26813;
+USE db26813;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE VIEW v1 AS SELECT f1 FROM t1;
+CREATE VIEW v2 AS SELECT f1 FROM t1;
+CREATE VIEW v3 AS SELECT f1 FROM t1;
+CREATE USER u26813@localhost;
+GRANT DROP ON db26813.v1 TO u26813@localhost;
+GRANT CREATE VIEW ON db26813.v2 TO u26813@localhost;
+GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost;
+GRANT SELECT ON db26813.t1 TO u26813@localhost;
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1'
+ALTER VIEW v2 AS SELECT f2 FROM t1;
+ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2'
+ALTER VIEW v3 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v3;
+View	Create View
+v3	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1`
+DROP USER u26813@localhost;
+DROP DATABASE db26813;
 End of 5.0 tests.
--- a/mysql-test/t/view_grant.test
+++ b/mysql-test/t/view_grant.test
@@ -1034,5 +1034,36 @@ DROP DATABASE mysqltest_db2;
 DROP USER mysqltest_u1@localhost;
 DROP USER mysqltest_u2@localhost;

+#
+# Bug#26813: The SUPER privilege is wrongly required to alter a view created
+#            by another user.
+#
+connection root;
+CREATE DATABASE db26813;
+USE db26813;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE VIEW v1 AS SELECT f1 FROM t1;
+CREATE VIEW v2 AS SELECT f1 FROM t1;
+CREATE VIEW v3 AS SELECT f1 FROM t1;
+CREATE USER u26813@localhost;
+GRANT DROP ON db26813.v1 TO u26813@localhost;
+GRANT CREATE VIEW ON db26813.v2 TO u26813@localhost;
+GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost;
+GRANT SELECT ON db26813.t1 TO u26813@localhost;
+
+connect (u1,localhost,u26813,,db26813);
+connection u1;
+--error 1142
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+--error 1142
+ALTER VIEW v2 AS SELECT f2 FROM t1;
+ALTER VIEW v3 AS SELECT f2 FROM t1;
+
+connection root;
+SHOW CREATE VIEW v3;
+
+DROP USER u26813@localhost;
+DROP DATABASE db26813;
+disconnect u1;

 --echo End of 5.0 tests.
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@@ -224,6 +224,7 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
 {
  LEX *lex= thd->lex;
  bool link_to_local;
+  bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer;
  /* first table in list is target VIEW name => cut off it */
  TABLE_LIST *view= lex->unlink_first_table(&link_to_local);
  TABLE_LIST *tables= lex->query_tables;
@@ -256,8 +257,9 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
    /*
      DEFINER-clause is missing; we have to create default definer in
      persistent arena to be PS/SP friendly.
+      If this is an ALTER VIEW then the current user should be set as
+      the definer.
    */
-
    Query_arena original_arena;
    Query_arena *ps_arena = thd->activate_stmt_arena_if_needed(&original_arena);

@@ -277,11 +279,11 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
      - same as current user
      - current user has SUPER_ACL
  */
-  if (strcmp(lex->definer->user.str,
-             thd->security_ctx->priv_user) != 0 ||
-      my_strcasecmp(system_charset_info,
-                    lex->definer->host.str,
-                    thd->security_ctx->priv_host) != 0)
+  if (definer_check_is_needed &&
+      (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 ||
+       my_strcasecmp(system_charset_info,
+                     lex->definer->host.str,
+                     thd->security_ctx->priv_host) != 0))
  {
    if (!(thd->security_ctx->master_access & SUPER_ACL))
    {