Bug #26817: mysqldump fails to backup database containing view with invalid definer

give some leeway on required permissions for SHOW FIELDS on views so
an unknonwn DEFINER will no longer break mysqldump
parent e84584e2
......@@ -51,5 +51,5 @@ enum options_client
OPT_TRIGGERS,
OPT_IGNORE_TABLE,OPT_INSERT_IGNORE,OPT_SHOW_WARNINGS,OPT_DROP_DATABASE,
OPT_TZ_UTC, OPT_AUTO_CLOSE, OPT_SSL_VERIFY_SERVER_CERT,
OPT_DEBUG_INFO
OPT_DEBUG_INFO, OPT_ERROR_LOG_FILE
};
......@@ -105,7 +105,8 @@ static char *opt_password=0,*current_user=0,
*lines_terminated=0, *enclosed=0, *opt_enclosed=0, *escaped=0,
*where=0, *order_by=0,
*opt_compatible_mode_str= 0,
*err_ptr= 0;
*err_ptr= 0,
*log_error_file= NULL;
static char **defaults_argv= 0;
static char compatible_mode_normal_str[255];
static ulong opt_compatible_mode= 0;
......@@ -117,6 +118,8 @@ static int first_error=0;
static DYNAMIC_STRING extended_row;
#include <sslopt-vars.h>
FILE *md_result_file= 0;
FILE *stderror_file=0;
#ifdef HAVE_SMEM
static char *shared_memory_base_name=0;
#endif
......@@ -293,6 +296,9 @@ static struct my_option my_long_options[] =
0, 0, 0, 0, 0, 0},
{"lock-tables", 'l', "Lock all tables for read.", (gptr*) &lock_tables,
(gptr*) &lock_tables, 0, GET_BOOL, NO_ARG, 1, 0, 0, 0, 0, 0},
{"log-error", OPT_ERROR_LOG_FILE, "Append warnings and errors to given file.",
(gptr*) &log_error_file, (gptr*) &log_error_file, 0, GET_STR,
REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"master-data", OPT_MASTER_DATA,
"This causes the binary log position and filename to be appended to the "
"output. If equal to 1, will print it as a CHANGE MASTER command; if equal"
......@@ -3694,6 +3700,16 @@ int main(int argc, char **argv)
free_resources(0);
exit(exit_code);
}
if (log_error_file)
{
if(!(stderror_file= freopen(log_error_file, "a+", stderr)))
{
free_resources(0);
exit(EX_MYSQLERR);
}
}
if (connect_to_db(current_host, current_user, opt_password))
{
free_resources(0);
......@@ -3746,5 +3762,9 @@ err:
if (!path)
write_footer(md_result_file);
free_resources();
if (stderror_file)
fclose(stderror_file);
return(first_error);
} /* main */
......@@ -106,16 +106,82 @@ use testdb_1;
create table t1 (f1 char(4));
create view v1 as select f1 from t1;
grant insert on v1 to testdb_2@localhost;
create view v5 as select f1 from t1;
grant show view on v5 to testdb_2@localhost;
create definer=`no_such_user`@`no_such_host` view v6 as select f1 from t1;
ERROR 42000: Access denied; you need the SUPER privilege for this operation
use testdb_1;
create view v6 as select f1 from t1;
grant show view on v6 to testdb_2@localhost;
create table t2 (f1 char(4));
create definer=`no_such_user`@`no_such_host` view v7 as select * from t2;
Warnings:
Note 1449 There is no 'no_such_user'@'no_such_host' registered
show fields from testdb_1.v6;
Field Type Null Key Default Extra
f1 char(4) YES NULL
show create view testdb_1.v6;
View Create View
v6 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v6` AS select `t1`.`f1` AS `f1` from `t1`
show create view testdb_1.v7;
View Create View
v7 CREATE ALGORITHM=UNDEFINED DEFINER=`no_such_user`@`no_such_host` SQL SECURITY DEFINER VIEW `v7` AS select `testdb_1`.`t2`.`f1` AS `f1` from `t2`
Warnings:
Warning 1356 View 'testdb_1.v7' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
show fields from testdb_1.v7;
Field Type Null Key Default Extra
f1 null YES NULL
Warnings:
Note 1449 There is no 'no_such_user'@'no_such_host' registered
create table t3 (f1 char(4), f2 char(4));
create view v3 as select f1,f2 from t3;
grant insert(f1), insert(f2) on v3 to testdb_2@localhost;
create view v2 as select f1 from testdb_1.v1;
create view v4 as select f1,f2 from testdb_1.v3;
show fields from testdb_1.v5;
Field Type Null Key Default Extra
f1 char(4) YES NULL
show create view testdb_1.v5;
View Create View
v5 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_1`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v5` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1`
show fields from testdb_1.v6;
Field Type Null Key Default Extra
f1 char(4) YES NULL
show create view testdb_1.v6;
View Create View
v6 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v6` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1`
show fields from testdb_1.v7;
Field Type Null Key Default Extra
f1 null YES NULL
Warnings:
Note 1449 There is no 'no_such_user'@'no_such_host' registered
show create view testdb_1.v7;
View Create View
v7 CREATE ALGORITHM=UNDEFINED DEFINER=`no_such_user`@`no_such_host` SQL SECURITY DEFINER VIEW `v7` AS select `testdb_1`.`t2`.`f1` AS `f1` from `t2`
Warnings:
Warning 1356 View 'testdb_1.v7' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
revoke insert(f1) on v3 from testdb_2@localhost;
revoke show view on v5 from testdb_2@localhost;
use testdb_1;
revoke show view on v6 from testdb_2@localhost;
show fields from testdb_1.v5;
ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v5'
show create view testdb_1.v5;
ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v5'
show fields from testdb_1.v6;
ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v6'
show create view testdb_1.v6;
ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v6'
show fields from testdb_1.v7;
ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v7'
show create view testdb_1.v7;
ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v7'
show create view v4;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
show fields from v4;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
Field Type Null Key Default Extra
f1 null YES NULL
f2 char(4) YES NULL
show fields from v2;
Field Type Null Key Default Extra
f1 char(4) YES NULL
......@@ -140,7 +206,8 @@ where a.table_name = 'testdb_1.v1';
view_definition
select * from v2;
ERROR HY000: View 'test.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
drop view testdb_1.v1,v2, testdb_1.v3, v4;
use test;
drop view testdb_1.v1, v2, testdb_1.v3, v4;
drop database testdb_1;
drop user testdb_1@localhost;
drop user testdb_2@localhost;
......@@ -121,6 +121,28 @@ create table t1 (f1 char(4));
create view v1 as select f1 from t1;
grant insert on v1 to testdb_2@localhost;
create view v5 as select f1 from t1;
grant show view on v5 to testdb_2@localhost;
--error 1227
create definer=`no_such_user`@`no_such_host` view v6 as select f1 from t1;
connection default;
use testdb_1;
create view v6 as select f1 from t1;
grant show view on v6 to testdb_2@localhost;
create table t2 (f1 char(4));
create definer=`no_such_user`@`no_such_host` view v7 as select * from t2;
show fields from testdb_1.v6;
show create view testdb_1.v6;
show create view testdb_1.v7;
show fields from testdb_1.v7;
connection testdb_1;
create table t3 (f1 char(4), f2 char(4));
create view v3 as select f1,f2 from t3;
grant insert(f1), insert(f2) on v3 to testdb_2@localhost;
......@@ -129,13 +151,41 @@ connect (testdb_2,localhost,testdb_2,,test);
create view v2 as select f1 from testdb_1.v1;
create view v4 as select f1,f2 from testdb_1.v3;
show fields from testdb_1.v5;
show create view testdb_1.v5;
show fields from testdb_1.v6;
show create view testdb_1.v6;
connection testdb_1;
show fields from testdb_1.v7;
show create view testdb_1.v7;
revoke insert(f1) on v3 from testdb_2@localhost;
revoke show view on v5 from testdb_2@localhost;
connection default;
use testdb_1;
revoke show view on v6 from testdb_2@localhost;
connection testdb_2;
--error 1142
show fields from testdb_1.v5;
--error 1142
show create view testdb_1.v5;
--error 1142
show fields from testdb_1.v6;
--error 1142
show create view testdb_1.v6;
--error 1142
show fields from testdb_1.v7;
--error 1142
show create view testdb_1.v7;
--error 1345
show create view v4;
--error 1345
#--error 1345
show fields from v4;
show fields from v2;
......@@ -155,7 +205,8 @@ where a.table_name = 'testdb_1.v1';
select * from v2;
connection default;
drop view testdb_1.v1,v2, testdb_1.v3, v4;
use test;
drop view testdb_1.v1, v2, testdb_1.v3, v4;
drop database testdb_1;
drop user testdb_1@localhost;
drop user testdb_2@localhost;
......@@ -3573,15 +3573,36 @@ find_field_in_tables(THD *thd, Item_ident *item,
{
Field *cur_field= find_field_in_table_ref(thd, cur_table, name, length,
item->name, db, table_name, ref,
check_privileges, allow_rowid,
check_privileges,
allow_rowid,
&(item->cached_field_index),
register_tree_change,
&actual_table);
if (cur_field)
{
if (cur_field == WRONG_GRANT)
{
if (thd->lex->sql_command != SQLCOM_SHOW_FIELDS)
return (Field*) 0;
thd->clear_error();
cur_field= find_field_in_table_ref(thd, cur_table, name, length,
item->name, db, table_name, ref,
false,
allow_rowid,
&(item->cached_field_index),
register_tree_change,
&actual_table);
if (cur_field)
{
Field *nf=new Field_null(NULL,0,Field::NONE,
cur_field->field_name,
cur_field->table,
&my_charset_bin);
cur_field= nf;
}
}
/*
Store the original table of the field, which may be different from
cur_table in the case of NATURAL/USING join.
......
......@@ -5159,7 +5159,10 @@ bool check_single_table_access(THD *thd, ulong privilege,
goto deny;
/* Show only 1 table for check_grant */
if (grant_option && check_grant(thd, privilege, all_tables, 0, 1, 0))
if (grant_option &&
!(all_tables->belong_to_view &&
(thd->lex->sql_command == SQLCOM_SHOW_FIELDS)) &&
check_grant(thd, privilege, all_tables, 0, 1, 0))
goto deny;
thd->security_ctx= backup_ctx;
......
......@@ -1003,6 +1003,11 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
CHARSET_INFO *save_cs= thd->variables.character_set_client;
thd->variables.character_set_client= system_charset_info;
res= MYSQLparse((void *)thd);
if ((old_lex->sql_command == SQLCOM_SHOW_FIELDS) ||
(old_lex->sql_command == SQLCOM_SHOW_CREATE))
lex->sql_command= old_lex->sql_command;
thd->variables.character_set_client= save_cs;
thd->variables.sql_mode= save_mode;
}
......@@ -1028,7 +1033,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
}
}
else if (!table->prelocking_placeholder &&
old_lex->sql_command == SQLCOM_SHOW_CREATE &&
(old_lex->sql_command == SQLCOM_SHOW_CREATE) &&
!table->belong_to_view)
{
if (check_table_access(thd, SHOW_VIEW_ACL, table, 0))
......
......@@ -2441,7 +2441,8 @@ bool st_table_list::prepare_view_securety_context(THD *thd)
definer.host.str,
thd->db))
{
if (thd->lex->sql_command == SQLCOM_SHOW_CREATE)
if ((thd->lex->sql_command == SQLCOM_SHOW_CREATE) ||
(thd->lex->sql_command == SQLCOM_SHOW_FIELDS))
{
push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_NOTE,
ER_NO_SUCH_USER,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment