Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
457aea43
Commit
457aea43
authored
May 23, 2006
by
gluh@eagle.intranet.mysql.r18.ru
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug#16681 information_schema shows forbidden VIEW details
show view definition to users that have the needed privilleges
parent
4a673444
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
57 additions
and
3 deletions
+57
-3
mysql-test/r/information_schema.result
mysql-test/r/information_schema.result
+13
-0
mysql-test/t/information_schema.test
mysql-test/t/information_schema.test
+19
-0
sql/sql_show.cc
sql/sql_show.cc
+25
-3
No files found.
mysql-test/r/information_schema.result
View file @
457aea43
...
...
@@ -1108,3 +1108,16 @@ routine_name
delete from proc where name='';
use test;
grant select on test.* to mysqltest_1@localhost;
create table t1 (id int);
create view v1 as select * from t1;
create definer = mysqltest_1@localhost
sql security definer view v2 as select 1;
select * from information_schema.views
where table_name='v1' or table_name='v2';
TABLE_CATALOG TABLE_SCHEMA TABLE_NAME VIEW_DEFINITION CHECK_OPTION IS_UPDATABLE DEFINER SECURITY_TYPE
NULL test v1 NONE YES root@localhost DEFINER
NULL test v2 select 1 AS `1` NONE NO mysqltest_1@localhost DEFINER
drop view v1, v2;
drop table t1;
drop user mysqltest_1@localhost;
mysql-test/t/information_schema.test
View file @
457aea43
...
...
@@ -822,3 +822,22 @@ INSERT INTO `proc` VALUES ('test','','PROCEDURE','','SQL','CONTAINS_SQL',
select
routine_name
from
information_schema
.
routines
;
delete
from
proc
where
name
=
''
;
use
test
;
#
# Bug#16681 information_schema shows forbidden VIEW details
#
grant
select
on
test
.*
to
mysqltest_1
@
localhost
;
create
table
t1
(
id
int
);
create
view
v1
as
select
*
from
t1
;
create
definer
=
mysqltest_1
@
localhost
sql
security
definer
view
v2
as
select
1
;
connect
(
con16681
,
localhost
,
mysqltest_1
,,
test
);
connection
con16681
;
select
*
from
information_schema
.
views
where
table_name
=
'v1'
or
table_name
=
'v2'
;
connection
default
;
drop
view
v1
,
v2
;
drop
table
t1
;
drop
user
mysqltest_1
@
localhost
;
sql/sql_show.cc
View file @
457aea43
...
...
@@ -3076,11 +3076,33 @@ static int get_schema_views_record(THD *thd, struct st_table_list *tables,
if
(
tables
->
view
)
{
Security_context
*
sctx
=
thd
->
security_ctx
;
ulong
grant
=
SHOW_VIEW_ACL
;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
char
*
save_table_name
=
tables
->
table_name
;
if
(
!
my_strcasecmp
(
system_charset_info
,
tables
->
definer
.
user
.
str
,
sctx
->
priv_user
)
&&
!
my_strcasecmp
(
system_charset_info
,
tables
->
definer
.
host
.
str
,
sctx
->
priv_host
))
grant
=
SHOW_VIEW_ACL
;
else
{
tables
->
table_name
=
tables
->
view_name
.
str
;
if
(
check_access
(
thd
,
SHOW_VIEW_ACL
,
base_name
,
&
tables
->
grant
.
privilege
,
0
,
1
,
test
(
tables
->
schema_table
)))
grant
=
get_table_grant
(
thd
,
tables
);
else
grant
=
tables
->
grant
.
privilege
;
}
tables
->
table_name
=
save_table_name
;
#endif
restore_record
(
table
,
s
->
default_values
);
table
->
field
[
1
]
->
store
(
tables
->
view_db
.
str
,
tables
->
view_db
.
length
,
cs
);
table
->
field
[
2
]
->
store
(
tables
->
view_name
.
str
,
tables
->
view_name
.
length
,
cs
);
table
->
field
[
3
]
->
store
(
tables
->
query
.
str
,
tables
->
query
.
length
,
cs
);
table
->
field
[
2
]
->
store
(
tables
->
view_name
.
str
,
tables
->
view_name
.
length
,
cs
);
if
(
grant
&
SHOW_VIEW_ACL
)
table
->
field
[
3
]
->
store
(
tables
->
query
.
str
,
tables
->
query
.
length
,
cs
);
if
(
tables
->
with_check
!=
VIEW_CHECK_NONE
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment