Bug#16681 information_schema shows forbidden VIEW details

show view definition to users that have the needed privilleges
parent 4a673444
......@@ -1108,3 +1108,16 @@ routine_name
delete from proc where name='';
use test;
grant select on test.* to mysqltest_1@localhost;
create table t1 (id int);
create view v1 as select * from t1;
create definer = mysqltest_1@localhost
sql security definer view v2 as select 1;
select * from information_schema.views
where table_name='v1' or table_name='v2';
TABLE_CATALOG TABLE_SCHEMA TABLE_NAME VIEW_DEFINITION CHECK_OPTION IS_UPDATABLE DEFINER SECURITY_TYPE
NULL test v1 NONE YES root@localhost DEFINER
NULL test v2 select 1 AS `1` NONE NO mysqltest_1@localhost DEFINER
drop view v1, v2;
drop table t1;
drop user mysqltest_1@localhost;
......@@ -822,3 +822,22 @@ INSERT INTO `proc` VALUES ('test','','PROCEDURE','','SQL','CONTAINS_SQL',
select routine_name from information_schema.routines;
delete from proc where name='';
use test;
#
# Bug#16681 information_schema shows forbidden VIEW details
#
grant select on test.* to mysqltest_1@localhost;
create table t1 (id int);
create view v1 as select * from t1;
create definer = mysqltest_1@localhost
sql security definer view v2 as select 1;
connect (con16681,localhost,mysqltest_1,,test);
connection con16681;
select * from information_schema.views
where table_name='v1' or table_name='v2';
connection default;
drop view v1, v2;
drop table t1;
drop user mysqltest_1@localhost;
......@@ -3076,10 +3076,32 @@ static int get_schema_views_record(THD *thd, struct st_table_list *tables,
if (tables->view)
{
Security_context *sctx= thd->security_ctx;
ulong grant= SHOW_VIEW_ACL;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
char *save_table_name= tables->table_name;
if (!my_strcasecmp(system_charset_info, tables->definer.user.str,
sctx->priv_user) &&
!my_strcasecmp(system_charset_info, tables->definer.host.str,
sctx->priv_host))
grant= SHOW_VIEW_ACL;
else
{
tables->table_name= tables->view_name.str;
if (check_access(thd, SHOW_VIEW_ACL , base_name,
&tables->grant.privilege, 0, 1,
test(tables->schema_table)))
grant= get_table_grant(thd, tables);
else
grant= tables->grant.privilege;
}
tables->table_name= save_table_name;
#endif
restore_record(table, s->default_values);
table->field[1]->store(tables->view_db.str, tables->view_db.length, cs);
table->field[2]->store(tables->view_name.str, tables->view_name.length,
cs);
table->field[2]->store(tables->view_name.str, tables->view_name.length, cs);
if (grant & SHOW_VIEW_ACL)
table->field[3]->store(tables->query.str, tables->query.length, cs);
if (tables->with_check != VIEW_CHECK_NONE)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment