Commit 7e60f710 authored by Sergey Glukhov's avatar Sergey Glukhov

Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS

The problem:
I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
privileges for a view. It leads to discrepancy between SHOW CREATE VIEW
and I_S.VIEWS.
The fix:
added appropriate check.


mysql-test/r/information_schema_db.result:
  test result
mysql-test/t/information_schema_db.test:
  test case
sql/sql_show.cc:
  The problem:
  I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
  privileges for a view. It leads to discrepancy between SHOW CREATE VIEW
  and I_S.VIEWS.
  The fix:
  added appropriate check.
parent eb3c0806
...@@ -209,3 +209,24 @@ drop view testdb_1.v1, v2, testdb_1.v3, v4; ...@@ -209,3 +209,24 @@ drop view testdb_1.v1, v2, testdb_1.v3, v4;
drop database testdb_1; drop database testdb_1;
drop user testdb_1@localhost; drop user testdb_1@localhost;
drop user testdb_2@localhost; drop user testdb_2@localhost;
create database testdb_1;
create table testdb_1.t1 (a int);
create view testdb_1.v1 as select * from testdb_1.t1;
grant show view on testdb_1.* to mysqltest_1@localhost;
grant select on testdb_1.v1 to mysqltest_1@localhost;
select table_schema, table_name, view_definition from information_schema.views
where table_name='v1';
table_schema table_name view_definition
testdb_1 v1 /* ALGORITHM=UNDEFINED */ select `testdb_1`.`t1`.`a` AS `a` from `testdb_1`.`t1`
show create view testdb_1.v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v1` AS select `testdb_1`.`t1`.`a` AS `a` from `testdb_1`.`t1`
revoke select on testdb_1.v1 from mysqltest_1@localhost;
select table_schema, table_name, view_definition from information_schema.views
where table_name='v1';
table_schema table_name view_definition
testdb_1 v1
show create view testdb_1.v1;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 'v1'
drop user mysqltest_1@localhost;
drop database testdb_1;
...@@ -82,6 +82,7 @@ drop function func2; ...@@ -82,6 +82,7 @@ drop function func2;
drop database `inf%`; drop database `inf%`;
drop procedure mbase.p1; drop procedure mbase.p1;
drop database mbase; drop database mbase;
disconnect user1;
# #
# Bug#18282 INFORMATION_SCHEMA.TABLES provides inconsistent info about invalid views # Bug#18282 INFORMATION_SCHEMA.TABLES provides inconsistent info about invalid views
...@@ -210,3 +211,32 @@ drop view testdb_1.v1, v2, testdb_1.v3, v4; ...@@ -210,3 +211,32 @@ drop view testdb_1.v1, v2, testdb_1.v3, v4;
drop database testdb_1; drop database testdb_1;
drop user testdb_1@localhost; drop user testdb_1@localhost;
drop user testdb_2@localhost; drop user testdb_2@localhost;
#
# Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
#
create database testdb_1;
create table testdb_1.t1 (a int);
create view testdb_1.v1 as select * from testdb_1.t1;
grant show view on testdb_1.* to mysqltest_1@localhost;
grant select on testdb_1.v1 to mysqltest_1@localhost;
connect (user1,localhost,mysqltest_1,,test);
connection user1;
select table_schema, table_name, view_definition from information_schema.views
where table_name='v1';
show create view testdb_1.v1;
connection default;
revoke select on testdb_1.v1 from mysqltest_1@localhost;
connection user1;
select table_schema, table_name, view_definition from information_schema.views
where table_name='v1';
--error ER_TABLEACCESS_DENIED_ERROR
show create view testdb_1.v1;
connection default;
drop user mysqltest_1@localhost;
drop database testdb_1;
disconnect user1;
...@@ -3170,6 +3170,27 @@ static int get_schema_views_record(THD *thd, TABLE_LIST *tables, ...@@ -3170,6 +3170,27 @@ static int get_schema_views_record(THD *thd, TABLE_LIST *tables,
!my_strcasecmp(system_charset_info, tables->definer.host.str, !my_strcasecmp(system_charset_info, tables->definer.host.str,
sctx->priv_host)) sctx->priv_host))
tables->allowed_show= TRUE; tables->allowed_show= TRUE;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
else
{
if ((thd->col_access & (SHOW_VIEW_ACL|SELECT_ACL)) ==
(SHOW_VIEW_ACL|SELECT_ACL))
tables->allowed_show= TRUE;
else
{
TABLE_LIST table_list;
uint view_access;
memset(&table_list, 0, sizeof(table_list));
table_list.db= tables->view_db.str;
table_list.table_name= tables->view_name.str;
table_list.grant.privilege= thd->col_access;
view_access= get_table_grant(thd, &table_list);
if ((view_access & (SHOW_VIEW_ACL|SELECT_ACL)) ==
(SHOW_VIEW_ACL|SELECT_ACL))
tables->allowed_show= TRUE;
}
}
#endif
} }
restore_record(table, s->default_values); restore_record(table, s->default_values);
table->field[1]->store(tables->view_db.str, tables->view_db.length, cs); table->field[1]->store(tables->view_db.str, tables->view_db.length, cs);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment