Commit 86d68970 authored by gluh@eagle.(none)'s avatar gluh@eagle.(none)

Merge sgluhov@bk-internal.mysql.com:/home/bk/mysql-5.1-opt

into  mysql.com:/home/gluh/MySQL/Merge/5.1-opt
parents 1640c5ce 69970f52
...@@ -196,7 +196,6 @@ t1 a select ...@@ -196,7 +196,6 @@ t1 a select
show columns from mysqltest.t1; show columns from mysqltest.t1;
Field Type Null Key Default Extra Field Type Null Key Default Extra
a int(11) YES NULL a int(11) YES NULL
b varchar(30) YES MUL NULL
select table_name, column_name, privileges from information_schema.columns select table_name, column_name, privileges from information_schema.columns
where table_schema = 'mysqltest' and table_name = 'v1'; where table_schema = 'mysqltest' and table_name = 'v1';
table_name column_name privileges table_name column_name privileges
...@@ -1410,6 +1409,31 @@ alter database; ...@@ -1410,6 +1409,31 @@ alter database;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
alter database test; alter database test;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
create database mysqltest;
create table mysqltest.t1(a int, b int, c int);
create trigger mysqltest.t1_ai after insert on mysqltest.t1
for each row set @a = new.a + new.b + new.c;
grant select(b) on mysqltest.t1 to mysqltest_1@localhost;
select trigger_name from information_schema.triggers
where event_object_table='t1';
trigger_name
t1_ai
show triggers from mysqltest;
Trigger Event Table Statement Timing Created sql_mode Definer character_set_client collation_connection Database Collation
t1_ai INSERT t1 set @a = new.a + new.b + new.c AFTER NULL root@localhost latin1 latin1_swedish_ci latin1_swedish_ci
show columns from t1;
Field Type Null Key Default Extra
b int(11) YES NULL
select column_name from information_schema.columns where table_name='t1';
column_name
b
show triggers;
Trigger Event Table Statement Timing Created sql_mode Definer character_set_client collation_connection Database Collation
select trigger_name from information_schema.triggers
where event_object_table='t1';
trigger_name
drop user mysqltest_1@localhost;
drop database mysqltest;
End of 5.0 tests. End of 5.0 tests.
select * from information_schema.engines WHERE ENGINE="MyISAM"; select * from information_schema.engines WHERE ENGINE="MyISAM";
ENGINE SUPPORT COMMENT TRANSACTIONS XA SAVEPOINTS ENGINE SUPPORT COMMENT TRANSACTIONS XA SAVEPOINTS
......
...@@ -151,13 +151,11 @@ create view v2 as select f1 from testdb_1.v1; ...@@ -151,13 +151,11 @@ create view v2 as select f1 from testdb_1.v1;
create view v4 as select f1,f2 from testdb_1.v3; create view v4 as select f1,f2 from testdb_1.v3;
show fields from testdb_1.v5; show fields from testdb_1.v5;
Field Type Null Key Default Extra Field Type Null Key Default Extra
f1 char(4) YES NULL
show create view testdb_1.v5; show create view testdb_1.v5;
View Create View character_set_client collation_connection View Create View character_set_client collation_connection
v5 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_1`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v5` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1` latin1 latin1_swedish_ci v5 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_1`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v5` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1` latin1 latin1_swedish_ci
show fields from testdb_1.v6; show fields from testdb_1.v6;
Field Type Null Key Default Extra Field Type Null Key Default Extra
f1 char(4) YES NULL
show create view testdb_1.v6; show create view testdb_1.v6;
View Create View character_set_client collation_connection View Create View character_set_client collation_connection
v6 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v6` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1` latin1 latin1_swedish_ci v6 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v6` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1` latin1 latin1_swedish_ci
......
...@@ -1047,6 +1047,31 @@ alter database; ...@@ -1047,6 +1047,31 @@ alter database;
--error ER_PARSE_ERROR --error ER_PARSE_ERROR
alter database test; alter database test;
#
# Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements
#
create database mysqltest;
create table mysqltest.t1(a int, b int, c int);
create trigger mysqltest.t1_ai after insert on mysqltest.t1
for each row set @a = new.a + new.b + new.c;
grant select(b) on mysqltest.t1 to mysqltest_1@localhost;
select trigger_name from information_schema.triggers
where event_object_table='t1';
show triggers from mysqltest;
connect (con27629,localhost,mysqltest_1,,mysqltest);
show columns from t1;
select column_name from information_schema.columns where table_name='t1';
show triggers;
select trigger_name from information_schema.triggers
where event_object_table='t1';
connection default;
drop user mysqltest_1@localhost;
drop database mysqltest;
--echo End of 5.0 tests. --echo End of 5.0 tests.
# #
# Show engines # Show engines
......
...@@ -3556,8 +3556,7 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables, ...@@ -3556,8 +3556,7 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables,
col_access= get_column_grant(thd, &tables->grant, col_access= get_column_grant(thd, &tables->grant,
db_name->str, table_name->str, db_name->str, table_name->str,
field->field_name) & COL_ACLS; field->field_name) & COL_ACLS;
if (lex->sql_command != SQLCOM_SHOW_FIELDS && if (!tables->schema_table && !col_access)
!tables->schema_table && !col_access)
continue; continue;
end= tmp; end= tmp;
for (uint bitnr=0; col_access ; col_access>>=1,bitnr++) for (uint bitnr=0; col_access ; col_access>>=1,bitnr++)
...@@ -4350,6 +4349,12 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables, ...@@ -4350,6 +4349,12 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
{ {
Table_triggers_list *triggers= tables->table->triggers; Table_triggers_list *triggers= tables->table->triggers;
int event, timing; int event, timing;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_table_access(thd, TRIGGER_ACL, tables, 1))
goto ret;
#endif
for (event= 0; event < (int)TRG_EVENT_MAX; event++) for (event= 0; event < (int)TRG_EVENT_MAX; event++)
{ {
for (timing= 0; timing < (int)TRG_ACTION_MAX; timing++) for (timing= 0; timing < (int)TRG_ACTION_MAX; timing++)
...@@ -4386,6 +4391,7 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables, ...@@ -4386,6 +4391,7 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
} }
} }
} }
ret:
DBUG_RETURN(0); DBUG_RETURN(0);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment