Merged fix for bug #58499 "DEFINER-security view selecting from

INVOKER-security view access check wrong" into mysql-5.5 tree.
2025-07-29 05:21:33 +03:00 · 2011-01-12 16:28:33 +03:00
parent 003e87fef0 94fbedd3e3
commit bc8e89c926
3 changed files with 296 additions and 16 deletions
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@ -1270,6 +1270,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
    TABLE_LIST *view_tables= lex->query_tables;
    TABLE_LIST *view_tables_tail= 0;
    TABLE_LIST *tbl;
+    Security_context *security_ctx;

    /*
      Check rights to run commands (EXPLAIN SELECT & SHOW CREATE) which show
@ -1416,25 +1417,38 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
    if (table->view_suid)
    {
      /*
-        Prepare a security context to check underlying objects of the view
+        For suid views prepare a security context for checking underlying
+        objects of the view.
      */
      if (!(table->view_sctx= (Security_context *)
            thd->stmt_arena->alloc(sizeof(Security_context))))
        goto err;
-      /* Assign the context to the tables referenced in the view */
-      if (view_tables)
-      {
-        DBUG_ASSERT(view_tables_tail);
-        for (tbl= view_tables; tbl != view_tables_tail->next_global;
-             tbl= tbl->next_global)
-          tbl->security_ctx= table->view_sctx;
-      }
-      /* assign security context to SELECT name resolution contexts of view */
-      for(SELECT_LEX *sl= lex->all_selects_list;
-          sl;
-          sl= sl->next_select_in_list())
-        sl->context.security_ctx= table->view_sctx;
+      security_ctx= table->view_sctx;
    }
+    else
+    {
+      /*
+        For non-suid views inherit security context from view's table list.
+        This allows properly handle situation when non-suid view is used
+        from within suid view.
+      */
+      security_ctx= table->security_ctx;
+    }
+
+    /* Assign the context to the tables referenced in the view */
+    if (view_tables)
+    {
+      DBUG_ASSERT(view_tables_tail);
+      for (tbl= view_tables; tbl != view_tables_tail->next_global;
+           tbl= tbl->next_global)
+        tbl->security_ctx= security_ctx;
+    }
+
+    /* assign security context to SELECT name resolution contexts of view */
+    for(SELECT_LEX *sl= lex->all_selects_list;
+        sl;
+        sl= sl->next_select_in_list())
+      sl->context.security_ctx= security_ctx;

    /*
      Setup an error processor to hide error messages issued by stored