Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER

REPLACE ... SELECT would require INSERT privileges on certain tables when SELECT really suffices. Require INSERT only on target table. mysql-test/r/insert_select.result: Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER Show that REPLACE ... SELECT requires INSERT privileges only on target table. (revised test with more view-fu) mysql-test/t/insert_select.test: Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER Show that REPLACE ... SELECT requires INSERT privileges only on target table. (revised test with more view-fu) sql/sql_insert.cc: Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER require SELECT rather than INSERT privs on tables that constitute the views we'll read
2025-07-30 16:24:05 +03:00 · 2006-07-19 11:49:07 +02:00
parent 674636e725
commit c185144609
3 changed files with 246 additions and 1 deletions
--- a/mysql-test/r/insert_select.result
+++ b/mysql-test/r/insert_select.result
@ -695,3 +695,103 @@ CREATE TABLE t2 (z int, y int);
 CREATE TABLE t3 (a int, b int);
 INSERT INTO t3 (SELECT x, y FROM t1 JOIN t2 USING (y) WHERE z = 1);
 DROP TABLE IF EXISTS t1,t2,t3;
+CREATE DATABASE meow;
+CREATE TABLE table_target   ( mexs_id CHAR(8), messzeit TIMESTAMP, PRIMARY KEY (mexs_id));
+CREATE TABLE table_target2  ( mexs_id CHAR(8), messzeit TIMESTAMP, PRIMARY KEY (mexs_id));
+CREATE TABLE table_target3  ( mexs_id CHAR(8), messzeit TIMESTAMP, PRIMARY KEY (mexs_id));
+CREATE VIEW view_target2 AS SELECT mexs_id,messzeit FROM table_target2;
+CREATE SQL SECURITY INVOKER VIEW view_target3 AS SELECT mexs_id,messzeit FROM table_target3;
+CREATE TABLE table_stations ( mexs_id VARCHAR(8), icao VARCHAR(4), country CHAR(2), PRIMARY KEY (mexs_id), UNIQUE KEY icao (icao), KEY country (country), CONSTRAINT stations_ibfk_8 FOREIGN KEY (country) REFERENCES countries (country) ON UPDATE CASCADE);
+INSERT INTO table_stations VALUES ('87654321','XXXX','YY');
+CREATE TABLE table_countries ( country CHAR(2), iso_short_en VARCHAR(64), PRIMARY KEY (country));
+INSERT INTO table_countries VALUES ('YY','Entenhausen');
+CREATE ALGORITHM=MERGE SQL SECURITY INVOKER VIEW view_stations AS select table_stations.mexs_id AS mexs_id, table_stations.icao AS icao, table_stations.country AS landescode from (table_stations join table_countries on((table_stations.country = table_countries.country)));
+CREATE TABLE table_source ( id varchar(4), datetime TIMESTAMP, PRIMARY KEY (id));
+INSERT INTO  table_source VALUES ('XXXX','2006-07-12 07:50:00');
+GRANT  SELECT                ON table_source    TO   user20989@localhost;
+GRANT  SELECT                ON table_countries TO   user20989@localhost;
+GRANT  SELECT                ON table_stations  TO   user20989@localhost;
+GRANT  SELECT                ON view_stations   TO   user20989@localhost;
+GRANT  SELECT                ON table_target    TO   user20989@localhost;
+GRANT  SELECT                ON table_target2   TO   user20989@localhost;
+GRANT  INSERT,DELETE,SELECT  ON view_target3    TO   user20989@localhost;
+REPLACE INTO    table_target
+SELECT          stations.mexs_id AS mexs_id, datetime AS messzeit
+FROM            table_source
+INNER JOIN      view_stations AS stations
+ON              table_source.id = stations.icao
+LEFT JOIN       table_target AS old
+USING           (mexs_id);
+ERROR 42000: INSERT,DELETE command denied to user 'user20989'@'localhost' for table 'table_target'
+REPLACE INTO    view_target2
+SELECT          stations.mexs_id AS mexs_id, datetime AS messzeit
+FROM            table_source
+INNER JOIN      view_stations AS stations
+ON              table_source.id = stations.icao
+LEFT JOIN       view_target2 AS old
+USING           (mexs_id);
+ERROR 42000: INSERT,DELETE command denied to user 'user20989'@'localhost' for table 'view_target2'
+REPLACE INTO    view_target3
+SELECT          stations.mexs_id AS mexs_id, datetime AS messzeit
+FROM            table_source
+INNER JOIN      view_stations AS stations
+ON              table_source.id = stations.icao
+LEFT JOIN       view_target3 AS old
+USING           (mexs_id);
+ERROR HY000: View 'meow.view_target3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+GRANT  INSERT,DELETE         ON table_target    TO   user20989@localhost;
+GRANT  INSERT,DELETE,SELECT  ON view_target2    TO   user20989@localhost;
+GRANT  INSERT,DELETE,SELECT  ON table_target3   TO   user20989@localhost;
+REPLACE INTO    table_target
+SELECT          stations.mexs_id AS mexs_id, datetime AS messzeit
+FROM            table_source
+INNER JOIN      view_stations AS stations
+ON              table_source.id = stations.icao
+LEFT JOIN       table_target AS old
+USING           (mexs_id);
+REPLACE INTO    table_target2 VALUES ('00X45Y78','2006-07-12 07:50:00');
+ERROR 42000: INSERT,DELETE command denied to user 'user20989'@'localhost' for table 'table_target2'
+REPLACE INTO    view_target2  VALUES ('12X45Y78','2006-07-12 07:50:00');
+SELECT          stations.mexs_id AS mexs_id, datetime AS messzeit
+FROM            table_source
+INNER JOIN      view_stations AS stations
+ON              table_source.id = stations.icao
+LEFT JOIN       view_target2 AS old
+USING           (mexs_id);
+mexs_id	messzeit
+87654321	2006-07-12 07:50:00
+REPLACE INTO    view_target2
+SELECT          stations.mexs_id AS mexs_id, datetime AS messzeit
+FROM            table_source
+INNER JOIN      view_stations AS stations
+ON              table_source.id = stations.icao
+LEFT JOIN       view_target2 AS old
+USING           (mexs_id);
+REPLACE INTO    view_target3
+SELECT          stations.mexs_id AS mexs_id, datetime AS messzeit
+FROM            table_source
+INNER JOIN      view_stations AS stations
+ON              table_source.id = stations.icao
+LEFT JOIN       view_target3 AS old
+USING           (mexs_id);
+SELECT * FROM table_target;
+mexs_id	messzeit
+87654321	2006-07-12 07:50:00
+SELECT * FROM view_target2;
+mexs_id	messzeit
+12X45Y78	2006-07-12 07:50:00
+87654321	2006-07-12 07:50:00
+SELECT * FROM view_target3;
+mexs_id	messzeit
+87654321	2006-07-12 07:50:00
+DROP VIEW  view_stations;
+DROP TABLE table_source;
+DROP TABLE table_countries;
+DROP TABLE table_stations;
+DROP TABLE table_target;
+DROP TABLE table_target2;
+DROP TABLE table_target3;
+DROP VIEW  view_target2;
+DROP VIEW  view_target3;
+DROP USER  user20989@localhost;
+DROP DATABASE meow;