BUG#18681: View privileges are broken

The check for view security was lacking several points : 1. Check with the right set of permissions : for each table ref that participates in a view there were the right credentials to use in it's security_ctx member, but these weren't used for checking the credentials. This makes hard enforcing the SQL SECURITY DEFINER|INVOKER property consistently. 2. Because of the above the security checking for views was just ruled out in explicit ways in several places. 3. The security was checked only for the columns of the tables that are brought into the query from a view. So if there is no column reference outside of the view definition it was not detecting the lack of access to the tables in the view in SQL SECURITY INVOKER mode. The fix below tries to fix the above 3 points. mysql-test/r/grant.result: removed nondeterminism (unspecified order) in some test output mysql-test/r/view_grant.result: Somewhat extended test case for the bug and similar queries. mysql-test/t/grant.test: removed nondeterminism (unspecified order) in some test output mysql-test/t/view_grant.test: Somewhat extended test case for the bug and similar queries. sql/mysql_priv.h: A wrapper for setup_tables that also checks access to the tables sql/sql_acl.cc: removed artificial security check stop and used the table ref's credentials. sql/sql_base.cc: a wrapper for setup_tables to check access to the tables sql/sql_delete.cc: wrapper called. sql/sql_insert.cc: wrapper called sql/sql_load.cc: wrapper called sql/sql_parse.cc: wrapper called and artificial check stop removed sql/sql_select.cc: wrapper called sql/sql_update.cc: wrapper called sql/table.cc: Mask table access to the view error as well.
2025-07-30 16:24:05 +03:00 · 2006-05-26 11:47:53 +03:00
parent bb1c6bf6e4
commit d7743c41c6
14 changed files with 324 additions and 52 deletions
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@ -4497,6 +4497,58 @@ bool setup_tables(THD *thd, Name_resolution_context *context,
 }


+/*
+  prepare tables and check access for the view tables
+
+  SYNOPSIS
+    setup_tables_and_check_view_access()
+    thd		  Thread handler
+    context       name resolution contest to setup table list there
+    from_clause   Top-level list of table references in the FROM clause
+    tables	  Table list (select_lex->table_list)
+    conds	  Condition of current SELECT (can be changed by VIEW)
+    leaves        List of join table leaves list (select_lex->leaf_tables)
+    refresh       It is onle refresh for subquery
+    select_insert It is SELECT ... INSERT command
+    want_access   what access is needed
+
+  NOTE
+    a wrapper for check_tables that will also check the resulting
+    table leaves list for access to all the tables that belong to a view
+
+  RETURN
+    FALSE ok;  In this case *map will include the chosen index
+    TRUE  error
+*/
+bool setup_tables_and_check_access(THD *thd, 
+                                   Name_resolution_context *context,
+                                   List<TABLE_LIST> *from_clause,
+                                   TABLE_LIST *tables,
+                                   Item **conds, TABLE_LIST **leaves,
+                                   bool select_insert,
+                                   ulong want_access)
+{
+  TABLE_LIST *leaves_tmp = NULL;
+
+  if (setup_tables (thd, context, from_clause, tables, conds, 
+                    &leaves_tmp, select_insert))
+    return TRUE;
+
+  if (leaves)
+    *leaves = leaves_tmp;
+
+  for (; leaves_tmp; leaves_tmp= leaves_tmp->next_leaf)
+    if (leaves_tmp->belong_to_view && 
+        check_one_table_access(thd, want_access,  leaves_tmp))
+    {
+      tables->hide_view_error(thd);
+      return TRUE;
+    }
+
+  return FALSE;
+}
+
+
 /*
   Create a key_map from a list of index names