Merge moonlight.home:/home/tomash/src/mysql_ab/mysql-5.0

into moonlight.home:/home/tomash/src/mysql_ab/mysql-5.0-bug24404
2025-07-14 13:41:20 +03:00 · 2007-01-18 13:06:10 +03:00
parent 15c9d8a6c9 6e771358ce
commit ec21b828f0
3 changed files with 122 additions and 4 deletions
--- a/mysql-test/r/view_grant.result
+++ b/mysql-test/r/view_grant.result
@ -731,3 +731,46 @@ SELECT * FROM v1;
 ERROR HY000: There is no 'def_17254'@'localhost' registered
 DROP USER inv_17254@localhost;
 DROP DATABASE db17254;
+DROP DATABASE IF EXISTS mysqltest_db1;
+DROP DATABASE IF EXISTS mysqltest_db2;
+DROP USER mysqltest_u1;
+DROP USER mysqltest_u2;
+CREATE USER mysqltest_u1@localhost;
+CREATE USER mysqltest_u2@localhost;
+CREATE DATABASE mysqltest_db1;
+CREATE DATABASE mysqltest_db2;
+GRANT ALL ON mysqltest_db1.* TO mysqltest_u1@localhost WITH GRANT OPTION;
+GRANT ALL ON mysqltest_db2.* TO mysqltest_u2@localhost;
+CREATE TABLE t1 (i INT);
+INSERT INTO t1 VALUES (1);
+CREATE VIEW v1 AS SELECT i FROM t1 WHERE 1 IN (SELECT * FROM t1);
+CREATE TABLE t2 (s CHAR(7));
+INSERT INTO t2 VALUES ('public');
+GRANT SELECT ON v1 TO mysqltest_u2@localhost;
+GRANT SELECT ON t2 TO mysqltest_u2@localhost;
+SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;
+i	s
+1	public
+PREPARE stmt1 FROM "SELECT * FROM mysqltest_db1.t2";
+EXECUTE stmt1;
+s
+public
+PREPARE stmt2 FROM "SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2";
+EXECUTE stmt2;
+i	s
+1	public
+REVOKE SELECT ON t2 FROM mysqltest_u2@localhost;
+UPDATE t2 SET s = 'private' WHERE s = 'public';
+SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;
+ERROR 42000: SELECT command denied to user 'mysqltest_u2'@'localhost' for table 't2'
+EXECUTE stmt1;
+ERROR 42000: SELECT command denied to user 'mysqltest_u2'@'localhost' for table 't2'
+EXECUTE stmt2;
+ERROR 42000: SELECT command denied to user 'mysqltest_u2'@'localhost' for table 't2'
+REVOKE ALL ON mysqltest_db1.* FROM mysqltest_u1@localhost;
+REVOKE ALL ON mysqltest_db2.* FROM mysqltest_u2@localhost;
+DROP DATABASE mysqltest_db1;
+DROP DATABASE mysqltest_db2;
+DROP USER mysqltest_u1@localhost;
+DROP USER mysqltest_u2@localhost;
+End of 5.0 tests.
--- a/mysql-test/t/view_grant.test
+++ b/mysql-test/t/view_grant.test
@ -927,6 +927,7 @@ DROP VIEW v2;
 DROP VIEW v1;
 DROP USER mysqltest_u1@localhost;

+
 #
 # Bug#17254: Error for DEFINER security on VIEW provides too much info
 #
@ -964,4 +965,74 @@ DROP DATABASE db17254;
 disconnect def;
 disconnect inv;

-# End of 5.0 tests.
+
+#
+# BUG#24404: strange bug with view+permission+prepared statement
+#
+--disable_warnings
+DROP DATABASE IF EXISTS mysqltest_db1;
+DROP DATABASE IF EXISTS mysqltest_db2;
+--enable_warnings
+--error 0,ER_CANNOT_USER
+DROP USER mysqltest_u1;
+--error 0,ER_CANNOT_USER
+DROP USER mysqltest_u2;
+
+CREATE USER mysqltest_u1@localhost;
+CREATE USER mysqltest_u2@localhost;
+
+CREATE DATABASE mysqltest_db1;
+CREATE DATABASE mysqltest_db2;
+
+GRANT ALL ON mysqltest_db1.* TO mysqltest_u1@localhost WITH GRANT OPTION;
+GRANT ALL ON mysqltest_db2.* TO mysqltest_u2@localhost;
+
+connect (conn1, localhost, mysqltest_u1, , mysqltest_db1);
+
+CREATE TABLE t1 (i INT);
+INSERT INTO t1 VALUES (1);
+
+# Use view with subquery for better coverage.
+CREATE VIEW v1 AS SELECT i FROM t1 WHERE 1 IN (SELECT * FROM t1);
+
+CREATE TABLE t2 (s CHAR(7));
+INSERT INTO t2 VALUES ('public');
+
+GRANT SELECT ON v1 TO mysqltest_u2@localhost;
+GRANT SELECT ON t2 TO mysqltest_u2@localhost;
+
+connect (conn2, localhost, mysqltest_u2, , mysqltest_db2);
+
+SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;
+PREPARE stmt1 FROM "SELECT * FROM mysqltest_db1.t2";
+EXECUTE stmt1;
+PREPARE stmt2 FROM "SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2";
+EXECUTE stmt2;
+
+connection conn1;
+# Make table 't2' private.
+REVOKE SELECT ON t2 FROM mysqltest_u2@localhost;
+UPDATE t2 SET s = 'private' WHERE s = 'public';
+
+connection conn2;
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM mysqltest_db1.v1, mysqltest_db1.t2;
+--error ER_TABLEACCESS_DENIED_ERROR
+EXECUTE stmt1;
+# Original bug was here: the statement didn't fail.
+--error ER_TABLEACCESS_DENIED_ERROR
+EXECUTE stmt2;
+
+# Cleanup.
+disconnect conn2;
+disconnect conn1;
+connection default;
+REVOKE ALL ON mysqltest_db1.* FROM mysqltest_u1@localhost;
+REVOKE ALL ON mysqltest_db2.* FROM mysqltest_u2@localhost;
+DROP DATABASE mysqltest_db1;
+DROP DATABASE mysqltest_db2;
+DROP USER mysqltest_u1@localhost;
+DROP USER mysqltest_u2@localhost;
+
+
+--echo End of 5.0 tests.
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@ -1135,13 +1135,17 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
      /*
        Prepare a security context to check underlying objects of the view
      */
-      Security_context *save_security_ctx= thd->security_ctx;
      if (!(table->view_sctx= (Security_context *)
            thd->stmt_arena->alloc(sizeof(Security_context))))
        goto err;
      /* Assign the context to the tables referenced in the view */
-      for (tbl= view_tables; tbl; tbl= tbl->next_global)
-        tbl->security_ctx= table->view_sctx;
+      if (view_tables)
+      {
+        DBUG_ASSERT(view_tables_tail);
+        for (tbl= view_tables; tbl != view_tables_tail->next_global;
+             tbl= tbl->next_global)
+          tbl->security_ctx= table->view_sctx;
+      }
      /* assign security context to SELECT name resolution contexts of view */
      for(SELECT_LEX *sl= lex->all_selects_list;
          sl;