database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Bug#36086: Auto merge.

Browse Source
This commit is contained in:
Martin Hansson
2008-09-08 12:04:42 +02:00
parent 860f74a8c1 3bad2119f9
commit ee9528b0b9
15 changed files with 356 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mysql-test/t/grant2.test
View File

@ -605,7 +605,7 @@ connection conn1;
USE db1;
--error ER_COLUMNACCESS_DENIED_ERROR
SELECT c FROM t2;
--error ER_COLUMNACCESS_DENIED_ERROR
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM t2;
--error ER_COLUMNACCESS_DENIED_ERROR
SELECT * FROM t1 JOIN t2 USING (b);

68
mysql-test/t/view_grant.test
View File

@ -1219,3 +1219,71 @@ DROP VIEW v1;
DROP TABLE t1;
--echo End of 5.1 tests.
#
# Bug#36086: SELECT * from views don't check column grants
#
CREATE USER mysqluser1@localhost;
CREATE DATABASE mysqltest1;
USE mysqltest1;
CREATE TABLE t1 ( a INT, b INT );
CREATE TABLE t2 ( a INT, b INT );
CREATE VIEW v1 AS SELECT a, b FROM t1;
GRANT SELECT( a ) ON v1 TO mysqluser1@localhost;
GRANT UPDATE( b ) ON t2 TO mysqluser1@localhost;
--connect (connection1, localhost, mysqluser1, , test)
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM mysqltest1.v1;
--error ER_TABLEACCESS_DENIED_ERROR
CREATE VIEW v1 AS SELECT * FROM mysqltest1.t2;
--disconnect connection1
--connection default
DROP TABLE t1, t2;
DROP VIEW v1;
DROP DATABASE mysqltest1;
DROP USER mysqluser1@localhost;
#
# Bug#35600: Security breach via view, I_S table and prepared
# statement/stored procedure
#
CREATE USER mysqluser1@localhost;
CREATE DATABASE mysqltest1;
USE mysqltest1;
CREATE VIEW v1 AS SELECT * FROM information_schema.tables LIMIT 1;
CREATE ALGORITHM = TEMPTABLE VIEW v2 AS SELECT 1 AS A;
--connection default
GRANT SELECT ON mysqltest1.* to mysqluser1@localhost;
--connect (connection1, localhost, mysqluser1, , test)
PREPARE stmt_v1 FROM "SELECT * FROM mysqltest1.v1";
PREPARE stmt_v2 FROM "SELECT * FROM mysqltest1.v2";
--connection default
REVOKE SELECT ON mysqltest1.* FROM mysqluser1@localhost;
--connection connection1
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_v1;
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_v2;
--disconnect connection1
--connection default
DROP VIEW v1, v2;
DROP DATABASE mysqltest1;
DROP USER mysqluser1@localhost;