The check for view security was lacking several points :
1. Check with the right set of permissions : for each table ref that
participates in a view there were the right credentials to use in it's
security_ctx member, but these weren't used for checking the credentials.
This makes hard enforcing the SQL SECURITY DEFINER|INVOKER property
consistently.
2. Because of the above the security checking for views was just ruled out
in explicit ways in several places.
3. The security was checked only for the columns of the tables that are
brought into the query from a view. So if there is no column reference
outside of the view definition it was not detecting the lack of access to
the tables in the view in SQL SECURITY INVOKER mode.
The fix below tries to fix the above 3 points.
mysql-test/r/grant.result:
removed nondeterminism (unspecified order) in some test output
mysql-test/r/view_grant.result:
Somewhat extended test case for the bug and similar queries.
mysql-test/t/grant.test:
removed nondeterminism (unspecified order) in some test output
mysql-test/t/view_grant.test:
Somewhat extended test case for the bug and similar queries.
sql/mysql_priv.h:
A wrapper for setup_tables that also checks access to the tables
sql/sql_acl.cc:
removed artificial security check stop and used the table ref's credentials.
sql/sql_base.cc:
a wrapper for setup_tables to check access to the tables
sql/sql_delete.cc:
wrapper called.
sql/sql_insert.cc:
wrapper called
sql/sql_load.cc:
wrapper called
sql/sql_parse.cc:
wrapper called and artificial check stop removed
sql/sql_select.cc:
wrapper called
sql/sql_update.cc:
wrapper called
sql/table.cc:
Mask table access to the view error as well.
The check for view security was lacking several points :
1. Check with the right set of permissions : for each table ref that
participates in a view there were the right credentials to use in it's
security_ctx member, but these weren't used for checking the credentials.
This makes hard enforcing the SQL SECURITY DEFINER|INVOKER property
consistently.
2. Because of the above the security checking for views was just ruled out
in explicit ways in several places.
3. The security was checked only for the columns of the tables that are
brought into the query from a view. So if there is no column reference
outside of the view definition it was not detecting the lack of access to
the tables in the view in SQL SECURITY INVOKER mode.
The fix below tries to fix the above 3 points.
- In function 'handle_grant_struct' when searching the memory structures for an
entry to modify, convert all entries here host.hostname is NULL to "" and compare that
with the host passed in argument "user_from".
- A user created with hostname "" is stored in "mysql.user" table as host="" but when loaded into
memory it'll be stored as host.hostname NULL. Specifiying "" as hostname means
that "any host" can connect. Thus is's correct to turn on allow_all_hosts
when such a user is found.
- Review and fix other places where host.hostname may be NULL.
mysql-test/init_db.sql:
Rename: BitKeeper/deleted/.del-init_db.sql~af2dfeabaa348dd7 -> mysql-test/init_db.sql
mysql-test/r/grant.result:
Add test cases for users with hostname ""
mysql-test/t/grant.test:
Add test cases for users with hostname ""
- Test create, grant and drop as well as connecting as the user with hostname "".
sql/sql_acl.cc:
Convert places where host.hostname is NULL to "" before using it.
- In function 'handle_grant_struct' when searching the memory structures for an
entry to modify, convert all entries here host.hostname is NULL to "" and compare that
with the host passed in argument "user_from".
- A user created with hostname "" is stored in "mysql.user" table as host="" but when loaded into
memory it'll be stored as host.hostname NULL. Specifiying "" as hostname means
that "any host" can connect. Thus is's correct to turn on allow_all_hosts
when such a user is found.
- Review and fix other places where host.hostname may be NULL.
into mysql.com:/home/jimw/my/mysql-5.1-clean
include/my_pthread.h:
Auto merged
mysql-test/r/func_str.result:
Auto merged
mysql-test/r/join_outer.result:
Auto merged
mysql-test/r/subselect.result:
Auto merged
mysql-test/r/variables.result:
Auto merged
mysql-test/r/view.result:
Auto merged
mysql-test/t/rpl_temporary.test:
Auto merged
mysql-test/t/variables.test:
Auto merged
mysql-test/t/view.test:
Auto merged
sql/item.cc:
Auto merged
sql/item.h:
Auto merged
sql/item_cmpfunc.cc:
Auto merged
sql/item_func.cc:
Auto merged
sql/item_strfunc.h:
Auto merged
sql/item_subselect.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/mysqld.cc:
Auto merged
sql/set_var.h:
Auto merged
sql/sql_acl.cc:
Auto merged
storage/ndb/test/ndbapi/Makefile.am:
Auto merged
storage/ndb/test/ndbapi/testInterpreter.cpp:
Auto merged
sql/set_var.cc:
Resolve conflict
storage/ndb/src/kernel/blocks/dbtup/DbtupExecQuery.cpp:
Resolve conflict
into neptunus.(none):/home/msvensson/mysql/mysql-5.1
BitKeeper/deleted/.del-client-req.pem~efd482e1d290d4d8:
Auto merged
BitKeeper/deleted/.del-server-req.pem~16301893cacf1be4:
Auto merged
client/mysql.cc:
Auto merged
client/mysqldump.c:
Auto merged
client/mysqlimport.c:
Auto merged
BitKeeper/deleted/.del-Makefile.am~de166d6fcac3b9b6:
Auto merged
BitKeeper/deleted/.del-NOTES~e926d3e6929ac052:
Auto merged
client/mysqltest.c:
Auto merged
include/mysql.h:
Auto merged
libmysql/libmysql.c:
Auto merged
mysql-test/mysql-test-run.pl:
Auto merged
mysql-test/r/information_schema.result:
Auto merged
mysql-test/std_data/cacert.pem:
Auto merged
mysql-test/std_data/client-cert.pem:
Auto merged
mysql-test/std_data/client-key.pem:
Auto merged
mysql-test/std_data/server-cert.pem:
Auto merged
mysql-test/std_data/server-key.pem:
Auto merged
mysql-test/t/information_schema.test:
Auto merged
sql/item_func.cc:
Auto merged
sql-common/client.c:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/sql_acl.cc:
Auto merged
storage/ndb/src/kernel/blocks/dbtc/DbtcInit.cpp:
Auto merged
vio/vio.c:
Auto merged
client/client_priv.h:
Merge 5.0 -> 5.1
include/violite.h:
Merge 5.0 -> 5.1
mysql-test/Makefile.am:
Merge 5.0 -> 5.1
mysql-test/t/disabled.def:
Merge 5.0 -> 5.1
sql/mysqld.cc:
Merge 5.0 -> 5.1
vio/viossl.c:
Merge 5.0 -> 5.1
vio/viosslfactories.c:
Merge 5.0 -> 5.1
into mysql.com:/home/tomash/src/mysql_ab/mysql-5.1-merge
BitKeeper/deleted/.del-changelog-4.0.xml~8f56ee8a913e848b:
Auto merged
BitKeeper/deleted/.del-changelog-4.1.xml~8aa496ebed09d868:
Auto merged
mysql-test/r/func_misc.result:
Auto merged
sql/item_func.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_acl.h:
Auto merged
sql/sql_parse.cc:
Auto merged
after merge.
Concurrent read and update of privilege structures (like simultaneous
run of SHOW GRANTS and ADD USER) could result in server crash.
Ensure that proper locking of ACL structures is done.
No test case is provided because this bug can't be reproduced
deterministically.
sql/sql_acl.cc:
Ensure that access to ACL data is protected by acl_cache->lock mutex.
Use system_charset_info for host names consistently.
Remove check_acl_user(). Use find_acl_user() instead.
sql/sql_acl.h:
Remove check_acl_user() declaration.
sql/sql_parse.cc:
Use is_acl_user() instead of check_acl_user().
after merge.
Concurrent read and update of privilege structures (like simultaneous
run of SHOW GRANTS and ADD USER) could result in server crash.
Ensure that proper locking of ACL structures is done.
No test case is provided because this bug can't be reproduced
deterministically.
Problem:
if a user was granted privileges on database "d1",
it also was able to act on "D1" (i.e. in upper case),
even on Unix with case sensitive file system.
Fix:
Initialize grant hash to use binary comparison
if lower_case_file_system is not set (on most unixes),
and case insensitive comparison otherwise (Windows, MacOSX).
sql/sql_acl.cc:
Initialize hash to use binary comparison with case sensitive FS.
mysql-test/include/have_case_sensitive_file_system.inc:
New BitKeeper file ``mysql-test/include/have_case_sensitive_file_system.inc''
Backporting from 5.1
mysql-test/r/case_sensitive_file_system.require:
New BitKeeper file ``mysql-test/r/case_sensitive_file_system.require''
Backporting from 5.1
mysql-test/r/lowercase_fs_off.result:
Adding test case
mysql-test/t/lowercase_fs_off.test:
Adding test case
Problem:
if a user was granted privileges on database "d1",
it also was able to act on "D1" (i.e. in upper case),
even on Unix with case sensitive file system.
Fix:
Initialize grant hash to use binary comparison
if lower_case_file_system is not set (on most unixes),
and case insensitive comparison otherwise (Windows, MacOSX).
Concurrent read and update of privilege structures (like simultaneous
run of SHOW GRANTS and ADD USER) could result in server crash.
Ensure that proper locking of ACL structures is done.
No test case is provided because this bug can't be reproduced
deterministically.
sql/sql_acl.cc:
Ensure that access to ACL data is protected by acl_cache->lock mutex.
Use system_charset_info for host names consistently.
Concurrent read and update of privilege structures (like simultaneous
run of SHOW GRANTS and ADD USER) could result in server crash.
Ensure that proper locking of ACL structures is done.
No test case is provided because this bug can't be reproduced
deterministically.
into neptunus.(none):/home/msvensson/mysql/bug17208/my50-bug17208
sql/mysql_priv.h:
Auto merged
sql/mysqld.cc:
Auto merged
sql-common/client.c:
Auto merged
sql/sql_acl.cc:
Auto merged
Added missing DBUG_xxx_RETURN statements
Fixed some usage of not initialized variables (as found by valgrind)
Ensure that we don't remove locked tables used as name locks from open table cache until unlock_table_names() are called.
This was fixed by having drop_locked_name() returning any table used as a name lock so that we can free it in unlock_table_names()
This will allow Tomas to continue with his work to use namelocks to syncronize things.
Note: valgrind still produces a lot of warnings about using not initialized code and shows memory loss errors when running the ndb tests
BitKeeper/etc/ignore:
added mysql-test/r/*.log
client/mysqltest.c:
Change type of variables to get rid of compiler warnings
More debugging
Fix memory leak
mysql-test/mysql-test-run.sh:
Collect warnings about missing DBUG_RETURN statements
mysql-test/r/lock_multi.result:
Add test of new code
mysql-test/r/ndb_condition_pushdown.result:
Drop used tables before test
mysql-test/t/lock_multi.test:
Add test of new code
mysql-test/t/ndb_condition_pushdown.test:
Drop used tables before test
mysql-test/valgrind.supp:
Ignore 'safe' warnings from libz (when used with archive)
sql/event.cc:
More comments
Simplify code
Fixed memory leak found by valgrind
sql/ha_archive.cc:
Remove compiler warnings (Wrong handlerton structure and signed/unsigned comparison)
sql/ha_berkeley.cc:
Fixed compiler warning
sql/ha_blackhole.cc:
Fixed compiler warning
sql/ha_federated.cc:
Fixed compiler warning
sql/ha_heap.cc:
Fixed compiler warning
sql/ha_myisam.cc:
Fixed compiler warning
sql/ha_myisammrg.cc:
Fixed compiler warning
sql/ha_ndbcluster.cc:
Fixed compiler warnings
sql/ha_partition.cc:
Fixed compiler warning
Fixed error noticed by valgrind in ha_partition::rnd_init()
sql/handler.cc:
Fixed compiler warning
sql/handler.h:
Fixed compiler warning
sql/item.cc:
Fixed compiler warning
sql/item_xmlfunc.cc:
Fixed warning from valgrind when calling memcpy with wrong address
sql/lock.cc:
More debugging
sql/log.cc:
Fixed compiler warning
Indentation fixes
sql/log.h:
Fixed compiler warning
sql/mysql_priv.h:
Changed prototype for 'drop_locked_tables'
sql/opt_range.cc:
Indentation fix
sql/password.c:
Removed compiler warnings
sql/set_var.cc:
Fixed compiler warning
sql/slave.cc:
Fixed compiler warning
sql/sp_head.cc:
Fixed compiler warning
sql/sql_acl.cc:
Fixed compiler warning
sql/sql_analyse.cc:
Added missing DBUG_RETURN statements
sql/sql_base.cc:
Removed de-reference of not initialized pointer
More comments
drop_locked_tables() changed to not delete tables used for name locking
Fixed compiler warnings
sql/sql_delete.cc:
Fixed usage of not initialized variable
(deleted could be referenced in some not common error conditions)
sql/sql_parse.cc:
Added missing DBUG_VOID_RETURN
Simplify code
sql/sql_partition.cc:
Fixed usage of wrong variable (noticed by valgrind)
sql/sql_plugin.cc:
Removed compiler warning
sql/sql_show.cc:
Removed compiler warning
sql/sql_table.cc:
Ensure that we don't remove locked tables used as name locks from open table cache until unlock_table_names() are called.
This was fixed by having drop_locked_name() returning any table used as a name lock so that we can free it in unlock_table_names()
This will allow Tomas to continue with his work to use namelocks to syncronize things.
Fixed wrong test of 'table_type' (path_length could otherwise be accessed uninitialized)
Remove compile warnings about not initialized variables.
sql/sql_yacc.yy:
Ensure that no_write_to_binlog is properly initialized
(Was accessed uninitialized by partition code)
sql/table.cc:
Removed valgrind warnings (not fatal)
Removed compiler warnings
sql/tztime.cc:
Removed valgrind warning
storage/ndb/include/ndbapi/NdbIndexStat.hpp:
Removed compiler warning
Added missing DBUG_xxx_RETURN statements
Fixed some usage of not initialized variables (as found by valgrind)
Ensure that we don't remove locked tables used as name locks from open table cache until unlock_table_names() are called.
This was fixed by having drop_locked_name() returning any table used as a name lock so that we can free it in unlock_table_names()
This will allow Tomas to continue with his work to use namelocks to syncronize things.
Note: valgrind still produces a lot of warnings about using not initialized code and shows memory loss errors when running the ndb tests
configure.in:
Auto merged
mysql-test/lib/mtr_timer.pl:
Auto merged
mysql-test/r/information_schema.result:
Auto merged
mysql-test/r/information_schema_db.result:
Auto merged
mysql-test/r/query_cache_notembedded.result:
Auto merged
mysql-test/t/information_schema.test:
Auto merged
mysql-test/t/query_cache_notembedded.test:
Auto merged
scripts/make_binary_distribution.sh:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_show.cc:
Auto merged
sql/sql_yacc.yy:
Auto merged
storage/ndb/src/kernel/blocks/backup/Backup.cpp:
Auto merged
sql/ha_innodb.cc:
manual merge
sql/sql_insert.cc:
manual merge
Crash happened when one selected data from one of INFORMATION_SCHEMA
tables and in order to build its contents server had to open view which
used stored function and table or view on which one had not global or
database-level privileges (e.g. had only table-level or had no
privileges at all).
The crash was caused by usage of check_grant() function, which assumes
that either number of tables to be inspected by it is limited explicitly
or table list used and thd->lex->query_tables_own_last value correspond
to each other (the latter should be either 0 or point to next_global
member of one of elements of this table list), in conditions when
above assumptions were not true. This fix just explicitly limits
number of tables to be inspected. Other negative effects which are
caused by the fact that thd->lex->query_tables_own_last might not
be set properly during processing of I_S tables are less disastrous
and will be reported and fixed separetely.
mysql-test/r/information_schema_db.result:
Fix for bug #18113 "SELECT * FROM information_schema.xxx crashes server"
test case
mysql-test/t/information_schema_db.test:
Fix for bug #18113 "SELECT * FROM information_schema.xxx crashes server"
test case
sql/sql_acl.cc:
added note
Crash happened when one selected data from one of INFORMATION_SCHEMA
tables and in order to build its contents server had to open view which
used stored function and table or view on which one had not global or
database-level privileges (e.g. had only table-level or had no
privileges at all).
The crash was caused by usage of check_grant() function, which assumes
that either number of tables to be inspected by it is limited explicitly
or table list used and thd->lex->query_tables_own_last value correspond
to each other (the latter should be either 0 or point to next_global
member of one of elements of this table list), in conditions when
above assumptions were not true. This fix just explicitly limits
number of tables to be inspected. Other negative effects which are
caused by the fact that thd->lex->query_tables_own_last might not
be set properly during processing of I_S tables are less disastrous
and will be reported and fixed separetely.
into mysql.com:/home/bk/w3023-mysql-5.1-new
configure.in:
Auto merged
mysql-test/r/rpl_row_create_table.result:
Auto merged
mysql-test/t/sp.test:
Auto merged
sql/log.cc:
Auto merged
sql/log_event.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_table.cc:
Auto merged
sql/table.h:
Auto merged
into mysql.com:/extern/mysql/5.1/generic/mysql-5.1-new
libmysql/libmysql.c:
Auto merged
mysql-test/r/binary.result:
Auto merged
mysql-test/r/federated.result:
Auto merged
mysql-test/r/func_math.result:
Auto merged
mysql-test/r/grant.result:
Auto merged
mysql-test/r/heap.result:
Auto merged
mysql-test/r/sp.result:
Auto merged
mysql-test/r/trigger.result:
Auto merged
mysql-test/r/type_decimal.result:
Auto merged
mysql-test/t/binary.test:
Auto merged
mysql-test/t/federated.test:
Auto merged
mysql-test/t/mysql.test:
Auto merged
mysql-test/t/sp.test:
Auto merged
mysql-test/t/trigger.test:
Auto merged
sql/field_conv.cc:
Auto merged
sql/ha_federated.cc:
Auto merged
sql/ha_federated.h:
Auto merged
sql/item_cmpfunc.cc:
Auto merged
sql/item_strfunc.h:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_trigger.cc:
Auto merged
sql/sql_yacc.yy:
Auto merged
sql/table.cc:
Auto merged
sql/table.h:
Auto merged
tests/mysql_client_test.c:
Auto merged
support-files/mysql.spec.sh:
Manual merge. (use local)
Check if the host of table hash record exactly matches host from GRANT command
mysql-test/r/grant.result:
Fix for bug#14385 GRANT and mapping to correct user account problems
test case
mysql-test/t/grant.test:
Fix for bug#14385 GRANT and mapping to correct user account problems
test case
into mysql.com:/home/bk/w3023-mysql-5.1-new
configure.in:
Auto merged
mysql-test/extra/binlog_tests/insert_select-binlog.test:
Auto merged
mysql-test/r/binlog_row_insert_select.result:
Auto merged
mysql-test/r/rpl_row_basic_11bugs.result:
Auto merged
scripts/mysql_fix_privilege_tables.sql:
Auto merged
sql/ha_ndbcluster_binlog.cc:
Auto merged
sql/handler.h:
Auto merged
sql/log_event.cc:
Auto merged
sql/log_event.h:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_class.cc:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_table.cc:
Auto merged
client/Makefile.am:
Merging with mysql-5.1-new
mysql-test/r/binlog_row_ctype_cp932.result:
Merging with mysql-5.1-new
mysql-test/r/rpl_ndb_blob.result:
Merging with mysql-5.1-new
mysql-test/r/rpl_ndb_dd_basic.result:
Merging with mysql-5.1-new
