Bug#36086: SELECT * from views don't check column grants
This patch also fixes bugs 36963 and 35600. - In many places a view was confused with an anonymous derived table, i.e. access checking was skipped. Fixed by introducing a predicate to tell the difference between named and anonymous derived tables. - When inserting fields for "SELECT * ", there was no distinction between base tables and views, where one should be made. View privileges are checked elsewhere. mysql-test/include/grant_cache.inc: Bug#36086: Changed test case. mysql-test/r/grant2.result: Bug#36086: Changed test result. mysql-test/r/grant_cache_no_prot.result: Bug#36086: Changed test result. mysql-test/r/grant_cache_ps_prot.result: Bug#36086: Changed test result. mysql-test/r/view_grant.result: Bug#36086: Test result. mysql-test/t/grant2.test: Bug#36086: Changed test case. mysql-test/t/view_grant.test: Bug#36086: Test case. sql/item.cc: Bug#36086: Replaced conditional with new methods. sql/sql_acl.cc: Bug no 35600: In mysql_table_grant: Replaced conditional with the new accessor method. In check_grant: - Changed the requirement table->derived != null to checking all anonymous derived tables. - Use of the accessor methods for getting object and database names. Bug#36086: In check_grant_all_columns: - Updated comment. This function is now called for views as well. - The error message should not disclose any column names unless the user has privilege to see all column names. - Changed names of Field_iterator_table_ref methods. sql/sql_base.cc: Bug no 36963: In insert_fields() - Commented. - We should call check_grant_all_columns() for views in this case. - Changed names of Field_iterator_table_ref methods. - We should not disclose column names in the error message when the user has no approprate privilege. sql/sql_cache.cc: Bug#36086: Replaced test with new predicate method. sql/sql_derived.cc: Bug#36086: commenting only. Updated and doxygenated comment for mysql_derived_prepare(). sql/sql_parse.cc: Bug no 35600: - In check_single_table_access: Due to the bug, check_grant would raise an error for a SHOW CREATE TABLE command for a TEMPTABLE view. It should in fact not be be invoked in this case. This table privilege is checked already. There is a test case for this in information_schema_db.test. - In check_access: replaced table->derived sql/table.cc: Bug#36086: - In TABLE_LIST::set_underlying_merge(): Commenting only. Doxygenated, corrected spelling, added. - Renamed table_name() and db_name() methods of Field_iterator_table_ref in order to be consistent with new methods in TABLE_LIST. sql/table.h: Bug#36086: - Commented GRANT_INFO. - Added a predicate is_anonymous_derived_table() to TABLE_LIST. - Added get_table_name() and get_db_name() to TABLE_LIST in order to hide the disparate representation of these properties.
Showing
Please register or sign in to comment