Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
bd311c0c
Commit
bd311c0c
authored
May 12, 2007
by
unknown
Browse files
Options
Browse Files
Download
Plain Diff
Merge bk@192.168.21.1:mysql-5.0-opt
into mysql.com:/home/hf/work/27957/my50-27957
parents
8bbe6f23
86dccd92
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
50 additions
and
4 deletions
+50
-4
mysql-test/r/grant.result
mysql-test/r/grant.result
+19
-0
mysql-test/t/grant.test
mysql-test/t/grant.test
+25
-0
sql/sql_prepare.cc
sql/sql_prepare.cc
+3
-2
sql/sql_update.cc
sql/sql_update.cc
+3
-2
No files found.
mysql-test/r/grant.result
View file @
bd311c0c
...
...
@@ -1105,4 +1105,23 @@ ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table '
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_1@localhost;
use test;
CREATE TABLE t1 (f1 int, f2 int);
INSERT INTO t1 VALUES(1,1), (2,2);
CREATE DATABASE db27878;
GRANT UPDATE(f1) ON t1 TO 'mysqltest_1'@'localhost';
GRANT SELECT ON `test`.* TO 'mysqltest_1'@'localhost';
GRANT ALL ON db27878.* TO 'mysqltest_1'@'localhost';
use db27878;
CREATE SQL SECURITY INVOKER VIEW db27878.v1 AS SELECT * FROM test.t1;
use db27878;
UPDATE v1 SET f2 = 4;
ERROR HY000: View 'db27878.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
SELECT * FROM test.t1;
f1 f2
1 1
2 2
DROP VIEW v1;
use test;
DROP TABLE t1;
End of 5.0 tests
mysql-test/t/grant.test
View file @
bd311c0c
...
...
@@ -413,6 +413,7 @@ connect (user1,localhost,mysqltest_1,,mysqltest,$MASTER_MYPORT,$MASTER_MYSOCK);
connection
user1
;
--
error
1142
alter
table
t1
rename
t2
;
disconnect
user1
;
connection
root
;
revoke
all
privileges
on
mysqltest
.
t1
from
mysqltest_1
@
localhost
;
delete
from
mysql
.
user
where
user
=
_binary
'mysqltest_1'
;
...
...
@@ -1122,5 +1123,29 @@ DROP DATABASE mysqltest2;
DROP
USER
mysqltest_1
@
localhost
;
#
# Bug#27878: Unchecked privileges on a view referring to a table from another
# database.
#
use
test
;
CREATE
TABLE
t1
(
f1
int
,
f2
int
);
INSERT
INTO
t1
VALUES
(
1
,
1
),
(
2
,
2
);
CREATE
DATABASE
db27878
;
GRANT
UPDATE
(
f1
)
ON
t1
TO
'mysqltest_1'
@
'localhost'
;
GRANT
SELECT
ON
`test`
.*
TO
'mysqltest_1'
@
'localhost'
;
GRANT
ALL
ON
db27878
.*
TO
'mysqltest_1'
@
'localhost'
;
use
db27878
;
CREATE
SQL
SECURITY
INVOKER
VIEW
db27878
.
v1
AS
SELECT
*
FROM
test
.
t1
;
connect
(
user1
,
localhost
,
mysqltest_1
,,
test
);
connection
user1
;
use
db27878
;
--
error
1356
UPDATE
v1
SET
f2
=
4
;
SELECT
*
FROM
test
.
t1
;
disconnect
user1
;
connection
default
;
DROP
VIEW
v1
;
use
test
;
DROP
TABLE
t1
;
--
echo
End
of
5.0
tests
sql/sql_prepare.cc
View file @
bd311c0c
...
...
@@ -1164,8 +1164,9 @@ static int mysql_test_update(Prepared_statement *stmt,
goto
error
;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* TABLE_LIST contain right privilages request */
want_privilege
=
table_list
->
grant
.
want_privilege
;
/* Force privilege re-checking for views after they have been opened. */
want_privilege
=
(
table_list
->
view
?
UPDATE_ACL
:
table_list
->
grant
.
want_privilege
);
#endif
if
(
mysql_prepare_update
(
thd
,
table_list
,
&
select
->
where
,
...
...
sql/sql_update.cc
View file @
bd311c0c
...
...
@@ -173,8 +173,9 @@ int mysql_update(THD *thd,
table
->
quick_keys
.
clear_all
();
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* TABLE_LIST contain right privilages request */
want_privilege
=
table_list
->
grant
.
want_privilege
;
/* Force privilege re-checking for views after they have been opened. */
want_privilege
=
(
table_list
->
view
?
UPDATE_ACL
:
table_list
->
grant
.
want_privilege
);
#endif
if
(
mysql_prepare_update
(
thd
,
table_list
,
&
conds
,
order_num
,
order
))
DBUG_RETURN
(
1
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment