diff options
| author | Martin Hansson <mhansson@mysql.com> | 2008-09-03 16:45:40 +0200 |
|---|---|---|
| committer | Martin Hansson <mhansson@mysql.com> | 2008-09-03 16:45:40 +0200 |
| commit | 3bad2119f9dedc581bf3b9d7335740f563db5803 (patch) | |
| tree | fa2d69a1865665c76918ce941dbff3ea022709da /sql/sql_cache.cc | |
| parent | 8b0e99fe26db6c41ae4bdddd31777e1f63638efe (diff) | |
| download | mariadb-git-3bad2119f9dedc581bf3b9d7335740f563db5803.tar.gz | |
Bug#36086: SELECT * from views don't check column grants
This patch also fixes bugs 36963 and 35600.
- In many places a view was confused with an anonymous derived
table, i.e. access checking was skipped. Fixed by introducing a
predicate to tell the difference between named and anonymous
derived tables.
- When inserting fields for "SELECT * ", there was no
distinction between base tables and views, where one should be
made. View privileges are checked elsewhere.
mysql-test/include/grant_cache.inc:
Bug#36086: Changed test case.
mysql-test/r/grant2.result:
Bug#36086: Changed test result.
mysql-test/r/grant_cache_no_prot.result:
Bug#36086: Changed test result.
mysql-test/r/grant_cache_ps_prot.result:
Bug#36086: Changed test result.
mysql-test/r/view_grant.result:
Bug#36086: Test result.
mysql-test/t/grant2.test:
Bug#36086: Changed test case.
mysql-test/t/view_grant.test:
Bug#36086: Test case.
sql/item.cc:
Bug#36086: Replaced conditional with new methods.
sql/sql_acl.cc:
Bug no 35600:
In mysql_table_grant:
Replaced conditional with the new accessor method.
In check_grant:
- Changed the requirement table->derived != null to
checking all anonymous derived tables.
- Use of the accessor methods for getting object and database
names.
Bug#36086: In check_grant_all_columns:
- Updated comment. This function is now called for views
as well.
- The error message should not disclose any column names
unless the user has privilege to see all column names.
- Changed names of Field_iterator_table_ref methods.
sql/sql_base.cc:
Bug no 36963: In insert_fields()
- Commented.
- We should call check_grant_all_columns() for views in
this case.
- Changed names of Field_iterator_table_ref methods.
- We should not disclose column names in the error message
when the user has no approprate privilege.
sql/sql_cache.cc:
Bug#36086: Replaced test with new predicate method.
sql/sql_derived.cc:
Bug#36086: commenting only. Updated and doxygenated
comment for mysql_derived_prepare().
sql/sql_parse.cc:
Bug no 35600:
- In check_single_table_access:
Due to the bug, check_grant would raise an error for a
SHOW CREATE TABLE command for a TEMPTABLE view. It should in
fact not be be invoked in this case. This table privilege
is checked already.
There is a test case for this in information_schema_db.test.
- In check_access: replaced table->derived
sql/table.cc:
Bug#36086:
- In TABLE_LIST::set_underlying_merge():
Commenting only. Doxygenated, corrected spelling,
added.
- Renamed table_name() and db_name() methods of
Field_iterator_table_ref in order to be consistent
with new methods in TABLE_LIST.
sql/table.h:
Bug#36086:
- Commented GRANT_INFO.
- Added a predicate is_anonymous_derived_table() to
TABLE_LIST.
- Added get_table_name() and get_db_name() to
TABLE_LIST in order to hide the disparate
representation of these properties.
Diffstat (limited to 'sql/sql_cache.cc')
| -rw-r--r-- | sql/sql_cache.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sql_cache.cc b/sql/sql_cache.cc index 375ffc882b4..f5566acbc6f 100644 --- a/sql/sql_cache.cc +++ b/sql/sql_cache.cc @@ -2633,7 +2633,7 @@ Query_cache::register_tables_from_list(TABLE_LIST *tables_used, tables_used; tables_used= tables_used->next_global, n++, block_table++) { - if (tables_used->derived && !tables_used->view) + if (tables_used->is_anonymous_derived_table()) { DBUG_PRINT("qcache", ("derived table skipped")); n--; |