From 9c6c527c769aaff8cee2fef2b4ae6b4babfcd6fe Mon Sep 17 00:00:00 2001
From: unknown <bell@sanja.is.com.ua>
Date: Fri, 28 Oct 2005 00:18:23 +0300
Subject: support of view underlying tables and SP functions security check
 added (BUG#9505) (WL#2787)

mysql-test/r/information_schema.result:
  error message changed
mysql-test/r/sp.result:
  error message changed
mysql-test/r/sql_mode.result:
  fixed test suite
mysql-test/r/view.result:
  error message changed
mysql-test/r/view_grant.result:
  test of underlying view tables check
mysql-test/t/sql_mode.test:
  fixed test suite
mysql-test/t/view_grant.test:
  test of underlying view tables check
sql/item.cc:
  check of underlying tables privilege added
sql/item.h:
  Name the resolution context points to the security  context of view (if item belong to the view)
sql/item_func.cc:
  a view error hiding for execution of prepared function belonged to a view
  fixed checking privileges if stored functions belonds to some view
sql/mysql_priv.h:
  refult of derived table processing functions changed to bool
  Security_context added as an argument to find_field_in_table()
sql/share/errmsg.txt:
  error message fixed
sql/sql_acl.cc:
  Storing requested privileges of tables added
  View underlying tables privilege check added
sql/sql_base.cc:
  View underlying tables privilege check added
sql/sql_cache.cc:
  Code cleunup: we should not register underlying tables of view second time
sql/sql_delete.cc:
  ancestor -> merge_underlying_list renaming
sql/sql_derived.cc:
  refult of derived table processing functions changed to bool
  do not give SELECT_ACL for TEMPTABLE views
sql/sql_lex.h:
  The comment added
sql/sql_parse.cc:
  registration of requested privileges added
sql/sql_prepare.cc:
  registration of requested privileges added
sql/sql_update.cc:
  manipulation of requested privileges for underlying tables made the same as for table which we are updating
sql/sql_view.cc:
  underlying tables of view security check support added
sql/table.cc:
  renaming and fixing view preparation methods, methods for checking underlyoing tables security context added
sql/table.h:
  storege for reuested privileges added
---
 mysql-test/r/view_grant.result | 167 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 167 insertions(+)

(limited to 'mysql-test/r/view_grant.result')

diff --git a/mysql-test/r/view_grant.result b/mysql-test/r/view_grant.result
index bac6e691069..f20e78e0297 100644
--- a/mysql-test/r/view_grant.result
+++ b/mysql-test/r/view_grant.result
@@ -305,5 +305,172 @@ create table mysqltest.t1 (a int);
 grant all privileges on mysqltest.* to mysqltest_1@localhost;
 use mysqltest;
 create view v1 as select * from t1;
+use test;
 revoke all privileges on mysqltest.* from mysqltest_1@localhost;
 drop database mysqltest;
+create database mysqltest;
+create table mysqltest.t1 (a int, b int);
+grant select on mysqltest.t1 to mysqltest_1@localhost;
+grant create view,select on test.* to mysqltest_1@localhost;
+create view v1 as select * from mysqltest.t1;
+show create view v1;
+View	Create View
+v1	CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_1`@`localhost` SQL SECURITY DEFINER VIEW `test`.`v1` AS select `mysqltest`.`t1`.`a` AS `a`,`mysqltest`.`t1`.`b` AS `b` from `mysqltest`.`t1`
+revoke select on mysqltest.t1 from mysqltest_1@localhost;
+select * from v1;
+ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+grant select on mysqltest.t1 to mysqltest_1@localhost;
+select * from v1;
+a	b
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost;
+drop view v1;
+drop database mysqltest;
+create database mysqltest;
+use mysqltest;
+create table t1 (a int);
+insert into t1 values (1);
+create table t2 (s1 int);
+drop function if exists f2;
+create function f2 () returns int begin declare v int; select s1 from t2
+into v; return v; end//
+create algorithm=TEMPTABLE view v1 as select f2() from t1;
+create algorithm=MERGE view v2 as select f2() from t1;
+create algorithm=TEMPTABLE SQL SECURITY INVOKER view v3 as select f2() from t1;
+create algorithm=MERGE SQL SECURITY INVOKER view v4 as select f2() from t1;
+create SQL SECURITY INVOKER view v5 as select * from v4;
+grant select on v1 to mysqltest_1@localhost;
+grant select on v2 to mysqltest_1@localhost;
+grant select on v3 to mysqltest_1@localhost;
+grant select on v4 to mysqltest_1@localhost;
+grant select on v5 to mysqltest_1@localhost;
+use mysqltest;
+select * from v1;
+f2()
+NULL
+Warnings:
+Warning	1329	No data to FETCH
+select * from v2;
+f2()
+NULL
+Warnings:
+Warning	1329	No data to FETCH
+select * from v3;
+ERROR HY000: View 'mysqltest.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from v4;
+ERROR HY000: View 'mysqltest.v4' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from v5;
+ERROR HY000: View 'mysqltest.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+use test;
+drop view v1, v2, v3, v4, v5;
+drop function f2;
+drop table t1, t2;
+use test;
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost;
+drop database mysqltest;
+create database mysqltest;
+use mysqltest;
+create table t1 (a int);
+insert into t1 values (1);
+create table t2 (s1 int);
+drop function if exists f2;
+create function f2 () returns int begin declare v int; select s1 from t2
+into v; return v; end//
+grant select on t1 to mysqltest_1@localhost;
+grant execute on function f2 to mysqltest_1@localhost;
+grant create view on mysqltest.* to mysqltest_1@localhost;
+use mysqltest;
+create algorithm=TEMPTABLE view v1 as select f2() from t1;
+create algorithm=MERGE view v2 as select f2() from t1;
+create algorithm=TEMPTABLE SQL SECURITY INVOKER view v3 as select f2() from t1;
+create algorithm=MERGE SQL SECURITY INVOKER view v4 as select f2() from t1;
+use test;
+create view v5 as select * from v1;
+revoke execute on function f2 from mysqltest_1@localhost;
+select * from v1;
+ERROR HY000: View 'mysqltest.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from v2;
+ERROR HY000: View 'mysqltest.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from v3;
+f2()
+NULL
+Warnings:
+Warning	1329	No data to FETCH
+select * from v4;
+f2()
+NULL
+Warnings:
+Warning	1329	No data to FETCH
+select * from v5;
+ERROR HY000: View 'mysqltest.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+drop view v1, v2, v3, v4, v5;
+drop function f2;
+drop table t1, t2;
+use test;
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost;
+drop database mysqltest;
+create database mysqltest;
+use mysqltest;
+create table t1 (a int);
+create table v1 (a int);
+insert into t1 values (1);
+grant select on t1 to mysqltest_1@localhost;
+grant select on v1 to mysqltest_1@localhost;
+grant create view on mysqltest.* to mysqltest_1@localhost;
+drop table v1;
+use mysqltest;
+create algorithm=TEMPTABLE view v1 as select *, a as b from t1;
+create algorithm=MERGE view v2 as select *, a as b from t1;
+create algorithm=TEMPTABLE SQL SECURITY INVOKER view v3 as select *, a as b from t1;
+create algorithm=MERGE SQL SECURITY INVOKER view v4 as select *, a as b from t1;
+create view v5 as select * from v1;
+use test;
+revoke select on t1 from mysqltest_1@localhost;
+select * from v1;
+ERROR HY000: View 'mysqltest.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from v2;
+ERROR HY000: View 'mysqltest.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from v3;
+a	b
+1	1
+select * from v4;
+a	b
+1	1
+select * from v5;
+ERROR HY000: View 'mysqltest.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+drop table t1;
+use test;
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost;
+drop database mysqltest;
+create database mysqltest;
+use mysqltest;
+create table t1 (a int);
+insert into t1 values (1);
+create algorithm=TEMPTABLE view v1 as select *, a as b from t1;
+create algorithm=MERGE view v2 as select *, a as b from t1;
+create algorithm=TEMPTABLE SQL SECURITY INVOKER view v3 as select *, a as b from t1;
+create algorithm=MERGE SQL SECURITY INVOKER view v4 as select *, a as b from t1;
+create SQL SECURITY INVOKER view v5 as select * from v4;
+grant select on v1 to mysqltest_1@localhost;
+grant select on v2 to mysqltest_1@localhost;
+grant select on v3 to mysqltest_1@localhost;
+grant select on v4 to mysqltest_1@localhost;
+grant select on v5 to mysqltest_1@localhost;
+use mysqltest;
+select * from v1;
+a	b
+1	1
+select * from v2;
+a	b
+1	1
+select * from v3;
+ERROR HY000: View 'mysqltest.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from v4;
+ERROR HY000: View 'mysqltest.v4' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from v5;
+ERROR HY000: View 'mysqltest.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+use test;
+drop view v1, v2, v3, v4, v5;
+drop table t1;
+use test;
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost;
+drop database mysqltest;
-- 
cgit v1.2.1