From b765a8af9bb0417a8bbb12cef44014de9badd938 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 23 Mar 2007 19:24:03 +0100 Subject: [PATCH] Bug #26817: mysqldump fails to backup database containing view with invalid definer give some leeway on required permissions for SHOW FIELDS on views so an unknonwn DEFINER will no longer break mysqldump client/client_priv.h: Bug #26817: mysqldump fails to backup database containing view with invalid definer New option for mysqldump: redirect stderr to file ("2> for Windows") client/mysqldump.c: Bug #26817: mysqldump fails to backup database containing view with invalid definer New option for mysqldump: redirect stderr to file ("2> for Windows") mysql-test/r/information_schema_db.result: Bug #26817: mysqldump fails to backup database containing view with invalid definer New option for mysqldump: redirect stderr to file ("2> for Windows") mysql-test/t/information_schema_db.test: Bug #26817: mysqldump fails to backup database containing view with invalid definer New option for mysqldump: redirect stderr to file ("2> for Windows") sql/sql_base.cc: Bug #26817: mysqldump fails to backup database containing view with invalid definer be a little more lenient for SHOW FIELDS FROM sql/sql_parse.cc: Bug #26817: mysqldump fails to backup database containing view with invalid definer be a little more lenient for SHOW FIELDS FROM on views on views sql/sql_view.cc: Bug #26817: mysqldump fails to backup database containing view with invalid definer give SHOW FIELDS the same perks as SHOW CREATE sql/table.cc: Bug #26817: mysqldump fails to backup database containing view with invalid definer give SHOW FIELDS the same perks as SHOW CREATE --- client/client_priv.h | 2 +- client/mysqldump.c | 24 +++++++- mysql-test/r/information_schema_db.result | 71 ++++++++++++++++++++++- mysql-test/t/information_schema_db.test | 55 +++++++++++++++++- sql/sql_base.cc | 27 ++++++++- sql/sql_parse.cc | 5 +- sql/sql_view.cc | 7 ++- sql/table.cc | 5 +- 8 files changed, 182 insertions(+), 14 deletions(-) diff --git a/client/client_priv.h b/client/client_priv.h index 7748dc612d6..418bf86f2c8 100644 --- a/client/client_priv.h +++ b/client/client_priv.h @@ -51,5 +51,5 @@ enum options_client OPT_TRIGGERS, OPT_IGNORE_TABLE,OPT_INSERT_IGNORE,OPT_SHOW_WARNINGS,OPT_DROP_DATABASE, OPT_TZ_UTC, OPT_AUTO_CLOSE, OPT_SSL_VERIFY_SERVER_CERT, - OPT_DEBUG_INFO + OPT_DEBUG_INFO, OPT_ERROR_LOG_FILE }; diff --git a/client/mysqldump.c b/client/mysqldump.c index 94ab9dac5ac..0d7c0c3a0bf 100644 --- a/client/mysqldump.c +++ b/client/mysqldump.c @@ -105,7 +105,8 @@ static char *opt_password=0,*current_user=0, *lines_terminated=0, *enclosed=0, *opt_enclosed=0, *escaped=0, *where=0, *order_by=0, *opt_compatible_mode_str= 0, - *err_ptr= 0; + *err_ptr= 0, + *log_error_file= NULL; static char **defaults_argv= 0; static char compatible_mode_normal_str[255]; static ulong opt_compatible_mode= 0; @@ -116,7 +117,9 @@ static my_string opt_mysql_unix_port=0; static int first_error=0; static DYNAMIC_STRING extended_row; #include -FILE *md_result_file= 0; +FILE *md_result_file= 0; +FILE *stderror_file=0; + #ifdef HAVE_SMEM static char *shared_memory_base_name=0; #endif @@ -293,6 +296,9 @@ static struct my_option my_long_options[] = 0, 0, 0, 0, 0, 0}, {"lock-tables", 'l', "Lock all tables for read.", (gptr*) &lock_tables, (gptr*) &lock_tables, 0, GET_BOOL, NO_ARG, 1, 0, 0, 0, 0, 0}, + {"log-error", OPT_ERROR_LOG_FILE, "Append warnings and errors to given file.", + (gptr*) &log_error_file, (gptr*) &log_error_file, 0, GET_STR, + REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, {"master-data", OPT_MASTER_DATA, "This causes the binary log position and filename to be appended to the " "output. If equal to 1, will print it as a CHANGE MASTER command; if equal" @@ -3694,6 +3700,16 @@ int main(int argc, char **argv) free_resources(0); exit(exit_code); } + + if (log_error_file) + { + if(!(stderror_file= freopen(log_error_file, "a+", stderr))) + { + free_resources(0); + exit(EX_MYSQLERR); + } + } + if (connect_to_db(current_host, current_user, opt_password)) { free_resources(0); @@ -3746,5 +3762,9 @@ err: if (!path) write_footer(md_result_file); free_resources(); + + if (stderror_file) + fclose(stderror_file); + return(first_error); } /* main */ diff --git a/mysql-test/r/information_schema_db.result b/mysql-test/r/information_schema_db.result index 47efe1d17ad..2d330dda333 100644 --- a/mysql-test/r/information_schema_db.result +++ b/mysql-test/r/information_schema_db.result @@ -106,16 +106,82 @@ use testdb_1; create table t1 (f1 char(4)); create view v1 as select f1 from t1; grant insert on v1 to testdb_2@localhost; +create view v5 as select f1 from t1; +grant show view on v5 to testdb_2@localhost; +create definer=`no_such_user`@`no_such_host` view v6 as select f1 from t1; +ERROR 42000: Access denied; you need the SUPER privilege for this operation +use testdb_1; +create view v6 as select f1 from t1; +grant show view on v6 to testdb_2@localhost; +create table t2 (f1 char(4)); +create definer=`no_such_user`@`no_such_host` view v7 as select * from t2; +Warnings: +Note 1449 There is no 'no_such_user'@'no_such_host' registered +show fields from testdb_1.v6; +Field Type Null Key Default Extra +f1 char(4) YES NULL +show create view testdb_1.v6; +View Create View +v6 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v6` AS select `t1`.`f1` AS `f1` from `t1` +show create view testdb_1.v7; +View Create View +v7 CREATE ALGORITHM=UNDEFINED DEFINER=`no_such_user`@`no_such_host` SQL SECURITY DEFINER VIEW `v7` AS select `testdb_1`.`t2`.`f1` AS `f1` from `t2` +Warnings: +Warning 1356 View 'testdb_1.v7' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them +show fields from testdb_1.v7; +Field Type Null Key Default Extra +f1 null YES NULL +Warnings: +Note 1449 There is no 'no_such_user'@'no_such_host' registered create table t3 (f1 char(4), f2 char(4)); create view v3 as select f1,f2 from t3; grant insert(f1), insert(f2) on v3 to testdb_2@localhost; create view v2 as select f1 from testdb_1.v1; create view v4 as select f1,f2 from testdb_1.v3; +show fields from testdb_1.v5; +Field Type Null Key Default Extra +f1 char(4) YES NULL +show create view testdb_1.v5; +View Create View +v5 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_1`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v5` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1` +show fields from testdb_1.v6; +Field Type Null Key Default Extra +f1 char(4) YES NULL +show create view testdb_1.v6; +View Create View +v6 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v6` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1` +show fields from testdb_1.v7; +Field Type Null Key Default Extra +f1 null YES NULL +Warnings: +Note 1449 There is no 'no_such_user'@'no_such_host' registered +show create view testdb_1.v7; +View Create View +v7 CREATE ALGORITHM=UNDEFINED DEFINER=`no_such_user`@`no_such_host` SQL SECURITY DEFINER VIEW `v7` AS select `testdb_1`.`t2`.`f1` AS `f1` from `t2` +Warnings: +Warning 1356 View 'testdb_1.v7' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them revoke insert(f1) on v3 from testdb_2@localhost; +revoke show view on v5 from testdb_2@localhost; +use testdb_1; +revoke show view on v6 from testdb_2@localhost; +show fields from testdb_1.v5; +ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v5' +show create view testdb_1.v5; +ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v5' +show fields from testdb_1.v6; +ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v6' +show create view testdb_1.v6; +ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v6' +show fields from testdb_1.v7; +ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v7' +show create view testdb_1.v7; +ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v7' show create view v4; ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table show fields from v4; -ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table +Field Type Null Key Default Extra +f1 null YES NULL +f2 char(4) YES NULL show fields from v2; Field Type Null Key Default Extra f1 char(4) YES NULL @@ -140,7 +206,8 @@ where a.table_name = 'testdb_1.v1'; view_definition select * from v2; ERROR HY000: View 'test.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them -drop view testdb_1.v1,v2, testdb_1.v3, v4; +use test; +drop view testdb_1.v1, v2, testdb_1.v3, v4; drop database testdb_1; drop user testdb_1@localhost; drop user testdb_2@localhost; diff --git a/mysql-test/t/information_schema_db.test b/mysql-test/t/information_schema_db.test index e15e50e8766..666f331c7b9 100644 --- a/mysql-test/t/information_schema_db.test +++ b/mysql-test/t/information_schema_db.test @@ -121,6 +121,28 @@ create table t1 (f1 char(4)); create view v1 as select f1 from t1; grant insert on v1 to testdb_2@localhost; +create view v5 as select f1 from t1; +grant show view on v5 to testdb_2@localhost; + +--error 1227 +create definer=`no_such_user`@`no_such_host` view v6 as select f1 from t1; + +connection default; +use testdb_1; +create view v6 as select f1 from t1; +grant show view on v6 to testdb_2@localhost; + +create table t2 (f1 char(4)); +create definer=`no_such_user`@`no_such_host` view v7 as select * from t2; + +show fields from testdb_1.v6; +show create view testdb_1.v6; + +show create view testdb_1.v7; +show fields from testdb_1.v7; + +connection testdb_1; + create table t3 (f1 char(4), f2 char(4)); create view v3 as select f1,f2 from t3; grant insert(f1), insert(f2) on v3 to testdb_2@localhost; @@ -129,13 +151,41 @@ connect (testdb_2,localhost,testdb_2,,test); create view v2 as select f1 from testdb_1.v1; create view v4 as select f1,f2 from testdb_1.v3; +show fields from testdb_1.v5; +show create view testdb_1.v5; + +show fields from testdb_1.v6; +show create view testdb_1.v6; + connection testdb_1; +show fields from testdb_1.v7; +show create view testdb_1.v7; + revoke insert(f1) on v3 from testdb_2@localhost; +revoke show view on v5 from testdb_2@localhost; +connection default; +use testdb_1; +revoke show view on v6 from testdb_2@localhost; connection testdb_2; +--error 1142 +show fields from testdb_1.v5; +--error 1142 +show create view testdb_1.v5; + +--error 1142 +show fields from testdb_1.v6; +--error 1142 +show create view testdb_1.v6; + +--error 1142 +show fields from testdb_1.v7; +--error 1142 +show create view testdb_1.v7; + --error 1345 show create view v4; ---error 1345 +#--error 1345 show fields from v4; show fields from v2; @@ -155,7 +205,8 @@ where a.table_name = 'testdb_1.v1'; select * from v2; connection default; -drop view testdb_1.v1,v2, testdb_1.v3, v4; +use test; +drop view testdb_1.v1, v2, testdb_1.v3, v4; drop database testdb_1; drop user testdb_1@localhost; drop user testdb_2@localhost; diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 77bb1d9642b..1693c98bab7 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -3573,14 +3573,35 @@ find_field_in_tables(THD *thd, Item_ident *item, { Field *cur_field= find_field_in_table_ref(thd, cur_table, name, length, item->name, db, table_name, ref, - check_privileges, allow_rowid, + check_privileges, + allow_rowid, &(item->cached_field_index), register_tree_change, &actual_table); if (cur_field) { if (cur_field == WRONG_GRANT) - return (Field*) 0; + { + if (thd->lex->sql_command != SQLCOM_SHOW_FIELDS) + return (Field*) 0; + + thd->clear_error(); + cur_field= find_field_in_table_ref(thd, cur_table, name, length, + item->name, db, table_name, ref, + false, + allow_rowid, + &(item->cached_field_index), + register_tree_change, + &actual_table); + if (cur_field) + { + Field *nf=new Field_null(NULL,0,Field::NONE, + cur_field->field_name, + cur_field->table, + &my_charset_bin); + cur_field= nf; + } + } /* Store the original table of the field, which may be different from @@ -3603,7 +3624,7 @@ find_field_in_tables(THD *thd, Item_ident *item, report_error == IGNORE_EXCEPT_NON_UNIQUE) my_error(ER_NON_UNIQ_ERROR, MYF(0), table_name ? item->full_name() : name, thd->where); - return (Field*) 0; + return (Field*) 0; } found= cur_field; } diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 1b8bfd38fc4..40914339cf1 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -5159,7 +5159,10 @@ bool check_single_table_access(THD *thd, ulong privilege, goto deny; /* Show only 1 table for check_grant */ - if (grant_option && check_grant(thd, privilege, all_tables, 0, 1, 0)) + if (grant_option && + !(all_tables->belong_to_view && + (thd->lex->sql_command == SQLCOM_SHOW_FIELDS)) && + check_grant(thd, privilege, all_tables, 0, 1, 0)) goto deny; thd->security_ctx= backup_ctx; diff --git a/sql/sql_view.cc b/sql/sql_view.cc index 7143df8474a..32231a93ef7 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -1003,6 +1003,11 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table, CHARSET_INFO *save_cs= thd->variables.character_set_client; thd->variables.character_set_client= system_charset_info; res= MYSQLparse((void *)thd); + + if ((old_lex->sql_command == SQLCOM_SHOW_FIELDS) || + (old_lex->sql_command == SQLCOM_SHOW_CREATE)) + lex->sql_command= old_lex->sql_command; + thd->variables.character_set_client= save_cs; thd->variables.sql_mode= save_mode; } @@ -1028,7 +1033,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table, } } else if (!table->prelocking_placeholder && - old_lex->sql_command == SQLCOM_SHOW_CREATE && + (old_lex->sql_command == SQLCOM_SHOW_CREATE) && !table->belong_to_view) { if (check_table_access(thd, SHOW_VIEW_ACL, table, 0)) diff --git a/sql/table.cc b/sql/table.cc index 960534bf7d4..6d13514e782 100644 --- a/sql/table.cc +++ b/sql/table.cc @@ -2085,7 +2085,7 @@ void st_table_list::hide_view_error(THD *thd) thd->net.last_errno == ER_NO_SUCH_TABLE) { TABLE_LIST *top= top_table(); - thd->clear_error(); + thd->clear_error(); my_error(ER_VIEW_INVALID, MYF(0), top->view_db.str, top->view_name.str); } else if (thd->net.last_errno == ER_NO_DEFAULT_FOR_FIELD) @@ -2441,7 +2441,8 @@ bool st_table_list::prepare_view_securety_context(THD *thd) definer.host.str, thd->db)) { - if (thd->lex->sql_command == SQLCOM_SHOW_CREATE) + if ((thd->lex->sql_command == SQLCOM_SHOW_CREATE) || + (thd->lex->sql_command == SQLCOM_SHOW_FIELDS)) { push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_NOTE, ER_NO_SUCH_USER,