This commit is contained in:
Patrick Crews 2009-02-27 10:45:19 +02:00
commit 88b906ac21
21 changed files with 190 additions and 43 deletions

View file

@ -115,6 +115,12 @@ IF(MSVC)
STRING(REPLACE "/EHsc" "" CMAKE_CXX_FLAGS_INIT ${CMAKE_CXX_FLAGS_INIT})
STRING(REPLACE "/EHsc" "" CMAKE_CXX_FLAGS_DEBUG_INIT ${CMAKE_CXX_FLAGS_DEBUG_INIT})
# Mark 32 bit executables large address aware so they can
# use > 2GB address space
IF(CMAKE_SIZEOF_VOID_P MATCHES 4)
SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /LARGEADDRESSAWARE")
ENDIF(CMAKE_SIZEOF_VOID_P MATCHES 4)
# Disable automatic manifest generation.
STRING(REPLACE "/MANIFEST" "/MANIFEST:NO" CMAKE_EXE_LINKER_FLAGS
${CMAKE_EXE_LINKER_FLAGS})

View file

@ -2222,8 +2222,22 @@ static bool add_line(String &buffer,char *line,char *in_string,
}
if (out != line || !buffer.is_empty())
{
*out++='\n';
uint length=(uint) (out-line);
if (length < 9 ||
my_strnncoll (charset_info,
(uchar *)line, 9, (const uchar *) "delimiter", 9))
{
/*
Don't add a new line in case there's a DELIMITER command to be
added to the glob buffer (e.g. on processing a line like
"<command>;DELIMITER <non-eof>") : similar to how a new line is
not added in the case when the DELIMITER is the first command
entered with an empty glob buffer.
*/
*out++='\n';
length++;
}
if (buffer.length() + length >= buffer.alloced_length())
buffer.realloc(buffer.length()+length+IO_SIZE);
if ((!*ml_comment || preserve_comments) && buffer.append(line, length))

View file

@ -324,6 +324,9 @@ C_MODE_END
#ifdef HAVE_FLOAT_H
#include <float.h>
#endif
#ifdef HAVE_FENV_H
#include <fenv.h> /* For fesetround() */
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>

View file

@ -457,7 +457,7 @@ Privilege Context Comment
Alter Tables To alter the table
Alter routine Functions,Procedures To alter or drop stored functions/procedures
Create Databases,Tables,Indexes To create new databases and tables
Create routine Functions,Procedures To use CREATE FUNCTION/PROCEDURE
Create routine Databases To use CREATE FUNCTION/PROCEDURE
Create temporary tables Databases To use CREATE TEMPORARY TABLE
Create view Tables To create new views
Create user Server Admin To create new users

View file

@ -433,7 +433,7 @@ USE db1;
SELECT c FROM t2;
ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
SELECT * FROM t2;
ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for table 't2'
SELECT * FROM t1 JOIN t2 USING (b);
ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
USE test;

View file

@ -188,7 +188,7 @@ Field Type Null Key Default Extra
f1 char(4) YES NULL
show create view v2;
View Create View
v2 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_2`@`localhost` SQL SECURITY DEFINER VIEW `test`.`v2` AS select `v1`.`f1` AS `f1` from `testdb_1`.`v1`
v2 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_2`@`localhost` SQL SECURITY DEFINER VIEW `v2` AS select `v1`.`f1` AS `f1` from `testdb_1`.`v1`
show create view testdb_1.v1;
ERROR 42000: SHOW VIEW command denied to user 'testdb_2'@'localhost' for table 'v1'
select table_name from information_schema.columns a

View file

@ -188,4 +188,8 @@ delimiter
2
@z:='1' @z=database()
1 NULL
1
1
1
1
End of 5.0 tests

View file

@ -3246,7 +3246,7 @@ USE `mysqldump_views`;
/*!50001 DROP TABLE `nasishnasifu`*/;
/*!50001 CREATE ALGORITHM=UNDEFINED */
/*!50013 DEFINER=`root`@`localhost` SQL SECURITY DEFINER */
/*!50001 VIEW `mysqldump_views`.`nasishnasifu` AS select `mysqldump_tables`.`basetable`.`id` AS `id` from `mysqldump_tables`.`basetable` */;
/*!50001 VIEW `nasishnasifu` AS select `mysqldump_tables`.`basetable`.`id` AS `id` from `mysqldump_tables`.`basetable` */;
drop view nasishnasifu;
drop database mysqldump_views;
drop table mysqldump_tables.basetable;

View file

@ -235,7 +235,7 @@ execute stmt1;
prepare stmt1 from "insert into t1 select i from t1";
execute stmt1;
execute stmt1;
prepare stmt1 from "select * from t1 into outfile 'f1.txt'";
prepare stmt1 from "select * from t1 into outfile '<MYSQLTEST_VARDIR>/tmp/f1.txt'";
execute stmt1;
deallocate prepare stmt1;
drop table t1;

View file

@ -2475,7 +2475,7 @@ Privilege Context Comment
Alter Tables To alter the table
Alter routine Functions,Procedures To alter or drop stored functions/procedures
Create Databases,Tables,Indexes To create new databases and tables
Create routine Functions,Procedures To use CREATE FUNCTION/PROCEDURE
Create routine Databases To use CREATE FUNCTION/PROCEDURE
Create temporary tables Databases To use CREATE TEMPORARY TABLE
Create view Tables To create new views
Create user Server Admin To create new users
@ -2527,7 +2527,7 @@ Privilege Context Comment
Alter Tables To alter the table
Alter routine Functions,Procedures To alter or drop stored functions/procedures
Create Databases,Tables,Indexes To create new databases and tables
Create routine Functions,Procedures To use CREATE FUNCTION/PROCEDURE
Create routine Databases To use CREATE FUNCTION/PROCEDURE
Create temporary tables Databases To use CREATE TEMPORARY TABLE
Create view Tables To create new views
Create user Server Admin To create new users

View file

@ -26,7 +26,7 @@ create view v2 as select * from mysqltest.t2;
ERROR 42000: ANY command denied to user 'mysqltest_1'@'localhost' for table 't2'
show create view v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_1`@`localhost` SQL SECURITY DEFINER VIEW `test`.`v1` AS select `mysqltest`.`t1`.`a` AS `a`,`mysqltest`.`t1`.`b` AS `b` from `mysqltest`.`t1`
v1 CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `mysqltest`.`t1`.`a` AS `a`,`mysqltest`.`t1`.`b` AS `b` from `mysqltest`.`t1`
grant create view,drop,select on test.* to mysqltest_1@localhost;
use test;
alter view v1 as select * from mysqltest.t1;
@ -307,7 +307,7 @@ grant create view,select on test.* to mysqltest_1@localhost;
create view v1 as select * from mysqltest.t1;
show create view v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_1`@`localhost` SQL SECURITY DEFINER VIEW `test`.`v1` AS select `mysqltest`.`t1`.`a` AS `a`,`mysqltest`.`t1`.`b` AS `b` from `mysqltest`.`t1`
v1 CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `mysqltest`.`t1`.`a` AS `a`,`mysqltest`.`t1`.`b` AS `b` from `mysqltest`.`t1`
revoke select on mysqltest.t1 from mysqltest_1@localhost;
select * from v1;
ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
@ -919,4 +919,30 @@ c4
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_u1@localhost;
CREATE DATABASE db1;
USE db1;
CREATE TABLE t1(f1 INT, f2 INT);
CREATE VIEW v1 AS SELECT f1, f2 FROM t1;
GRANT SELECT (f1) ON t1 TO foo;
GRANT SELECT (f1) ON v1 TO foo;
USE db1;
SELECT f1 FROM t1;
f1
SELECT f2 FROM t1;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'f2' in table 't1'
SELECT * FROM t1;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't1'
SELECT f1 FROM v1;
f1
SELECT f2 FROM v1;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'f2' in table 'v1'
SELECT * FROM v1;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 'v1'
USE test;
REVOKE SELECT (f1) ON db1.t1 FROM foo;
REVOKE SELECT (f1) ON db1.v1 FROM foo;
DROP USER foo;
DROP VIEW db1.v1;
DROP TABLE db1.t1;
DROP DATABASE db1;
End of 5.0 tests.

View file

@ -615,7 +615,7 @@ connection conn1;
USE db1;
--error ER_COLUMNACCESS_DENIED_ERROR
SELECT c FROM t2;
--error ER_COLUMNACCESS_DENIED_ERROR
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM t2;
--error ER_COLUMNACCESS_DENIED_ERROR
SELECT * FROM t1 JOIN t2 USING (b);

View file

@ -314,4 +314,21 @@ remove_file $MYSQLTEST_VARDIR/tmp/bug38158.sql;
#
--exec $MYSQL -e "select @z:='1',@z=database()"
#
# Bug #31060: MySQL CLI parser bug 2
#
--write_file $MYSQLTEST_VARDIR/tmp/bug31060.sql
;DELIMITER DELIMITER
;
SELECT 1DELIMITER
DELIMITER ;
SELECT 1;
EOF
--exec $MYSQL < $MYSQLTEST_VARDIR/tmp/bug31060.sql 2>&1
remove_file $MYSQLTEST_VARDIR/tmp/bug31060.sql;
--echo End of 5.0 tests

View file

@ -228,6 +228,10 @@ drop table t1;
# statements or are correctly created and deleted on each execute
#
--let $outfile=$MYSQLTEST_VARDIR/tmp/f1.txt
--error 0,1
--remove_file $outfile
prepare stmt1 from "select 1 into @var";
execute stmt1;
execute stmt1;
@ -238,11 +242,14 @@ execute stmt1;
prepare stmt1 from "insert into t1 select i from t1";
execute stmt1;
execute stmt1;
prepare stmt1 from "select * from t1 into outfile 'f1.txt'";
--replace_result $MYSQLTEST_VARDIR <MYSQLTEST_VARDIR>
eval prepare stmt1 from "select * from t1 into outfile '$outfile'";
execute stmt1;
deallocate prepare stmt1;
drop table t1;
--remove_file $outfile
#
# BUG#5242 "Prepared statement names are case sensitive"
#

View file

@ -1185,4 +1185,44 @@ DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_u1@localhost;
#
# Bug #41354: Access control is bypassed when all columns of a view are
# selected by * wildcard
CREATE DATABASE db1;
USE db1;
CREATE TABLE t1(f1 INT, f2 INT);
CREATE VIEW v1 AS SELECT f1, f2 FROM t1;
GRANT SELECT (f1) ON t1 TO foo;
GRANT SELECT (f1) ON v1 TO foo;
connect (addconfoo, localhost, foo,,);
connection addconfoo;
USE db1;
SELECT f1 FROM t1;
--error ER_COLUMNACCESS_DENIED_ERROR
SELECT f2 FROM t1;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM t1;
SELECT f1 FROM v1;
--error ER_COLUMNACCESS_DENIED_ERROR
SELECT f2 FROM v1;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM v1;
connection default;
USE test;
disconnect addconfoo;
REVOKE SELECT (f1) ON db1.t1 FROM foo;
REVOKE SELECT (f1) ON db1.v1 FROM foo;
DROP USER foo;
DROP VIEW db1.v1;
DROP TABLE db1.t1;
DROP DATABASE db1;
--echo End of 5.0 tests.

View file

@ -187,9 +187,6 @@ int initgroups(const char *,unsigned int);
typedef fp_except fp_except_t;
#endif
#endif /* __FreeBSD__ && HAVE_IEEEFP_H */
#ifdef HAVE_FENV_H
#include <fenv.h>
#endif
#ifdef HAVE_SYS_FPU_H
/* for IRIX to use set_fpc_csr() */
#include <sys/fpu.h>

View file

@ -616,7 +616,8 @@ bool Protocol::send_fields(List<Item> *list, uint flags)
else
{
/* With conversion */
uint max_char_len;
ulonglong max_length;
uint32 field_length;
int2store(pos, thd_charset->number);
/*
For TEXT/BLOB columns, field_length describes the maximum data
@ -627,12 +628,21 @@ bool Protocol::send_fields(List<Item> *list, uint flags)
char_count * mbmaxlen, where character count is taken from the
definition of the column. In other words, the maximum number
of characters here is limited by the column definition.
When one has a LONG TEXT column with a single-byte
character set, and the connection character set is multi-byte, the
client may get fields longer than UINT_MAX32, due to
<character set column> -> <character set connection> conversion.
In that case column max length does not fit into the 4 bytes
reserved for it in the protocol.
*/
max_char_len= (field.type >= (int) MYSQL_TYPE_TINY_BLOB &&
field.type <= (int) MYSQL_TYPE_BLOB) ?
max_length= (field.type >= MYSQL_TYPE_TINY_BLOB &&
field.type <= MYSQL_TYPE_BLOB) ?
field.length / item->collation.collation->mbminlen :
field.length / item->collation.collation->mbmaxlen;
int4store(pos+2, max_char_len * thd_charset->mbmaxlen);
max_length*= thd_charset->mbmaxlen;
field_length= (max_length > UINT_MAX32) ? UINT_MAX32 : max_length;
int4store(pos + 2, field_length);
}
pos[6]= field.type;
int2store(pos+7,field.flags);

View file

@ -3866,6 +3866,11 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
Security_context *sctx= thd->security_ctx;
ulong want_access= want_access_arg;
const char *table_name= NULL;
/*
Flag that gets set if privilege checking has to be performed on column
level.
*/
bool using_column_privileges= FALSE;
if (grant_option)
{
@ -3909,6 +3914,8 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
GRANT_COLUMN *grant_column=
column_hash_search(grant_table, field_name,
(uint) strlen(field_name));
if (grant_column)
using_column_privileges= TRUE;
if (!grant_column || (~grant_column->rights & want_access))
goto err;
}
@ -3924,6 +3931,15 @@ err:
char command[128];
get_privilege_desc(command, sizeof(command), want_access);
/*
Do not give an error message listing a column name unless the user has
privilege to see all columns.
*/
if (using_column_privileges)
my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
command, sctx->priv_user,
sctx->host_or_ip, table_name);
else
my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
command,
sctx->priv_user,

View file

@ -5479,7 +5479,7 @@ insert_fields(THD *thd, Name_resolution_context *context, const char *db_name,
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* Ensure that we have access rights to all fields to be inserted. */
if (!((table && (table->grant.privilege & SELECT_ACL) ||
if (!((table && !tables->view && (table->grant.privilege & SELECT_ACL) ||
tables->view && (tables->grant.privilege & SELECT_ACL))) &&
!any_privileges)
{

View file

@ -106,7 +106,7 @@ static struct show_privileges_st sys_privileges[]=
{"Alter", "Tables", "To alter the table"},
{"Alter routine", "Functions,Procedures", "To alter or drop stored functions/procedures"},
{"Create", "Databases,Tables,Indexes", "To create new databases and tables"},
{"Create routine","Functions,Procedures","To use CREATE FUNCTION/PROCEDURE"},
{"Create routine","Databases","To use CREATE FUNCTION/PROCEDURE"},
{"Create temporary tables","Databases","To use CREATE TEMPORARY TABLE"},
{"Create view", "Tables", "To create new views"},
{"Create user", "Server Admin", "To create new users"},
@ -1232,21 +1232,25 @@ void append_definer(THD *thd, String *buffer, const LEX_STRING *definer_user,
static int
view_store_create_info(THD *thd, TABLE_LIST *table, String *buff)
{
my_bool compact_view_name= TRUE;
my_bool foreign_db_mode= (thd->variables.sql_mode & (MODE_POSTGRESQL |
MODE_ORACLE |
MODE_MSSQL |
MODE_DB2 |
MODE_MAXDB |
MODE_ANSI)) != 0;
/*
Compact output format for view can be used
- if user has db of this view as current db
- if this view only references table inside it's own db
*/
if (!thd->db || strcmp(thd->db, table->view_db.str))
table->compact_view_format= FALSE;
/*
print compact view name if the view belongs to the current database
*/
compact_view_name= table->compact_view_format= FALSE;
else
{
/*
Compact output format for view body can be used
if this view only references table inside it's own db
*/
TABLE_LIST *tbl;
table->compact_view_format= TRUE;
for (tbl= thd->lex->query_tables;
@ -1267,7 +1271,7 @@ view_store_create_info(THD *thd, TABLE_LIST *table, String *buff)
view_store_options(thd, table, buff);
}
buff->append(STRING_WITH_LEN("VIEW "));
if (!table->compact_view_format)
if (!compact_view_name)
{
append_identifier(thd, buff, table->view_db.str, table->view_db.length);
buff->append('.');

View file

@ -714,6 +714,7 @@ static void do_verify_prepare_field(MYSQL_RES *result,
{
MYSQL_FIELD *field;
CHARSET_INFO *cs;
ulonglong expected_field_length;
if (!(field= mysql_fetch_field_direct(result, no)))
{
@ -722,6 +723,8 @@ static void do_verify_prepare_field(MYSQL_RES *result,
}
cs= get_charset(field->charsetnr, 0);
DIE_UNLESS(cs);
if ((expected_field_length= length * cs->mbmaxlen) > UINT_MAX32)
expected_field_length= UINT_MAX32;
if (!opt_silent)
{
fprintf(stdout, "\n field[%d]:", no);
@ -736,8 +739,8 @@ static void do_verify_prepare_field(MYSQL_RES *result,
fprintf(stdout, "\n org_table:`%s`\t(expected: `%s`)",
field->org_table, org_table);
fprintf(stdout, "\n database :`%s`\t(expected: `%s`)", field->db, db);
fprintf(stdout, "\n length :`%lu`\t(expected: `%lu`)",
field->length, length * cs->mbmaxlen);
fprintf(stdout, "\n length :`%lu`\t(expected: `%llu`)",
field->length, expected_field_length);
fprintf(stdout, "\n maxlength:`%ld`", field->max_length);
fprintf(stdout, "\n charsetnr:`%d`", field->charsetnr);
fprintf(stdout, "\n default :`%s`\t(expected: `%s`)",
@ -773,11 +776,11 @@ static void do_verify_prepare_field(MYSQL_RES *result,
as utf8. Field length is calculated as number of characters * maximum
number of bytes a character can occupy.
*/
if (length && field->length != length * cs->mbmaxlen)
if (length && (field->length != expected_field_length))
{
fprintf(stderr, "Expected field length: %d, got length: %d\n",
(int) (length * cs->mbmaxlen), (int) field->length);
DIE_UNLESS(field->length == length * cs->mbmaxlen);
fprintf(stderr, "Expected field length: %llu, got length: %lu\n",
expected_field_length, field->length);
DIE_UNLESS(field->length == expected_field_length);
}
if (def)
DIE_UNLESS(strcmp(field->def, def) == 0);