merge.

2025-01-17 20:42:30 +01:00 · 2009-02-27 10:45:19 +02:00 · 2009-02-27 10:45:19 +02:00 · 88b906ac21
commit 88b906ac21
parent bc4df2f65d 494a764174
21 changed files with 190 additions and 43 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -114,7 +114,13 @@ IF(MSVC)
    STRING(REPLACE "/EHsc" "" CMAKE_CXX_FLAGS            ${CMAKE_CXX_FLAGS})
    STRING(REPLACE "/EHsc" "" CMAKE_CXX_FLAGS_INIT       ${CMAKE_CXX_FLAGS_INIT})
    STRING(REPLACE "/EHsc" "" CMAKE_CXX_FLAGS_DEBUG_INIT ${CMAKE_CXX_FLAGS_DEBUG_INIT})
-
+    
+    # Mark 32 bit executables large address aware so they can 
+    # use > 2GB address space
+    IF(CMAKE_SIZEOF_VOID_P MATCHES 4)
+      SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /LARGEADDRESSAWARE")
+    ENDIF(CMAKE_SIZEOF_VOID_P MATCHES 4)
+    
    # Disable automatic manifest generation.
    STRING(REPLACE "/MANIFEST" "/MANIFEST:NO" CMAKE_EXE_LINKER_FLAGS 
    	   ${CMAKE_EXE_LINKER_FLAGS})
--- a/client/mysql.cc
+++ b/client/mysql.cc
@ -2222,8 +2222,22 @@ static bool add_line(String &buffer,char *line,char *in_string,
  }
  if (out != line || !buffer.is_empty())
  {
-    *out++='\n';
    uint length=(uint) (out-line);
+
+    if (length < 9 || 
+        my_strnncoll (charset_info, 
+                      (uchar *)line, 9, (const uchar *) "delimiter", 9))
+    {
+      /* 
+        Don't add a new line in case there's a DELIMITER command to be 
+        added to the glob buffer (e.g. on processing a line like 
+        "<command>;DELIMITER <non-eof>") : similar to how a new line is 
+        not added in the case when the DELIMITER is the first command 
+        entered with an empty glob buffer. 
+      */
+      *out++='\n';
+      length++;
+    }
    if (buffer.length() + length >= buffer.alloced_length())
      buffer.realloc(buffer.length()+length+IO_SIZE);
    if ((!*ml_comment || preserve_comments) && buffer.append(line, length))
--- a/include/my_global.h
+++ b/include/my_global.h
@ -324,6 +324,9 @@ C_MODE_END
 #ifdef HAVE_FLOAT_H
 #include <float.h>
 #endif
+#ifdef HAVE_FENV_H
+#include <fenv.h> /* For fesetround() */
+#endif

 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
--- a/mysql-test/r/grant.result
+++ b/mysql-test/r/grant.result
@ -457,7 +457,7 @@ Privilege	Context	Comment
 Alter	Tables	To alter the table
 Alter routine	Functions,Procedures	To alter or drop stored functions/procedures
 Create	Databases,Tables,Indexes	To create new databases and tables
-Create routine	Functions,Procedures	To use CREATE FUNCTION/PROCEDURE
+Create routine	Databases	To use CREATE FUNCTION/PROCEDURE
 Create temporary tables	Databases	To use CREATE TEMPORARY TABLE
 Create view	Tables	To create new views
 Create user	Server Admin	To create new users
--- a/mysql-test/r/grant2.result
+++ b/mysql-test/r/grant2.result
@ -433,7 +433,7 @@ USE db1;
 SELECT c FROM t2;
 ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
 SELECT * FROM t2;
-ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
+ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for table 't2'
 SELECT * FROM t1 JOIN t2 USING (b);
 ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
 USE test;
--- a/mysql-test/r/information_schema_db.result
+++ b/mysql-test/r/information_schema_db.result
@ -188,7 +188,7 @@ Field	Type	Null	Key	Default	Extra
 f1	char(4)	YES		NULL	
 show create view v2;
 View	Create View
-v2	CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_2`@`localhost` SQL SECURITY DEFINER VIEW `test`.`v2` AS select `v1`.`f1` AS `f1` from `testdb_1`.`v1`
+v2	CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_2`@`localhost` SQL SECURITY DEFINER VIEW `v2` AS select `v1`.`f1` AS `f1` from `testdb_1`.`v1`
 show create view testdb_1.v1;
 ERROR 42000: SHOW VIEW command denied to user 'testdb_2'@'localhost' for table 'v1'
 select table_name from information_schema.columns a 
--- a/mysql-test/r/mysql.result
+++ b/mysql-test/r/mysql.result
@ -188,4 +188,8 @@ delimiter
 2
@z:='1'	@z=database()
 1	NULL
+1
+1
+1
+1
 End of 5.0 tests
--- a/mysql-test/r/mysqldump.result
+++ b/mysql-test/r/mysqldump.result
@ -3246,7 +3246,7 @@ USE `mysqldump_views`;
 /*!50001 DROP TABLE `nasishnasifu`*/;
 /*!50001 CREATE ALGORITHM=UNDEFINED */
 /*!50013 DEFINER=`root`@`localhost` SQL SECURITY DEFINER */
-/*!50001 VIEW `mysqldump_views`.`nasishnasifu` AS select `mysqldump_tables`.`basetable`.`id` AS `id` from `mysqldump_tables`.`basetable` */;
+/*!50001 VIEW `nasishnasifu` AS select `mysqldump_tables`.`basetable`.`id` AS `id` from `mysqldump_tables`.`basetable` */;
 drop view nasishnasifu;
 drop database mysqldump_views;
 drop table mysqldump_tables.basetable;
--- a/mysql-test/r/ps.result
+++ b/mysql-test/r/ps.result
@ -235,7 +235,7 @@ execute stmt1;
 prepare stmt1 from "insert into t1 select i from t1";
 execute stmt1;
 execute stmt1;
-prepare stmt1 from "select * from t1 into outfile 'f1.txt'";
+prepare stmt1 from "select * from t1 into outfile '<MYSQLTEST_VARDIR>/tmp/f1.txt'";
 execute stmt1;
 deallocate prepare stmt1;
 drop table t1;
--- a/mysql-test/r/sp.result
+++ b/mysql-test/r/sp.result
@ -2475,7 +2475,7 @@ Privilege	Context	Comment
 Alter	Tables	To alter the table
 Alter routine	Functions,Procedures	To alter or drop stored functions/procedures
 Create	Databases,Tables,Indexes	To create new databases and tables
-Create routine	Functions,Procedures	To use CREATE FUNCTION/PROCEDURE
+Create routine	Databases	To use CREATE FUNCTION/PROCEDURE
 Create temporary tables	Databases	To use CREATE TEMPORARY TABLE
 Create view	Tables	To create new views
 Create user	Server Admin	To create new users
@ -2527,7 +2527,7 @@ Privilege	Context	Comment
 Alter	Tables	To alter the table
 Alter routine	Functions,Procedures	To alter or drop stored functions/procedures
 Create	Databases,Tables,Indexes	To create new databases and tables
-Create routine	Functions,Procedures	To use CREATE FUNCTION/PROCEDURE
+Create routine	Databases	To use CREATE FUNCTION/PROCEDURE
 Create temporary tables	Databases	To use CREATE TEMPORARY TABLE
 Create view	Tables	To create new views
 Create user	Server Admin	To create new users
--- a/mysql-test/r/view_grant.result
+++ b/mysql-test/r/view_grant.result
@ -26,7 +26,7 @@ create view v2 as select * from mysqltest.t2;
 ERROR 42000: ANY command denied to user 'mysqltest_1'@'localhost' for table 't2'
 show create view v1;
 View	Create View
-v1	CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_1`@`localhost` SQL SECURITY DEFINER VIEW `test`.`v1` AS select `mysqltest`.`t1`.`a` AS `a`,`mysqltest`.`t1`.`b` AS `b` from `mysqltest`.`t1`
+v1	CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `mysqltest`.`t1`.`a` AS `a`,`mysqltest`.`t1`.`b` AS `b` from `mysqltest`.`t1`
 grant create view,drop,select on test.* to mysqltest_1@localhost;
 use test;
 alter view v1 as select * from mysqltest.t1;
@ -307,7 +307,7 @@ grant create view,select on test.* to mysqltest_1@localhost;
 create view v1 as select * from mysqltest.t1;
 show create view v1;
 View	Create View
-v1	CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_1`@`localhost` SQL SECURITY DEFINER VIEW `test`.`v1` AS select `mysqltest`.`t1`.`a` AS `a`,`mysqltest`.`t1`.`b` AS `b` from `mysqltest`.`t1`
+v1	CREATE ALGORITHM=UNDEFINED DEFINER=`mysqltest_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `mysqltest`.`t1`.`a` AS `a`,`mysqltest`.`t1`.`b` AS `b` from `mysqltest`.`t1`
 revoke select on mysqltest.t1 from mysqltest_1@localhost;
 select * from v1;
 ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
@ -919,4 +919,30 @@ c4
 DROP DATABASE mysqltest1;
 DROP DATABASE mysqltest2;
 DROP USER mysqltest_u1@localhost;
+CREATE DATABASE db1;
+USE db1;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE VIEW v1 AS SELECT f1, f2 FROM t1;
+GRANT SELECT (f1) ON t1 TO foo;
+GRANT SELECT (f1) ON v1 TO foo;
+USE db1;
+SELECT f1 FROM t1;
+f1
+SELECT f2 FROM t1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'f2' in table 't1'
+SELECT * FROM t1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't1'
+SELECT f1 FROM v1;
+f1
+SELECT f2 FROM v1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'f2' in table 'v1'
+SELECT * FROM v1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 'v1'
+USE test;
+REVOKE SELECT (f1) ON db1.t1 FROM foo;
+REVOKE SELECT (f1) ON db1.v1 FROM foo;
+DROP USER foo;
+DROP VIEW db1.v1;
+DROP TABLE db1.t1;
+DROP DATABASE db1;
 End of 5.0 tests.
--- a/mysql-test/t/grant2.test
+++ b/mysql-test/t/grant2.test
@ -615,7 +615,7 @@ connection conn1;
 USE db1;
 --error ER_COLUMNACCESS_DENIED_ERROR
 SELECT c FROM t2;
--error ER_COLUMNACCESS_DENIED_ERROR
+--error ER_TABLEACCESS_DENIED_ERROR
 SELECT * FROM t2;
 --error ER_COLUMNACCESS_DENIED_ERROR
 SELECT * FROM t1 JOIN t2 USING (b);
--- a/mysql-test/t/mysql.test
+++ b/mysql-test/t/mysql.test
@ -314,4 +314,21 @@ remove_file $MYSQLTEST_VARDIR/tmp/bug38158.sql;
 #
 --exec $MYSQL -e "select @z:='1',@z=database()"

+
+#
+# Bug #31060: MySQL CLI parser bug 2
+#
+
+--write_file $MYSQLTEST_VARDIR/tmp/bug31060.sql
+;DELIMITER DELIMITER
+;
+SELECT 1DELIMITER
+DELIMITER ;
+SELECT 1;
+EOF
+
+--exec $MYSQL < $MYSQLTEST_VARDIR/tmp/bug31060.sql 2>&1
+
+remove_file $MYSQLTEST_VARDIR/tmp/bug31060.sql;
+
 --echo End of 5.0 tests
--- a/mysql-test/t/ps.test
+++ b/mysql-test/t/ps.test
@ -228,6 +228,10 @@ drop table t1;
 # statements or are correctly created and deleted on each execute
 #

+--let $outfile=$MYSQLTEST_VARDIR/tmp/f1.txt
+--error 0,1
+--remove_file $outfile
+
 prepare stmt1 from "select 1 into @var";
 execute stmt1;
 execute stmt1;
@ -238,11 +242,14 @@ execute stmt1;
 prepare stmt1 from "insert into t1 select i from t1";
 execute stmt1;
 execute stmt1;
-prepare stmt1 from "select * from t1 into outfile 'f1.txt'";
+--replace_result $MYSQLTEST_VARDIR <MYSQLTEST_VARDIR>
+eval prepare stmt1 from "select * from t1 into outfile '$outfile'";
 execute stmt1;
 deallocate prepare stmt1;
 drop table t1;

+--remove_file $outfile
+
 # 
 # BUG#5242 "Prepared statement names are case sensitive"
 #
--- a/mysql-test/t/view_grant.test
+++ b/mysql-test/t/view_grant.test
@ -1185,4 +1185,44 @@ DROP DATABASE mysqltest1;
 DROP DATABASE mysqltest2;
 DROP USER mysqltest_u1@localhost;

+
+#
+# Bug #41354: Access control is bypassed when all columns of a view are 
+# selected by * wildcard
+
+CREATE DATABASE db1;
+USE db1;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE VIEW v1 AS SELECT f1, f2 FROM t1;
+
+GRANT SELECT (f1) ON t1 TO foo;
+GRANT SELECT (f1) ON v1 TO foo;
+
+connect (addconfoo, localhost, foo,,);
+connection addconfoo;
+USE db1;
+
+
+SELECT f1 FROM t1;
+--error ER_COLUMNACCESS_DENIED_ERROR
+SELECT f2 FROM t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM t1;
+
+SELECT f1 FROM v1;
+--error ER_COLUMNACCESS_DENIED_ERROR
+SELECT f2 FROM v1;
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM v1;
+
+connection default;
+USE test;
+disconnect addconfoo;
+REVOKE SELECT (f1) ON db1.t1 FROM foo;
+REVOKE SELECT (f1) ON db1.v1 FROM foo;
+DROP USER foo;
+DROP VIEW db1.v1;
+DROP TABLE db1.t1;
+DROP DATABASE db1;
+
 --echo End of 5.0 tests.
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@ -187,9 +187,6 @@ int initgroups(const char *,unsigned int);
 typedef fp_except fp_except_t;
 #endif
 #endif /* __FreeBSD__ && HAVE_IEEEFP_H */
-#ifdef HAVE_FENV_H
-#include <fenv.h>
-#endif
 #ifdef HAVE_SYS_FPU_H
 /* for IRIX to use set_fpc_csr() */
 #include <sys/fpu.h>
--- a/sql/protocol.cc
+++ b/sql/protocol.cc
@ -616,7 +616,8 @@ bool Protocol::send_fields(List<Item> *list, uint flags)
      else
      {
        /* With conversion */
-        uint max_char_len;
+        ulonglong max_length;
+        uint32 field_length;
        int2store(pos, thd_charset->number);
        /*
          For TEXT/BLOB columns, field_length describes the maximum data
@ -627,12 +628,21 @@ bool Protocol::send_fields(List<Item> *list, uint flags)
          char_count * mbmaxlen, where character count is taken from the
          definition of the column. In other words, the maximum number
          of characters here is limited by the column definition.
+
+          When one has a LONG TEXT column with a single-byte
+          character set, and the connection character set is multi-byte, the
+          client may get fields longer than UINT_MAX32, due to
+          <character set column> -> <character set connection> conversion.
+          In that case column max length does not fit into the 4 bytes
+          reserved for it in the protocol.
        */
-        max_char_len= (field.type >= (int) MYSQL_TYPE_TINY_BLOB &&
-                      field.type <= (int) MYSQL_TYPE_BLOB) ?
-                      field.length / item->collation.collation->mbminlen :
-                      field.length / item->collation.collation->mbmaxlen;
-        int4store(pos+2, max_char_len * thd_charset->mbmaxlen);
+        max_length= (field.type >= MYSQL_TYPE_TINY_BLOB &&
+                     field.type <= MYSQL_TYPE_BLOB) ?
+                     field.length / item->collation.collation->mbminlen :
+                     field.length / item->collation.collation->mbmaxlen;
+        max_length*= thd_charset->mbmaxlen;
+        field_length= (max_length > UINT_MAX32) ? UINT_MAX32 : max_length;
+        int4store(pos + 2, field_length);
      }
      pos[6]= field.type;
      int2store(pos+7,field.flags);
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -3866,6 +3866,11 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
  Security_context *sctx= thd->security_ctx;
  ulong want_access= want_access_arg;
  const char *table_name= NULL;
+  /*
+    Flag that gets set if privilege checking has to be performed on column
+    level.
+   */
+  bool using_column_privileges= FALSE;

  if (grant_option)
  {
@ -3909,6 +3914,8 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
        GRANT_COLUMN *grant_column= 
          column_hash_search(grant_table, field_name,
                             (uint) strlen(field_name));
+        if (grant_column)
+          using_column_privileges= TRUE;
        if (!grant_column || (~grant_column->rights & want_access))
          goto err;
      }
@ -3924,12 +3931,21 @@ err:

  char command[128];
  get_privilege_desc(command, sizeof(command), want_access);
-  my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
-           command,
-           sctx->priv_user,
-           sctx->host_or_ip,
-           fields->name(),
-           table_name);
+  /*
+    Do not give an error message listing a column name unless the user has
+    privilege to see all columns.
+  */
+  if (using_column_privileges)
+    my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
+             command, sctx->priv_user,
+             sctx->host_or_ip, table_name); 
+  else
+    my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
+             command,
+             sctx->priv_user,
+             sctx->host_or_ip,
+             fields->name(),
+             table_name);
  return 1;
 }

--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@ -5479,7 +5479,7 @@ insert_fields(THD *thd, Name_resolution_context *context, const char *db_name,

 #ifndef NO_EMBEDDED_ACCESS_CHECKS
    /* Ensure that we have access rights to all fields to be inserted. */
-    if (!((table && (table->grant.privilege & SELECT_ACL) ||
+    if (!((table && !tables->view && (table->grant.privilege & SELECT_ACL) ||
           tables->view && (tables->grant.privilege & SELECT_ACL))) &&
        !any_privileges)
    {
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@ -106,7 +106,7 @@ static struct show_privileges_st sys_privileges[]=
  {"Alter", "Tables",  "To alter the table"},
  {"Alter routine", "Functions,Procedures",  "To alter or drop stored functions/procedures"},
  {"Create", "Databases,Tables,Indexes",  "To create new databases and tables"},
-  {"Create routine","Functions,Procedures","To use CREATE FUNCTION/PROCEDURE"},
+  {"Create routine","Databases","To use CREATE FUNCTION/PROCEDURE"},
  {"Create temporary tables","Databases","To use CREATE TEMPORARY TABLE"},
  {"Create view", "Tables",  "To create new views"},
  {"Create user", "Server Admin",  "To create new users"},
@ -1232,21 +1232,25 @@ void append_definer(THD *thd, String *buffer, const LEX_STRING *definer_user,
 static int
 view_store_create_info(THD *thd, TABLE_LIST *table, String *buff)
 {
+  my_bool compact_view_name= TRUE;
  my_bool foreign_db_mode= (thd->variables.sql_mode & (MODE_POSTGRESQL |
                                                       MODE_ORACLE |
                                                       MODE_MSSQL |
                                                       MODE_DB2 |
                                                       MODE_MAXDB |
                                                       MODE_ANSI)) != 0;
-  /*
-     Compact output format for view can be used
-     - if user has db of this view as current db
-     - if this view only references table inside it's own db
-  */
+
  if (!thd->db || strcmp(thd->db, table->view_db.str))
-    table->compact_view_format= FALSE;
+    /*
+      print compact view name if the view belongs to the current database
+    */
+    compact_view_name= table->compact_view_format= FALSE;
  else
  {
+    /*
+      Compact output format for view body can be used
+      if this view only references table inside it's own db
+    */
    TABLE_LIST *tbl;
    table->compact_view_format= TRUE;
    for (tbl= thd->lex->query_tables;
@ -1267,7 +1271,7 @@ view_store_create_info(THD *thd, TABLE_LIST *table, String *buff)
    view_store_options(thd, table, buff);
  }
  buff->append(STRING_WITH_LEN("VIEW "));
-  if (!table->compact_view_format)
+  if (!compact_view_name)
  {
    append_identifier(thd, buff, table->view_db.str, table->view_db.length);
    buff->append('.');
--- a/tests/mysql_client_test.c
+++ b/tests/mysql_client_test.c
@ -714,6 +714,7 @@ static void do_verify_prepare_field(MYSQL_RES *result,
 {
  MYSQL_FIELD *field;
  CHARSET_INFO *cs;
+  ulonglong expected_field_length;

  if (!(field= mysql_fetch_field_direct(result, no)))
  {
@ -722,6 +723,8 @@ static void do_verify_prepare_field(MYSQL_RES *result,
  }
  cs= get_charset(field->charsetnr, 0);
  DIE_UNLESS(cs);
+  if ((expected_field_length= length * cs->mbmaxlen) > UINT_MAX32)
+    expected_field_length= UINT_MAX32;
  if (!opt_silent)
  {
    fprintf(stdout, "\n field[%d]:", no);
@ -736,8 +739,8 @@ static void do_verify_prepare_field(MYSQL_RES *result,
      fprintf(stdout, "\n    org_table:`%s`\t(expected: `%s`)",
              field->org_table, org_table);
    fprintf(stdout, "\n    database :`%s`\t(expected: `%s`)", field->db, db);
-    fprintf(stdout, "\n    length   :`%lu`\t(expected: `%lu`)",
-            field->length, length * cs->mbmaxlen);
+    fprintf(stdout, "\n    length   :`%lu`\t(expected: `%llu`)",
+            field->length, expected_field_length);
    fprintf(stdout, "\n    maxlength:`%ld`", field->max_length);
    fprintf(stdout, "\n    charsetnr:`%d`", field->charsetnr);
    fprintf(stdout, "\n    default  :`%s`\t(expected: `%s`)",
@ -773,11 +776,11 @@ static void do_verify_prepare_field(MYSQL_RES *result,
    as utf8. Field length is calculated as number of characters * maximum
    number of bytes a character can occupy.
  */
-  if (length && field->length != length * cs->mbmaxlen)
+  if (length && (field->length != expected_field_length))
  {
-    fprintf(stderr, "Expected field length: %d,  got length: %d\n",
-            (int) (length * cs->mbmaxlen), (int) field->length);
-    DIE_UNLESS(field->length == length * cs->mbmaxlen);
+    fprintf(stderr, "Expected field length: %llu,  got length: %lu\n",
+            expected_field_length, field->length);
+    DIE_UNLESS(field->length == expected_field_length);
  }
  if (def)
    DIE_UNLESS(strcmp(field->def, def) == 0);