Commit graph

102 commits

Author SHA1 Message Date
Michael Widenius
4cc3fd48f6 MDEV-5876: MySQL bug #11766767 - "59957: VIEW USING MERGE PERMISSIONS IN MULTI-TABLE UPDATE"
Backported multi_update_check_table_access() from 5.6

The code is slightly different in MariaDB, becasue we instansiate fields in merged tables earlier.

mysql-test/mysql-test-run.pl:
  Fixed comment
mysql-test/r/view_grant.result:
  Merged test case from 5.6
mysql-test/t/view_grant.test:
  Merged test case from 5.6
sql/sql_parse.cc:
  Reset orig_want_privilege as this will be rechecked later.
  If not, we will have a problem in mysql_multi_update_prepare() for the call to mysql_handle_derived()
sql/sql_update.cc:
  Backport multi_update_check_table_access() from 5.6
2014-03-24 08:18:01 +02:00
Sergei Golubchik
0fdb3bcfdb 10.0-base merge (roles) 2013-10-29 15:08:44 +01:00
Sergei Golubchik
4cc8cda346 Remove the very old historical but never documented behavior,
than an empty host '' is the same as any-host wildcard '%'.

Replace '' with '%' in the parser (for GRANT ... foo@'') and when loading grant tables.

Side effect: one cannot have foo@'' and foo@'%' both at the same time
(but one can have foo@'%' and foo@'%%')
2013-10-18 11:38:13 -07:00
Sergei Golubchik
9af177042e 10.0-base merge.
Partitioning/InnoDB changes are *not* merged (they'll come from 5.6)
TokuDB does not compile (not updated to 10.0 SE API)
2013-09-21 10:14:42 +02:00
Sergei Golubchik
d126993404 MDEV-4951 drop user leaves privileges
It's safe to delete from HASH when traversing it *backwards*, but not *forwards*.
2013-08-28 07:49:53 +02:00
Sergei Golubchik
3069530ffd archive.test and others 2013-07-12 16:24:20 +02:00
Tatjana Azundris Nuernberg
0581820455 manual merge to reconcile with MySQL ticket 27145 2011-10-06 10:55:57 +01:00
Tatjana Azundris Nuernberg
7944320f4e manual merge 2011-09-29 10:56:21 +01:00
Tatjana Azundris Nuernberg
8932ae2166 Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows / underlying table's name
1 - If a user had SHOW VIEW and SELECT privileges on a view and
this view was referencing another view, EXPLAIN SELECT on the outer
view (that the user had privileges on) could reveal the structure
of the underlying "inner" view as well as the number of rows in
the underlying tables, even if the user had privileges on none of
these referenced objects.

This happened because we used DEFINER's UID ("SUID") not just for
the view given in EXPLAIN, but also when checking privileges on
the underlying views (where we should use the UID of the EXPLAIN's
INVOKER instead).

We no longer run the EXPLAIN SUID (with DEFINER's privileges).
This prevents a possible exploit and makes permissions more
orthogonal.

2 - EXPLAIN SELECT would reveal a view's structure even if the user
did not have SHOW VIEW privileges for that view, as long as they
had SELECT privilege on the underlying tables.

Instead of requiring both SHOW VIEW privilege on a view and SELECT
privilege on all underlying tables, we were checking for presence
of either of them.

We now explicitly require SHOW VIEW and SELECT privileges on
the view we run EXPLAIN SELECT on, as well as all its
underlying views. We also require SELECT on all relevant
tables. 


mysql-test/r/view_grant.result:
  add extensive tests to illustrate desired behavior and
  prevent regressions (as always).
mysql-test/t/view_grant.test:
  add extensive tests to illustrate desired behavior and
  prevent regressions (as always).
sql/sql_view.cc:
  We no longer run the EXPLAIN SUID (with DEFINER's privileges).
  To achieve this, we use a temporary, SUID-less TABLE_LIST for
  the views while checking privileges.
2011-09-29 10:47:11 +01:00
Dmitry Lenev
7aa999607a Merged fix for bug #58499 "DEFINER-security view selecting from
INVOKER-security view access check wrong" into mysql-5.5 tree.
2011-01-12 16:28:33 +03:00
Dmitry Lenev
599457ae2c Fix for bug #58499 "DEFINER-security view selecting from
INVOKER-security view access check wrong".

When privilege checks were done for tables used from an 
INVOKER-security view which in its turn was used from 
a DEFINER-security view connection's active security
context was incorrectly used instead of security context
with privileges of the second view's creator.

This meant that users which had enough rights to access
the DEFINER-security view and as result were supposed to 
be able successfully access it were unable to do so in 
cases when they didn't have privileges on underlying tables 
of the INVOKER-security view.

This problem was caused by the fact that for INVOKER-security
views TABLE_LIST::security_ctx member for underlying tables
were set to 0 even in cases when particular view was used from 
another DEFINER-security view. This meant that when checks of
privileges on these underlying tables was done in
setup_tables_and_check_access() active connection security 
context was used instead of context corresponding to the 
creator of caller view.

This fix addresses the problem by ensuring that underlying
tables of an INVOKER-security view inherit security context
from the view and thus correct security context is used for
privilege checks on underlying tables in cases when such view 
is used from another view with DEFINER-security.

mysql-test/r/view_grant.result:
  Added coverage for various combinations of DEFINER and
  INVOKER-security views, including test for bug #58499
  "DEFINER-security view selecting from INVOKER-security
  view access check wrong".
mysql-test/t/view_grant.test:
  Added coverage for various combinations of DEFINER and
  INVOKER-security views, including test for bug #58499
  "DEFINER-security view selecting from INVOKER-security
  view access check wrong".
sql/sql_view.cc:
  When opening a non-suid view ensure that its underlying 
  tables will get the same security context as use for
  checking privileges on the view, i.e. security context
  of view invoker. This context can be different from the
  security context which is currently active for connection 
  in cases when this non-suid view is used from a view with
  suid security. Inheriting security context in such situation
  allows correctly apply privileges of creator of suid view
  in checks for tables of non-suid view (since in this 
  situation creator/definer of suid view serves as invoker
  for non-suid view).
2011-01-12 16:08:30 +03:00
Alexander Nozdrin
b3018e8613 Manual merge from mysql-trunk-merge.
Conflicts:
  - client/mysql.cc
  - client/mysqldump.c
  - configure.in
  - mysql-test/r/csv.result
  - mysql-test/r/func_time.result
  - mysql-test/r/show_check.result
  - mysql-test/r/sp-error.result
  - mysql-test/r/sp.result
  - mysql-test/r/sp_trans.result
  - mysql-test/r/type_blob.result
  - mysql-test/r/type_timestamp.result
  - mysql-test/r/warnings.result
  - mysql-test/suite/rpl/r/rpl_sp.result
  - sql/mysql_priv.h
  - sql/mysqld.cc
  - sql/sp.cc
  - sql/sql_base.cc
  - sql/sql_table.cc
  - sql/sql_trigger.cc
  - sql/sql_view.cc
  - sql/table.h
  - sql/share/errmsg.txt
  - mysql-test/suite/sys_vars/r/log_bin_trust_routine_creators_basic.result
2010-02-24 16:52:27 +03:00
Alexey Kopytov
0afa209018 Manual merge of mysql-5.1-bugteam to mysql-trunk-merge. 2010-02-22 00:33:11 +03:00
Davi Arnaut
80164ae9a0 Move test case. Embedded server does not support privilege
related bits.
2010-02-12 00:54:14 -02:00
Konstantin Osipov
eff3780dd8 Initial import of WL#3726 "DDL locking for all metadata objects".
Backport of:
------------------------------------------------------------
revno: 2630.4.1
committer: Dmitry Lenev <dlenev@mysql.com>
branch nick: mysql-6.0-3726-w
timestamp: Fri 2008-05-23 17:54:03 +0400
message:
  WL#3726 "DDL locking for all metadata objects".

  After review fixes in progress.
------------------------------------------------------------

This is the first patch in series. It transforms the metadata 
locking subsystem to use a dedicated module (mdl.h,cc). No 
significant changes in the locking protocol. 
The import passes the test suite with the exception of 
deprecated/removed 6.0 features, and MERGE tables. The latter
are subject to a fix by WL#4144.
Unfortunately, the original changeset comments got lost in a merge,
thus this import has its own (largely insufficient) comments.

This patch fixes Bug#25144 "replication / binlog with view breaks".
Warning: this patch introduces an incompatible change:
Under LOCK TABLES, it's no longer possible to FLUSH a table that 
was not locked for WRITE.
Under LOCK TABLES, it's no longer possible to DROP a table or
VIEW that was not locked for WRITE.

******
Backport of:
------------------------------------------------------------
revno: 2630.4.2
committer: Dmitry Lenev <dlenev@mysql.com>
branch nick: mysql-6.0-3726-w
timestamp: Sat 2008-05-24 14:03:45 +0400
message:
  WL#3726 "DDL locking for all metadata objects".

  After review fixes in progress.

******
Backport of:
------------------------------------------------------------
revno: 2630.4.3
committer: Dmitry Lenev <dlenev@mysql.com>
branch nick: mysql-6.0-3726-w
timestamp: Sat 2008-05-24 14:08:51 +0400
message:
  WL#3726 "DDL locking for all metadata objects"

  Fixed failing Windows builds by adding mdl.cc to the lists
  of files needed to build server/libmysqld on Windows.

******
Backport of:
------------------------------------------------------------
revno: 2630.4.4
committer: Dmitry Lenev <dlenev@mysql.com>
branch nick: mysql-6.0-3726-w
timestamp: Sat 2008-05-24 21:57:58 +0400
message:
  WL#3726 "DDL locking for all metadata objects".

  Fix for assert failures in kill.test which occured when one
  tried to kill ALTER TABLE statement on merge table while it
  was waiting in wait_while_table_is_used() for other connections
  to close this table.

  These assert failures stemmed from the fact that cleanup code
  in this case assumed that temporary table representing new
  version of table was open with adding to THD::temporary_tables
  list while code which were opening this temporary table wasn't
  always fulfilling this.

  This patch changes code that opens new version of table to
  always do this linking in. It also streamlines cleanup process
  for cases when error occurs while we have new version of table
  open.

******
WL#3726 "DDL locking for all metadata objects"
Add libmysqld/mdl.cc to .bzrignore.
******
Backport of:
------------------------------------------------------------
revno: 2630.4.6
committer: Dmitry Lenev <dlenev@mysql.com>
branch nick: mysql-6.0-3726-w
timestamp: Sun 2008-05-25 00:33:22 +0400
message:
  WL#3726 "DDL locking for all metadata objects".

  Addition to the fix of assert failures in kill.test caused by
  changes for this worklog.


Make sure we close the new table only once.

.bzrignore:
  Add libmysqld/mdl.cc
libmysqld/CMakeLists.txt:
  Added mdl.cc to the list of files needed for building of libmysqld.
libmysqld/Makefile.am:
  Added files implementing new meta-data locking subsystem to the server.
mysql-test/include/handler.inc:
  Use separate connection for waiting while threads performing DDL
  operations conflicting with open HANDLER tables reach blocked
  state. This is required because now we check and close tables open
  by HANDLER statements in this connection conflicting with DDL in
  another each time open_tables() is called and thus select from I_S
  which is used for waiting will unblock DDL operations if issued
  from connection with open HANDLERs.
mysql-test/r/create.result:
  Adjusted test case after change in implementation of CREATE TABLE
  ... SELECT.  We no longer have special check in open_table() which
  catches the case when we select from the table created. Instead we
  rely on unique_table() call which happens after opening and
  locking all tables.
mysql-test/r/flush.result:
  FLUSH TABLES WITH READ LOCK can no longer happen under LOCK
  TABLES.  Updated test accordingly.
mysql-test/r/flush_table.result:
  Under LOCK TABLES we no longer allow to do FLUSH TABLES for tables
  locked for read. Updated test accordingly.
mysql-test/r/handler_innodb.result:
  Use separate connection for waiting while threads performing DDL
  operations conflicting with open HANDLER tables reach blocked
  state. This is required because now we check and close tables open
  by HANDLER statements in this connection conflicting with DDL in
  another each time open_tables() is called and thus select from I_S
  which is used for waiting will unblock DDL operations if issued
  from connection with open HANDLERs.
mysql-test/r/handler_myisam.result:
  Use separate connection for waiting while threads performing DDL
  operations conflicting with open HANDLER tables reach blocked
  state. This is required because now we check and close tables open
  by HANDLER statements in this connection conflicting with DDL in
  another each time open_tables() is called and thus select from I_S
  which is used for waiting will unblock DDL operations if issued
  from connection with open HANDLERs.
mysql-test/r/information_schema.result:
  Additional test for WL#3726 "DDL locking for all metadata
  objects".  Check that we use high-priority metadata lock requests
  when filling I_S tables.
  
  Rearrange tests to match 6.0 better (fewer merge conflicts).
mysql-test/r/kill.result:
  Added tests checking that DDL and DML statements waiting for
  metadata locks can be interrupted by KILL command.
mysql-test/r/lock.result:
  One no longer is allowed to do DROP VIEW under LOCK TABLES even if
  this view is locked by LOCK TABLES. The problem is that in such
  situation write locks on view are not mutually exclusive so
  upgrading metadata lock which is required for dropping of view
  will lead to deadlock.
mysql-test/r/partition_column_prune.result:
  Update results (same results in 6.0), WL#3726
mysql-test/r/partition_pruning.result:
  Update results (same results in 6.0), WL#3726
mysql-test/r/ps_ddl.result:
  We no longer invalidate prepared CREATE TABLE ... SELECT statement
  if target table changes. This is OK since it is not strictly
  necessary.
  
  
  The first change is wrong, is caused by FLUSH TABLE
  now flushing all unused tables. This is a regression that
  Dmitri fixed in 6.0 in a follow up patch.
mysql-test/r/sp.result:
  Under LOCK TABLES we no longer allow accessing views which were
  not explicitly locked. To access view we need to obtain metadata
  lock on it and doing this under LOCK TABLES may lead to deadlocks.
mysql-test/r/view.result:
  One no longer is allowed to do DROP VIEW under LOCK TABLES even if
  this view is locked by LOCK TABLES. The problem is that in such
  situation even "write locks" on view are not mutually exclusive so
  upgrading metadata lock which is required for dropping of view
  will lead to deadlock
mysql-test/r/view_grant.result:
  ALTER VIEW implementation was changed to open a view only after
  checking that user which does alter has appropriate privileges on
  it. This means that in case when user's privileges are
  insufficient for this we won't check that new view definer is the
  same as original one or user performing alter has SUPER privilege.
  Adjusted test case accordingly.
mysql-test/r/view_multi.result:
  Added test case for bug#25144 "replication / binlog with view
  breaks".
mysql-test/suite/rpl/t/disabled.def:
  Disable test for deprecated features (they don't work with new MDL).
mysql-test/t/create.test:
  Adjusted test case after change in implementation of CREATE TABLE
  ... SELECT.  We no longer have special check in open_table() which
  catches the case when we select from the table created. Instead we
  rely on unique_table() call which happens after opening and
  locking all tables.
mysql-test/t/disabled.def:
  Disable merge.test, subject of WL#4144
mysql-test/t/flush.test:
  
  FLUSH TABLES WITH READ LOCK can no longer happen under LOCK
  TABLES.  Updated test accordingly.
mysql-test/t/flush_table.test:
  Under LOCK TABLES we no longer allow to do FLUSH TABLES for tables
  locked for read. Updated test accordingly.
mysql-test/t/information_schema.test:
  Additional test for WL#3726 "DDL locking for all metadata
  objects".  Check that we use high-priority metadata lock requests
  when filling I_S tables.
  
  Rearrange the results for easier merges with 6.0.
mysql-test/t/kill.test:
  Added tests checking that DDL and DML statements waiting for
  metadata locks can be interrupted by KILL command.
mysql-test/t/lock.test:
  One no longer is allowed to do DROP VIEW under LOCK TABLES even if
  this view is locked by LOCK TABLES. The problem is that in such
  situation write locks on view are not mutually exclusive so
  upgrading metadata lock which is required for dropping of view
  will lead to deadlock.
mysql-test/t/lock_multi.test:
  Adjusted test case to the changes of status in various places
  caused by change in implementation FLUSH TABLES WITH READ LOCK,
  which is now takes global metadata lock before flushing tables and
  therefore waits on at these places.
mysql-test/t/ps_ddl.test:
  We no longer invalidate prepared CREATE TABLE ... SELECT statement
  if target table changes. This is OK since it is not strictly
  necessary.
  
  
  The first change is wrong, is caused by FLUSH TABLE
  now flushing all unused tables. This is a regression that
  Dmitri fixed in 6.0 in a follow up patch.
mysql-test/t/sp.test:
  Under LOCK TABLES we no longer allow accessing views which were
  not explicitly locked. To access view we need to obtain metadata
  lock on it and doing this under LOCK TABLES may lead to deadlocks.
mysql-test/t/trigger_notembedded.test:
  Adjusted test case to the changes of status in various places
  caused by change in implementation FLUSH TABLES WITH READ LOCK,
  which is now takes global metadata lock before flushing tables and
  therefore waits on at these places.
mysql-test/t/view.test:
  One no longer is allowed to do DROP VIEW under LOCK TABLES even if
  this view is locked by LOCK TABLES. The problem is that in such
  situation even "write locks" on view are not mutually exclusive so
  upgrading metadata lock which is required for dropping of view
  will lead to deadlock.
mysql-test/t/view_grant.test:
  ALTER VIEW implementation was changed to open a view only after
  checking that user which does alter has appropriate privileges on
  it. This means that in case when user's privileges are
  insufficient for this we won't check that new view definer is the
  same as original one or user performing alter has SUPER privilege.
  Adjusted test case accordingly.
mysql-test/t/view_multi.test:
  Added test case for bug#25144 "replication / binlog with view
  breaks".
sql/CMakeLists.txt:
  Added mdl.cc to the list of files needed for building of server.
sql/Makefile.am:
  Added files implementing new meta-data locking subsystem to the
  server.
sql/event_db_repository.cc:
  
  Allocate metadata lock requests objects (MDL_LOCK) on execution
  memory root in cases when TABLE_LIST objects is also allocated
  there or on stack.
sql/ha_ndbcluster.cc:
  Adjusted code to work nicely with new metadata locking subsystem.
  close_cached_tables() no longer has wait_for_placeholder argument.
  Instead of relying on this parameter and related behavior FLUSH
  TABLES WITH READ LOCK now takes global shared metadata lock.
sql/ha_ndbcluster_binlog.cc:
  Adjusted code to work with new metadata locking subsystem.
  close_cached_tables() no longer has wait_for_placeholder argument.
  Instead of relying on this parameter and related behavior FLUSH
  TABLES WITH READ LOCK now takes global shared metadata lock.
sql/handler.cc:
  update_frm_version():
    Directly update TABLE_SHARE::mysql_version member instead of
    going through all TABLE instances for this table (old code was a
    legacy from pre-table-definition-cache days).
sql/lock.cc:
  Use new metadata locking subsystem. Threw away most of functions
  related to name locking as now one is supposed to use metadata
  locking API instead.  In lock_global_read_lock() and
  unlock_global_read_lock() in order to avoid problems with global
  read lock sneaking in at the moment when we perform FLUSH TABLES
  or ALTER TABLE under LOCK TABLES and when tables being reopened
  are protected only by metadata locks we also have to take global
  shared meta data lock.
sql/log_event.cc:
  Adjusted code to work with new metadata locking subsystem.  For
  tables open by slave thread for applying RBR events allocate
  memory for lock request object in the same chunk of memory as
  TABLE_LIST objects for them. In order to ensure that we keep these
  objects around until tables are open always close tables before
  calling Relay_log_info::clear_tables_to_lock(). Use new auxiliary
  Relay_log_info::slave_close_thread_tables() method to enforce
  this.
sql/log_event_old.cc:
  Adjusted code to work with new metadata locking subsystem.  Since
  for tables open by slave thread for applying RBR events memory for
  lock request object is allocated in the same chunk of memory as
  TABLE_LIST objects for them we have to ensure that we keep these
  objects around until tables are open. To ensure this we always
  close tables before calling
  Relay_log_info::clear_tables_to_lock(). To enfore this we use
  new auxiliary Relay_log_info::slave_close_thread_tables()
  method.
sql/mdl.cc:
  Implemented new metadata locking subsystem and API described in
  WL3726 "DDL locking for all metadata objects".
sql/mdl.h:
  Implemented new metadata locking subsystem and API described in
  WL3726 "DDL locking for all metadata objects".
sql/mysql_priv.h:
  - close_thread_tables()/close_tables_for_reopen() now has one more
    argument which indicates that metadata locks should be released
    but not removed from the context in order to be used later in
    mdl_wait_for_locks() and tdc_wait_for_old_version().
  - close_cached_table() routine is no longer public.
  - Thread waiting in wait_while_table_is_used() can be now killed
    so this function returns boolean to make caller aware of such
    situation.
  - We no longer have  table cache as separate entity instead used
    and unused TABLE instances are linked to TABLE_SHARE objects in
    table definition cache.
  - Now third argument of open_table() is also used for requesting
    table repair or auto-discovery of table's new definition. So its
    type was changed from bool to enum.
  - Added tdc_open_view() function for opening view by getting its
    definition from disk (and table cache in future).
  - reopen_name_locked_table() no longer needs "link_in" argument as
    now we have exclusive metadata locks instead of dummy TABLE
    instances when this function is called.
  - find_locked_table() now takes head of list of TABLE instances
    instead of always scanning through THD::open_tables list. Also
    added find_write_locked_table() auxiliary.
  - reopen_tables(), close_cached_tables() no longer have
    mark_share_as_old and wait_for_placeholder arguments. Instead of
    relying on this parameters and related behavior FLUSH TABLES
    WITH READ LOCK now takes global shared metadata lock.
  - We no longer need drop_locked_tables() and
    abort_locked_tables().
  - mysql_ha_rm_tables() now always assume that LOCK_open is not
    acquired by caller.
  - Added notify_thread_having_shared_lock() callback invoked by
    metadata locking subsystem when acquiring an exclusive lock, for
    each thread that has a conflicting shared metadata lock.
  - Introduced expel_table_from_cache() as replacement for
    remove_table_from_cache() (the main difference is that this new
    function assumes that caller follows metadata locking protocol
    and never waits).
  - Threw away most of functions related to name locking. One should
    use new metadata locking subsystem and API instead.
sql/mysqld.cc:
  Got rid of call initializing/deinitializing table cache since now
  it is embedded into table definition cache. Added calls for
  initializing/ deinitializing metadata locking subsystem.
sql/rpl_rli.cc:
  Introduced auxiliary Relay_log_info::slave_close_thread_tables()
  method which is used for enforcing that we always close tables
  open for RBR before deallocating TABLE_LIST elements and MDL_LOCK
  objects for them.
sql/rpl_rli.h:
  Introduced auxiliary Relay_log_info::slave_close_thread_tables()
  method which is used for enforcing that we always close tables
  open for RBR before deallocating TABLE_LIST elements and MDL_LOCK
  objects for them.
sql/set_var.cc:
  close_cached_tables() no longer has wait_for_placeholder argument.
  Instead of relying on this parameter and related behavior FLUSH
  TABLES WITH READ LOCK now takes global shared metadata lock.
sql/sp_head.cc:
  For tables added to the statement's table list by prelocking
  algorithm we allocate these objects either on the same memory as
  corresponding table list elements or on THD::locked_tables_root
  (if we are building table list for LOCK TABLES).
sql/sql_acl.cc:
  Allocate metadata lock requests objects (MDL_LOCK) on execution
  memory root in cases when we use stack TABLE_LIST objects to open
  tables.  Got rid of redundant code by using unlock_locked_tables()
  function.
sql/sql_base.cc:
  Changed code to use new MDL subsystem. Got rid of separate table
  cache.  Now used and unused TABLE instances are linked to the
  TABLE_SHAREs in table definition cache.
  
  check_unused():
    Adjusted code to the fact that we no longer have separate table
    cache.  Removed dead code.
  table_def_free():
    Free TABLE instances referenced from TABLE_SHARE objects before
    destroying table definition cache.
  get_table_share():
    Added assert which ensures that noone will be able to access
    table (and its share) without acquiring some kind of metadata
    lock first.
  close_handle_and_leave_table_as_lock():
    Adjusted code to the fact that TABLE instances now are linked to
    list in TABLE_SHARE.
  list_open_tables():
    Changed this function to use table definition cache instead of
    table cache.
  free_cache_entry():
    Unlink freed TABLE elements from the list of all TABLE instances
    for the table in TABLE_SHARE.
  kill_delayed_thread_for_table():
    Added auxiliary for killing delayed insert threads for
    particular table.
  close_cached_tables():
    Got rid of wait_for_refresh argument as we now rely on global
    shared metadata lock to prevent FLUSH WITH READ LOCK sneaking in
    when we are reopening tables. Heavily reworked this function to
    use new MDL code and not to rely on separate table cache entity.
  close_open_tables():
    We no longer have separate table cache.
  close_thread_tables():
    Release metadata locks after closing all tables. Added skip_mdl
    argument which allows us not to remove metadata lock requests
    from the context in case when we are going to use this requests
    later in mdl_wait_for_locks() and tdc_wait_for_old_versions().
  close_thread_table()/close_table_for_reopen():
    Since we no longer have separate table cache and all TABLE
    instances are linked to TABLE_SHARE objects in table definition
    cache we have to link/unlink TABLE object to/from appropriate
    lists in the share.
  name_lock_locked_table():
   Moved redundant code to find_write_locked_table() function and
    adjusted code to the fact that wait_while_table_is_used() can
    now return with an error if our thread is killed.
  reopen_table_entry():
    We no longer need "link_in" argument as with MDL we no longer
    call this function with dummy TABLE object pre-allocated and
    added to the THD::open_tables. Also now we add newly-open TABLE
    instance to the list of share's used TABLE instances.
  table_cache_insert_placeholder():
    Got rid of name-locking legacy.
  lock_table_name_if_not_cached():
    Moved to sql_table.cc the only place where it is used. It was
    also reimplemented using new MDL API.
  open_table():
    - Reworked this function to use new MDL subsystem.
    - Changed code to deal with table definition cache directly
      instead of going through separate table cache.
    - Now third argument is also used for requesting table repair
      or auto-discovery of table's new definition. So its type was
      changed from bool to enum.
  find_locked_table()/find_write_locked_table():
    Accept head of list of TABLE objects as first argument and use
    this list instead of always searching in THD::open_tables list.
    Also added auxiliary for finding write-locked locked tables.
  reopen_table():
    Adjusted function to work with new MDL subsystem and to properly
    manuipulate with lists of used/unused TABLE instaces in
    TABLE_SHARE.
  reopen_tables():
    Removed mark_share_as_old parameter. Instead of relying on it
    and related behavior FLUSH TABLES WITH READ LOCK now takes
    global shared metadata lock. Changed code after removing
    separate table cache.
  drop_locked_tables()/abort_locked_tables():
    Got rid of functions which are no longer needed.
    unlock_locked_tables():
    Moved this function from sql_parse.cc and changed it to release
    memory which was used for allocating metadata lock requests for
    tables open and locked by LOCK TABLES.
  tdc_open_view():
    Intoduced function for opening a view by getting its definition
    from disk (and table cache in future).
  reopen_table_entry():
    Introduced function for opening table definitions while holding
    exclusive metatadata lock on it.
  open_unireg_entry():
   Got rid of this function. Most of its functionality is relocated
    to open_table() and open_table_fini() functions, and some of it
    to reopen_table_entry() and tdc_open_view(). Also code
    resposible for auto-repair and auto-discovery of tables was
    moved to separate function.
  open_table_entry_fini():
    Introduced function which contains common actions which finalize
    process of TABLE object creation.
  auto_repair_table():
    Moved code responsible for auto-repair of table being opened
    here.
  handle_failed_open_table_attempt()
    Moved code responsible for handling failing attempt to open
    table to one place (retry due to lock conflict/old version,
    auto-discovery and repair).
  open_tables():
    - Flush open HANDLER tables if they have old version of if there
      is conflicting metadata lock against them (before this moment
      we had this code in open_table()).
    - When we open view which should be processed via derived table
      on the second execution of prepared statement or stored
      routine we still should call open_table() for it in order to
      obtain metadata lock on it and prepare its security context.
    - In cases when we discover that some special handling of
      failure to open table is needed call
      handle_failed_open_table_attempt() which handles all such
      scenarios.
  open_ltable():
    Handling of various special scenarios of failure to open a table
    was moved to separate handle_failed_open_table_attempt()
    function.
  remove_db_from_cache():
    Removed this function as it is no longer used.
  notify_thread_having_shared_lock():
    Added callback which is invoked by MDL subsystem when acquiring
    an exclusive lock, for each thread that has a conflicting shared
    metadata lock.
  expel_table_from_cache():
    Introduced function for removing unused TABLE instances. Unlike
    remove_table_from_cache() it relies on caller following MDL
    protocol and having appropriate locks when calling it and thus
    does not do any waiting if table is still in use.
  tdc_wait_for_old_version():
    Added function which allows open_tables() to wait in cases when
    we discover that we should back-off due to presence of old
    version of table.
  abort_and_upgrade_lock():
    Use new MDL calls.
  mysql_wait_completed_table():
    Got rid of unused function.
  open_system_tables_for_read/for_update()/performance_schema_table():
    Allocate MDL_LOCK objects on execution memory root in cases when
    TABLE_LIST objects for corresponding tables is allocated on
    stack.
  close_performance_schema_table():
    Release metadata locks after closing tables.
  ******
  Use I_P_List for free/used tables list in the table share.
sql/sql_binlog.cc:
  Use Relay_log_info::slave_close_thread_tables() method to enforce
  that we always close tables open for RBR before deallocating
  TABLE_LIST elements and MDL_LOCK objects for them.
sql/sql_class.cc:
  Added meta-data locking contexts as part of Open_tables_state
  context.  Also introduced THD::locked_tables_root memory root
  which is to be used for allocating MDL_LOCK objects for tables in
  LOCK TABLES statement (end of lifetime for such objects is UNLOCK
  TABLES so we can't use statement or execution root for them).
sql/sql_class.h:
  Added meta-data locking contexts as part of Open_tables_state
  context.  Also introduced THD::locked_tables_root memory root
  which is to be used for allocating MDL_LOCK objects for tables in
  LOCK TABLES statement (end of lifetime for such objects is UNLOCK
  TABLES so we can't use statement or execution root for them).
  
  Note: handler_mdl_context and locked_tables_root and
  mdl_el_root will be removed by subsequent patches.
sql/sql_db.cc:
  mysql_rm_db() does not really need to call remove_db_from_cache()
  as it drops each table in the database using
  mysql_rm_table_part2(), which performs all necessary operations on
  table (definition) cache.
sql/sql_delete.cc:
  Use the new metadata locking API for TRUNCATE.
sql/sql_handler.cc:
  Changed HANDLER implementation to use new metadata locking
  subsystem.  Note that MDL_LOCK objects for HANDLER tables are
  allocated in the same chunk of heap memory as TABLE_LIST object
  for those tables.
sql/sql_insert.cc:
  mysql_insert():
    find_locked_table() now takes head of list of TABLE object as
    its argument instead of always scanning through THD::open_tables
    list.
  handle_delayed_insert():
    Allocate metadata lock request object for table open by delayed
    insert thread on execution memroot.  create_table_from_items():
    We no longer allocate dummy TABLE objects for tables being
    created if they don't exist. As consequence
    reopen_name_locked_table() no longer has link_in argument.
    open_table() now has one more argument which is not relevant for
    temporary tables.
sql/sql_parse.cc:
  - Moved unlock_locked_tables() routine to sql_base.cc and made
    available it in other files. Got rid of some redundant code by
    using this function.
  - Replaced boolean TABLE_LIST::create member with enum
    open_table_type member.
  - Use special memory root for allocating MDL_LOCK objects for
    tables open and locked by LOCK TABLES (these object should live
    till UNLOCK TABLES so we can't allocate them on statement nor
    execution memory root). Also properly set metadata lock
    upgradability attribure for those tables.
  - Under LOCK TABLES it is no longer allowed to flush tables which
    are not write-locked as this breaks metadata locking protocol
    and thus potentially might lead to deadlock.
  - Added auxiliary adjust_mdl_locks_upgradability() function.
sql/sql_partition.cc:
  Adjusted code to the fact that reopen_tables() no longer has
  "mark_share_as_old" argument. Got rid of comments which are no
  longer true.
sql/sql_plist.h:
  Added I_P_List template class for parametrized intrusive doubly
  linked lists and I_P_List_iterator for corresponding iterator.
  Unlike for I_List<> list elements of such list can participate in
  several lists. Unlike List<> such lists are doubly-linked and
  intrusive.
sql/sql_plugin.cc:
  Allocate metadata lock requests objects (MDL_LOCK) on execution
  memory root in cases when we use stack TABLE_LIST objects to open
  tables.
sql/sql_prepare.cc:
  Replaced boolean TABLE_LIST::create member with enum
  open_table_type member.  This allows easily handle situation in
  which instead of opening the table we want only to take exclusive
  metadata lock on it.
sql/sql_rename.cc:
  Use new metadata locking subsystem in implementation of RENAME
  TABLE.
sql/sql_servers.cc:
  Allocate metadata lock requests objects (MDL_LOCK) on execution
  memory root in cases when we use stack TABLE_LIST objects to open
  tables. Got rid of redundant code by using unlock_locked_tables()
  function.
sql/sql_show.cc:
  Acquire shared metadata lock when we are getting information for
  I_S table directly from TABLE_SHARE without doing full-blown table
  open.  We use high priority lock request in this situation in
  order to avoid deadlocks.
  Also allocate metadata lock requests objects (MDL_LOCK) on
  execution memory root in cases when TABLE_LIST objects are also
  allocated there
sql/sql_table.cc:
  mysql_rm_table():
    Removed comment which is no longer relevant.
  mysql_rm_table_part2():
    Now caller of mysql_ha_rm_tables() should not own LOCK_open.
    Adjusted code to use new metadata locking subsystem instead of
    name-locks.
  lock_table_name_if_not_cached():
    Moved this function from sql_base.cc to this file and
    reimplemented it using metadata locking API.
  mysql_create_table():
    Adjusted code to use new MDL API.
  wait_while_table_is_used():
    Changed function to use new MDL subsystem. Made thread waiting
    in it killable (this also led to introduction of return value so
    caller can distinguish successful executions from situations
    when waiting was aborted).
  close_cached_tables():
    Thread waiting in this function is killable now. As result it
    has return value for distinguishing between succes and failure.
    Got rid of redundant boradcast_refresh() call.
  prepare_for_repair():
    Use MDL subsystem instead of name-locks.
  mysql_admin_table():
    mysql_ha_rm_tables() now always assumes that caller doesn't own
    LOCK_open.
  mysql_repair_table():
    We should mark all elements of table list as requiring
    upgradable metadata locks.
  mysql_create_table_like():
    Use new MDL subsystem instead of name-locks.
  create_temporary_tables():
    We don't need to obtain metadata locks when creating temporary
    table.
  mysql_fast_or_online_alter_table():
    Thread waiting in wait_while_table_is_used() is now killable.
  mysql_alter_table():
    Adjusted code to work with new MDL subsystem and to the fact
    that threads waiting in what_while_table_is_used() and
    close_cached_table() are now killable.
sql/sql_test.cc:
  We no longer have separate table cache. TABLE instances are now
  associated with/linked to TABLE_SHARE objects in table definition
  cache.
sql/sql_trigger.cc:
  Adjusted code to work with new metadata locking subsystem.  Also
  reopen_tables() no longer has mark_share_as_old argument (Instead
  of relying on this parameter and related behavior FLUSH TABLES
  WITH READ LOCK now takes global shared metadata lock).
sql/sql_udf.cc:
  Allocate metadata lock requests objects (MDL_LOCK) on execution
  memory root in cases when we use stack TABLE_LIST objects to open
  tables.
sql/sql_update.cc:
  Adjusted code to work with new meta-data locking subsystem.
sql/sql_view.cc:
  Added proper meta-data locking to implementations of
  CREATE/ALTER/DROP VIEW statements. Now we obtain exclusive
  meta-data lock on a view before creating/ changing/dropping it.
  This ensures that all concurrent statements that use this view
  will finish before our statement will proceed and therefore we
  will get correct order of statements in the binary log.
  Also ensure that TABLE_LIST::mdl_upgradable attribute is properly
  propagated for underlying tables of view.
sql/table.cc:
  Added auxiliary alloc_mdl_locks() function for allocating metadata
  lock request objects for all elements of table list.
sql/table.h:
  TABLE_SHARE:
    Got rid of unused members. Introduced members for storing lists
    of used and unused TABLE objects for this share.
  TABLE:
    Added members for linking TABLE objects into per-share lists of
    used and unused TABLE instances. Added member for holding
    pointer to metadata lock for this table.
  TABLE_LIST:
    Replaced boolean TABLE_LIST::create member with enum
    open_table_type member.  This allows easily handle situation in
    which instead of opening the table we want only to take
    exclusive meta-data lock on it (we need this in order to handle
    ALTER VIEW and CREATE VIEW statements).
    Introduced new mdl_upgradable member for marking elements of
    table list for which we need to take upgradable shared metadata
    lock instead of plain shared metadata lock.  Added pointer for
    holding pointer to MDL_LOCK for the table.
  Added auxiliary alloc_mdl_locks() function for allocating metadata
  lock requests objects for all elements of table list.  Added
  auxiliary set_all_mdl_upgradable() function for marking all
  elements in table list as requiring upgradable metadata locks.
storage/myisammrg/ha_myisammrg.cc:
  Allocate MDL_LOCK objects for underlying tables of MERGE table.
  To be reworked once Ingo pushes his patch for WL4144.
2009-11-30 18:55:03 +03:00
Alexander Nozdrin
eed607b829 Manual merge from mysql-trunk-merge. 2009-11-05 23:48:01 +03:00
Alexander Nozdrin
22fe8e10e2 Merge from mysql-next-mr. 2009-10-28 10:55:44 +03:00
Alexander Nozdrin
2dc132b209 Merge from mysql-next-mr. 2009-10-23 15:22:21 +04:00
Luis Soares
f1bb8c3c55 manual merge: mysql-5.1-rep+2-delivery1 --> mysql-5.1-rpl-merge
Conflicts
=========

Text conflict in .bzr-mysql/default.conf
Text conflict in libmysqld/CMakeLists.txt
Text conflict in libmysqld/Makefile.am
Text conflict in mysql-test/collections/default.experimental
Text conflict in mysql-test/extra/rpl_tests/rpl_row_sp006.test
Text conflict in mysql-test/suite/binlog/r/binlog_tmp_table.result
Text conflict in mysql-test/suite/rpl/r/rpl_loaddata.result
Text conflict in mysql-test/suite/rpl/r/rpl_loaddata_fatal.result
Text conflict in mysql-test/suite/rpl/r/rpl_row_create_table.result
Text conflict in mysql-test/suite/rpl/r/rpl_row_sp006_InnoDB.result
Text conflict in mysql-test/suite/rpl/r/rpl_stm_log.result
Text conflict in mysql-test/suite/rpl_ndb/r/rpl_ndb_circular_simplex.result
Text conflict in mysql-test/suite/rpl_ndb/r/rpl_ndb_sp006.result
Text conflict in mysql-test/t/mysqlbinlog.test
Text conflict in sql/CMakeLists.txt
Text conflict in sql/Makefile.am
Text conflict in sql/log_event_old.cc
Text conflict in sql/rpl_rli.cc
Text conflict in sql/slave.cc
Text conflict in sql/sql_binlog.cc
Text conflict in sql/sql_lex.h
21 conflicts encountered.

NOTE
====
 mysql-5.1-rpl-merge has been made a mirror of mysql-next-mr:
 - "mysql-5.1-rpl-merge$ bzr pull ../mysql-next-mr"

 This is the first cset (merge/...) committed after pulling 
 from mysql-next-mr.
2009-10-22 23:30:28 +01:00
Kristofer Pettersson
0659b857e7 Bug#27145 EXTRA_ACL troubles
The flag EXTRA_ACL is used in conjugation with our access checks, yet it is
not clear what impact this flag has.
This is a code clean up which replaces use of EXTRA_ACL with an explicit
function parameter.
The patch also fixes privilege checks for:
- SHOW CREATE TABLE: The new privilege requirement is any privilege on
  the table-level.
- CHECKSUM TABLE: Requires SELECT on the table level.
- SHOW CREATE VIEW: Requires SHOW_VIEW and SELECT on the table level
  (just as the manual claims)
- SHOW INDEX: Requires any privilege on any column combination.


mysql-test/r/grant.result:
  * Error message now shows correct command (SHOW instead of SELECT)
mysql-test/r/grant2.result:
  * Error message now shows correct command (SHOW instead of SELECT)
mysql-test/r/grant4.result:
  * This test file tests privilege requirements for
    SHOW COLUMNS
    CREATE TABLE .. LIKE
    SHOW CREATE TABLE
    SHOW INDEX
    CHECKSUM TABLE
    SHOW CREATE VIEW
mysql-test/r/information_schema_db.result:
  * Added SELECT privilege to testdb_2 as
    SHOW CREATE VIEW now demands this privilege
    as well as SHOW VIEW.
mysql-test/r/outfile.result:
  * Changed error code
mysql-test/r/view_grant.result:
  * Additional SELECT privilege is now needed
    for SHOW CREATE VIEW
mysql-test/t/grant4.test:
  * This test file tests privilege requirements for
    SHOW COLUMNS
    CREATE TABLE .. LIKE
    SHOW CREATE TABLE
    SHOW INDEX
    CHECKSUM TABLE
    SHOW CREATE VIEW
mysql-test/t/information_schema_db.test:
  * Added SELECT privilege to testdb_2 as
    SHOW CREATE VIEW now demands this privilege
    as well as SHOW VIEW.
mysql-test/t/outfile.test:
  * Changed error code
mysql-test/t/view_grant.test:
  * Additional SELECT privilege is now needed
    for SHOW CREATE VIEW
sql/mysql_priv.h:
  * Replaced EXTRA_ACL with a parameter
sql/sp_head.cc:
  * Replaced EXTRA_ACL with a parameter
sql/sql_acl.cc:
  * Converted function documentation to doxygen and clarified some behaviors.
  * Changed value from uint to bool to better reflect its meaning.
  * Removed pointless variable orig_want_access
  * Added function has_any_table_level_privileges to help with requirements
    checks during SHOW CREATE TABLE.
sql/sql_acl.h:
  * changed signature of check_grant()
  * introduced access control function has_any_table_leevl_privileges()
sql/sql_base.cc:
  * Check_table_access has new signature
sql/sql_cache.cc:
  * Check_table_access has new signature
sql/sql_parse.cc:
  * Rewrote function documentation in doxygen comments for: check_access,
    check_table_acces, check_grant.
  * Removed EXTRA_ACL flag where it doesn't hold any meaningful purpose anymore
    and replaced it with a function parameter where any privileges on any column
    combination would satisfy the requirement.
  * Fixed privilege check for SHOW COLUMNS and SHOW INDEX
  * Modified check_table_access to gain clarity in what EXTRA_ACL actually does.
  * Modified check_access to gain clarity in what EXTRA_ACL actually does.
  * Fixed privilege check for CREATE TABLE .. LIKE .. ; It now requires SELECT
    privileges on the table.
  * Fixed privilege check for SHOW CREATE TABLE ..; It now requires any privilege
    on the table level.
sql/sql_plugin.cc:
  * check_table_access has new signature
sql/sql_prepare.cc:
  * check_table_access has new signature
sql/sql_show.cc:
  * check_table_access has new signature
sql/sql_trigger.cc:
  * check_table_access has new signature
sql/sql_update.cc:
  * check grant has new signature
sql/sql_view.cc:
  * check_table_access has new signature
2009-10-19 14:58:13 +02:00
Martin Hansson
3bd2461668 Bug#46019: ERROR 1356 When selecting from within another
view that has Group By
      
When SELECT'ing from a view that mentions another,
materialized, view, access was being denied. The issue was
resolved by lifting a special case which avoided such access
checking in check_single_table_access. In the past, this was
necessary since if such a check were performed, the error
message would be downgraded to a warning in the case of SHOW
CREATE VIEW. The downgrading of errors was meant to handle
only that scenario, but could not distinguish the two as it
read only the error messages.
      
The special case was needed in the fix of bug no 36086.
Before that, views were confused with derived tables.
      
After bug no 35996 was fixed, the manipulation of errors
during SHOW CREATE VIEW execution is not dependent on the
actual error messages in the queue, it rather looks at the
actual cause of the error and takes appropriate
action. Hence the aforementioned special case is now
superfluous and the bug is fixed.


mysql-test/r/view_grant.result:
  Bug#46019: Test result.
mysql-test/t/view_grant.test:
  Bug#46019: Test case.
sql/sql_parse.cc:
  Bug#46019: fix.
2009-10-16 13:12:21 +02:00
He Zhenxing
280bf1cee6 Backport Post fix of result files after push of BUG#34227 2009-10-02 17:12:10 +08:00
Martin Hansson
e86f08d054 Bug#35996: SELECT + SHOW VIEW should be enough to display
view definition

During SHOW CREATE VIEW there is no reason to 'anonymize'
errors that name objects that a user does not have access
to. Moreover it was inconsistently implemented. For example
base tables being referenced from a view appear to be ok,
but not views. The manual on the other hand is clear: If a
user has the privileges SELECT and SHOW VIEW, the view
definition is available to that user, period. The fix
changes the behavior to support the manual.


mysql-test/r/information_schema_db.result:
  Bug#35996: Changed warnings.
mysql-test/r/view_grant.result:
  Bug#35996: Changed warnings, test result.
mysql-test/t/information_schema_db.test:
  Bug#35996: Changed test case to reflect new behavior.
mysql-test/t/view_grant.test:
  Bug#35996: Test case.
sql/sql_acl.cc:
  Bug#35996: Code no longer necessary, we may as well exempt 
  SHOW CREATE VIEW from this check.
sql/sql_show.cc:
  Bug#35996: The fix: An Internal_error_handler that hides
  most errors raised by access checking as they are not
  relevant to SHOW CREATE VIEW.
sql/table.cc:
  Bug#35996: Restricting this hack to act only when there is 
  no Internal_error_handler.
2009-09-28 13:25:47 +02:00
Georgi Kodinov
787a4940ca reverted the fix for bug #46019 from 5.1-bugteam 2009-08-21 17:41:48 +03:00
Georgi Kodinov
66ce3dee92 Revert of the fix for bug #46019. 2009-08-21 17:10:55 +03:00
Georgi Kodinov
1317d24b33 merge of bug #46019 to 5.1-bugteam 2009-08-20 17:11:22 +03:00
Georgi Kodinov
0665536995 Bug #46019: ERROR 1356 When selecting from within another
view that has Group By
      
Table access rights checking function check_grant() assumed
that no view is opened when it's called.
This is not true with nested views where the inner view
needs materialization. In this case the view is already 
materialized when check_grant() is called for it.
This caused check_grant() to not look for table level
grants on the materialized view table.
Fixed by checking if a view is already materialized and if 
it is check table level grants using the original table name
(not the ones of the materialized temp table).
2009-08-19 15:14:57 +03:00
Matthias Leich
2417d31045 Merge 5.0 -> 5.1 of fix for Bug#42003 and Bug#43114 2009-03-06 15:56:17 +01:00
Matthias Leich
0183d4d842 Merge of fix for Bug#42003 and Bug#43114 into more actual GCA tree
modifications according to the reviews are included
2009-03-05 14:35:03 +01:00
Matthias Leich
140cc614c9 Last slice of fix for Bug#42003 tests missing the disconnect of connections <> default
+ Fix for Bug#43114 wait_until_count_sessions too restrictive, random PB failures
+ Removal of a lot of other weaknesses found
+ modifications according to review
2009-03-03 21:34:18 +01:00
Georgi Kodinov
f3c6ff1f7a null-merged the fix and kept the test for bug #41354 from 5.0-bugteam 2009-02-26 19:20:50 +02:00
Georgi Kodinov
a9d707037a Bug #41354: Access control is bypassed when all columns
of a view are selected by * wildcard

Backported a part of the fix for 36086 to 5.0

mysql-test/r/view_grant.result:
  Bug #41354: test case
mysql-test/t/view_grant.test:
  Bug #41354: test case
sql/sql_acl.cc:
  Bug #41354: return table error when no access and *
sql/sql_base.cc:
  Bug #41354: backported the check in bug 36086 to 5.0
2009-02-26 19:00:44 +02:00
Sergey Glukhov
89fbca2813 5.0-bugteam->5.1-bugteam merge 2009-02-25 16:18:24 +04:00
Sergey Glukhov
5d2fc53354 Bug#40345 MySQLDump prefixes view name with database name when view references other db
print compact view name if the view belongs to the current database


mysql-test/r/information_schema_db.result:
  result fix
mysql-test/r/mysqldump.result:
  result fix
mysql-test/r/view_grant.result:
  result fix
sql/sql_show.cc:
  print compact view name if the view belongs to the current database
2009-02-25 15:44:50 +04:00
Georgi Kodinov
620438fdae backport the fix for bug #37191 to 5.1-bugteam 2009-02-25 12:19:29 +02:00
Martin Hansson
c0cfce21d6 Bug#35600: Security breach via view, I_S table and prepared
statement/stored procedure

View privileges are properly checked after the fix for bug no 
36086, so the method TABLE_LIST::get_db_name() must be used 
instead of field TABLE_LIST::db, as this only works for tables.
Bug appears when accessing views in prepared statements.

mysql-test/r/view_grant.result:
  Bug#35600: Extended existing test case.
mysql-test/t/view_grant.test:
  Bug#35600: Extended existing test result.
sql/sql_parse.cc:
  Bug#35600: Using method to retrieve database name instead of
  field.
2008-09-09 12:49:08 +02:00
Martin Hansson
3bad2119f9 Bug#36086: SELECT * from views don't check column grants
This patch also fixes bugs 36963 and 35600.
                      
- In many places a view was confused with an anonymous derived
  table, i.e. access checking was skipped. Fixed by introducing a
  predicate to tell the difference between named and anonymous
  derived tables.
                      
- When inserting fields for "SELECT * ", there was no 
  distinction between base tables and views, where one should be
  made. View privileges are checked elsewhere.

mysql-test/include/grant_cache.inc:
  Bug#36086: Changed test case.
mysql-test/r/grant2.result:
  Bug#36086: Changed test result.
mysql-test/r/grant_cache_no_prot.result:
  Bug#36086: Changed test result.
mysql-test/r/grant_cache_ps_prot.result:
  Bug#36086: Changed test result.
mysql-test/r/view_grant.result:
  Bug#36086: Test result.
mysql-test/t/grant2.test:
  Bug#36086: Changed test case.
mysql-test/t/view_grant.test:
  Bug#36086: Test case.
sql/item.cc:
  Bug#36086: Replaced conditional with new methods.
sql/sql_acl.cc:
  Bug no 35600: 
  In mysql_table_grant:
    Replaced conditional with the new accessor method.
  
  In check_grant:
   - Changed the requirement table->derived != null to 
     checking all anonymous derived tables.
   - Use of the accessor methods for getting object and database 
     names.
      
  Bug#36086: In check_grant_all_columns:
    - Updated comment. This function is now called for views
      as well.
    - The error message should not disclose any column names 
      unless the user has privilege to see all column names.
    - Changed names of Field_iterator_table_ref methods.
sql/sql_base.cc:
  Bug no 36963: In insert_fields()
    - Commented.
    - We should call check_grant_all_columns() for views in  
      this case.        
    - Changed names of Field_iterator_table_ref methods.
    - We should not disclose column names in the error message
      when the user has no approprate privilege.
sql/sql_cache.cc:
  Bug#36086: Replaced test with new predicate method.
sql/sql_derived.cc:
  Bug#36086: commenting only. Updated and doxygenated
  comment for mysql_derived_prepare().
sql/sql_parse.cc:
  Bug no 35600: 
  - In check_single_table_access:
    Due to the bug, check_grant would raise an error for a
    SHOW CREATE TABLE command for a TEMPTABLE view. It should in
    fact not be be invoked in this case. This table privilege
    is checked already.
    There is a test case for this in information_schema_db.test.
      
  - In check_access: replaced table->derived
sql/table.cc:
  Bug#36086: 
  
  - In TABLE_LIST::set_underlying_merge(): 
    Commenting only. Doxygenated, corrected spelling,
    added.
  
  - Renamed table_name() and db_name() methods of 
    Field_iterator_table_ref in order to be consistent
    with new methods in TABLE_LIST.
sql/table.h:
  Bug#36086: 
    - Commented GRANT_INFO.
    - Added a predicate is_anonymous_derived_table() to    
      TABLE_LIST.
    - Added get_table_name() and get_db_name() to   
      TABLE_LIST in order to hide the disparate   
      representation of these properties.
2008-09-03 16:45:40 +02:00
unknown
9965de17ba Fix result files (Bug#21854).
mysql-test/r/information_schema_db.result:
  Update result file.
mysql-test/r/sp-security.result:
  Update result file.
mysql-test/r/trigger_notembedded.result:
  Update result file.
mysql-test/r/view_grant.result:
  Update result file.
2008-03-22 11:01:31 +03:00
unknown
d05f6b9fb8 A patch for Bug#21854: Problems with CREATE TRIGGER without
DEFINER clause in --skip-grant-tables mode.

Update error message.


mysql-test/r/information_schema_db.result:
  Update result file.
mysql-test/r/sp-security.result:
  Update result file.
mysql-test/r/trigger_notembedded.result:
  Update result file.
mysql-test/r/view_grant.result:
  Update result file.
sql/share/errmsg.txt:
  Update error message.
2008-03-21 18:34:12 +03:00
unknown
9bbf256cb3 Merge quad.:/mnt/raid/alik/MySQL/devel/bug-34337/5.0-rt-bug34337
into  quad.:/mnt/raid/alik/MySQL/devel/bug-34337/5.1-rt-bug34337


mysql-test/r/view_grant.result:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
sql/sql_view.cc:
  Auto merged
mysql-test/t/view.test:
  Manually merged.
2008-02-21 12:24:40 +03:00
unknown
fa08b28085 Fix for Bug#34337: Server crash when Altering a view using
a table name.
  
The problem was that fill_defined_view_parts() did not return
an error if a table is going to be altered. That happened if
the table was already in the table cache. In that case,
open_table() returned non-NULL value (valid TABLE-instance from
the cache).
  
The fix is to ensure that an error is thrown even if the table
is in the cache.

(This is a backport of the original patch for 5.1)


mysql-test/r/view.result:
  Fix result file.
mysql-test/r/view_grant.result:
  Fix result file.
mysql-test/t/view.test:
  Add a test case for Bug#34337: Server crash when Altering a view
  using a table name.
mysql-test/t/view_grant.test:
  Fix order-dependency.
sql/sql_view.cc:
  Report an error if we're going to work with a table.
2008-02-21 12:17:32 +03:00
unknown
e4d0c1cbe3 merge 5.0-opt -> 5.1-opt 2007-10-01 17:37:48 +03:00
unknown
163ba66c3f merge 5.0-opt -> 5.1-opt
mysql-test/r/func_math.result:
  Auto merged
mysql-test/t/func_math.test:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
sql/item_func.cc:
  Auto merged
sql/sql_select.cc:
  Auto merged
sql/sql_view.cc:
  Auto merged
2007-10-01 12:56:25 +03:00
unknown
c6a4e65a40 view_grant.result, view_grant.test:
Corrected test case for the bug#29908.


mysql-test/t/view_grant.test:
  Corrected test case for the bug#29908.
mysql-test/r/view_grant.result:
  Corrected test case for the bug#29908.
2007-09-29 01:07:29 +00:00
unknown
1cb6dc2b37 Bug#29908: A user can gain additional access through the ALTER VIEW.
Non-definer of a view was allowed to alter that view. Due to this the alterer
can elevate his access rights to access rights of the view definer and thus
modify data which he wasn't allowed to modify. A view defined with
SQL SECURITY INVOKER can't be used directly for access rights elevation.
But a user can first alter the view SQL code and then alter the view to 
SQL SECURITY DEFINER and thus elevate his access rights. Due to this
altering a view with SQL SECURITY INVOKER is also prohibited.

Now the mysql_create_view function allows ALTER VIEW only to the view
definer or a super user. 


mysql-test/t/view_grant.test:
  Added a test case for the bug#29908: A user can gain additional access through the
  ALTER VIEW.
  A test case was adjusted after fixfing bug#29908.
mysql-test/r/view_grant.result:
  Added a test case for the bug#29908: A user can gain additional access through the
  ALTER VIEW.
sql/sql_view.cc:
  Bug#29908: A user can gain additional access through the ALTER VIEW.
  Now the mysql_create_view function allows ALTER VIEW only to the view
  definer or a super user.
2007-09-20 18:05:09 +04:00
unknown
405f82d390 Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
    has a non-ascii symbol
  - BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
  - BUG#19443: INFORMATION_SCHEMA does not support charsets properly
  - BUG#21249: Character set of SP-var can be ignored
  - BUG#25212: Character set of string constant is ignored (stored routines)
  - BUG#25221: Character set of string constant is ignored (triggers)

There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
   triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
   inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
   definition;

1. No query-definition-character set.

In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.

The context contains the following data:
  - client character set;
  - connection collation (character set and collation);
  - collation of the owner database;

The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).

2. Wrong mysqldump-output.

The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.

Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).

The solution is
  - to store definition queries in the original character set;
  - to change SHOW CREATE statement to output definition query in the
    binary character set (i.e. without any conversion);
  - introduce SHOW CREATE TRIGGER statement;
  - to dump special statements to switch the context to the original one
    before dumping and restore it afterwards.

Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.

3. INFORMATION_SCHEMA showed non-UTF8 strings

The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.

Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.

This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object.  Specialized SHOW CREATE statements should be
used for this.

The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).

Example:

  - original query:
    CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;

  - UTF8 query (for INFORMATION_SCHEMA):
    CREATE VIEW v1 AS SELECT 'Hello' AS c1;


client/mysqldump.c:
  Set original character set and collation before dumping definition query.
include/my_sys.h:
  Move out-parameter to the end of list.
mysql-test/lib/mtr_report.pl:
  Ignore server-warnings during the test case.
mysql-test/r/create.result:
  Update result file.
mysql-test/r/ctype_cp932_binlog_stm.result:
  Update result file.
mysql-test/r/events.result:
  Update result file.
mysql-test/r/events_bugs.result:
  Update result file.
mysql-test/r/events_grant.result:
  Update result file.
mysql-test/r/func_in.result:
  Update result file.
mysql-test/r/gis.result:
  Update result file.
mysql-test/r/grant.result:
  Update result file.
mysql-test/r/information_schema.result:
  Update result file.
mysql-test/r/information_schema_db.result:
  Update result file.
mysql-test/r/lowercase_view.result:
  Update result file.
mysql-test/r/mysqldump.result:
  Update result file.
mysql-test/r/ndb_sp.result:
  Update result file.
mysql-test/r/ps.result:
  Update result file.
mysql-test/r/rpl_replicate_do.result:
  Update result file.
mysql-test/r/rpl_sp.result:
  Update result file.
mysql-test/r/rpl_trigger.result:
  Update result file.
mysql-test/r/rpl_view.result:
  Update result file.
mysql-test/r/show_check.result:
  Update result file.
mysql-test/r/skip_grants.result:
  Update result file.
mysql-test/r/sp-destruct.result:
  Update result file.
mysql-test/r/sp-error.result:
  Update result file.
mysql-test/r/sp-security.result:
  Update result file.
mysql-test/r/sp.result:
  Update result file.
mysql-test/r/sql_mode.result:
  Update result file.
mysql-test/r/system_mysql_db.result:
  Update result file.
mysql-test/r/temp_table.result:
  Update result file.
mysql-test/r/trigger-compat.result:
  Update result file.
mysql-test/r/trigger-grant.result:
  Update result file.
mysql-test/r/trigger.result:
  Update result file.
mysql-test/r/view.result:
  Update result file.
mysql-test/r/view_grant.result:
  Update result file.
mysql-test/t/events.test:
  Update test case (new columns added).
mysql-test/t/information_schema.test:
  Update test case (new columns added).
mysql-test/t/show_check.test:
  Test case for SHOW CREATE TRIGGER in prepared statements and
  stored routines.
mysql-test/t/sp-destruct.test:
  Update test case (new columns added).
mysql-test/t/sp.test:
  Update test case (new columns added).
mysql-test/t/view.test:
  Update test.
mysys/charset.c:
  Move out-parameter to the end of list.
scripts/mysql_system_tables.sql:
  Add new columns to mysql.proc and mysql.event.
scripts/mysql_system_tables_fix.sql:
  Add new columns to mysql.proc and mysql.event.
sql/event_data_objects.cc:
  Support new attributes for events.
sql/event_data_objects.h:
  Support new attributes for events.
sql/event_db_repository.cc:
  Support new attributes for events.
sql/event_db_repository.h:
  Support new attributes for events.
sql/events.cc:
  Add new columns to SHOW CREATE event resultset.
sql/mysql_priv.h:
  1. Introduce Object_creation_ctx;
  2. Introduce SHOW CREATE TRIGGER;
  3. Introduce auxilary functions.
sql/sp.cc:
  Add support for new store routines attributes.
sql/sp_head.cc:
  Add support for new store routines attributes.
sql/sp_head.h:
  Add support for new store routines attributes.
sql/sql_lex.cc:
  Generate UTF8-body on parsing/lexing.
sql/sql_lex.h:
  1. Generate UTF8-body on parsing/lexing.
  2. Introduce SHOW CREATE TRIGGER.
sql/sql_parse.cc:
  Introduce SHOW CREATE TRIGGER.
sql/sql_partition.cc:
  Update parse_sql().
sql/sql_prepare.cc:
  Update parse_sql().
sql/sql_show.cc:
  Support new attributes for views
sql/sql_trigger.cc:
  Support new attributes for views
sql/sql_trigger.h:
  Support new attributes for views
sql/sql_view.cc:
  Support new attributes for views
sql/sql_yacc.yy:
  1. Add SHOW CREATE TRIGGER statement.
  2. Generate UTF8-body for views, stored routines, triggers and events.
sql/table.cc:
  Introduce Object_creation_ctx.
sql/table.h:
  Introduce Object_creation_ctx.
sql/share/errmsg.txt:
  Add new errors.
mysql-test/include/ddl_i18n.check_events.inc:
  Aux file for test suite.
mysql-test/include/ddl_i18n.check_sp.inc:
  Aux file for test suite.
mysql-test/include/ddl_i18n.check_triggers.inc:
  Aux file for test suite.
mysql-test/include/ddl_i18n.check_views.inc:
  Aux file for test suite.
mysql-test/include/have_cp1251.inc:
  Aux file for test suite.
mysql-test/include/have_cp866.inc:
  Aux file for test suite.
mysql-test/include/have_koi8r.inc:
  Aux file for test suite.
mysql-test/include/have_utf8.inc:
  Aux file for test suite.
mysql-test/r/ddl_i18n_koi8r.result:
  Result file.
mysql-test/r/ddl_i18n_utf8.result:
  Result file.
mysql-test/r/have_cp1251.require:
  Aux file for test suite.
mysql-test/r/have_cp866.require:
  Aux file for test suite.
mysql-test/r/have_koi8r.require:
  Aux file for test suite.
mysql-test/r/have_utf8.require:
  Aux file for test suite.
mysql-test/t/ddl_i18n_koi8r.test:
  Complete koi8r test case for the CS patch.
mysql-test/t/ddl_i18n_utf8.test:
  Complete utf8 test case for the CS patch.
2007-06-28 21:34:54 +04:00
unknown
24d77dca68 Fixed tests that relied on broken behavior in acl_getroot_no_password().
This is to fix PB failures introduced by the patch for bug #28895.


mysql-test/r/view_grant.result:
  Fixed tests that relied on broken behavior in acl_getroot_no_password().
2007-06-07 12:45:37 +04:00
unknown
cf6e5c12d1 Merge polly.local:/home/kaa/src/maint/bug28895/my50-bug28895
into  polly.local:/home/kaa/src/maint/bug28895/my51-bug28895


mysql-test/r/view_grant.result:
  Auto merged
sql/sql_acl.cc:
  Auto merged
2007-06-06 21:44:05 +04:00
unknown
3ac87034ca Fix for bug #28895 "Test 'information_schema_db' fails on i5/OS 32 bit".
In acl_getroot_no_password(), use a separate variable for traversing the acl_users list so that the last entry is not used when no matching entries are found.


mysql-test/r/view_grant.result:
  Fixed the testcase for bug #14875 which relied on broken behavior. sctx->master_access and sctx->priv_user were being set to the last entry in the acl_users list. That does not happen after the patch for bug #28895, so we get a different warning message.
sql/sql_acl.cc:
  In acl_getroot_no_password(), use a separate variable for traversing the acl_users list so that the last entry is not used when no matching entries are found.
2007-06-05 22:18:07 +04:00
unknown
374718ff45 Merge ua141d10.elisa.omakaista.fi:/home/my/bk/mysql-5.0-marvel
into  ua141d10.elisa.omakaista.fi:/home/my/bk/mysql-5.1-marvel


client/mysql.cc:
  Auto merged
client/mysqlbinlog.cc:
  Auto merged
BitKeeper/deleted/.del-my_lread.c:
  Auto merged
BitKeeper/deleted/.del-my_lwrite.c:
  Auto merged
BitKeeper/deleted/.del-raid.cc~488f5fa6538394e1:
  Auto merged
BitKeeper/deleted/.del-raid.h~2d2503a66b128ac6:
  Auto merged
client/mysqldump.c:
  Auto merged
extra/perror.c:
  Auto merged
include/my_sys.h:
  Auto merged
libmysql/libmysql.c:
  Auto merged
libmysqld/libmysqld.c:
  Auto merged
mysql-test/r/mysqlbinlog2.result:
  Auto merged
mysql-test/r/sp-security.result:
  Auto merged
mysql-test/r/view_grant.result:
  Auto merged
mysql-test/t/grant.test:
  Auto merged
mysql-test/t/sp-security.test:
  Auto merged
mysql-test/t/sp.test:
  Auto merged
mysql-test/t/sp_trans.test:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
mysys/default.c:
  Auto merged
mysys/hash.c:
  Auto merged
mysys/mf_iocache.c:
  Auto merged
mysys/mf_keycache.c:
  Auto merged
mysys/my_alloc.c:
  Auto merged
mysys/my_dup.c:
  Auto merged
mysys/my_getwd.c:
  Auto merged
mysys/my_handler.c:
  Auto merged
mysys/my_lib.c:
  Auto merged
mysys/my_malloc.c:
  Auto merged
mysys/my_pread.c:
  Auto merged
mysys/my_read.c:
  Auto merged
mysys/my_seek.c:
  Auto merged
mysys/my_static.c:
  Auto merged
mysys/safemalloc.c:
  Auto merged
mysys/thr_alarm.c:
  Auto merged
mysys/typelib.c:
  Auto merged
sql/handler.cc:
  Auto merged
sql/item.cc:
  Auto merged
sql/item_cmpfunc.cc:
  Auto merged
sql/item_func.h:
  Auto merged
sql/item_subselect.cc:
  Auto merged
sql/log_event.cc:
  Auto merged
sql/net_serv.cc:
  Auto merged
sql/opt_range.cc:
  Auto merged
sql/slave.cc:
  Auto merged
sql/sp.cc:
  Auto merged
sql/sp_head.cc:
  Auto merged
sql/sql_acl.cc:
  Auto merged
sql/sql_base.cc:
  Auto merged
sql/sql_cache.cc:
  Auto merged
sql/sql_class.cc:
  Auto merged
sql/sql_class.h:
  Auto merged
sql/sql_delete.cc:
  Auto merged
sql/sql_load.cc:
  Auto merged
sql/sql_prepare.cc:
  Auto merged
sql/sql_repl.cc:
  Auto merged
sql/sql_select.cc:
  Auto merged
sql/sql_table.cc:
  Auto merged
sql/sql_view.cc:
  Auto merged
sql/strfunc.cc:
  Auto merged
sql/table.cc:
  Auto merged
sql/tztime.cc:
  Auto merged
sql/unireg.cc:
  Auto merged
sql-common/client.c:
  Auto merged
sql-common/my_time.c:
  Auto merged
storage/archive/ha_archive.cc:
  Auto merged
storage/heap/_check.c:
  Auto merged
storage/heap/hp_delete.c:
  Auto merged
storage/heap/hp_hash.c:
  Auto merged
storage/heap/hp_open.c:
  Auto merged
storage/heap/hp_rkey.c:
  Auto merged
storage/heap/hp_rrnd.c:
  Auto merged
storage/heap/hp_write.c:
  Auto merged
storage/innobase/handler/ha_innodb.cc:
  Auto merged
storage/myisam/mi_close.c:
  Auto merged
storage/myisam/mi_delete.c:
  Auto merged
storage/myisam/mi_dynrec.c:
  Auto merged
storage/myisam/mi_keycache.c:
  Auto merged
storage/myisam/mi_page.c:
  Auto merged
storage/myisam/mi_statrec.c:
  Auto merged
storage/myisam/myisamchk.c:
  Auto merged
storage/myisammrg/myrg_extra.c:
  Auto merged
storage/ndb/src/mgmclient/CommandInterpreter.cpp:
  Auto merged
tests/mysql_client_test.c:
  Auto merged
mysql-test/r/grant.result:
  Merged from 5.0
mysql-test/r/sp.result:
  Merged from 5.0
mysql-test/r/sp_trans.result:
  Merged from 5.0
mysql-test/t/mysqlbinlog2.test:
  Merged from 5.0
mysys/thr_lock.c:
  Merged from 5.0
sql/ha_ndbcluster.cc:
  Merged from 5.0
sql/log.cc:
  Merged from 5.0
sql/mysql_priv.h:
  Merged from 5.0
sql/mysqld.cc:
  Merged from 5.0
sql/set_var.cc:
  Merged from 5.0
sql/sql_db.cc:
  Merged from 5.0
sql/sql_insert.cc:
  Merged from 5.0
sql/sql_parse.cc:
  Merged from 5.0
sql/sql_show.cc:
  Merged from 5.0
sql/sql_update.cc:
  Merged from 5.0
2007-03-29 17:27:42 +03:00