Commit graph

85 commits

Author SHA1 Message Date
Tatjana Azundris Nuernberg
7944320f4e manual merge 2011-09-29 10:56:21 +01:00
Tatjana Azundris Nuernberg
8932ae2166 Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows / underlying table's name
1 - If a user had SHOW VIEW and SELECT privileges on a view and
this view was referencing another view, EXPLAIN SELECT on the outer
view (that the user had privileges on) could reveal the structure
of the underlying "inner" view as well as the number of rows in
the underlying tables, even if the user had privileges on none of
these referenced objects.

This happened because we used DEFINER's UID ("SUID") not just for
the view given in EXPLAIN, but also when checking privileges on
the underlying views (where we should use the UID of the EXPLAIN's
INVOKER instead).

We no longer run the EXPLAIN SUID (with DEFINER's privileges).
This prevents a possible exploit and makes permissions more
orthogonal.

2 - EXPLAIN SELECT would reveal a view's structure even if the user
did not have SHOW VIEW privileges for that view, as long as they
had SELECT privilege on the underlying tables.

Instead of requiring both SHOW VIEW privilege on a view and SELECT
privilege on all underlying tables, we were checking for presence
of either of them.

We now explicitly require SHOW VIEW and SELECT privileges on
the view we run EXPLAIN SELECT on, as well as all its
underlying views. We also require SELECT on all relevant
tables. 


mysql-test/r/view_grant.result:
  add extensive tests to illustrate desired behavior and
  prevent regressions (as always).
mysql-test/t/view_grant.test:
  add extensive tests to illustrate desired behavior and
  prevent regressions (as always).
sql/sql_view.cc:
  We no longer run the EXPLAIN SUID (with DEFINER's privileges).
  To achieve this, we use a temporary, SUID-less TABLE_LIST for
  the views while checking privileges.
2011-09-29 10:47:11 +01:00
Dmitry Lenev
599457ae2c Fix for bug #58499 "DEFINER-security view selecting from
INVOKER-security view access check wrong".

When privilege checks were done for tables used from an 
INVOKER-security view which in its turn was used from 
a DEFINER-security view connection's active security
context was incorrectly used instead of security context
with privileges of the second view's creator.

This meant that users which had enough rights to access
the DEFINER-security view and as result were supposed to 
be able successfully access it were unable to do so in 
cases when they didn't have privileges on underlying tables 
of the INVOKER-security view.

This problem was caused by the fact that for INVOKER-security
views TABLE_LIST::security_ctx member for underlying tables
were set to 0 even in cases when particular view was used from 
another DEFINER-security view. This meant that when checks of
privileges on these underlying tables was done in
setup_tables_and_check_access() active connection security 
context was used instead of context corresponding to the 
creator of caller view.

This fix addresses the problem by ensuring that underlying
tables of an INVOKER-security view inherit security context
from the view and thus correct security context is used for
privilege checks on underlying tables in cases when such view 
is used from another view with DEFINER-security.

mysql-test/r/view_grant.result:
  Added coverage for various combinations of DEFINER and
  INVOKER-security views, including test for bug #58499
  "DEFINER-security view selecting from INVOKER-security
  view access check wrong".
mysql-test/t/view_grant.test:
  Added coverage for various combinations of DEFINER and
  INVOKER-security views, including test for bug #58499
  "DEFINER-security view selecting from INVOKER-security
  view access check wrong".
sql/sql_view.cc:
  When opening a non-suid view ensure that its underlying 
  tables will get the same security context as use for
  checking privileges on the view, i.e. security context
  of view invoker. This context can be different from the
  security context which is currently active for connection 
  in cases when this non-suid view is used from a view with
  suid security. Inheriting security context in such situation
  allows correctly apply privileges of creator of suid view
  in checks for tables of non-suid view (since in this 
  situation creator/definer of suid view serves as invoker
  for non-suid view).
2011-01-12 16:08:30 +03:00
Davi Arnaut
80164ae9a0 Move test case. Embedded server does not support privilege
related bits.
2010-02-12 00:54:14 -02:00
Martin Hansson
3bd2461668 Bug#46019: ERROR 1356 When selecting from within another
view that has Group By
      
When SELECT'ing from a view that mentions another,
materialized, view, access was being denied. The issue was
resolved by lifting a special case which avoided such access
checking in check_single_table_access. In the past, this was
necessary since if such a check were performed, the error
message would be downgraded to a warning in the case of SHOW
CREATE VIEW. The downgrading of errors was meant to handle
only that scenario, but could not distinguish the two as it
read only the error messages.
      
The special case was needed in the fix of bug no 36086.
Before that, views were confused with derived tables.
      
After bug no 35996 was fixed, the manipulation of errors
during SHOW CREATE VIEW execution is not dependent on the
actual error messages in the queue, it rather looks at the
actual cause of the error and takes appropriate
action. Hence the aforementioned special case is now
superfluous and the bug is fixed.


mysql-test/r/view_grant.result:
  Bug#46019: Test result.
mysql-test/t/view_grant.test:
  Bug#46019: Test case.
sql/sql_parse.cc:
  Bug#46019: fix.
2009-10-16 13:12:21 +02:00
Martin Hansson
e86f08d054 Bug#35996: SELECT + SHOW VIEW should be enough to display
view definition

During SHOW CREATE VIEW there is no reason to 'anonymize'
errors that name objects that a user does not have access
to. Moreover it was inconsistently implemented. For example
base tables being referenced from a view appear to be ok,
but not views. The manual on the other hand is clear: If a
user has the privileges SELECT and SHOW VIEW, the view
definition is available to that user, period. The fix
changes the behavior to support the manual.


mysql-test/r/information_schema_db.result:
  Bug#35996: Changed warnings.
mysql-test/r/view_grant.result:
  Bug#35996: Changed warnings, test result.
mysql-test/t/information_schema_db.test:
  Bug#35996: Changed test case to reflect new behavior.
mysql-test/t/view_grant.test:
  Bug#35996: Test case.
sql/sql_acl.cc:
  Bug#35996: Code no longer necessary, we may as well exempt 
  SHOW CREATE VIEW from this check.
sql/sql_show.cc:
  Bug#35996: The fix: An Internal_error_handler that hides
  most errors raised by access checking as they are not
  relevant to SHOW CREATE VIEW.
sql/table.cc:
  Bug#35996: Restricting this hack to act only when there is 
  no Internal_error_handler.
2009-09-28 13:25:47 +02:00
Georgi Kodinov
787a4940ca reverted the fix for bug #46019 from 5.1-bugteam 2009-08-21 17:41:48 +03:00
Georgi Kodinov
66ce3dee92 Revert of the fix for bug #46019. 2009-08-21 17:10:55 +03:00
Georgi Kodinov
1317d24b33 merge of bug #46019 to 5.1-bugteam 2009-08-20 17:11:22 +03:00
Georgi Kodinov
0665536995 Bug #46019: ERROR 1356 When selecting from within another
view that has Group By
      
Table access rights checking function check_grant() assumed
that no view is opened when it's called.
This is not true with nested views where the inner view
needs materialization. In this case the view is already 
materialized when check_grant() is called for it.
This caused check_grant() to not look for table level
grants on the materialized view table.
Fixed by checking if a view is already materialized and if 
it is check table level grants using the original table name
(not the ones of the materialized temp table).
2009-08-19 15:14:57 +03:00
Matthias Leich
2417d31045 Merge 5.0 -> 5.1 of fix for Bug#42003 and Bug#43114 2009-03-06 15:56:17 +01:00
Matthias Leich
0183d4d842 Merge of fix for Bug#42003 and Bug#43114 into more actual GCA tree
modifications according to the reviews are included
2009-03-05 14:35:03 +01:00
Matthias Leich
140cc614c9 Last slice of fix for Bug#42003 tests missing the disconnect of connections <> default
+ Fix for Bug#43114 wait_until_count_sessions too restrictive, random PB failures
+ Removal of a lot of other weaknesses found
+ modifications according to review
2009-03-03 21:34:18 +01:00
Georgi Kodinov
f3c6ff1f7a null-merged the fix and kept the test for bug #41354 from 5.0-bugteam 2009-02-26 19:20:50 +02:00
Georgi Kodinov
a9d707037a Bug #41354: Access control is bypassed when all columns
of a view are selected by * wildcard

Backported a part of the fix for 36086 to 5.0

mysql-test/r/view_grant.result:
  Bug #41354: test case
mysql-test/t/view_grant.test:
  Bug #41354: test case
sql/sql_acl.cc:
  Bug #41354: return table error when no access and *
sql/sql_base.cc:
  Bug #41354: backported the check in bug 36086 to 5.0
2009-02-26 19:00:44 +02:00
Sergey Glukhov
89fbca2813 5.0-bugteam->5.1-bugteam merge 2009-02-25 16:18:24 +04:00
Sergey Glukhov
5d2fc53354 Bug#40345 MySQLDump prefixes view name with database name when view references other db
print compact view name if the view belongs to the current database


mysql-test/r/information_schema_db.result:
  result fix
mysql-test/r/mysqldump.result:
  result fix
mysql-test/r/view_grant.result:
  result fix
sql/sql_show.cc:
  print compact view name if the view belongs to the current database
2009-02-25 15:44:50 +04:00
Georgi Kodinov
620438fdae backport the fix for bug #37191 to 5.1-bugteam 2009-02-25 12:19:29 +02:00
Martin Hansson
c0cfce21d6 Bug#35600: Security breach via view, I_S table and prepared
statement/stored procedure

View privileges are properly checked after the fix for bug no 
36086, so the method TABLE_LIST::get_db_name() must be used 
instead of field TABLE_LIST::db, as this only works for tables.
Bug appears when accessing views in prepared statements.

mysql-test/r/view_grant.result:
  Bug#35600: Extended existing test case.
mysql-test/t/view_grant.test:
  Bug#35600: Extended existing test result.
sql/sql_parse.cc:
  Bug#35600: Using method to retrieve database name instead of
  field.
2008-09-09 12:49:08 +02:00
Martin Hansson
3bad2119f9 Bug#36086: SELECT * from views don't check column grants
This patch also fixes bugs 36963 and 35600.
                      
- In many places a view was confused with an anonymous derived
  table, i.e. access checking was skipped. Fixed by introducing a
  predicate to tell the difference between named and anonymous
  derived tables.
                      
- When inserting fields for "SELECT * ", there was no 
  distinction between base tables and views, where one should be
  made. View privileges are checked elsewhere.

mysql-test/include/grant_cache.inc:
  Bug#36086: Changed test case.
mysql-test/r/grant2.result:
  Bug#36086: Changed test result.
mysql-test/r/grant_cache_no_prot.result:
  Bug#36086: Changed test result.
mysql-test/r/grant_cache_ps_prot.result:
  Bug#36086: Changed test result.
mysql-test/r/view_grant.result:
  Bug#36086: Test result.
mysql-test/t/grant2.test:
  Bug#36086: Changed test case.
mysql-test/t/view_grant.test:
  Bug#36086: Test case.
sql/item.cc:
  Bug#36086: Replaced conditional with new methods.
sql/sql_acl.cc:
  Bug no 35600: 
  In mysql_table_grant:
    Replaced conditional with the new accessor method.
  
  In check_grant:
   - Changed the requirement table->derived != null to 
     checking all anonymous derived tables.
   - Use of the accessor methods for getting object and database 
     names.
      
  Bug#36086: In check_grant_all_columns:
    - Updated comment. This function is now called for views
      as well.
    - The error message should not disclose any column names 
      unless the user has privilege to see all column names.
    - Changed names of Field_iterator_table_ref methods.
sql/sql_base.cc:
  Bug no 36963: In insert_fields()
    - Commented.
    - We should call check_grant_all_columns() for views in  
      this case.        
    - Changed names of Field_iterator_table_ref methods.
    - We should not disclose column names in the error message
      when the user has no approprate privilege.
sql/sql_cache.cc:
  Bug#36086: Replaced test with new predicate method.
sql/sql_derived.cc:
  Bug#36086: commenting only. Updated and doxygenated
  comment for mysql_derived_prepare().
sql/sql_parse.cc:
  Bug no 35600: 
  - In check_single_table_access:
    Due to the bug, check_grant would raise an error for a
    SHOW CREATE TABLE command for a TEMPTABLE view. It should in
    fact not be be invoked in this case. This table privilege
    is checked already.
    There is a test case for this in information_schema_db.test.
      
  - In check_access: replaced table->derived
sql/table.cc:
  Bug#36086: 
  
  - In TABLE_LIST::set_underlying_merge(): 
    Commenting only. Doxygenated, corrected spelling,
    added.
  
  - Renamed table_name() and db_name() methods of 
    Field_iterator_table_ref in order to be consistent
    with new methods in TABLE_LIST.
sql/table.h:
  Bug#36086: 
    - Commented GRANT_INFO.
    - Added a predicate is_anonymous_derived_table() to    
      TABLE_LIST.
    - Added get_table_name() and get_db_name() to   
      TABLE_LIST in order to hide the disparate   
      representation of these properties.
2008-09-03 16:45:40 +02:00
unknown
9965de17ba Fix result files (Bug#21854).
mysql-test/r/information_schema_db.result:
  Update result file.
mysql-test/r/sp-security.result:
  Update result file.
mysql-test/r/trigger_notembedded.result:
  Update result file.
mysql-test/r/view_grant.result:
  Update result file.
2008-03-22 11:01:31 +03:00
unknown
d05f6b9fb8 A patch for Bug#21854: Problems with CREATE TRIGGER without
DEFINER clause in --skip-grant-tables mode.

Update error message.


mysql-test/r/information_schema_db.result:
  Update result file.
mysql-test/r/sp-security.result:
  Update result file.
mysql-test/r/trigger_notembedded.result:
  Update result file.
mysql-test/r/view_grant.result:
  Update result file.
sql/share/errmsg.txt:
  Update error message.
2008-03-21 18:34:12 +03:00
unknown
9bbf256cb3 Merge quad.:/mnt/raid/alik/MySQL/devel/bug-34337/5.0-rt-bug34337
into  quad.:/mnt/raid/alik/MySQL/devel/bug-34337/5.1-rt-bug34337


mysql-test/r/view_grant.result:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
sql/sql_view.cc:
  Auto merged
mysql-test/t/view.test:
  Manually merged.
2008-02-21 12:24:40 +03:00
unknown
fa08b28085 Fix for Bug#34337: Server crash when Altering a view using
a table name.
  
The problem was that fill_defined_view_parts() did not return
an error if a table is going to be altered. That happened if
the table was already in the table cache. In that case,
open_table() returned non-NULL value (valid TABLE-instance from
the cache).
  
The fix is to ensure that an error is thrown even if the table
is in the cache.

(This is a backport of the original patch for 5.1)


mysql-test/r/view.result:
  Fix result file.
mysql-test/r/view_grant.result:
  Fix result file.
mysql-test/t/view.test:
  Add a test case for Bug#34337: Server crash when Altering a view
  using a table name.
mysql-test/t/view_grant.test:
  Fix order-dependency.
sql/sql_view.cc:
  Report an error if we're going to work with a table.
2008-02-21 12:17:32 +03:00
unknown
e4d0c1cbe3 merge 5.0-opt -> 5.1-opt 2007-10-01 17:37:48 +03:00
unknown
163ba66c3f merge 5.0-opt -> 5.1-opt
mysql-test/r/func_math.result:
  Auto merged
mysql-test/t/func_math.test:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
sql/item_func.cc:
  Auto merged
sql/sql_select.cc:
  Auto merged
sql/sql_view.cc:
  Auto merged
2007-10-01 12:56:25 +03:00
unknown
c6a4e65a40 view_grant.result, view_grant.test:
Corrected test case for the bug#29908.


mysql-test/t/view_grant.test:
  Corrected test case for the bug#29908.
mysql-test/r/view_grant.result:
  Corrected test case for the bug#29908.
2007-09-29 01:07:29 +00:00
unknown
1cb6dc2b37 Bug#29908: A user can gain additional access through the ALTER VIEW.
Non-definer of a view was allowed to alter that view. Due to this the alterer
can elevate his access rights to access rights of the view definer and thus
modify data which he wasn't allowed to modify. A view defined with
SQL SECURITY INVOKER can't be used directly for access rights elevation.
But a user can first alter the view SQL code and then alter the view to 
SQL SECURITY DEFINER and thus elevate his access rights. Due to this
altering a view with SQL SECURITY INVOKER is also prohibited.

Now the mysql_create_view function allows ALTER VIEW only to the view
definer or a super user. 


mysql-test/t/view_grant.test:
  Added a test case for the bug#29908: A user can gain additional access through the
  ALTER VIEW.
  A test case was adjusted after fixfing bug#29908.
mysql-test/r/view_grant.result:
  Added a test case for the bug#29908: A user can gain additional access through the
  ALTER VIEW.
sql/sql_view.cc:
  Bug#29908: A user can gain additional access through the ALTER VIEW.
  Now the mysql_create_view function allows ALTER VIEW only to the view
  definer or a super user.
2007-09-20 18:05:09 +04:00
unknown
405f82d390 Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
    has a non-ascii symbol
  - BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
  - BUG#19443: INFORMATION_SCHEMA does not support charsets properly
  - BUG#21249: Character set of SP-var can be ignored
  - BUG#25212: Character set of string constant is ignored (stored routines)
  - BUG#25221: Character set of string constant is ignored (triggers)

There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
   triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
   inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
   definition;

1. No query-definition-character set.

In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.

The context contains the following data:
  - client character set;
  - connection collation (character set and collation);
  - collation of the owner database;

The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).

2. Wrong mysqldump-output.

The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.

Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).

The solution is
  - to store definition queries in the original character set;
  - to change SHOW CREATE statement to output definition query in the
    binary character set (i.e. without any conversion);
  - introduce SHOW CREATE TRIGGER statement;
  - to dump special statements to switch the context to the original one
    before dumping and restore it afterwards.

Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.

3. INFORMATION_SCHEMA showed non-UTF8 strings

The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.

Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.

This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object.  Specialized SHOW CREATE statements should be
used for this.

The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).

Example:

  - original query:
    CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;

  - UTF8 query (for INFORMATION_SCHEMA):
    CREATE VIEW v1 AS SELECT 'Hello' AS c1;


client/mysqldump.c:
  Set original character set and collation before dumping definition query.
include/my_sys.h:
  Move out-parameter to the end of list.
mysql-test/lib/mtr_report.pl:
  Ignore server-warnings during the test case.
mysql-test/r/create.result:
  Update result file.
mysql-test/r/ctype_cp932_binlog_stm.result:
  Update result file.
mysql-test/r/events.result:
  Update result file.
mysql-test/r/events_bugs.result:
  Update result file.
mysql-test/r/events_grant.result:
  Update result file.
mysql-test/r/func_in.result:
  Update result file.
mysql-test/r/gis.result:
  Update result file.
mysql-test/r/grant.result:
  Update result file.
mysql-test/r/information_schema.result:
  Update result file.
mysql-test/r/information_schema_db.result:
  Update result file.
mysql-test/r/lowercase_view.result:
  Update result file.
mysql-test/r/mysqldump.result:
  Update result file.
mysql-test/r/ndb_sp.result:
  Update result file.
mysql-test/r/ps.result:
  Update result file.
mysql-test/r/rpl_replicate_do.result:
  Update result file.
mysql-test/r/rpl_sp.result:
  Update result file.
mysql-test/r/rpl_trigger.result:
  Update result file.
mysql-test/r/rpl_view.result:
  Update result file.
mysql-test/r/show_check.result:
  Update result file.
mysql-test/r/skip_grants.result:
  Update result file.
mysql-test/r/sp-destruct.result:
  Update result file.
mysql-test/r/sp-error.result:
  Update result file.
mysql-test/r/sp-security.result:
  Update result file.
mysql-test/r/sp.result:
  Update result file.
mysql-test/r/sql_mode.result:
  Update result file.
mysql-test/r/system_mysql_db.result:
  Update result file.
mysql-test/r/temp_table.result:
  Update result file.
mysql-test/r/trigger-compat.result:
  Update result file.
mysql-test/r/trigger-grant.result:
  Update result file.
mysql-test/r/trigger.result:
  Update result file.
mysql-test/r/view.result:
  Update result file.
mysql-test/r/view_grant.result:
  Update result file.
mysql-test/t/events.test:
  Update test case (new columns added).
mysql-test/t/information_schema.test:
  Update test case (new columns added).
mysql-test/t/show_check.test:
  Test case for SHOW CREATE TRIGGER in prepared statements and
  stored routines.
mysql-test/t/sp-destruct.test:
  Update test case (new columns added).
mysql-test/t/sp.test:
  Update test case (new columns added).
mysql-test/t/view.test:
  Update test.
mysys/charset.c:
  Move out-parameter to the end of list.
scripts/mysql_system_tables.sql:
  Add new columns to mysql.proc and mysql.event.
scripts/mysql_system_tables_fix.sql:
  Add new columns to mysql.proc and mysql.event.
sql/event_data_objects.cc:
  Support new attributes for events.
sql/event_data_objects.h:
  Support new attributes for events.
sql/event_db_repository.cc:
  Support new attributes for events.
sql/event_db_repository.h:
  Support new attributes for events.
sql/events.cc:
  Add new columns to SHOW CREATE event resultset.
sql/mysql_priv.h:
  1. Introduce Object_creation_ctx;
  2. Introduce SHOW CREATE TRIGGER;
  3. Introduce auxilary functions.
sql/sp.cc:
  Add support for new store routines attributes.
sql/sp_head.cc:
  Add support for new store routines attributes.
sql/sp_head.h:
  Add support for new store routines attributes.
sql/sql_lex.cc:
  Generate UTF8-body on parsing/lexing.
sql/sql_lex.h:
  1. Generate UTF8-body on parsing/lexing.
  2. Introduce SHOW CREATE TRIGGER.
sql/sql_parse.cc:
  Introduce SHOW CREATE TRIGGER.
sql/sql_partition.cc:
  Update parse_sql().
sql/sql_prepare.cc:
  Update parse_sql().
sql/sql_show.cc:
  Support new attributes for views
sql/sql_trigger.cc:
  Support new attributes for views
sql/sql_trigger.h:
  Support new attributes for views
sql/sql_view.cc:
  Support new attributes for views
sql/sql_yacc.yy:
  1. Add SHOW CREATE TRIGGER statement.
  2. Generate UTF8-body for views, stored routines, triggers and events.
sql/table.cc:
  Introduce Object_creation_ctx.
sql/table.h:
  Introduce Object_creation_ctx.
sql/share/errmsg.txt:
  Add new errors.
mysql-test/include/ddl_i18n.check_events.inc:
  Aux file for test suite.
mysql-test/include/ddl_i18n.check_sp.inc:
  Aux file for test suite.
mysql-test/include/ddl_i18n.check_triggers.inc:
  Aux file for test suite.
mysql-test/include/ddl_i18n.check_views.inc:
  Aux file for test suite.
mysql-test/include/have_cp1251.inc:
  Aux file for test suite.
mysql-test/include/have_cp866.inc:
  Aux file for test suite.
mysql-test/include/have_koi8r.inc:
  Aux file for test suite.
mysql-test/include/have_utf8.inc:
  Aux file for test suite.
mysql-test/r/ddl_i18n_koi8r.result:
  Result file.
mysql-test/r/ddl_i18n_utf8.result:
  Result file.
mysql-test/r/have_cp1251.require:
  Aux file for test suite.
mysql-test/r/have_cp866.require:
  Aux file for test suite.
mysql-test/r/have_koi8r.require:
  Aux file for test suite.
mysql-test/r/have_utf8.require:
  Aux file for test suite.
mysql-test/t/ddl_i18n_koi8r.test:
  Complete koi8r test case for the CS patch.
mysql-test/t/ddl_i18n_utf8.test:
  Complete utf8 test case for the CS patch.
2007-06-28 21:34:54 +04:00
unknown
24d77dca68 Fixed tests that relied on broken behavior in acl_getroot_no_password().
This is to fix PB failures introduced by the patch for bug #28895.


mysql-test/r/view_grant.result:
  Fixed tests that relied on broken behavior in acl_getroot_no_password().
2007-06-07 12:45:37 +04:00
unknown
cf6e5c12d1 Merge polly.local:/home/kaa/src/maint/bug28895/my50-bug28895
into  polly.local:/home/kaa/src/maint/bug28895/my51-bug28895


mysql-test/r/view_grant.result:
  Auto merged
sql/sql_acl.cc:
  Auto merged
2007-06-06 21:44:05 +04:00
unknown
3ac87034ca Fix for bug #28895 "Test 'information_schema_db' fails on i5/OS 32 bit".
In acl_getroot_no_password(), use a separate variable for traversing the acl_users list so that the last entry is not used when no matching entries are found.


mysql-test/r/view_grant.result:
  Fixed the testcase for bug #14875 which relied on broken behavior. sctx->master_access and sctx->priv_user were being set to the last entry in the acl_users list. That does not happen after the patch for bug #28895, so we get a different warning message.
sql/sql_acl.cc:
  In acl_getroot_no_password(), use a separate variable for traversing the acl_users list so that the last entry is not used when no matching entries are found.
2007-06-05 22:18:07 +04:00
unknown
374718ff45 Merge ua141d10.elisa.omakaista.fi:/home/my/bk/mysql-5.0-marvel
into  ua141d10.elisa.omakaista.fi:/home/my/bk/mysql-5.1-marvel


client/mysql.cc:
  Auto merged
client/mysqlbinlog.cc:
  Auto merged
BitKeeper/deleted/.del-my_lread.c:
  Auto merged
BitKeeper/deleted/.del-my_lwrite.c:
  Auto merged
BitKeeper/deleted/.del-raid.cc~488f5fa6538394e1:
  Auto merged
BitKeeper/deleted/.del-raid.h~2d2503a66b128ac6:
  Auto merged
client/mysqldump.c:
  Auto merged
extra/perror.c:
  Auto merged
include/my_sys.h:
  Auto merged
libmysql/libmysql.c:
  Auto merged
libmysqld/libmysqld.c:
  Auto merged
mysql-test/r/mysqlbinlog2.result:
  Auto merged
mysql-test/r/sp-security.result:
  Auto merged
mysql-test/r/view_grant.result:
  Auto merged
mysql-test/t/grant.test:
  Auto merged
mysql-test/t/sp-security.test:
  Auto merged
mysql-test/t/sp.test:
  Auto merged
mysql-test/t/sp_trans.test:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
mysys/default.c:
  Auto merged
mysys/hash.c:
  Auto merged
mysys/mf_iocache.c:
  Auto merged
mysys/mf_keycache.c:
  Auto merged
mysys/my_alloc.c:
  Auto merged
mysys/my_dup.c:
  Auto merged
mysys/my_getwd.c:
  Auto merged
mysys/my_handler.c:
  Auto merged
mysys/my_lib.c:
  Auto merged
mysys/my_malloc.c:
  Auto merged
mysys/my_pread.c:
  Auto merged
mysys/my_read.c:
  Auto merged
mysys/my_seek.c:
  Auto merged
mysys/my_static.c:
  Auto merged
mysys/safemalloc.c:
  Auto merged
mysys/thr_alarm.c:
  Auto merged
mysys/typelib.c:
  Auto merged
sql/handler.cc:
  Auto merged
sql/item.cc:
  Auto merged
sql/item_cmpfunc.cc:
  Auto merged
sql/item_func.h:
  Auto merged
sql/item_subselect.cc:
  Auto merged
sql/log_event.cc:
  Auto merged
sql/net_serv.cc:
  Auto merged
sql/opt_range.cc:
  Auto merged
sql/slave.cc:
  Auto merged
sql/sp.cc:
  Auto merged
sql/sp_head.cc:
  Auto merged
sql/sql_acl.cc:
  Auto merged
sql/sql_base.cc:
  Auto merged
sql/sql_cache.cc:
  Auto merged
sql/sql_class.cc:
  Auto merged
sql/sql_class.h:
  Auto merged
sql/sql_delete.cc:
  Auto merged
sql/sql_load.cc:
  Auto merged
sql/sql_prepare.cc:
  Auto merged
sql/sql_repl.cc:
  Auto merged
sql/sql_select.cc:
  Auto merged
sql/sql_table.cc:
  Auto merged
sql/sql_view.cc:
  Auto merged
sql/strfunc.cc:
  Auto merged
sql/table.cc:
  Auto merged
sql/tztime.cc:
  Auto merged
sql/unireg.cc:
  Auto merged
sql-common/client.c:
  Auto merged
sql-common/my_time.c:
  Auto merged
storage/archive/ha_archive.cc:
  Auto merged
storage/heap/_check.c:
  Auto merged
storage/heap/hp_delete.c:
  Auto merged
storage/heap/hp_hash.c:
  Auto merged
storage/heap/hp_open.c:
  Auto merged
storage/heap/hp_rkey.c:
  Auto merged
storage/heap/hp_rrnd.c:
  Auto merged
storage/heap/hp_write.c:
  Auto merged
storage/innobase/handler/ha_innodb.cc:
  Auto merged
storage/myisam/mi_close.c:
  Auto merged
storage/myisam/mi_delete.c:
  Auto merged
storage/myisam/mi_dynrec.c:
  Auto merged
storage/myisam/mi_keycache.c:
  Auto merged
storage/myisam/mi_page.c:
  Auto merged
storage/myisam/mi_statrec.c:
  Auto merged
storage/myisam/myisamchk.c:
  Auto merged
storage/myisammrg/myrg_extra.c:
  Auto merged
storage/ndb/src/mgmclient/CommandInterpreter.cpp:
  Auto merged
tests/mysql_client_test.c:
  Auto merged
mysql-test/r/grant.result:
  Merged from 5.0
mysql-test/r/sp.result:
  Merged from 5.0
mysql-test/r/sp_trans.result:
  Merged from 5.0
mysql-test/t/mysqlbinlog2.test:
  Merged from 5.0
mysys/thr_lock.c:
  Merged from 5.0
sql/ha_ndbcluster.cc:
  Merged from 5.0
sql/log.cc:
  Merged from 5.0
sql/mysql_priv.h:
  Merged from 5.0
sql/mysqld.cc:
  Merged from 5.0
sql/set_var.cc:
  Merged from 5.0
sql/sql_db.cc:
  Merged from 5.0
sql/sql_insert.cc:
  Merged from 5.0
sql/sql_parse.cc:
  Merged from 5.0
sql/sql_show.cc:
  Merged from 5.0
sql/sql_update.cc:
  Merged from 5.0
2007-03-29 17:27:42 +03:00
unknown
48d4d50c6e Merge sergbook.mysql.com:/usr/home/serg/Abk/mysql-5.0-build
into  sergbook.mysql.com:/usr/home/serg/Abk/mysql-5.0


client/mysqlbinlog.cc:
  Auto merged
sql/sql_view.cc:
  Auto merged
mysql-test/r/view_grant.result:
  merged
mysql-test/t/view_grant.test:
  merged
2007-03-23 17:56:58 +02:00
unknown
49383e87c6 fixes to make embedded-server test working
mysql-test/r/view.result:
  result fixed
mysql-test/r/view_grant.result:
  result fixed
mysql-test/t/query_cache_sql_prepare.test:
  test fixed
mysql-test/t/view.test:
  moved to view_grant
mysql-test/t/view_grant.test:
  moved here from view.test
2007-03-23 10:16:30 +04:00
unknown
646b2cbb8f Merge mysql.com:/home/hf/work/mrg/mysql-5.0-opt
into  mysql.com:/home/hf/work/mrg/mysql-5.1-opt


mysql-test/r/view_grant.result:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
sql/sql_view.cc:
  Auto merged
2007-03-23 00:09:12 +04:00
unknown
9b774e8f8d Bug#26813: The SUPER privilege is wrongly required to alter a view created by
another user.

When the DEFINER clause isn't specified in the ALTER statement then it's loaded
from the view definition. If the definer differs from the current user then
the error is thrown because only a super-user can set other users as a definers.

Now if the DEFINER clause is omitted in the ALTER VIEW statement then the
definer from the original view is used without check.


mysql-test/t/view_grant.test:
  Added a test case for the bug#27006: The SUPER privilege is wrongly required
  to alter a view created by another user.
mysql-test/r/view_grant.result:
  Added a test case for the bug#27006: The SUPER privilege is wrongly required
  to alter a view created by another user.
sql/sql_view.cc:
  Bug#26813: The SUPER privilege is wrongly required to alter a view created by
  another user.
  Now if the DEFINER clause is omitted in the ALTER VIEW statement then the
  definer from the original view is used without check.
2007-03-22 22:05:19 +03:00
unknown
b444f80882 Fix for BUG#24040: Create View don't succed with "all privileges"
on a database.

The problem was that we required not less privileges on the base tables
than we have on the view.

The fix is to be more flexible and allow to create such a view (necessary
privileges will be checked at the runtime).


mysql-test/r/view_grant.result:
  Updated result file.
mysql-test/t/view_grant.test:
  Added test case for BUG#24040 (Create View don't succed with
  "all privileges" on a database).
sql/sql_view.cc:
  Implement flexible privilege check for CREATE VIEW.
2007-03-22 00:34:15 +03:00
unknown
fa710dfbb1 Merge moonlight.home:/home/tomash/src/mysql_ab/mysql-5.0
into  moonlight.home:/home/tomash/src/mysql_ab/mysql-5.0-bug24404


sql/sql_view.cc:
  Auto merged
mysql-test/r/view_grant.result:
  Manual merge.
mysql-test/t/view_grant.test:
  Manual merge.
2007-01-18 13:06:10 +03:00
unknown
60758fb17d Merge moonlight.home:/home/tomash/src/mysql_ab/mysql-5.0-bug24404
into  moonlight.home:/home/tomash/src/mysql_ab/mysql-5.1-bug24404


sql/sql_view.cc:
  Auto merged
mysql-test/r/view_grant.result:
  Manual merge.
mysql-test/t/view_grant.test:
  Manual merge.
2007-01-18 12:57:34 +03:00
unknown
0541dcad3b Bug#24404: strange bug with view+permission+prepared statement.
The problem was that if a prepared statement accessed a view, the
access to the tables listed in the query after that view was done in
the security context of the view.

The bug was in the assigning of the security context to the tables
belonging to a view: we traversed the list of all query tables
instead.  It didn't show up in the normal (non-prepared) statements
because of the different order of the steps of checking privileges
and descending into a view for normal and prepared statements.

The solution is to traverse the list and stop once the last table
belonging to the view was processed.


mysql-test/r/view_grant.result:
  Add result for bug#24404: strange bug with view+permission+prepared
  statement.
mysql-test/t/view_grant.test:
  Add test case for bug#24404: strange bug with view+permission+prepared
  statement.
sql/sql_view.cc:
  Remove dead line.
  When setting security context, we should traverse the list of tables
  belonging to a given view, not all query tables.  We achieve that by
  stopping at the first table past view_tables_tail.
2007-01-18 12:48:17 +03:00
unknown
2e5a6f9eaa Merge neptunus.(none):/home/msvensson/mysql/mysql-5.0
into  neptunus.(none):/home/msvensson/mysql/mysql-5.0-maint


BitKeeper/etc/ignore:
  auto-union
Docs/Makefile.am:
  Auto merged
Makefile.am:
  Auto merged
client/mysql.cc:
  Auto merged
client/mysqltest.c:
  Auto merged
include/Makefile.am:
  Auto merged
myisam/myisampack.c:
  Auto merged
mysql-test/lib/mtr_io.pl:
  Auto merged
mysql-test/lib/mtr_process.pl:
  Auto merged
mysql-test/mysql-test-run.pl:
  Auto merged
mysql-test/r/view_grant.result:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
sql/handler.cc:
  Auto merged
sql/item.cc:
  Auto merged
sql/item_func.cc:
  Auto merged
sql/item_func.h:
  Auto merged
sql/item_timefunc.cc:
  Auto merged
sql/mysql_priv.h:
  Auto merged
sql/mysqld.cc:
  Auto merged
sql/sp.cc:
  Auto merged
sql/sql_base.cc:
  Auto merged
sql-common/my_time.c:
  Auto merged
sql/sql_handler.cc:
  Auto merged
extra/yassl/taocrypt/include/algebra.hpp:
  Manual merge with import of upstream yaSSL
2006-12-04 19:28:38 +01:00
unknown
dea988a048 Merge neptunus.(none):/home/msvensson/mysql/mysql-5.1
into  neptunus.(none):/home/msvensson/mysql/mysql-5.1-maint


BitKeeper/etc/collapsed:
  auto-union
BitKeeper/etc/ignore:
  auto-union
Makefile.am:
  Auto merged
client/mysql.cc:
  Auto merged
client/mysqltest.c:
  Auto merged
configure.in:
  Auto merged
extra/yassl/taocrypt/include/algebra.hpp:
  Auto merged
include/Makefile.am:
  Auto merged
include/my_sys.h:
  Auto merged
mysql-test/lib/mtr_io.pl:
  Auto merged
mysql-test/lib/mtr_process.pl:
  Auto merged
mysql-test/mysql-test-run.pl:
  Auto merged
mysql-test/r/information_schema.result:
  Auto merged
mysql-test/r/parser.result:
  Auto merged
mysql-test/r/ps.result:
  Auto merged
mysql-test/r/view_grant.result:
  Auto merged
mysql-test/t/information_schema.test:
  Auto merged
mysql-test/t/parser.test:
  Auto merged
mysql-test/t/ps.test:
  Auto merged
mysql-test/t/sp.test:
  Auto merged
mysql-test/t/system_mysql_db_fix30020.test:
  Auto merged
mysql-test/t/udf.test:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
scripts/mysql_fix_privilege_tables.sql:
  Auto merged
sql/ha_ndbcluster.cc:
  Auto merged
sql/handler.cc:
  Auto merged
sql/item.cc:
  Auto merged
sql/item_create.cc:
  Auto merged
sql/item_func.cc:
  Auto merged
sql/item_func.h:
  Auto merged
sql/item_timefunc.cc:
  Auto merged
sql/mysql_priv.h:
  Auto merged
sql/mysqld.cc:
  Auto merged
sql/sp.cc:
  Auto merged
sql/sql_base.cc:
  Auto merged
sql/sql_handler.cc:
  Auto merged
sql/sql_lex.cc:
  Auto merged
sql/sql_lex.h:
  Auto merged
sql/sql_parse.cc:
  Auto merged
sql/sql_table.cc:
  Auto merged
sql-common/my_time.c:
  Auto merged
sql/sql_yacc.yy:
  Auto merged
storage/myisam/myisampack.c:
  Auto merged
mysql-test/r/sp.result:
  Manual merge
mysql-test/r/udf.result:
  Manual merge
mysql-test/t/events_bugs.test:
  Manual merge
sql/share/errmsg.txt:
  Manual merge
support-files/mysql.spec.sh:
  Manual merge
2006-12-04 19:11:55 +01:00
unknown
5ec18e1d43 Merge dl145s.mysql.com:/data0/bk/team_tree_merge/MERGE2/mysql-5.0-opt
into  dl145s.mysql.com:/data0/bk/team_tree_merge/MERGE2/mysql-5.1-opt


mysql-test/r/view_grant.result:
  Auto merged
2006-11-29 16:34:25 +01:00
unknown
ea81119367 view_grant.result:
Small fix for a test case


mysql-test/r/view_grant.result:
  Small fix for a test case
2006-11-29 18:12:08 +03:00
unknown
56219e755e Merge dl145s.mysql.com:/data0/bk/team_tree_merge/MERGE2/mysql-5.0-opt
into  dl145s.mysql.com:/data0/bk/team_tree_merge/MERGE2/mysql-5.1-opt


mysql-test/mysql-test-run.pl:
  Auto merged
mysql-test/r/ps.result:
  Auto merged
mysql-test/r/view_grant.result:
  Auto merged
mysql-test/t/group_min_max.test:
  Auto merged
mysql-test/t/ps.test:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
sql/opt_range.cc:
  Auto merged
sql/sql_base.cc:
  Auto merged
sql/table.cc:
  Auto merged
2006-11-29 15:24:51 +01:00
unknown
af1b3da56f Bug#17254: Error for DEFINER security on VIEW provides too much info
If a view was created with the DEFINER security and later the definer user
was dropped then a SELECT from the view throws the error message saying that
there is no definer user is registered. This is ok for a root but too much
for a mere user.

Now the st_table_list::prepare_view_securety_context() function reveals
the absence of the definer only to a superuser and throws the 'access denied'
error to others.


mysql-test/t/view_grant.test:
  Added a test case for bug#17254: Error for DEFINER security on VIEW provides too much info
mysql-test/r/view_grant.result:
  Added a test case for bug#17254: Error for DEFINER security on VIEW provides too much info
sql/table.cc:
  Bug#17254: Error for DEFINER security on VIEW provides too much info
  Now the st_table_list::prepare_view_securety_context() function reveals
  the absence of the definer only to a superuser and throws the 'access denied'
  error to others.
2006-11-27 16:15:32 +03:00
unknown
4e0cace23d Merge neptunus.(none):/home/msvensson/mysql/mysql-5.0-maint
into  neptunus.(none):/home/msvensson/mysql/mysql-5.1-new-maint


mysql-test/extra/rpl_tests/rpl_deadlock.test:
  Auto merged
mysql-test/extra/rpl_tests/rpl_max_relay_size.test:
  Auto merged
mysql-test/r/key_cache.result:
  Auto merged
mysql-test/r/rpl_deadlock_innodb.result:
  Auto merged
mysql-test/r/rpl_sp.result:
  Auto merged
mysql-test/r/rpl_stm_max_relay_size.result:
  Auto merged
mysql-test/r/rpl_timezone.result:
  Auto merged
mysql-test/r/type_float.result:
  Auto merged
mysql-test/r/view_grant.result:
  Auto merged
mysql-test/t/init_connect.test:
  Auto merged
mysql-test/t/mysqldump.test:
  Auto merged
mysql-test/t/view_grant.test:
  Auto merged
mysql-test/r/mysqldump.result:
  Manual merge
mysql-test/r/rpl_drop_db.result:
  Manual merge
mysql-test/r/rpl_variables.result:
  Manual merge
mysql-test/t/rpl_drop_db.test:
  Manual merge
mysql-test/t/rpl_sp.test:
  Manual merge
mysql-test/t/rpl_timezone.test:
  Manual merge
mysql-test/t/rpl_variables.test:
  Manual merge
2006-11-15 10:31:23 +01:00
unknown
8b8647ff42 Cleanup after test cases
mysql-test/r/init_connect.result:
  Restore global variable to the value it's set to when server is started
mysql-test/r/key_cache.result:
  Restore global variable values to original
mysql-test/r/mysqldump.result:
  Drop the user that was created. Specifying "drop user myDB_user" is equal to "drop user myDB_user@%"
mysql-test/r/rpl_deadlock.result:
  Restore global variable values to original
mysql-test/r/rpl_drop_db.result:
  Remove the conflicting file and drop database mysqltest1 before test exits
mysql-test/r/rpl_ignore_revoke.result:
  As changes to mysql.* are ignored - explicitly delete the user on slave
mysql-test/r/rpl_init_slave.result:
  Restore global variable values to original
mysql-test/r/rpl_max_relay_size.result:
  Restore global variable values to original
mysql-test/r/rpl_sp.result:
  Restore global variable values to original
mysql-test/r/rpl_timezone.result:
  Restore global variable values to original
mysql-test/r/rpl_variables.result:
  Restore global variable values to original
mysql-test/r/view_grant.result:
  Use same user in all places in the same test "readonly" is equal to "readonly@%" not "readonly@localhost"
mysql-test/t/init_connect.test:
  Restore global variable to the value it's set to when server is started
mysql-test/t/key_cache.test:
  Restore global variable values to original
mysql-test/t/mysqldump.test:
  Drop the user that was created. Specifying "drop user myDB_user" is equal to "drop user myDB_user@%"
mysql-test/t/rpl_deadlock.test:
  Restore global variable values to original
mysql-test/t/rpl_drop_db.test:
  Remove the conflicting file and drop database mysqltest1 before test exits
mysql-test/t/rpl_ignore_revoke.test:
  As changes to mysql.* are ignored - explicitly delete the user on slave
mysql-test/t/rpl_init_slave.test:
  Restore global variable values to original
mysql-test/t/rpl_max_relay_size.test:
  Restore global variable values to original
mysql-test/t/rpl_sp.test:
  Restore global variable values to original
mysql-test/t/rpl_timezone.test:
  Restore global variable values to original
mysql-test/t/rpl_variables.test:
  Restore global variable values to original
mysql-test/t/view_grant.test:
  Use same user in all places in the same test "readonly" is equal to "readonly@%" not "readonly@localhost"
2006-11-15 10:23:27 +01:00
unknown
5222b59093 Merge dl145s.mysql.com:/data/bk/team_tree_merge/MERGE/mysql-5.0-opt
into  dl145s.mysql.com:/data/bk/team_tree_merge/MERGE/mysql-5.1


mysql-test/r/func_gconcat.result:
  Auto merged
mysql-test/r/func_group.result:
  Auto merged
mysql-test/r/func_str.result:
  Auto merged
mysql-test/r/func_time.result:
  Auto merged
mysql-test/r/group_by.result:
  Auto merged
mysql-test/r/heap_hash.result:
  Auto merged
mysql-test/r/information_schema.result:
  Auto merged
mysql-test/r/innodb_mysql.result:
  Auto merged
mysql-test/r/join_outer.result:
  Auto merged
mysql-test/r/olap.result:
  Auto merged
mysql-test/r/query_cache.result:
  Auto merged
mysql-test/r/range.result:
  Auto merged
mysql-test/r/row.result:
  Auto merged
mysql-test/r/subselect.result:
  Auto merged
mysql-test/r/type_date.result:
  Auto merged
mysql-test/r/union.result:
  Auto merged
mysql-test/r/view_grant.result:
  Auto merged
mysql-test/t/func_group.test:
  Auto merged
mysql-test/t/func_str.test:
  Auto merged
mysql-test/t/func_time.test:
  Auto merged
mysql-test/t/view.test:
  Auto merged
sql/item.cc:
  Auto merged
sql/item_func.cc:
  Auto merged
sql/item_func.h:
  Auto merged
sql/log.cc:
  Auto merged
sql/mysql_priv.h:
  Auto merged
sql/opt_range.cc:
  Auto merged
sql/opt_range.h:
  Auto merged
sql/opt_sum.cc:
  Auto merged
sql/sql_delete.cc:
  Auto merged
sql/sql_insert.cc:
  Auto merged
sql/sql_lex.cc:
  Auto merged
sql/sql_lex.h:
  Auto merged
sql/sql_list.h:
  Auto merged
sql/sql_parse.cc:
  Auto merged
sql/sql_update.cc:
  Auto merged
sql/sql_yacc.yy:
  Auto merged
mysql-test/t/sp.test:
  SCCS merged
sql/item_cmpfunc.cc:
  SCCS merged
sql/sql_select.cc:
  SCCS merged
2006-09-18 12:57:20 +02:00