Commit graph

63 commits

Author SHA1 Message Date
Martin Hansson
a43242ea6d Bug#36086: SELECT * from views don't check column grants
This patch also fixes bugs 36963 and 35600.
                      
- In many places a view was confused with an anonymous derived
  table, i.e. access checking was skipped. Fixed by introducing a
  predicate to tell the difference between named and anonymous
  derived tables.
                      
- When inserting fields for "SELECT * ", there was no 
  distinction between base tables and views, where one should be
  made. View privileges are checked elsewhere.
2008-09-03 16:45:40 +02:00
gkodinov/kgeorge@magare.gmz
f42a392b2a merged the fix for bug 30468 to 5.1-opt 2007-09-27 12:32:59 +03:00
gkodinov/kgeorge@magare.gmz
fb3b12176d Bug #30468: column level privileges not respected when joining tables
When expanding a * in a USING/NATURAL join the check for table access
for both tables in the join was done using the grant information of the
first one.
Fixed by getting the grant information for the current table while 
iterating through the columns of the join.
2007-09-27 12:15:19 +03:00
evgen@moonbone.local
9e8299f69e grant2.result:
Post merge fix.
2007-06-11 22:55:21 +04:00
evgen@moonbone.local
24ea0909c9 Merge moonbone.local:/mnt/gentoo64/work/test-5.0-opt-mysql
into  moonbone.local:/mnt/gentoo64/work/test-5.1-opt-mysql
2007-06-11 17:14:16 +04:00
gluh@mysql.com/eagle.(none)
a809813b0d Bug#18660 Can't grant any privileges on single table in database with underscore char
In case of database level grant the database name may be a pattern,
in case of table|column level grant the database name can not be a pattern.
We use 'dont_check_global_grants' as a flag to determine
if it's database level grant command 
(see SQLCOM_GRANT case, mysql_execute_command() function) and
set db_is_pattern according to 'dont_check_global_grants' value.
2007-06-08 14:42:08 +05:00
dlenev@mockturtle.local
661aaec64f Merge mockturtle.local:/home/dlenev/src/mysql-5.0-like
into  mockturtle.local:/home/dlenev/src/mysql-5.1-like-2
2007-05-23 15:55:36 +04:00
dlenev@mockturtle.local
8e8f4c05cc 5.1 version of fix for:
Bug #23667 "CREATE TABLE LIKE is not isolated from alteration
              by other connections"
  Bug #18950 "CREATE TABLE LIKE does not obtain LOCK_open"
As well as:
  Bug #25578 "CREATE TABLE LIKE does not require any privileges
              on source table".

The first and the second bugs resulted in various errors and wrong
binary log order when one tried to execute concurrently CREATE TABLE LIKE
statement and DDL statements on source table or DML/DDL statements on its
target table.

The problem was caused by incomplete protection/table-locking against
concurrent statements implemented in mysql_create_like_table() routine.
We solve it by simply implementing such protection in proper way.
Most of actual work for 5.1 was already done by fix for bug 20662 and
preliminary patch changing locking in ALTER TABLE.

The third bug allowed user who didn't have any privileges on table create
its copy and therefore circumvent privilege check for SHOW CREATE TABLE.

This patch solves this problem by adding privilege check, which was missing.

Finally it also removes some duplicated code from mysql_create_like_table()
and thus fixes bug #26869 "TABLE_LIST::table_name_length inconsistent with
TABLE_LIST::table_name".
2007-05-23 15:26:16 +04:00
dlenev@mockturtle.local
c07b3670d7 5.0 version of fix for:
Bug #23667 "CREATE TABLE LIKE is not isolated from alteration
             by other connections"
 Bug #18950 "CREATE TABLE LIKE does not obtain LOCK_open"
As well as:
 Bug #25578 "CREATE TABLE LIKE does not require any privileges
             on source table".

The first and the second bugs resulted in various errors and wrong
binary log order when one tried to execute concurrently CREATE TABLE LIKE
statement and DDL statements on source table or DML/DDL statements on its
target table.

The problem was caused by incomplete protection/table-locking against
concurrent statements implemented in mysql_create_like_table() routine.
We solve it by simply implementing such protection in proper way (see
comment for sql_table.cc for details).

The third bug allowed user who didn't have any privileges on table create
its copy and therefore circumvent privilege check for SHOW CREATE TABLE.

This patch solves this problem by adding privilege check, which was missing.

Finally it also removes some duplicated code from mysql_create_like_table().

Note that, altough tests covering concurrency-related aspects of CREATE TABLE
LIKE behaviour will only be introduced in 5.1, they were run manually for
this patch as well.
2007-05-23 15:22:13 +04:00
tnurnberg@salvation.intern.azundris.com
655056d32f Bug#16456 RBR: rpl_sp.test expects query to fail, but passes in RBR
Fix tests for new behaviour: an error is thrown if a NON DETERMINISTIC
stored function (SF) is called during statement-based replication (SBR).
2006-11-17 21:30:28 +01:00
msvensson@neptunus.(none)
8929b7a03b Merge neptunus.(none):/home/msvensson/mysql/same_tools/my50-same_tools
into  neptunus.(none):/home/msvensson/mysql/same_tools/my51-same_tools
2006-10-04 16:35:40 +02:00
msvensson@neptunus.(none)
f39ff057d1 Update tests and result files after running with new mysqltest that better detects problems with test files 2006-10-04 13:09:37 +02:00
brian@zim.(none)
8deb5beb9c Merge zim.(none):/home/brian/mysql/dep-5.0
into  zim.(none):/home/brian/mysql/dep-5.1
2006-08-14 15:24:29 -07:00
cmiller@zippy.cornsilk.net
f6f7eb851e Merge updates. 2006-08-10 12:39:18 -04:00
cmiller@zippy.cornsilk.net
543fcde9b9 Merge zippy.cornsilk.net:/home/cmiller/work/mysql/mysql-4.1
into  zippy.cornsilk.net:/home/cmiller/work/mysql/mysql-5.0
2006-08-09 22:23:41 -04:00
iggy@mysql.com
2781050afc Bug#16180 Setting SQL_LOG_OFF without SUPER privilege is silently ignored 2006-06-27 20:10:49 -04:00
jimw@mysql.com
f21c110d13 Merge mysql.com:/home/jimw/my/mysql-5.0-clean
into  mysql.com:/home/jimw/my/mysql-5.1-clean
2006-04-30 13:27:38 -07:00
msvensson@neptunus.(none)
3f683e2ba4 Cleanup test cases that leaves "stuff" behind 2006-04-18 18:10:47 +02:00
msvensson@shellback.(none)
13062cbad6 BUG#13310 incorrect user parsing by SP
- Strip surrounding ''s from username when a new user connects. There
   is no user 'a@', it should be a@
2006-04-18 10:46:17 +02:00
pem@mysql.com
015ab71a50 Merge mysql.com:/extern/mysql/5.0/bug17476/mysql-5.0
into  mysql.com:/extern/mysql/5.1/generic/mysql-5.1-new
2006-03-03 12:03:27 +01:00
msvensson@neptunus.(none)
9c91f8034c Bug#17279 user with no global privs and with create priv in db can create
database
 - Fix test case for systems with "lowercase names"
2006-03-02 11:01:58 +01:00
msvensson@shellback.(none)
fe850cdc20 Merge 5.0 -> 5.1 2006-02-28 13:54:32 +01:00
msvensson@devsrv-b.mysql.com
706070fbf8 Bug#17279 user with no global privs and with create priv in db can create databases
- Use binary charset in acl_cache, to make searches case sensitive
 - Add testcase
2006-02-27 16:41:58 +01:00
msvensson@neptunus.(none)
9304785c10 Add new option "check-testcases" to mysql-test-run.pl
Cleanup the sideeffects from most of the  testcases with sideeffects.
2006-01-26 17:54:34 +01:00
msvensson@neptunus.(none)
e1ef24e38c Bug #15775 "drop user" command does not refresh acl_check_hosts
- Update patch for 5.0 
 - Added common function to be called when 'acl_users' has been modified
2005-12-28 14:43:50 +01:00
msvensson@neptunus.(none)
cdd1f5c6fc Merge neptunus.(none):/home/msvensson/mysql/bug15775_part2/my41-bug15775_part2
into  neptunus.(none):/home/msvensson/mysql/bug15775_part2/my50-bug15775_part2
2005-12-28 09:31:40 +01:00
msvensson@neptunus.(none)
2fb6cb5a5a BUG#15775 "drop user" command does not refresh acl_check_hosts
- DROP USER command didn't reload the acl_check_hosts cache causing subsequent 
     connect's via TCP to fail randomly.
   - 4.1 version
2005-12-28 09:23:27 +01:00
monty@mysql.com
f5804869e3 Don't use PATH_MAX for FN_REFLEN as this uses too much stack space
Larger stack size neaded for open table on x86 64 bit
Fix failing test cases
Deleted symlink from bk
2005-11-24 02:36:28 +02:00
dlenev@mysql.com
d23732962f Merge mysql.com:/home/dlenev/src/mysql-4.1-bg12423
into  mysql.com:/home/dlenev/src/mysql-5.0-merges
2005-09-01 23:25:29 +04:00
dlenev@mysql.com
0683c122b6 Merge bk-internal.mysql.com:/home/bk/mysql-4.1
into  mysql.com:/home/dlenev/src/mysql-4.1-bg12423
2005-09-01 17:01:25 +04:00
dlenev@mysql.com
da2af0bb6d Fix for bug #12423 "Deadlock when doing FLUSH PRIVILEGES and GRANT in
multi-threaded environment".

To avoid deadlocks between several simultaneously run account management 
commands (particularly between FLUSH PRIVILEGES/SET PASSWORD and GRANT
commands) we should always take table and internal locks during their
execution in the same order. In other words we should first open and lock
privilege tables and only then obtain acl_cache::lock/LOCK_grant locks.
2005-09-01 16:52:59 +04:00
monty@mishka.local
f384e08277 Merge mishka.local:/home/my/mysql-4.1
into  mishka.local:/home/my/mysql-5.0
2005-08-25 06:55:48 +03:00
jimw@mysql.com
f70beef6c7 Use the hostname with which the user authenticated when determining which
user to update with 'SET PASSWORD = ...'. (Bug #12302)
2005-08-22 15:48:50 -07:00
jimw@mysql.com
b95cb4e654 Merge 2005-04-05 19:45:34 -07:00
serg@serg.mylan
ab5c10c100 after merge fix 2005-03-30 00:24:58 +02:00
pekka@mysql.com
727015dbb3 Merge 2005-03-28 23:06:19 +02:00
serg@serg.mylan
a2ad96cf9e more wild_compare tests 2005-03-27 15:46:06 +02:00
serg@serg.mylan
9a0dd5c7e4 sql/sql_acl.cc
report correct errror in MODE_NO_AUTO_CREATE_USER
    cleanup
after merge fixes
2005-03-23 19:18:25 +01:00
serg@serg.mylan
d6bedfa8e0 merged 2005-03-23 09:42:24 +01:00
mysqldev@mysql.com
ad26a667e6 sql_acl.cc, sql_acl.h, sql_parse.cc
New privilege CREATE USER (CREATE_USER_ACL, Create_user_priv) added
grant2.test:
  new tests (mostly backported from jani's patch)
system_mysql_db.result, sp.result, grant2.result, grant.result:
  results updated
2005-03-22 15:54:18 +01:00
jani@ua141d10.elisa.omakaista.fi
01dddf095a - Added new error message.
- Changed error message in sql_acl.cc
- Added some more tests for GRANT.
2005-03-22 15:57:24 +02:00
jani@a193-229-222-105.elisa-laajakaista.fi
5537d21466 Added more tests to grant2. Fixed some previous tests.
Added new logic to ACL system:

1) If GRANT OPTION (not mysql db):
   Ok to update existing user, but not password.
   Not allowed to make a new user.

2) If UPDATE_ACL to mysql DB:
   Ok to update current user, but not make a new one.

3) If INSERT_ACL to mysql DB:
   Ok to add a new user, but not modify existing.

4) If GRANT OPTION to mysql DB:
   All modifications OK.
2005-03-18 13:32:28 +02:00
jani@a193-229-222-105.elisa-laajakaista.fi
1fbb61754b Fixed two bugs in MySQL ACL.
First one is related to Bug#7905. One should not be allowed to
create new user with password without UPDATE privilege to
MySQL database. Furthermore, executing the same GRANT statement
twice would actually crash the server and corrupt privilege database.

Other bug was that one could update a column, using the existing
value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1)
without SELECT privilege to the field (a in the above example)

Fixed tests grant.pl and grant2, which were wrong.
2005-03-17 08:16:56 +02:00
jimw@mysql.com
2c6e46f47e Clean up merge of fix for Bug #3309. 2005-03-03 17:44:28 -08:00
jimw@mysql.com
f7c01cfb76 Merged from 4.1 2005-03-03 15:01:46 -08:00
jimw@mysql.com
5d2bedc391 Fix bug in checking of table-specific grats that caused IP/NETMASK
hostnames to not be matched correctly. (Bug #3309)
2005-03-02 16:30:24 -08:00
jimw@mysql.com
01ddc370f0 Enable warnings for 'no default' fields being set to default when they
are not specified in an insert. Most of these changes are actually to
clean up the test suite to either specify defaults to avoid warnings,
or add the warnings to the results. Related to bug #5986.
2005-01-14 17:09:35 -08:00
serg@sergbook.mysql.com
a9c7fb9dfd post-merge 2004-12-31 17:59:43 +01:00
serg@sergbook.mysql.com
a04fc26c54 manually merged 2004-12-31 15:26:24 +01:00
serg@sergbook.mysql.com
45ce994e5d post-merge 2004-12-31 11:52:14 +01:00