Commit graph

15 commits

Author SHA1 Message Date
Alexander Nozdrin
2dc132b209 Merge from mysql-next-mr. 2009-10-23 15:22:21 +04:00
Kristofer Pettersson
0659b857e7 Bug#27145 EXTRA_ACL troubles
The flag EXTRA_ACL is used in conjugation with our access checks, yet it is
not clear what impact this flag has.
This is a code clean up which replaces use of EXTRA_ACL with an explicit
function parameter.
The patch also fixes privilege checks for:
- SHOW CREATE TABLE: The new privilege requirement is any privilege on
  the table-level.
- CHECKSUM TABLE: Requires SELECT on the table level.
- SHOW CREATE VIEW: Requires SHOW_VIEW and SELECT on the table level
  (just as the manual claims)
- SHOW INDEX: Requires any privilege on any column combination.


mysql-test/r/grant.result:
  * Error message now shows correct command (SHOW instead of SELECT)
mysql-test/r/grant2.result:
  * Error message now shows correct command (SHOW instead of SELECT)
mysql-test/r/grant4.result:
  * This test file tests privilege requirements for
    SHOW COLUMNS
    CREATE TABLE .. LIKE
    SHOW CREATE TABLE
    SHOW INDEX
    CHECKSUM TABLE
    SHOW CREATE VIEW
mysql-test/r/information_schema_db.result:
  * Added SELECT privilege to testdb_2 as
    SHOW CREATE VIEW now demands this privilege
    as well as SHOW VIEW.
mysql-test/r/outfile.result:
  * Changed error code
mysql-test/r/view_grant.result:
  * Additional SELECT privilege is now needed
    for SHOW CREATE VIEW
mysql-test/t/grant4.test:
  * This test file tests privilege requirements for
    SHOW COLUMNS
    CREATE TABLE .. LIKE
    SHOW CREATE TABLE
    SHOW INDEX
    CHECKSUM TABLE
    SHOW CREATE VIEW
mysql-test/t/information_schema_db.test:
  * Added SELECT privilege to testdb_2 as
    SHOW CREATE VIEW now demands this privilege
    as well as SHOW VIEW.
mysql-test/t/outfile.test:
  * Changed error code
mysql-test/t/view_grant.test:
  * Additional SELECT privilege is now needed
    for SHOW CREATE VIEW
sql/mysql_priv.h:
  * Replaced EXTRA_ACL with a parameter
sql/sp_head.cc:
  * Replaced EXTRA_ACL with a parameter
sql/sql_acl.cc:
  * Converted function documentation to doxygen and clarified some behaviors.
  * Changed value from uint to bool to better reflect its meaning.
  * Removed pointless variable orig_want_access
  * Added function has_any_table_level_privileges to help with requirements
    checks during SHOW CREATE TABLE.
sql/sql_acl.h:
  * changed signature of check_grant()
  * introduced access control function has_any_table_leevl_privileges()
sql/sql_base.cc:
  * Check_table_access has new signature
sql/sql_cache.cc:
  * Check_table_access has new signature
sql/sql_parse.cc:
  * Rewrote function documentation in doxygen comments for: check_access,
    check_table_acces, check_grant.
  * Removed EXTRA_ACL flag where it doesn't hold any meaningful purpose anymore
    and replaced it with a function parameter where any privileges on any column
    combination would satisfy the requirement.
  * Fixed privilege check for SHOW COLUMNS and SHOW INDEX
  * Modified check_table_access to gain clarity in what EXTRA_ACL actually does.
  * Modified check_access to gain clarity in what EXTRA_ACL actually does.
  * Fixed privilege check for CREATE TABLE .. LIKE .. ; It now requires SELECT
    privileges on the table.
  * Fixed privilege check for SHOW CREATE TABLE ..; It now requires any privilege
    on the table level.
sql/sql_plugin.cc:
  * check_table_access has new signature
sql/sql_prepare.cc:
  * check_table_access has new signature
sql/sql_show.cc:
  * check_table_access has new signature
sql/sql_trigger.cc:
  * check_table_access has new signature
sql/sql_update.cc:
  * check grant has new signature
sql/sql_view.cc:
  * check_table_access has new signature
2009-10-19 14:58:13 +02:00
Alexander Nozdrin
c69629d269 Merge from mysql-5.1. 2009-10-13 13:42:38 +04:00
Martin Hansson
e86f08d054 Bug#35996: SELECT + SHOW VIEW should be enough to display
view definition

During SHOW CREATE VIEW there is no reason to 'anonymize'
errors that name objects that a user does not have access
to. Moreover it was inconsistently implemented. For example
base tables being referenced from a view appear to be ok,
but not views. The manual on the other hand is clear: If a
user has the privileges SELECT and SHOW VIEW, the view
definition is available to that user, period. The fix
changes the behavior to support the manual.


mysql-test/r/information_schema_db.result:
  Bug#35996: Changed warnings.
mysql-test/r/view_grant.result:
  Bug#35996: Changed warnings, test result.
mysql-test/t/information_schema_db.test:
  Bug#35996: Changed test case to reflect new behavior.
mysql-test/t/view_grant.test:
  Bug#35996: Test case.
sql/sql_acl.cc:
  Bug#35996: Code no longer necessary, we may as well exempt 
  SHOW CREATE VIEW from this check.
sql/sql_show.cc:
  Bug#35996: The fix: An Internal_error_handler that hides
  most errors raised by access checking as they are not
  relevant to SHOW CREATE VIEW.
sql/table.cc:
  Bug#35996: Restricting this hack to act only when there is 
  no Internal_error_handler.
2009-09-28 13:25:47 +02:00
Guilhem Bichot
cffc4bd90b Fixes to tests and their results, to account for differences between InnoDB 1.0.4 and the old builtin.
All committed result differences have either been verified by me or copied from Oracle's provided
results (storage/innodb_plugin/mysql-test/*.result, storage/innodb_plugin/mysql-test/patches).

mysql-test/r/information_schema.result:
  queries changed a bit
mysql-test/r/information_schema_db.result:
  queries changed a bit
mysql-test/r/innodb-autoinc.result:
  importing piece from storage/innodb_plugin/mysql-test/innodb-autoinc.result
mysql-test/r/innodb.result:
  result close to storage/innodb_plugin/innodb.result, except 4095 pages instead of 8191, which makes
  sense as Summit runs with a buffer pool of 64M, whereas the mentioned result file was made with
  a buffer pool of 128M.
mysql-test/r/mysqlshow.result:
  InnoDB I_S tables have arrived
mysql-test/suite/funcs_1/r/is_columns_is.result:
  queries changed a bit
mysql-test/suite/funcs_1/r/is_columns_is_embedded.result:
  queries changed a bit
mysql-test/suite/funcs_1/r/is_tables_is.result:
  queries changed a bit
mysql-test/suite/funcs_1/t/is_columns_is.test:
  making I_S queries ignore InnoDB I_S tables
mysql-test/suite/funcs_1/t/is_columns_is_embedded.test:
  making I_S queries ignore InnoDB I_S tables
mysql-test/suite/funcs_1/t/is_tables_is.test:
  making I_S queries ignore InnoDB I_S tables
mysql-test/suite/innodb/r/innodb-zip.result:
  result update
mysql-test/suite/innodb/t/innodb-zip.test:
  439, as size of prefix key, throws error with certain system zlib (ubuntu
  "intrepid") but not with zlib bundled with MySQL, because zlib's
  compressBound() are different (and used by InnoDB's page_zip_empty_size()).
mysql-test/suite/sys_vars/r/innodb_file_per_table_basic.result:
  result update
mysql-test/suite/sys_vars/r/innodb_lock_wait_timeout_basic.result:
  result update
mysql-test/suite/sys_vars/r/innodb_sync_spin_loops_basic_32.result:
  result update (default value is 30 in the plugin, 20 in the builtin)
mysql-test/suite/sys_vars/r/innodb_sync_spin_loops_basic_64.result:
  result update (default value is 30 in the plugin, 20 in the builtin)
mysql-test/suite/sys_vars/r/table_definition_cache_basic.result:
  result update (default value is 400 in Summit)
mysql-test/suite/sys_vars/t/innodb_file_per_table_basic.test:
  variable is writable in the plugin (patch from Oracle)
mysql-test/suite/sys_vars/t/innodb_lock_wait_timeout_basic.test:
  variable is per-session in the plugin (patch from Oracle)
mysql-test/t/information_schema.test:
  making I_S queries ignore InnoDB I_S tables
mysql-test/t/information_schema_db.test:
  making I_S queries ignore InnoDB I_S tables
mysql-test/t/innodb-autoinc.test:
  importing piece from storage/innodb_plugin/mysql-test/innodb-autoinc.test
mysql-test/t/innodb.test:
  importing most of storage/innodb_plugin/t/innodb.test. Most replace_result were not needed (no path printed), some where (for --embedded).
mysql-test/t/mysqlshow.test:
  output of test now depends on InnoDB or not InnoDB. As there is no way to make mysqlshow
  produce a single output in those two cases (no way to make it exclude InnoDB I_S
  tables), let the test depend on InnoDB, it isn't a very selective condition, and the
  test is simple enough.
storage/innobase/CMakeLists.txt:
  thanks Vlad for the noticing () vs {}
2009-08-07 22:04:53 +02:00
Matthias Leich
f4eb0953b1 Fix for Bug#44826 main.information_schema_db could harm succeeding tests
Details:
1. Add missing "disconnect <session>"
2. Take care that the disconnects are finished when the test terminates
3. Replace error names by error numbers
4. Minor beautifying of script code
2009-05-15 11:59:31 +02:00
Sergey Glukhov
7e60f71001 Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
The problem:
I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
privileges for a view. It leads to discrepancy between SHOW CREATE VIEW
and I_S.VIEWS.
The fix:
added appropriate check.


mysql-test/r/information_schema_db.result:
  test result
mysql-test/t/information_schema_db.test:
  test case
sql/sql_show.cc:
  The problem:
  I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
  privileges for a view. It leads to discrepancy between SHOW CREATE VIEW
  and I_S.VIEWS.
  The fix:
  added appropriate check.
2008-10-02 14:37:07 +05:00
unknown
b765a8af9b Bug #26817: mysqldump fails to backup database containing view with invalid definer
give some leeway on required permissions for SHOW FIELDS on views so
an unknonwn DEFINER will no longer break mysqldump


client/client_priv.h:
  Bug #26817: mysqldump fails to backup database containing view with invalid definer
  
  New option for mysqldump: redirect stderr to file ("2> for Windows")
client/mysqldump.c:
  Bug #26817: mysqldump fails to backup database containing view with invalid definer
  
  New option for mysqldump: redirect stderr to file ("2> for Windows")
mysql-test/r/information_schema_db.result:
  Bug #26817: mysqldump fails to backup database containing view with invalid definer
  
  New option for mysqldump: redirect stderr to file ("2> for Windows")
mysql-test/t/information_schema_db.test:
  Bug #26817: mysqldump fails to backup database containing view with invalid definer
  
  New option for mysqldump: redirect stderr to file ("2> for Windows")
sql/sql_base.cc:
  Bug #26817: mysqldump fails to backup database containing view with invalid definer
  
  be a little more lenient for SHOW FIELDS FROM
sql/sql_parse.cc:
  Bug #26817: mysqldump fails to backup database containing view with invalid definer
  
  be a little more lenient for SHOW FIELDS FROM on views on views
sql/sql_view.cc:
  Bug #26817: mysqldump fails to backup database containing view with invalid definer
  
  give SHOW FIELDS the same perks as SHOW CREATE
sql/table.cc:
  Bug #26817: mysqldump fails to backup database containing view with invalid definer
  
  give SHOW FIELDS the same perks as SHOW CREATE
2007-03-23 19:24:03 +01:00
unknown
ea1f7e4b56 several fixes to make tests pass in embedded-server mode
libmysqld/lib_sql.cc:
  check for bootstrap added
mysql-test/include/federated.inc:
  disabled in embedded
mysql-test/mysql-test-run.pl:
  we disable ssh in embedded server
mysql-test/r/bdb.result:
  part moved to bdb_notembedded as it uses binlog
mysql-test/r/flush_block_commit.result:
  part moved to flush_block_commit_notembedded
mysql-test/r/insert.result:
  part moved to insert_notembedded as delayed works differently in embedded server
mysql-test/r/insert_select.result:
  part moved to insert_notembedded as GRANTS usually disabled in embedded server
mysql-test/r/join.result:
  access rights hidden in result
mysql-test/t/backup.test:
  now available in embedded server
mysql-test/t/bdb.test:
  part moved to bdb_notembedded as it uses binlog
mysql-test/t/delayed.test:
  code trimmed
mysql-test/t/execution_constants.test:
  skipped in embedded-server mode
mysql-test/t/flush_block_commit.test:
  moved to flush_block_commit_notembedded
mysql-test/t/information_schema_db.test:
  skipped in embedded-server
mysql-test/t/innodb.test:
  directories replaced to be embedded-server compliant
mysql-test/t/insert.test:
  part moved to insert_notembedded
mysql-test/t/insert_select.test:
  part moved to insert_notembedded
mysql-test/t/join.test:
  access rights hidden
mysql-test/t/status.test:
  skipped in embedded server
mysql-test/t/trigger.test:
  directories replaced to be embedded-server compliant
sql/item_strfunc.cc:
  extra contexts not needed whan access checks disabled
sql/share/errmsg.txt:
  bigger paths reserved to prevent test's fails
mysql-test/r/bdb_notembedded.result:
  ***MISSING WEAVE***
mysql-test/r/flush_block_commit_notembedded.result:
  added
mysql-test/r/insert_notembedded.result:
  added
mysql-test/t/bdb_notembedded.test:
  ***MISSING WEAVE***
mysql-test/t/flush_block_commit_notembedded.test:
  added
mysql-test/t/insert_notembedded.test:
  added
2006-11-13 20:06:45 +04:00
unknown
86a239f555 information_schema_db.test fixed
mysql-test/t/information_schema_db.test:
  user dropped
2006-08-07 11:56:22 +05:00
unknown
9955388a45 Bug#20543 select on information_schema strange warnings, view, different schemas/users
The fix is: if user has privileges to view fields and user has any
(insert,select,delete,update) privileges on underlying view 
then 'show fields' and select from I_S.COLUMNS table are sucsessful.


mysql-test/r/information_schema_db.result:
  Bug#20543 select on information_schema strange warnings, view, different schemas/users
  test result
mysql-test/t/information_schema_db.test:
  Bug#20543 select on information_schema strange warnings, view, different schemas/users
  test case
sql/sql_acl.cc:
  Bug#20543 select on information_schema strange warnings, view, different schemas/users
  checked that user has privileges on underlying view and if it's true
  set allowed_show to true for top view.
sql/sql_show.cc:
  Bug#20543 select on information_schema strange warnings, view, different schemas/users
  removed unnecessary rights check.'tables->allowed_show' check is used instead
sql/sql_view.cc:
  Bug#20543 select on information_schema strange warnings, view, different schemas/users
  skip the check of SHOW_VIEW_ACL privilege on underlying view. It is done later during
  execution of find_field_in_table_ref function.
sql/table.h:
  Bug#20543 select on information_schema strange warnings, view, different schemas/users
  'allowed_show' is set during rights check for view. If true then user has privileges 
  for 'show create view', etc
2006-07-25 17:23:25 +05:00
unknown
128c3942a8 Bug#17204 "second CALL to procedure crashes Server"
Bug#18282 "INFORMATION_SCHEMA.TABLES provides inconsistent info about invalid views"
This bug caused crashes or resulted in wrong data being returned
when one tried to obtain information from I_S tables about views
using stored functions.

It was caused by the fact that we were using LEX representing
statement which were doing select from I_S tables as active LEX
when contents of I_S table were built. So state of this LEX both
affected and was affected by open_tables() calls which happened
during this process. This resulted in wrong behavior and in
violations of some of invariants which caused crashes.

This fix tries to solve this problem by properly saving/resetting
and restoring part of LEX which affects and is affected by the
process of opening tables and views in get_all_tables() routine.
To simplify things we separated this part of LEX in a new class
and made LEX its descendant.


mysql-test/r/information_schema_db.result:
  test case
mysql-test/t/information_schema_db.test:
  test case
sql/sql_lex.cc:
  To simplify saving/resetting and restoring part of LEX which
  affects and is affected by the process of opening tables and
  views we moved it to new class Query_tables_list and made LEX
  descendant of this class. Also introduced two LEX methods 
  which can be used to save and reset or to restore this state.
sql/sql_lex.h:
  To simplify saving/resetting and restoring part of LEX which
  affects and is affected by the process of opening tables and
  views we moved it to new class Query_tables_list and made LEX
  descendant of this class. Also introduced two LEX methods 
  which can be used to save and reset or to restore this state.
sql/sql_show.cc:
  Now in get_all_tables() routine we properly save/reset and
  restore part of LEX (statement table list and information
  about routines used) which affects and is affected by the
  process of opening tables and views.
sql/sql_table.cc:
  Now we clean-up LEX after opening table (view) in two stages.
  In the first stage we call LEX::cleanup_after_one_table_open()
  to clean-up selects lists and derived tables state. In the
  second stage which happens after close_thread_tables() is
  invoked we call Query_tables_list::reset_query_tables_list(FALSE)
  to rollback changes in Query_tables_list.
2006-05-30 10:45:23 +05:00
unknown
ce39d29493 Fix for bug #18113 "SELECT * FROM information_schema.xxx crashes server"
Crash happened when one selected data from one of INFORMATION_SCHEMA
tables and in order to build its contents server had to open view which
used stored function and table or view on which one had not global or
database-level privileges (e.g. had only table-level or had no
privileges at all).

The crash was caused by usage of check_grant() function, which assumes
that either number of tables to be inspected by it is limited explicitly
or table list used and thd->lex->query_tables_own_last value correspond
to each other (the latter should be either 0 or point to next_global
member of one of elements of this table list), in conditions when
above assumptions were not true. This fix just explicitly limits
number of tables to be inspected. Other negative effects which are
caused by the fact that thd->lex->query_tables_own_last might not
be set properly during processing of I_S tables are less disastrous
and will be reported and fixed separetely.



mysql-test/r/information_schema_db.result:
  Fix for bug #18113 "SELECT * FROM information_schema.xxx crashes server"
    test case
mysql-test/t/information_schema_db.test:
  Fix for bug #18113 "SELECT * FROM information_schema.xxx crashes server"
    test case
sql/sql_acl.cc:
    added note
2006-03-20 13:42:02 +04:00
unknown
f9433acc81 Fix for bug #10659: information_schema_db fail on Mac OS 2005-05-24 14:35:23 +04:00
unknown
bf049c3167 Fix for bug #10018:use INFORMATION_SCHEMA works, but show tables in it returns error 2005-05-06 19:06:10 +00:00