maria-developers team mailing list archive

Thread
Date

Re: MDEV-13439: Database permissions are not enough to run a subquery with GROUP BY within a view

To: maria-developers@xxxxxxxxxxxxxxxxxxx
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Wed, 9 Aug 2017 15:58:10 +0200
Cc: sanja@xxxxxxxxxxx
In-reply-to: <5988522e.ccb21c0a.70a7c.7c44@mx.google.com>
User-agent: Mutt/1.7.2 (2016-11-26)

Hi, Oleksandr!

On Aug 07, Oleksandr Byelkin wrote:
> revision-id: cf66c30ce592ad88d447568272bdced2046f2906 (mariadb-10.2.7-20-gcf66c30ce59)
> parent(s): bcc10a5a447805ce64aa13ee6a037c1618219616
> committer: Oleksandr Byelkin
> timestamp: 2017-08-07 13:42:35 +0200
> message:
> 
> MDEV-13439: Database permissions are not enough to run a subquery with GROUP BY within a view
> 
> The bug is result adding ability to have derived tables inside views.
> Fixed checks should be a switch between view/derived or select derived and information schema.
> 
> diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
> index 77f502d3a7b..9bffcbe6a9e 100644
> --- a/sql/sql_acl.cc
> +++ b/sql/sql_acl.cc
> @@ -7594,8 +7594,11 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
>        /*
>          It is subquery in the FROM clause. VIEW set t_ref->derived after
>          table opening, but this function always called before table opening.
> +
> +        NOTE: is_derived() can't be used here bacause subquery in this case

typo "bacause"

> +        the FROM clase (derived tables) can be not be marked yet.
>        */
> -      if (!t_ref->referencing_view)
> +      if (t_ref->is_anonymous_derived_table() || t_ref->schema_table)
>        {
>          /*
>            If it's a temporary table created for a subquery in the FROM
> diff --git a/sql/sql_derived.cc b/sql/sql_derived.cc
> index 649f745fdc4..8f8d051a976 100644
> --- a/sql/sql_derived.cc
> +++ b/sql/sql_derived.cc
> @@ -822,10 +822,12 @@ bool mysql_derived_prepare(THD *thd, LEX *lex, TABLE_LIST *derived)
>      table->derived_select_number= first_select->select_number;
>      table->s->tmp_table= INTERNAL_TMP_TABLE;
>  #ifndef NO_EMBEDDED_ACCESS_CHECKS
> -    if (derived->referencing_view)
> +    if (derived->is_view())
>        table->grant= derived->grant;
>      else
>      {
> +      DBUG_ASSERT(derived->is_derived());
> +      DBUG_ASSERT(derived->is_anonymous_derived_table());

Hmm, if derived->is_derived() is always true here, why there's
an if() below? If it's redundant - please, remove it.

>        table->grant.privilege= SELECT_ACL;
>        if (derived->is_derived())
>          derived->grant.privilege= SELECT_ACL;


Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx