Hi, Oleksandr! On Aug 07, Oleksandr Byelkin wrote:

revision-id: cf66c30ce592ad88d447568272bdced2046f2906 (mariadb-10.2.7-20-gcf66c30ce59) parent(s): bcc10a5a447805ce64aa13ee6a037c1618219616 committer: Oleksandr Byelkin timestamp: 2017-08-07 13:42:35 +0200 message:

MDEV-13439: Database permissions are not enough to run a subquery with GROUP BY within a view

The bug is result adding ability to have derived tables inside views. Fixed checks should be a switch between view/derived or select derived and information schema.

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 77f502d3a7b..9bffcbe6a9e 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -7594,8 +7594,11 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, /* It is subquery in the FROM clause. VIEW set t_ref->derived after table opening, but this function always called before table opening. + + NOTE: is_derived() can't be used here bacause subquery in this case

typo "bacause"

+ the FROM clase (derived tables) can be not be marked yet. */ - if (!t_ref->referencing_view) + if (t_ref->is_anonymous_derived_table() || t_ref->schema_table) { /* If it's a temporary table created for a subquery in the FROM diff --git a/sql/sql_derived.cc b/sql/sql_derived.cc index 649f745fdc4..8f8d051a976 100644 --- a/sql/sql_derived.cc +++ b/sql/sql_derived.cc @@ -822,10 +822,12 @@ bool mysql_derived_prepare(THD *thd, LEX *lex, TABLE_LIST *derived) table->derived_select_number= first_select->select_number; table->s->tmp_table= INTERNAL_TMP_TABLE; #ifndef NO_EMBEDDED_ACCESS_CHECKS - if (derived->referencing_view) + if (derived->is_view()) table->grant= derived->grant; else { + DBUG_ASSERT(derived->is_derived()); + DBUG_ASSERT(derived->is_anonymous_derived_table());

Hmm, if derived->is_derived() is always true here, why there's an if() below? If it's redundant - please, remove it.

table->grant.privilege= SELECT_ACL; if (derived->is_derived()) derived->grant.privilege= SELECT_ACL;

Regards, Sergei Chief Architect MariaDB and security@mariadb.org