Below is the list of changes that have just been committed into a local
5.0 repository of tomash. When tomash does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2006-07-13 17:21:44+04:00, kroki@stripped +4 -0
Merge moonlight.intranet:/home/tomash/src/mysql_ab/mysql-5.0
into moonlight.intranet:/home/tomash/src/mysql_ab/mysql-5.0-bug18630
MERGE: 1.2191.33.1
sql/item_func.cc@stripped, 2006-07-13 17:21:39+04:00, kroki@stripped +0 -0
Auto merged
MERGE: 1.291.1.1
sql/item_func.h@stripped, 2006-07-13 17:21:39+04:00, kroki@stripped +0 -0
Auto merged
MERGE: 1.140.1.1
sql/sql_parse.cc@stripped, 2006-07-13 17:21:40+04:00, kroki@stripped +0 -0
Auto merged
MERGE: 1.556.5.1
sql/sql_trigger.cc@stripped, 2006-07-13 17:21:40+04:00, kroki@stripped +0 -0
Auto merged
MERGE: 1.49.5.1
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: kroki
# Host: moonlight.intranet
# Root: /home/tomash/src/mysql_ab/mysql-5.0-bug18630/RESYNC
--- 1.293/sql/item_func.cc 2006-07-13 17:21:53 +04:00
+++ 1.294/sql/item_func.cc 2006-07-13 17:21:53 +04:00
@@ -4830,7 +4830,9 @@
{
bool err_status= TRUE;
Sub_statement_state statement_state;
- Security_context *save_security_ctx= thd->security_ctx, *save_ctx_func;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+ Security_context *save_security_ctx= thd->security_ctx;
+#endif
DBUG_ENTER("Item_func_sp::execute_impl");
@@ -4841,7 +4843,7 @@
thd->security_ctx= context->security_ctx;
}
#endif
- if (find_and_check_access(thd, EXECUTE_ACL, &save_ctx_func))
+ if (find_and_check_access(thd))
goto error;
/*
@@ -4853,13 +4855,11 @@
err_status= m_sp->execute_function(thd, args, arg_count, return_value_fld);
thd->restore_sub_statement_state(&statement_state);
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
- sp_restore_security_context(thd, save_ctx_func);
error:
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
thd->security_ctx= save_security_ctx;
-#else
-error:
#endif
+
DBUG_RETURN(err_status);
}
@@ -4976,70 +4976,38 @@
SYNOPSIS
find_and_check_access()
thd thread handler
- want_access requested access
- save backup of security context
RETURN
FALSE Access granted
TRUE Requested access can't be granted or function doesn't exists
- In this case security context is not changed and *save = 0
NOTES
Checks if requested access to function can be granted to user.
If function isn't found yet, it searches function first.
If function can't be found or user don't have requested access
error is raised.
- If security context sp_ctx is provided and access can be granted then
- switch back to previous context isn't performed.
- In case of access error or if context is not provided then
- find_and_check_access() switches back to previous security context.
*/
bool
-Item_func_sp::find_and_check_access(THD *thd, ulong want_access,
- Security_context **save)
+Item_func_sp::find_and_check_access(THD *thd)
{
- bool res= TRUE;
-
- *save= 0; // Safety if error
if (! m_sp && ! (m_sp= sp_find_routine(thd, TYPE_ENUM_FUNCTION, m_name,
&thd->sp_func_cache, TRUE)))
{
my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION", m_name->m_qname.str);
- goto error;
+ return TRUE;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
- if (check_routine_access(thd, want_access,
+ if (check_routine_access(thd, EXECUTE_ACL,
m_sp->m_db.str, m_sp->m_name.str, 0, FALSE))
- goto error;
-
- sp_change_security_context(thd, m_sp, save);
- /*
- If we changed context to run as another user, we need to check the
- access right for the new context again as someone may have deleted
- this person the right to use the procedure
-
- TODO:
- Cache if the definer has the right to use the object on the first
- usage and only reset the cache if someone does a GRANT statement
- that 'may' affect this.
- */
- if (*save &&
- check_routine_access(thd, want_access,
- m_sp->m_db.str, m_sp->m_name.str, 0, FALSE))
- {
- sp_restore_security_context(thd, *save);
- *save= 0; // Safety
- goto error;
- }
+ return TRUE;
#endif
- res= FALSE; // no error
-error:
- return res;
+ return FALSE;
}
+
bool
Item_func_sp::fix_fields(THD *thd, Item **ref)
{
@@ -5050,19 +5018,23 @@
{
/*
Here we check privileges of the stored routine only during view
- creation, in order to validate the view. A runtime check is perfomed
- in Item_func_sp::execute(), and this method is not called during
- context analysis. We do not need to restore the security context
- changed in find_and_check_access because all view structures created
- in CREATE VIEW are not used for execution. Notice, that during view
- creation we do not infer into stored routine bodies and do not check
- privileges of its statements, which would probably be a good idea
- especially if the view has SQL SECURITY DEFINER and the used stored
- procedure has SQL SECURITY DEFINER
+ creation, in order to validate the view. A runtime check is
+ perfomed in Item_func_sp::execute(), and this method is not
+ called during context analysis. Notice, that during view
+ creation we do not infer into stored routine bodies and do not
+ check privileges of its statements, which would probably be a
+ good idea especially if the view has SQL SECURITY DEFINER and
+ the used stored procedure has SQL SECURITY DEFINER.
*/
- Security_context *save_ctx;
- if (!(res= find_and_check_access(thd, EXECUTE_ACL, &save_ctx)))
- sp_restore_security_context(thd, save_ctx);
+ res= find_and_check_access(thd);
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+ Security_context *save_secutiry_ctx;
+ if (!res && !(res= set_routine_security_ctx(thd, m_sp, false,
+ &save_secutiry_ctx)))
+ {
+ sp_restore_security_context(thd, save_secutiry_ctx);
+ }
+#endif /* ! NO_EMBEDDED_ACCESS_CHECKS */
}
return res;
}
--- 1.141/sql/item_func.h 2006-07-13 17:21:53 +04:00
+++ 1.142/sql/item_func.h 2006-07-13 17:21:53 +04:00
@@ -1465,8 +1465,7 @@
{ context= (Name_resolution_context *)cntx; return FALSE; }
void fix_length_and_dec();
- bool find_and_check_access(THD * thd, ulong want_access,
- Security_context **backup);
+ bool find_and_check_access(THD * thd);
virtual enum Functype functype() const { return FUNC_SP; }
bool fix_fields(THD *thd, Item **ref);
--- 1.560/sql/sql_parse.cc 2006-07-13 17:21:53 +04:00
+++ 1.561/sql/sql_parse.cc 2006-07-13 17:21:53 +04:00
@@ -4405,9 +4405,6 @@
}
else
{
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
- Security_context *save_ctx;
-#endif
ha_rows select_limit;
/* bits that should be cleared in thd->server_status */
uint bits_to_be_cleared= 0;
@@ -4449,21 +4446,11 @@
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_routine_access(thd, EXECUTE_ACL,
- sp->m_db.str, sp->m_name.str, TRUE, 0) ||
- sp_change_security_context(thd, sp, &save_ctx))
+ sp->m_db.str, sp->m_name.str, TRUE, FALSE))
{
thd->net.no_send_ok= nsok;
goto error;
}
- if (save_ctx &&
- check_routine_access(thd, EXECUTE_ACL,
- sp->m_db.str, sp->m_name.str, TRUE, 0))
- {
- thd->net.no_send_ok= nsok;
- sp_restore_security_context(thd, save_ctx);
- goto error;
- }
-
#endif
select_limit= thd->variables.select_limit;
thd->variables.select_limit= HA_POS_ERROR;
@@ -4487,9 +4474,6 @@
thd->total_warn_count= 0;
thd->variables.select_limit= select_limit;
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
- sp_restore_security_context(thd, save_ctx);
-#endif
thd->net.no_send_ok= nsok;
thd->server_status&= ~bits_to_be_cleared;
--- 1.52/sql/sql_trigger.cc 2006-07-13 17:21:53 +04:00
+++ 1.53/sql/sql_trigger.cc 2006-07-13 17:21:53 +04:00
@@ -1503,40 +1503,11 @@
old_field= table->field;
}
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
- Security_context *save_ctx;
-
- if (sp_change_security_context(thd, sp_trigger, &save_ctx))
- return TRUE;
-
- /*
- NOTE: TRIGGER_ACL should be used below.
- */
-
- if (check_global_access(thd, SUPER_ACL))
- {
- sp_restore_security_context(thd, save_ctx);
- return TRUE;
- }
-
- /*
- Fetch information about table-level privileges to GRANT_INFO structure for
- subject table. Check of privileges that will use it and information about
- column-level privileges will happen in Item_trigger_field::fix_fields().
- */
-
- fill_effective_table_privileges(thd,
- &subject_table_grants[event][time_type],
- table->s->db, table->s->table_name);
-#endif // NO_EMBEDDED_ACCESS_CHECKS
-
thd->reset_sub_statement_state(&statement_state, SUB_STMT_TRIGGER);
- err_status= sp_trigger->execute_function(thd, 0, 0, 0);
+ err_status= sp_trigger->execute_trigger
+ (thd, table->s->db, table->s->table_name,
+ &subject_table_grants[event][time_type]);
thd->restore_sub_statement_state(&statement_state);
-
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
- sp_restore_security_context(thd, save_ctx);
-#endif // NO_EMBEDDED_ACCESS_CHECKS
}
return err_status;
| Thread |
|---|
| • bk commit into 5.0 tree (kroki:1.2235) | kroki | 13 Jul |
