List:Internals« Previous MessageNext Message »
From:eugene Date:September 20 2005 1:31am
Subject:bk commit into 5.0 tree (evgen:1.1985)
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of evgen. When evgen does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.1985 05/09/20 03:31:00 evgen@stripped +3 -0
  Manual merge

  mysql-test/t/sp.test
    1.152 05/09/20 03:30:57 evgen@stripped +0 -2
    Manual merge

  mysql-test/r/sp.result
    1.156 05/09/20 03:30:57 evgen@stripped +0 -0
    Manual merge

  sql/item_func.cc
    1.252 05/09/20 03:28:35 evgen@stripped +0 -0
    Auto merged

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	evgen
# Host:	moonbone.local
# Root:	/work/12812-bug-5.0-mysql/RESYNC

--- 1.251/sql/item_func.cc	2005-09-14 07:25:21 +04:00
+++ 1.252/sql/item_func.cc	2005-09-20 03:28:35 +04:00
@@ -4723,14 +4723,8 @@
   }
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-  if (check_routine_access(thd, EXECUTE_ACL, 
-			   m_sp->m_db.str, m_sp->m_name.str, 0, 0))
+  if (check_access(EXECUTE_ACL, 0, &save_ctx))
     goto error;
-  sp_change_security_context(thd, m_sp, &save_ctx);
-  if (save_ctx.changed && 
-      check_routine_access(thd, EXECUTE_ACL, 
-			   m_sp->m_db.str, m_sp->m_name.str, 0, 0))
-    goto error_check_ctx;
 #endif
   /*
     Disable the binlogging if this is not a SELECT statement. If this is a
@@ -4749,7 +4743,6 @@
 		 ER(ER_FAILED_ROUTINE_BREAK_BINLOG));
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-error_check_ctx:
   sp_restore_security_context(thd, m_sp, &save_ctx);
 #endif
 
@@ -4856,4 +4849,84 @@
     res= Item_func::tmp_table_field(t_arg);
 
   DBUG_RETURN(res);
+}
+
+/*
+  Check access rigths to function
+
+  SYNOPSIS
+    check_access()
+    want_access   requested access
+    report_error  whether to set error to thd->net.report_error
+    sp_ctx        sp security context for switching
+
+  RETURN
+    0     Access granted
+    1     Requested access can't be granted or function doesn't exists
+
+  NOTES
+    Checks if requested access to function can be granted to user.
+    If function isn't found yet, it searches function first.
+    If function can't be found or user don't have requested access
+    and report_error is true error is raised.
+    If security context sp_ctx is provided and access can be granted then
+    switch back to previous context isn't performed.
+    In case of access error or if context is not provided then check_access()
+    switches back to previous security context.
+*/
+bool
+Item_func_sp::check_access(ulong want_access, bool report_error, st_sp_security_context
*sp_ctx)
+{
+  bool res;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+  THD *thd= current_thd;
+  st_sp_security_context save_ctx, *curr_ctx= sp_ctx?sp_ctx:&save_ctx;
+  bool ctx_switched= 0;
+  res= 1;
+  if (! m_sp && ! (m_sp= sp_find_function(thd, m_name, TRUE)))
+  {
+    my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION", m_name->m_qname.str);
+    if (report_error)
+      thd->net.report_error= 1;
+    goto error;
+  }
+
+  if (check_routine_access(thd, want_access,
+			   m_sp->m_db.str, m_sp->m_name.str, 0, 0))
+  {
+    if (report_error)
+      thd->net.report_error= 1;
+    goto error;
+  }
+
+  sp_change_security_context(thd, m_sp, curr_ctx);
+  ctx_switched= curr_ctx->changed;
+  if (save_ctx.changed &&
+      check_routine_access(thd, want_access,
+			   m_sp->m_db.str, m_sp->m_name.str, 0, 0))
+  {
+    if (report_error)
+      thd->net.report_error= 1;
+    goto error_check_ctx;
+  }
+  res= 0;
+error_check_ctx:
+  if (ctx_switched && (res || !sp_ctx))
+    sp_restore_security_context(thd, m_sp, curr_ctx);
+error:
+#else
+  res= 0;
+#endif
+  return res;
+};
+
+bool
+Item_func_sp::fix_fields(THD *thd, Item **ref)
+{
+  bool res;
+  DBUG_ASSERT(fixed == 0);
+  res= Item_func::fix_fields(thd, ref);
+  if (!res && check_access(EXECUTE_ACL, 1, NULL))
+    res= 1;
+  return res;
 }

--- 1.155/mysql-test/r/sp.result	2005-09-14 14:54:42 +04:00
+++ 1.156/mysql-test/r/sp.result	2005-09-20 03:30:57 +04:00
@@ -3206,6 +3206,18 @@
 return f1;
 end|
 drop function bug9048|
+drop function if exists bug12812|
+create function bug12812() returns char(2)
+begin
+return 'ok';
+end;
+create user user_bug12812@localhost IDENTIFIED BY 'ABC'|
+SELECT test.bug12812()|
+ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine
'test.bug12812'
+CREATE VIEW v1 AS SELECT test.bug12812()|
+ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine
'test.bug12812'
+DROP USER user_bug12812@localhost|
+drop function bug12812|
 drop procedure if exists bug12849_1|
 create procedure bug12849_1(inout x char) select x into x|
 set @var='a'|

--- 1.151/mysql-test/t/sp.test	2005-09-14 14:54:42 +04:00
+++ 1.152/mysql-test/t/sp.test	2005-09-20 03:30:57 +04:00
@@ -4038,6 +4038,27 @@
 drop function bug9048|
 
 #
+# BUG#12812 create view calling a function works without execute right
+#           on function
+--disable_warnings
+drop function if exists bug12812|
+--enable_warnings
+create function bug12812() returns char(2)
+begin
+  return 'ok';
+end;
+create user user_bug12812@localhost IDENTIFIED BY 'ABC'|
+--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
+connect (test_user_12812,localhost,user_bug12812,ABC,test)|
+--error 1370
+SELECT test.bug12812()|
+--error 1370
+CREATE VIEW v1 AS SELECT test.bug12812()|
+# Cleanup
+connection default|
+disconnect test_user_12812|
+DROP USER user_bug12812@localhost|
+drop function bug12812|
 # Bug #12849 Stored Procedure: Crash on procedure call with CHAR type
 # 'INOUT' parameter
 #
Thread
bk commit into 5.0 tree (evgen:1.1985)eugene20 Sep