mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-05-05 06:35:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix bug #12812 create view calling a function works without execute right on function

Browse source 
Execution rigths on function was checked just before function execution,
thus it was unknown on prepare stage whether user have right to execute 
particular function.

Added access rights checking function which is called right after fixing
Item_func_sp.
This have additional effect that if user don't have rights for execution
query will fail on earlier stage and will not waste resources on optimizing
with failing on execution stage.


sql/item_func.h:
  Fix bug#12812 create view calling a function works without execute right on function
sql/item_func.cc:
  Fix bug#12812 create view calling a function works without execute right on function
  Added function Item_func_sp::check_access() which checks access rights.
  Added function Item_func_sp::fix_field() which calls check_access() after fixing.
  Item_func_sp::execute() now calls to check_access() to check access rights.
mysql-test/t/sp.test:
  Test case for bug#12812 create view calling a function works without execute right on function
mysql-test/r/sp.result:
  Test case for bug#12812 create view calling a function works without execute right on function
This commit is contained in:
unknown 2005-09-20 03:05:35 +04:00
commit 43dd29dfaa
4 changed files with 121 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
sql/item_func.h
View file

@ -55,7 +55,7 @@ public:
NOT_FUNC, NOT_ALL_FUNC,
NOW_FUNC, TRIG_COND_FUNC,
GUSERVAR_FUNC, COLLATE_FUNC,
EXTRACT_FUNC, CHAR_TYPECAST_FUNC };
EXTRACT_FUNC, CHAR_TYPECAST_FUNC, FUNC_SP };
enum optimize_type { OPTIMIZE_NONE,OPTIMIZE_KEY,OPTIMIZE_OP, OPTIMIZE_NULL,
OPTIMIZE_EQUAL };
enum Type type() const { return FUNC_ITEM; }
@ -1365,6 +1365,7 @@ public:
class sp_head;
class sp_name;
struct st_sp_security_context;
class Item_func_sp :public Item_func
{
@ -1434,7 +1435,10 @@ public:
{ context= (Name_resolution_context *)cntx; return FALSE; }
void fix_length_and_dec();
bool check_access(ulong want_access, bool report_error, st_sp_security_context *sp_ctx);
virtual enum Functype functype() const { return FUNC_SP; }
bool fix_fields(THD *thd, Item **ref);
};