mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-17 20:42:30 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

stop evaluation constant functions in WHERE (BUG#4663)

Browse source 
correct value of CURRENT_USER() in SP with "security definer" (BUG#7291)
This commit is contained in:
bell@sanja.is.com.ua 2005-07-16 00:01:44 +03:00
parent 23a2643cb6
commit 6114bee47c
13 changed files with 197 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
BitKeeper/etc/config
View file

@ -24,7 +24,7 @@ description: MySQL - fast and reliable SQL database
# repository is commercial it can be an internal email address or "none"
# to disable logging.
#
logging: logging@openlogging.org
logging: none
#
# If this field is set, all checkins will appear to be made by this user,
# in effect making this a single user package. Single user packages are

24
mysql-test/r/sp-security.result
View file

@ -194,3 +194,27 @@ use test;
drop database sptest;
delete from mysql.user where user='usera' or user='userb' or user='userc';
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
use test;
select current_user();
current_user()
root@localhost
select user();
user()
root@localhost
create procedure bug7291_0 () sql security invoker select current_user(), user();
create procedure bug7291_1 () sql security definer call bug7291_0();
create procedure bug7291_2 () sql security invoker call bug7291_0();
grant execute on procedure bug7291_0 to user1@localhost;
grant execute on procedure bug7291_1 to user1@localhost;
grant execute on procedure bug7291_2 to user1@localhost;
call bug7291_2();
current_user() user()
user1@localhost user1@localhost
call bug7291_1();
current_user() user()
root@localhost user1@localhost
drop procedure bug7291_1;
drop procedure bug7291_2;
drop procedure bug7291_0;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
drop user user1@localhost;

25
mysql-test/r/view.result
View file

@ -1831,3 +1831,28 @@ select * from v1;
t
01:00
drop view v1;
create table t1 (a timestamp default now());
create table t2 (b timestamp default now());
create view v1 as select a,b,t1.a < now() from t1,t2 where t1.a < now();
SHOW CREATE VIEW v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED VIEW `test`.`v1` AS select sql_no_cache `test`.`t1`.`a` AS `a`,`test`.`t2`.`b` AS `b`,(`test`.`t1`.`a` < now()) AS `t1.a < now()` from `test`.`t1` join `test`.`t2` where (`test`.`t1`.`a` < now())
drop view v1;
drop table t1, t2;
CREATE TABLE t1 ( a varchar(50) );
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = CURRENT_USER();
SHOW CREATE VIEW v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED VIEW `test`.`v1` AS select sql_no_cache `test`.`t1`.`a` AS `a` from `test`.`t1` where (`test`.`t1`.`a` = current_user())
DROP VIEW v1;
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = VERSION();
SHOW CREATE VIEW v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED VIEW `test`.`v1` AS select `test`.`t1`.`a` AS `a` from `test`.`t1` where (`test`.`t1`.`a` = version())
DROP VIEW v1;
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = DATABASE();
SHOW CREATE VIEW v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED VIEW `test`.`v1` AS select sql_no_cache `test`.`t1`.`a` AS `a` from `test`.`t1` where (`test`.`t1`.`a` = database())
DROP VIEW v1;
DROP TABLE t1;

29
mysql-test/t/sp-security.test
View file

@ -304,3 +304,32 @@ drop database sptest;
delete from mysql.user where user='usera' or user='userb' or user='userc';
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
#
# correct value from current_user() in function run from "security definer"
# (BUG#7291)
#
connection con1root;
use test;
select current_user();
select user();
create procedure bug7291_0 () sql security invoker select current_user(), user();
create procedure bug7291_1 () sql security definer call bug7291_0();
create procedure bug7291_2 () sql security invoker call bug7291_0();
grant execute on procedure bug7291_0 to user1@localhost;
grant execute on procedure bug7291_1 to user1@localhost;
grant execute on procedure bug7291_2 to user1@localhost;
connect (user1,localhost,user1,,);
connection user1;
call bug7291_2();
call bug7291_1();
connection con1root;
drop procedure bug7291_1;
drop procedure bug7291_2;
drop procedure bug7291_0;
disconnect user1;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
drop user user1@localhost;

21
mysql-test/t/view.test
View file

@ -1673,3 +1673,24 @@ create view v1(k, K) as select 1,2;
create view v1 as SELECT TIME_FORMAT(SEC_TO_TIME(3600),'%H:%i') as t;
select * from v1;
drop view v1;
#
# evaluation constant functions in WHERE (BUG#4663)
#
create table t1 (a timestamp default now());
create table t2 (b timestamp default now());
create view v1 as select a,b,t1.a < now() from t1,t2 where t1.a < now();
SHOW CREATE VIEW v1;
drop view v1;
drop table t1, t2;
CREATE TABLE t1 ( a varchar(50) );
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = CURRENT_USER();
SHOW CREATE VIEW v1;
DROP VIEW v1;
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = VERSION();
SHOW CREATE VIEW v1;
DROP VIEW v1;
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = DATABASE();
SHOW CREATE VIEW v1;
DROP VIEW v1;
DROP TABLE t1;

27
sql/item.cc
View file

@ -635,6 +635,33 @@ Item *Item_string::safe_charset_converter(CHARSET_INFO *tocs)
}
Item *Item_static_string_func::safe_charset_converter(CHARSET_INFO *tocs)
{
Item_string *conv;
uint conv_errors;
String tmp, cstr, *ostr= val_str(&tmp);
cstr.copy(ostr->ptr(), ostr->length(), ostr->charset(), tocs, &conv_errors);
if (conv_errors ||
!(conv= new Item_static_string_func(func_name,
cstr.ptr(), cstr.length(),
cstr.charset(),
collation.derivation)))
{
/*
Safe conversion is not possible (or EOM).
We could not convert a string into the requested character set
without data loss. The target charset does not cover all the
characters from the string. Operation cannot be done correctly.
*/
return NULL;
}
conv->str_value.copy();
/* Ensure that no one is going to change the result string */
conv->str_value.mark_as_const();
return conv;
}
bool Item_string::eq(const Item *item, bool binary_cmp) const
{
if (type() == item->type() && item->basic_const_item())

1
sql/item.h
View file

@ -1221,6 +1221,7 @@ public:
Derivation dv= DERIVATION_COERCIBLE)
:Item_string(NullS, str, length, cs, dv), func_name(name_par)
{}
Item *safe_charset_converter(CHARSET_INFO *tocs);
void print(String *str) { str->append(func_name); }
};

40
sql/item_cmpfunc.cc
View file

@ -237,30 +237,33 @@ void Item_bool_func2::fix_length_and_dec()
set_cmp_func();
return;
}
if (args[0]->type() == FIELD_ITEM)
if (!thd->is_context_analysis_only())
{
Field *field=((Item_field*) args[0])->field;
if (field->can_be_compared_as_longlong())
if (args[0]->type() == FIELD_ITEM)
{
if (convert_constant_item(thd, field,&args[1]))
Field *field=((Item_field*) args[0])->field;
if (field->can_be_compared_as_longlong())
{
cmp.set_cmp_func(this, tmp_arg, tmp_arg+1,
INT_RESULT); // Works for all types.
return;
if (convert_constant_item(thd, field,&args[1]))
{
cmp.set_cmp_func(this, tmp_arg, tmp_arg+1,
INT_RESULT); // Works for all types.
return;
}
}
}
}
if (args[1]->type() == FIELD_ITEM /* && !args[1]->const_item() */)
{
Field *field=((Item_field*) args[1])->field;
if (field->can_be_compared_as_longlong())
if (args[1]->type() == FIELD_ITEM /* && !args[1]->const_item() */)
{
if (convert_constant_item(thd, field,&args[0]))
Field *field=((Item_field*) args[1])->field;
if (field->can_be_compared_as_longlong())
{
cmp.set_cmp_func(this, tmp_arg, tmp_arg+1,
INT_RESULT); // Works for all types.
return;
if (convert_constant_item(thd, field,&args[0]))
{
cmp.set_cmp_func(this, tmp_arg, tmp_arg+1,
INT_RESULT); // Works for all types.
return;
}
}
}
}
@ -991,7 +994,8 @@ void Item_func_between::fix_length_and_dec()
if (args[0]->type() == FIELD_ITEM)
{
Field *field=((Item_field*) args[0])->field;
if (field->can_be_compared_as_longlong())
if (!thd->is_context_analysis_only() &&
field->can_be_compared_as_longlong())
{
/*
The following can't be recoded with || as convert_constant_item

12
sql/item_create.cc
View file

@ -299,16 +299,8 @@ Item *create_func_pow(Item* a, Item *b)
Item *create_func_current_user()
{
THD *thd=current_thd;
char buff[HOSTNAME_LENGTH+USERNAME_LENGTH+2];
uint length;
thd->lex->safe_to_cache_query= 0;
length= (uint) (strxmov(buff, thd->priv_user, "@", thd->priv_host, NullS) -
buff);
return new Item_static_string_func("current_user()",
thd->memdup(buff, length), length,
system_charset_info);
current_thd->lex->safe_to_cache_query= 0;
return new Item_func_user(TRUE);
}
Item *create_func_radians(Item *a)

28
sql/item_strfunc.cc
View file

@ -1522,9 +1522,11 @@ Item *Item_func_sysconst::safe_charset_converter(CHARSET_INFO *tocs)
uint conv_errors;
String tmp, cstr, *ostr= val_str(&tmp);
cstr.copy(ostr->ptr(), ostr->length(), ostr->charset(), tocs, &conv_errors);
if (conv_errors || !(conv= new Item_string(cstr.ptr(), cstr.length(),
cstr.charset(),
collation.derivation)))
if (conv_errors ||
!(conv= new Item_static_string_func(fully_qualified_func_name(),
cstr.ptr(), cstr.length(),
cstr.charset(),
collation.derivation)))
{
return NULL;
}
@ -1554,13 +1556,24 @@ String *Item_func_user::val_str(String *str)
DBUG_ASSERT(fixed == 1);
THD *thd=current_thd;
CHARSET_INFO *cs= system_charset_info;
const char *host= thd->host_or_ip;
const char *host, *user;
uint res_length;
if (is_current)
{
user= thd->priv_user;
host= thd->priv_host;
}
else
{
user= thd->user;
host= thd->host_or_ip;
}
// For system threads (e.g. replication SQL thread) user may be empty
if (!thd->user)
if (!user)
return &my_empty_string;
res_length= (strlen(thd->user)+strlen(host)+2) * cs->mbmaxlen;
res_length= (strlen(user)+strlen(host)+2) * cs->mbmaxlen;
if (str->alloc(res_length))
{
@ -1568,12 +1581,13 @@ String *Item_func_user::val_str(String *str)
return 0;
}
res_length=cs->cset->snprintf(cs, (char*)str->ptr(), res_length, "%s@%s",
thd->user, host);
user, host);
str->length(res_length);
str->set_charset(cs);
return str;
}
void Item_func_soundex::fix_length_and_dec()
{
collation.set(args[0]->collation);

26
sql/item_strfunc.h
View file

@ -356,8 +356,15 @@ public:
Item_func_sysconst()
{ collation.set(system_charset_info,DERIVATION_SYSCONST); }
Item *safe_charset_converter(CHARSET_INFO *tocs);
/*
Used to create correct Item name in new converted item in
safe_charset_converter, return string representation of this function
call
*/
virtual const char *fully_qualified_func_name() const = 0;
};
class Item_func_database :public Item_func_sysconst
{
public:
@ -369,18 +376,27 @@ public:
maybe_null=1;
}
const char *func_name() const { return "database"; }
const char *fully_qualified_func_name() const { return "database()"; }
};
class Item_func_user :public Item_func_sysconst
{
bool is_current;
public:
Item_func_user() :Item_func_sysconst() {}
Item_func_user(bool is_current_arg)
:Item_func_sysconst(), is_current(is_current_arg) {}
String *val_str(String *);
void fix_length_and_dec()
{
max_length= (USERNAME_LENGTH+HOSTNAME_LENGTH+1)*system_charset_info->mbmaxlen;
void fix_length_and_dec()
{
max_length= ((USERNAME_LENGTH + HOSTNAME_LENGTH + 1) *
system_charset_info->mbmaxlen);
}
const char *func_name() const { return "user"; }
const char *func_name() const
{ return is_current ? "current_user" : "user"; }
const char *fully_qualified_func_name() const
{ return is_current ? "current_user()" : "user()"; }
};

2
sql/sql_class.h
View file

@ -1417,6 +1417,8 @@ public:
(variables.sql_mode & MODE_STRICT_ALL_TABLES)));
}
void set_status_var_init();
bool is_context_analysis_only()
{ return current_arena->is_stmt_prepare() || lex->view_prepare_mode; }
};
#define tmp_disable_binlog(A) \

2
sql/sql_yacc.yy
View file

@ -4794,7 +4794,7 @@ simple_expr:
| UNIX_TIMESTAMP '(' expr ')'
{ $$= new Item_func_unix_timestamp($3); }
| USER '(' ')'
{ $$= new Item_func_user(); Lex->safe_to_cache_query=0; }
{ $$= new Item_func_user(FALSE); Lex->safe_to_cache_query=0; }
| UTC_DATE_SYM optional_braces
{ $$= new Item_func_curdate_utc(); Lex->safe_to_cache_query=0;}
| UTC_TIME_SYM optional_braces