mirror of
https://github.com/MariaDB/server.git
synced 2025-01-18 04:53:01 +01:00
3bad2119f9
This patch also fixes bugs 36963 and 35600. - In many places a view was confused with an anonymous derived table, i.e. access checking was skipped. Fixed by introducing a predicate to tell the difference between named and anonymous derived tables. - When inserting fields for "SELECT * ", there was no distinction between base tables and views, where one should be made. View privileges are checked elsewhere. mysql-test/include/grant_cache.inc: Bug#36086: Changed test case. mysql-test/r/grant2.result: Bug#36086: Changed test result. mysql-test/r/grant_cache_no_prot.result: Bug#36086: Changed test result. mysql-test/r/grant_cache_ps_prot.result: Bug#36086: Changed test result. mysql-test/r/view_grant.result: Bug#36086: Test result. mysql-test/t/grant2.test: Bug#36086: Changed test case. mysql-test/t/view_grant.test: Bug#36086: Test case. sql/item.cc: Bug#36086: Replaced conditional with new methods. sql/sql_acl.cc: Bug no 35600: In mysql_table_grant: Replaced conditional with the new accessor method. In check_grant: - Changed the requirement table->derived != null to checking all anonymous derived tables. - Use of the accessor methods for getting object and database names. Bug#36086: In check_grant_all_columns: - Updated comment. This function is now called for views as well. - The error message should not disclose any column names unless the user has privilege to see all column names. - Changed names of Field_iterator_table_ref methods. sql/sql_base.cc: Bug no 36963: In insert_fields() - Commented. - We should call check_grant_all_columns() for views in this case. - Changed names of Field_iterator_table_ref methods. - We should not disclose column names in the error message when the user has no approprate privilege. sql/sql_cache.cc: Bug#36086: Replaced test with new predicate method. sql/sql_derived.cc: Bug#36086: commenting only. Updated and doxygenated comment for mysql_derived_prepare(). sql/sql_parse.cc: Bug no 35600: - In check_single_table_access: Due to the bug, check_grant would raise an error for a SHOW CREATE TABLE command for a TEMPTABLE view. It should in fact not be be invoked in this case. This table privilege is checked already. There is a test case for this in information_schema_db.test. - In check_access: replaced table->derived sql/table.cc: Bug#36086: - In TABLE_LIST::set_underlying_merge(): Commenting only. Doxygenated, corrected spelling, added. - Renamed table_name() and db_name() methods of Field_iterator_table_ref in order to be consistent with new methods in TABLE_LIST. sql/table.h: Bug#36086: - Commented GRANT_INFO. - Added a predicate is_anonymous_derived_table() to TABLE_LIST. - Added get_table_name() and get_db_name() to TABLE_LIST in order to hide the disparate representation of these properties.
313 lines
9.8 KiB
C++
313 lines
9.8 KiB
C++
/* Copyright (C) 2002-2003 MySQL AB
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; version 2 of the License.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
|
|
|
|
|
|
/*
|
|
Derived tables
|
|
These were introduced by Sinisa <sinisa@mysql.com>
|
|
*/
|
|
|
|
|
|
#include "mysql_priv.h"
|
|
#include "sql_select.h"
|
|
|
|
|
|
|
|
/*
|
|
Call given derived table processor (preparing or filling tables)
|
|
|
|
SYNOPSIS
|
|
mysql_handle_derived()
|
|
lex LEX for this thread
|
|
processor procedure of derived table processing
|
|
|
|
RETURN
|
|
FALSE OK
|
|
TRUE Error
|
|
*/
|
|
|
|
bool
|
|
mysql_handle_derived(LEX *lex, bool (*processor)(THD*, LEX*, TABLE_LIST*))
|
|
{
|
|
bool res= FALSE;
|
|
if (lex->derived_tables)
|
|
{
|
|
lex->thd->derived_tables_processing= TRUE;
|
|
for (SELECT_LEX *sl= lex->all_selects_list;
|
|
sl;
|
|
sl= sl->next_select_in_list())
|
|
{
|
|
for (TABLE_LIST *cursor= sl->get_table_list();
|
|
cursor;
|
|
cursor= cursor->next_local)
|
|
{
|
|
if ((res= (*processor)(lex->thd, lex, cursor)))
|
|
goto out;
|
|
}
|
|
if (lex->describe)
|
|
{
|
|
/*
|
|
Force join->join_tmp creation, because we will use this JOIN
|
|
twice for EXPLAIN and we have to have unchanged join for EXPLAINing
|
|
*/
|
|
sl->uncacheable|= UNCACHEABLE_EXPLAIN;
|
|
sl->master_unit()->uncacheable|= UNCACHEABLE_EXPLAIN;
|
|
}
|
|
}
|
|
}
|
|
out:
|
|
lex->thd->derived_tables_processing= FALSE;
|
|
return res;
|
|
}
|
|
|
|
|
|
/**
|
|
@brief Create temporary table structure (but do not fill it).
|
|
|
|
@param thd Thread handle
|
|
@param lex LEX for this thread
|
|
@param orig_table_list TABLE_LIST for the upper SELECT
|
|
|
|
@details
|
|
|
|
This function is called before any command containing derived tables is
|
|
executed. Currently the function is used for derived tables, i.e.
|
|
|
|
- Anonymous derived tables, or
|
|
- Named derived tables (aka views) with the @c TEMPTABLE algorithm.
|
|
|
|
The table reference, contained in @c orig_table_list, is updated with the
|
|
fields of a new temporary table.
|
|
|
|
Derived tables are stored in @c thd->derived_tables and closed by
|
|
close_thread_tables().
|
|
|
|
This function is part of the procedure that starts in
|
|
open_and_lock_tables(), a procedure that - among other things - introduces
|
|
new table and table reference objects (to represent derived tables) that
|
|
don't exist in the privilege database. This means that normal privilege
|
|
checking cannot handle them. Hence this function does some extra tricks in
|
|
order to bypass normal privilege checking, by exploiting the fact that the
|
|
current state of privilege verification is attached as GRANT_INFO structures
|
|
on the relevant TABLE and TABLE_REF objects.
|
|
|
|
For table references, the current state of accrued access is stored inside
|
|
TABLE_LIST::grant. Hence this function must update the state of fulfilled
|
|
privileges for the new TABLE_LIST, an operation which is normally performed
|
|
exclusively by the table and database access checking functions,
|
|
check_access() and check_grant(), respectively. This modification is done
|
|
for both views and anonymous derived tables: The @c SELECT privilege is set
|
|
as fulfilled by the user. However, if a view is referenced and the table
|
|
reference is queried against directly (see TABLE_LIST::referencing_view),
|
|
the state of privilege checking (GRANT_INFO struct) is copied as-is to the
|
|
temporary table.
|
|
|
|
This function implements a signature called "derived table processor", and
|
|
is passed as a function pointer to mysql_handle_derived().
|
|
|
|
@note This function sets @c SELECT_ACL for @c TEMPTABLE views as well as
|
|
anonymous derived tables, but this is ok since later access checking will
|
|
distinguish between them.
|
|
|
|
@see mysql_handle_derived(), mysql_derived_filling(), GRANT_INFO
|
|
|
|
@return
|
|
false OK
|
|
true Error
|
|
*/
|
|
|
|
bool mysql_derived_prepare(THD *thd, LEX *lex, TABLE_LIST *orig_table_list)
|
|
{
|
|
SELECT_LEX_UNIT *unit= orig_table_list->derived;
|
|
ulonglong create_options;
|
|
DBUG_ENTER("mysql_derived_prepare");
|
|
bool res= FALSE;
|
|
if (unit)
|
|
{
|
|
SELECT_LEX *first_select= unit->first_select();
|
|
TABLE *table= 0;
|
|
select_union *derived_result;
|
|
|
|
/* prevent name resolving out of derived table */
|
|
for (SELECT_LEX *sl= first_select; sl; sl= sl->next_select())
|
|
sl->context.outer_context= 0;
|
|
|
|
if (!(derived_result= new select_union))
|
|
DBUG_RETURN(TRUE); // out of memory
|
|
|
|
// st_select_lex_unit::prepare correctly work for single select
|
|
if ((res= unit->prepare(thd, derived_result, 0)))
|
|
goto exit;
|
|
|
|
if ((res= check_duplicate_names(unit->types, 0)))
|
|
goto exit;
|
|
|
|
create_options= (first_select->options | thd->options |
|
|
TMP_TABLE_ALL_COLUMNS);
|
|
/*
|
|
Temp table is created so that it hounours if UNION without ALL is to be
|
|
processed
|
|
|
|
As 'distinct' parameter we always pass FALSE (0), because underlying
|
|
query will control distinct condition by itself. Correct test of
|
|
distinct underlying query will be is_union &&
|
|
!unit->union_distinct->next_select() (i.e. it is union and last distinct
|
|
SELECT is last SELECT of UNION).
|
|
*/
|
|
if ((res= derived_result->create_result_table(thd, &unit->types, FALSE,
|
|
create_options,
|
|
orig_table_list->alias)))
|
|
goto exit;
|
|
|
|
table= derived_result->table;
|
|
|
|
exit:
|
|
/* Hide "Unknown column" or "Unknown function" error */
|
|
if (orig_table_list->view)
|
|
{
|
|
if (thd->is_error() &&
|
|
(thd->main_da.sql_errno() == ER_BAD_FIELD_ERROR ||
|
|
thd->main_da.sql_errno() == ER_SP_DOES_NOT_EXIST))
|
|
{
|
|
thd->clear_error();
|
|
my_error(ER_VIEW_INVALID, MYF(0), orig_table_list->db,
|
|
orig_table_list->table_name);
|
|
}
|
|
}
|
|
|
|
/*
|
|
if it is preparation PS only or commands that need only VIEW structure
|
|
then we do not need real data and we can skip execution (and parameters
|
|
is not defined, too)
|
|
*/
|
|
if (res)
|
|
{
|
|
if (table)
|
|
free_tmp_table(thd, table);
|
|
delete derived_result;
|
|
}
|
|
else
|
|
{
|
|
if (!thd->fill_derived_tables())
|
|
{
|
|
delete derived_result;
|
|
derived_result= NULL;
|
|
}
|
|
orig_table_list->derived_result= derived_result;
|
|
orig_table_list->table= table;
|
|
orig_table_list->table_name= table->s->table_name.str;
|
|
orig_table_list->table_name_length= table->s->table_name.length;
|
|
table->derived_select_number= first_select->select_number;
|
|
table->s->tmp_table= NON_TRANSACTIONAL_TMP_TABLE;
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
if (orig_table_list->referencing_view)
|
|
table->grant= orig_table_list->grant;
|
|
else
|
|
table->grant.privilege= SELECT_ACL;
|
|
#endif
|
|
orig_table_list->db= (char *)"";
|
|
orig_table_list->db_length= 0;
|
|
// Force read of table stats in the optimizer
|
|
table->file->info(HA_STATUS_VARIABLE);
|
|
/* Add new temporary table to list of open derived tables */
|
|
table->next= thd->derived_tables;
|
|
thd->derived_tables= table;
|
|
}
|
|
}
|
|
else if (orig_table_list->merge_underlying_list)
|
|
orig_table_list->set_underlying_merge();
|
|
DBUG_RETURN(res);
|
|
}
|
|
|
|
|
|
/*
|
|
fill derived table
|
|
|
|
SYNOPSIS
|
|
mysql_derived_filling()
|
|
thd Thread handle
|
|
lex LEX for this thread
|
|
unit node that contains all SELECT's for derived tables
|
|
orig_table_list TABLE_LIST for the upper SELECT
|
|
|
|
IMPLEMENTATION
|
|
Derived table is resolved with temporary table. It is created based on the
|
|
queries defined. After temporary table is filled, if this is not EXPLAIN,
|
|
then the entire unit / node is deleted. unit is deleted if UNION is used
|
|
for derived table and node is deleted is it is a simple SELECT.
|
|
If you use this function, make sure it's not called at prepare.
|
|
Due to evaluation of LIMIT clause it can not be used at prepared stage.
|
|
|
|
RETURN
|
|
FALSE OK
|
|
TRUE Error
|
|
*/
|
|
|
|
bool mysql_derived_filling(THD *thd, LEX *lex, TABLE_LIST *orig_table_list)
|
|
{
|
|
TABLE *table= orig_table_list->table;
|
|
SELECT_LEX_UNIT *unit= orig_table_list->derived;
|
|
bool res= FALSE;
|
|
|
|
/*check that table creation pass without problem and it is derived table */
|
|
if (table && unit)
|
|
{
|
|
SELECT_LEX *first_select= unit->first_select();
|
|
select_union *derived_result= orig_table_list->derived_result;
|
|
SELECT_LEX *save_current_select= lex->current_select;
|
|
if (unit->is_union())
|
|
{
|
|
// execute union without clean up
|
|
res= unit->exec();
|
|
}
|
|
else
|
|
{
|
|
unit->set_limit(first_select);
|
|
if (unit->select_limit_cnt == HA_POS_ERROR)
|
|
first_select->options&= ~OPTION_FOUND_ROWS;
|
|
|
|
lex->current_select= first_select;
|
|
res= mysql_select(thd, &first_select->ref_pointer_array,
|
|
(TABLE_LIST*) first_select->table_list.first,
|
|
first_select->with_wild,
|
|
first_select->item_list, first_select->where,
|
|
(first_select->order_list.elements+
|
|
first_select->group_list.elements),
|
|
(ORDER *) first_select->order_list.first,
|
|
(ORDER *) first_select->group_list.first,
|
|
first_select->having, (ORDER*) NULL,
|
|
(first_select->options | thd->options |
|
|
SELECT_NO_UNLOCK),
|
|
derived_result, unit, first_select);
|
|
}
|
|
|
|
if (!res)
|
|
{
|
|
/*
|
|
Here we entirely fix both TABLE_LIST and list of SELECT's as
|
|
there were no derived tables
|
|
*/
|
|
if (derived_result->flush())
|
|
res= TRUE;
|
|
|
|
if (!lex->describe)
|
|
unit->cleanup();
|
|
}
|
|
else
|
|
unit->cleanup();
|
|
lex->current_select= save_current_select;
|
|
}
|
|
return res;
|
|
}
|