mirror of
https://github.com/MariaDB/server.git
synced 2025-01-22 06:44:16 +01:00
b216d959bb
Bug 18914 (Calling certain SPs from triggers fail) Bug 20713 (Functions will not not continue for SQLSTATE VALUE '42S02') Bug 21825 (Incorrect message error deleting records in a table with a trigger for inserting) Bug 22580 (DROP TABLE in nested stored procedure causes strange dependency error) Bug 25345 (Cursors from Functions) This fix resolves a long standing issue originally reported with bug 8407, which affect the behavior of Stored Procedures, Stored Functions and Trigger in many different ways, causing symptoms reported by all the bugs listed. In all cases, the root cause of the problem traces back to 8407 and how the server locks tables involved with sub statements. Prior to this fix, the implementation of stored routines would: - compute the transitive closure of all the tables referenced by a top level statement - open and lock all the tables involved - execute the top level statement "transitive closure of tables" means collecting: - all the tables, - all the stored functions, - all the views, - all the table triggers - all the stored procedures involved, and recursively inspect these objects definition to find more references to more objects, until the list of every object referenced does not grow any more. This mechanism is known as "pre-locking" tables before execution. The motivation for locking all the tables (possibly) used at once is to prevent dead locks. One problem with this approach is that, if the execution path the code really takes during runtime does not use a given table, and if the table is missing, the server would not execute the statement. This in particular has a major impact on triggers, since a missing table referenced by an update/delete trigger would prevent an insert trigger to run. Another problem is that stored routines might define SQL exception handlers to deal with missing tables, but the server implementation would never give user code a chance to execute this logic, since the routine is never executed when a missing table cause the pre-locking code to fail. With this fix, the internal implementation of the pre-locking code has been relaxed of some constraints, so that failure to open a table does not necessarily prevent execution of a stored routine. In particular, the pre-locking mechanism is now behaving as follows: 1) the first step, to compute the transitive closure of all the tables possibly referenced by a statement, is unchanged. 2) the next step, which is to open all the tables involved, only attempts to open the tables added by the pre-locking code, but silently fails without reporting any error or invoking any exception handler is the table is not present. This is achieved by trapping internal errors with Prelock_error_handler 3) the locking step only locks tables that were successfully opened. 4) when executing sub statements, the list of tables used by each statements is evaluated as before. The tables needed by the sub statement are expected to be already opened and locked. Statement referencing tables that were not opened in step 2) will fail to find the table in the open list, and only at this point will execution of the user code fail. 5) when a runtime exception is raised at 4), the instruction continuation destination (the next instruction to execute in case of SQL continue handlers) is evaluated. This is achieved with sp_instr::exec_open_and_lock_tables() 6) if a user exception handler is present in the stored routine, that handler is invoked as usual, so that ER_NO_SUCH_TABLE exceptions can be trapped by stored routines. If no handler exists, then the runtime execution will fail as expected. With all these changes, a side effect is that view security is impacted, in two different ways. First, a view defined as "select stored_function()", where the stored function references a table that may not exist, is considered valid. The rationale is that, because the stored function might trap exceptions during execution and still return a valid result, there is no way to decide when the view is created if a missing table really cause the view to be invalid. Secondly, testing for existence of tables is now done later during execution. View security, which consist of trapping errors and return a generic ER_VIEW_INVALID (to prevent disclosing information) was only implemented at very specific phases covering *opening* tables, but not covering the runtime execution. Because of this existing limitation, errors that were previously trapped and converted into ER_VIEW_INVALID are not trapped, causing table names to be reported to the user. This change is exposing an existing problem, which is independent and will be resolved separately.
146 lines
4.5 KiB
Text
146 lines
4.5 KiB
Text
drop table if exists t1,t2;
|
|
drop view if exists v1,v2;
|
|
drop function if exists f1;
|
|
drop function if exists f2;
|
|
use INFORMATION_SCHEMA;
|
|
show tables;
|
|
Tables_in_information_schema
|
|
CHARACTER_SETS
|
|
COLLATIONS
|
|
COLLATION_CHARACTER_SET_APPLICABILITY
|
|
COLUMNS
|
|
COLUMN_PRIVILEGES
|
|
KEY_COLUMN_USAGE
|
|
ROUTINES
|
|
SCHEMATA
|
|
SCHEMA_PRIVILEGES
|
|
STATISTICS
|
|
TABLES
|
|
TABLE_CONSTRAINTS
|
|
TABLE_PRIVILEGES
|
|
TRIGGERS
|
|
USER_PRIVILEGES
|
|
VIEWS
|
|
show tables from INFORMATION_SCHEMA like 'T%';
|
|
Tables_in_information_schema (T%)
|
|
TABLES
|
|
TABLE_CONSTRAINTS
|
|
TABLE_PRIVILEGES
|
|
TRIGGERS
|
|
create database `inf%`;
|
|
create database mbase;
|
|
use `inf%`;
|
|
show tables;
|
|
Tables_in_inf%
|
|
grant all privileges on `inf%`.* to 'mysqltest_1'@'localhost';
|
|
grant all privileges on `mbase`.* to 'mysqltest_1'@'localhost';
|
|
create table t1 (f1 int);
|
|
create function func1(curr_int int) returns int
|
|
begin
|
|
declare ret_val int;
|
|
select max(f1) from t1 into ret_val;
|
|
return ret_val;
|
|
end|
|
|
create view v1 as select f1 from t1 where f1 = func1(f1);
|
|
create function func2() returns int return 1;
|
|
use mbase;
|
|
create procedure p1 ()
|
|
begin
|
|
select table_name from information_schema.key_column_usage
|
|
order by table_name;
|
|
end|
|
|
create table t1
|
|
(f1 int(10) unsigned not null,
|
|
f2 varchar(100) not null,
|
|
primary key (f1), unique key (f2));
|
|
select * from information_schema.tables;
|
|
call mbase.p1();
|
|
call mbase.p1();
|
|
call mbase.p1();
|
|
use `inf%`;
|
|
drop user mysqltest_1@localhost;
|
|
drop table t1;
|
|
select table_name, table_type, table_comment from information_schema.tables
|
|
where table_schema='inf%' and func2();
|
|
table_name table_type table_comment
|
|
v1 VIEW View 'inf%.v1' references invalid table(s) or column(s) or function(s) or define
|
|
select table_name, table_type, table_comment from information_schema.tables
|
|
where table_schema='inf%' and func2();
|
|
table_name table_type table_comment
|
|
v1 VIEW View 'inf%.v1' references invalid table(s) or column(s) or function(s) or define
|
|
drop view v1;
|
|
drop function func1;
|
|
drop function func2;
|
|
drop database `inf%`;
|
|
drop procedure mbase.p1;
|
|
drop database mbase;
|
|
use test;
|
|
create table t1 (i int);
|
|
create function f1 () returns int return (select max(i) from t1);
|
|
create view v1 as select f1();
|
|
create table t2 (id int);
|
|
create function f2 () returns int return (select max(i) from t2);
|
|
create view v2 as select f2();
|
|
drop table t2;
|
|
select table_name, table_type, table_comment from information_schema.tables
|
|
where table_schema='test';
|
|
table_name table_type table_comment
|
|
t1 BASE TABLE
|
|
v1 VIEW VIEW
|
|
v2 VIEW VIEW
|
|
drop table t1;
|
|
select table_name, table_type, table_comment from information_schema.tables
|
|
where table_schema='test';
|
|
table_name table_type table_comment
|
|
v1 VIEW VIEW
|
|
v2 VIEW VIEW
|
|
drop function f1;
|
|
drop function f2;
|
|
drop view v1, v2;
|
|
create database testdb_1;
|
|
create user testdb_1@localhost;
|
|
grant all on testdb_1.* to testdb_1@localhost with grant option;
|
|
create user testdb_2@localhost;
|
|
grant all on test.* to testdb_2@localhost with grant option;
|
|
use testdb_1;
|
|
create table t1 (f1 char(4));
|
|
create view v1 as select f1 from t1;
|
|
grant insert on v1 to testdb_2@localhost;
|
|
create table t3 (f1 char(4), f2 char(4));
|
|
create view v3 as select f1,f2 from t3;
|
|
grant insert(f1), insert(f2) on v3 to testdb_2@localhost;
|
|
create view v2 as select f1 from testdb_1.v1;
|
|
create view v4 as select f1,f2 from testdb_1.v3;
|
|
revoke insert(f1) on v3 from testdb_2@localhost;
|
|
show create view v4;
|
|
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
|
|
show fields from v4;
|
|
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
|
|
show fields from v2;
|
|
Field Type Null Key Default Extra
|
|
f1 char(4) YES NULL
|
|
show fields from testdb_1.v1;
|
|
Field Type Null Key Default Extra
|
|
f1 char(4) YES NULL
|
|
show create view v2;
|
|
View Create View
|
|
v2 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_2`@`localhost` SQL SECURITY DEFINER VIEW `test`.`v2` AS select `v1`.`f1` AS `f1` from `testdb_1`.`v1`
|
|
show create view testdb_1.v1;
|
|
ERROR 42000: SHOW VIEW command denied to user 'testdb_2'@'localhost' for table 'v1'
|
|
select table_name from information_schema.columns a
|
|
where a.table_name = 'v2';
|
|
table_name
|
|
v2
|
|
select view_definition from information_schema.views a
|
|
where a.table_name = 'v2';
|
|
view_definition
|
|
/* ALGORITHM=UNDEFINED */ select `v1`.`f1` AS `f1` from `testdb_1`.`v1`
|
|
select view_definition from information_schema.views a
|
|
where a.table_name = 'testdb_1.v1';
|
|
view_definition
|
|
select * from v2;
|
|
ERROR HY000: View 'test.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
|
|
drop view testdb_1.v1,v2, testdb_1.v3, v4;
|
|
drop database testdb_1;
|
|
drop user testdb_1@localhost;
|
|
drop user testdb_2@localhost;
|