Commit 506c6eb9 authored by bell@sanja.is.com.ua's avatar bell@sanja.is.com.ua

postmerge fixes

parent 3f66053a
...@@ -532,7 +532,7 @@ err: ...@@ -532,7 +532,7 @@ err:
int check_embedded_connection(MYSQL *mysql) int check_embedded_connection(MYSQL *mysql)
{ {
THD *thd= (THD*)mysql->thd; THD *thd= (THD*)mysql->thd;
st_security_context *sctx= thd->security_ctx; Security_context *sctx= thd->security_ctx;
sctx->host_or_ip= sctx->host= (char*)my_localhost; sctx->host_or_ip= sctx->host= (char*)my_localhost;
sctx->priv_user= sctx->user= my_strdup(mysql->user, MYF(0)); sctx->priv_user= sctx->user= my_strdup(mysql->user, MYF(0));
return check_user(thd, COM_CONNECT, NULL, 0, thd->db, true); return check_user(thd, COM_CONNECT, NULL, 0, thd->db, true);
......
...@@ -4711,21 +4711,11 @@ Item_func_sp::execute(Item **itp) ...@@ -4711,21 +4711,11 @@ Item_func_sp::execute(Item **itp)
THD *thd= current_thd; THD *thd= current_thd;
int res= -1; int res= -1;
Sub_statement_state statement_state; Sub_statement_state statement_state;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
Security_context *save_ctx; Security_context *save_ctx;
#endif
if (! m_sp && ! (m_sp= sp_find_function(thd, m_name, TRUE))) if (find_and_check_access(thd, EXECUTE_ACL, &save_ctx))
{
my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION", m_name->m_qname.str);
goto error; goto error;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(EXECUTE_ACL, 0, &save_ctx))
goto error;
#endif
/* /*
Disable the binlogging if this is not a SELECT statement. If this is a Disable the binlogging if this is not a SELECT statement. If this is a
SELECT, leave binlogging on, so execute_function() code writes the SELECT, leave binlogging on, so execute_function() code writes the
...@@ -4734,7 +4724,7 @@ Item_func_sp::execute(Item **itp) ...@@ -4734,7 +4724,7 @@ Item_func_sp::execute(Item **itp)
thd->reset_sub_statement_state(&statement_state, SUB_STMT_FUNCTION); thd->reset_sub_statement_state(&statement_state, SUB_STMT_FUNCTION);
res= m_sp->execute_function(thd, args, arg_count, itp); res= m_sp->execute_function(thd, args, arg_count, itp);
thd->restore_sub_statement_state(&statement_state); thd->restore_sub_statement_state(&statement_state);
if (res && mysql_bin_log.is_open() && if (res && mysql_bin_log.is_open() &&
(m_sp->m_chistics->daccess == SP_CONTAINS_SQL || (m_sp->m_chistics->daccess == SP_CONTAINS_SQL ||
m_sp->m_chistics->daccess == SP_MODIFIES_SQL_DATA)) m_sp->m_chistics->daccess == SP_MODIFIES_SQL_DATA))
...@@ -4851,71 +4841,67 @@ Item_func_sp::tmp_table_field(TABLE *t_arg) ...@@ -4851,71 +4841,67 @@ Item_func_sp::tmp_table_field(TABLE *t_arg)
DBUG_RETURN(res); DBUG_RETURN(res);
} }
/* /*
Check access rigths to function Find the function and chack access rigths to the function
SYNOPSIS SYNOPSIS
check_access() find_and_check_access()
thd thread handler
want_access requested access want_access requested access
report_error whether to set error to thd->net.report_error backup backup of security context or 0
sp_ctx sp security context for switching
RETURN RETURN
0 Access granted FALSE Access granted
1 Requested access can't be granted or function doesn't exists TRUE Requested access can't be granted or function doesn't exists
NOTES NOTES
Checks if requested access to function can be granted to user. Checks if requested access to function can be granted to user.
If function isn't found yet, it searches function first. If function isn't found yet, it searches function first.
If function can't be found or user don't have requested access If function can't be found or user don't have requested access
and report_error is true error is raised. error is raised.
If security context sp_ctx is provided and access can be granted then If security context sp_ctx is provided and access can be granted then
switch back to previous context isn't performed. switch back to previous context isn't performed.
In case of access error or if context is not provided then check_access() In case of access error or if context is not provided then
switches back to previous security context. find_and_check_access() switches back to previous security context.
*/ */
bool bool
Item_func_sp::check_access(ulong want_access, bool report_error, st_sp_security_context *sp_ctx) Item_func_sp::find_and_check_access(THD *thd, ulong want_access,
Security_context **backup)
{ {
bool res; bool res;
#ifndef NO_EMBEDDED_ACCESS_CHECKS Security_context *local_save,
THD *thd= current_thd; **save= (backup ? backup : &local_save);
st_sp_security_context save_ctx, *curr_ctx= sp_ctx?sp_ctx:&save_ctx; res= TRUE;
bool ctx_switched= 0;
res= 1;
if (! m_sp && ! (m_sp= sp_find_function(thd, m_name, TRUE))) if (! m_sp && ! (m_sp= sp_find_function(thd, m_name, TRUE)))
{ {
my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION", m_name->m_qname.str); my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION", m_name->m_qname.str);
if (report_error)
thd->net.report_error= 1;
goto error; goto error;
} }
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_routine_access(thd, want_access, if (check_routine_access(thd, want_access,
m_sp->m_db.str, m_sp->m_name.str, 0, 0)) m_sp->m_db.str, m_sp->m_name.str, 0, FALSE))
{ {
if (report_error)
thd->net.report_error= 1;
goto error; goto error;
} }
sp_change_security_context(thd, m_sp, curr_ctx); sp_change_security_context(thd, m_sp, save);
ctx_switched= curr_ctx->changed; if (*save &&
if (curr_ctx->changed &&
check_routine_access(thd, want_access, check_routine_access(thd, want_access,
m_sp->m_db.str, m_sp->m_name.str, 0, 0)) m_sp->m_db.str, m_sp->m_name.str, 0, FALSE))
{ {
if (report_error)
thd->net.report_error= 1;
goto error_check_ctx; goto error_check_ctx;
} }
res= 0; res= FALSE;
error_check_ctx: error_check_ctx:
if (ctx_switched && (res || !sp_ctx)) if (*save && (res || !backup))
sp_restore_security_context(thd, m_sp, curr_ctx); sp_restore_security_context(thd, local_save);
error: error:
#else #else
res= 0; res= 0;
error:
#endif #endif
return res; return res;
}; };
...@@ -4926,7 +4912,7 @@ Item_func_sp::fix_fields(THD *thd, Item **ref) ...@@ -4926,7 +4912,7 @@ Item_func_sp::fix_fields(THD *thd, Item **ref)
bool res; bool res;
DBUG_ASSERT(fixed == 0); DBUG_ASSERT(fixed == 0);
res= Item_func::fix_fields(thd, ref); res= Item_func::fix_fields(thd, ref);
if (!res && check_access(EXECUTE_ACL, 1, NULL)) if (!res && find_and_check_access(thd, EXECUTE_ACL, NULL))
res= 1; res= 1;
return res; return res;
} }
...@@ -1435,7 +1435,8 @@ public: ...@@ -1435,7 +1435,8 @@ public:
{ context= (Name_resolution_context *)cntx; return FALSE; } { context= (Name_resolution_context *)cntx; return FALSE; }
void fix_length_and_dec(); void fix_length_and_dec();
bool check_access(ulong want_access, bool report_error, st_sp_security_context *sp_ctx); bool find_and_check_access(THD * thd, ulong want_access,
Security_context **backup);
virtual enum Functype functype() const { return FUNC_SP; } virtual enum Functype functype() const { return FUNC_SP; }
bool fix_fields(THD *thd, Item **ref); bool fix_fields(THD *thd, Item **ref);
......
...@@ -273,7 +273,7 @@ int check_user(THD *thd, enum enum_server_command command, ...@@ -273,7 +273,7 @@ int check_user(THD *thd, enum enum_server_command command,
DBUG_ENTER("check_user"); DBUG_ENTER("check_user");
#ifdef NO_EMBEDDED_ACCESS_CHECKS #ifdef NO_EMBEDDED_ACCESS_CHECKS
thd->ain_security_ctx.master_access= GLOBAL_ACLS; // Full rights thd->main_security_ctx.master_access= GLOBAL_ACLS; // Full rights
/* Change database if necessary */ /* Change database if necessary */
if (db && db[0]) if (db && db[0])
{ {
...@@ -4490,10 +4490,10 @@ end_with_restore_list: ...@@ -4490,10 +4490,10 @@ end_with_restore_list:
mysql_bin_log.is_open()) mysql_bin_log.is_open())
{ {
String buff; String buff;
LEX_STRING command[3]= const LEX_STRING command[3]=
{{STRING_WITH_LEN("CREATE ")}, {{(char *)STRING_WITH_LEN("CREATE ")},
{STRING_WITH_LEN("ALTER ")}, {(char *)STRING_WITH_LEN("ALTER ")},
{STRING_WITH_LEN("CREATE OR REPLACE ")}}; {(char *)STRING_WITH_LEN("CREATE OR REPLACE ")}};
thd->clear_error(); thd->clear_error();
buff.append(command[thd->lex->create_view_mode].str, buff.append(command[thd->lex->create_view_mode].str,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment