Commit e84229b0 authored by unknown's avatar unknown

stop evaluation constant functions in WHERE (BUG#4663)

correct value of CURRENT_USER() in SP with "security definer" (BUG#7291)


BitKeeper/etc/config:
  switch off open logging
mysql-test/r/sp-security.result:
  correct value from current_user() in function run from "security definer"
mysql-test/r/view.result:
  evaluation constant functions in WHERE (BUG#4663)
mysql-test/t/sp-security.test:
  correct value from current_user() in function run from "security definer"
mysql-test/t/view.test:
  evaluation constant functions in WHERE (BUG#4663)
sql/item.cc:
  Item_static_string_func creation if it is need
sql/item.h:
  support of Item_static_string_func creation
sql/item_cmpfunc.cc:
  do not evaluate items during view creation
sql/item_create.cc:
  create Item_func_user
sql/item_strfunc.cc:
  Item_func_sysconst in case of converting value still have to correctly print itself
  => use Item_static_string_func instead of Item_string
      Item_func_user return USER() or CURRENT_USER()
sql/item_strfunc.h:
  support of correct charset conversion procedure in Item_func_sysconst
sql/sql_class.h:
  new method
sql/sql_yacc.yy:
  Item_func_user now support both USER() and CURRENT_USER(), so we have to pass parametr what it is
parent 5ae3967c
...@@ -24,7 +24,7 @@ description: MySQL - fast and reliable SQL database ...@@ -24,7 +24,7 @@ description: MySQL - fast and reliable SQL database
# repository is commercial it can be an internal email address or "none" # repository is commercial it can be an internal email address or "none"
# to disable logging. # to disable logging.
# #
logging: logging@openlogging.org logging: none
# #
# If this field is set, all checkins will appear to be made by this user, # If this field is set, all checkins will appear to be made by this user,
# in effect making this a single user package. Single user packages are # in effect making this a single user package. Single user packages are
......
...@@ -194,3 +194,27 @@ use test; ...@@ -194,3 +194,27 @@ use test;
drop database sptest; drop database sptest;
delete from mysql.user where user='usera' or user='userb' or user='userc'; delete from mysql.user where user='usera' or user='userb' or user='userc';
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc'; delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
use test;
select current_user();
current_user()
root@localhost
select user();
user()
root@localhost
create procedure bug7291_0 () sql security invoker select current_user(), user();
create procedure bug7291_1 () sql security definer call bug7291_0();
create procedure bug7291_2 () sql security invoker call bug7291_0();
grant execute on procedure bug7291_0 to user1@localhost;
grant execute on procedure bug7291_1 to user1@localhost;
grant execute on procedure bug7291_2 to user1@localhost;
call bug7291_2();
current_user() user()
user1@localhost user1@localhost
call bug7291_1();
current_user() user()
root@localhost user1@localhost
drop procedure bug7291_1;
drop procedure bug7291_2;
drop procedure bug7291_0;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
drop user user1@localhost;
...@@ -1831,3 +1831,28 @@ select * from v1; ...@@ -1831,3 +1831,28 @@ select * from v1;
t t
01:00 01:00
drop view v1; drop view v1;
create table t1 (a timestamp default now());
create table t2 (b timestamp default now());
create view v1 as select a,b,t1.a < now() from t1,t2 where t1.a < now();
SHOW CREATE VIEW v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED VIEW `test`.`v1` AS select sql_no_cache `test`.`t1`.`a` AS `a`,`test`.`t2`.`b` AS `b`,(`test`.`t1`.`a` < now()) AS `t1.a < now()` from `test`.`t1` join `test`.`t2` where (`test`.`t1`.`a` < now())
drop view v1;
drop table t1, t2;
CREATE TABLE t1 ( a varchar(50) );
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = CURRENT_USER();
SHOW CREATE VIEW v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED VIEW `test`.`v1` AS select sql_no_cache `test`.`t1`.`a` AS `a` from `test`.`t1` where (`test`.`t1`.`a` = current_user())
DROP VIEW v1;
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = VERSION();
SHOW CREATE VIEW v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED VIEW `test`.`v1` AS select `test`.`t1`.`a` AS `a` from `test`.`t1` where (`test`.`t1`.`a` = version())
DROP VIEW v1;
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = DATABASE();
SHOW CREATE VIEW v1;
View Create View
v1 CREATE ALGORITHM=UNDEFINED VIEW `test`.`v1` AS select sql_no_cache `test`.`t1`.`a` AS `a` from `test`.`t1` where (`test`.`t1`.`a` = database())
DROP VIEW v1;
DROP TABLE t1;
...@@ -304,3 +304,32 @@ drop database sptest; ...@@ -304,3 +304,32 @@ drop database sptest;
delete from mysql.user where user='usera' or user='userb' or user='userc'; delete from mysql.user where user='usera' or user='userb' or user='userc';
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc'; delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
#
# correct value from current_user() in function run from "security definer"
# (BUG#7291)
#
connection con1root;
use test;
select current_user();
select user();
create procedure bug7291_0 () sql security invoker select current_user(), user();
create procedure bug7291_1 () sql security definer call bug7291_0();
create procedure bug7291_2 () sql security invoker call bug7291_0();
grant execute on procedure bug7291_0 to user1@localhost;
grant execute on procedure bug7291_1 to user1@localhost;
grant execute on procedure bug7291_2 to user1@localhost;
connect (user1,localhost,user1,,);
connection user1;
call bug7291_2();
call bug7291_1();
connection con1root;
drop procedure bug7291_1;
drop procedure bug7291_2;
drop procedure bug7291_0;
disconnect user1;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
drop user user1@localhost;
...@@ -1673,3 +1673,24 @@ create view v1(k, K) as select 1,2; ...@@ -1673,3 +1673,24 @@ create view v1(k, K) as select 1,2;
create view v1 as SELECT TIME_FORMAT(SEC_TO_TIME(3600),'%H:%i') as t; create view v1 as SELECT TIME_FORMAT(SEC_TO_TIME(3600),'%H:%i') as t;
select * from v1; select * from v1;
drop view v1; drop view v1;
#
# evaluation constant functions in WHERE (BUG#4663)
#
create table t1 (a timestamp default now());
create table t2 (b timestamp default now());
create view v1 as select a,b,t1.a < now() from t1,t2 where t1.a < now();
SHOW CREATE VIEW v1;
drop view v1;
drop table t1, t2;
CREATE TABLE t1 ( a varchar(50) );
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = CURRENT_USER();
SHOW CREATE VIEW v1;
DROP VIEW v1;
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = VERSION();
SHOW CREATE VIEW v1;
DROP VIEW v1;
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a = DATABASE();
SHOW CREATE VIEW v1;
DROP VIEW v1;
DROP TABLE t1;
...@@ -635,6 +635,33 @@ Item *Item_string::safe_charset_converter(CHARSET_INFO *tocs) ...@@ -635,6 +635,33 @@ Item *Item_string::safe_charset_converter(CHARSET_INFO *tocs)
} }
Item *Item_static_string_func::safe_charset_converter(CHARSET_INFO *tocs)
{
Item_string *conv;
uint conv_errors;
String tmp, cstr, *ostr= val_str(&tmp);
cstr.copy(ostr->ptr(), ostr->length(), ostr->charset(), tocs, &conv_errors);
if (conv_errors ||
!(conv= new Item_static_string_func(func_name,
cstr.ptr(), cstr.length(),
cstr.charset(),
collation.derivation)))
{
/*
Safe conversion is not possible (or EOM).
We could not convert a string into the requested character set
without data loss. The target charset does not cover all the
characters from the string. Operation cannot be done correctly.
*/
return NULL;
}
conv->str_value.copy();
/* Ensure that no one is going to change the result string */
conv->str_value.mark_as_const();
return conv;
}
bool Item_string::eq(const Item *item, bool binary_cmp) const bool Item_string::eq(const Item *item, bool binary_cmp) const
{ {
if (type() == item->type() && item->basic_const_item()) if (type() == item->type() && item->basic_const_item())
......
...@@ -1221,6 +1221,7 @@ public: ...@@ -1221,6 +1221,7 @@ public:
Derivation dv= DERIVATION_COERCIBLE) Derivation dv= DERIVATION_COERCIBLE)
:Item_string(NullS, str, length, cs, dv), func_name(name_par) :Item_string(NullS, str, length, cs, dv), func_name(name_par)
{} {}
Item *safe_charset_converter(CHARSET_INFO *tocs);
void print(String *str) { str->append(func_name); } void print(String *str) { str->append(func_name); }
}; };
......
...@@ -237,30 +237,33 @@ void Item_bool_func2::fix_length_and_dec() ...@@ -237,30 +237,33 @@ void Item_bool_func2::fix_length_and_dec()
set_cmp_func(); set_cmp_func();
return; return;
} }
if (args[0]->type() == FIELD_ITEM) if (!thd->is_context_analysis_only())
{ {
Field *field=((Item_field*) args[0])->field; if (args[0]->type() == FIELD_ITEM)
if (field->can_be_compared_as_longlong())
{ {
if (convert_constant_item(thd, field,&args[1])) Field *field=((Item_field*) args[0])->field;
if (field->can_be_compared_as_longlong())
{ {
cmp.set_cmp_func(this, tmp_arg, tmp_arg+1, if (convert_constant_item(thd, field,&args[1]))
INT_RESULT); // Works for all types. {
return; cmp.set_cmp_func(this, tmp_arg, tmp_arg+1,
INT_RESULT); // Works for all types.
return;
}
} }
} }
} if (args[1]->type() == FIELD_ITEM /* && !args[1]->const_item() */)
if (args[1]->type() == FIELD_ITEM /* && !args[1]->const_item() */)
{
Field *field=((Item_field*) args[1])->field;
if (field->can_be_compared_as_longlong())
{ {
if (convert_constant_item(thd, field,&args[0])) Field *field=((Item_field*) args[1])->field;
if (field->can_be_compared_as_longlong())
{ {
cmp.set_cmp_func(this, tmp_arg, tmp_arg+1, if (convert_constant_item(thd, field,&args[0]))
INT_RESULT); // Works for all types. {
return; cmp.set_cmp_func(this, tmp_arg, tmp_arg+1,
INT_RESULT); // Works for all types.
return;
}
} }
} }
} }
...@@ -991,7 +994,8 @@ void Item_func_between::fix_length_and_dec() ...@@ -991,7 +994,8 @@ void Item_func_between::fix_length_and_dec()
if (args[0]->type() == FIELD_ITEM) if (args[0]->type() == FIELD_ITEM)
{ {
Field *field=((Item_field*) args[0])->field; Field *field=((Item_field*) args[0])->field;
if (field->can_be_compared_as_longlong()) if (!thd->is_context_analysis_only() &&
field->can_be_compared_as_longlong())
{ {
/* /*
The following can't be recoded with || as convert_constant_item The following can't be recoded with || as convert_constant_item
......
...@@ -299,16 +299,8 @@ Item *create_func_pow(Item* a, Item *b) ...@@ -299,16 +299,8 @@ Item *create_func_pow(Item* a, Item *b)
Item *create_func_current_user() Item *create_func_current_user()
{ {
THD *thd=current_thd; current_thd->lex->safe_to_cache_query= 0;
char buff[HOSTNAME_LENGTH+USERNAME_LENGTH+2]; return new Item_func_user(TRUE);
uint length;
thd->lex->safe_to_cache_query= 0;
length= (uint) (strxmov(buff, thd->priv_user, "@", thd->priv_host, NullS) -
buff);
return new Item_static_string_func("current_user()",
thd->memdup(buff, length), length,
system_charset_info);
} }
Item *create_func_radians(Item *a) Item *create_func_radians(Item *a)
......
...@@ -1522,9 +1522,11 @@ Item *Item_func_sysconst::safe_charset_converter(CHARSET_INFO *tocs) ...@@ -1522,9 +1522,11 @@ Item *Item_func_sysconst::safe_charset_converter(CHARSET_INFO *tocs)
uint conv_errors; uint conv_errors;
String tmp, cstr, *ostr= val_str(&tmp); String tmp, cstr, *ostr= val_str(&tmp);
cstr.copy(ostr->ptr(), ostr->length(), ostr->charset(), tocs, &conv_errors); cstr.copy(ostr->ptr(), ostr->length(), ostr->charset(), tocs, &conv_errors);
if (conv_errors || !(conv= new Item_string(cstr.ptr(), cstr.length(), if (conv_errors ||
cstr.charset(), !(conv= new Item_static_string_func(fully_qualified_func_name(),
collation.derivation))) cstr.ptr(), cstr.length(),
cstr.charset(),
collation.derivation)))
{ {
return NULL; return NULL;
} }
...@@ -1554,13 +1556,24 @@ String *Item_func_user::val_str(String *str) ...@@ -1554,13 +1556,24 @@ String *Item_func_user::val_str(String *str)
DBUG_ASSERT(fixed == 1); DBUG_ASSERT(fixed == 1);
THD *thd=current_thd; THD *thd=current_thd;
CHARSET_INFO *cs= system_charset_info; CHARSET_INFO *cs= system_charset_info;
const char *host= thd->host_or_ip; const char *host, *user;
uint res_length; uint res_length;
if (is_current)
{
user= thd->priv_user;
host= thd->priv_host;
}
else
{
user= thd->user;
host= thd->host_or_ip;
}
// For system threads (e.g. replication SQL thread) user may be empty // For system threads (e.g. replication SQL thread) user may be empty
if (!thd->user) if (!user)
return &my_empty_string; return &my_empty_string;
res_length= (strlen(thd->user)+strlen(host)+2) * cs->mbmaxlen; res_length= (strlen(user)+strlen(host)+2) * cs->mbmaxlen;
if (str->alloc(res_length)) if (str->alloc(res_length))
{ {
...@@ -1568,12 +1581,13 @@ String *Item_func_user::val_str(String *str) ...@@ -1568,12 +1581,13 @@ String *Item_func_user::val_str(String *str)
return 0; return 0;
} }
res_length=cs->cset->snprintf(cs, (char*)str->ptr(), res_length, "%s@%s", res_length=cs->cset->snprintf(cs, (char*)str->ptr(), res_length, "%s@%s",
thd->user, host); user, host);
str->length(res_length); str->length(res_length);
str->set_charset(cs); str->set_charset(cs);
return str; return str;
} }
void Item_func_soundex::fix_length_and_dec() void Item_func_soundex::fix_length_and_dec()
{ {
collation.set(args[0]->collation); collation.set(args[0]->collation);
......
...@@ -356,8 +356,15 @@ public: ...@@ -356,8 +356,15 @@ public:
Item_func_sysconst() Item_func_sysconst()
{ collation.set(system_charset_info,DERIVATION_SYSCONST); } { collation.set(system_charset_info,DERIVATION_SYSCONST); }
Item *safe_charset_converter(CHARSET_INFO *tocs); Item *safe_charset_converter(CHARSET_INFO *tocs);
/*
Used to create correct Item name in new converted item in
safe_charset_converter, return string representation of this function
call
*/
virtual const char *fully_qualified_func_name() const = 0;
}; };
class Item_func_database :public Item_func_sysconst class Item_func_database :public Item_func_sysconst
{ {
public: public:
...@@ -369,18 +376,27 @@ public: ...@@ -369,18 +376,27 @@ public:
maybe_null=1; maybe_null=1;
} }
const char *func_name() const { return "database"; } const char *func_name() const { return "database"; }
const char *fully_qualified_func_name() const { return "database()"; }
}; };
class Item_func_user :public Item_func_sysconst class Item_func_user :public Item_func_sysconst
{ {
bool is_current;
public: public:
Item_func_user() :Item_func_sysconst() {} Item_func_user(bool is_current_arg)
:Item_func_sysconst(), is_current(is_current_arg) {}
String *val_str(String *); String *val_str(String *);
void fix_length_and_dec() void fix_length_and_dec()
{ {
max_length= (USERNAME_LENGTH+HOSTNAME_LENGTH+1)*system_charset_info->mbmaxlen; max_length= ((USERNAME_LENGTH + HOSTNAME_LENGTH + 1) *
system_charset_info->mbmaxlen);
} }
const char *func_name() const { return "user"; } const char *func_name() const
{ return is_current ? "current_user" : "user"; }
const char *fully_qualified_func_name() const
{ return is_current ? "current_user()" : "user()"; }
}; };
......
...@@ -1417,6 +1417,8 @@ public: ...@@ -1417,6 +1417,8 @@ public:
(variables.sql_mode & MODE_STRICT_ALL_TABLES))); (variables.sql_mode & MODE_STRICT_ALL_TABLES)));
} }
void set_status_var_init(); void set_status_var_init();
bool is_context_analysis_only()
{ return current_arena->is_stmt_prepare() || lex->view_prepare_mode; }
}; };
#define tmp_disable_binlog(A) \ #define tmp_disable_binlog(A) \
......
...@@ -4794,7 +4794,7 @@ simple_expr: ...@@ -4794,7 +4794,7 @@ simple_expr:
| UNIX_TIMESTAMP '(' expr ')' | UNIX_TIMESTAMP '(' expr ')'
{ $$= new Item_func_unix_timestamp($3); } { $$= new Item_func_unix_timestamp($3); }
| USER '(' ')' | USER '(' ')'
{ $$= new Item_func_user(); Lex->safe_to_cache_query=0; } { $$= new Item_func_user(FALSE); Lex->safe_to_cache_query=0; }
| UTC_DATE_SYM optional_braces | UTC_DATE_SYM optional_braces
{ $$= new Item_func_curdate_utc(); Lex->safe_to_cache_query=0;} { $$= new Item_func_curdate_utc(); Lex->safe_to_cache_query=0;}
| UTC_TIME_SYM optional_braces | UTC_TIME_SYM optional_braces
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment