• unknown's avatar
    Fix for bug #11555 "Stored procedures: current SP tables locking make · 0c8e312c
    unknown authored
    impossible view security".
    
    We should not expose names of tables which are explicitly or implicitly (via
    routine or trigger) used by view even if we find that they are missing.
    So during building of list of prelocked tables for statement we track which
    routines (and therefore tables for these routines) are used from views. We
    mark elements of LEX::routines set which correspond to routines used in views
    by setting Sroutine_hash_entry::belong_to_view member to point to TABLE_LIST
    object for topmost view which uses routine. We propagate this mark to all
    routines which are used by this routine and which we add to this set. We also
    mark tables used by such routine which we add to the list of tables for
    prelocking as belonging to this view.
    
    
    mysql-test/r/sp-error.result:
      Added test for bug #11555 "Stored procedures: current SP tables locking make 
      impossible view security".
    mysql-test/r/view.result:
      We should not expose tables which are expicitly/implicitly used in view in
      check table statement.
    mysql-test/t/sp-error.test:
      Added test for bug #11555 "Stored procedures: current SP tables locking make 
      impossible view security".
    mysql-test/t/view.test:
      Removed comment obsoleted by bugfix.
    sql/sp.cc:
      We should not expose names of tables which are explicitly or implicitly
      (via routine or trigger) used by view even if we find that they are missing.
      So during building of list of prelocked tables for statement we track which
      routines (and therefore tables for these routines) are used from views. We
      mark elements of LEX::routines set which correspond to routines used in views
      by setting Sroutine_hash_entry::belong_to_view member to point to TABLE_LIST
      object for topmost view which uses routine. We propagate this mark to all
      routines which are used by this routine and which we add to this set. We also
      mark tables used by such routine which we add to the list of tables for
      prelocking as belonging to this view.
    sql/sp.h:
      sp_cache_routines_and_add_tables_for_view()/for_triggers():
        To be able to determine correctly uppermost view which uses this view/table
        with trigger we have to pass pointer to TABLE_LIST object instead of pointer
        to view's LEX or to Table_triggers_list object.
    sql/sp_head.cc:
      sp_head::add_used_tables_to_table_list():
        Added new argument which allows to mark tables which are added to table
        list for prelocking as belonging to view (this allows properly hide names
        of tables which are used in routines used by views).
    sql/sp_head.h:
      sp_head::add_used_tables_to_table_list():
        Added new argument which allows to mark tables which are added to table
        list for prelocking as belonging to view (this allows properly hide names
        of tables which are used in routines used by views).
    sql/sql_base.cc:
      open_tables():
        sp_cache_routines_and_add_tables_for_view()/for_triggers() now accept
        pointer to table list element as last argument, this allows them to determine
        correctly uppermost view which uses this view/table with trigger.
    sql/sql_trigger.h:
      Table_triggers_list:
        sp_cache_routines_and_add_tables_for_triggers() now accept pointer to table
        list element as last argument, this allows to determine correctly uppermost
        view which uses this table with trigger.
    0c8e312c
sql_trigger.h 4.37 KB