Commit 506c6eb9 authored by bell@sanja.is.com.ua's avatar bell@sanja.is.com.ua

postmerge fixes

parent 3f66053a
......@@ -532,7 +532,7 @@ void *create_embedded_thd(int client_flag, char *db)
int check_embedded_connection(MYSQL *mysql)
{
THD *thd= (THD*)mysql->thd;
st_security_context *sctx= thd->security_ctx;
Security_context *sctx= thd->security_ctx;
sctx->host_or_ip= sctx->host= (char*)my_localhost;
sctx->priv_user= sctx->user= my_strdup(mysql->user, MYF(0));
return check_user(thd, COM_CONNECT, NULL, 0, thd->db, true);
......
......@@ -4711,21 +4711,11 @@ Item_func_sp::execute(Item **itp)
THD *thd= current_thd;
int res= -1;
Sub_statement_state statement_state;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
Security_context *save_ctx;
#endif
if (! m_sp && ! (m_sp= sp_find_function(thd, m_name, TRUE)))
{
my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION", m_name->m_qname.str);
if (find_and_check_access(thd, EXECUTE_ACL, &save_ctx))
goto error;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(EXECUTE_ACL, 0, &save_ctx))
goto error;
#endif
/*
Disable the binlogging if this is not a SELECT statement. If this is a
SELECT, leave binlogging on, so execute_function() code writes the
......@@ -4734,7 +4724,7 @@ Item_func_sp::execute(Item **itp)
thd->reset_sub_statement_state(&statement_state, SUB_STMT_FUNCTION);
res= m_sp->execute_function(thd, args, arg_count, itp);
thd->restore_sub_statement_state(&statement_state);
if (res && mysql_bin_log.is_open() &&
(m_sp->m_chistics->daccess == SP_CONTAINS_SQL ||
m_sp->m_chistics->daccess == SP_MODIFIES_SQL_DATA))
......@@ -4851,71 +4841,67 @@ Item_func_sp::tmp_table_field(TABLE *t_arg)
DBUG_RETURN(res);
}
/*
Check access rigths to function
Find the function and chack access rigths to the function
SYNOPSIS
check_access()
find_and_check_access()
thd thread handler
want_access requested access
report_error whether to set error to thd->net.report_error
sp_ctx sp security context for switching
backup backup of security context or 0
RETURN
0 Access granted
1 Requested access can't be granted or function doesn't exists
FALSE Access granted
TRUE Requested access can't be granted or function doesn't exists
NOTES
Checks if requested access to function can be granted to user.
If function isn't found yet, it searches function first.
If function can't be found or user don't have requested access
and report_error is true error is raised.
error is raised.
If security context sp_ctx is provided and access can be granted then
switch back to previous context isn't performed.
In case of access error or if context is not provided then check_access()
switches back to previous security context.
In case of access error or if context is not provided then
find_and_check_access() switches back to previous security context.
*/
bool
Item_func_sp::check_access(ulong want_access, bool report_error, st_sp_security_context *sp_ctx)
Item_func_sp::find_and_check_access(THD *thd, ulong want_access,
Security_context **backup)
{
bool res;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
THD *thd= current_thd;
st_sp_security_context save_ctx, *curr_ctx= sp_ctx?sp_ctx:&save_ctx;
bool ctx_switched= 0;
res= 1;
Security_context *local_save,
**save= (backup ? backup : &local_save);
res= TRUE;
if (! m_sp && ! (m_sp= sp_find_function(thd, m_name, TRUE)))
{
my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION", m_name->m_qname.str);
if (report_error)
thd->net.report_error= 1;
goto error;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_routine_access(thd, want_access,
m_sp->m_db.str, m_sp->m_name.str, 0, 0))
m_sp->m_db.str, m_sp->m_name.str, 0, FALSE))
{
if (report_error)
thd->net.report_error= 1;
goto error;
}
sp_change_security_context(thd, m_sp, curr_ctx);
ctx_switched= curr_ctx->changed;
if (curr_ctx->changed &&
sp_change_security_context(thd, m_sp, save);
if (*save &&
check_routine_access(thd, want_access,
m_sp->m_db.str, m_sp->m_name.str, 0, 0))
m_sp->m_db.str, m_sp->m_name.str, 0, FALSE))
{
if (report_error)
thd->net.report_error= 1;
goto error_check_ctx;
}
res= 0;
res= FALSE;
error_check_ctx:
if (ctx_switched && (res || !sp_ctx))
sp_restore_security_context(thd, m_sp, curr_ctx);
if (*save && (res || !backup))
sp_restore_security_context(thd, local_save);
error:
#else
res= 0;
error:
#endif
return res;
};
......@@ -4926,7 +4912,7 @@ Item_func_sp::fix_fields(THD *thd, Item **ref)
bool res;
DBUG_ASSERT(fixed == 0);
res= Item_func::fix_fields(thd, ref);
if (!res && check_access(EXECUTE_ACL, 1, NULL))
if (!res && find_and_check_access(thd, EXECUTE_ACL, NULL))
res= 1;
return res;
}
......@@ -1435,7 +1435,8 @@ class Item_func_sp :public Item_func
{ context= (Name_resolution_context *)cntx; return FALSE; }
void fix_length_and_dec();
bool check_access(ulong want_access, bool report_error, st_sp_security_context *sp_ctx);
bool find_and_check_access(THD * thd, ulong want_access,
Security_context **backup);
virtual enum Functype functype() const { return FUNC_SP; }
bool fix_fields(THD *thd, Item **ref);
......
......@@ -273,7 +273,7 @@ int check_user(THD *thd, enum enum_server_command command,
DBUG_ENTER("check_user");
#ifdef NO_EMBEDDED_ACCESS_CHECKS
thd->ain_security_ctx.master_access= GLOBAL_ACLS; // Full rights
thd->main_security_ctx.master_access= GLOBAL_ACLS; // Full rights
/* Change database if necessary */
if (db && db[0])
{
......@@ -4490,10 +4490,10 @@ mysql_execute_command(THD *thd)
mysql_bin_log.is_open())
{
String buff;
LEX_STRING command[3]=
{{STRING_WITH_LEN("CREATE ")},
{STRING_WITH_LEN("ALTER ")},
{STRING_WITH_LEN("CREATE OR REPLACE ")}};
const LEX_STRING command[3]=
{{(char *)STRING_WITH_LEN("CREATE ")},
{(char *)STRING_WITH_LEN("ALTER ")},
{(char *)STRING_WITH_LEN("CREATE OR REPLACE ")}};
thd->clear_error();
buff.append(command[thd->lex->create_view_mode].str,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment