Fix bug #12812 create view calling a function works without execute right on function

Execution rigths on function was checked just before function execution, thus it was unknown on prepare stage whether user have right to execute particular function. Added access rights checking function which is called right after fixing Item_func_sp. This have additional effect that if user don't have rights for execution query will fail on earlier stage and will not waste resources on optimizing with failing on execution stage. sql/item_func.h: Fix bug#12812 create view calling a function works without execute right on function sql/item_func.cc: Fix bug#12812 create view calling a function works without execute right on function Added function Item_func_sp::check_access() which checks access rights. Added function Item_func_sp::fix_field() which calls check_access() after fixing. Item_func_sp::execute() now calls to check_access() to check access rights. mysql-test/t/sp.test: Test case for bug#12812 create view calling a function works without execute right on function mysql-test/r/sp.result: Test case for bug#12812 create view calling a function works without execute right on function
author: unknown <evgen@moonbone.local> 2005-09-20 03:05:35 +0400
committer: unknown <evgen@moonbone.local> 2005-09-20 03:05:35 +0400
commit: 43dd29dfaade07858fb7e11ed791f811c6d6d33b (patch)
tree: 61a36ffed571886237ed8412712c855c4cbd9f7e /sql/item_func.cc
parent: ec0f18c28f2ac03345cc48263e7f6b88db233b75 (diff)
download: mariadb-git-43dd29dfaade07858fb7e11ed791f811c6d6d33b.tar.gz
1 files changed, 81 insertions, 8 deletions
diff --git a/sql/item_func.cc b/sql/item_func.cc
index 8125264ab15..f7f23ab7bf8 100644
--- a/sql/item_func.cc
+++ b/sql/item_func.cc
@@ -4711,14 +4711,8 @@ Item_func_sp::execute(Item **itp)
   }
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-  if (check_routine_access(thd, EXECUTE_ACL, 
-			   m_sp->m_db.str, m_sp->m_name.str, 0, 0))
+  if (check_access(EXECUTE_ACL, 0, &save_ctx))
     goto error;
-  sp_change_security_context(thd, m_sp, &save_ctx);
-  if (save_ctx.changed && 
-      check_routine_access(thd, EXECUTE_ACL, 
-			   m_sp->m_db.str, m_sp->m_name.str, 0, 0))
-    goto error_check_ctx;
 #endif
   /*
     Disable the binlogging if this is not a SELECT statement. If this is a
@@ -4737,7 +4731,6 @@ Item_func_sp::execute(Item **itp)
 		 ER(ER_FAILED_ROUTINE_BREAK_BINLOG));
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-error_check_ctx:
   sp_restore_security_context(thd, m_sp, &save_ctx);
 #endif
 
@@ -4845,3 +4838,83 @@ Item_func_sp::tmp_table_field(TABLE *t_arg)
 
   DBUG_RETURN(res);
 }
+
+/*
+  Check access rigths to function
+
+  SYNOPSIS
+    check_access()
+    want_access   requested access
+    report_error  whether to set error to thd->net.report_error
+    sp_ctx        sp security context for switching
+
+  RETURN
+    0     Access granted
+    1     Requested access can't be granted or function doesn't exists
+
+  NOTES
+    Checks if requested access to function can be granted to user.
+    If function isn't found yet, it searches function first.
+    If function can't be found or user don't have requested access
+    and report_error is true error is raised.
+    If security context sp_ctx is provided and access can be granted then
+    switch back to previous context isn't performed.
+    In case of access error or if context is not provided then check_access()
+    switches back to previous security context.
+*/
+bool
+Item_func_sp::check_access(ulong want_access, bool report_error, st_sp_security_context *sp_ctx)
+{
+  bool res;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+  THD *thd= current_thd;
+  st_sp_security_context save_ctx, *curr_ctx= sp_ctx?sp_ctx:&save_ctx;
+  bool ctx_switched= 0;
+  res= 1;
+  if (! m_sp && ! (m_sp= sp_find_function(thd, m_name, TRUE)))
+  {
+    my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION", m_name->m_qname.str);
+    if (report_error)
+      thd->net.report_error= 1;
+    goto error;
+  }
+
+  if (check_routine_access(thd, want_access,
+			   m_sp->m_db.str, m_sp->m_name.str, 0, 0))
+  {
+    if (report_error)
+      thd->net.report_error= 1;
+    goto error;
+  }
+
+  sp_change_security_context(thd, m_sp, curr_ctx);
+  ctx_switched= curr_ctx->changed;
+  if (save_ctx.changed &&
+      check_routine_access(thd, want_access,
+			   m_sp->m_db.str, m_sp->m_name.str, 0, 0))
+  {
+    if (report_error)
+      thd->net.report_error= 1;
+    goto error_check_ctx;
+  }
+  res= 0;
+error_check_ctx:
+  if (ctx_switched && (res || !sp_ctx))
+    sp_restore_security_context(thd, m_sp, curr_ctx);
+error:
+#else
+  res= 0;
+#endif
+  return res;
+};
+
+bool
+Item_func_sp::fix_fields(THD *thd, Item **ref)
+{
+  bool res;
+  DBUG_ASSERT(fixed == 0);
+  res= Item_func::fix_fields(thd, ref);
+  if (!res && check_access(EXECUTE_ACL, 1, NULL))
+    res= 1;
+  return res;
+}
author	unknown <evgen@moonbone.local>	2005-09-20 03:05:35 +0400
committer	unknown <evgen@moonbone.local>	2005-09-20 03:05:35 +0400
commit	43dd29dfaade07858fb7e11ed791f811c6d6d33b (patch)
tree	61a36ffed571886237ed8412712c855c4cbd9f7e /sql/item_func.cc
parent	ec0f18c28f2ac03345cc48263e7f6b88db233b75 (diff)
download	mariadb-git-43dd29dfaade07858fb7e11ed791f811c6d6d33b.tar.gz