10.0-base merge (roles)

author: Sergei Golubchik <sergii@pisem.net> 2013-10-29 15:08:44 +0100
committer: Sergei Golubchik <sergii@pisem.net> 2013-10-29 15:08:44 +0100
commit: 0fdb3bcfdbfa5d7cad28adc1c0f7c0958cdab2e0 (patch)
tree: 7d6a1d36b975e2b1bb8d9ffd3b7511ec0694349e /sql/sql_view.cc
parent: 7dc48ae327ad27205dffe0cec16b445d01529f84 (diff)
parent: fef416699009b78366d9eec937c01822b531f518 (diff)
download: mariadb-git-0fdb3bcfdbfa5d7cad28adc1c0f7c0958cdab2e0.tar.gz
1 files changed, 22 insertions, 63 deletions
diff --git a/sql/sql_view.cc b/sql/sql_view.cc
index 6f030d28678..505b8b25f89 100644
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@@ -39,8 +39,7 @@
 
 const LEX_STRING view_type= { C_STRING_WITH_LEN("VIEW") };
 
-static int mysql_register_view(THD *thd, TABLE_LIST *view,
-			       enum_view_create_mode mode);
+static int mysql_register_view(THD *, TABLE_LIST *, enum_view_create_mode);
 
 /*
   Make a unique name for an anonymous view column
@@ -467,60 +466,9 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
   }
 
   sp_cache_invalidate();
+  if (sp_process_definer(thd))
+    goto err;
 
-  if (!lex->definer)
-  {
-    /*
-      DEFINER-clause is missing; we have to create default definer in
-      persistent arena to be PS/SP friendly.
-      If this is an ALTER VIEW then the current user should be set as
-      the definer.
-    */
-    Query_arena original_arena;
-    Query_arena *ps_arena = thd->activate_stmt_arena_if_needed(&original_arena);
-
-    if (!(lex->definer= create_default_definer(thd)))
-      res= TRUE;
-
-    if (ps_arena)
-      thd->restore_active_arena(ps_arena, &original_arena);
-
-    if (res)
-      goto err;
-  }
-
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
-  /*
-    check definer of view:
-      - same as current user
-      - current user has SUPER_ACL
-  */
-  if (lex->definer &&
-      (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 ||
-       my_strcasecmp(system_charset_info,
-                     lex->definer->host.str,
-                     thd->security_ctx->priv_host) != 0))
-  {
-    if (!(thd->security_ctx->master_access & SUPER_ACL))
-    {
-      my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER");
-      res= TRUE;
-      goto err;
-    }
-    else
-    {
-      if (!is_acl_user(lex->definer->host.str,
-                       lex->definer->user.str))
-      {
-        push_warning_printf(thd, Sql_condition::WARN_LEVEL_NOTE,
-                            ER_NO_SUCH_USER,
-                            ER(ER_NO_SUCH_USER),
-                            lex->definer->user.str,
-                            lex->definer->host.str);
-      }
-    }
-  }
-#endif
   /*
     check that tables are not temporary  and this VIEW do not used in query
     (it is possible with ALTERing VIEW).
@@ -884,7 +832,11 @@ static int mysql_register_view(THD *thd, TABLE_LIST *view,
     goto err;   
   }
 
-  view->file_version= 1;
+  /*
+    version 1 - before 10.0.5
+    version 2 - empty definer_host means a role
+  */
+  view->file_version= 2;
   view->calc_md5(md5);
   if (!(view->md5.str= (char*) thd->memdup(md5, 32)))
   {
@@ -1079,19 +1031,16 @@ err:
 bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
                      uint flags)
 {
-  SELECT_LEX *end, *view_select;
+  SELECT_LEX *end, *UNINIT_VAR(view_select);
   LEX *old_lex, *lex;
   Query_arena *arena, backup;
   TABLE_LIST *top_view= table->top_table();
-  bool parse_status;
+  bool UNINIT_VAR(parse_status);
   bool result, view_is_mergeable;
   TABLE_LIST *UNINIT_VAR(view_main_select_tables);
   DBUG_ENTER("mysql_make_view");
   DBUG_PRINT("info", ("table: 0x%lx (%s)", (ulong) table, table->table_name));
 
-  LINT_INIT(parse_status);
-  LINT_INIT(view_select);
-
   if (table->view)
   {
     /*
@@ -1178,8 +1127,16 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
     push_warning_printf(thd, Sql_condition::WARN_LEVEL_WARN,
                         ER_VIEW_FRM_NO_USER, ER(ER_VIEW_FRM_NO_USER),
                         table->db, table->table_name);
-    get_default_definer(thd, &table->definer);
+    get_default_definer(thd, &table->definer, false);
   }
+  
+  /*
+    since 10.0.5 definer.host can never be "" for a User, but it's
+    always "" for a Role. Before 10.0.5 it could be "" for a User,
+    but roles didn't exist. file_version helps.
+  */
+  if (!table->definer.host.str[0] && table->file_version < 2)
+    table->definer.host= host_not_specified; // User, not Role
 
   /*
     Initialize view definition context by character set names loaded from
@@ -1303,7 +1260,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
     TABLE_LIST *view_tables= lex->query_tables;
     TABLE_LIST *view_tables_tail= 0;
     TABLE_LIST *tbl;
-    Security_context *security_ctx;
+    Security_context *security_ctx= 0;
 
     /*
       Check rights to run commands (EXPLAIN SELECT & SHOW CREATE) which show
@@ -1478,6 +1435,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
     if (view_select->options & OPTION_TO_QUERY_CACHE)
       old_lex->select_lex.options|= OPTION_TO_QUERY_CACHE;
 
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
     if (table->view_suid)
     {
       /*
@@ -1498,6 +1456,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
       */
       security_ctx= table->security_ctx;
     }
+#endif
 
     /* Assign the context to the tables referenced in the view */
     if (view_tables)
author	Sergei Golubchik <sergii@pisem.net>	2013-10-29 15:08:44 +0100
committer	Sergei Golubchik <sergii@pisem.net>	2013-10-29 15:08:44 +0100
commit	0fdb3bcfdbfa5d7cad28adc1c0f7c0958cdab2e0 (patch)
tree	7d6a1d36b975e2b1bb8d9ffd3b7511ec0694349e /sql/sql_view.cc
parent	7dc48ae327ad27205dffe0cec16b445d01529f84 (diff)
parent	fef416699009b78366d9eec937c01822b531f518 (diff)
download	mariadb-git-0fdb3bcfdbfa5d7cad28adc1c0f7c0958cdab2e0.tar.gz