From a2fc4843e38fcf12cacd526f1227cc0b30488bb5 Mon Sep 17 00:00:00 2001
From: unknown <kroki@mysql.com>
Date: Sun, 2 Jul 2006 14:35:45 +0400
Subject: Bug#20570: CURRENT_USER() in a VIEW with SQL SECURITY DEFINER returns
            invoker name

The bug was fixed similar to how context switch is handled in
Item_func_sp::execute_impl(): we store pointer to current
Name_resolution_context in Item_func_current_user class, and use
its Security_context in Item_func_current_user::fix_fields().


mysql-test/r/view_grant.result:
  Add result for bug#20570.
mysql-test/t/view_grant.test:
  Add test case for bug#20570.
sql/item_create.cc:
  Remove create_func_current_user(), as it is not used for automatic
  function creation.
sql/item_create.h:
  Remove prototype for create_func_current_user().
sql/item_strfunc.cc:
  Add implementations for Item_func_user::init(),
  Item_func_user::fix_fields() and
  Item_func_current_user::fix_fields() methods.  The latter uses
  Security_context from current Name_resolution_context, if one is
  defined.
sql/item_strfunc.h:
  Move implementation of CURRENT_USER() out of Item_func_user to
  to new Item_func_current_user class.  For both classes calculate
  user name in fix_fields() method.
  For Item_func_current_user add context field to store
  Name_resolution_context in effect.
sql/sql_yacc.yy:
  Pass current Name_resolution_context to Item_func_current_user.
---
 sql/item_strfunc.h | 35 +++++++++++++++++++++++++++--------
 1 file changed, 27 insertions(+), 8 deletions(-)

(limited to 'sql/item_strfunc.h')

diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h
index 90d421a2c68..d73ab75394b 100644
--- a/sql/item_strfunc.h
+++ b/sql/item_strfunc.h
@@ -385,21 +385,40 @@ public:
 
 class Item_func_user :public Item_func_sysconst
 {
-  bool is_current;
+protected:
+  bool init (const char *user, const char *host);
 
 public:
-  Item_func_user(bool is_current_arg)
-    :Item_func_sysconst(), is_current(is_current_arg) {}
-  String *val_str(String *);
+  Item_func_user()
+  {
+    str_value.set("", 0, system_charset_info);
+  }
+  String *val_str(String *)
+  {
+    DBUG_ASSERT(fixed == 1);
+    return (null_value ? 0 : &str_value);
+  }
+  bool fix_fields(THD *thd, Item **ref);
   void fix_length_and_dec()
   {
     max_length= ((USERNAME_LENGTH + HOSTNAME_LENGTH + 1) *
                  system_charset_info->mbmaxlen);
   }
-  const char *func_name() const
-    { return is_current ? "current_user" : "user"; }
-  const char *fully_qualified_func_name() const
-    { return is_current ? "current_user()" : "user()"; }
+  const char *func_name() const { return "user"; }
+  const char *fully_qualified_func_name() const { return "user()"; }
+};
+
+
+class Item_func_current_user :public Item_func_user
+{
+  Name_resolution_context *context;
+
+public:
+  Item_func_current_user(Name_resolution_context *context_arg)
+    : context(context_arg) {}
+  bool fix_fields(THD *thd, Item **ref);
+  const char *func_name() const { return "current_user"; }
+  const char *fully_qualified_func_name() const { return "current_user()"; }
 };
 
 
-- 
cgit v1.2.1