From cd05976dda437735cea2b920ea42def84cb0b0cd Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 13 Jul 2006 17:12:31 +0400 Subject: Bug#18630: Arguments of suid routine calculated in wrong security context. Routine arguments were evaluated in the security context of the routine itself, not in the caller's context. The bug is fixed the following way: - Item_func_sp::find_and_check_access() has been split into two functions: Item_func_sp::find_and_check_access() itself only finds the function and check that the caller have EXECUTE privilege on it. New function set_routine_security_ctx() changes security context for SUID routines and checks that definer have EXECUTE privilege too. - new function sp_head::execute_trigger() is called from Table_triggers_list::process_triggers() instead of sp_head::execute_function(), and is effectively just as the sp_head::execute_function() is, with all non-trigger related code removed, and added trigger-specific security context switch. - call to Item_func_sp::find_and_check_access() stays outside of sp_head::execute_function(), and there is a code in sql_parse.cc before the call to sp_head::execute_procedure() that checks that the caller have EXECUTE privilege, but both sp_head::execute_function() and sp_head::execute_procedure() call set_routine_security_ctx() after evaluating their parameters, and restore the context after the body is executed. mysql-test/r/sp-security.result: Add test case for bug#18630: Arguments of suid routine calculated in wrong security context. mysql-test/t/sp-security.test: Add result for bug#18630: Arguments of suid routine calculated in wrong security context. sql/item_func.cc: Do not change security context before executing the function, as it will be changed after argument evaluation. Do not change security context in Item_func_sp::find_and_check_access(). sql/item_func.h: Change prototype for Item_func_sp::find_and_check_access(). sql/sp_head.cc: Add set_routine_security_ctx() function. Add sp_head::execute_trigger() method. Change security context in sp_head::execute_trigger(), and in sp_head::execute_function() and sp_head::execute_procedure() after argument evaluation. Move pop_all_cursors() call to sp_head::execute(). sql/sp_head.h: Add declaration for sp_head::execute_trigger() and set_routine_security_ctx(). sql/sql_parse.cc: Do not change security context before executing the procedure, as it will be changed after argument evaluation. sql/sql_trigger.cc: Call new sp_head::execute_trigger() instead of sp_head::execute_function(), which is responsible to switch security context. --- sql/sp_head.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'sql/sp_head.h') diff --git a/sql/sp_head.h b/sql/sp_head.h index 073cca2cd12..36747716bdc 100644 --- a/sql/sp_head.h +++ b/sql/sp_head.h @@ -206,6 +206,10 @@ public: void destroy(); + bool + execute_trigger(THD *thd, const char *db, const char *table, + GRANT_INFO *grant_onfo); + bool execute_function(THD *thd, Item **args, uint argcount, Field *return_fld); @@ -1149,6 +1153,10 @@ sp_change_security_context(THD *thd, sp_head *sp, Security_context **backup); void sp_restore_security_context(THD *thd, Security_context *backup); + +bool +set_routine_security_ctx(THD *thd, sp_head *sp, bool is_proc, + Security_context **save_ctx); #endif /* NO_EMBEDDED_ACCESS_CHECKS */ TABLE_LIST * -- cgit v1.2.1 From 51ce3a0e9f0e7f0e9d2be5228c4567e6e5456ede Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 27 Jul 2006 17:57:43 +0400 Subject: Fix for BUG#16211: Stored function return type for strings is ignored. Fix for BUG#16676: Database CHARSET not used for stored procedures The problem in BUG#16211 is that CHARSET-clause of the return type for stored functions is just ignored. The problem in BUG#16676 is that if character set is not explicitly specified for sp-variable, the server character set is used instead of the database one. The fix has two parts: - always store CHARSET-clause of the return type along with the type definition in mysql.proc.returns column. "Always" means that CHARSET-clause is appended even if it has not been explicitly specified in CREATE FUNCTION statement (this affects BUG#16211 only). Storing CHARSET-clause if it is not specified is essential to avoid changing character set if the database character set is altered in the future. NOTE: this change is not backward compatible with the previous releases. - use database default character set if CHARSET-clause is not explicitly specified (this affects both BUG#16211 and BUG#16676). NOTE: this also breaks backward compatibility. mysql-test/r/mysqldump.result: Updated result file. mysql-test/r/sp.result: Updated result file. mysql-test/t/sp.test: Provided test cases for BUG#16211, BUG#16676. sql/mysql_priv.h: Added two convenient functions for work with databases. sql/sp.cc: 1. Add CHARSET-clause to CREATE-statement if it has been explicitly specified. 2. Polishing -- provided some comments. sql/sp_head.cc: Use database charset as default charset of sp-variable. sql/sp_head.h: Move init_sp_name() out of init_strings(). sql/sql_db.cc: Two new functions created: - load_db_opt_by_name(); - check_db_dir_existence(); sql/sql_show.cc: Eliminate duplicated code by using check_db_dir_existence() and load_db_opt_by_name() sql/sql_table.cc: Eliminate duplicated code by using check_db_dir_existence() and load_db_opt_by_name() sql/sql_yacc.yy: Call sp_head::init_sp_name() to initialize stored routine name. --- sql/sp_head.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'sql/sp_head.h') diff --git a/sql/sp_head.h b/sql/sp_head.h index 36747716bdc..4cd34bc9e20 100644 --- a/sql/sp_head.h +++ b/sql/sp_head.h @@ -193,9 +193,13 @@ public: void init(LEX *lex); + /* Copy sp name from parser. */ + void + init_sp_name(THD *thd, sp_name *spname); + // Initialize strings after parsing header void - init_strings(THD *thd, LEX *lex, sp_name *name); + init_strings(THD *thd, LEX *lex); int create(THD *thd); -- cgit v1.2.1