MDEV-15945 --ps-protocol does not test some queries

Make mysqltest to use --ps-protocol more use prepared statements for everything that server supports with the exception of CALL (for now). Fix discovered test failures and bugs. tests: * PROCESSLIST shows Execute state, not Query * SHOW STATUS increments status variables more than in text protocol * multi-statements should be avoided (see tests with a wrong delimiter) * performance_schema events have different names in --ps-protocol * --enable_prepare_warnings mysqltest.cc: * make sure run_query_stmt() doesn't crash if there's no active connection (in wait_until_connected_again.inc) * prepare all statements that server supports protocol.h * Protocol_discard::send_result_set_metadata() should not send anything to the client. sql_acl.cc: * extract the functionality of getting the user for SHOW GRANTS from check_show_access(), so that mysql_test_show_grants() could generate the correct column names in the prepare step sql_class.cc: * result->prepare() can fail, don't ignore its return value * use correct number of decimals for EXPLAIN columns sql_parse.cc: * discard profiling for SHOW PROFILE. In text protocol it's done in prepare_schema_table(), but in --ps it is called on prepare only, so nothing was discarding profiling during execute. * move the permission checking code for SHOW CREATE VIEW to mysqld_show_create_get_fields(), so that it would be called during prepare step too. * only set sel_result when it was created here and needs to be destroyed in the same block. Avoid destroying lex->result. * use the correct number of tables in check_show_access(). Saying "as many as possible" doesn't work when first_not_own_table isn't set yet. sql_prepare.cc: * use correct user name for SHOW GRANTS columns * don't ignore verbose flag for SHOW SLAVE STATUS * support preparing REVOKE ALL and ROLLBACK TO SAVEPOINT * don't ignore errors from thd->prepare_explain_fields() * use select_send result for sending ANALYZE and EXPLAIN, but don't overwrite lex->result, because it might be needed to issue execute-time errors (select_dumpvar - too many rows) sql_show.cc: * check grants for SHOW CREATE VIEW here, not in mysql_execute_command sql_view.cc: * use the correct function to check privileges. Old code was doing check_access() for thd->security_ctx, which is invoker's sctx, not definer's sctx. Hide various view related errors from the invoker. sql_yacc.yy: * initialize lex->select_lex for LOAD, otherwise it'll contain garbage data that happen to fail tests with views in --ps (but not otherwise).
author: Sergei Golubchik <serg@mariadb.org> 2019-03-10 23:59:50 +0100
committer: Sergei Golubchik <serg@mariadb.org> 2019-03-12 13:10:49 +0100
commit: a62e9a83c04738009918ae63da41c9bea7ab941e (patch)
tree: 16b9b101d29ae755e159bf024e53a8a1d73d250f /sql/sql_show.cc
parent: 22f1cf9292f859f2f59208f267917481b29d4739 (diff)
download: mariadb-git-a62e9a83c04738009918ae63da41c9bea7ab941e.tar.gz
1 files changed, 42 insertions, 0 deletions
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index e0a4fb4ea95..e1c599102c6 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -1148,6 +1148,48 @@ mysqld_show_create_get_fields(THD *thd, TABLE_LIST *table_list,
   DBUG_PRINT("enter",("db: %s  table: %s",table_list->db,
                       table_list->table_name));
 
+  if (lex->only_view)
+  {
+    if (check_table_access(thd, SELECT_ACL, table_list, FALSE, 1, FALSE))
+    {
+      DBUG_PRINT("debug", ("check_table_access failed"));
+      my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
+              "SHOW", thd->security_ctx->priv_user,
+              thd->security_ctx->host_or_ip, table_list->alias);
+      goto exit;
+    }
+    DBUG_PRINT("debug", ("check_table_access succeeded"));
+
+    /* Ignore temporary tables if this is "SHOW CREATE VIEW" */
+    table_list->open_type= OT_BASE_ONLY;
+  }
+  else
+  {
+    /*
+      Temporary tables should be opened for SHOW CREATE TABLE, but not
+      for SHOW CREATE VIEW.
+    */
+    if (open_temporary_tables(thd, table_list))
+      goto exit;
+
+    /*
+      The fact that check_some_access() returned FALSE does not mean that
+      access is granted. We need to check if table_list->grant.privilege
+      contains any table-specific privilege.
+    */
+    DBUG_PRINT("debug", ("table_list->grant.privilege: %lx",
+                         table_list->grant.privilege));
+    if (check_some_access(thd, SHOW_CREATE_TABLE_ACLS, table_list) ||
+        (table_list->grant.privilege & SHOW_CREATE_TABLE_ACLS) == 0)
+    {
+      my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
+              "SHOW", thd->security_ctx->priv_user,
+              thd->security_ctx->host_or_ip, table_list->alias);
+      goto exit;
+    }
+  }
+  /* Access is granted. Execute the command.  */
+
   /* We want to preserve the tree for views. */
   lex->context_analysis_only|= CONTEXT_ANALYSIS_ONLY_VIEW;
author	Sergei Golubchik <serg@mariadb.org>	2019-03-10 23:59:50 +0100
committer	Sergei Golubchik <serg@mariadb.org>	2019-03-12 13:10:49 +0100
commit	a62e9a83c04738009918ae63da41c9bea7ab941e (patch)
tree	16b9b101d29ae755e159bf024e53a8a1d73d250f /sql/sql_show.cc
parent	22f1cf9292f859f2f59208f267917481b29d4739 (diff)
download	mariadb-git-a62e9a83c04738009918ae63da41c9bea7ab941e.tar.gz