From a2fc4843e38fcf12cacd526f1227cc0b30488bb5 Mon Sep 17 00:00:00 2001 From: unknown Date: Sun, 2 Jul 2006 14:35:45 +0400 Subject: Bug#20570: CURRENT_USER() in a VIEW with SQL SECURITY DEFINER returns invoker name The bug was fixed similar to how context switch is handled in Item_func_sp::execute_impl(): we store pointer to current Name_resolution_context in Item_func_current_user class, and use its Security_context in Item_func_current_user::fix_fields(). mysql-test/r/view_grant.result: Add result for bug#20570. mysql-test/t/view_grant.test: Add test case for bug#20570. sql/item_create.cc: Remove create_func_current_user(), as it is not used for automatic function creation. sql/item_create.h: Remove prototype for create_func_current_user(). sql/item_strfunc.cc: Add implementations for Item_func_user::init(), Item_func_user::fix_fields() and Item_func_current_user::fix_fields() methods. The latter uses Security_context from current Name_resolution_context, if one is defined. sql/item_strfunc.h: Move implementation of CURRENT_USER() out of Item_func_user to to new Item_func_current_user class. For both classes calculate user name in fix_fields() method. For Item_func_current_user add context field to store Name_resolution_context in effect. sql/sql_yacc.yy: Pass current Name_resolution_context to Item_func_current_user. --- mysql-test/t/view_grant.test | 62 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) (limited to 'mysql-test/t/view_grant.test') diff --git a/mysql-test/t/view_grant.test b/mysql-test/t/view_grant.test index 4663a667d25..6bf4accc2e4 100644 --- a/mysql-test/t/view_grant.test +++ b/mysql-test/t/view_grant.test @@ -807,3 +807,65 @@ SELECT * FROM v; DROP VIEW v; DROP TABLE t1; USE test; + + +# +# BUG#20570: CURRENT_USER() in a VIEW with SQL SECURITY DEFINER +# returns invoker name +# +--disable_warnings +DROP VIEW IF EXISTS v1; +DROP VIEW IF EXISTS v2; +DROP VIEW IF EXISTS v3; +DROP FUNCTION IF EXISTS f1; +DROP FUNCTION IF EXISTS f2; +DROP PROCEDURE IF EXISTS p1; +--enable_warnings + +CREATE SQL SECURITY DEFINER VIEW v1 AS SELECT CURRENT_USER() AS cu; + +CREATE FUNCTION f1() RETURNS VARCHAR(77) SQL SECURITY INVOKER + RETURN CURRENT_USER(); +CREATE SQL SECURITY DEFINER VIEW v2 AS SELECT f1() AS cu; + +CREATE PROCEDURE p1(OUT cu VARCHAR(77)) SQL SECURITY INVOKER + SET cu= CURRENT_USER(); +delimiter |; +CREATE FUNCTION f2() RETURNS VARCHAR(77) SQL SECURITY INVOKER +BEGIN + DECLARE cu VARCHAR(77); + CALL p1(cu); + RETURN cu; +END| +delimiter ;| +CREATE SQL SECURITY DEFINER VIEW v3 AS SELECT f2() AS cu; + +CREATE USER mysqltest_u1@localhost; +GRANT ALL ON test.* TO mysqltest_u1@localhost; + +connect (conn1, localhost, mysqltest_u1,,); + +--echo +--echo The following tests should all return 1. +--echo +SELECT CURRENT_USER() = 'mysqltest_u1@localhost'; +SELECT f1() = 'mysqltest_u1@localhost'; +CALL p1(@cu); +SELECT @cu = 'mysqltest_u1@localhost'; +SELECT f2() = 'mysqltest_u1@localhost'; +SELECT cu = 'root@localhost' FROM v1; +SELECT cu = 'root@localhost' FROM v2; +SELECT cu = 'root@localhost' FROM v3; + +disconnect conn1; +connection default; + +DROP VIEW v3; +DROP FUNCTION f2; +DROP PROCEDURE p1; +DROP FUNCTION f1; +DROP VIEW v2; +DROP VIEW v1; +DROP USER mysqltest_u1@localhost; + +# End of 5.0 tests. -- cgit v1.2.1