Loading sql/item.cc +1 −1 Original line number Diff line number Diff line Loading @@ -5165,7 +5165,7 @@ void Item_trigger_field::setup_field(THD *thd, TABLE *table) set field_idx properly. */ (void)find_field_in_table(thd, table, field_name, (uint) strlen(field_name), 0, 0, &field_idx, 0); 0, &field_idx); thd->set_query_id= save_set_query_id; triggers= table->triggers; } Loading sql/item.h +42 −0 Original line number Diff line number Diff line Loading @@ -326,6 +326,48 @@ struct Name_resolution_context: Sql_alloc }; /* Store and restore the current state of a name resolution context. */ class Name_resolution_context_state { private: TABLE_LIST *save_table_list; TABLE_LIST *save_first_name_resolution_table; TABLE_LIST *save_next_name_resolution_table; bool save_resolve_in_select_list; public: TABLE_LIST *save_next_local; public: /* Save the state of a name resolution context. */ void save_state(Name_resolution_context *context, TABLE_LIST *table_list) { save_table_list= context->table_list; save_first_name_resolution_table= context->first_name_resolution_table; save_next_name_resolution_table= (context->first_name_resolution_table) ? context->first_name_resolution_table-> next_name_resolution_table : NULL; save_resolve_in_select_list= context->resolve_in_select_list; save_next_local= table_list->next_local; } /* Restore a name resolution context from saved state. */ void restore_state(Name_resolution_context *context, TABLE_LIST *table_list) { table_list->next_local= save_next_local; context->table_list= save_table_list; context->first_name_resolution_table= save_first_name_resolution_table; if (context->first_name_resolution_table) context->first_name_resolution_table-> next_name_resolution_table= save_next_name_resolution_table; context->resolve_in_select_list= save_resolve_in_select_list; } }; /*************************************************************************/ typedef bool (Item::*Item_processor)(byte *arg); Loading sql/mysql_priv.h +9 −11 Original line number Diff line number Diff line Loading @@ -791,18 +791,15 @@ find_field_in_tables(THD *thd, Item_ident *item, bool check_privileges, bool register_tree_change); Field * find_field_in_table_ref(THD *thd, TABLE_LIST *table_list, const char *name, const char *item_name, const char *table_name, const char *db_name, uint length, Item **ref, bool check_grants_table, bool check_grants_view, bool allow_rowid, const char *name, uint length, const char *item_name, const char *db_name, const char *table_name, Item **ref, bool check_privileges, bool allow_rowid, uint *cached_field_index_ptr, bool register_tree_change, TABLE_LIST **actual_table); Field * find_field_in_table(THD *thd, TABLE *table, const char *name, uint length, bool check_grants, bool allow_rowid, uint *cached_field_index_ptr, Security_context *sctx); find_field_in_table(THD *thd, TABLE *table, const char *name, uint length, bool allow_rowid, uint *cached_field_index_ptr); #ifdef HAVE_OPENSSL #include <openssl/des.h> Loading Loading @@ -918,7 +915,8 @@ create_field * new_create_field(THD *thd, char *field_name, enum_field_types typ uint uint_geom_type); void store_position_for_column(const char *name); bool add_to_list(THD *thd, SQL_LIST &list,Item *group,bool asc); Name_resolution_context *make_join_on_context(THD *thd, TABLE_LIST *left_op, bool push_new_name_resolution_context(THD *thd, TABLE_LIST *left_op, TABLE_LIST *right_op); void add_join_on(TABLE_LIST *b,Item *expr); void add_join_natural(TABLE_LIST *a,TABLE_LIST *b,List<String> *using_fields); Loading sql/sql_acl.cc +84 −20 Original line number Diff line number Diff line Loading @@ -2761,8 +2761,9 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list, uint unused_field_idx= NO_CACHED_FIELD_INDEX; TABLE_LIST *dummy; Field *f=find_field_in_table_ref(thd, table_list, column->column.ptr(), column->column.length(), column->column.ptr(), NULL, NULL, column->column.length(), 0, 1, 1, 0, NULL, TRUE, FALSE, &unused_field_idx, FALSE, &dummy); if (f == (Field*)0) { Loading Loading @@ -3616,11 +3617,28 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, } /* Check column rights in given security context SYNOPSIS check_grant_column() thd thread handler grant grant information structure db_name db name table_name table name name column name length column name length sctx security context RETURN FALSE OK TRUE access denied */ bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *name, uint length, uint show_tables) const char *name, uint length, Security_context *sctx) { Security_context *sctx= thd->security_ctx; GRANT_TABLE *grant_table; GRANT_COLUMN *grant_column; ulong want_access= grant->want_privilege & ~grant->privilege; Loading Loading @@ -3651,18 +3669,9 @@ bool check_grant_column(THD *thd, GRANT_INFO *grant, rw_unlock(&LOCK_grant); DBUG_RETURN(0); } #ifdef NOT_USED if (show_tables && (grant_column || grant->privilege & COL_ACLS)) { rw_unlock(&LOCK_grant); /* purecov: deadcode */ DBUG_RETURN(0); /* purecov: deadcode */ } #endif err: rw_unlock(&LOCK_grant); if (!show_tables) { char command[128]; get_privilege_desc(command, sizeof(command), want_access); my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0), Loading @@ -3671,11 +3680,66 @@ bool check_grant_column(THD *thd, GRANT_INFO *grant, sctx->host_or_ip, name, table_name); } DBUG_RETURN(1); } /* Check the access right to a column depending on the type of table. SYNOPSIS check_column_grant_in_table_ref() thd thread handler table_ref table reference where to check the field name name of field to check length length of name DESCRIPTION Check the access rights to a column depending on the type of table reference where the column is checked. The function provides a generic interface to check column access rights that hides the heterogeneity of the column representation - whether it is a view or a stored table colum. RETURN FALSE OK TRUE access denied */ bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref, const char *name, uint length) { GRANT_INFO *grant; const char *db_name; const char *table_name; Security_context *sctx= test(table_ref->security_ctx) ? table_ref->security_ctx : thd->security_ctx; if (table_ref->view || table_ref->field_translation) { /* View or derived information schema table. */ grant= &(table_ref->grant); db_name= table_ref->view_db.str; table_name= table_ref->view_name.str; } else { /* Normal or temporary table. */ TABLE *table= table_ref->table; grant= &(table->grant); db_name= table->s->db; table_name= table->s->table_name; } if (grant->want_privilege) return check_grant_column(thd, grant, db_name, table_name, name, length, sctx); else return FALSE; } bool check_grant_all_columns(THD *thd, ulong want_access, GRANT_INFO *grant, const char* db_name, const char *table_name, Field_iterator *fields) Loading sql/sql_acl.h +3 −1 Original line number Diff line number Diff line Loading @@ -204,7 +204,9 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, uint show_command, uint number, bool dont_print_error); bool check_grant_column (THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *name, uint length, uint show_command=0); const char *name, uint length, Security_context *sctx); bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref, const char *name, uint length); bool check_grant_all_columns(THD *thd, ulong want_access, GRANT_INFO *grant, const char* db_name, const char *table_name, Field_iterator *fields); Loading Loading
sql/item.cc +1 −1 Original line number Diff line number Diff line Loading @@ -5165,7 +5165,7 @@ void Item_trigger_field::setup_field(THD *thd, TABLE *table) set field_idx properly. */ (void)find_field_in_table(thd, table, field_name, (uint) strlen(field_name), 0, 0, &field_idx, 0); 0, &field_idx); thd->set_query_id= save_set_query_id; triggers= table->triggers; } Loading
sql/item.h +42 −0 Original line number Diff line number Diff line Loading @@ -326,6 +326,48 @@ struct Name_resolution_context: Sql_alloc }; /* Store and restore the current state of a name resolution context. */ class Name_resolution_context_state { private: TABLE_LIST *save_table_list; TABLE_LIST *save_first_name_resolution_table; TABLE_LIST *save_next_name_resolution_table; bool save_resolve_in_select_list; public: TABLE_LIST *save_next_local; public: /* Save the state of a name resolution context. */ void save_state(Name_resolution_context *context, TABLE_LIST *table_list) { save_table_list= context->table_list; save_first_name_resolution_table= context->first_name_resolution_table; save_next_name_resolution_table= (context->first_name_resolution_table) ? context->first_name_resolution_table-> next_name_resolution_table : NULL; save_resolve_in_select_list= context->resolve_in_select_list; save_next_local= table_list->next_local; } /* Restore a name resolution context from saved state. */ void restore_state(Name_resolution_context *context, TABLE_LIST *table_list) { table_list->next_local= save_next_local; context->table_list= save_table_list; context->first_name_resolution_table= save_first_name_resolution_table; if (context->first_name_resolution_table) context->first_name_resolution_table-> next_name_resolution_table= save_next_name_resolution_table; context->resolve_in_select_list= save_resolve_in_select_list; } }; /*************************************************************************/ typedef bool (Item::*Item_processor)(byte *arg); Loading
sql/mysql_priv.h +9 −11 Original line number Diff line number Diff line Loading @@ -791,18 +791,15 @@ find_field_in_tables(THD *thd, Item_ident *item, bool check_privileges, bool register_tree_change); Field * find_field_in_table_ref(THD *thd, TABLE_LIST *table_list, const char *name, const char *item_name, const char *table_name, const char *db_name, uint length, Item **ref, bool check_grants_table, bool check_grants_view, bool allow_rowid, const char *name, uint length, const char *item_name, const char *db_name, const char *table_name, Item **ref, bool check_privileges, bool allow_rowid, uint *cached_field_index_ptr, bool register_tree_change, TABLE_LIST **actual_table); Field * find_field_in_table(THD *thd, TABLE *table, const char *name, uint length, bool check_grants, bool allow_rowid, uint *cached_field_index_ptr, Security_context *sctx); find_field_in_table(THD *thd, TABLE *table, const char *name, uint length, bool allow_rowid, uint *cached_field_index_ptr); #ifdef HAVE_OPENSSL #include <openssl/des.h> Loading Loading @@ -918,7 +915,8 @@ create_field * new_create_field(THD *thd, char *field_name, enum_field_types typ uint uint_geom_type); void store_position_for_column(const char *name); bool add_to_list(THD *thd, SQL_LIST &list,Item *group,bool asc); Name_resolution_context *make_join_on_context(THD *thd, TABLE_LIST *left_op, bool push_new_name_resolution_context(THD *thd, TABLE_LIST *left_op, TABLE_LIST *right_op); void add_join_on(TABLE_LIST *b,Item *expr); void add_join_natural(TABLE_LIST *a,TABLE_LIST *b,List<String> *using_fields); Loading
sql/sql_acl.cc +84 −20 Original line number Diff line number Diff line Loading @@ -2761,8 +2761,9 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list, uint unused_field_idx= NO_CACHED_FIELD_INDEX; TABLE_LIST *dummy; Field *f=find_field_in_table_ref(thd, table_list, column->column.ptr(), column->column.length(), column->column.ptr(), NULL, NULL, column->column.length(), 0, 1, 1, 0, NULL, TRUE, FALSE, &unused_field_idx, FALSE, &dummy); if (f == (Field*)0) { Loading Loading @@ -3616,11 +3617,28 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, } /* Check column rights in given security context SYNOPSIS check_grant_column() thd thread handler grant grant information structure db_name db name table_name table name name column name length column name length sctx security context RETURN FALSE OK TRUE access denied */ bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *name, uint length, uint show_tables) const char *name, uint length, Security_context *sctx) { Security_context *sctx= thd->security_ctx; GRANT_TABLE *grant_table; GRANT_COLUMN *grant_column; ulong want_access= grant->want_privilege & ~grant->privilege; Loading Loading @@ -3651,18 +3669,9 @@ bool check_grant_column(THD *thd, GRANT_INFO *grant, rw_unlock(&LOCK_grant); DBUG_RETURN(0); } #ifdef NOT_USED if (show_tables && (grant_column || grant->privilege & COL_ACLS)) { rw_unlock(&LOCK_grant); /* purecov: deadcode */ DBUG_RETURN(0); /* purecov: deadcode */ } #endif err: rw_unlock(&LOCK_grant); if (!show_tables) { char command[128]; get_privilege_desc(command, sizeof(command), want_access); my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0), Loading @@ -3671,11 +3680,66 @@ bool check_grant_column(THD *thd, GRANT_INFO *grant, sctx->host_or_ip, name, table_name); } DBUG_RETURN(1); } /* Check the access right to a column depending on the type of table. SYNOPSIS check_column_grant_in_table_ref() thd thread handler table_ref table reference where to check the field name name of field to check length length of name DESCRIPTION Check the access rights to a column depending on the type of table reference where the column is checked. The function provides a generic interface to check column access rights that hides the heterogeneity of the column representation - whether it is a view or a stored table colum. RETURN FALSE OK TRUE access denied */ bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref, const char *name, uint length) { GRANT_INFO *grant; const char *db_name; const char *table_name; Security_context *sctx= test(table_ref->security_ctx) ? table_ref->security_ctx : thd->security_ctx; if (table_ref->view || table_ref->field_translation) { /* View or derived information schema table. */ grant= &(table_ref->grant); db_name= table_ref->view_db.str; table_name= table_ref->view_name.str; } else { /* Normal or temporary table. */ TABLE *table= table_ref->table; grant= &(table->grant); db_name= table->s->db; table_name= table->s->table_name; } if (grant->want_privilege) return check_grant_column(thd, grant, db_name, table_name, name, length, sctx); else return FALSE; } bool check_grant_all_columns(THD *thd, ulong want_access, GRANT_INFO *grant, const char* db_name, const char *table_name, Field_iterator *fields) Loading
sql/sql_acl.h +3 −1 Original line number Diff line number Diff line Loading @@ -204,7 +204,9 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, uint show_command, uint number, bool dont_print_error); bool check_grant_column (THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *name, uint length, uint show_command=0); const char *name, uint length, Security_context *sctx); bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref, const char *name, uint length); bool check_grant_all_columns(THD *thd, ulong want_access, GRANT_INFO *grant, const char* db_name, const char *table_name, Field_iterator *fields); Loading
