maria-developers team mailing list archive

Thread
Date
Review for MDEV-12666: CURRENT_ROLE() and DATABASE() does not work in a view

To: Vicențiu Ciorbaru <vicentiu@xxxxxxxxxxx>, maria-developers <maria-developers@xxxxxxxxxxxxxxxxxxx>
From: Alexander Barkov <bar@xxxxxxxxxxx>
Date: Tue, 13 Jun 2017 16:18:40 +0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
Hi Vicentiu,

The patch looks fine. Thanks!

I have only small comments below:

> 
> [Commits] 974064cde3c: MDEV-12666: CURRENT_ROLE() and DATABASE() does not work in a view
> vicentiu vicentiu at mariadb.org
> Thu Jun 8 10:11:38 EEST 2017
> 
>     Previous message (by thread): [Commits] 7f2d3c3: MDEV-11084 Select statement with partition selection against MyISAM table opens all partitions.
>     Next message (by thread): [Commits] d03abc71a49: MDEV-12609: Allow suppression of InnoDB log messages about reserving extents
>     Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> 
> revision-id: 974064cde3c1cd1be9157bc11ce410604807f68b (mariadb-10.0.31-2-g974064cde3c)
> parent(s): 54cd5bc703da08be45894495d7f3e2c8117617cd
> author: Vicențiu Ciorbaru
> committer: Vicențiu Ciorbaru
> timestamp: 2017-06-08 10:10:07 +0300
> message:
> 
> MDEV-12666: CURRENT_ROLE() and DATABASE() does not work in a view
> 
> The problem lies in how CURRENT_ROLE is defined. The
> Item_func_current_role inherits from Item_func_sysconst, which defines
> a safe_charset_converter to be a const_charset_converter.
> 
> During view creation, if there is no role previously set, the current_role()
> function returns NULL.
> 
> This is captured on item instantiation and the
> const_charset_converter call subsequently returns an Item_null.
> In turn, the function is replaced with Item_null and the view is
> then created with an Item_null instead of Item_func_current_role.
> 
> Without this patch, the first SHOW CREATE VIEW from the testcase would
> have a where clause of WHERE role_name = NULL, while the second SHOW
> CREATE VIEW would show a correctly created view.
> 
> The same applies for the DATABASE function, as it can change as well.
> 
> There is an additional problem with CURRENT_ROLE() when used in a
> prepared statement. During prepared statement creation we used to set
> the string_value of the function to the current role as well as the
> null_value flag. During execution, if CURRENT_ROLE was not null, the
> null_value flag was never set to not-null during fix_fields.
> 
> Item_func_current_user however can never be NULL so it did not show this
> problem in a view before. At the same time, the CURRENT_USER() can not
> be changed between prepared statement execution and creation so the
> implementation where the value is stored during fix_fields is
> sufficient.
> 
> Note also that DATABASE() function behaves differently during prepared
> statements. See bug 25843 for details or commit
> 7e0ad09edff587dadc3e9855fc81e1b7de8f2199
> 

<cut>

> --- a/sql/item_strfunc.cc
> +++ b/sql/item_strfunc.cc
> @@ -2344,6 +2344,7 @@ String *Item_func_database::val_str(String *str)
>    }
>    else
>      str->copy(thd->db, thd->db_length, system_charset_info);
> +  null_value= 0;
>    return str;
>  }
>  
> @@ -2378,6 +2379,30 @@ bool Item_func_user::init(const char *user, const char *host)
>  }
>  
>  
> +Item *Item_func_sysconst::safe_charset_converter(CHARSET_INFO *tocs)
> +{
> +  /*
> +   During view or prepared statement creation, the item should not
> +   make use of const_charset_converter as it would imply substitution
> +   with constant items which is not correct. Functions can have different
> +   values during view creation and view execution based on context.
> +
> +   Return the identical item during view creation and prepare.
> +  */
> +  if (current_thd->lex->context_analysis_only &
> +      (CONTEXT_ANALYSIS_ONLY_PREPARE | CONTEXT_ANALYSIS_ONLY_VIEW))
> +    return this;
> +  return const_charset_converter(tocs, true, fully_qualified_func_name());

I propose to avoid code duplication and do like this:


  if (!Item_func_sysconst::const_item())
    return this;
  return return const_charset_converter(tocs, true,
fully_qualified_func_name());


> +}
> +
> +bool Item_func_sysconst::const_item() const
> +{
> +  if (current_thd->lex->context_analysis_only &
> +      (CONTEXT_ANALYSIS_ONLY_PREPARE | CONTEXT_ANALYSIS_ONLY_VIEW))
> +    return false;
> +  return true;
> +}
> +
>  bool Item_func_user::fix_fields(THD *thd, Item **ref)
>  {
>    return (Item_func_sysconst::fix_fields(thd, ref) ||
> @@ -2403,20 +2428,25 @@ bool Item_func_current_role::fix_fields(THD *thd, Item **ref)
>  
>    Security_context *ctx= context->security_ctx
>                            ? context->security_ctx : thd->security_ctx;
> -
>    if (ctx->priv_role[0])
>    {
>      if (str_value.copy(ctx->priv_role, strlen(ctx->priv_role),
>                         system_charset_info))
>        return 1;
> -
>      str_value.mark_as_const();
> +    null_value= maybe_null= 0;
>      return 0;
>    }
>    null_value= maybe_null= 1;
>    return 0;
>  }
>  
> +String* Item_func_current_role::val_str(String * str)
> +{
> +  DBUG_ASSERT(fixed == 1);
> +  return null_value ? NULL : &str_value;
> +}
> +

Why did you move val_str() from *.h to *.cc ?
The method is just two lines, I'd leave it in *.h

<cut>