database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-27 18:02:13 +03:00
Code Activity

MDEV-15945 --ps-protocol does not test some queries

Browse Source 
Make mysqltest to use --ps-protocol more

use prepared statements for everything that server supports
with the exception of CALL (for now).

Fix discovered test failures and bugs.

tests:
* PROCESSLIST shows Execute state, not Query
* SHOW STATUS increments status variables more than in text protocol
* multi-statements should be avoided (see tests with a wrong delimiter)
* performance_schema events have different names in --ps-protocol
* --enable_prepare_warnings

mysqltest.cc:
* make sure run_query_stmt() doesn't crash if there's
  no active connection (in wait_until_connected_again.inc)
* prepare all statements that server supports

protocol.h
* Protocol_discard::send_result_set_metadata() should not send
  anything to the client.

sql_acl.cc:
* extract the functionality of getting the user for SHOW GRANTS
  from check_show_access(), so that mysql_test_show_grants() could
  generate the correct column names in the prepare step

sql_class.cc:
* result->prepare() can fail, don't ignore its return value
* use correct number of decimals for EXPLAIN columns

sql_parse.cc:
* discard profiling for SHOW PROFILE. In text protocol it's done in
  prepare_schema_table(), but in --ps it is called on prepare only,
  so nothing was discarding profiling during execute.
* move the permission checking code for SHOW CREATE VIEW to
  mysqld_show_create_get_fields(), so that it would be called during
  prepare step too.
* only set sel_result when it was created here and needs to be
  destroyed in the same block. Avoid destroying lex->result.
* use the correct number of tables in check_show_access(). Saying
  "as many as possible" doesn't work when first_not_own_table isn't
  set yet.

sql_prepare.cc:
* use correct user name for SHOW GRANTS columns
* don't ignore verbose flag for SHOW SLAVE STATUS
* support preparing REVOKE ALL and ROLLBACK TO SAVEPOINT
* don't ignore errors from thd->prepare_explain_fields()
* use select_send result for sending ANALYZE and EXPLAIN, but don't
  overwrite lex->result, because it might be needed to issue execute-time
  errors (select_dumpvar - too many rows)

sql_show.cc:
* check grants for SHOW CREATE VIEW here, not in mysql_execute_command

sql_view.cc:
* use the correct function to check privileges. Old code was doing
  check_access() for thd->security_ctx, which is invoker's sctx,
  not definer's sctx. Hide various view related errors from the invoker.

sql_yacc.yy:
* initialize lex->select_lex for LOAD, otherwise it'll contain garbage
  data that happen to fail tests with views in --ps (but not otherwise).
This commit is contained in:
Sergei Golubchik
2019-03-10 23:59:50 +01:00
parent 22f1cf9292
commit a62e9a83c0
38 changed files with 314 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
sql/sql_parse.cc
View File

@ -3007,7 +3007,11 @@ mysql_execute_command(THD *thd)
if (lex->sql_command == SQLCOM_SELECT)
WSREP_SYNC_WAIT(thd, WSREP_SYNC_WAIT_BEFORE_READ);
else
{
WSREP_SYNC_WAIT(thd, WSREP_SYNC_WAIT_BEFORE_SHOW);
if (lex->sql_command == SQLCOM_SHOW_PROFILE)
thd->profiling.discard_current_query();
}
thd->status_var.last_query_cost= 0.0;
@ -3723,49 +3727,6 @@ end_with_restore_list:
DBUG_PRINT("debug", ("lex->only_view: %d, table: %s.%s",
lex->only_view,
first_table->db, first_table->table_name));
if (lex->only_view)
{
if (check_table_access(thd, SELECT_ACL, first_table, FALSE, 1, FALSE))
{
DBUG_PRINT("debug", ("check_table_access failed"));
my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
"SHOW", thd->security_ctx->priv_user,
thd->security_ctx->host_or_ip, first_table->alias);
goto error;
}
DBUG_PRINT("debug", ("check_table_access succeeded"));
/* Ignore temporary tables if this is "SHOW CREATE VIEW" */
first_table->open_type= OT_BASE_ONLY;
}
else
{
/*
Temporary tables should be opened for SHOW CREATE TABLE, but not
for SHOW CREATE VIEW.
*/
if (open_temporary_tables(thd, all_tables))
goto error;
/*
The fact that check_some_access() returned FALSE does not mean that
access is granted. We need to check if first_table->grant.privilege
contains any table-specific privilege.
*/
DBUG_PRINT("debug", ("first_table->grant.privilege: %lx",
first_table->grant.privilege));
if (check_some_access(thd, SHOW_CREATE_TABLE_ACLS, first_table) ||
(first_table->grant.privilege & SHOW_CREATE_TABLE_ACLS) == 0)
{
my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
"SHOW", thd->security_ctx->priv_user,
thd->security_ctx->host_or_ip, first_table->alias);
goto error;
}
}
/* Access is granted. Execute the command. */
res= mysqld_show_create(thd, first_table);
break;
#endif
@ -4116,7 +4077,7 @@ end_with_restore_list:
case SQLCOM_DELETE:
{
WSREP_SYNC_WAIT(thd, WSREP_SYNC_WAIT_BEFORE_UPDATE_DELETE);
select_result *sel_result=lex->result;
select_result *sel_result= NULL;
DBUG_ASSERT(first_table == all_tables && first_table != 0);
if (WSREP_CLIENT(thd) &&
wsrep_sync_wait(thd, WSREP_SYNC_WAIT_BEFORE_UPDATE_DELETE))
@ -4147,16 +4108,15 @@ end_with_restore_list:
}
else
{
if (!(sel_result= lex->result) &&
!(sel_result= new (thd->mem_root) select_send(thd)))
return 1;
if (!lex->result && !(sel_result= new (thd->mem_root) select_send(thd)))
goto error;
}
}
res = mysql_delete(thd, all_tables,
select_lex->where, &select_lex->order_list,
unit->select_limit_cnt, select_lex->options,
sel_result);
lex->result ? lex->result : sel_result);
if (replaced_protocol)
{
@ -6517,7 +6477,7 @@ static bool check_show_access(THD *thd, TABLE_LIST *table)
Check_grant will grant access if there is any column privileges on
all of the tables thanks to the fourth parameter (bool show_table).
*/
if (check_grant(thd, SELECT_ACL, dst_table, TRUE, UINT_MAX, FALSE))
if (check_grant(thd, SELECT_ACL, dst_table, TRUE, 1, FALSE))
return TRUE; /* Access denied */
close_thread_tables(thd);