• unknown's avatar
    Bug#20570: CURRENT_USER() in a VIEW with SQL SECURITY DEFINER returns · a2fc4843
    unknown authored
               invoker name
    
    The bug was fixed similar to how context switch is handled in
    Item_func_sp::execute_impl(): we store pointer to current
    Name_resolution_context in Item_func_current_user class, and use
    its Security_context in Item_func_current_user::fix_fields().
    
    
    mysql-test/r/view_grant.result:
      Add result for bug#20570.
    mysql-test/t/view_grant.test:
      Add test case for bug#20570.
    sql/item_create.cc:
      Remove create_func_current_user(), as it is not used for automatic
      function creation.
    sql/item_create.h:
      Remove prototype for create_func_current_user().
    sql/item_strfunc.cc:
      Add implementations for Item_func_user::init(),
      Item_func_user::fix_fields() and
      Item_func_current_user::fix_fields() methods.  The latter uses
      Security_context from current Name_resolution_context, if one is
      defined.
    sql/item_strfunc.h:
      Move implementation of CURRENT_USER() out of Item_func_user to
      to new Item_func_current_user class.  For both classes calculate
      user name in fix_fields() method.
      For Item_func_current_user add context field to store
      Name_resolution_context in effect.
    sql/sql_yacc.yy:
      Pass current Name_resolution_context to Item_func_current_user.
    a2fc4843
item_strfunc.h 22 KB