[CP] [to #51373389] fix user privilege check of AUTHID DEFINER routines
This commit is contained in:
0xacc
@ -258,16 +258,20 @@ int ObExprUserCanAccessObj::check_user_access_obj(
|
|||||||
}
|
}
|
||||||
if (OB_SUCC(ret) && syn_base_obj_exists) {
|
if (OB_SUCC(ret) && syn_base_obj_exists) {
|
||||||
uint64_t dbid = OB_INVALID_ID;
|
uint64_t dbid = OB_INVALID_ID;
|
||||||
|
const ObUserInfo *user_info = schema_guard->get_user_info(
|
||||||
|
session->get_effective_tenant_id(),
|
||||||
|
session->get_priv_user_id());
|
||||||
OZ (build_raw_obj_priv(obj_type, raw_obj_priv_array));
|
OZ (build_raw_obj_priv(obj_type, raw_obj_priv_array));
|
||||||
|
|
||||||
/* get dbid of same name as user */
|
/* get dbid of same name as user */
|
||||||
OZ (schema_guard->get_database_id(session->get_effective_tenant_id(),
|
OZ (schema_guard->get_database_id(session->get_effective_tenant_id(),
|
||||||
session->get_user_name(),
|
user_info ? user_info->get_user_name_str() : session->get_user_name(),
|
||||||
dbid));
|
dbid));
|
||||||
OZX2 (ObOraSysChecker::check_ora_obj_privs_or(
|
OZX2 (ObOraSysChecker::check_ora_obj_privs_or(
|
||||||
*schema_guard,
|
*schema_guard,
|
||||||
session->get_effective_tenant_id(),
|
session->get_effective_tenant_id(),
|
||||||
dbid, /* userid */
|
dbid, /* userid */
|
||||||
session->get_user_id(),
|
user_info ? user_info->get_user_id() : session->get_user_id(),
|
||||||
ObString(""),
|
ObString(""),
|
||||||
obj_id, /* object id */
|
obj_id, /* object id */
|
||||||
OBJ_LEVEL_FOR_TAB_PRIV,
|
OBJ_LEVEL_FOR_TAB_PRIV,
|
||||||
|
|||||||
@ -204,12 +204,17 @@ int ObExprUserEnv::eval_schemaid_result1(const ObExpr &expr, ObEvalCtx &ctx, ObD
|
|||||||
// 所以在这里,ob返回databaseid,即user名字对应的相同名字的database的id
|
// 所以在这里,ob返回databaseid,即user名字对应的相同名字的database的id
|
||||||
uint64_t dbid = OB_INVALID_ID;
|
uint64_t dbid = OB_INVALID_ID;
|
||||||
share::schema::ObSchemaGetterGuard schema_guard;
|
share::schema::ObSchemaGetterGuard schema_guard;
|
||||||
|
const ObUserInfo *user_info = nullptr;
|
||||||
if (OB_FAIL(ObExprSysContext::get_schema_guard(schema_guard,
|
if (OB_FAIL(ObExprSysContext::get_schema_guard(schema_guard,
|
||||||
ctx.exec_ctx_.get_my_session()->get_effective_tenant_id()))) {
|
ctx.exec_ctx_.get_my_session()->get_effective_tenant_id()))) {
|
||||||
LOG_WARN("failed to get schema guard", K(ret));
|
LOG_WARN("failed to get schema guard", K(ret));
|
||||||
|
} else if (FALSE_IT(user_info = schema_guard.get_user_info(
|
||||||
|
ctx.exec_ctx_.get_my_session()->get_effective_tenant_id(),
|
||||||
|
ctx.exec_ctx_.get_my_session()->get_priv_user_id()))) {
|
||||||
|
// do nothing
|
||||||
} else if (OB_FAIL(schema_guard.get_database_id(
|
} else if (OB_FAIL(schema_guard.get_database_id(
|
||||||
ctx.exec_ctx_.get_my_session()->get_effective_tenant_id(),
|
ctx.exec_ctx_.get_my_session()->get_effective_tenant_id(),
|
||||||
ctx.exec_ctx_.get_my_session()->get_user_name(),
|
user_info ? user_info->get_user_name_str() : ctx.exec_ctx_.get_my_session()->get_user_name(),
|
||||||
dbid))) {
|
dbid))) {
|
||||||
LOG_WARN("fail to get database id", K(ret));
|
LOG_WARN("fail to get database id", K(ret));
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Reference in New Issue
Block a user