[CP] [to #51373389] fix user privilege check of AUTHID DEFINER routines

2023-08-22 09:18:19 +00:00
parent ddd3395763
commit ad74fb0068
2 changed files with 12 additions and 3 deletions
--- a/src/sql/engine/expr/ob_expr_user_can_access_obj.cpp
+++ b/src/sql/engine/expr/ob_expr_user_can_access_obj.cpp
@ -258,16 +258,20 @@ int ObExprUserCanAccessObj::check_user_access_obj(
  }
  if (OB_SUCC(ret) && syn_base_obj_exists) {
    uint64_t dbid = OB_INVALID_ID;
+    const ObUserInfo *user_info = schema_guard->get_user_info(
+                                    session->get_effective_tenant_id(),
+                                    session->get_priv_user_id());
    OZ (build_raw_obj_priv(obj_type, raw_obj_priv_array));
+
    /* get dbid of same name as user */
    OZ (schema_guard->get_database_id(session->get_effective_tenant_id(),
-                                      session->get_user_name(),
+                                      user_info ? user_info->get_user_name_str() : session->get_user_name(),
                                      dbid));
    OZX2 (ObOraSysChecker::check_ora_obj_privs_or(
                *schema_guard,
                session->get_effective_tenant_id(),
                dbid,   /* userid */
-                session->get_user_id(),
+                user_info ? user_info->get_user_id() : session->get_user_id(),
                ObString(""),
                obj_id,    /* object id */
                OBJ_LEVEL_FOR_TAB_PRIV,
--- a/src/sql/engine/expr/ob_expr_userenv.cpp
+++ b/src/sql/engine/expr/ob_expr_userenv.cpp
@ -204,12 +204,17 @@ int ObExprUserEnv::eval_schemaid_result1(const ObExpr &expr, ObEvalCtx &ctx, ObD
      // 所以在这里，ob返回databaseid，即user名字对应的相同名字的database的id
      uint64_t dbid = OB_INVALID_ID;
      share::schema::ObSchemaGetterGuard schema_guard;
+      const ObUserInfo *user_info = nullptr;
      if (OB_FAIL(ObExprSysContext::get_schema_guard(schema_guard,
                  ctx.exec_ctx_.get_my_session()->get_effective_tenant_id()))) {
        LOG_WARN("failed to get schema guard", K(ret));
+      } else if (FALSE_IT(user_info = schema_guard.get_user_info(
+                  ctx.exec_ctx_.get_my_session()->get_effective_tenant_id(),
+                  ctx.exec_ctx_.get_my_session()->get_priv_user_id()))) {
+        // do nothing
      } else if (OB_FAIL(schema_guard.get_database_id(
        ctx.exec_ctx_.get_my_session()->get_effective_tenant_id(),
-        ctx.exec_ctx_.get_my_session()->get_user_name(),
+        user_info ? user_info->get_user_name_str() : ctx.exec_ctx_.get_my_session()->get_user_name(),
        dbid))) {
        LOG_WARN("fail to get database id", K(ret));
      } else {