From 052c97b662c889c4d106827cee2958791c122f78 Mon Sep 17 00:00:00 2001 From: Roman Simakov Date: Mon, 3 Oct 2016 17:55:40 +0300 Subject: [PATCH] Fixes for DB level triggers --- doc/sql.extensions/README.sql_security.txt | 2 +- src/jrd/ExtEngineManager.cpp | 3 +-- src/jrd/JrdStatement.cpp | 2 +- src/jrd/jrd.cpp | 5 ++--- src/jrd/jrd.h | 1 + src/jrd/met.epp | 1 + 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/sql.extensions/README.sql_security.txt b/doc/sql.extensions/README.sql_security.txt index 5db61b5920..189fe77a00 100644 --- a/doc/sql.extensions/README.sql_security.txt +++ b/doc/sql.extensions/README.sql_security.txt @@ -30,7 +30,7 @@ it will take effect next time trigger will be loaded into metadata cache. For procedures and functions defined in package explicit SQL SECURITY clause is prohibit. -Example 1. It's enought to grant only SELECT privilege to user US for table T. +Example 1. It's enough to grant only SELECT privilege to user US for table T. In case of INVOKER it will require also EXECUTE for function F. set term ^; diff --git a/src/jrd/ExtEngineManager.cpp b/src/jrd/ExtEngineManager.cpp index 3b8b76cb9b..dc913ca87a 100644 --- a/src/jrd/ExtEngineManager.cpp +++ b/src/jrd/ExtEngineManager.cpp @@ -1274,8 +1274,7 @@ void ExtEngineManager::makeTrigger(thread_db* tdbb, CompilerScratch* csb, Jrd::T entryPointTrimmed.trim(); EngineAttachmentInfo* attInfo = getEngineAttachment(tdbb, engine); - Nullable& ssDefiner = trg->ssDefiner.specified ? trg->ssDefiner : trg->relation->rel_ss_definer; - const MetaName& userName = ssDefiner.specified && ssDefiner.value ? trg->relation->rel_owner_name : ""; + const MetaName& userName = trg->ssDefiner.specified && trg->ssDefiner.value ? trg->owner : ""; ContextManager ctxManager(tdbb, attInfo, attInfo->adminCharSet, CallerName(obj_trigger, trg->name, userName)); diff --git a/src/jrd/JrdStatement.cpp b/src/jrd/JrdStatement.cpp index bb73de220d..1c459e140a 100644 --- a/src/jrd/JrdStatement.cpp +++ b/src/jrd/JrdStatement.cpp @@ -664,7 +664,7 @@ void JrdStatement::verifyTriggerAccess(thread_db* tdbb, jrd_rel* ownerRelation, userName = view->rel_owner_name; } else if (t.ssDefiner.specified && t.ssDefiner.value) - userName = ownerRelation->rel_owner_name; + userName = t.owner; const SecurityClass* sec_class = SCL_get_class(tdbb, access->acc_security_name.c_str()); SCL_check_access(tdbb, sec_class, userName, id_trigger, diff --git a/src/jrd/jrd.cpp b/src/jrd/jrd.cpp index 3c475421e1..b8531d54bc 100644 --- a/src/jrd/jrd.cpp +++ b/src/jrd/jrd.cpp @@ -844,9 +844,8 @@ void Trigger::compile(thread_db* tdbb) } statement->triggerName = name; - const Nullable& ss = ssDefiner.specified ? ssDefiner : relation->rel_ss_definer; - if (ss.specified && ss.value) - statement->triggerOwner = relation->rel_owner_name; + if (ssDefiner.specified && ssDefiner.value) + statement->triggerOwner = owner; if (sys_trigger) statement->flags |= JrdStatement::FLAG_SYS_TRIGGER; diff --git a/src/jrd/jrd.h b/src/jrd/jrd.h index c3cfd0ad66..ab7a39da2a 100644 --- a/src/jrd/jrd.h +++ b/src/jrd/jrd.h @@ -157,6 +157,7 @@ public: Firebird::string extBody; // External trigger body ExtEngineManager::Trigger* extTrigger; // External trigger Nullable ssDefiner; + Firebird::MetaName owner; // Owner for SQL SECURITY void compile(thread_db*); // Ensure that trigger is compiled void release(thread_db*); // Try to free trigger request diff --git a/src/jrd/met.epp b/src/jrd/met.epp index bd3c2b07f5..e95d833bc1 100644 --- a/src/jrd/met.epp +++ b/src/jrd/met.epp @@ -4900,6 +4900,7 @@ static void save_trigger_data(thread_db* tdbb, trig_vec** ptr, jrd_rel* relation t.engine = engine; t.entryPoint = entryPoint; t.ssDefiner = ssDefiner; + t.owner = relation ? relation->rel_owner_name : tdbb->getDatabase()->dbb_owner; }