• Igor Babaev's avatar
    MDEV-20751 Permission Issue With Nested CTEs · 25d6f634
    Igor Babaev authored
    Due to this bug the server reported bogus messages about lack of SELECT
    privileges for base tables used in the specifications of CTE tables.
    It happened only if such a CTE were referred to at least twice.
    For any non-recursive reference to CTE that is not primary the
    specification of the CTE is cloned. The function check_table_access() is
    called for such reference. The function checks privileges of the tables
    referenced in the specification. As no name resolution was performed for
    CTE references whose definitions occurred outside the specification before
    the call of check_table_access() that was supposed to check the access
    rights of the underlying tables these references were considered
    as references to base tables rather than references to CTEs. Yet for CTEs
    as well as for derived tables no privileges are needed and thus cannot
    be granted.
    The patch ensures proper name resolution of all references to CTEs before
    any acl checks.
    
    Approved by Oleksandr Byelkin <sanja@mariadb.com>
    25d6f634
sql_cte.cc 44.3 KB