mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 12:02:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/t/sp-security.test

193 lines
3.5 KiB
Text
Raw Normal View History

WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
#
# Testing SQL SECURITY of stored procedures
#
connect (con1root,localhost,root,,);
connection con1root;
use test;
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
# Create user user1 with no particular access rights
grant usage on *.* to user1@localhost;
flush privileges;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
--disable_warnings
drop database if exists db1_secret;
--enable_warnings
# Create our secret database
create database db1_secret;
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
# Can create a procedure in other db
create procedure db1_secret.dummy() begin end;
drop procedure db1_secret.dummy;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
use db1_secret;
create table t1 ( u varchar(64), i int );
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
# A test procedure and function
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
create procedure stamp(i int)
insert into db1_secret.t1 values (user(), i);
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
show procedure status like 'stamp';
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
create function db() returns varchar(64) return database();
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
show function status like 'db';
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
# root can, of course
call stamp(1);
select * from t1;
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
select db();
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
connect (con2user1,localhost,user1,,);
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
connect (con3anon,localhost,anon,,);
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
#
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
# User1 can
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
#
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
connection con2user1;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
# This should work...
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
call db1_secret.stamp(2);
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
select db1_secret.db();
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
# ...but not this
--error 1044
select * from db1_secret.t1;
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
# ...and not this
--error 1049
create procedure db1_secret.dummy() begin end;
After merge fixes of merge with 4.1 that included the new arena code. Fixed (together with Guilhem) bugs in mysqlbinlog regarding --offset Prefix addresses with 0x for easier comparisons of debug logs Fixed problem where MySQL choosed index-read even if there would be a much better range on the same index This fix changed some 'index' queries to 'range' queries in the test suite Don't create 'dummy' WHERE clause for trivial WHERE clauses where we can remove the WHERE clause. This fix removed of a lot of 'Using where' notes in the test suite. Give NOTE instead of WARNING if table/function doesn't exists when using DROP IF EXISTS Give NOTE instead of WARNING for safe field-type conversions Makefile.am: Don't automaticly update files from bk client/mysqlbinlog.cc: Merge with 4.1 (+ apply bug fixes for --offset and --start-position) include/my_sys.h: Faster clear_alloc_root() mysql-test/r/bdb.result: Updated results after merge mysql-test/r/create.result: Updated results after merge mysql-test/r/func_group.result: Updated results after merge mysql-test/r/func_if.result: Updated results after merge mysql-test/r/heap_btree.result: Updated results after merge mysql-test/r/index_merge.result: Updated results after merge mysql-test/r/index_merge_ror.result: Updated results after merge mysql-test/r/innodb.result: Updated results after merge mysql-test/r/join_outer.result: Updated results after merge mysql-test/r/mysqlbinlog2.result: Updated results after merge mysql-test/r/negation_elimination.result: Updated results after merge mysql-test/r/null.result: Updated results after merge Added more tests mysql-test/r/null_key.result: Updated results after merge Added more tests mysql-test/r/order_by.result: Updated results after merge mysql-test/r/range.result: Updated results after merge Added more tests mysql-test/r/rpl_charset.result: Updated results after merge mysql-test/r/sp-error.result: Updated results after merge mysql-test/r/sp.result: Updated results after merge Added delete of some stored procedures in an attempt to be able to re-run test even if it aborts in the middle mysql-test/r/type_blob.result: Updated results after merge (Some warnings are now notes) mysql-test/r/user_var.result: Updated results after merge Added more tests mysql-test/r/variables.result: Updated results after merge mysql-test/r/view.result: Updated results after merge mysql-test/t/mysqlbinlog2.test: Updated tests to use new positions mysql-test/t/null.test: More tests mysql-test/t/null_key.test: More tests mysql-test/t/range.test: More tests mysql-test/t/rpl_charset.test: Avoid big diffs in the future if tests changes mysql-test/t/sp-error.test: Updated error numbers mysql-test/t/sp-security.test: Updated error numbers mysql-test/t/sp.test: Updated results after merge Added delete of some stored procedures in an attempt to be able to re-run test even if it aborts in the middle mysql-test/t/user_var.test: More tests mysql-test/t/view.test: Updated error numbers mysys/my_alloc.c: Write into debug log the address of the allocated area sql/ha_isam.cc: Prefix addresses with 0x for easier comparisons of debug logs sql/ha_myisam.cc: Prefix addresses with 0x for easier comparisons of debug logs sql/ha_ndbcluster.cc: Add missing enum to switch sql/handler.cc: remove compiler warning sql/item.cc: More debugging Simple cleanup sql/item.h: Move Item::cleanup() to item.cc sql/item_cmpfunc.cc: Fix arena code sql/item_subselect.cc: After merge fixes sql/item_subselect.h: After merge fixes sql/item_sum.cc: Updated comment sql/log_event.cc: Remove wrong test sql/mysql_priv.h: Indentation fixes sql/mysqld.cc: After merge fixes Added 0x to pointers in debug log sql/opt_range.cc: Fixed problem where MySQL choosed index-read even if there would be a much better range on the same index This fix changed some 'index' queries to 'range' queries in the test suite sql/set_var.cc: Indentation fixes sql/sp_head.cc: Set state to INITIALIZED to make SP work with new arena code sql/sql_base.cc: After merge fixes sql/sql_class.cc: More debugging Use clear_alloc_root() instead of init_alloc_root() as the former is faster sql/sql_class.h: New method 'only_prepare()' sql/sql_lex.cc: After merge fixes sql/sql_lex.h: After merge fixes sql/sql_parse.cc: Fix for timezone tables. (The old way to add timezone tables to global list in 'create_total_list' doesn't work anymore) Give NOTE instead of WARNING if table/function doesn't exists when using DROP IF EXISTS sql/sql_prepare.cc: After merge fixes sql/sql_select.cc: Don't create 'dummy' WHERE clause for trivial WHERE clauses where we can remove the WHERE clause. This fix removed of a lot of 'Using where' notes in the test suite sql/sql_table.cc: Give NOTE instead of WARNING if table/function doesn't exists when using DROP IF EXISTS sql/sql_union.cc: After merge fix sql/sql_view.cc: After merge fix sql/table.cc: After merge fix sql/tztime.cc: Update timezone table handling to use new table lists structure sql/tztime.h: Update timezone table handling to use new table lists structure sql/unireg.cc: Use 0x before pointers
2004-09-09 05:59:26 +02:00
--error 1305
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
drop procedure db1_secret.dummy;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
#
# Anonymous can
#
connection con3anon;
# This should work...
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
call db1_secret.stamp(3);
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
select db1_secret.db();
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
# ...but not this
--error 1044
select * from db1_secret.t1;
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
# ...and not this
--error 1049
create procedure db1_secret.dummy() begin end;
After merge fixes of merge with 4.1 that included the new arena code. Fixed (together with Guilhem) bugs in mysqlbinlog regarding --offset Prefix addresses with 0x for easier comparisons of debug logs Fixed problem where MySQL choosed index-read even if there would be a much better range on the same index This fix changed some 'index' queries to 'range' queries in the test suite Don't create 'dummy' WHERE clause for trivial WHERE clauses where we can remove the WHERE clause. This fix removed of a lot of 'Using where' notes in the test suite. Give NOTE instead of WARNING if table/function doesn't exists when using DROP IF EXISTS Give NOTE instead of WARNING for safe field-type conversions Makefile.am: Don't automaticly update files from bk client/mysqlbinlog.cc: Merge with 4.1 (+ apply bug fixes for --offset and --start-position) include/my_sys.h: Faster clear_alloc_root() mysql-test/r/bdb.result: Updated results after merge mysql-test/r/create.result: Updated results after merge mysql-test/r/func_group.result: Updated results after merge mysql-test/r/func_if.result: Updated results after merge mysql-test/r/heap_btree.result: Updated results after merge mysql-test/r/index_merge.result: Updated results after merge mysql-test/r/index_merge_ror.result: Updated results after merge mysql-test/r/innodb.result: Updated results after merge mysql-test/r/join_outer.result: Updated results after merge mysql-test/r/mysqlbinlog2.result: Updated results after merge mysql-test/r/negation_elimination.result: Updated results after merge mysql-test/r/null.result: Updated results after merge Added more tests mysql-test/r/null_key.result: Updated results after merge Added more tests mysql-test/r/order_by.result: Updated results after merge mysql-test/r/range.result: Updated results after merge Added more tests mysql-test/r/rpl_charset.result: Updated results after merge mysql-test/r/sp-error.result: Updated results after merge mysql-test/r/sp.result: Updated results after merge Added delete of some stored procedures in an attempt to be able to re-run test even if it aborts in the middle mysql-test/r/type_blob.result: Updated results after merge (Some warnings are now notes) mysql-test/r/user_var.result: Updated results after merge Added more tests mysql-test/r/variables.result: Updated results after merge mysql-test/r/view.result: Updated results after merge mysql-test/t/mysqlbinlog2.test: Updated tests to use new positions mysql-test/t/null.test: More tests mysql-test/t/null_key.test: More tests mysql-test/t/range.test: More tests mysql-test/t/rpl_charset.test: Avoid big diffs in the future if tests changes mysql-test/t/sp-error.test: Updated error numbers mysql-test/t/sp-security.test: Updated error numbers mysql-test/t/sp.test: Updated results after merge Added delete of some stored procedures in an attempt to be able to re-run test even if it aborts in the middle mysql-test/t/user_var.test: More tests mysql-test/t/view.test: Updated error numbers mysys/my_alloc.c: Write into debug log the address of the allocated area sql/ha_isam.cc: Prefix addresses with 0x for easier comparisons of debug logs sql/ha_myisam.cc: Prefix addresses with 0x for easier comparisons of debug logs sql/ha_ndbcluster.cc: Add missing enum to switch sql/handler.cc: remove compiler warning sql/item.cc: More debugging Simple cleanup sql/item.h: Move Item::cleanup() to item.cc sql/item_cmpfunc.cc: Fix arena code sql/item_subselect.cc: After merge fixes sql/item_subselect.h: After merge fixes sql/item_sum.cc: Updated comment sql/log_event.cc: Remove wrong test sql/mysql_priv.h: Indentation fixes sql/mysqld.cc: After merge fixes Added 0x to pointers in debug log sql/opt_range.cc: Fixed problem where MySQL choosed index-read even if there would be a much better range on the same index This fix changed some 'index' queries to 'range' queries in the test suite sql/set_var.cc: Indentation fixes sql/sp_head.cc: Set state to INITIALIZED to make SP work with new arena code sql/sql_base.cc: After merge fixes sql/sql_class.cc: More debugging Use clear_alloc_root() instead of init_alloc_root() as the former is faster sql/sql_class.h: New method 'only_prepare()' sql/sql_lex.cc: After merge fixes sql/sql_lex.h: After merge fixes sql/sql_parse.cc: Fix for timezone tables. (The old way to add timezone tables to global list in 'create_total_list' doesn't work anymore) Give NOTE instead of WARNING if table/function doesn't exists when using DROP IF EXISTS sql/sql_prepare.cc: After merge fixes sql/sql_select.cc: Don't create 'dummy' WHERE clause for trivial WHERE clauses where we can remove the WHERE clause. This fix removed of a lot of 'Using where' notes in the test suite sql/sql_table.cc: Give NOTE instead of WARNING if table/function doesn't exists when using DROP IF EXISTS sql/sql_union.cc: After merge fix sql/sql_view.cc: After merge fix sql/table.cc: After merge fix sql/tztime.cc: Update timezone table handling to use new table lists structure sql/tztime.h: Update timezone table handling to use new table lists structure sql/unireg.cc: Use 0x before pointers
2004-09-09 05:59:26 +02:00
--error 1305
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
drop procedure db1_secret.dummy;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
#
# Check it out
#
connection con1root;
select * from t1;
#
# Change to invoker's rights
#
alter procedure stamp sql security invoker;
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
show procedure status like 'stamp';
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
alter function db sql security invoker;
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
show function status like 'db';
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
# root still can
call stamp(4);
select * from t1;
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
select db();
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
#
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
# User1 cannot
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
#
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
connection con2user1;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
# This should not work
--error 1044
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
call db1_secret.stamp(5);
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
--error 1044
select db1_secret.db();
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
#
# Anonymous cannot
#
connection con3anon;
# This should not work
--error 1044
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
call db1_secret.stamp(6);
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
--error 1044
select db1_secret.db();
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
#
# BUG#2777
#
connection con1root;
--disable_warnings
drop database if exists db2;
--enable_warnings
create database db2;
use db2;
create table t2 (s1 int);
insert into t2 values (0);
grant usage on db2.* to user1@localhost;
grant select on db2.* to user1@localhost;
grant usage on db2.* to user2@localhost;
grant select,insert,update,delete on db2.* to user2@localhost;
flush privileges;
connection con2user1;
use db2;
create procedure p () insert into t2 values (1);
# Check that this doesn't work.
--error 1044
call p();
connect (con4user2,localhost,user2,,);
connection con4user2;
use db2;
# This should not work, since p is executed with definer's (user1's) rights.
--error 1044
call p();
select * from t2;
create procedure q () insert into t2 values (2);
call q();
select * from t2;
connection con2user1;
use db2;
# This should work
call q();
select * from t2;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
# Clean up
connection con1root;
use test;
WL#1366: Use the schema (db) associated with an SP. Phase 4 (final): Remove associated stored procedures when a database is dropped. mysql-test/r/sp-security.result: drop database now deletes associated SPs. mysql-test/r/sp.result: drop database now deletes associated SPs. mysql-test/t/sp-security.test: drop database now deletes associated SPs. mysql-test/t/sp.test: drop database now deletes associated SPs. sql/sp.cc: New function for deleting all SPs associated with a database. sql/sp.h: New function for deleting all SPs associated with a database. sql/sp_cache.cc: New function for just invalidating all SP caches (when dropping a database). sql/sp_cache.h: New function for just invalidating all SP caches (when dropping a database). sql/sql_db.cc: When dropping a database, also delete all associated SPs.
2004-03-22 14:44:41 +01:00
select type,db,name from mysql.proc;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
drop database db1_secret;
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
drop database db2;
WL#1366: Use the schema (db) associated with an SP. Phase 4 (final): Remove associated stored procedures when a database is dropped. mysql-test/r/sp-security.result: drop database now deletes associated SPs. mysql-test/r/sp.result: drop database now deletes associated SPs. mysql-test/t/sp-security.test: drop database now deletes associated SPs. mysql-test/t/sp.test: drop database now deletes associated SPs. sql/sp.cc: New function for deleting all SPs associated with a database. sql/sp.h: New function for deleting all SPs associated with a database. sql/sp_cache.cc: New function for just invalidating all SP caches (when dropping a database). sql/sp_cache.h: New function for just invalidating all SP caches (when dropping a database). sql/sql_db.cc: When dropping a database, also delete all associated SPs.
2004-03-22 14:44:41 +01:00
# Make sure the routines are gone
select type,db,name from mysql.proc;
# Get rid of the users
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
delete from mysql.user where user='user1' or user='user2';
Reference in a new issue Copy permalink