mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-17 20:42:30 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/r/sp-security.result

294 lines
11 KiB
Text
Raw Normal View History

WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
use test;
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
grant usage on *.* to user1@localhost;
flush privileges;
- Updated the sp-security result set after updating the test mysql-test/r/sp-security.result: - Updated the result set
2005-07-07 17:55:16 +02:00
drop table if exists t1;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
drop database if exists db1_secret;
create database db1_secret;
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
create procedure db1_secret.dummy() begin end;
drop procedure db1_secret.dummy;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
use db1_secret;
create table t1 ( u varchar(64), i int );
create procedure stamp(i int)
insert into db1_secret.t1 values (user(), i);
show procedure status like 'stamp';
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
Db Name Type Definer Modified Created Security_type Comment
db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
create function db() returns varchar(64) return database();
show function status like 'db';
Db Name Type Definer Modified Created Security_type Comment
db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
call stamp(1);
select * from t1;
u i
root@localhost 1
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
select db();
db()
db1_secret
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
grant execute on procedure db1_secret.stamp to user1@'%';
grant execute on function db1_secret.db to user1@'%';
grant execute on procedure db1_secret.stamp to ''@'%';
grant execute on function db1_secret.db to ''@'%';
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
call db1_secret.stamp(2);
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
select db1_secret.db();
db1_secret.db()
db1_secret
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
select * from db1_secret.t1;
post-merge
2004-12-31 17:59:43 +01:00
ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1'
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
create procedure db1_secret.dummy() begin end;
errors without code removed net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed (WL#2133) include/mysqld_error.h: new errors added. mysql-test/r/rpl_charset.result: new error mysql-test/r/rpl_timezone.result: new error mysql-test/r/sp-security.result: more clean error message mysql-test/r/sp.result: now error state intercepted correctly mysql-test/t/connect.test: new error message mysql-test/t/rpl_charset.test: new error message mysql-test/t/rpl_timezone.test: new error mysql-test/t/sp-security.test: more correct error handling mysql-test/t/sp.test: now error state intercepted correctly sql/ha_innodb.cc: -1/1 (sent/unsent) error reporting removed sql/ha_innodb.h: -1/1 (sent/unsent) error reporting removed sql/item.cc: only boolean values should be returned by fix_fields() sql/item_cmpfunc.cc: only boolean values should be returned by fix_fields() sql/item_func.cc: only boolean values should be returned by fix_fields() net_printf/send_error calls replaced by my_error family functions sql/item_row.cc: only boolean values should be returned by fix_fields() sql/item_subselect.cc: only boolean values should be returned by fix_fields() -1/1 (sent/unsent) error reporting removed sql/item_subselect.h: -1/1 (sent/unsent) error reporting removed sql/item_sum.cc: only boolean values should be returned by fix_fields() sql/item_timefunc.cc: only boolean values should be returned by fix_fields() sql/item_uniq.h: only boolean values should be returned by fix_fields() sql/mysql_priv.h: -1/1 (sent/unsent) error reporting removed sql/mysqld.cc: net_printf/send_error calls replaced by my_error family functions changes in my_message_sql to support error handling correctly sql/protocol.cc: net_printf/send_error calls replaced by my_error family functions sql/protocol_cursor.cc: net_printf/send_error calls replaced by my_error family functions sql/repl_failsafe.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/repl_failsafe.h: -1/1 (sent/unsent) error reporting removed sql/set_var.cc: net_printf/send_error calls replaced by my_error family functions sql/share/czech/errmsg.txt: new error messages sql/share/danish/errmsg.txt: new error messages sql/share/dutch/errmsg.txt: new error messages sql/share/english/errmsg.txt: new error messages sql/share/estonian/errmsg.txt: new error messages sql/share/french/errmsg.txt: new error messages sql/share/german/errmsg.txt: new error messages sql/share/greek/errmsg.txt: new error messages sql/share/hungarian/errmsg.txt: new error messages sql/share/italian/errmsg.txt: new error messages sql/share/japanese/errmsg.txt: new error messages sql/share/korean/errmsg.txt: new error messages sql/share/norwegian-ny/errmsg.txt: new error messages sql/share/norwegian/errmsg.txt: new error messages sql/share/polish/errmsg.txt: new error messages sql/share/portuguese/errmsg.txt: new error messages sql/share/romanian/errmsg.txt: new error messages sql/share/russian/errmsg.txt: new error messages sql/share/serbian/errmsg.txt: new error messages sql/share/slovak/errmsg.txt: new error messages sql/share/spanish/errmsg.txt: new error messages sql/share/swedish/errmsg.txt: new error messages sql/share/ukrainian/errmsg.txt: new error messages sql/slave.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/slave.h: -1/1 (sent/unsent) error reporting removed sql/sp.cc: net_printf/send_error calls replaced by my_error family functions sql/sp_head.cc: new eror handling support net_printf/send_error calls replaced by my_error family functions sql/sp_rcontext.cc: net_printf/send_error calls replaced by my_error family functions sql/sql_acl.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_acl.h: -1/1 (sent/unsent) error reporting removed sql/sql_base.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_class.cc: net_printf/send_error calls replaced by my_error family functions sql/sql_class.h: my_messhage_sql now set/reset query_error flag sql/sql_db.cc: -1/1 (sent/unsent) error reporting removed sql/sql_delete.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_do.cc: -1/1 (sent/unsent) error reporting removed sql/sql_error.cc: -1/1 (sent/unsent) error reporting removed sql/sql_handler.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_help.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_insert.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_lex.h: -1/1 (sent/unsent) error reporting removed sql/sql_load.cc: -1/1 (sent/unsent) error reporting removed sql/sql_map.cc: errors without code removed sql/sql_parse.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed from mysql_execute_command sql/sql_prepare.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_repl.cc: error messages fixed net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_repl.h: -1/1 (sent/unsent) error reporting removed sql/sql_select.cc: -1/1 (sent/unsent) error reporting removed sql/sql_select.h: -1/1 (sent/unsent) error reporting removed sql/sql_show.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_table.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_trigger.cc: -1/1 (sent/unsent) error reporting removed sql/sql_udf.cc: net_printf/send_error calls replaced by my_error family functions sql/sql_union.cc: -1/1 (sent/unsent) error reporting removed sql/sql_update.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_view.cc: -1/1 (sent/unsent) error reporting removed sql/sql_view.h: -1/1 (sent/unsent) error reporting removed sql/sql_yacc.yy: net_printf/send_error calls replaced by my_error family functions
2004-10-20 03:04:37 +02:00
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
drop procedure db1_secret.dummy;
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
call db1_secret.stamp(3);
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
select db1_secret.db();
db1_secret.db()
db1_secret
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
select * from db1_secret.t1;
post-merge
2004-12-31 17:59:43 +01:00
ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1'
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
create procedure db1_secret.dummy() begin end;
errors without code removed net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed (WL#2133) include/mysqld_error.h: new errors added. mysql-test/r/rpl_charset.result: new error mysql-test/r/rpl_timezone.result: new error mysql-test/r/sp-security.result: more clean error message mysql-test/r/sp.result: now error state intercepted correctly mysql-test/t/connect.test: new error message mysql-test/t/rpl_charset.test: new error message mysql-test/t/rpl_timezone.test: new error mysql-test/t/sp-security.test: more correct error handling mysql-test/t/sp.test: now error state intercepted correctly sql/ha_innodb.cc: -1/1 (sent/unsent) error reporting removed sql/ha_innodb.h: -1/1 (sent/unsent) error reporting removed sql/item.cc: only boolean values should be returned by fix_fields() sql/item_cmpfunc.cc: only boolean values should be returned by fix_fields() sql/item_func.cc: only boolean values should be returned by fix_fields() net_printf/send_error calls replaced by my_error family functions sql/item_row.cc: only boolean values should be returned by fix_fields() sql/item_subselect.cc: only boolean values should be returned by fix_fields() -1/1 (sent/unsent) error reporting removed sql/item_subselect.h: -1/1 (sent/unsent) error reporting removed sql/item_sum.cc: only boolean values should be returned by fix_fields() sql/item_timefunc.cc: only boolean values should be returned by fix_fields() sql/item_uniq.h: only boolean values should be returned by fix_fields() sql/mysql_priv.h: -1/1 (sent/unsent) error reporting removed sql/mysqld.cc: net_printf/send_error calls replaced by my_error family functions changes in my_message_sql to support error handling correctly sql/protocol.cc: net_printf/send_error calls replaced by my_error family functions sql/protocol_cursor.cc: net_printf/send_error calls replaced by my_error family functions sql/repl_failsafe.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/repl_failsafe.h: -1/1 (sent/unsent) error reporting removed sql/set_var.cc: net_printf/send_error calls replaced by my_error family functions sql/share/czech/errmsg.txt: new error messages sql/share/danish/errmsg.txt: new error messages sql/share/dutch/errmsg.txt: new error messages sql/share/english/errmsg.txt: new error messages sql/share/estonian/errmsg.txt: new error messages sql/share/french/errmsg.txt: new error messages sql/share/german/errmsg.txt: new error messages sql/share/greek/errmsg.txt: new error messages sql/share/hungarian/errmsg.txt: new error messages sql/share/italian/errmsg.txt: new error messages sql/share/japanese/errmsg.txt: new error messages sql/share/korean/errmsg.txt: new error messages sql/share/norwegian-ny/errmsg.txt: new error messages sql/share/norwegian/errmsg.txt: new error messages sql/share/polish/errmsg.txt: new error messages sql/share/portuguese/errmsg.txt: new error messages sql/share/romanian/errmsg.txt: new error messages sql/share/russian/errmsg.txt: new error messages sql/share/serbian/errmsg.txt: new error messages sql/share/slovak/errmsg.txt: new error messages sql/share/spanish/errmsg.txt: new error messages sql/share/swedish/errmsg.txt: new error messages sql/share/ukrainian/errmsg.txt: new error messages sql/slave.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/slave.h: -1/1 (sent/unsent) error reporting removed sql/sp.cc: net_printf/send_error calls replaced by my_error family functions sql/sp_head.cc: new eror handling support net_printf/send_error calls replaced by my_error family functions sql/sp_rcontext.cc: net_printf/send_error calls replaced by my_error family functions sql/sql_acl.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_acl.h: -1/1 (sent/unsent) error reporting removed sql/sql_base.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_class.cc: net_printf/send_error calls replaced by my_error family functions sql/sql_class.h: my_messhage_sql now set/reset query_error flag sql/sql_db.cc: -1/1 (sent/unsent) error reporting removed sql/sql_delete.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_do.cc: -1/1 (sent/unsent) error reporting removed sql/sql_error.cc: -1/1 (sent/unsent) error reporting removed sql/sql_handler.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_help.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_insert.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_lex.h: -1/1 (sent/unsent) error reporting removed sql/sql_load.cc: -1/1 (sent/unsent) error reporting removed sql/sql_map.cc: errors without code removed sql/sql_parse.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed from mysql_execute_command sql/sql_prepare.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_repl.cc: error messages fixed net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_repl.h: -1/1 (sent/unsent) error reporting removed sql/sql_select.cc: -1/1 (sent/unsent) error reporting removed sql/sql_select.h: -1/1 (sent/unsent) error reporting removed sql/sql_show.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_table.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_trigger.cc: -1/1 (sent/unsent) error reporting removed sql/sql_udf.cc: net_printf/send_error calls replaced by my_error family functions sql/sql_union.cc: -1/1 (sent/unsent) error reporting removed sql/sql_update.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_view.cc: -1/1 (sent/unsent) error reporting removed sql/sql_view.h: -1/1 (sent/unsent) error reporting removed sql/sql_yacc.yy: net_printf/send_error calls replaced by my_error family functions
2004-10-20 03:04:37 +02:00
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable. Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.)
2004-06-15 15:42:28 +02:00
drop procedure db1_secret.dummy;
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
select * from t1;
u i
root@localhost 1
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
user1@localhost 2
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
anon@localhost 3
alter procedure stamp sql security invoker;
show procedure status like 'stamp';
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
Db Name Type Definer Modified Created Security_type Comment
db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 INVOKER
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
alter function db sql security invoker;
show function status like 'db';
Db Name Type Definer Modified Created Security_type Comment
db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 INVOKER
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
call stamp(4);
select * from t1;
u i
root@localhost 1
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
user1@localhost 2
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
anon@localhost 3
root@localhost 4
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
select db();
db()
db1_secret
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
call db1_secret.stamp(5);
After merge fixes Note: The following tests fails - fulltext (Sergei has promised to fix) - rpl_charset (Guilhem should fix) - rpl_timezone (Dimitray has promised to fix) Sanja needs to check out the calling of close_thread_tables() in sp_head.cc myisam/mi_check.c: After merge fix myisam/sort.c: After merge fix mysql-test/mysql-test-run.sh: Export master socket to mysqltest mysql-test/r/func_group.result: Make result repeatable mysql-test/r/mysqlbinlog.result: After merge fix mysql-test/r/ps_1general.result: After merge fix mysql-test/r/ps_2myisam.result: After merge fix mysql-test/r/ps_3innodb.result: After merge fix mysql-test/r/ps_4heap.result: After merge fix mysql-test/r/ps_5merge.result: After merge fix mysql-test/r/ps_6bdb.result: After merge fix mysql-test/r/rpl_flush_log_loop.result: After merge fix mysql-test/r/rpl_replicate_do.result: After merge fix mysql-test/r/rpl_temporary.result: After merge fix mysql-test/r/rpl_timezone.result: After merge fix Note that this test fails now (Dimitry has promised to fix this) mysql-test/r/rpl_user_variables.result: After merge fix mysql-test/r/select.result: After merge fix mysql-test/r/sp-error.result: After merge fix mysql-test/r/sp-security.result: After merge fix mysql-test/r/sp.result: After merge fix mysql-test/r/user_var.result: After merge fix mysql-test/r/variables.result: After merge fix mysql-test/t/alter_table.test: After merge fix mysql-test/t/derived.test: After merge fix mysql-test/t/func_group.test: Make result repeatable mysql-test/t/grant_cache.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/multi_update.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000015.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000017.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000018.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl_charset.test: After merge fix mysql-test/t/rpl_heap.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl_rotate_logs.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/sp-error.test: after merge fix mysql-test/t/sp-security.test: after merge fix mysql-test/t/user_var.test: after merge fix scripts/mysql_fix_privilege_tables.sh: This can now be exectued from the source distribution sql/handler.cc: Cleanup sql/handler.h: More debugging sql/item.h: Indentation fixes sql/item_cmpfunc.cc: After merge fixes sql/opt_range.cc: After merge fixes sql/opt_range.h: After merge fixes sql/sp.cc: After merge fixes sql/sp_head.cc: Remove closing of thread tables in a SP function as this caused a core dump. (Has to be fixed better) sql/sql_base.cc: More debugging sql/sql_handler.cc: After merge fixes (We have to call ha_index_or_rnd_end() before calling close_thread_table()) sql/sql_parse.cc: More debugging sql/sql_prepare.cc: After merge fixes sql/sql_select.cc: After merge fixes
2004-07-15 03:19:07 +02:00
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
select db1_secret.db();
After merge fixes Note: The following tests fails - fulltext (Sergei has promised to fix) - rpl_charset (Guilhem should fix) - rpl_timezone (Dimitray has promised to fix) Sanja needs to check out the calling of close_thread_tables() in sp_head.cc myisam/mi_check.c: After merge fix myisam/sort.c: After merge fix mysql-test/mysql-test-run.sh: Export master socket to mysqltest mysql-test/r/func_group.result: Make result repeatable mysql-test/r/mysqlbinlog.result: After merge fix mysql-test/r/ps_1general.result: After merge fix mysql-test/r/ps_2myisam.result: After merge fix mysql-test/r/ps_3innodb.result: After merge fix mysql-test/r/ps_4heap.result: After merge fix mysql-test/r/ps_5merge.result: After merge fix mysql-test/r/ps_6bdb.result: After merge fix mysql-test/r/rpl_flush_log_loop.result: After merge fix mysql-test/r/rpl_replicate_do.result: After merge fix mysql-test/r/rpl_temporary.result: After merge fix mysql-test/r/rpl_timezone.result: After merge fix Note that this test fails now (Dimitry has promised to fix this) mysql-test/r/rpl_user_variables.result: After merge fix mysql-test/r/select.result: After merge fix mysql-test/r/sp-error.result: After merge fix mysql-test/r/sp-security.result: After merge fix mysql-test/r/sp.result: After merge fix mysql-test/r/user_var.result: After merge fix mysql-test/r/variables.result: After merge fix mysql-test/t/alter_table.test: After merge fix mysql-test/t/derived.test: After merge fix mysql-test/t/func_group.test: Make result repeatable mysql-test/t/grant_cache.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/multi_update.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000015.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000017.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000018.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl_charset.test: After merge fix mysql-test/t/rpl_heap.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl_rotate_logs.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/sp-error.test: after merge fix mysql-test/t/sp-security.test: after merge fix mysql-test/t/user_var.test: after merge fix scripts/mysql_fix_privilege_tables.sh: This can now be exectued from the source distribution sql/handler.cc: Cleanup sql/handler.h: More debugging sql/item.h: Indentation fixes sql/item_cmpfunc.cc: After merge fixes sql/opt_range.cc: After merge fixes sql/opt_range.h: After merge fixes sql/sp.cc: After merge fixes sql/sp_head.cc: Remove closing of thread tables in a SP function as this caused a core dump. (Has to be fixed better) sql/sql_base.cc: More debugging sql/sql_handler.cc: After merge fixes (We have to call ha_index_or_rnd_end() before calling close_thread_table()) sql/sql_parse.cc: More debugging sql/sql_prepare.cc: After merge fixes sql/sql_select.cc: After merge fixes
2004-07-15 03:19:07 +02:00
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
WL#1366: Use the schema (db) associated with an SP. Phase 2: Make SPs belong to a DB, and use qualified names. As a side effect, using USE in an SP is no longer allowed. (It just doesn't work otherwise.) include/mysqld_error.h: New error code (USE is no longer allowed in a stored procedure). include/sql_state.h: New error state (USE is no longer allowed in a stored procedure). mysql-test/r/sp-error.result: Updated result for test of USE in SP (not allowed now). mysql-test/r/sp-security.result: Updated test results for new db column and qualified procedured names. mysql-test/r/sp.result: Updated results for USE in SP (as it's no longer allowed), and for new db column in status result. mysql-test/t/sp-error.test: Moved test of USE in SP from sp.test (as it's no longer allowed). mysql-test/t/sp-security.test: Ajusted tests for new db column and qualified procedured names. mysql-test/t/sp.test: Moved test of USE in SP to sp-error.test (as it's no longer allowed). Adjusted tests for new db column in status result. sql/mysql_priv.h: mysql_change_db() now has optional arguments for use by SP with qualified names. sql/share/czech/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/danish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/dutch/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/english/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/estonian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/french/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/german/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/greek/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/hungarian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/italian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/japanese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/korean/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian-ny/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/norwegian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/polish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/portuguese/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/romanian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/russian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/serbian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/slovak/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/spanish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/swedish/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/share/ukrainian/errmsg.txt: New error message: USE is not allowed in a stored procedure. sql/sp.cc: SPs are now "belong" to a DB and may have qualified names. New functions for changing DB ("use") when parsing and invoking SPs. sql/sp.h: New functions for changing DB ("use") when parsing and invoking SPs. sql/sp_cache.cc: Use the qualified name in the SP cache. sql/sp_head.cc: New function for allocating a qualified SP name (used in sql_yacc.yy). Change DB when executing an SP (if needed). Moved thd_mem_root swap functions from sp_head.h. sql/sp_head.h: New function for allocating a qualified SP name (used in sql_yacc.yy). Moved thd_mem_root swap functions to sp_head.cc. sql/sql_db.cc: mysql_change_db() now has optional arguments for use by SP with qualified names (for use when reading an SP from database and executing it); also allow "unusing" a database, i.e. setting thd->thd to "". sql/sql_yacc.yy: Initialize qualfied SP names correctly. USE is no longer allowed in an SP.
2004-03-11 17:18:59 +01:00
call db1_secret.stamp(6);
After merge fixes Note: The following tests fails - fulltext (Sergei has promised to fix) - rpl_charset (Guilhem should fix) - rpl_timezone (Dimitray has promised to fix) Sanja needs to check out the calling of close_thread_tables() in sp_head.cc myisam/mi_check.c: After merge fix myisam/sort.c: After merge fix mysql-test/mysql-test-run.sh: Export master socket to mysqltest mysql-test/r/func_group.result: Make result repeatable mysql-test/r/mysqlbinlog.result: After merge fix mysql-test/r/ps_1general.result: After merge fix mysql-test/r/ps_2myisam.result: After merge fix mysql-test/r/ps_3innodb.result: After merge fix mysql-test/r/ps_4heap.result: After merge fix mysql-test/r/ps_5merge.result: After merge fix mysql-test/r/ps_6bdb.result: After merge fix mysql-test/r/rpl_flush_log_loop.result: After merge fix mysql-test/r/rpl_replicate_do.result: After merge fix mysql-test/r/rpl_temporary.result: After merge fix mysql-test/r/rpl_timezone.result: After merge fix Note that this test fails now (Dimitry has promised to fix this) mysql-test/r/rpl_user_variables.result: After merge fix mysql-test/r/select.result: After merge fix mysql-test/r/sp-error.result: After merge fix mysql-test/r/sp-security.result: After merge fix mysql-test/r/sp.result: After merge fix mysql-test/r/user_var.result: After merge fix mysql-test/r/variables.result: After merge fix mysql-test/t/alter_table.test: After merge fix mysql-test/t/derived.test: After merge fix mysql-test/t/func_group.test: Make result repeatable mysql-test/t/grant_cache.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/multi_update.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000015.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000017.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000018.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl_charset.test: After merge fix mysql-test/t/rpl_heap.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl_rotate_logs.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/sp-error.test: after merge fix mysql-test/t/sp-security.test: after merge fix mysql-test/t/user_var.test: after merge fix scripts/mysql_fix_privilege_tables.sh: This can now be exectued from the source distribution sql/handler.cc: Cleanup sql/handler.h: More debugging sql/item.h: Indentation fixes sql/item_cmpfunc.cc: After merge fixes sql/opt_range.cc: After merge fixes sql/opt_range.h: After merge fixes sql/sp.cc: After merge fixes sql/sp_head.cc: Remove closing of thread tables in a SP function as this caused a core dump. (Has to be fixed better) sql/sql_base.cc: More debugging sql/sql_handler.cc: After merge fixes (We have to call ha_index_or_rnd_end() before calling close_thread_table()) sql/sql_parse.cc: More debugging sql/sql_prepare.cc: After merge fixes sql/sql_select.cc: After merge fixes
2004-07-15 03:19:07 +02:00
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
WL#1366: Use the schema (db) associated with an SP. Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise.
2004-03-19 19:01:54 +01:00
select db1_secret.db();
After merge fixes Note: The following tests fails - fulltext (Sergei has promised to fix) - rpl_charset (Guilhem should fix) - rpl_timezone (Dimitray has promised to fix) Sanja needs to check out the calling of close_thread_tables() in sp_head.cc myisam/mi_check.c: After merge fix myisam/sort.c: After merge fix mysql-test/mysql-test-run.sh: Export master socket to mysqltest mysql-test/r/func_group.result: Make result repeatable mysql-test/r/mysqlbinlog.result: After merge fix mysql-test/r/ps_1general.result: After merge fix mysql-test/r/ps_2myisam.result: After merge fix mysql-test/r/ps_3innodb.result: After merge fix mysql-test/r/ps_4heap.result: After merge fix mysql-test/r/ps_5merge.result: After merge fix mysql-test/r/ps_6bdb.result: After merge fix mysql-test/r/rpl_flush_log_loop.result: After merge fix mysql-test/r/rpl_replicate_do.result: After merge fix mysql-test/r/rpl_temporary.result: After merge fix mysql-test/r/rpl_timezone.result: After merge fix Note that this test fails now (Dimitry has promised to fix this) mysql-test/r/rpl_user_variables.result: After merge fix mysql-test/r/select.result: After merge fix mysql-test/r/sp-error.result: After merge fix mysql-test/r/sp-security.result: After merge fix mysql-test/r/sp.result: After merge fix mysql-test/r/user_var.result: After merge fix mysql-test/r/variables.result: After merge fix mysql-test/t/alter_table.test: After merge fix mysql-test/t/derived.test: After merge fix mysql-test/t/func_group.test: Make result repeatable mysql-test/t/grant_cache.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/multi_update.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000015.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000017.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000018.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl_charset.test: After merge fix mysql-test/t/rpl_heap.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl_rotate_logs.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/sp-error.test: after merge fix mysql-test/t/sp-security.test: after merge fix mysql-test/t/user_var.test: after merge fix scripts/mysql_fix_privilege_tables.sh: This can now be exectued from the source distribution sql/handler.cc: Cleanup sql/handler.h: More debugging sql/item.h: Indentation fixes sql/item_cmpfunc.cc: After merge fixes sql/opt_range.cc: After merge fixes sql/opt_range.h: After merge fixes sql/sp.cc: After merge fixes sql/sp_head.cc: Remove closing of thread tables in a SP function as this caused a core dump. (Has to be fixed better) sql/sql_base.cc: More debugging sql/sql_handler.cc: After merge fixes (We have to call ha_index_or_rnd_end() before calling close_thread_table()) sql/sql_parse.cc: More debugging sql/sql_prepare.cc: After merge fixes sql/sql_select.cc: After merge fixes
2004-07-15 03:19:07 +02:00
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
drop database if exists db2;
create database db2;
use db2;
create table t2 (s1 int);
insert into t2 values (0);
grant usage on db2.* to user1@localhost;
grant select on db2.* to user1@localhost;
grant usage on db2.* to user2@localhost;
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
grant select,insert,update,delete,create routine on db2.* to user2@localhost;
grant create routine on db2.* to user1@localhost;
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
flush privileges;
use db2;
create procedure p () insert into t2 values (1);
call p();
post-merge
2004-12-31 17:59:43 +01:00
ERROR 42000: INSERT command denied to user 'user1'@'localhost' for table 't2'
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
use db2;
call p();
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
ERROR 42000: execute command denied to user 'user2'@'localhost' for routine 'db2.p'
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
select * from t2;
s1
0
create procedure q () insert into t2 values (2);
call q();
select * from t2;
s1
0
2
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
grant usage on procedure db2.q to user2@localhost with grant option;
grant execute on procedure db2.q to user1@localhost;
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
use db2;
call q();
select * from t2;
s1
0
2
2
Fixed BUG#6030: Stored procedure has no appropriate DROP privilege. ...and no ALTER privilege either. For now, only the definer and root can drop or alter an SP. include/mysqld_error.h: New access denied error code when dropping/altering stored procedures. include/sql_state.h: New access denied error code when dropping/altering stored procedures. mysql-test/r/sp-error.result: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.) mysql-test/r/sp-security.result: Added tests for access control on who's allowed to drop and alter SPs. mysql-test/r/sp.result: Updated results. (Warning removed.) mysql-test/t/sp-error.test: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.) mysql-test/t/sp-security.test: Added tests for access control on who's allowed to drop and alter SPs. sql/share/czech/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/danish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/dutch/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/english/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/estonian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/french/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/german/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/greek/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/hungarian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/italian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/japanese/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/korean/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/norwegian-ny/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/norwegian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/polish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/portuguese/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/romanian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/russian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/serbian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/slovak/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/spanish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/swedish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/ukrainian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/sql_parse.cc: Added minimal access control for DROP/ALTER PROCEDURE/FUNCTION. Only the definer and root are allowed to do this. sql/sql_yacc.yy: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.)
2004-10-22 20:29:06 +02:00
alter procedure p modifies sql data;
drop procedure p;
alter procedure q modifies sql data;
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q'
Fixed BUG#6030: Stored procedure has no appropriate DROP privilege. ...and no ALTER privilege either. For now, only the definer and root can drop or alter an SP. include/mysqld_error.h: New access denied error code when dropping/altering stored procedures. include/sql_state.h: New access denied error code when dropping/altering stored procedures. mysql-test/r/sp-error.result: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.) mysql-test/r/sp-security.result: Added tests for access control on who's allowed to drop and alter SPs. mysql-test/r/sp.result: Updated results. (Warning removed.) mysql-test/t/sp-error.test: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.) mysql-test/t/sp-security.test: Added tests for access control on who's allowed to drop and alter SPs. sql/share/czech/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/danish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/dutch/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/english/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/estonian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/french/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/german/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/greek/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/hungarian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/italian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/japanese/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/korean/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/norwegian-ny/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/norwegian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/polish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/portuguese/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/romanian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/russian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/serbian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/slovak/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/spanish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/swedish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/ukrainian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/sql_parse.cc: Added minimal access control for DROP/ALTER PROCEDURE/FUNCTION. Only the definer and root are allowed to do this. sql/sql_yacc.yy: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.)
2004-10-22 20:29:06 +02:00
drop procedure q;
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q'
Fixed BUG#6030: Stored procedure has no appropriate DROP privilege. ...and no ALTER privilege either. For now, only the definer and root can drop or alter an SP. include/mysqld_error.h: New access denied error code when dropping/altering stored procedures. include/sql_state.h: New access denied error code when dropping/altering stored procedures. mysql-test/r/sp-error.result: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.) mysql-test/r/sp-security.result: Added tests for access control on who's allowed to drop and alter SPs. mysql-test/r/sp.result: Updated results. (Warning removed.) mysql-test/t/sp-error.test: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.) mysql-test/t/sp-security.test: Added tests for access control on who's allowed to drop and alter SPs. sql/share/czech/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/danish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/dutch/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/english/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/estonian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/french/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/german/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/greek/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/hungarian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/italian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/japanese/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/korean/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/norwegian-ny/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/norwegian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/polish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/portuguese/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/romanian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/russian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/serbian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/slovak/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/spanish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/swedish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/ukrainian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/sql_parse.cc: Added minimal access control for DROP/ALTER PROCEDURE/FUNCTION. Only the definer and root are allowed to do this. sql/sql_yacc.yy: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.)
2004-10-22 20:29:06 +02:00
use db2;
alter procedure q modifies sql data;
drop procedure q;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
use test;
WL#1366: Use the schema (db) associated with an SP. Phase 4 (final): Remove associated stored procedures when a database is dropped. mysql-test/r/sp-security.result: drop database now deletes associated SPs. mysql-test/r/sp.result: drop database now deletes associated SPs. mysql-test/t/sp-security.test: drop database now deletes associated SPs. mysql-test/t/sp.test: drop database now deletes associated SPs. sql/sp.cc: New function for deleting all SPs associated with a database. sql/sp.h: New function for deleting all SPs associated with a database. sql/sp_cache.cc: New function for just invalidating all SP caches (when dropping a database). sql/sp_cache.h: New function for just invalidating all SP caches (when dropping a database). sql/sql_db.cc: When dropping a database, also delete all associated SPs.
2004-03-22 14:44:41 +01:00
select type,db,name from mysql.proc;
type db name
FUNCTION db1_secret db
PROCEDURE db1_secret stamp
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
drop database db1_secret;
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
drop database db2;
WL#1366: Use the schema (db) associated with an SP. Phase 4 (final): Remove associated stored procedures when a database is dropped. mysql-test/r/sp-security.result: drop database now deletes associated SPs. mysql-test/r/sp.result: drop database now deletes associated SPs. mysql-test/t/sp-security.test: drop database now deletes associated SPs. mysql-test/t/sp.test: drop database now deletes associated SPs. sql/sp.cc: New function for deleting all SPs associated with a database. sql/sp.h: New function for deleting all SPs associated with a database. sql/sp_cache.cc: New function for just invalidating all SP caches (when dropping a database). sql/sp_cache.h: New function for just invalidating all SP caches (when dropping a database). sql/sql_db.cc: When dropping a database, also delete all associated SPs.
2004-03-22 14:44:41 +01:00
select type,db,name from mysql.proc;
type db name
Fixed BUG#2777: Stored procedure doesn't observe definer's rights. SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well.
2004-03-02 11:52:19 +01:00
delete from mysql.user where user='user1' or user='user2';
Add new option "check-testcases" to mysql-test-run.pl Cleanup the sideeffects from most of the testcases with sideeffects. mysql-test/mysql-test-run.pl: Add option "check-testcases" to mysql-test-run.pl Will execute "include/check-testcase.test" once before each tescase and record the output into "var/tmp/check-testcase.result" After the teastcase it will run again and this time compare the output with previously recorded file. mysql-test/r/analyze.result: Drop table t1 at end of test mysql-test/r/create_select_tmp.result: Drop table t1 at end of test mysql-test/r/ctype_cp932.result: Drop table t1 at end of test mysql-test/r/ctype_recoding.result: Drop table t1 at end of test mysql-test/r/grant2.result: Drop user mysqltest_2 and mysqltest_A@'%' mysql-test/r/join_outer.result: Drop view v1 to cleanup mysql-test/r/ps_1general.result: Drop table t1 at end of test mysql-test/r/query_cache.result: Drop function "f1" mysql-test/r/read_only.result: Reset the "read_only" flag mysql-test/r/rpl000001.result: Remove user "blafasel2" mysql-test/r/rpl000017.result: Remove user "replicate" mysql-test/r/rpl_failed_optimize.result: Drop table t1 to cleanup mysql-test/r/rpl_flush_tables.result: Drop tables t3, t4, t5 mysql-test/r/rpl_ignore_revoke.result: Delete user "user_foo" mysql-test/r/rpl_insert_id.result: Drop table t1 to cleanup mysql-test/r/rpl_loaddata.result: Drop tyable t1 to cleanup mysql-test/r/rpl_loaddata_rule_m.result: Drop tyable t1 to cleanup mysql-test/r/rpl_loaddata_rule_s.result: Drop tyable t1 to cleanup mysql-test/r/rpl_misc_functions.result: Drop tyable t1 to cleanup mysql-test/r/rpl_multi_update3.result: Drop tyable t1 and t2 to cleanup mysql-test/r/rpl_replicate_do.result: Drop tyable t1 to cleanup mysql-test/r/rpl_skip_error.result: Drop tyable t1 to cleanup mysql-test/r/rpl_slave_status.result: Drop tyable t1 to cleanup mysql-test/r/sp-prelocking.result: Drop view v1 and tables t1, t2, t3 and t4 to cleanup mysql-test/r/sp-security.result: Delete users to cleanup Delete remaining traces in tables_priv and procs_priv mysql-test/r/subselect_innodb.result: Drop procedure p1 to cleanup mysql-test/r/trigger-compat.result: Drop trigger wl2818_trg1 and wl2818_trg2. Drop table t1, t2 Drop database mysqltest_db1 And the users "mysqltest_dfn@localhost" and "mysqltest_inv@localhost" mysql-test/r/type_bit.result: Drop tables t1 and t2 to cleanup mysql-test/r/variables.result: Set GLOBAL max_join_size to 10 as it originally was in variables-master.opt mysql-test/r/view_grant.result: Dop user "test@localhost" to cleanup mysql-test/t/analyze.test: Drop table t1 to cleanup mysql-test/t/create_select_tmp.test: Drop table t1 to cleanup mysql-test/t/ctype_cp932.test: Drop table t1 to cleanup mysql-test/t/ctype_recoding.test: Drop table t1 to cleanup mysql-test/t/fulltext_var.test: Restore the original ft_boolean_syntax mysql-test/t/grant2.test: Drop users "mysqltest_2" and "mysqltest_A@'%'" to cleanup mysql-test/t/innodb_cache.test: Reset query_cache_size to original value mysql-test/t/join_outer.test: Drop view v1 to cleanup mysql-test/t/ps_1general.test: Drop table t1 to cleanup mysql-test/t/query_cache.test: Drop function "f1" to cleanup mysql-test/t/read_only.test: Reset the readonly flag mysql-test/t/rpl000001.test: Delete user "blafasel2" to cleanup mysql-test/t/rpl000017.test: Delete user "replicate" to cleanup mysql-test/t/rpl_failed_optimize.test: Drop table t1 to cleanup mysql-test/t/rpl_flush_tables.test: Droip table t3, t4 and t5 to cleanup mysql-test/t/rpl_ignore_revoke.test: Delet user "user_foo" to cleanup mysql-test/t/rpl_insert_id.test: drop table t1 to cleanup mysql-test/t/rpl_loaddata.test: Drop table t1 to cleanup mysql-test/t/rpl_loaddata_rule_m.test: Drop table t1 to cleanup mysql-test/t/rpl_loaddata_rule_s.test: Drop table t1 to cleanup mysql-test/t/rpl_misc_functions.test: Drop table t1 to cleanup mysql-test/t/rpl_multi_update3.test: Drop table t1 and t2 to cleanup mysql-test/t/rpl_replicate_do.test: Drop table t1 to cleanup mysql-test/t/rpl_skip_error.test: Drop table t1 to cleanup mysql-test/t/rpl_slave_status.test: Drop table t1 to cleanup mysql-test/t/sp-prelocking.test: Drop table t1, t2 t3 and t4 to cleanup Drop view v1 mysql-test/t/sp-security.test: Delete test users from mysql.user, mysql.db, mysql.procs_priv and mysql.tables_priv Drop table t1 to cleanup mysql-test/t/subselect_innodb.test: Drop procedure p1 to cleanup mysql-test/t/trigger-compat.test: Drop trigger wl2818_trg1 and wl2818_trg2 to cleanup Drop table t1, t2 Drop users drop database mysqltest_db1 mysql-test/t/type_bit.test: drop table t1 and t2 to cleanup mysql-test/t/variables-master.opt: Increase max_join_size to 100. mysql-test/t/variables.test: Set max_join_size to 10, which was the original value in variables-master.opt mysql-test/t/view_grant.test: Drop the user "test@localhost" mysql-test/include/check-testcase.test: New BitKeeper file ``mysql-test/include/check-testcase.test''
2006-01-26 17:54:34 +01:00
delete from mysql.user where user='' and host='%';
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
delete from mysql.procs_priv where user='user1' or user='user2';
Add new option "check-testcases" to mysql-test-run.pl Cleanup the sideeffects from most of the testcases with sideeffects. mysql-test/mysql-test-run.pl: Add option "check-testcases" to mysql-test-run.pl Will execute "include/check-testcase.test" once before each tescase and record the output into "var/tmp/check-testcase.result" After the teastcase it will run again and this time compare the output with previously recorded file. mysql-test/r/analyze.result: Drop table t1 at end of test mysql-test/r/create_select_tmp.result: Drop table t1 at end of test mysql-test/r/ctype_cp932.result: Drop table t1 at end of test mysql-test/r/ctype_recoding.result: Drop table t1 at end of test mysql-test/r/grant2.result: Drop user mysqltest_2 and mysqltest_A@'%' mysql-test/r/join_outer.result: Drop view v1 to cleanup mysql-test/r/ps_1general.result: Drop table t1 at end of test mysql-test/r/query_cache.result: Drop function "f1" mysql-test/r/read_only.result: Reset the "read_only" flag mysql-test/r/rpl000001.result: Remove user "blafasel2" mysql-test/r/rpl000017.result: Remove user "replicate" mysql-test/r/rpl_failed_optimize.result: Drop table t1 to cleanup mysql-test/r/rpl_flush_tables.result: Drop tables t3, t4, t5 mysql-test/r/rpl_ignore_revoke.result: Delete user "user_foo" mysql-test/r/rpl_insert_id.result: Drop table t1 to cleanup mysql-test/r/rpl_loaddata.result: Drop tyable t1 to cleanup mysql-test/r/rpl_loaddata_rule_m.result: Drop tyable t1 to cleanup mysql-test/r/rpl_loaddata_rule_s.result: Drop tyable t1 to cleanup mysql-test/r/rpl_misc_functions.result: Drop tyable t1 to cleanup mysql-test/r/rpl_multi_update3.result: Drop tyable t1 and t2 to cleanup mysql-test/r/rpl_replicate_do.result: Drop tyable t1 to cleanup mysql-test/r/rpl_skip_error.result: Drop tyable t1 to cleanup mysql-test/r/rpl_slave_status.result: Drop tyable t1 to cleanup mysql-test/r/sp-prelocking.result: Drop view v1 and tables t1, t2, t3 and t4 to cleanup mysql-test/r/sp-security.result: Delete users to cleanup Delete remaining traces in tables_priv and procs_priv mysql-test/r/subselect_innodb.result: Drop procedure p1 to cleanup mysql-test/r/trigger-compat.result: Drop trigger wl2818_trg1 and wl2818_trg2. Drop table t1, t2 Drop database mysqltest_db1 And the users "mysqltest_dfn@localhost" and "mysqltest_inv@localhost" mysql-test/r/type_bit.result: Drop tables t1 and t2 to cleanup mysql-test/r/variables.result: Set GLOBAL max_join_size to 10 as it originally was in variables-master.opt mysql-test/r/view_grant.result: Dop user "test@localhost" to cleanup mysql-test/t/analyze.test: Drop table t1 to cleanup mysql-test/t/create_select_tmp.test: Drop table t1 to cleanup mysql-test/t/ctype_cp932.test: Drop table t1 to cleanup mysql-test/t/ctype_recoding.test: Drop table t1 to cleanup mysql-test/t/fulltext_var.test: Restore the original ft_boolean_syntax mysql-test/t/grant2.test: Drop users "mysqltest_2" and "mysqltest_A@'%'" to cleanup mysql-test/t/innodb_cache.test: Reset query_cache_size to original value mysql-test/t/join_outer.test: Drop view v1 to cleanup mysql-test/t/ps_1general.test: Drop table t1 to cleanup mysql-test/t/query_cache.test: Drop function "f1" to cleanup mysql-test/t/read_only.test: Reset the readonly flag mysql-test/t/rpl000001.test: Delete user "blafasel2" to cleanup mysql-test/t/rpl000017.test: Delete user "replicate" to cleanup mysql-test/t/rpl_failed_optimize.test: Drop table t1 to cleanup mysql-test/t/rpl_flush_tables.test: Droip table t3, t4 and t5 to cleanup mysql-test/t/rpl_ignore_revoke.test: Delet user "user_foo" to cleanup mysql-test/t/rpl_insert_id.test: drop table t1 to cleanup mysql-test/t/rpl_loaddata.test: Drop table t1 to cleanup mysql-test/t/rpl_loaddata_rule_m.test: Drop table t1 to cleanup mysql-test/t/rpl_loaddata_rule_s.test: Drop table t1 to cleanup mysql-test/t/rpl_misc_functions.test: Drop table t1 to cleanup mysql-test/t/rpl_multi_update3.test: Drop table t1 and t2 to cleanup mysql-test/t/rpl_replicate_do.test: Drop table t1 to cleanup mysql-test/t/rpl_skip_error.test: Drop table t1 to cleanup mysql-test/t/rpl_slave_status.test: Drop table t1 to cleanup mysql-test/t/sp-prelocking.test: Drop table t1, t2 t3 and t4 to cleanup Drop view v1 mysql-test/t/sp-security.test: Delete test users from mysql.user, mysql.db, mysql.procs_priv and mysql.tables_priv Drop table t1 to cleanup mysql-test/t/subselect_innodb.test: Drop procedure p1 to cleanup mysql-test/t/trigger-compat.test: Drop trigger wl2818_trg1 and wl2818_trg2 to cleanup Drop table t1, t2 Drop users drop database mysqltest_db1 mysql-test/t/type_bit.test: drop table t1 and t2 to cleanup mysql-test/t/variables-master.opt: Increase max_join_size to 100. mysql-test/t/variables.test: Set max_join_size to 10, which was the original value in variables-master.opt mysql-test/t/view_grant.test: Drop the user "test@localhost" mysql-test/include/check-testcase.test: New BitKeeper file ``mysql-test/include/check-testcase.test''
2006-01-26 17:54:34 +01:00
delete from mysql.procs_priv where user='' and host='%';
delete from mysql.db where user='user2';
flush privileges;
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
grant usage on *.* to usera@localhost;
grant usage on *.* to userb@localhost;
grant usage on *.* to userc@localhost;
create database sptest;
create table t1 ( u varchar(64), i int );
create procedure sptest.p1(i int) insert into test.t1 values (user(), i);
grant insert on t1 to usera@localhost;
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
grant execute on procedure sptest.p1 to usera@localhost;
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
show grants for usera@localhost;
Grants for usera@localhost
GRANT USAGE ON *.* TO 'usera'@'localhost'
GRANT INSERT ON `test`.`t1` TO 'usera'@'localhost'
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'usera'@'localhost'
grant execute on procedure sptest.p1 to userc@localhost with grant option;
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
show grants for userc@localhost;
Grants for userc@localhost
GRANT USAGE ON *.* TO 'userc'@'localhost'
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
call sptest.p1(1);
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
grant execute on procedure sptest.p1 to userb@localhost;
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
ERROR 42000: grant command denied to user 'usera'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
ERROR 42000: alter routine command denied to user 'usera'@'localhost' for routine 'sptest.p1'
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
call sptest.p1(2);
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
grant execute on procedure sptest.p1 to userb@localhost;
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1'
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
call sptest.p1(3);
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
grant execute on procedure sptest.p1 to userb@localhost;
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
drop procedure sptest.p1;
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
ERROR 42000: alter routine command denied to user 'userc'@'localhost' for routine 'sptest.p1'
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
call sptest.p1(4);
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
grant execute on procedure sptest.p1 to userb@localhost;
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
ERROR 42000: grant command denied to user 'userb'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1'
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
select * from t1;
u i
usera@localhost 1
userc@localhost 3
userb@localhost 4
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
grant all privileges on procedure sptest.p1 to userc@localhost;
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
show grants for userc@localhost;
Grants for userc@localhost
GRANT USAGE ON *.* TO 'userc'@'localhost'
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
show grants for userb@localhost;
Grants for userb@localhost
GRANT USAGE ON *.* TO 'userb'@'localhost'
Bug#10246 - Parser: bad syntax for GRANT EXECUTE Rename some functions more fine-grained sp privileges make grant/revoke sp grammar less ambigious mysql-test/r/sp-security.result: change test for new syntax mysql-test/r/system_mysql_db.result: change test for new syntax mysql-test/t/sp-security.test: change test for new syntax scripts/mysql_create_system_tables.sh: now store routine_type for procs_priv scripts/mysql_fix_privilege_tables.sql: now store routine_type for procs_priv sql/item_func.cc: rename of function sql/mysql_priv.h: rename of function sql/sp_head.cc: extra arg for check_some_routine_access sql/sql_acl.cc: rename of function. now handle func/proc acls seperately sql/sql_acl.h: rename of function sql/sql_parse.cc: rename of function grants for procs handled distinctly from funcs sql/sql_show.cc: check_some_routine_access extra arg sql/sql_base.cc: fix for build sql/sql_yacc.yy: fix for build
2005-05-17 20:54:20 +02:00
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userb'@'localhost'
revoke all privileges on procedure sptest.p1 from userb@localhost;
WL#925 - Privileges for stored routines Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
2004-12-23 11:46:24 +01:00
show grants for userb@localhost;
Grants for userb@localhost
GRANT USAGE ON *.* TO 'userb'@'localhost'
use test;
drop database sptest;
delete from mysql.user where user='usera' or user='userb' or user='userc';
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
Add new option "check-testcases" to mysql-test-run.pl Cleanup the sideeffects from most of the testcases with sideeffects. mysql-test/mysql-test-run.pl: Add option "check-testcases" to mysql-test-run.pl Will execute "include/check-testcase.test" once before each tescase and record the output into "var/tmp/check-testcase.result" After the teastcase it will run again and this time compare the output with previously recorded file. mysql-test/r/analyze.result: Drop table t1 at end of test mysql-test/r/create_select_tmp.result: Drop table t1 at end of test mysql-test/r/ctype_cp932.result: Drop table t1 at end of test mysql-test/r/ctype_recoding.result: Drop table t1 at end of test mysql-test/r/grant2.result: Drop user mysqltest_2 and mysqltest_A@'%' mysql-test/r/join_outer.result: Drop view v1 to cleanup mysql-test/r/ps_1general.result: Drop table t1 at end of test mysql-test/r/query_cache.result: Drop function "f1" mysql-test/r/read_only.result: Reset the "read_only" flag mysql-test/r/rpl000001.result: Remove user "blafasel2" mysql-test/r/rpl000017.result: Remove user "replicate" mysql-test/r/rpl_failed_optimize.result: Drop table t1 to cleanup mysql-test/r/rpl_flush_tables.result: Drop tables t3, t4, t5 mysql-test/r/rpl_ignore_revoke.result: Delete user "user_foo" mysql-test/r/rpl_insert_id.result: Drop table t1 to cleanup mysql-test/r/rpl_loaddata.result: Drop tyable t1 to cleanup mysql-test/r/rpl_loaddata_rule_m.result: Drop tyable t1 to cleanup mysql-test/r/rpl_loaddata_rule_s.result: Drop tyable t1 to cleanup mysql-test/r/rpl_misc_functions.result: Drop tyable t1 to cleanup mysql-test/r/rpl_multi_update3.result: Drop tyable t1 and t2 to cleanup mysql-test/r/rpl_replicate_do.result: Drop tyable t1 to cleanup mysql-test/r/rpl_skip_error.result: Drop tyable t1 to cleanup mysql-test/r/rpl_slave_status.result: Drop tyable t1 to cleanup mysql-test/r/sp-prelocking.result: Drop view v1 and tables t1, t2, t3 and t4 to cleanup mysql-test/r/sp-security.result: Delete users to cleanup Delete remaining traces in tables_priv and procs_priv mysql-test/r/subselect_innodb.result: Drop procedure p1 to cleanup mysql-test/r/trigger-compat.result: Drop trigger wl2818_trg1 and wl2818_trg2. Drop table t1, t2 Drop database mysqltest_db1 And the users "mysqltest_dfn@localhost" and "mysqltest_inv@localhost" mysql-test/r/type_bit.result: Drop tables t1 and t2 to cleanup mysql-test/r/variables.result: Set GLOBAL max_join_size to 10 as it originally was in variables-master.opt mysql-test/r/view_grant.result: Dop user "test@localhost" to cleanup mysql-test/t/analyze.test: Drop table t1 to cleanup mysql-test/t/create_select_tmp.test: Drop table t1 to cleanup mysql-test/t/ctype_cp932.test: Drop table t1 to cleanup mysql-test/t/ctype_recoding.test: Drop table t1 to cleanup mysql-test/t/fulltext_var.test: Restore the original ft_boolean_syntax mysql-test/t/grant2.test: Drop users "mysqltest_2" and "mysqltest_A@'%'" to cleanup mysql-test/t/innodb_cache.test: Reset query_cache_size to original value mysql-test/t/join_outer.test: Drop view v1 to cleanup mysql-test/t/ps_1general.test: Drop table t1 to cleanup mysql-test/t/query_cache.test: Drop function "f1" to cleanup mysql-test/t/read_only.test: Reset the readonly flag mysql-test/t/rpl000001.test: Delete user "blafasel2" to cleanup mysql-test/t/rpl000017.test: Delete user "replicate" to cleanup mysql-test/t/rpl_failed_optimize.test: Drop table t1 to cleanup mysql-test/t/rpl_flush_tables.test: Droip table t3, t4 and t5 to cleanup mysql-test/t/rpl_ignore_revoke.test: Delet user "user_foo" to cleanup mysql-test/t/rpl_insert_id.test: drop table t1 to cleanup mysql-test/t/rpl_loaddata.test: Drop table t1 to cleanup mysql-test/t/rpl_loaddata_rule_m.test: Drop table t1 to cleanup mysql-test/t/rpl_loaddata_rule_s.test: Drop table t1 to cleanup mysql-test/t/rpl_misc_functions.test: Drop table t1 to cleanup mysql-test/t/rpl_multi_update3.test: Drop table t1 and t2 to cleanup mysql-test/t/rpl_replicate_do.test: Drop table t1 to cleanup mysql-test/t/rpl_skip_error.test: Drop table t1 to cleanup mysql-test/t/rpl_slave_status.test: Drop table t1 to cleanup mysql-test/t/sp-prelocking.test: Drop table t1, t2 t3 and t4 to cleanup Drop view v1 mysql-test/t/sp-security.test: Delete test users from mysql.user, mysql.db, mysql.procs_priv and mysql.tables_priv Drop table t1 to cleanup mysql-test/t/subselect_innodb.test: Drop procedure p1 to cleanup mysql-test/t/trigger-compat.test: Drop trigger wl2818_trg1 and wl2818_trg2 to cleanup Drop table t1, t2 Drop users drop database mysqltest_db1 mysql-test/t/type_bit.test: drop table t1 and t2 to cleanup mysql-test/t/variables-master.opt: Increase max_join_size to 100. mysql-test/t/variables.test: Set max_join_size to 10, which was the original value in variables-master.opt mysql-test/t/view_grant.test: Drop the user "test@localhost" mysql-test/include/check-testcase.test: New BitKeeper file ``mysql-test/include/check-testcase.test''
2006-01-26 17:54:34 +01:00
delete from mysql.tables_priv where user='usera';
flush privileges;
drop table t1;
fixed environment restoring in case of error during SP function execution (BUG#9503) #define macro improvement mysql-test/r/sp-security.result: BUG#9503: reseting correct parameters of thread after error in SP function mysql-test/t/sp-security.test: BUG#9503: reseting correct parameters of thread after error in SP function sql/item_func.cc: fixed environment restoring in case of error during SP function execution sql/protocol.cc: added debug print sql/sql_class.h: fixed #defines to force them to be alvaise in piar, and variable name made more complex for accident repeating in other code
2005-06-23 17:29:10 +02:00
drop function if exists bug_9503;
create database mysqltest//
use mysqltest//
create table t1 (s1 int)//
grant select on t1 to user1@localhost//
create function bug_9503 () returns int sql security invoker begin declare v int;
select min(s1) into v from t1; return v; end//
use mysqltest;
select bug_9503();
ERROR 42000: execute command denied to user 'user1'@'localhost' for routine 'mysqltest.bug_9503'
grant execute on function bug_9503 to user1@localhost;
do 1;
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
drop function bug_9503;
use test;
drop database mysqltest;
stop evaluation constant functions in WHERE (BUG#4663) correct value of CURRENT_USER() in SP with "security definer" (BUG#7291) BitKeeper/etc/config: switch off open logging mysql-test/r/sp-security.result: correct value from current_user() in function run from "security definer" mysql-test/r/view.result: evaluation constant functions in WHERE (BUG#4663) mysql-test/t/sp-security.test: correct value from current_user() in function run from "security definer" mysql-test/t/view.test: evaluation constant functions in WHERE (BUG#4663) sql/item.cc: Item_static_string_func creation if it is need sql/item.h: support of Item_static_string_func creation sql/item_cmpfunc.cc: do not evaluate items during view creation sql/item_create.cc: create Item_func_user sql/item_strfunc.cc: Item_func_sysconst in case of converting value still have to correctly print itself => use Item_static_string_func instead of Item_string Item_func_user return USER() or CURRENT_USER() sql/item_strfunc.h: support of correct charset conversion procedure in Item_func_sysconst sql/sql_class.h: new method sql/sql_yacc.yy: Item_func_user now support both USER() and CURRENT_USER(), so we have to pass parametr what it is
2005-07-15 23:01:44 +02:00
use test;
select current_user();
current_user()
root@localhost
select user();
user()
root@localhost
create procedure bug7291_0 () sql security invoker select current_user(), user();
create procedure bug7291_1 () sql security definer call bug7291_0();
create procedure bug7291_2 () sql security invoker call bug7291_0();
grant execute on procedure bug7291_0 to user1@localhost;
grant execute on procedure bug7291_1 to user1@localhost;
grant execute on procedure bug7291_2 to user1@localhost;
call bug7291_2();
current_user() user()
user1@localhost user1@localhost
call bug7291_1();
current_user() user()
root@localhost user1@localhost
drop procedure bug7291_1;
drop procedure bug7291_2;
drop procedure bug7291_0;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
drop user user1@localhost;
Avoid spurious error when restoring INFORMATION_SCHEMA as the current database after failing to execute a stored procedure in an inaccessible database. (Bug #12318) mysql-test/r/sp-security.result: Update results mysql-test/t/sp-security.test: Add regression test sql/mysql_priv.h: Add additional argument to mysql_change_db() sql/sp.cc: Use mysql_change_db(), get rid of sp_change_db(). sql/sp.h: Get rid of sp_change_db(). sql/sql_db.cc: Handle no_access_check flag to mysql_change_db, and remove the send_ok() call. sql/sql_parse.cc: Add extra argument to mysql_change_db(), and call send_ok() after successful calls to same (since it no longer does it for us).
2005-08-12 02:04:16 +02:00
drop database if exists mysqltest_1;
create database mysqltest_1;
create procedure mysqltest_1.p1()
begin
select 1 from dual;
end//
grant usage on *.* to mysqltest_1@localhost;
call mysqltest_1.p1();
ERROR 42000: execute command denied to user 'mysqltest_1'@'localhost' for routine 'mysqltest_1.p1'
Fixes during review of new pushed code Fixed new bug when running a SP without a default database mysql-test/r/information_schema.result: Added test to cover changes made in default handling mysql-test/r/sp-security.result: Added test when executing SP without a default database mysql-test/t/information_schema.test: Added test to cover changes made in default handling mysql-test/t/sp-security.test: Added test when executing SP without a default database sql/item_strfunc.cc: Removed wrong push sql/mysqld.cc: Indentation fix sql/sql_base.cc: Use share->db instead of share->table_cache_key Remove assert that can never fail (because of test in previous row) sql/sql_db.cc: Allow empty database name when called from SP (To allow on run without a default database) sql/sql_parse.cc: Added comment sql/sql_show.cc: Indentation fixes Simplified code by checking for 'wrong' condition first and doing continue instead of going down one level Simplified precision and decimal handling
2005-08-20 10:00:00 +02:00
call mysqltest_1.p1();
ERROR 42000: execute command denied to user 'mysqltest_1'@'localhost' for routine 'mysqltest_1.p1'
Avoid spurious error when restoring INFORMATION_SCHEMA as the current database after failing to execute a stored procedure in an inaccessible database. (Bug #12318) mysql-test/r/sp-security.result: Update results mysql-test/t/sp-security.test: Add regression test sql/mysql_priv.h: Add additional argument to mysql_change_db() sql/sp.cc: Use mysql_change_db(), get rid of sp_change_db(). sql/sp.h: Get rid of sp_change_db(). sql/sql_db.cc: Handle no_access_check flag to mysql_change_db, and remove the send_ok() call. sql/sql_parse.cc: Add extra argument to mysql_change_db(), and call send_ok() after successful calls to same (since it no longer does it for us).
2005-08-12 02:04:16 +02:00
drop procedure mysqltest_1.p1;
drop database mysqltest_1;
revoke usage on *.* from mysqltest_1@localhost;
drop user mysqltest_1@localhost;
sp-security.result, sp.result, sp-security.test, sp.test: Test for bug#12812 moved from sp.test to sp-security.test mysql-test/t/sp.test: Test for bug#12812 moved from sp.test to sp-security.test mysql-test/t/sp-security.test: Test for bug#12812 moved from sp.test to sp-security.test mysql-test/r/sp.result: Test for bug#12812 moved from sp.test to sp-security.test mysql-test/r/sp-security.result: Test for bug#12812 moved from sp.test to sp-security.test
2005-10-16 20:47:19 +02:00
drop function if exists bug12812|
create function bug12812() returns char(2)
begin
return 'ok';
end;
create user user_bug12812@localhost IDENTIFIED BY 'ABC'|
SELECT test.bug12812()|
ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine 'test.bug12812'
CREATE VIEW v1 AS SELECT test.bug12812()|
ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine 'test.bug12812'
DROP USER user_bug12812@localhost|
drop function bug12812|
Fixed BUG#14834: Server denies to execute Stored Procedure The problem was that databases with '_' in the name did not match a correct ACL with a literal '_' (i.e. '\_') in the db name, only identical strings matched. The fix makes this work, and also ACLs with wildcards in the db name work. mysql-test/r/sp-security.result: New test case for BUG#14834 mysql-test/t/sp-security.test: New test case for BUG#14834 sql/sql_acl.cc: Match wild db:s in ACL in acl_getroot_no_password() (used for "suid" security context switching when invoking stored routines)
2005-12-15 15:23:16 +01:00
create database db_bug14834;
create user user1_bug14834@localhost identified by '';
grant all on `db\_bug14834`.* to user1_bug14834@localhost;
create user user2_bug14834@localhost identified by '';
grant all on `db\_bug14834`.* to user2_bug14834@localhost;
create user user3_bug14834@localhost identified by '';
grant all on `db__ug14834`.* to user3_bug14834@localhost;
create procedure p_bug14834() select user(), current_user();
call p_bug14834();
user() current_user()
user1_bug14834@localhost user1_bug14834@localhost
call p_bug14834();
user() current_user()
user2_bug14834@localhost user1_bug14834@localhost
call p_bug14834();
user() current_user()
user3_bug14834@localhost user1_bug14834@localhost
drop user user1_bug14834@localhost;
drop user user2_bug14834@localhost;
drop user user3_bug14834@localhost;
drop database db_bug14834;
Reference in a new issue Copy permalink