WL#925 - Privileges for stored routines

Implement fine-grained control over access to stored procedures
  Privileges are cached (same way as existing table/column privs)
  


mysql-test/include/system_db_struct.inc:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
mysql-test/r/connect.result:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
mysql-test/r/grant.result:
  WL#925 - Privileges for stored routines
    user table has additional privilege attributes
    SHOW PRIVILEGES amended
mysql-test/r/grant2.result:
  Fix result
mysql-test/r/information_schema.result:
  WL#925 - Privileges for stored routines
    New system table procs_priv
    New user privileges
mysql-test/r/show_check.result:
  Fix result
mysql-test/r/sp-security.result:
  WL#925 - Privileges for stored routines
    Fix existing tests to work with new privileges
    New tests for new privileges
mysql-test/r/sp.result:
  WL#925 - Privileges for stored routines
    Fix SHOW PRIVILEGES results
mysql-test/r/system_mysql_db.result:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
    user and db tables have new privilege attributes
mysql-test/t/grant2.test:
  Fix test
mysql-test/t/show_check.test:
  Fix test
mysql-test/t/sp-security.test:
  WL#925 - Privileges for stored routines
    Allow existing tests to run with new privilege checks
    New tests for privileges
mysql-test/t/system_mysql_db_fix.test:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
scripts/mysql_create_system_tables.sh:
  WL#925 - Privileges for stored routines
    db and user has new privilege attributes
    new system table: procs_priv
scripts/mysql_fix_privilege_tables.sql:
  WL#925 - Privileges for stored routines
    new system table: procs_priv
scripts/mysql_install_db.sh:
  WL#925 - Privileges for stored routines
    Amend comment
sql/item_func.cc:
  WL#925 - Privileges for stored routines
    Privilege check for stored FUNCTION routine
sql/lex.h:
  WL#925 - Privileges for stored routines
    new token ROUTINE
sql/mysql_priv.h:
  WL#925 - Privileges for stored routines
    New function: check_procedure_access()
sql/mysqld.cc:
  WL#925 - Privileges for stored routines
    system option automatic-sp-privileges
sql/set_var.cc:
  WL#925 - Privileges for stored routines
    system option automatic-sp-privileges
sql/share/errmsg.txt:
  WL#925 - Privileges for stored routines
    rename errormessage to conform:
      ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR
    New error messages
      ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL
sql/sp.cc:
  WL#925 - Privileges for stored routines
    new function: sp_exists_routine()
sql/sp.h:
  WL#925 - Privileges for stored routines
    new function: sp_exists_routine()
sql/sql_acl.cc:
  WL#925 - Privileges for stored routines
    Implementation for SP privileges.
    Privileges are cached in memory hash.
    New functions:
      mysql_procedure_grant()
      check_grant_procedure()
      sp_revoke_privileges()
      sp_grant_privileges()
sql/sql_acl.h:
  WL#925 - Privileges for stored routines
    New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL
    Alter confusing bit-segments to be shifted
    New macros: fix_rights_for_procedure() get_rights_for_procedure()
    New functions:
      mysql_procedure_grant()
      check_grant_procedure()
      sp_grant_privileges()
      sp_revoke_privileges()
sql/sql_lex.h:
  WL#925 - Privileges for stored routines
    new all_privileges attribute in LEX
sql/sql_parse.cc:
  WL#925 - Privileges for stored routines
    Remove function: check_sp_definer_access()
    Add handling for SP grants/revokes
    Add privilege checks for stored procedure invocation
sql/sql_show.cc:
  WL#925 - Privileges for stored routines
    update result for SHOW PRIVILEGES
sql/sql_yacc.yy:
  WL#925 - Privileges for stored routines
    New token ROUTINE
    rename some rules
    handle CREATE ROUTINE / ALTER ROUTINE privileges

scripts/mysql_create_system_tables.sh

@@ -41,7 +41,7 @@ c_hk=""
 i_ht=""
 c_tzn="" c_tz="" c_tzt="" c_tztt="" c_tzls=""
 i_tzn="" i_tz="" i_tzt="" i_tztt="" i_tzls=""
-c_p=""
+c_p="" c_pp=""
 
 # Check for old tables
 if test ! -f $mdata/db.frm
@@ -69,14 +69,17 @@ then
   c_d="$c_d   Lock_tables_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_d="$c_d   Create_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_d="$c_d   Show_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
+  c_d="$c_d   Create_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
+  c_d="$c_d   Alter_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
+  c_d="$c_d   Execute_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_d="$c_d PRIMARY KEY Host (Host,Db,User),"
   c_d="$c_d KEY User (User)"
   c_d="$c_d ) engine=MyISAM"
   c_d="$c_d CHARACTER SET utf8 COLLATE utf8_bin"
   c_d="$c_d comment='Database privileges';"
   
-  i_d="INSERT INTO db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y');
-  INSERT INTO db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y');"
+  i_d="INSERT INTO db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N');
+  INSERT INTO db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N');"
 fi
 
 if test ! -f $mdata/host.frm
@@ -141,6 +144,8 @@ then
   c_u="$c_u   Repl_client_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_u="$c_u   Create_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_u="$c_u   Show_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
+  c_u="$c_u   Create_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
+  c_u="$c_u   Alter_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_u="$c_u   ssl_type enum('','ANY','X509', 'SPECIFIED') DEFAULT '' NOT NULL,"
   c_u="$c_u   ssl_cipher BLOB NOT NULL,"
   c_u="$c_u   x509_issuer BLOB NOT NULL,"
@@ -155,24 +160,24 @@ then
 
   if test "$1" = "test" 
   then
-    i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
-    INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
-    REPLACE INTO user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+    i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+    INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+    REPLACE INTO user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
     INSERT INTO user (host,user) values ('localhost','');
     INSERT INTO user (host,user) values ('$hostname','');"
   else
-    i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);"
+    i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);"
     if test "$windows" = "0"
     then
       i_u="$i_u
-           INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+           INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
            INSERT INTO user (host,user) values ('$hostname','');
            INSERT INTO user (host,user) values ('localhost','');"
     else
       i_u="$i_u
-	   INSERT INTO user VALUES ('%','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
-	   INSERT INTO user VALUES ('localhost','','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
-	   INSERT INTO user VALUES ('%','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','','','','',0,0,0);"
+	   INSERT INTO user VALUES ('%','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+	   INSERT INTO user VALUES ('localhost','','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+	   INSERT INTO user VALUES ('%','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','','','','',0,0,0);"
     fi
   fi 
 fi
@@ -236,6 +241,27 @@ then
   c_c="$c_c   comment='Column privileges';"
 fi
 
+if test ! -f $mdata/procs_priv.frm
+then
+  if test "$1" = "verbose" ; then
+    echo "Preparing procs_priv table" 1>&2;
+  fi
+
+  c_pp="$c_pp CREATE TABLE procs_priv ("
+  c_pp="$c_pp   Host char(60) binary DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   Db char(64) binary DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   User char(16) binary DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   Routine_name char(64) binary DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   Grantor char(77) DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   Timestamp timestamp(14),"
+  c_pp="$c_pp   Proc_priv set('Execute','Alter Routine','Grant') DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   PRIMARY KEY (Host,Db,User,Routine_name),"
+  c_pp="$c_pp   KEY Grantor (Grantor)"
+  c_pp="$c_pp ) engine=MyISAM"
+  c_pp="$c_pp CHARACTER SET utf8 COLLATE utf8_bin"
+  c_pp="$c_pp   comment='Procedure privileges';"
+fi
+
 if test ! -f $mdata/help_topic.frm
 then
   if test "$1" = "verbose" ; then
@@ -718,6 +744,7 @@ $c_tzls
 $i_tzls
 
 $c_p
+$c_pp
 
 END_OF_DATA