Fixed BUG#6030: Stored procedure has no appropriate DROP privilege.

...and no ALTER privilege either.
  For now, only the definer and root can drop or alter an SP.


include/mysqld_error.h:
  New access denied error code when dropping/altering stored procedures.
include/sql_state.h:
  New access denied error code when dropping/altering stored procedures.
mysql-test/r/sp-error.result:
  Removed warning for "unitialized variable", as this popped up in unexpected
  places after the access control for drop/alter SPs was added. (And the warning
  was wrong and planned to be removed anyway.)
mysql-test/r/sp-security.result:
  Added tests for access control on who's allowed to drop and alter SPs.
mysql-test/r/sp.result:
  Updated results. (Warning removed.)
mysql-test/t/sp-error.test:
  Removed warning for "unitialized variable", as this popped up in unexpected
  places after the access control for drop/alter SPs was added. (And the warning
  was wrong and planned to be removed anyway.)
mysql-test/t/sp-security.test:
  Added tests for access control on who's allowed to drop and alter SPs.
sql/share/czech/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/danish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/dutch/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/english/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/estonian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/french/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/german/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/greek/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/hungarian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/italian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/japanese/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/korean/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/norwegian-ny/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/norwegian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/polish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/portuguese/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/romanian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/russian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/serbian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/slovak/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/spanish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/swedish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/ukrainian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/sql_parse.cc:
  Added minimal access control for DROP/ALTER PROCEDURE/FUNCTION. Only the definer
  and root are allowed to do this.
sql/sql_yacc.yy:
  Removed warning for "unitialized variable", as this popped up in unexpected
  places after the access control for drop/alter SPs was added. (And the warning
  was wrong and planned to be removed anyway.)

include/mysqld_error.h

@@ -386,4 +386,5 @@
 #define ER_ILLEGAL_VALUE_FOR_TYPE 1367
 #define ER_VIEW_NONUPD_CHECK 1368
 #define ER_VIEW_CHECK_FAILED 1369
-#define ER_ERROR_MESSAGES 370
+#define ER_SP_ACCESS_DENIED_ERROR 1370
+#define ER_ERROR_MESSAGES 371

include/sql_state.h

@@ -203,3 +203,4 @@ ER_SP_CURSOR_AFTER_HANDLER,     "42000", "",
 ER_SP_CASE_NOT_FOUND,           "20000", "",
 ER_DIVISION_BY_ZERO,		"22012", "",
 ER_ILLEGAL_VALUE_FOR_TYPE,	"22007", "",
+ER_SP_ACCESS_DENIED_ERROR,      "42000", "",

mysql-test/r/sp-error.result

@@ -115,14 +115,6 @@ foo: loop
 set @x=2;
 end loop bar|
 ERROR 42000: End-label bar without match
-create procedure foo(out x int)
-begin
-declare y int;
-set x = y;
-end|
-Warnings:
-Warning	1311	Referring to uninitialized variable y
-drop procedure foo|
 create procedure foo()
 return 42|
 ERROR 42000: RETURN is only allowed in a FUNCTION

mysql-test/r/sp-security.result

@@ -107,13 +107,20 @@ s1
 0
 2
 2
+alter procedure p modifies sql data;
+drop procedure p;
+alter procedure q modifies sql data;
+ERROR 42000: Access denied; you are not the procedure/function definer of 'db2.q'
+drop procedure q;
+ERROR 42000: Access denied; you are not the procedure/function definer of 'db2.q'
+use db2;
+alter procedure q modifies sql data;
+drop procedure q;
 use test;
 select type,db,name from mysql.proc;
 type	db	name
 FUNCTION	db1_secret	db
 PROCEDURE	db1_secret	stamp
-PROCEDURE	db2	p
-PROCEDURE	db2	q
 drop database db1_secret;
 drop database db2;
 select type,db,name from mysql.proc;

mysql-test/r/sp.result

@@ -1843,13 +1843,9 @@ begin
 declare v char;
 return v;
 end|
-Warnings:
-Warning	1311	Referring to uninitialized variable v
 select bug4487()|
 bug4487()
 NULL
-Warnings:
-Warning	1311	Referring to uninitialized variable v
 drop function bug4487|
 drop procedure if exists bug4941|
 create procedure bug4941(out x int)

mysql-test/t/sp-error.test

@@ -156,14 +156,6 @@ foo: loop
   set @x=2;
 end loop bar|
 
-# Referring to undef variable
-create procedure foo(out x int)
-begin
-  declare y int;
-  set x = y;
-end|
-drop procedure foo|
-
 # RETURN in FUNCTION only
 --error 1313
 create procedure foo()

mysql-test/t/sp-security.test

@@ -180,8 +180,32 @@ use db2;
 call q();
 select * from t2;
 
-# Clean up
+
+#
+# BUG#6030: Stored procedure has no appropriate DROP privilege
+# (or ALTER for that matter)
+
+# still connection con2user1 in db2
+
+# This should work:
+alter procedure p modifies sql data;
+drop procedure p;
+
+# This should NOT work
+--error 1370
+alter procedure q modifies sql data;
+--error 1370
+drop procedure q;
+
 connection con1root;
+use db2;
+# But root always can
+alter procedure q modifies sql data;
+drop procedure q;
+
+
+# Clean up
+#Still connection con1root;
 use test;
 select type,db,name from mysql.proc;
 drop database db1_secret;

sql/share/czech/errmsg.txt

@@ -398,3 +398,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/danish/errmsg.txt

@@ -389,3 +389,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/dutch/errmsg.txt

@@ -398,3 +398,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/english/errmsg.txt

@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/estonian/errmsg.txt

@@ -391,3 +391,4 @@ character-set=latin7
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/french/errmsg.txt

@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/german/errmsg.txt

@@ -399,3 +399,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/greek/errmsg.txt

@@ -386,3 +386,4 @@ character-set=greek
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/hungarian/errmsg.txt

@@ -391,3 +391,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/italian/errmsg.txt

@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/japanese/errmsg.txt

@@ -390,3 +390,4 @@ character-set=ujis
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/korean/errmsg.txt

@@ -386,3 +386,4 @@ character-set=euckr
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/norwegian-ny/errmsg.txt

@@ -388,3 +388,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/norwegian/errmsg.txt

@@ -388,3 +388,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/polish/errmsg.txt

@@ -391,3 +391,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/portuguese/errmsg.txt

@@ -388,3 +388,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/romanian/errmsg.txt

@@ -391,3 +391,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/russian/errmsg.txt

@@ -391,3 +391,4 @@ character-set=koi8r
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION ÄÌÑ ÎÅÏÂÎÏ×ÌÑÅÍÏÇÏ VIEW '%-.64s.%-.64s'"
 "ÐÒÏ×ÅÒËÁ CHECK OPTION ÄÌÑ VIEW '%-.64s.%-.64s' ÐÒÏ×ÁÌÉÌÁÓØ"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/serbian/errmsg.txt

@@ -379,3 +379,4 @@ character-set=cp1250
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/slovak/errmsg.txt

@@ -394,3 +394,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/spanish/errmsg.txt

@@ -390,3 +390,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/swedish/errmsg.txt

@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/share/ukrainian/errmsg.txt

@@ -392,3 +392,4 @@ character-set=koi8u
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION ÄÌÑ VIEW '%-.64s.%-.64s' ÝÏ ÎÅ ÍÏÖÅ ÂÕÔÉ ÏÎÏ×ÌÅÎÎÉÍ"
 "ÐÅÒÅצÒËÁ CHECK OPTION ÄÌÑ VIEW '%-.64s.%-.64s' ÎÅ ÐÒÏÊÛÌÁ"
+"Access denied; you are not the procedure/function definer of '%s'"

sql/sql_parse.cc

@@ -69,6 +69,7 @@ static void remove_escape(char *name);
 static void refresh_status(void);
 static bool append_file_to_dir(THD *thd, const char **filename_ptr,
 			       const char *table_name);
+static bool check_sp_definer_access(THD *thd, sp_head *sp);
 
 const char *any_db="*any*";	// Special symbol for check_access
 
@@ -3765,11 +3766,30 @@ purposes internal to the MySQL server", MYF(0));
   case SQLCOM_ALTER_PROCEDURE:
   case SQLCOM_ALTER_FUNCTION:
     {
-      res= -1;
+      sp_head *sp;
+      st_sp_chistics chistics;
+
+      memcpy(&chistics, &lex->sp_chistics, sizeof(chistics));
       if (lex->sql_command == SQLCOM_ALTER_PROCEDURE)
-	res= sp_update_procedure(thd, lex->spname, &lex->sp_chistics);
+	sp= sp_find_procedure(thd, lex->spname);
       else
-	res= sp_update_function(thd, lex->spname, &lex->sp_chistics);
+	sp= sp_find_function(thd, lex->spname);
+      mysql_reset_errors(thd);
+      if (! sp)
+	res= SP_KEY_NOT_FOUND;
+      else
+      {
+	if (check_sp_definer_access(thd, sp))
+	{
+	  res= -1;
+	  break;
+	}
+	memcpy(&lex->sp_chistics, &chistics, sizeof(lex->sp_chistics));
+	if (lex->sql_command == SQLCOM_ALTER_PROCEDURE)
+	  res= sp_update_procedure(thd, lex->spname, &lex->sp_chistics);
+	else
+	  res= sp_update_function(thd, lex->spname, &lex->sp_chistics);
+      }
       switch (res)
       {
       case SP_OK:
@@ -3789,28 +3809,45 @@ purposes internal to the MySQL server", MYF(0));
   case SQLCOM_DROP_PROCEDURE:
   case SQLCOM_DROP_FUNCTION:
     {
+      sp_head *sp;
+
       if (lex->sql_command == SQLCOM_DROP_PROCEDURE)
-	res= sp_drop_procedure(thd, lex->spname);
+	sp= sp_find_procedure(thd, lex->spname);
+      else
+	sp= sp_find_function(thd, lex->spname);
+      mysql_reset_errors(thd);
+      if (! sp)
+	res= SP_KEY_NOT_FOUND;
       else
       {
-	res= sp_drop_function(thd, lex->spname);
-#ifdef HAVE_DLOPEN
-	if (res == SP_KEY_NOT_FOUND)
+	if (check_sp_definer_access(thd, sp))
 	{
-	  udf_func *udf = find_udf(lex->spname->m_name.str,
-				   lex->spname->m_name.length);
-	  if (udf)
+	  res= -1;
+	  break;
+	}
+	if (lex->sql_command == SQLCOM_DROP_PROCEDURE)
+	  res= sp_drop_procedure(thd, lex->spname);
+	else
+	{
+	  res= sp_drop_function(thd, lex->spname);
+#ifdef HAVE_DLOPEN
+	  if (res == SP_KEY_NOT_FOUND)
 	  {
-	    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0))
-	      goto error;
-	    if (!(res = mysql_drop_function(thd,&lex->spname->m_name)))
+	    udf_func *udf = find_udf(lex->spname->m_name.str,
+				     lex->spname->m_name.length);
+	    if (udf)
 	    {
-	      send_ok(thd);
-	      break;
+	      if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0))
+		goto error;
+	      if (!(res = mysql_drop_function(thd,&lex->spname->m_name)))
+	      {
+		send_ok(thd);
+		break;
+	      }
 	    }
 	  }
-	}
 #endif
+	}
       }
       switch (res)
       {
@@ -4269,6 +4306,41 @@ static bool check_db_used(THD *thd,TABLE_LIST *tables)
   return FALSE;
 }
 
+
+/*
+  Check if the given SP is owned by thd->priv_user/host, or priv_user is root.
+  QQ This is not quite complete, but it will do as a basic security check
+     for now. The question is exactly which rights should 'root' have?
+     Should root have access regardless of host for instance?
+
+  SYNOPSIS
+    check_sp_definer_access()
+    thd		 Thread handler
+    sp           The SP pointer
+
+  RETURN
+    0  ok
+    1  error     Error message has been sent
+*/
+
+static bool
+check_sp_definer_access(THD *thd, sp_head *sp)
+{
+  LEX_STRING *usr, *hst;
+
+  if (strcmp("root", thd->priv_user) == 0)
+    return FALSE;		/* QQ Any root is ok now */
+  usr= &sp->m_definer_user;
+  hst= &sp->m_definer_host;
+  if (strncmp(thd->priv_user, usr->str, usr->length) == 0 &&
+      strncmp(thd->priv_host, hst->str, hst->length) == 0)
+    return FALSE;		/* Both user and host must match */
+
+  my_error(ER_SP_ACCESS_DENIED_ERROR, MYF(0), sp->m_qname.str);
+  return TRUE;			/* Not definer or root */
+}
+
+
 /****************************************************************************
 	Check stack size; Send error if there isn't enough stack to continue
 ****************************************************************************/

sql/sql_yacc.yy

@@ -6495,12 +6495,6 @@ simple_ident:
 
 	  if (spc && (spv = spc->find_pvar(&$1)))
 	  { /* We're compiling a stored procedure and found a variable */
-	    if (lex->sql_command != SQLCOM_CALL && ! spv->isset)
-	    {
-	      push_warning_printf(YYTHD, MYSQL_ERROR::WARN_LEVEL_WARN,
-	                          ER_SP_UNINIT_VAR, ER(ER_SP_UNINIT_VAR),
-				  $1.str);
-	    }
 	    $$ = (Item*) new Item_splocal($1, spv->offset);
             lex->variables_used= 1;
 	    lex->safe_to_cache_query=0;