mirror of
https://github.com/MariaDB/server.git
synced 2025-01-19 13:32:33 +01:00
13 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
unknown
|
31c4511d17 | post-merge | ||
|
unknown
|
09ce0b330b |
WL#925 - Privileges for stored routines
Implement fine-grained control over access to stored procedures
Privileges are cached (same way as existing table/column privs)
mysql-test/include/system_db_struct.inc:
WL#925 - Privileges for stored routines
New system table: procs_priv
mysql-test/r/connect.result:
WL#925 - Privileges for stored routines
New system table: procs_priv
mysql-test/r/grant.result:
WL#925 - Privileges for stored routines
user table has additional privilege attributes
SHOW PRIVILEGES amended
mysql-test/r/grant2.result:
Fix result
mysql-test/r/information_schema.result:
WL#925 - Privileges for stored routines
New system table procs_priv
New user privileges
mysql-test/r/show_check.result:
Fix result
mysql-test/r/sp-security.result:
WL#925 - Privileges for stored routines
Fix existing tests to work with new privileges
New tests for new privileges
mysql-test/r/sp.result:
WL#925 - Privileges for stored routines
Fix SHOW PRIVILEGES results
mysql-test/r/system_mysql_db.result:
WL#925 - Privileges for stored routines
New system table: procs_priv
user and db tables have new privilege attributes
mysql-test/t/grant2.test:
Fix test
mysql-test/t/show_check.test:
Fix test
mysql-test/t/sp-security.test:
WL#925 - Privileges for stored routines
Allow existing tests to run with new privilege checks
New tests for privileges
mysql-test/t/system_mysql_db_fix.test:
WL#925 - Privileges for stored routines
New system table: procs_priv
scripts/mysql_create_system_tables.sh:
WL#925 - Privileges for stored routines
db and user has new privilege attributes
new system table: procs_priv
scripts/mysql_fix_privilege_tables.sql:
WL#925 - Privileges for stored routines
new system table: procs_priv
scripts/mysql_install_db.sh:
WL#925 - Privileges for stored routines
Amend comment
sql/item_func.cc:
WL#925 - Privileges for stored routines
Privilege check for stored FUNCTION routine
sql/lex.h:
WL#925 - Privileges for stored routines
new token ROUTINE
sql/mysql_priv.h:
WL#925 - Privileges for stored routines
New function: check_procedure_access()
sql/mysqld.cc:
WL#925 - Privileges for stored routines
system option automatic-sp-privileges
sql/set_var.cc:
WL#925 - Privileges for stored routines
system option automatic-sp-privileges
sql/share/errmsg.txt:
WL#925 - Privileges for stored routines
rename errormessage to conform:
ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR
New error messages
ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL
sql/sp.cc:
WL#925 - Privileges for stored routines
new function: sp_exists_routine()
sql/sp.h:
WL#925 - Privileges for stored routines
new function: sp_exists_routine()
sql/sql_acl.cc:
WL#925 - Privileges for stored routines
Implementation for SP privileges.
Privileges are cached in memory hash.
New functions:
mysql_procedure_grant()
check_grant_procedure()
sp_revoke_privileges()
sp_grant_privileges()
sql/sql_acl.h:
WL#925 - Privileges for stored routines
New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL
Alter confusing bit-segments to be shifted
New macros: fix_rights_for_procedure() get_rights_for_procedure()
New functions:
mysql_procedure_grant()
check_grant_procedure()
sp_grant_privileges()
sp_revoke_privileges()
sql/sql_lex.h:
WL#925 - Privileges for stored routines
new all_privileges attribute in LEX
sql/sql_parse.cc:
WL#925 - Privileges for stored routines
Remove function: check_sp_definer_access()
Add handling for SP grants/revokes
Add privilege checks for stored procedure invocation
sql/sql_show.cc:
WL#925 - Privileges for stored routines
update result for SHOW PRIVILEGES
sql/sql_yacc.yy:
WL#925 - Privileges for stored routines
New token ROUTINE
rename some rules
handle CREATE ROUTINE / ALTER ROUTINE privileges
|
||
|
unknown
|
46ce3d0092 |
merge
mysql-test/r/sp-security.result: Auto merged mysql-test/r/sp.result: Auto merged mysql-test/t/sp-security.test: Auto merged mysql-test/t/sp.test: Auto merged sql/log_event.cc: Auto merged sql/set_var.cc: Auto merged sql/sp.cc: Auto merged sql/sp_rcontext.cc: Auto merged sql/sql_base.cc: Auto merged sql/sql_insert.cc: Auto merged sql/sql_load.cc: Auto merged sql/sql_yacc.yy: Auto merged |
||
|
unknown
|
a50cd5c53d |
Fixed BUG#6030: Stored procedure has no appropriate DROP privilege.
...and no ALTER privilege either. For now, only the definer and root can drop or alter an SP. include/mysqld_error.h: New access denied error code when dropping/altering stored procedures. include/sql_state.h: New access denied error code when dropping/altering stored procedures. mysql-test/r/sp-error.result: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.) mysql-test/r/sp-security.result: Added tests for access control on who's allowed to drop and alter SPs. mysql-test/r/sp.result: Updated results. (Warning removed.) mysql-test/t/sp-error.test: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.) mysql-test/t/sp-security.test: Added tests for access control on who's allowed to drop and alter SPs. sql/share/czech/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/danish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/dutch/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/english/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/estonian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/french/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/german/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/greek/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/hungarian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/italian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/japanese/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/korean/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/norwegian-ny/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/norwegian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/polish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/portuguese/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/romanian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/russian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/serbian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/slovak/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/spanish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/swedish/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/share/ukrainian/errmsg.txt: New access denied error message when dropping/altering stored procedures. sql/sql_parse.cc: Added minimal access control for DROP/ALTER PROCEDURE/FUNCTION. Only the definer and root are allowed to do this. sql/sql_yacc.yy: Removed warning for "unitialized variable", as this popped up in unexpected places after the access control for drop/alter SPs was added. (And the warning was wrong and planned to be removed anyway.) |
||
|
unknown
|
066c90563a |
errors without code removed
net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed (WL#2133) include/mysqld_error.h: new errors added. mysql-test/r/rpl_charset.result: new error mysql-test/r/rpl_timezone.result: new error mysql-test/r/sp-security.result: more clean error message mysql-test/r/sp.result: now error state intercepted correctly mysql-test/t/connect.test: new error message mysql-test/t/rpl_charset.test: new error message mysql-test/t/rpl_timezone.test: new error mysql-test/t/sp-security.test: more correct error handling mysql-test/t/sp.test: now error state intercepted correctly sql/ha_innodb.cc: -1/1 (sent/unsent) error reporting removed sql/ha_innodb.h: -1/1 (sent/unsent) error reporting removed sql/item.cc: only boolean values should be returned by fix_fields() sql/item_cmpfunc.cc: only boolean values should be returned by fix_fields() sql/item_func.cc: only boolean values should be returned by fix_fields() net_printf/send_error calls replaced by my_error family functions sql/item_row.cc: only boolean values should be returned by fix_fields() sql/item_subselect.cc: only boolean values should be returned by fix_fields() -1/1 (sent/unsent) error reporting removed sql/item_subselect.h: -1/1 (sent/unsent) error reporting removed sql/item_sum.cc: only boolean values should be returned by fix_fields() sql/item_timefunc.cc: only boolean values should be returned by fix_fields() sql/item_uniq.h: only boolean values should be returned by fix_fields() sql/mysql_priv.h: -1/1 (sent/unsent) error reporting removed sql/mysqld.cc: net_printf/send_error calls replaced by my_error family functions changes in my_message_sql to support error handling correctly sql/protocol.cc: net_printf/send_error calls replaced by my_error family functions sql/protocol_cursor.cc: net_printf/send_error calls replaced by my_error family functions sql/repl_failsafe.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/repl_failsafe.h: -1/1 (sent/unsent) error reporting removed sql/set_var.cc: net_printf/send_error calls replaced by my_error family functions sql/share/czech/errmsg.txt: new error messages sql/share/danish/errmsg.txt: new error messages sql/share/dutch/errmsg.txt: new error messages sql/share/english/errmsg.txt: new error messages sql/share/estonian/errmsg.txt: new error messages sql/share/french/errmsg.txt: new error messages sql/share/german/errmsg.txt: new error messages sql/share/greek/errmsg.txt: new error messages sql/share/hungarian/errmsg.txt: new error messages sql/share/italian/errmsg.txt: new error messages sql/share/japanese/errmsg.txt: new error messages sql/share/korean/errmsg.txt: new error messages sql/share/norwegian-ny/errmsg.txt: new error messages sql/share/norwegian/errmsg.txt: new error messages sql/share/polish/errmsg.txt: new error messages sql/share/portuguese/errmsg.txt: new error messages sql/share/romanian/errmsg.txt: new error messages sql/share/russian/errmsg.txt: new error messages sql/share/serbian/errmsg.txt: new error messages sql/share/slovak/errmsg.txt: new error messages sql/share/spanish/errmsg.txt: new error messages sql/share/swedish/errmsg.txt: new error messages sql/share/ukrainian/errmsg.txt: new error messages sql/slave.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/slave.h: -1/1 (sent/unsent) error reporting removed sql/sp.cc: net_printf/send_error calls replaced by my_error family functions sql/sp_head.cc: new eror handling support net_printf/send_error calls replaced by my_error family functions sql/sp_rcontext.cc: net_printf/send_error calls replaced by my_error family functions sql/sql_acl.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_acl.h: -1/1 (sent/unsent) error reporting removed sql/sql_base.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_class.cc: net_printf/send_error calls replaced by my_error family functions sql/sql_class.h: my_messhage_sql now set/reset query_error flag sql/sql_db.cc: -1/1 (sent/unsent) error reporting removed sql/sql_delete.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_do.cc: -1/1 (sent/unsent) error reporting removed sql/sql_error.cc: -1/1 (sent/unsent) error reporting removed sql/sql_handler.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_help.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_insert.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_lex.h: -1/1 (sent/unsent) error reporting removed sql/sql_load.cc: -1/1 (sent/unsent) error reporting removed sql/sql_map.cc: errors without code removed sql/sql_parse.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed from mysql_execute_command sql/sql_prepare.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_repl.cc: error messages fixed net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_repl.h: -1/1 (sent/unsent) error reporting removed sql/sql_select.cc: -1/1 (sent/unsent) error reporting removed sql/sql_select.h: -1/1 (sent/unsent) error reporting removed sql/sql_show.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_table.cc: net_printf/send_error calls replaced by my_error family functions -1/1 (sent/unsent) error reporting removed sql/sql_trigger.cc: -1/1 (sent/unsent) error reporting removed sql/sql_udf.cc: net_printf/send_error calls replaced by my_error family functions sql/sql_union.cc: -1/1 (sent/unsent) error reporting removed sql/sql_update.cc: -1/1 (sent/unsent) error reporting removed net_printf/send_error calls replaced by my_error family functions sql/sql_view.cc: -1/1 (sent/unsent) error reporting removed sql/sql_view.h: -1/1 (sent/unsent) error reporting removed sql/sql_yacc.yy: net_printf/send_error calls replaced by my_error family functions |
||
|
unknown
|
46ea874fb7 |
After merge fixes
Note: The following tests fails - fulltext (Sergei has promised to fix) - rpl_charset (Guilhem should fix) - rpl_timezone (Dimitray has promised to fix) Sanja needs to check out the calling of close_thread_tables() in sp_head.cc myisam/mi_check.c: After merge fix myisam/sort.c: After merge fix mysql-test/mysql-test-run.sh: Export master socket to mysqltest mysql-test/r/func_group.result: Make result repeatable mysql-test/r/mysqlbinlog.result: After merge fix mysql-test/r/ps_1general.result: After merge fix mysql-test/r/ps_2myisam.result: After merge fix mysql-test/r/ps_3innodb.result: After merge fix mysql-test/r/ps_4heap.result: After merge fix mysql-test/r/ps_5merge.result: After merge fix mysql-test/r/ps_6bdb.result: After merge fix mysql-test/r/rpl_flush_log_loop.result: After merge fix mysql-test/r/rpl_replicate_do.result: After merge fix mysql-test/r/rpl_temporary.result: After merge fix mysql-test/r/rpl_timezone.result: After merge fix Note that this test fails now (Dimitry has promised to fix this) mysql-test/r/rpl_user_variables.result: After merge fix mysql-test/r/select.result: After merge fix mysql-test/r/sp-error.result: After merge fix mysql-test/r/sp-security.result: After merge fix mysql-test/r/sp.result: After merge fix mysql-test/r/user_var.result: After merge fix mysql-test/r/variables.result: After merge fix mysql-test/t/alter_table.test: After merge fix mysql-test/t/derived.test: After merge fix mysql-test/t/func_group.test: Make result repeatable mysql-test/t/grant_cache.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/multi_update.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000015.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000017.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl000018.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl_charset.test: After merge fix mysql-test/t/rpl_heap.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/rpl_rotate_logs.test: Use MASTER_MYSOCK instead of master.sock mysql-test/t/sp-error.test: after merge fix mysql-test/t/sp-security.test: after merge fix mysql-test/t/user_var.test: after merge fix scripts/mysql_fix_privilege_tables.sh: This can now be exectued from the source distribution sql/handler.cc: Cleanup sql/handler.h: More debugging sql/item.h: Indentation fixes sql/item_cmpfunc.cc: After merge fixes sql/opt_range.cc: After merge fixes sql/opt_range.h: After merge fixes sql/sp.cc: After merge fixes sql/sp_head.cc: Remove closing of thread tables in a SP function as this caused a core dump. (Has to be fixed better) sql/sql_base.cc: More debugging sql/sql_handler.cc: After merge fixes (We have to call ha_index_or_rnd_end() before calling close_thread_table()) sql/sql_parse.cc: More debugging sql/sql_prepare.cc: After merge fixes sql/sql_select.cc: After merge fixes |
||
|
unknown
|
44d2934f0b |
Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable.
Also added some related security tests and corrected related error messages. mysql-test/r/sp-error.result: New test case for BUG#3339, and updated results for other modified error messages. mysql-test/r/sp-security.result: Added tests for creating procedures in another database with and wihout access rights. mysql-test/t/sp-error.test: New test case for BUG#3339. mysql-test/t/sp-security.test: Added tests for creating procedures in another database with and wihout access rights. sql/sp.cc: Check existance (and access rights) for database when creating a stored routine. sql/sp.h: New error return value for sp_create_* functions, for non existing database. sql/sql_parse.cc: Check error return for create stored routine (non existing database), and corrected the error output for some other commands. (Use qualified name, not just name.) |
||
|
unknown
|
645d19f694 |
WL#1366: Use the schema (db) associated with an SP.
Phase 4 (final): Remove associated stored procedures when a database is dropped. mysql-test/r/sp-security.result: drop database now deletes associated SPs. mysql-test/r/sp.result: drop database now deletes associated SPs. mysql-test/t/sp-security.test: drop database now deletes associated SPs. mysql-test/t/sp.test: drop database now deletes associated SPs. sql/sp.cc: New function for deleting all SPs associated with a database. sql/sp.h: New function for deleting all SPs associated with a database. sql/sp_cache.cc: New function for just invalidating all SP caches (when dropping a database). sql/sp_cache.h: New function for just invalidating all SP caches (when dropping a database). sql/sql_db.cc: When dropping a database, also delete all associated SPs. |
||
|
unknown
|
d2ad3cff19 |
WL#1366: Use the schema (db) associated with an SP.
Phase 3: Made qualified names work for functions as well. mysql-test/r/sp-security.result: New testcases for functions with qualified names. mysql-test/t/sp-security.test: New testcases for functions with qualified names. sql/item_func.cc: Added error handling for stored function, if it doesn't exist. sql/item_func.h: Set null_value if execution of a stored function fails. sql/mysql_priv.h: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sp.cc: Copied mysql_change_db() from sql_db.cc and modified specially for SPs. sql/sp_head.cc: Fixed error handling for errors in functions during query/statement execution. sql/sql_db.cc: Reverted previous change: No optional args for mysql_change_db(). (SPs use a specially tailored function instead.) sql/sql_yacc.yy: Reworked the stored function/UDF invokation parsing and added qualified names for stored functions. UDFs now have precedence over stored functions (whith unqualified name). When using an unqualified name, only IDENT_sys is allowed (i.e. no unreserved keywords), since we get unresolvable reduce/reduce conflicts otherwise. |
||
|
unknown
|
eb4aa092e5 |
WL#1366: Use the schema (db) associated with an SP.
Phase 2: Make SPs belong to a DB, and use qualified names.
As a side effect, using USE in an SP is no longer allowed.
(It just doesn't work otherwise.)
include/mysqld_error.h:
New error code (USE is no longer allowed in a stored procedure).
include/sql_state.h:
New error state (USE is no longer allowed in a stored procedure).
mysql-test/r/sp-error.result:
Updated result for test of USE in SP (not allowed now).
mysql-test/r/sp-security.result:
Updated test results for new db column and qualified procedured names.
mysql-test/r/sp.result:
Updated results for USE in SP (as it's no longer allowed), and
for new db column in status result.
mysql-test/t/sp-error.test:
Moved test of USE in SP from sp.test (as it's no longer allowed).
mysql-test/t/sp-security.test:
Ajusted tests for new db column and qualified procedured names.
mysql-test/t/sp.test:
Moved test of USE in SP to sp-error.test (as it's no longer allowed).
Adjusted tests for new db column in status result.
sql/mysql_priv.h:
mysql_change_db() now has optional arguments for use by SP with qualified names.
sql/share/czech/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/danish/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/dutch/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/english/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/estonian/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/french/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/german/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/greek/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/hungarian/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/italian/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/japanese/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/korean/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/norwegian-ny/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/norwegian/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/polish/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/portuguese/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/romanian/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/russian/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/serbian/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/slovak/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/spanish/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/swedish/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/share/ukrainian/errmsg.txt:
New error message: USE is not allowed in a stored procedure.
sql/sp.cc:
SPs are now "belong" to a DB and may have qualified names.
New functions for changing DB ("use") when parsing and invoking SPs.
sql/sp.h:
New functions for changing DB ("use") when parsing and invoking SPs.
sql/sp_cache.cc:
Use the qualified name in the SP cache.
sql/sp_head.cc:
New function for allocating a qualified SP name (used in sql_yacc.yy).
Change DB when executing an SP (if needed).
Moved thd_mem_root swap functions from sp_head.h.
sql/sp_head.h:
New function for allocating a qualified SP name (used in sql_yacc.yy).
Moved thd_mem_root swap functions to sp_head.cc.
sql/sql_db.cc:
mysql_change_db() now has optional arguments for use by SP with qualified names
(for use when reading an SP from database and executing it); also allow "unusing"
a database, i.e. setting thd->thd to "".
sql/sql_yacc.yy:
Initialize qualfied SP names correctly.
USE is no longer allowed in an SP.
|
||
|
unknown
|
857b59578c |
Fixed BUG#2777: Stored procedure doesn't observe definer's rights.
SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights. mysql-test/r/sp-security.result: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. mysql-test/t/sp-security.test: Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights. sql/sql_acl.cc: Clear rights before changing them in acl_getroot_no_password so that reduced rights work too, and take care of db acls as well. |
||
|
unknown
|
241bb22699 |
Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server.
Added missing cleanup in sp-security.test. mysql-test/r/sp-security.result: Added clean-up. mysql-test/t/sp-security.test: Added clean-up. sql/item_func.cc: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. sql/sp_head.cc: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. sql/sp_head.h: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. sql/sql_parse.cc: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. |
||
|
unknown
|
a6f85eeac1 |
WL#1365: Implement definer's rights execution of stored procedures.
(Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo. |