MySQL crashes if a user without proper privileges attempts to create a procedure.
The crash happens because more than one error state is pushed onto the Diagnostic
area. In this particular case the user is denied to implicitly create a new user
account with the implicitly granted privileges ALTER- and EXECUTE ROUTINE.
The new account is needed if the original user account contained a host mask.
A user account with a host mask is a distinct user account in this context.
An alternative would be to first get the most permissive user account which
include the current user connection and then assign privileges to that
account. This behavior change is considered out of scope for this bug patch.
The implicit assignment of privileges when a user creates a stored routine is a
considered to be a feature for user convenience and as such it is not
a critical operation. Any failure to complete this operation is thus considered
non-fatal (an error becomes a warning).
The patch back ports a stack implementation of the internal error handler interface.
This enables the use of multiple error handlers so that it is possible to intercept
and cancel errors thrown by lower layers. This is needed as a error handler already
is used in the call stack emitting the errors which needs to be converted.
The bool data type was redefined to BOOL (4 bytes on windows).
Removed the #define and fixed some of the warnings that were uncovered
by this.
Note that the fix also disables 2 warnings :
4800 : 'type' : forcing value to bool 'true' or 'false' (performance warning)
4805: 'operation' : unsafe mix of type 'type' and type 'type' in operation
These warnings will be handled in a separate bug, as they are performance related or bogus.
Fixed to int the return type of functions that return more than
2 distinct values.
When expanding a * in a USING/NATURAL join the check for table access
for both tables in the join was done using the grant information of the
first one.
Fixed by getting the grant information for the current table while
iterating through the columns of the join.
- Build sql files for netware from the mysql_system_tables*.sq files
- Fix comments about mysql_create_system_tables.sh
- Use mysql_install_db.sh to create system tables for mysql_test-run-shell
- Fix mysql-test-run.pl to also look in share/mysql for the msyql_system*.sql files
Corrected spelling in copyright text
Makefile.am:
Don't update the files from BitKeeper
Many files:
Removed "MySQL Finland AB & TCX DataKonsult AB" from copyright header
Adjusted year(s) in copyright header
Many files:
Added GPL copyright text
Removed files:
Docs/Support/colspec-fix.pl
Docs/Support/docbook-fixup.pl
Docs/Support/docbook-prefix.pl
Docs/Support/docbook-split
Docs/Support/make-docbook
Docs/Support/make-makefile
Docs/Support/test-make-manual
Docs/Support/test-make-manual-de
Docs/Support/xwf
after merge.
Concurrent read and update of privilege structures (like simultaneous
run of SHOW GRANTS and ADD USER) could result in server crash.
Ensure that proper locking of ACL structures is done.
No test case is provided because this bug can't be reproduced
deterministically.
- fix for bug#16423 (Events: SHOW CREATE EVENT doesn't work)
- this Changeset commits makes CREATE/UPDATE/DELETE EVENT real DDL statements
by committing the currently open transaction before they are executed.
- this Changeset also fixes a trailing space problem since the very early days
of the internal cron
- adds sophisticated checking of whether mysql.event was tampered accidentally
or with purpose by an user.
- adds a lot of inline function documentation - documents everything left
uncodumented
- INTERVAL_XXXX to XXX in I_S.EVENTS.INTERVAL_FIELD
WL#1034 (Internal CRON)
Implement table-level TRIGGER privilege to control access to triggers.
Before this path global SUPER privilege was used for this purpose, that
was the big security problem.
In details, before this patch SUPER privilege was required:
- for the user at CREATE TRIGGER time to create a new trigger;
- for the user at DROP TRIGGER time to drop the existing trigger;
- for the definer at trigger activation time to execute the trigger (if the
definer loses SUPER privilege, all its triggers become unavailable);
This patch changes the behaviour in the following way:
- TRIGGER privilege on the subject table for trigger is required:
- for the user at CREATE TRIGGER time to create a new trigger;
- for the user at DROP TRIGGER time to drop the existing trigger;
- for the definer at trigger activation time to execute the trigger
(if the definer loses TRIGGER privilege on the subject table, all its
triggers on this table become unavailable).
- SUPER privilege is still required:
- for the user at CREATE TRIGGER time to explicitly set the trigger
definer to the user other than CURRENT_USER().
When the server works with database of the previous version (w/o TRIGGER
privilege), or if the database is being upgraded from the previous versions,
TRIGGER privilege is granted to whose users, who have CREATE privilege.
- fix EVENT_ACL problem that GRANT ALL on some_db.* to someone@somewhere did not get to mysql.db
- fix crash when the following is executed :
CREATE EVENT P() CREATE EVENT E ON SCHEDULER 1 SECOND DO ROLLBACK;
(creation works as well as calling P() which creates the event).
- split into several files
- forbid parallel execution (before analyse is done how to make it possible)
because the same sp_head instance cannot be executed in parallel
- added GPL headers
- changed EVENT_ACL to be per DB variable
- fixed minor problems
Post-review fixes that simplify the way access rights
are checked during name resolution and factor out all
entry points to check access rights into one single
function.
multi-threaded environment".
To avoid deadlocks between several simultaneously run account management
commands (particularly between FLUSH PRIVILEGES/SET PASSWORD and GRANT
commands) we should always take table and internal locks during their
execution in the same order. In other words we should first open and lock
privilege tables and only then obtain acl_cache::lock/LOCK_grant locks.
Added new logic to ACL system:
1) If GRANT OPTION (not mysql db):
Ok to update existing user, but not password.
Not allowed to make a new user.
2) If UPDATE_ACL to mysql DB:
Ok to update current user, but not make a new one.
3) If INSERT_ACL to mysql DB:
Ok to add a new user, but not modify existing.
4) If GRANT OPTION to mysql DB:
All modifications OK.
