Fixed BUG#6030: Stored procedure has no appropriate DROP privilege.

  ...and no ALTER privilege either.
  For now, only the definer and root can drop or alter an SP.


include/mysqld_error.h:
  New access denied error code when dropping/altering stored procedures.
include/sql_state.h:
  New access denied error code when dropping/altering stored procedures.
mysql-test/r/sp-error.result:
  Removed warning for "unitialized variable", as this popped up in unexpected
  places after the access control for drop/alter SPs was added. (And the warning
  was wrong and planned to be removed anyway.)
mysql-test/r/sp-security.result:
  Added tests for access control on who's allowed to drop and alter SPs.
mysql-test/r/sp.result:
  Updated results. (Warning removed.)
mysql-test/t/sp-error.test:
  Removed warning for "unitialized variable", as this popped up in unexpected
  places after the access control for drop/alter SPs was added. (And the warning
  was wrong and planned to be removed anyway.)
mysql-test/t/sp-security.test:
  Added tests for access control on who's allowed to drop and alter SPs.
sql/share/czech/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/danish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/dutch/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/english/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/estonian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/french/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/german/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/greek/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/hungarian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/italian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/japanese/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/korean/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/norwegian-ny/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/norwegian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/polish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/portuguese/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/romanian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/russian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/serbian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/slovak/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/spanish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/swedish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/ukrainian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/sql_parse.cc:
  Added minimal access control for DROP/ALTER PROCEDURE/FUNCTION. Only the definer
  and root are allowed to do this.
sql/sql_yacc.yy:
  Removed warning for "unitialized variable", as this popped up in unexpected
  places after the access control for drop/alter SPs was added. (And the warning
  was wrong and planned to be removed anyway.)

32 files changed, 148 insertions, 46 deletions

diff --git a/include/mysqld_error.h b/include/mysqld_error.h
index 6faf876f2f1..1e190496fde 100644
--- a/include/mysqld_error.h
+++ b/include/mysqld_error.h
@@ -386,4 +386,5 @@
 #define ER_ILLEGAL_VALUE_FOR_TYPE 1367
 #define ER_VIEW_NONUPD_CHECK 1368
 #define ER_VIEW_CHECK_FAILED 1369
-#define ER_ERROR_MESSAGES 370
+#define ER_SP_ACCESS_DENIED_ERROR 1370
+#define ER_ERROR_MESSAGES 371
diff --git a/include/sql_state.h b/include/sql_state.h
index bd3e8b9b3ef..d13ed444548 100644
--- a/include/sql_state.h
+++ b/include/sql_state.h
@@ -203,3 +203,4 @@ ER_SP_CURSOR_AFTER_HANDLER,     "42000", "",
 ER_SP_CASE_NOT_FOUND,           "20000", "",
 ER_DIVISION_BY_ZERO,		"22012", "",
 ER_ILLEGAL_VALUE_FOR_TYPE,	"22007", "",
+ER_SP_ACCESS_DENIED_ERROR,      "42000", "",
diff --git a/mysql-test/r/sp-error.result b/mysql-test/r/sp-error.result
index db6f89c8c0e..9bea0fe0d4c 100644
--- a/mysql-test/r/sp-error.result
+++ b/mysql-test/r/sp-error.result
@@ -115,14 +115,6 @@ foo: loop
 set @x=2;
 end loop bar|
 ERROR 42000: End-label bar without match
-create procedure foo(out x int)
-begin
-declare y int;
-set x = y;
-end|
-Warnings:
-Warning	1311	Referring to uninitialized variable y
-drop procedure foo|
 create procedure foo()
 return 42|
 ERROR 42000: RETURN is only allowed in a FUNCTION
diff --git a/mysql-test/r/sp-security.result b/mysql-test/r/sp-security.result
index cdcc4595a73..23804e62ef5 100644
--- a/mysql-test/r/sp-security.result
+++ b/mysql-test/r/sp-security.result
@@ -107,13 +107,20 @@ s1
 0
 2
 2
+alter procedure p modifies sql data;
+drop procedure p;
+alter procedure q modifies sql data;
+ERROR 42000: Access denied; you are not the procedure/function definer of 'db2.q'
+drop procedure q;
+ERROR 42000: Access denied; you are not the procedure/function definer of 'db2.q'
+use db2;
+alter procedure q modifies sql data;
+drop procedure q;
 use test;
 select type,db,name from mysql.proc;
 type	db	name
 FUNCTION	db1_secret	db
 PROCEDURE	db1_secret	stamp
-PROCEDURE	db2	p
-PROCEDURE	db2	q
 drop database db1_secret;
 drop database db2;
 select type,db,name from mysql.proc;
diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result
index d19c3c5355e..670c16c3e50 100644
--- a/mysql-test/r/sp.result
+++ b/mysql-test/r/sp.result
@@ -1843,13 +1843,9 @@ begin
 declare v char;
 return v;
 end|
-Warnings:
-Warning	1311	Referring to uninitialized variable v
 select bug4487()|
 bug4487()
 NULL
-Warnings:
-Warning	1311	Referring to uninitialized variable v
 drop function bug4487|
 drop procedure if exists bug4941|
 create procedure bug4941(out x int)
diff --git a/mysql-test/t/sp-error.test b/mysql-test/t/sp-error.test
index 73f2730b44c..08c8c7788ce 100644
--- a/mysql-test/t/sp-error.test
+++ b/mysql-test/t/sp-error.test
@@ -156,14 +156,6 @@ foo: loop
   set @x=2;
 end loop bar|
 
-# Referring to undef variable
-create procedure foo(out x int)
-begin
-  declare y int;
-  set x = y;
-end|
-drop procedure foo|
-
 # RETURN in FUNCTION only
 --error 1313
 create procedure foo()
diff --git a/mysql-test/t/sp-security.test b/mysql-test/t/sp-security.test
index 4804d44e63a..2b53bbc528a 100644
--- a/mysql-test/t/sp-security.test
+++ b/mysql-test/t/sp-security.test
@@ -180,8 +180,32 @@ use db2;
 call q();
 select * from t2;
 
-# Clean up
+
+#
+# BUG#6030: Stored procedure has no appropriate DROP privilege
+# (or ALTER for that matter)
+
+# still connection con2user1 in db2
+
+# This should work:
+alter procedure p modifies sql data;
+drop procedure p;
+
+# This should NOT work
+--error 1370
+alter procedure q modifies sql data;
+--error 1370
+drop procedure q;
+
 connection con1root;
+use db2;
+# But root always can
+alter procedure q modifies sql data;
+drop procedure q;
+
+
+# Clean up
+#Still connection con1root;
 use test;
 select type,db,name from mysql.proc;
 drop database db1_secret;
diff --git a/sql/share/czech/errmsg.txt b/sql/share/czech/errmsg.txt
index 301ac6133ca..e3c08eeca89 100644
--- a/sql/share/czech/errmsg.txt
+++ b/sql/share/czech/errmsg.txt
@@ -398,3 +398,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/danish/errmsg.txt b/sql/share/danish/errmsg.txt
index 128859a5505..78610219ade 100644
--- a/sql/share/danish/errmsg.txt
+++ b/sql/share/danish/errmsg.txt
@@ -389,3 +389,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/dutch/errmsg.txt b/sql/share/dutch/errmsg.txt
index 3ad8d91bba7..051a2a13ab8 100644
--- a/sql/share/dutch/errmsg.txt
+++ b/sql/share/dutch/errmsg.txt
@@ -398,3 +398,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/english/errmsg.txt b/sql/share/english/errmsg.txt
index 1878d6e2da2..bb2a9cb59ba 100644
--- a/sql/share/english/errmsg.txt
+++ b/sql/share/english/errmsg.txt
@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/estonian/errmsg.txt b/sql/share/estonian/errmsg.txt
index af14aeac85c..14764d764aa 100644
--- a/sql/share/estonian/errmsg.txt
+++ b/sql/share/estonian/errmsg.txt
@@ -391,3 +391,4 @@ character-set=latin7
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/french/errmsg.txt b/sql/share/french/errmsg.txt
index b731f398a2f..7c3e833c903 100644
--- a/sql/share/french/errmsg.txt
+++ b/sql/share/french/errmsg.txt
@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/german/errmsg.txt b/sql/share/german/errmsg.txt
index ff797119971..7cda8bef089 100644
--- a/sql/share/german/errmsg.txt
+++ b/sql/share/german/errmsg.txt
@@ -399,3 +399,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/greek/errmsg.txt b/sql/share/greek/errmsg.txt
index f5db8296d14..7b9bf7e967e 100644
--- a/sql/share/greek/errmsg.txt
+++ b/sql/share/greek/errmsg.txt
@@ -386,3 +386,4 @@ character-set=greek
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/hungarian/errmsg.txt b/sql/share/hungarian/errmsg.txt
index 0b410dc1ac7..d4e5c5c744f 100644
--- a/sql/share/hungarian/errmsg.txt
+++ b/sql/share/hungarian/errmsg.txt
@@ -391,3 +391,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/italian/errmsg.txt b/sql/share/italian/errmsg.txt
index 0c0ccdc0a74..c697edb4cd7 100644
--- a/sql/share/italian/errmsg.txt
+++ b/sql/share/italian/errmsg.txt
@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/japanese/errmsg.txt b/sql/share/japanese/errmsg.txt
index bd9dd98d525..e1a32f1894b 100644
--- a/sql/share/japanese/errmsg.txt
+++ b/sql/share/japanese/errmsg.txt
@@ -390,3 +390,4 @@ character-set=ujis
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/korean/errmsg.txt b/sql/share/korean/errmsg.txt
index 9ab305bc2d8..adb08b67474 100644
--- a/sql/share/korean/errmsg.txt
+++ b/sql/share/korean/errmsg.txt
@@ -386,3 +386,4 @@ character-set=euckr
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/norwegian-ny/errmsg.txt b/sql/share/norwegian-ny/errmsg.txt
index c8166a777bf..057accd3c5b 100644
--- a/sql/share/norwegian-ny/errmsg.txt
+++ b/sql/share/norwegian-ny/errmsg.txt
@@ -388,3 +388,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/norwegian/errmsg.txt b/sql/share/norwegian/errmsg.txt
index 07f7381091d..5506d95592a 100644
--- a/sql/share/norwegian/errmsg.txt
+++ b/sql/share/norwegian/errmsg.txt
@@ -388,3 +388,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/polish/errmsg.txt b/sql/share/polish/errmsg.txt
index 43cf08666ac..38cefd45338 100644
--- a/sql/share/polish/errmsg.txt
+++ b/sql/share/polish/errmsg.txt
@@ -391,3 +391,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/portuguese/errmsg.txt b/sql/share/portuguese/errmsg.txt
index 827c49d3f1f..7689db06451 100644
--- a/sql/share/portuguese/errmsg.txt
+++ b/sql/share/portuguese/errmsg.txt
@@ -388,3 +388,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/romanian/errmsg.txt b/sql/share/romanian/errmsg.txt
index a3c16ea5023..ad486367ec9 100644
--- a/sql/share/romanian/errmsg.txt
+++ b/sql/share/romanian/errmsg.txt
@@ -391,3 +391,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/russian/errmsg.txt b/sql/share/russian/errmsg.txt
index c5988fca6d5..d057ab53256 100644
--- a/sql/share/russian/errmsg.txt
+++ b/sql/share/russian/errmsg.txt
@@ -391,3 +391,4 @@ character-set=koi8r
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION для необновляемого VIEW '%-.64s.%-.64s'"
 "проверка CHECK OPTION для VIEW '%-.64s.%-.64s' провалилась"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/serbian/errmsg.txt b/sql/share/serbian/errmsg.txt
index 5a08ae4ba54..6e38b1c3d11 100644
--- a/sql/share/serbian/errmsg.txt
+++ b/sql/share/serbian/errmsg.txt
@@ -379,3 +379,4 @@ character-set=cp1250
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/slovak/errmsg.txt b/sql/share/slovak/errmsg.txt
index a6bab89d689..a9667b8ba62 100644
--- a/sql/share/slovak/errmsg.txt
+++ b/sql/share/slovak/errmsg.txt
@@ -394,3 +394,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/spanish/errmsg.txt b/sql/share/spanish/errmsg.txt
index 11bc53cde16..17600f336c0 100644
--- a/sql/share/spanish/errmsg.txt
+++ b/sql/share/spanish/errmsg.txt
@@ -390,3 +390,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/swedish/errmsg.txt b/sql/share/swedish/errmsg.txt
index 6d9a6b98204..8b061ac0eec 100644
--- a/sql/share/swedish/errmsg.txt
+++ b/sql/share/swedish/errmsg.txt
@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/ukrainian/errmsg.txt b/sql/share/ukrainian/errmsg.txt
index 03f3172c2fb..317b2d596fa 100644
--- a/sql/share/ukrainian/errmsg.txt
+++ b/sql/share/ukrainian/errmsg.txt
@@ -392,3 +392,4 @@ character-set=koi8u
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION для VIEW '%-.64s.%-.64s' що не може бути оновленним"
 "перев╕рка CHECK OPTION для VIEW '%-.64s.%-.64s' не пройшла"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index f1d6603201e..079d8994549 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -69,6 +69,7 @@ static void remove_escape(char *name);
 static void refresh_status(void);
 static bool append_file_to_dir(THD *thd, const char **filename_ptr,
 			       const char *table_name);
+static bool check_sp_definer_access(THD *thd, sp_head *sp);
 
 const char *any_db="*any*";	// Special symbol for check_access
 
@@ -3765,11 +3766,30 @@ purposes internal to the MySQL server", MYF(0));
   case SQLCOM_ALTER_PROCEDURE:
   case SQLCOM_ALTER_FUNCTION:
     {
-      res= -1;
+      sp_head *sp;
+      st_sp_chistics chistics;
+
+      memcpy(&chistics, &lex->sp_chistics, sizeof(chistics));
       if (lex->sql_command == SQLCOM_ALTER_PROCEDURE)
-	res= sp_update_procedure(thd, lex->spname, &lex->sp_chistics);
+	sp= sp_find_procedure(thd, lex->spname);
       else
-	res= sp_update_function(thd, lex->spname, &lex->sp_chistics);
+	sp= sp_find_function(thd, lex->spname);
+      mysql_reset_errors(thd);
+      if (! sp)
+	res= SP_KEY_NOT_FOUND;
+      else
+      {
+	if (check_sp_definer_access(thd, sp))
+	{
+	  res= -1;
+	  break;
+	}
+	memcpy(&lex->sp_chistics, &chistics, sizeof(lex->sp_chistics));
+	if (lex->sql_command == SQLCOM_ALTER_PROCEDURE)
+	  res= sp_update_procedure(thd, lex->spname, &lex->sp_chistics);
+	else
+	  res= sp_update_function(thd, lex->spname, &lex->sp_chistics);
+      }
       switch (res)
       {
       case SP_OK:
@@ -3789,28 +3809,45 @@ purposes internal to the MySQL server", MYF(0));
   case SQLCOM_DROP_PROCEDURE:
   case SQLCOM_DROP_FUNCTION:
     {
+      sp_head *sp;
+
       if (lex->sql_command == SQLCOM_DROP_PROCEDURE)
-	res= sp_drop_procedure(thd, lex->spname);
+	sp= sp_find_procedure(thd, lex->spname);
+      else
+	sp= sp_find_function(thd, lex->spname);
+      mysql_reset_errors(thd);
+      if (! sp)
+	res= SP_KEY_NOT_FOUND;
       else
       {
-	res= sp_drop_function(thd, lex->spname);
-#ifdef HAVE_DLOPEN
-	if (res == SP_KEY_NOT_FOUND)
+	if (check_sp_definer_access(thd, sp))
 	{
-	  udf_func *udf = find_udf(lex->spname->m_name.str,
-				   lex->spname->m_name.length);
-	  if (udf)
+	  res= -1;
+	  break;
+	}
+	if (lex->sql_command == SQLCOM_DROP_PROCEDURE)
+	  res= sp_drop_procedure(thd, lex->spname);
+	else
+	{
+	  res= sp_drop_function(thd, lex->spname);
+#ifdef HAVE_DLOPEN
+	  if (res == SP_KEY_NOT_FOUND)
 	  {
-	    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0))
-	      goto error;
-	    if (!(res = mysql_drop_function(thd,&lex->spname->m_name)))
+	    udf_func *udf = find_udf(lex->spname->m_name.str,
+				     lex->spname->m_name.length);
+	    if (udf)
 	    {
-	      send_ok(thd);
-	      break;
+	      if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0))
+		goto error;
+	      if (!(res = mysql_drop_function(thd,&lex->spname->m_name)))
+	      {
+		send_ok(thd);
+		break;
+	      }
 	    }
 	  }
-	}
 #endif
+	}
       }
       switch (res)
       {
@@ -4269,6 +4306,41 @@ static bool check_db_used(THD *thd,TABLE_LIST *tables)
   return FALSE;
 }
 
+
+/*
+  Check if the given SP is owned by thd->priv_user/host, or priv_user is root.
+  QQ This is not quite complete, but it will do as a basic security check
+     for now. The question is exactly which rights should 'root' have?
+     Should root have access regardless of host for instance?
+
+  SYNOPSIS
+    check_sp_definer_access()
+    thd		 Thread handler
+    sp           The SP pointer
+
+  RETURN
+    0  ok
+    1  error     Error message has been sent
+*/
+
+static bool
+check_sp_definer_access(THD *thd, sp_head *sp)
+{
+  LEX_STRING *usr, *hst;
+
+  if (strcmp("root", thd->priv_user) == 0)
+    return FALSE;		/* QQ Any root is ok now */
+  usr= &sp->m_definer_user;
+  hst= &sp->m_definer_host;
+  if (strncmp(thd->priv_user, usr->str, usr->length) == 0 &&
+      strncmp(thd->priv_host, hst->str, hst->length) == 0)
+    return FALSE;		/* Both user and host must match */
+
+  my_error(ER_SP_ACCESS_DENIED_ERROR, MYF(0), sp->m_qname.str);
+  return TRUE;			/* Not definer or root */
+}
+
+
 /****************************************************************************
 	Check stack size; Send error if there isn't enough stack to continue
 ****************************************************************************/
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 5caa3401fba..d792d144545 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -6495,12 +6495,6 @@ simple_ident:
 
 	  if (spc && (spv = spc->find_pvar(&$1)))
 	  { /* We're compiling a stored procedure and found a variable */
-	    if (lex->sql_command != SQLCOM_CALL && ! spv->isset)
-	    {
-	      push_warning_printf(YYTHD, MYSQL_ERROR::WARN_LEVEL_WARN,
-	                          ER_SP_UNINIT_VAR, ER(ER_SP_UNINIT_VAR),
-				  $1.str);
-	    }
 	    $$ = (Item*) new Item_splocal($1, spv->offset);
             lex->variables_used= 1;
 	    lex->safe_to_cache_query=0;