MDEV-5997 - MySQL bug#11759114 - '51401: GRANT TREATS NONEXISTENT

FUNCTIONS/PRIVILEGES DIFFERENTLY' Fix for bug#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES DIFFERENTLY'. The problem was that attempt to grant EXECUTE or ALTER ROUTINE privilege on stored procedure which didn't exist succeed instead of returning an appropriate error like it happens in similar situation for stored functions or tables. The code which handles granting of privileges on individual routine calls sp_exist_routines() function to check if routine exists and assumes that the 3rd parameter of the latter specifies whether it should check for existence of stored procedure or function. In practice, this parameter had completely different meaning and, as result, this check was not done properly for stored procedures. This fix addresses this problem by bringing sp_exist_routines() signature and code in line with expectation of its caller. Conflicts: mysql-test/r/grant.result mysql-test/t/grant.test sql/sp.cc
author: Dmitry Lenev <Dmitry.Lenev@oracle.com> 2011-04-22 16:59:10 +0400
committer: Sergey Vojtovich <svoj@mariadb.org> 2015-07-23 16:45:20 +0400
commit: a6ab8ef9d7d465a3f0bc1cff6034ca97575629dd (patch)
tree: 01d03cba16707b58fd78dccd70e4a8026f9c5230
parent: d897015d74d82464a21ed154f606adc69503c372 (diff)
download: mariadb-git-a6ab8ef9d7d465a3f0bc1cff6034ca97575629dd.tar.gz
4 files changed, 57 insertions, 13 deletions
diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result
index 0acf6f69323..3194573e2ef 100644
--- a/mysql-test/r/grant.result
+++ b/mysql-test/r/grant.result
@@ -1689,6 +1689,7 @@ Assigning privileges without procs_priv table.
 CREATE DATABASE mysqltest1;
 CREATE PROCEDURE mysqltest1.test() SQL SECURITY DEFINER
 SELECT 1;
+CREATE FUNCTION mysqltest1.test() RETURNS INT RETURN 1;
 GRANT EXECUTE ON FUNCTION mysqltest1.test TO mysqltest_1@localhost;
 ERROR 42S02: Table 'mysql.procs_priv' doesn't exist
 GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost;
@@ -2551,3 +2552,25 @@ ERROR 42000: Access denied for user 'untrusted'@'localhost' to database 'secret'
 # Connection default
 DROP USER untrusted@localhost;
 DROP DATABASE secret;
+#
+# BUG#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES
+#                 DIFFERENTLY'.
+#
+drop database if exists mysqltest_db1;
+create database mysqltest_db1;
+create user mysqltest_u1;
+# Both GRANT statements below should fail with the same error.
+grant execute on function mysqltest_db1.f1 to mysqltest_u1;
+ERROR 42000: FUNCTION or PROCEDURE f1 does not exist
+grant execute on procedure mysqltest_db1.p1 to mysqltest_u1;
+ERROR 42000: FUNCTION or PROCEDURE p1 does not exist
+# Let us show that GRANT behaviour for routines is consistent
+# with GRANT behaviour for tables. Attempt to grant privilege
+# on non-existent table also results in an error.
+grant select on mysqltest_db1.t1 to mysqltest_u1;
+ERROR 42S02: Table 'mysqltest_db1.t1' doesn't exist
+show grants for mysqltest_u1;
+Grants for mysqltest_u1@%
+GRANT USAGE ON *.* TO 'mysqltest_u1'@'%'
+drop database mysqltest_db1;
+drop user mysqltest_u1;
diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test
index ed7271521c8..548fd0f810e 100644
--- a/mysql-test/t/grant.test
+++ b/mysql-test/t/grant.test
@@ -1666,6 +1666,7 @@ FLUSH PRIVILEGES;
 CREATE DATABASE mysqltest1;
 CREATE PROCEDURE mysqltest1.test() SQL SECURITY DEFINER
   SELECT 1;
+CREATE FUNCTION mysqltest1.test() RETURNS INT RETURN 1;
 --error ER_NO_SUCH_TABLE
 GRANT EXECUTE ON FUNCTION mysqltest1.test TO mysqltest_1@localhost;
 GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost;
@@ -2210,3 +2211,25 @@ DROP DATABASE secret;
 # Wait till we reached the initial number of concurrent sessions
 --source include/wait_until_count_sessions.inc
 
+--echo #
+--echo # BUG#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES
+--echo #                 DIFFERENTLY'.
+--echo #
+--disable_warnings
+drop database if exists mysqltest_db1;
+--enable_warnings
+create database mysqltest_db1;
+create user mysqltest_u1;
+--echo # Both GRANT statements below should fail with the same error.
+--error ER_SP_DOES_NOT_EXIST
+grant execute on function mysqltest_db1.f1 to mysqltest_u1;
+--error ER_SP_DOES_NOT_EXIST
+grant execute on procedure mysqltest_db1.p1 to mysqltest_u1;
+--echo # Let us show that GRANT behaviour for routines is consistent
+--echo # with GRANT behaviour for tables. Attempt to grant privilege
+--echo # on non-existent table also results in an error.
+--error ER_NO_SUCH_TABLE
+grant select on mysqltest_db1.t1 to mysqltest_u1;
+show grants for mysqltest_u1;
+drop database mysqltest_db1;
+drop user mysqltest_u1;
diff --git a/sql/sp.cc b/sql/sp.cc
index 334b5e12ba3..4b65f835f70 100644
--- a/sql/sp.cc
+++ b/sql/sp.cc
@@ -1751,7 +1751,8 @@ sp_find_routine(THD *thd, stored_procedure_type type, sp_name *name,
 
   @param thd Thread handler
   @param routines List of needles in the hay stack
-  @param any Any of the needles are good enough
+  @param is_proc  Indicates whether routines in the list are procedures
+                  or functions.
 
   @return
     @retval FALSE Found.
@@ -1759,7 +1760,7 @@ sp_find_routine(THD *thd, stored_procedure_type type, sp_name *name,
 */
 
 bool
-sp_exist_routines(THD *thd, TABLE_LIST *routines, bool any)
+sp_exist_routines(THD *thd, TABLE_LIST *routines, bool is_proc)
 {
   TABLE_LIST *routine;
   bool sp_object_found;
@@ -1775,17 +1776,14 @@ sp_exist_routines(THD *thd, TABLE_LIST *routines, bool any)
     lex_name.str= thd->strmake(routine->table_name, lex_name.length);
     name= new sp_name(lex_db, lex_name, true);
     name->init_qname(thd);
-    sp_object_found= sp_find_routine(thd, TYPE_ENUM_PROCEDURE, name,
-                                     &thd->sp_proc_cache, FALSE) != NULL ||
-                     sp_find_routine(thd, TYPE_ENUM_FUNCTION, name,
-                                     &thd->sp_func_cache, FALSE) != NULL;
+    sp_object_found= is_proc ? sp_find_routine(thd, TYPE_ENUM_PROCEDURE,
+                                               name, &thd->sp_proc_cache,
+                                               FALSE) != NULL :
+                               sp_find_routine(thd, TYPE_ENUM_FUNCTION,
+                                               name, &thd->sp_func_cache,
+                                               FALSE) != NULL;
     thd->get_stmt_da()->clear_warning_info(thd->query_id);
-    if (sp_object_found)
-    {
-      if (any)
-        break;
-    }
-    else if (!any)
+    if (! sp_object_found)
     {
       my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION or PROCEDURE",
                routine->table_name);
diff --git a/sql/sp.h b/sql/sp.h
index 3353132346b..82d4704cf2c 100644
--- a/sql/sp.h
+++ b/sql/sp.h
@@ -121,7 +121,7 @@ sp_cache_routine(THD *thd, stored_procedure_type type, sp_name *name,
                  bool lookup_only, sp_head **sp);
 
 bool
-sp_exist_routines(THD *thd, TABLE_LIST *procs, bool any);
+sp_exist_routines(THD *thd, TABLE_LIST *procs, bool is_proc);
 
 bool
 sp_show_create_routine(THD *thd, stored_procedure_type type, sp_name *name);
author	Dmitry Lenev <Dmitry.Lenev@oracle.com>	2011-04-22 16:59:10 +0400
committer	Sergey Vojtovich <svoj@mariadb.org>	2015-07-23 16:45:20 +0400
commit	a6ab8ef9d7d465a3f0bc1cff6034ca97575629dd (patch)
tree	01d03cba16707b58fd78dccd70e4a8026f9c5230
parent	d897015d74d82464a21ed154f606adc69503c372 (diff)
download	mariadb-git-a6ab8ef9d7d465a3f0bc1cff6034ca97575629dd.tar.gz