diff options
| author | unknown <anozdrin/alik@booka.opbmk> | 2007-03-23 14:12:11 +0300 |
|---|---|---|
| committer | unknown <anozdrin/alik@booka.opbmk> | 2007-03-23 14:12:11 +0300 |
| commit | bd49d8debfc1821cb9d158efb9cdfc55231e54ee (patch) | |
| tree | 5bf7ae3a2e46723dd549f6affcf4c82a7890d903 /mysql-test/r/grant.result | |
| parent | b444f808828e42b64cdd4fa8bc9e901b1ae6e119 (diff) | |
| download | mariadb-git-bd49d8debfc1821cb9d158efb9cdfc55231e54ee.tar.gz | |
Fix for BUG#9504: Stored procedures: execute privilege doesn't
make 'use database' okay.
The problem was that we didn't check stored-routine privileges
in check_grant_db().
The patch adds this check.
mysql-test/r/grant.result:
Update result file.
mysql-test/r/sp-security.result:
Update result fil.
mysql-test/t/grant.test:
Added test case for BUG#9504.
mysql-test/t/sp-security.test:
Update test.
sql/sql_acl.cc:
Check stored routines privileges.
Diffstat (limited to 'mysql-test/r/grant.result')
| -rw-r--r-- | mysql-test/r/grant.result | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index d63e4181026..73d5bf94264 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -972,4 +972,51 @@ REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@1234567890abcdefghij123456789 ERROR HY000: String '1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY' is too long for host name (should be no longer than 60) GRANT PROCESS ON * TO user@localhost; ERROR 3D000: No database selected +DROP DATABASE IF EXISTS mysqltest1; +DROP DATABASE IF EXISTS mysqltest2; +DROP DATABASE IF EXISTS mysqltest3; +DROP DATABASE IF EXISTS mysqltest4; +CREATE DATABASE mysqltest1; +CREATE DATABASE mysqltest2; +CREATE DATABASE mysqltest3; +CREATE DATABASE mysqltest4; +CREATE PROCEDURE mysqltest1.p_def() SQL SECURITY DEFINER +SELECT 1; +CREATE PROCEDURE mysqltest2.p_inv() SQL SECURITY INVOKER +SELECT 1; +CREATE FUNCTION mysqltest3.f_def() RETURNS INT SQL SECURITY DEFINER +RETURN 1; +CREATE FUNCTION mysqltest4.f_inv() RETURNS INT SQL SECURITY INVOKER +RETURN 1; +GRANT EXECUTE ON PROCEDURE mysqltest1.p_def TO mysqltest_1@localhost; +GRANT EXECUTE ON PROCEDURE mysqltest2.p_inv TO mysqltest_1@localhost; +GRANT EXECUTE ON FUNCTION mysqltest3.f_def TO mysqltest_1@localhost; +GRANT EXECUTE ON FUNCTION mysqltest4.f_inv TO mysqltest_1@localhost; +GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost; + +---> connection: bug9504_con1 +use mysqltest1; +use mysqltest2; +use mysqltest3; +use mysqltest4; +use test; +CALL mysqltest1.p_def(); +1 +1 +CALL mysqltest2.p_inv(); +1 +1 +SELECT mysqltest3.f_def(); +mysqltest3.f_def() +1 +SELECT mysqltest4.f_inv(); +mysqltest4.f_inv() +1 + +---> connection: default +DROP DATABASE mysqltest1; +DROP DATABASE mysqltest2; +DROP DATABASE mysqltest3; +DROP DATABASE mysqltest4; +DROP USER mysqltest_1@localhost; End of 5.0 tests |