Fix for BUG#9504: Stored procedures: execute privilege doesn't

make 'use database' okay. The problem was that we didn't check stored-routine privileges in check_grant_db(). The patch adds this check. mysql-test/r/grant.result: Update result file. mysql-test/r/sp-security.result: Update result fil. mysql-test/t/grant.test: Added test case for BUG#9504. mysql-test/t/sp-security.test: Update test. sql/sql_acl.cc: Check stored routines privileges.
author: unknown <anozdrin/alik@booka.opbmk> 2007-03-23 14:12:11 +0300
committer: unknown <anozdrin/alik@booka.opbmk> 2007-03-23 14:12:11 +0300
commit: bd49d8debfc1821cb9d158efb9cdfc55231e54ee (patch)
tree: 5bf7ae3a2e46723dd549f6affcf4c82a7890d903 /mysql-test/r/sp-security.result
parent: b444f808828e42b64cdd4fa8bc9e901b1ae6e119 (diff)
download: mariadb-git-bd49d8debfc1821cb9d158efb9cdfc55231e54ee.tar.gz
1 files changed, 26 insertions, 9 deletions
diff --git a/mysql-test/r/sp-security.result b/mysql-test/r/sp-security.result
index 26b3f352a1f..8462bafe0e3 100644
--- a/mysql-test/r/sp-security.result
+++ b/mysql-test/r/sp-security.result
@@ -8,22 +8,29 @@ create procedure db1_secret.dummy() begin end;
 drop procedure db1_secret.dummy;
 use db1_secret;
 create table t1 ( u varchar(64), i int );
+insert into t1 values('test', 0);
 create procedure stamp(i int)
 insert into db1_secret.t1 values (user(), i);
 show procedure status like 'stamp';
 Db	Name	Type	Definer	Modified	Created	Security_type	Comment
 db1_secret	stamp	PROCEDURE	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	DEFINER	
-create function db() returns varchar(64) return database();
+create function db() returns varchar(64)
+begin
+declare v varchar(64);
+select u into v from t1 limit 1;
+return v;
+end|
 show function status like 'db';
 Db	Name	Type	Definer	Modified	Created	Security_type	Comment
 db1_secret	db	FUNCTION	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	DEFINER	
 call stamp(1);
 select * from t1;
 u	i
+test	0
 root@localhost	1
 select db();
 db()
-db1_secret
+test
 grant execute on procedure db1_secret.stamp to user1@'%';
 grant execute on function db1_secret.db to user1@'%';
 grant execute on procedure db1_secret.stamp to ''@'%';
@@ -31,25 +38,34 @@ grant execute on function db1_secret.db to ''@'%';
 call db1_secret.stamp(2);
 select db1_secret.db();
 db1_secret.db()
-db1_secret
+test
 select * from db1_secret.t1;
 ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1'
 create procedure db1_secret.dummy() begin end;
 ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
 drop procedure db1_secret.dummy;
 ERROR 42000: PROCEDURE db1_secret.dummy does not exist
+drop procedure db1_secret.stamp;
+ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db1_secret.stamp'
+drop function db1_secret.db;
+ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db1_secret.db'
 call db1_secret.stamp(3);
 select db1_secret.db();
 db1_secret.db()
-db1_secret
+test
 select * from db1_secret.t1;
 ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1'
 create procedure db1_secret.dummy() begin end;
 ERROR 42000: Access denied for user ''@'%' to database 'db1_secret'
 drop procedure db1_secret.dummy;
 ERROR 42000: PROCEDURE db1_secret.dummy does not exist
+drop procedure db1_secret.stamp;
+ERROR 42000: alter routine command denied to user ''@'%' for routine 'db1_secret.stamp'
+drop function db1_secret.db;
+ERROR 42000: alter routine command denied to user ''@'%' for routine 'db1_secret.db'
 select * from t1;
 u	i
+test	0
 root@localhost	1
 user1@localhost	2
 anon@localhost	3
@@ -64,21 +80,22 @@ db1_secret	db	FUNCTION	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	IN
 call stamp(4);
 select * from t1;
 u	i
+test	0
 root@localhost	1
 user1@localhost	2
 anon@localhost	3
 root@localhost	4
 select db();
 db()
-db1_secret
+test
 call db1_secret.stamp(5);
-ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
+ERROR 42000: INSERT command denied to user 'user1'@'localhost' for table 't1'
 select db1_secret.db();
-ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
+ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1'
 call db1_secret.stamp(6);
-ERROR 42000: Access denied for user ''@'%' to database 'db1_secret'
+ERROR 42000: INSERT command denied to user ''@'localhost' for table 't1'
 select db1_secret.db();
-ERROR 42000: Access denied for user ''@'%' to database 'db1_secret'
+ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1'
 drop database if exists db2;
 create database db2;
 use db2;
author	unknown <anozdrin/alik@booka.opbmk>	2007-03-23 14:12:11 +0300
committer	unknown <anozdrin/alik@booka.opbmk>	2007-03-23 14:12:11 +0300
commit	bd49d8debfc1821cb9d158efb9cdfc55231e54ee (patch)
tree	5bf7ae3a2e46723dd549f6affcf4c82a7890d903 /mysql-test/r/sp-security.result
parent	b444f808828e42b64cdd4fa8bc9e901b1ae6e119 (diff)
download	mariadb-git-bd49d8debfc1821cb9d158efb9cdfc55231e54ee.tar.gz