WL#925 - Privileges for stored routines

Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
author: unknown <acurtis@pcgem.rdg.cyberkinetica.com> 2004-12-23 10:46:24 +0000
committer: unknown <acurtis@pcgem.rdg.cyberkinetica.com> 2004-12-23 10:46:24 +0000
commit: 09ce0b330b3af16075958c306db984af5cd8b3b6 (patch)
tree: 1f9ae909b765f73df023264dce5aa52d83e5cb8e /scripts/mysql_create_system_tables.sh
parent: d1db2ebf8434a9b8acf95962251a0f5078f413e7 (diff)
download: mariadb-git-09ce0b330b3af16075958c306db984af5cd8b3b6.tar.gz
1 files changed, 38 insertions, 11 deletions
diff --git a/scripts/mysql_create_system_tables.sh b/scripts/mysql_create_system_tables.sh
index 7a4da55f851..be99a081bcb 100644
--- a/scripts/mysql_create_system_tables.sh
+++ b/scripts/mysql_create_system_tables.sh
@@ -41,7 +41,7 @@ c_hk=""
 i_ht=""
 c_tzn="" c_tz="" c_tzt="" c_tztt="" c_tzls=""
 i_tzn="" i_tz="" i_tzt="" i_tztt="" i_tzls=""
-c_p=""
+c_p="" c_pp=""
 
 # Check for old tables
 if test ! -f $mdata/db.frm
@@ -69,14 +69,17 @@ then
   c_d="$c_d   Lock_tables_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_d="$c_d   Create_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_d="$c_d   Show_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
+  c_d="$c_d   Create_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
+  c_d="$c_d   Alter_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
+  c_d="$c_d   Execute_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_d="$c_d PRIMARY KEY Host (Host,Db,User),"
   c_d="$c_d KEY User (User)"
   c_d="$c_d ) engine=MyISAM"
   c_d="$c_d CHARACTER SET utf8 COLLATE utf8_bin"
   c_d="$c_d comment='Database privileges';"
   
-  i_d="INSERT INTO db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y');
-  INSERT INTO db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y');"
+  i_d="INSERT INTO db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N');
+  INSERT INTO db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N');"
 fi
 
 if test ! -f $mdata/host.frm
@@ -141,6 +144,8 @@ then
   c_u="$c_u   Repl_client_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_u="$c_u   Create_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_u="$c_u   Show_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
+  c_u="$c_u   Create_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
+  c_u="$c_u   Alter_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
   c_u="$c_u   ssl_type enum('','ANY','X509', 'SPECIFIED') DEFAULT '' NOT NULL,"
   c_u="$c_u   ssl_cipher BLOB NOT NULL,"
   c_u="$c_u   x509_issuer BLOB NOT NULL,"
@@ -155,24 +160,24 @@ then
 
   if test "$1" = "test" 
   then
-    i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
-    INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
-    REPLACE INTO user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+    i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+    INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+    REPLACE INTO user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
     INSERT INTO user (host,user) values ('localhost','');
     INSERT INTO user (host,user) values ('$hostname','');"
   else
-    i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);"
+    i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);"
     if test "$windows" = "0"
     then
       i_u="$i_u
-           INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+           INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
            INSERT INTO user (host,user) values ('$hostname','');
            INSERT INTO user (host,user) values ('localhost','');"
     else
       i_u="$i_u
-	   INSERT INTO user VALUES ('%','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
-	   INSERT INTO user VALUES ('localhost','','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
-	   INSERT INTO user VALUES ('%','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','','','','',0,0,0);"
+	   INSERT INTO user VALUES ('%','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+	   INSERT INTO user VALUES ('localhost','','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
+	   INSERT INTO user VALUES ('%','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','','','','',0,0,0);"
     fi
   fi 
 fi
@@ -236,6 +241,27 @@ then
   c_c="$c_c   comment='Column privileges';"
 fi
 
+if test ! -f $mdata/procs_priv.frm
+then
+  if test "$1" = "verbose" ; then
+    echo "Preparing procs_priv table" 1>&2;
+  fi
+
+  c_pp="$c_pp CREATE TABLE procs_priv ("
+  c_pp="$c_pp   Host char(60) binary DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   Db char(64) binary DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   User char(16) binary DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   Routine_name char(64) binary DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   Grantor char(77) DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   Timestamp timestamp(14),"
+  c_pp="$c_pp   Proc_priv set('Execute','Alter Routine','Grant') DEFAULT '' NOT NULL,"
+  c_pp="$c_pp   PRIMARY KEY (Host,Db,User,Routine_name),"
+  c_pp="$c_pp   KEY Grantor (Grantor)"
+  c_pp="$c_pp ) engine=MyISAM"
+  c_pp="$c_pp CHARACTER SET utf8 COLLATE utf8_bin"
+  c_pp="$c_pp   comment='Procedure privileges';"
+fi
+
 if test ! -f $mdata/help_topic.frm
 then
   if test "$1" = "verbose" ; then
@@ -718,6 +744,7 @@ $c_tzls
 $i_tzls
 
 $c_p
+$c_pp
 
 END_OF_DATA
author	unknown <acurtis@pcgem.rdg.cyberkinetica.com>	2004-12-23 10:46:24 +0000
committer	unknown <acurtis@pcgem.rdg.cyberkinetica.com>	2004-12-23 10:46:24 +0000
commit	09ce0b330b3af16075958c306db984af5cd8b3b6 (patch)
tree	1f9ae909b765f73df023264dce5aa52d83e5cb8e /scripts/mysql_create_system_tables.sh
parent	d1db2ebf8434a9b8acf95962251a0f5078f413e7 (diff)
download	mariadb-git-09ce0b330b3af16075958c306db984af5cd8b3b6.tar.gz