Fixed BUG#6030: Stored procedure has no appropriate DROP privilege.

  ...and no ALTER privilege either.
  For now, only the definer and root can drop or alter an SP.


include/mysqld_error.h:
  New access denied error code when dropping/altering stored procedures.
include/sql_state.h:
  New access denied error code when dropping/altering stored procedures.
mysql-test/r/sp-error.result:
  Removed warning for "unitialized variable", as this popped up in unexpected
  places after the access control for drop/alter SPs was added. (And the warning
  was wrong and planned to be removed anyway.)
mysql-test/r/sp-security.result:
  Added tests for access control on who's allowed to drop and alter SPs.
mysql-test/r/sp.result:
  Updated results. (Warning removed.)
mysql-test/t/sp-error.test:
  Removed warning for "unitialized variable", as this popped up in unexpected
  places after the access control for drop/alter SPs was added. (And the warning
  was wrong and planned to be removed anyway.)
mysql-test/t/sp-security.test:
  Added tests for access control on who's allowed to drop and alter SPs.
sql/share/czech/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/danish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/dutch/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/english/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/estonian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/french/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/german/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/greek/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/hungarian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/italian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/japanese/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/korean/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/norwegian-ny/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/norwegian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/polish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/portuguese/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/romanian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/russian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/serbian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/slovak/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/spanish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/swedish/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/share/ukrainian/errmsg.txt:
  New access denied error message when dropping/altering stored procedures.
sql/sql_parse.cc:
  Added minimal access control for DROP/ALTER PROCEDURE/FUNCTION. Only the definer
  and root are allowed to do this.
sql/sql_yacc.yy:
  Removed warning for "unitialized variable", as this popped up in unexpected
  places after the access control for drop/alter SPs was added. (And the warning
  was wrong and planned to be removed anyway.)

25 files changed, 111 insertions, 22 deletions

diff --git a/sql/share/czech/errmsg.txt b/sql/share/czech/errmsg.txt
index 301ac6133ca..e3c08eeca89 100644
--- a/sql/share/czech/errmsg.txt
+++ b/sql/share/czech/errmsg.txt
@@ -398,3 +398,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/danish/errmsg.txt b/sql/share/danish/errmsg.txt
index 128859a5505..78610219ade 100644
--- a/sql/share/danish/errmsg.txt
+++ b/sql/share/danish/errmsg.txt
@@ -389,3 +389,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/dutch/errmsg.txt b/sql/share/dutch/errmsg.txt
index 3ad8d91bba7..051a2a13ab8 100644
--- a/sql/share/dutch/errmsg.txt
+++ b/sql/share/dutch/errmsg.txt
@@ -398,3 +398,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/english/errmsg.txt b/sql/share/english/errmsg.txt
index 1878d6e2da2..bb2a9cb59ba 100644
--- a/sql/share/english/errmsg.txt
+++ b/sql/share/english/errmsg.txt
@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/estonian/errmsg.txt b/sql/share/estonian/errmsg.txt
index af14aeac85c..14764d764aa 100644
--- a/sql/share/estonian/errmsg.txt
+++ b/sql/share/estonian/errmsg.txt
@@ -391,3 +391,4 @@ character-set=latin7
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/french/errmsg.txt b/sql/share/french/errmsg.txt
index b731f398a2f..7c3e833c903 100644
--- a/sql/share/french/errmsg.txt
+++ b/sql/share/french/errmsg.txt
@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/german/errmsg.txt b/sql/share/german/errmsg.txt
index ff797119971..7cda8bef089 100644
--- a/sql/share/german/errmsg.txt
+++ b/sql/share/german/errmsg.txt
@@ -399,3 +399,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/greek/errmsg.txt b/sql/share/greek/errmsg.txt
index f5db8296d14..7b9bf7e967e 100644
--- a/sql/share/greek/errmsg.txt
+++ b/sql/share/greek/errmsg.txt
@@ -386,3 +386,4 @@ character-set=greek
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/hungarian/errmsg.txt b/sql/share/hungarian/errmsg.txt
index 0b410dc1ac7..d4e5c5c744f 100644
--- a/sql/share/hungarian/errmsg.txt
+++ b/sql/share/hungarian/errmsg.txt
@@ -391,3 +391,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/italian/errmsg.txt b/sql/share/italian/errmsg.txt
index 0c0ccdc0a74..c697edb4cd7 100644
--- a/sql/share/italian/errmsg.txt
+++ b/sql/share/italian/errmsg.txt
@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/japanese/errmsg.txt b/sql/share/japanese/errmsg.txt
index bd9dd98d525..e1a32f1894b 100644
--- a/sql/share/japanese/errmsg.txt
+++ b/sql/share/japanese/errmsg.txt
@@ -390,3 +390,4 @@ character-set=ujis
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/korean/errmsg.txt b/sql/share/korean/errmsg.txt
index 9ab305bc2d8..adb08b67474 100644
--- a/sql/share/korean/errmsg.txt
+++ b/sql/share/korean/errmsg.txt
@@ -386,3 +386,4 @@ character-set=euckr
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/norwegian-ny/errmsg.txt b/sql/share/norwegian-ny/errmsg.txt
index c8166a777bf..057accd3c5b 100644
--- a/sql/share/norwegian-ny/errmsg.txt
+++ b/sql/share/norwegian-ny/errmsg.txt
@@ -388,3 +388,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/norwegian/errmsg.txt b/sql/share/norwegian/errmsg.txt
index 07f7381091d..5506d95592a 100644
--- a/sql/share/norwegian/errmsg.txt
+++ b/sql/share/norwegian/errmsg.txt
@@ -388,3 +388,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/polish/errmsg.txt b/sql/share/polish/errmsg.txt
index 43cf08666ac..38cefd45338 100644
--- a/sql/share/polish/errmsg.txt
+++ b/sql/share/polish/errmsg.txt
@@ -391,3 +391,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/portuguese/errmsg.txt b/sql/share/portuguese/errmsg.txt
index 827c49d3f1f..7689db06451 100644
--- a/sql/share/portuguese/errmsg.txt
+++ b/sql/share/portuguese/errmsg.txt
@@ -388,3 +388,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/romanian/errmsg.txt b/sql/share/romanian/errmsg.txt
index a3c16ea5023..ad486367ec9 100644
--- a/sql/share/romanian/errmsg.txt
+++ b/sql/share/romanian/errmsg.txt
@@ -391,3 +391,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/russian/errmsg.txt b/sql/share/russian/errmsg.txt
index c5988fca6d5..d057ab53256 100644
--- a/sql/share/russian/errmsg.txt
+++ b/sql/share/russian/errmsg.txt
@@ -391,3 +391,4 @@ character-set=koi8r
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION для необновляемого VIEW '%-.64s.%-.64s'"
 "проверка CHECK OPTION для VIEW '%-.64s.%-.64s' провалилась"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/serbian/errmsg.txt b/sql/share/serbian/errmsg.txt
index 5a08ae4ba54..6e38b1c3d11 100644
--- a/sql/share/serbian/errmsg.txt
+++ b/sql/share/serbian/errmsg.txt
@@ -379,3 +379,4 @@ character-set=cp1250
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/slovak/errmsg.txt b/sql/share/slovak/errmsg.txt
index a6bab89d689..a9667b8ba62 100644
--- a/sql/share/slovak/errmsg.txt
+++ b/sql/share/slovak/errmsg.txt
@@ -394,3 +394,4 @@ character-set=latin2
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/spanish/errmsg.txt b/sql/share/spanish/errmsg.txt
index 11bc53cde16..17600f336c0 100644
--- a/sql/share/spanish/errmsg.txt
+++ b/sql/share/spanish/errmsg.txt
@@ -390,3 +390,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/swedish/errmsg.txt b/sql/share/swedish/errmsg.txt
index 6d9a6b98204..8b061ac0eec 100644
--- a/sql/share/swedish/errmsg.txt
+++ b/sql/share/swedish/errmsg.txt
@@ -386,3 +386,4 @@ character-set=latin1
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
 "CHECK OPTION failed '%-.64s.%-.64s'"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/share/ukrainian/errmsg.txt b/sql/share/ukrainian/errmsg.txt
index 03f3172c2fb..317b2d596fa 100644
--- a/sql/share/ukrainian/errmsg.txt
+++ b/sql/share/ukrainian/errmsg.txt
@@ -392,3 +392,4 @@ character-set=koi8u
 "Illegal %s '%-.64s' value found during parsing",
 "CHECK OPTION для VIEW '%-.64s.%-.64s' що не може бути оновленним"
 "перев╕рка CHECK OPTION для VIEW '%-.64s.%-.64s' не пройшла"
+"Access denied; you are not the procedure/function definer of '%s'"
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index f1d6603201e..079d8994549 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -69,6 +69,7 @@ static void remove_escape(char *name);
 static void refresh_status(void);
 static bool append_file_to_dir(THD *thd, const char **filename_ptr,
 			       const char *table_name);
+static bool check_sp_definer_access(THD *thd, sp_head *sp);
 
 const char *any_db="*any*";	// Special symbol for check_access
 
@@ -3765,11 +3766,30 @@ purposes internal to the MySQL server", MYF(0));
   case SQLCOM_ALTER_PROCEDURE:
   case SQLCOM_ALTER_FUNCTION:
     {
-      res= -1;
+      sp_head *sp;
+      st_sp_chistics chistics;
+
+      memcpy(&chistics, &lex->sp_chistics, sizeof(chistics));
       if (lex->sql_command == SQLCOM_ALTER_PROCEDURE)
-	res= sp_update_procedure(thd, lex->spname, &lex->sp_chistics);
+	sp= sp_find_procedure(thd, lex->spname);
       else
-	res= sp_update_function(thd, lex->spname, &lex->sp_chistics);
+	sp= sp_find_function(thd, lex->spname);
+      mysql_reset_errors(thd);
+      if (! sp)
+	res= SP_KEY_NOT_FOUND;
+      else
+      {
+	if (check_sp_definer_access(thd, sp))
+	{
+	  res= -1;
+	  break;
+	}
+	memcpy(&lex->sp_chistics, &chistics, sizeof(lex->sp_chistics));
+	if (lex->sql_command == SQLCOM_ALTER_PROCEDURE)
+	  res= sp_update_procedure(thd, lex->spname, &lex->sp_chistics);
+	else
+	  res= sp_update_function(thd, lex->spname, &lex->sp_chistics);
+      }
       switch (res)
       {
       case SP_OK:
@@ -3789,28 +3809,45 @@ purposes internal to the MySQL server", MYF(0));
   case SQLCOM_DROP_PROCEDURE:
   case SQLCOM_DROP_FUNCTION:
     {
+      sp_head *sp;
+
       if (lex->sql_command == SQLCOM_DROP_PROCEDURE)
-	res= sp_drop_procedure(thd, lex->spname);
+	sp= sp_find_procedure(thd, lex->spname);
+      else
+	sp= sp_find_function(thd, lex->spname);
+      mysql_reset_errors(thd);
+      if (! sp)
+	res= SP_KEY_NOT_FOUND;
       else
       {
-	res= sp_drop_function(thd, lex->spname);
-#ifdef HAVE_DLOPEN
-	if (res == SP_KEY_NOT_FOUND)
+	if (check_sp_definer_access(thd, sp))
 	{
-	  udf_func *udf = find_udf(lex->spname->m_name.str,
-				   lex->spname->m_name.length);
-	  if (udf)
+	  res= -1;
+	  break;
+	}
+	if (lex->sql_command == SQLCOM_DROP_PROCEDURE)
+	  res= sp_drop_procedure(thd, lex->spname);
+	else
+	{
+	  res= sp_drop_function(thd, lex->spname);
+#ifdef HAVE_DLOPEN
+	  if (res == SP_KEY_NOT_FOUND)
 	  {
-	    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0))
-	      goto error;
-	    if (!(res = mysql_drop_function(thd,&lex->spname->m_name)))
+	    udf_func *udf = find_udf(lex->spname->m_name.str,
+				     lex->spname->m_name.length);
+	    if (udf)
 	    {
-	      send_ok(thd);
-	      break;
+	      if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0))
+		goto error;
+	      if (!(res = mysql_drop_function(thd,&lex->spname->m_name)))
+	      {
+		send_ok(thd);
+		break;
+	      }
 	    }
 	  }
-	}
 #endif
+	}
       }
       switch (res)
       {
@@ -4269,6 +4306,41 @@ static bool check_db_used(THD *thd,TABLE_LIST *tables)
   return FALSE;
 }
 
+
+/*
+  Check if the given SP is owned by thd->priv_user/host, or priv_user is root.
+  QQ This is not quite complete, but it will do as a basic security check
+     for now. The question is exactly which rights should 'root' have?
+     Should root have access regardless of host for instance?
+
+  SYNOPSIS
+    check_sp_definer_access()
+    thd		 Thread handler
+    sp           The SP pointer
+
+  RETURN
+    0  ok
+    1  error     Error message has been sent
+*/
+
+static bool
+check_sp_definer_access(THD *thd, sp_head *sp)
+{
+  LEX_STRING *usr, *hst;
+
+  if (strcmp("root", thd->priv_user) == 0)
+    return FALSE;		/* QQ Any root is ok now */
+  usr= &sp->m_definer_user;
+  hst= &sp->m_definer_host;
+  if (strncmp(thd->priv_user, usr->str, usr->length) == 0 &&
+      strncmp(thd->priv_host, hst->str, hst->length) == 0)
+    return FALSE;		/* Both user and host must match */
+
+  my_error(ER_SP_ACCESS_DENIED_ERROR, MYF(0), sp->m_qname.str);
+  return TRUE;			/* Not definer or root */
+}
+
+
 /****************************************************************************
 	Check stack size; Send error if there isn't enough stack to continue
 ****************************************************************************/
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 5caa3401fba..d792d144545 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -6495,12 +6495,6 @@ simple_ident:
 
 	  if (spc && (spv = spc->find_pvar(&$1)))
 	  { /* We're compiling a stored procedure and found a variable */
-	    if (lex->sql_command != SQLCOM_CALL && ! spv->isset)
-	    {
-	      push_warning_printf(YYTHD, MYSQL_ERROR::WARN_LEVEL_WARN,
-	                          ER_SP_UNINIT_VAR, ER(ER_SP_UNINIT_VAR),
-				  $1.str);
-	    }
 	    $$ = (Item*) new Item_splocal($1, spv->offset);
             lex->variables_used= 1;
 	    lex->safe_to_cache_query=0;