• Kristofer Pettersson's avatar
    Bug#44658 Create procedure makes server crash when user does not have ALL privilege · 66e0ee66
    Kristofer Pettersson authored
    MySQL crashes if a user without proper privileges attempts to create a procedure.
    
    The crash happens because more than one error state is pushed onto the Diagnostic
    area. In this particular case the user is denied to implicitly create a new user
    account with the implicitly granted privileges ALTER- and EXECUTE ROUTINE.
    
    The new account is needed if the original user account contained a host mask.
    A user account with a host mask is a distinct user account in this context.
    An alternative would be to first get the most permissive user account which
    include the current user connection and then assign privileges to that
    account. This behavior change is considered out of scope for this bug patch.
    
    The implicit assignment of privileges when a user creates a stored routine is a
    considered to be a feature for user convenience and as such it is not
    a critical operation. Any failure to complete this operation is thus considered
    non-fatal (an error becomes a warning).
    
    The patch back ports a stack implementation of the internal error handler interface.
    This enables the use of multiple error handlers so that it is possible to intercept
    and cancel errors thrown by lower layers. This is needed as a error handler already
    is used in the call stack emitting the errors which needs to be converted.
    
    
    mysql-test/r/grant.result:
      * Added test case for bug44658
    mysql-test/t/grant.test:
      * Added test case for bug44658
    sql/sp.cc:
      * Removed non functional parameter no_error and my_error calls as all errors
        from this function will be converted to a warning anyway.
      * Change function return type from int to bool.
    sql/sp.h:
      * Removed non functional parameter no_error and my_error calls as all errors
        from this function will be converted to a warning anyway.
      * Changed function return value from int to bool
    sql/sql_acl.cc:
      * Removed the non functional no_error parameter from the function prototype.
        The function is called from two places and in one of the places we now 
        ignore errors through error handlers.
      * Introduced the parameter write_to_binlog
      * Introduced an error handler to cancel any error state from mysql_routine_grant.
      * Moved my_ok() signal from mysql_routine_grant to make it easier to avoid
        setting the wrong state in the Diagnostic area.
      * Changed the broken error state in sp_grant_privileges() to a warning
        so that if "CREATE PROCEDURE" fails because "Password hash isn't a hexidecimal
        number" it is still clear what happened.
    sql/sql_acl.h:
      * Removed the non functional no_error parameter from the function prototype.
        The function is called from two places and in one of the places we now 
        ignore errors through error handlers.
      * Introduced the parameter write_to_binlog
      * Changed return type for sp_grant_privileges() from int to bool
    sql/sql_class.cc:
      * Back ported implementation of internal error handler from 6.0 branch
    sql/sql_class.h:
      * Back ported implementation of internal error handler from 6.0 branch
    sql/sql_parse.cc:
      * Moved my_ok() signal from mysql_routine_grant() to make it easier to avoid
        setting the wrong state in the Diagnostic area.
    66e0ee66
sp.cc 57.5 KB