Commit 9c9573a4 authored by unknown's avatar unknown

WL#925 - Privileges for stored routines

  Implement fine-grained control over access to stored procedures
  Privileges are cached (same way as existing table/column privs)
  


mysql-test/include/system_db_struct.inc:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
mysql-test/r/connect.result:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
mysql-test/r/grant.result:
  WL#925 - Privileges for stored routines
    user table has additional privilege attributes
    SHOW PRIVILEGES amended
mysql-test/r/grant2.result:
  Fix result
mysql-test/r/information_schema.result:
  WL#925 - Privileges for stored routines
    New system table procs_priv
    New user privileges
mysql-test/r/show_check.result:
  Fix result
mysql-test/r/sp-security.result:
  WL#925 - Privileges for stored routines
    Fix existing tests to work with new privileges
    New tests for new privileges
mysql-test/r/sp.result:
  WL#925 - Privileges for stored routines
    Fix SHOW PRIVILEGES results
mysql-test/r/system_mysql_db.result:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
    user and db tables have new privilege attributes
mysql-test/t/grant2.test:
  Fix test
mysql-test/t/show_check.test:
  Fix test
mysql-test/t/sp-security.test:
  WL#925 - Privileges for stored routines
    Allow existing tests to run with new privilege checks
    New tests for privileges
mysql-test/t/system_mysql_db_fix.test:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
scripts/mysql_create_system_tables.sh:
  WL#925 - Privileges for stored routines
    db and user has new privilege attributes
    new system table: procs_priv
scripts/mysql_fix_privilege_tables.sql:
  WL#925 - Privileges for stored routines
    new system table: procs_priv
scripts/mysql_install_db.sh:
  WL#925 - Privileges for stored routines
    Amend comment
sql/item_func.cc:
  WL#925 - Privileges for stored routines
    Privilege check for stored FUNCTION routine
sql/lex.h:
  WL#925 - Privileges for stored routines
    new token ROUTINE
sql/mysql_priv.h:
  WL#925 - Privileges for stored routines
    New function: check_procedure_access()
sql/mysqld.cc:
  WL#925 - Privileges for stored routines
    system option automatic-sp-privileges
sql/set_var.cc:
  WL#925 - Privileges for stored routines
    system option automatic-sp-privileges
sql/share/errmsg.txt:
  WL#925 - Privileges for stored routines
    rename errormessage to conform:
      ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR
    New error messages
      ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL
sql/sp.cc:
  WL#925 - Privileges for stored routines
    new function: sp_exists_routine()
sql/sp.h:
  WL#925 - Privileges for stored routines
    new function: sp_exists_routine()
sql/sql_acl.cc:
  WL#925 - Privileges for stored routines
    Implementation for SP privileges.
    Privileges are cached in memory hash.
    New functions:
      mysql_procedure_grant()
      check_grant_procedure()
      sp_revoke_privileges()
      sp_grant_privileges()
sql/sql_acl.h:
  WL#925 - Privileges for stored routines
    New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL
    Alter confusing bit-segments to be shifted
    New macros: fix_rights_for_procedure() get_rights_for_procedure()
    New functions:
      mysql_procedure_grant()
      check_grant_procedure()
      sp_grant_privileges()
      sp_revoke_privileges()
sql/sql_lex.h:
  WL#925 - Privileges for stored routines
    new all_privileges attribute in LEX
sql/sql_parse.cc:
  WL#925 - Privileges for stored routines
    Remove function: check_sp_definer_access()
    Add handling for SP grants/revokes
    Add privilege checks for stored procedure invocation
sql/sql_show.cc:
  WL#925 - Privileges for stored routines
    update result for SHOW PRIVILEGES
sql/sql_yacc.yy:
  WL#925 - Privileges for stored routines
    New token ROUTINE
    rename some rules
    handle CREATE ROUTINE / ALTER ROUTINE privileges
parent 67018e88
......@@ -10,3 +10,4 @@ show create table user;
show create table func;
show create table tables_priv;
show create table columns_priv;
show create table procs_priv;
......@@ -9,6 +9,7 @@ help_relation
help_topic
host
proc
procs_priv
tables_priv
time_zone
time_zone_leap_second
......@@ -31,6 +32,7 @@ help_relation
help_topic
host
proc
procs_priv
tables_priv
time_zone
time_zone_leap_second
......@@ -57,6 +59,7 @@ help_relation
help_topic
host
proc
procs_priv
tables_priv
time_zone
time_zone_leap_second
......
......@@ -10,7 +10,7 @@ GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE CIPHER 'EDH-RSA-DES-CBC3
GRANT SELECT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
grant delete on mysqltest.* to mysqltest_1@localhost;
select * from mysql.user where user="mysqltest_1";
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections
localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 0 0 0
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
......@@ -62,7 +62,7 @@ revoke LOCK TABLES, ALTER on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, CREATE TEMPORARY TABLES, CREATE VIEW, SHOW VIEW ON `mysqltest`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, CREATE TEMPORARY TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `mysqltest`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION
revoke all privileges on mysqltest.* from mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
flush privileges;
......@@ -347,13 +347,16 @@ drop table t1;
SHOW PRIVILEGES;
Privilege Context Comment
Alter Tables To alter the table
Alter routine Functions,Procedures To alter or drop stored functions/procedures
Create Databases,Tables,Indexes To create new databases and tables
Create routine Functions,Procedures To use CREATE FUNCTION/PROCEDURE
Create temporary tables Databases To use CREATE TEMPORARY TABLE
Create view Tables To create new views
Delete Tables To delete existing rows
Drop Databases,Tables To drop databases, tables, and views
Execute Functions,Procedures To execute stored routines
File File access on server To read and write files on the server
Grant option Databases,Tables To give to other users those privileges you possess
Grant option Databases,Tables,Functions,Procedures To give to other users those privileges you possess
Index Tables To create or drop indexes
Insert Tables To insert data into tables
Lock tables Databases To use LOCK TABLES (together with SELECT privilege)
......
......@@ -48,9 +48,9 @@ GRANT SELECT, INSERT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
use mysqltest;
insert into t1 values (1, 'I can''t change it!');
update t1 set data='I can change it!' where id = 1;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest'
ERROR 42000: update command denied to user 'mysqltest_1'@'localhost' for table 't1'
insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!';
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest'
ERROR 42000: update command denied to user 'mysqltest_1'@'localhost' for table 't1'
select * from t1;
id data
1 I can't change it!
......@@ -202,7 +202,7 @@ drop user '%@a'@'a';
create user mysqltest_2@localhost;
grant usage on *.* to mysqltest_2@localhost with grant option;
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
ERROR 42000: Access denied for user 'mysqltest_2'@'localhost' to database 'mysql'
ERROR 42000: select command denied to user 'mysqltest_2'@'localhost' for table 'user'
create user mysqltest_A@'%';
rename user mysqltest_A@'%' to mysqltest_B@'%';
drop user mysqltest_B@'%';
......
......@@ -58,6 +58,7 @@ help_relation
help_topic
host
proc
procs_priv
tables_priv
time_zone
time_zone_leap_second
......@@ -346,8 +347,11 @@ GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
'mysqltest_1'@'localhost' NULL test ALTER YES
'mysqltest_1'@'localhost' NULL test CREATE TEMPORARY TABLES YES
'mysqltest_1'@'localhost' NULL test LOCK TABLES YES
'mysqltest_1'@'localhost' NULL test EXECUTE YES
'mysqltest_1'@'localhost' NULL test CREATE VIEW YES
'mysqltest_1'@'localhost' NULL test SHOW VIEW YES
'mysqltest_1'@'localhost' NULL test CREATE ROUTINE YES
'mysqltest_1'@'localhost' NULL test ALTER ROUTINE YES
select * from information_schema.TABLE_PRIVILEGES where grantee like '%mysqltest_1%';
GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE
'mysqltest_1'@'localhost' NULL test t1 SELECT NO
......@@ -600,6 +604,8 @@ Process_priv select,insert,update,references
Show_db_priv select,insert,update,references
Lock_tables_priv select,insert,update,references
Show_view_priv select,insert,update,references
Create_routine_priv select,insert,update,references
Alter_routine_priv select,insert,update,references
max_questions select,insert,update,references
max_connections select,insert,update,references
use test;
......
......@@ -382,19 +382,19 @@ show create database mysqltest;
Database Create Database
mysqltest CREATE DATABASE `mysqltest` /*!40100 DEFAULT CHARACTER SET latin1 */
drop table t1;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest'
ERROR 42000: drop command denied to user 'mysqltest_1'@'localhost' for table 't1'
drop database mysqltest;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest'
select * from mysqltest.t1;
ERROR 42000: Access denied for user 'mysqltest_2'@'localhost' to database 'mysqltest'
ERROR 42000: select command denied to user 'mysqltest_2'@'localhost' for table 't1'
show create database mysqltest;
ERROR 42000: Access denied for user 'mysqltest_2'@'localhost' to database 'mysqltest'
drop table mysqltest.t1;
ERROR 42000: Access denied for user 'mysqltest_2'@'localhost' to database 'mysqltest'
ERROR 42000: drop command denied to user 'mysqltest_2'@'localhost' for table 't1'
drop database mysqltest;
ERROR 42000: Access denied for user 'mysqltest_2'@'localhost' to database 'mysqltest'
select * from mysqltest.t1;
ERROR 42000: Access denied for user 'mysqltest_3'@'localhost' to database 'mysqltest'
ERROR 42000: select command denied to user 'mysqltest_3'@'localhost' for table 't1'
show create database mysqltest;
ERROR 42000: Access denied for user 'mysqltest_3'@'localhost' to database 'mysqltest'
drop table mysqltest.t1;
......
......@@ -23,12 +23,16 @@ root@localhost 1
select db();
db()
db1_secret
grant execute on db1_secret.stamp to user1@'%';
grant execute on db1_secret.db to user1@'%';
grant execute on db1_secret.stamp to ''@'%';
grant execute on db1_secret.db to ''@'%';
call db1_secret.stamp(2);
select db1_secret.db();
db1_secret.db()
db1_secret
select * from db1_secret.t1;
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
ERROR 42000: select command denied to user 'user1'@'localhost' for table 't1'
create procedure db1_secret.dummy() begin end;
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
drop procedure db1_secret.dummy;
......@@ -38,7 +42,7 @@ select db1_secret.db();
db1_secret.db()
db1_secret
select * from db1_secret.t1;
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
ERROR 42000: select command denied to user ''@'localhost' for table 't1'
create procedure db1_secret.dummy() begin end;
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
drop procedure db1_secret.dummy;
......@@ -82,15 +86,16 @@ insert into t2 values (0);
grant usage on db2.* to user1@localhost;
grant select on db2.* to user1@localhost;
grant usage on db2.* to user2@localhost;
grant select,insert,update,delete on db2.* to user2@localhost;
grant select,insert,update,delete,create routine on db2.* to user2@localhost;
grant create routine on db2.* to user1@localhost;
flush privileges;
use db2;
create procedure p () insert into t2 values (1);
call p();
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db2'
ERROR 42000: insert command denied to user 'user1'@'localhost' for table 't2'
use db2;
call p();
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db2'
ERROR 42000: execute command denied to user 'user2'@'localhost' for routine 'db2.p'
select * from t2;
s1
0
......@@ -100,6 +105,8 @@ select * from t2;
s1
0
2
grant usage on db2.q to user2@localhost with grant option;
grant execute on db2.q to user1@localhost;
use db2;
call q();
select * from t2;
......@@ -110,9 +117,9 @@ s1
alter procedure p modifies sql data;
drop procedure p;
alter procedure q modifies sql data;
ERROR 42000: Access denied; you are not the procedure/function definer of 'db2.q'
ERROR 42000: alter procedure command denied to user 'user1'@'localhost' for routine 'db2.q'
drop procedure q;
ERROR 42000: Access denied; you are not the procedure/function definer of 'db2.q'
ERROR 42000: alter procedure command denied to user 'user1'@'localhost' for routine 'db2.q'
use db2;
alter procedure q modifies sql data;
drop procedure q;
......@@ -126,3 +133,64 @@ drop database db2;
select type,db,name from mysql.proc;
type db name
delete from mysql.user where user='user1' or user='user2';
delete from mysql.procs_priv where user='user1' or user='user2';
grant usage on *.* to usera@localhost;
grant usage on *.* to userb@localhost;
grant usage on *.* to userc@localhost;
create database sptest;
create table t1 ( u varchar(64), i int );
create procedure sptest.p1(i int) insert into test.t1 values (user(), i);
grant insert on t1 to usera@localhost;
grant execute on sptest.p1 to usera@localhost;
show grants for usera@localhost;
Grants for usera@localhost
GRANT USAGE ON *.* TO 'usera'@'localhost'
GRANT INSERT ON `test`.`t1` TO 'usera'@'localhost'
GRANT EXECUTE ON `sptest`.`p1` TO 'usera'@'localhost'
grant execute on sptest.p1 to userc@localhost with grant option;
show grants for userc@localhost;
Grants for userc@localhost
GRANT USAGE ON *.* TO 'userc'@'localhost'
GRANT EXECUTE ON `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
call sptest.p1(1);
grant execute on sptest.p1 to userb@localhost;
ERROR 42000: grant command denied to user 'usera'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
ERROR 42000: alter procedure command denied to user 'usera'@'localhost' for routine 'sptest.p1'
call sptest.p1(2);
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
grant execute on sptest.p1 to userb@localhost;
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
ERROR 42000: alter procedure command denied to user 'userb'@'localhost' for routine 'sptest.p1'
call sptest.p1(3);
grant execute on sptest.p1 to userb@localhost;
drop procedure sptest.p1;
ERROR 42000: alter procedure command denied to user 'userc'@'localhost' for routine 'sptest.p1'
call sptest.p1(4);
grant execute on sptest.p1 to userb@localhost;
ERROR 42000: grant command denied to user 'userb'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
ERROR 42000: alter procedure command denied to user 'userb'@'localhost' for routine 'sptest.p1'
select * from t1;
u i
usera@localhost 1
userc@localhost 3
userb@localhost 4
grant all privileges on sptest.p1 to userc@localhost;
show grants for userc@localhost;
Grants for userc@localhost
GRANT USAGE ON *.* TO 'userc'@'localhost'
GRANT EXECUTE, ALTER ROUTINE ON `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
show grants for userb@localhost;
Grants for userb@localhost
GRANT USAGE ON *.* TO 'userb'@'localhost'
GRANT EXECUTE ON `sptest`.`p1` TO 'userb'@'localhost'
revoke all privileges on sptest.p1 from userb@localhost;
show grants for userb@localhost;
Grants for userb@localhost
GRANT USAGE ON *.* TO 'userb'@'localhost'
use test;
drop database sptest;
delete from mysql.user where user='usera' or user='userb' or user='userc';
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
......@@ -1654,13 +1654,16 @@ Table Non_unique Key_name Seq_in_index Column_name Collation Cardinality Sub_par
Database Table In_use Name_locked
Privilege Context Comment
Alter Tables To alter the table
Alter routine Functions,Procedures To alter or drop stored functions/procedures
Create Databases,Tables,Indexes To create new databases and tables
Create routine Functions,Procedures To use CREATE FUNCTION/PROCEDURE
Create temporary tables Databases To use CREATE TEMPORARY TABLE
Create view Tables To create new views
Delete Tables To delete existing rows
Drop Databases,Tables To drop databases, tables, and views
Execute Functions,Procedures To execute stored routines
File File access on server To read and write files on the server
Grant option Databases,Tables To give to other users those privileges you possess
Grant option Databases,Tables,Functions,Procedures To give to other users those privileges you possess
Index Tables To create or drop indexes
Insert Tables To insert data into tables
Lock tables Databases To use LOCK TABLES (together with SELECT privilege)
......@@ -1704,13 +1707,16 @@ Table Non_unique Key_name Seq_in_index Column_name Collation Cardinality Sub_par
Database Table In_use Name_locked
Privilege Context Comment
Alter Tables To alter the table
Alter routine Functions,Procedures To alter or drop stored functions/procedures
Create Databases,Tables,Indexes To create new databases and tables
Create routine Functions,Procedures To use CREATE FUNCTION/PROCEDURE
Create temporary tables Databases To use CREATE TEMPORARY TABLE
Create view Tables To create new views
Delete Tables To delete existing rows
Drop Databases,Tables To drop databases, tables, and views
Execute Functions,Procedures To execute stored routines
File File access on server To read and write files on the server
Grant option Databases,Tables To give to other users those privileges you possess
Grant option Databases,Tables,Functions,Procedures To give to other users those privileges you possess
Index Tables To create or drop indexes
Insert Tables To insert data into tables
Lock tables Databases To use LOCK TABLES (together with SELECT privilege)
......
......@@ -9,6 +9,7 @@ help_relation
help_topic
host
proc
procs_priv
tables_priv
time_zone
time_zone_leap_second
......@@ -36,6 +37,9 @@ db CREATE TABLE `db` (
`Lock_tables_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
`Create_view_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
`Show_view_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
`Create_routine_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
`Alter_routine_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
`Execute_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
PRIMARY KEY (`Host`,`Db`,`User`),
KEY `User` (`User`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Database privileges'
......@@ -89,6 +93,8 @@ user CREATE TABLE `user` (
`Repl_client_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
`Create_view_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
`Show_view_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
`Create_routine_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
`Alter_routine_priv` enum('N','Y') collate utf8_bin NOT NULL default 'N',
`ssl_type` enum('','ANY','X509','SPECIFIED') collate utf8_bin NOT NULL default '',
`ssl_cipher` blob NOT NULL,
`x509_issuer` blob NOT NULL,
......@@ -133,5 +139,18 @@ columns_priv CREATE TABLE `columns_priv` (
`Column_priv` set('Select','Insert','Update','References') collate utf8_bin NOT NULL default '',
PRIMARY KEY (`Host`,`Db`,`User`,`Table_name`,`Column_name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Column privileges'
show create table procs_priv;
Table Create Table
procs_priv CREATE TABLE `procs_priv` (
`Host` char(60) collate utf8_bin NOT NULL default '',
`Db` char(64) collate utf8_bin NOT NULL default '',
`User` char(16) collate utf8_bin NOT NULL default '',
`Routine_name` char(64) collate utf8_bin NOT NULL default '',
`Grantor` char(77) collate utf8_bin NOT NULL default '',
`Timestamp` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
`Proc_priv` set('Execute','Alter Routine','Grant') collate utf8_bin NOT NULL default '',
PRIMARY KEY (`Host`,`Db`,`User`,`Routine_name`),
KEY `Grantor` (`Grantor`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Procedure privileges'
show tables;
Tables_in_test
......@@ -64,10 +64,10 @@ connection mrbad;
show grants for current_user();
use mysqltest;
insert into t1 values (1, 'I can''t change it!');
--error 1044
--error 1142
update t1 set data='I can change it!' where id = 1;
# This should not be allowed since it too require UPDATE privilege.
--error 1044
--error 1142
insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!';
select * from t1;
......@@ -199,7 +199,7 @@ create user mysqltest_2@localhost;
grant usage on *.* to mysqltest_2@localhost with grant option;
connect (user2,localhost,mysqltest_2,,);
connection user2;
--error 1044
--error 1142
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
create user mysqltest_A@'%';
rename user mysqltest_A@'%' to mysqltest_B@'%';
......
......@@ -287,25 +287,25 @@ connect (con1,localhost,mysqltest_1,,mysqltest);
connection con1;
select * from t1;
show create database mysqltest;
--error 1044
--error 1142
drop table t1;
--error 1044
drop database mysqltest;
connect (con2,localhost,mysqltest_2,,test);
connection con2;
--error 1044
--error 1142
select * from mysqltest.t1;
--error 1044
show create database mysqltest;
--error 1044
--error 1142
drop table mysqltest.t1;
--error 1044
drop database mysqltest;
connect (con3,localhost,mysqltest_3,,test);
connection con3;
--error 1044
--error 1142
select * from mysqltest.t1;
--error 1044
show create database mysqltest;
......
......@@ -40,6 +40,11 @@ call stamp(1);
select * from t1;
select db();
grant execute on db1_secret.stamp to user1@'%';
grant execute on db1_secret.db to user1@'%';
grant execute on db1_secret.stamp to ''@'%';
grant execute on db1_secret.db to ''@'%';
connect (con2user1,localhost,user1,,);
connect (con3anon,localhost,anon,,);
......@@ -54,7 +59,7 @@ call db1_secret.stamp(2);
select db1_secret.db();
# ...but not this
--error 1044
--error 1142
select * from db1_secret.t1;
# ...and not this
......@@ -74,7 +79,7 @@ call db1_secret.stamp(3);
select db1_secret.db();
# ...but not this
--error 1044
--error 1142
select * from db1_secret.t1;
# ...and not this
......@@ -146,7 +151,8 @@ insert into t2 values (0);
grant usage on db2.* to user1@localhost;
grant select on db2.* to user1@localhost;
grant usage on db2.* to user2@localhost;
grant select,insert,update,delete on db2.* to user2@localhost;
grant select,insert,update,delete,create routine on db2.* to user2@localhost;
grant create routine on db2.* to user1@localhost;
flush privileges;
connection con2user1;
......@@ -155,7 +161,7 @@ use db2;
create procedure p () insert into t2 values (1);
# Check that this doesn't work.
--error 1044
--error 1142
call p();
connect (con4user2,localhost,user2,,);
......@@ -164,7 +170,7 @@ connection con4user2;
use db2;
# This should not work, since p is executed with definer's (user1's) rights.
--error 1044
--error 1370
call p();
select * from t2;
......@@ -173,6 +179,12 @@ create procedure q () insert into t2 values (2);
call q();
select * from t2;
connection con1root;
grant usage on db2.q to user2@localhost with grant option;
connection con4user2;
grant execute on db2.q to user1@localhost;
connection con2user1;
use db2;
......@@ -206,6 +218,9 @@ drop procedure q;
# Clean up
#Still connection con1root;
disconnect con2user1;
disconnect con3anon;
disconnect con4user2;
use test;
select type,db,name from mysql.proc;
drop database db1_secret;
......@@ -214,3 +229,75 @@ drop database db2;
select type,db,name from mysql.proc;
# Get rid of the users
delete from mysql.user where user='user1' or user='user2';
# And any routine privileges
delete from mysql.procs_priv where user='user1' or user='user2';
#
# Test the new security acls
#
grant usage on *.* to usera@localhost;
grant usage on *.* to userb@localhost;
grant usage on *.* to userc@localhost;
create database sptest;
create table t1 ( u varchar(64), i int );
create procedure sptest.p1(i int) insert into test.t1 values (user(), i);
grant insert on t1 to usera@localhost;
grant execute on sptest.p1 to usera@localhost;
show grants for usera@localhost;
grant execute on sptest.p1 to userc@localhost with grant option;
show grants for userc@localhost;
connect (con2usera,localhost,usera,,);
connect (con3userb,localhost,userb,,);
connect (con4userc,localhost,userc,,);
connection con2usera;
call sptest.p1(1);
--error 1370
grant execute on sptest.p1 to userb@localhost;
--error 1370
drop procedure sptest.p1;
connection con3userb;
--error 1370
call sptest.p1(2);
--error 1370
grant execute on sptest.p1 to userb@localhost;
--error 1370
drop procedure sptest.p1;
connection con4userc;
call sptest.p1(3);
grant execute on sptest.p1 to userb@localhost;
--error 1370
drop procedure sptest.p1;
connection con3userb;
call sptest.p1(4);
--error 1370
grant execute on sptest.p1 to userb@localhost;
--error 1370
drop procedure sptest.p1;
connection con1root;
select * from t1;
grant all privileges on sptest.p1 to userc@localhost;
show grants for userc@localhost;
show grants for userb@localhost;
connection con4userc;
revoke all privileges on sptest.p1 from userb@localhost;
connection con1root;
show grants for userb@localhost;
#cleanup
disconnect con4userc;
disconnect con3userb;
disconnect con2usera;
use test;
drop database sptest;
delete from mysql.user where user='usera' or user='userb' or user='userc';
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
......@@ -74,7 +74,7 @@ INSERT INTO user VALUES ('localhost','', '','N','N','N','N','N','N','N','N','
-- disable_query_log
DROP TABLE db, host, user, func, tables_priv, columns_priv, help_category, help_keyword, help_relation, help_topic, proc, time_zone, time_zone_leap_second, time_zone_name, time_zone_transition, time_zone_transition_type;
DROP TABLE db, host, user, func, tables_priv, columns_priv, procs_priv, help_category, help_keyword, help_relation, help_topic, proc, time_zone, time_zone_leap_second, time_zone_name, time_zone_transition, time_zone_transition_type;
-- enable_query_log
......
......@@ -41,7 +41,7 @@ c_hk=""
i_ht=""
c_tzn="" c_tz="" c_tzt="" c_tztt="" c_tzls=""
i_tzn="" i_tz="" i_tzt="" i_tztt="" i_tzls=""
c_p=""
c_p="" c_pp=""
# Check for old tables
if test ! -f $mdata/db.frm
......@@ -69,14 +69,17 @@ then
c_d="$c_d Lock_tables_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_d="$c_d Create_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_d="$c_d Show_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_d="$c_d Create_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_d="$c_d Alter_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_d="$c_d Execute_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_d="$c_d PRIMARY KEY Host (Host,Db,User),"
c_d="$c_d KEY User (User)"
c_d="$c_d ) engine=MyISAM"
c_d="$c_d CHARACTER SET utf8 COLLATE utf8_bin"
c_d="$c_d comment='Database privileges';"
i_d="INSERT INTO db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y');
INSERT INTO db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y');"
i_d="INSERT INTO db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N');
INSERT INTO db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N');"
fi
if test ! -f $mdata/host.frm
......@@ -141,6 +144,8 @@ then
c_u="$c_u Repl_client_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Create_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Show_view_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Create_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Alter_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u ssl_type enum('','ANY','X509', 'SPECIFIED') DEFAULT '' NOT NULL,"
c_u="$c_u ssl_cipher BLOB NOT NULL,"
c_u="$c_u x509_issuer BLOB NOT NULL,"
......@@ -155,24 +160,24 @@ then
if test "$1" = "test"
then
i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
REPLACE INTO user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
REPLACE INTO user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user (host,user) values ('localhost','');
INSERT INTO user (host,user) values ('$hostname','');"
else
i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);"
i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);"
if test "$windows" = "0"
then
i_u="$i_u
INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user (host,user) values ('$hostname','');
INSERT INTO user (host,user) values ('localhost','');"
else
i_u="$i_u
INSERT INTO user VALUES ('%','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user VALUES ('localhost','','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user VALUES ('%','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','','','','',0,0,0);"
INSERT INTO user VALUES ('%','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user VALUES ('localhost','','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user VALUES ('%','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','','','','',0,0,0);"
fi
fi
fi
......@@ -236,6 +241,27 @@ then
c_c="$c_c comment='Column privileges';"
fi
if test ! -f $mdata/procs_priv.frm
then
if test "$1" = "verbose" ; then
echo "Preparing procs_priv table" 1>&2;
fi
c_pp="$c_pp CREATE TABLE procs_priv ("
c_pp="$c_pp Host char(60) binary DEFAULT '' NOT NULL,"
c_pp="$c_pp Db char(64) binary DEFAULT '' NOT NULL,"
c_pp="$c_pp User char(16) binary DEFAULT '' NOT NULL,"
c_pp="$c_pp Routine_name char(64) binary DEFAULT '' NOT NULL,"
c_pp="$c_pp Grantor char(77) DEFAULT '' NOT NULL,"
c_pp="$c_pp Timestamp timestamp(14),"
c_pp="$c_pp Proc_priv set('Execute','Alter Routine','Grant') DEFAULT '' NOT NULL,"
c_pp="$c_pp PRIMARY KEY (Host,Db,User,Routine_name),"
c_pp="$c_pp KEY Grantor (Grantor)"
c_pp="$c_pp ) engine=MyISAM"
c_pp="$c_pp CHARACTER SET utf8 COLLATE utf8_bin"
c_pp="$c_pp comment='Procedure privileges';"
fi
if test ! -f $mdata/help_topic.frm
then
if test "$1" = "verbose" ; then
......@@ -718,6 +744,7 @@ $c_tzls
$i_tzls
$c_p
$c_pp
END_OF_DATA
......@@ -15,6 +15,7 @@ ALTER TABLE host type=MyISAM, CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin;
ALTER TABLE func type=MyISAM, CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin;
ALTER TABLE columns_priv type=MyISAM, CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin;
ALTER TABLE tables_priv type=MyISAM, CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin;
ALTER TABLE procs_priv type=MyISAM, CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin;
ALTER TABLE user change Password Password char(41) binary not null default '';
ALTER TABLE user add File_priv enum('N','Y') NOT NULL;
CREATE TABLE IF NOT EXISTS func (
......@@ -170,9 +171,47 @@ ALTER TABLE user ADD Show_view_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Cre
#
UPDATE user SET Create_view_priv=Create_priv, Show_view_priv=Create_priv where user<>"" AND @hadCreateViewPriv = 0;
#
#
#
SET @hadCreateRoutinePriv:=0;
SELECT @hadCreateRoutinePriv:=1 FROM user WHERE Create_routine_priv LIKE '%';
#
# Create PROCEDUREs privileges (v5.0)
#
ALTER TABLE db ADD Create_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Show_view_priv;
ALTER TABLE user ADD Create_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Show_view_priv;
#
# Alter PROCEDUREs privileges (v5.0)
#
ALTER TABLE db ADD Alter_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Create_routine_priv;
ALTER TABLE user ADD Alter_routine_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Create_routine_priv;
ALTER TABLE db ADD Execute_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Alter_routine_priv;
#
# Assign create/alter routine privileges to people who have create privileges
#
UPDATE user SET Create_routine_priv=Create_priv, Alter_routine_priv=Alter_priv where user<>"" AND @hadCreateRoutinePriv = 0;
UPDATE db SET Create_routine_priv=Create_priv, Alter_routine_priv=Alter_priv, Execute_priv=Select_priv where user<>"" AND @hadCreateRoutinePriv = 0;
#
# Create some possible missing tables
#
CREATE TABLE IF NOT EXISTS procs_priv (
Host char(60) binary DEFAULT '' NOT NULL,
Db char(64) binary DEFAULT '' NOT NULL,
User char(16) binary DEFAULT '' NOT NULL,
Routine_name char(64) binary DEFAULT '' NOT NULL,
Grantor char(77) DEFAULT '' NOT NULL,
Timestamp timestamp(14),
Proc_priv set('Execute','Alter Routine','Grant') DEFAULT '' NOT NULL,
PRIMARY KEY (Host,Db,User,Routine_name),
KEY Grantor (Grantor)
) CHARACTER SET utf8 COLLATE utf8_bin comment='Procedure privileges';
CREATE TABLE IF NOT EXISTS help_topic (
help_topic_id int unsigned not null,
name varchar(64) not null,
......
......@@ -3,7 +3,7 @@
# For a more info consult the file COPYRIGHT distributed with this file.
# This scripts creates the privilege tables db, host, user, tables_priv,
# columns_priv in the mysql database, as well as the func table.
# columns_priv, procs_priv in the mysql database, as well as the func table.
#
# All unrecognized arguments to this script are passed to mysqld.
......
......@@ -22,6 +22,7 @@
#endif
#include "mysql_priv.h"
#include "sql_acl.h"
#include "slave.h" // for wait_for_master_pos
#include <m_ctype.h>
#include <hash.h>
......@@ -3546,7 +3547,17 @@ Item_func_sp::execute(Item **itp)
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_procedure_access(thd, EXECUTE_ACL,
m_sp->m_db.str, m_sp->m_name.str, 0))
DBUG_RETURN(-1);
sp_change_security_context(thd, m_sp, &save_ctx);
if (save_ctx.changed &&
check_procedure_access(thd, EXECUTE_ACL,
m_sp->m_db.str, m_sp->m_name.str, 0))
{
sp_restore_security_context(thd, m_sp, &save_ctx);
DBUG_RETURN(-1);
}
#endif
/*
......
......@@ -399,6 +399,7 @@ static SYMBOL symbols[] = {
{ "RLIKE", SYM(REGEXP)}, /* Like in mSQL2 */
{ "ROLLBACK", SYM(ROLLBACK_SYM)},
{ "ROLLUP", SYM(ROLLUP_SYM)},
{ "ROUTINE", SYM(ROUTINE_SYM)},
{ "ROW", SYM(ROW_SYM)},
{ "ROWS", SYM(ROWS_SYM)},
{ "ROW_FORMAT", SYM(ROW_FORMAT_SYM)},
......
......@@ -420,6 +420,8 @@ void close_thread_tables(THD *thd, bool locked=0, bool skip_derived=0,
TABLE *stopper= 0);
bool check_one_table_access(THD *thd, ulong privilege,
TABLE_LIST *tables);
bool check_procedure_access(THD *thd,ulong want_access,char *db,char *name,
bool no_errors);
bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table);
bool check_merge_table_access(THD *thd, char *db,
TABLE_LIST *table_list);
......@@ -1024,6 +1026,7 @@ extern my_bool opt_slave_compressed_protocol, use_temp_pool;
extern my_bool opt_readonly, lower_case_file_system;
extern my_bool opt_enable_named_pipe, opt_sync_frm;
extern my_bool opt_secure_auth;
extern my_bool sp_automatic_privileges;
extern uint opt_crash_binlog_innodb;
extern char *shared_memory_base_name, *mysqld_unix_port;
extern bool opt_enable_shared_memory;
......
......@@ -299,6 +299,7 @@ my_bool opt_innodb_safe_binlog= 0;
my_bool opt_large_pages= 0;
uint opt_large_page_size= 0;
volatile bool mqh_used = 0;
my_bool sp_automatic_privileges= 1;
uint mysqld_port, test_flags, select_errors, dropping_tables, ha_open_options;
uint delay_key_write_options, protocol_version;
......@@ -4199,6 +4200,7 @@ enum options_mysqld
OPT_OPTIMIZER_SEARCH_DEPTH,
OPT_OPTIMIZER_PRUNE_LEVEL,
OPT_UPDATABLE_VIEWS_WITH_LIMIT,
OPT_SP_AUTOMATIC_PRIVILEGES,
OPT_AUTO_INCREMENT, OPT_AUTO_INCREMENT_OFFSET,
OPT_ENABLE_LARGE_PAGES
};
......@@ -4229,6 +4231,10 @@ struct my_option my_long_options[] =
(gptr*) &global_system_variables.auto_increment_offset,
(gptr*) &max_system_variables.auto_increment_offset, 0, GET_ULONG, OPT_ARG,
1, 1, 65535, 0, 1, 0 },
{"automatic-sp-privileges", OPT_SP_AUTOMATIC_PRIVILEGES,
"Creating and dropping stored procedures alters ACLs. Disable with --skip-automatic-sp-privileges.",
(gptr*) &sp_automatic_privileges, (gptr*) &sp_automatic_privileges,
0, GET_BOOL, NO_ARG, 1, 0, 0, 0, 0, 0},
{"basedir", 'b',
"Path to installation directory. All paths are usually resolved relative to this.",
(gptr*) &mysql_home_ptr, (gptr*) &mysql_home_ptr, 0, GET_STR, REQUIRED_ARG,
......@@ -6128,6 +6134,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
delay_key_write_options= (uint) DELAY_KEY_WRITE_NONE;
myisam_concurrent_insert=0;
myisam_recover_options= HA_RECOVER_NONE;
sp_automatic_privileges=0;
my_use_symdir=0;
ha_open_options&= ~(HA_OPEN_ABORT_IF_CRASHED | HA_OPEN_DELAY_KEY_WRITE);
#ifdef HAVE_QUERY_CACHE
......
......@@ -133,6 +133,9 @@ sys_var_thd_ulong sys_auto_increment_increment("auto_increment_increment",
sys_var_thd_ulong sys_auto_increment_offset("auto_increment_offset",
&SV::auto_increment_offset);
sys_var_bool_ptr sys_automatic_sp_privileges("automatic_sp_privileges",
&sp_automatic_privileges);
sys_var_long_ptr sys_binlog_cache_size("binlog_cache_size",
&binlog_cache_size);
sys_var_thd_ulong sys_bulk_insert_buff_size("bulk_insert_buffer_size",
......@@ -509,6 +512,7 @@ sys_var *sys_variables[]=
&sys_auto_increment_increment,
&sys_auto_increment_offset,
&sys_autocommit,
&sys_automatic_sp_privileges,
&sys_big_tables,
&sys_big_selects,
&sys_binlog_cache_size,
......@@ -668,6 +672,7 @@ sys_var *sys_variables[]=
struct show_var_st init_vars[]= {
{"auto_increment_increment", (char*) &sys_auto_increment_increment, SHOW_SYS},
{"auto_increment_offset", (char*) &sys_auto_increment_offset, SHOW_SYS},
{sys_automatic_sp_privileges.name,(char*) &sys_automatic_sp_privileges, SHOW_SYS},
{"back_log", (char*) &back_log, SHOW_LONG},
{"basedir", mysql_home, SHOW_CHAR},
#ifdef HAVE_BERKELEY_DB
......
......@@ -5168,8 +5168,8 @@ ER_VIEW_CHECK_FAILED
eng "CHECK OPTION failed '%-.64s.%-.64s'"
rus " CHECK OPTION VIEW '%-.64s.%-.64s' "
ukr "צ CHECK OPTION VIEW '%-.64s.%-.64s' "
ER_SP_ACCESS_DENIED_ERROR 42000
eng "Access denied; you are not the procedure/function definer of '%s'"
ER_PROCACCESS_DENIED_ERROR 42000
eng "%-.16s command denied to user '%-.32s'@'%-.64s' for routine '%-.64s'"
ER_RELAY_LOG_FAIL
eng "Failed purging old relay logs: %s"
ER_PASSWD_LENGTH
......@@ -5232,3 +5232,9 @@ ER_CANNOT_USER
eng "Operation %s failed for %.256s"
ger "Das Kommando %s scheiterte fr %.256s"
norwegian-ny "Operation %s failed for '%.256s'"
ER_NONEXISTING_PROC_GRANT 42000
eng "There is no such grant defined for user '%-.32s' on host '%-.64s' on routine '%-.64s'"
ER_PROC_AUTO_GRANT_FAIL
eng "Failed to grant EXECUTE and ALTER ROUTINE privileges"
ER_PROC_AUTO_REVOKE_FAIL
eng "Failed to revoke all privileges to dropped routine"
......@@ -738,6 +738,45 @@ sp_find_procedure(THD *thd, sp_name *name)
}
int
sp_exists_routine(THD *thd, TABLE_LIST *tables, bool any, bool no_error)
{
TABLE_LIST *table;
bool result= 0;
DBUG_ENTER("sp_exists_routine");
for (table= tables; table; table= table->next_global)
{
sp_name *name;
LEX_STRING lex_db;
LEX_STRING lex_name;
lex_db.length= strlen(table->db);
lex_name.length= strlen(table->real_name);
lex_db.str= thd->strmake(table->db, lex_db.length);
lex_name.str= thd->strmake(table->real_name, lex_name.length);
name= new sp_name(lex_db, lex_name);
name->init_qname(thd);
if (sp_find_procedure(thd, name) != NULL ||
sp_find_function(thd, name) != NULL)
{
if (any)
DBUG_RETURN(1);
result= 1;
}
else if (!any)
{
if (!no_error)
{
my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION or PROCEDURE",
table->real_name);
DBUG_RETURN(-1);
}
DBUG_RETURN(0);
}
}
DBUG_RETURN(result);
}
int
sp_create_procedure(THD *thd, sp_head *sp)
{
......
......@@ -36,6 +36,9 @@ sp_drop_db_routines(THD *thd, char *db);
sp_head *
sp_find_procedure(THD *thd, sp_name *name);
int
sp_exists_routine(THD *thd, TABLE_LIST *procs, bool any, bool no_error);
int
sp_create_procedure(THD *thd, sp_head *sp);
......
This diff is collapsed.
......@@ -37,6 +37,8 @@
#define REPL_CLIENT_ACL (1L << 20)
#define CREATE_VIEW_ACL (1L << 21)
#define SHOW_VIEW_ACL (1L << 22)
#define CREATE_PROC_ACL (1L << 23)
#define ALTER_PROC_ACL (1L << 24)
/*
don't forget to update
static struct show_privileges_st sys_privileges[]
......@@ -47,7 +49,8 @@
#define DB_ACLS \
(UPDATE_ACL | SELECT_ACL | INSERT_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_TMP_ACL | \
LOCK_TABLES_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL)
LOCK_TABLES_ACL | EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | \
CREATE_PROC_ACL | ALTER_PROC_ACL)
#define TABLE_ACLS \
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
......@@ -57,43 +60,61 @@
#define COL_ACLS \
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)
#define PROC_ACLS \
(ALTER_PROC_ACL | EXECUTE_ACL | GRANT_ACL)
#define GLOBAL_ACLS \
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
RELOAD_ACL | SHUTDOWN_ACL | PROCESS_ACL | FILE_ACL | GRANT_ACL | \
REFERENCES_ACL | INDEX_ACL | ALTER_ACL | SHOW_DB_ACL | SUPER_ACL | \
CREATE_TMP_ACL | LOCK_TABLES_ACL | REPL_SLAVE_ACL | REPL_CLIENT_ACL | \
EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL)
EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL | \
ALTER_PROC_ACL )
#define EXTRA_ACL (1L << 29)
#define NO_ACCESS (1L << 30)
#define DEFAULT_CREATE_PROC_ACLS \
(ALTER_PROC_ACL | EXECUTE_ACL)
/*
Defines to change the above bits to how things are stored in tables
This is needed as the 'host' and 'db' table is missing a few privileges
*/
/* Continius bit-segments that needs to be shifted */
#define DB_REL1 (RELOAD_ACL | SHUTDOWN_ACL | PROCESS_ACL | FILE_ACL)
#define DB_REL2 (GRANT_ACL | REFERENCES_ACL)
#define DB_REL3 (INDEX_ACL | ALTER_ACL)
#define DB_REL1 ((1L << 6) | (1L << 7) | (1L << 8) | (1L << 9))
#define DB_REL2 ((1L << 10) | (1L << 11))
#define DB_REL3 ((1L << 12) | (1L << 13) | (1L << 14) | (1L << 15))
#define DB_REL4 ((1L << 16))
/* Privileges that needs to be reallocated (in continous chunks) */
#define DB_CHUNK1 (GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL)
#define DB_CHUNK2 (CREATE_TMP_ACL | LOCK_TABLES_ACL)
#define DB_CHUNK3 (CREATE_VIEW_ACL | SHOW_VIEW_ACL)
#define DB_CHUNK3 (CREATE_VIEW_ACL | SHOW_VIEW_ACL | \
CREATE_PROC_ACL | ALTER_PROC_ACL )
#define DB_CHUNK4 (EXECUTE_ACL)
#define fix_rights_for_db(A) (((A) & 63) | \
(((A) & DB_REL1) << 4) | \
(((A) & DB_REL2) << 6) | \
(((A) & DB_REL3) << 9))
(((A) & DB_REL3) << 9) | \
(((A) & DB_REL4) << 2))
#define get_rights_for_db(A) (((A) & 63) | \
(((A) & DB_CHUNK1) >> 4) | \
(((A) & DB_CHUNK2) >> 6) | \
(((A) & DB_CHUNK3) >> 9))
(((A) & DB_CHUNK3) >> 9) | \
(((A) & DB_CHUNK4) >> 2))
#define fix_rights_for_table(A) (((A) & 63) | (((A) & ~63) << 4))
#define get_rights_for_table(A) (((A) & 63) | (((A) & ~63) >> 4))
#define fix_rights_for_column(A) (((A) & 7) | (((A) & ~7) << 8))
#define get_rights_for_column(A) (((A) & 7) | ((A) >> 8))
#define fix_rights_for_procedure(A) ((((A) << 18) & EXECUTE_ACL) | \
(((A) << 23) & ALTER_PROC_ACL) | \
(((A) << 8) & GRANT_ACL))
#define get_rights_for_procedure(A) ((((A) & EXECUTE_ACL) >> 18) | \
(((A) & ALTER_PROC_ACL) >> 23) | \
(((A) & GRANT_ACL) >> 8))
/* Classes */
......@@ -163,6 +184,9 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list,
bool mysql_table_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list,
List <LEX_COLUMN> &column_list, ulong rights,
bool revoke);
bool mysql_procedure_grant(THD *thd, TABLE_LIST *table,
List <LEX_USER> &user_list, ulong rights,
bool revoke, bool no_error);
my_bool grant_init(THD *thd);
void grant_free(void);
void grant_reload(THD *thd);
......@@ -174,6 +198,8 @@ bool check_grant_column (THD *thd, GRANT_INFO *grant,
bool check_grant_all_columns(THD *thd, ulong want_access, GRANT_INFO *grant,
char* db_name, char *table_name,
Field_iterator *fields);
bool check_grant_procedure(THD *thd, ulong want_access,
TABLE_LIST *procs, bool no_error);
bool check_grant_db(THD *thd,const char *db);
ulong get_table_grant(THD *thd, TABLE_LIST *table);
ulong get_column_grant(THD *thd, GRANT_INFO *grant,
......@@ -188,6 +214,8 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list);
bool mysql_revoke_all(THD *thd, List <LEX_USER> &list);
void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
const char *db, const char *table);
bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name);
bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name);
#ifdef NO_EMBEDDED_ACCESS_CHECKS
#define check_grant(A,B,C,D,E,F) 0
......
......@@ -743,6 +743,7 @@ typedef struct st_lex
sp_head *sphead;
sp_name *spname;
bool sp_lex_in_use; /* Keep track on lex usage in SPs for error handling */
bool all_privileges;
sp_pcontext *spcont;
HASH spfuns; /* Called functions */
st_sp_chistics sp_chistics;
......
......@@ -69,7 +69,6 @@ static void remove_escape(char *name);
static void refresh_status(void);
static bool append_file_to_dir(THD *thd, const char **filename_ptr,
const char *table_name);
static bool check_sp_definer_access(THD *thd, sp_head *sp);
const char *any_db="*any*"; // Special symbol for check_access
......@@ -3494,16 +3493,31 @@ mysql_execute_command(THD *thd)
}
}
if (first_table)
{
if (!lex->columns.elements &&
sp_exists_routine(thd, all_tables, 1, 1))
{
uint grants= lex->all_privileges
? (PROC_ACLS & ~GRANT_ACL) | (lex->grant & GRANT_ACL)
: lex->grant;
if (grant_option &&
check_grant_procedure(thd, grants | GRANT_ACL, all_tables, 0))
goto error;
res= mysql_procedure_grant(thd, all_tables, lex->users_list,
grants, lex->sql_command == SQLCOM_REVOKE,0);
}
else
{
if (grant_option && check_grant(thd,
(lex->grant | lex->grant_tot_col |
GRANT_ACL),
all_tables, 0, UINT_MAX, 0))
goto error;
if (!(res = mysql_table_grant(thd, all_tables, lex->users_list,
res= mysql_table_grant(thd, all_tables, lex->users_list,
lex->columns, lex->grant,
lex->sql_command == SQLCOM_REVOKE)) &&
mysql_bin_log.is_open())
lex->sql_command == SQLCOM_REVOKE);
}
if (!res && mysql_bin_log.is_open())
{
thd->clear_error();
Query_log_event qinfo(thd, thd->query, thd->query_length, 0, FALSE);
......@@ -3705,19 +3719,25 @@ mysql_execute_command(THD *thd)
case SQLCOM_CREATE_SPFUNCTION:
{
uint namelen;
char *name;
char *name, *db;
int result;
DBUG_ASSERT(lex->sphead);
if (! lex->sphead->m_db.str)
if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0))
{
my_message(ER_NO_DB_ERROR, ER(ER_NO_DB_ERROR), MYF(0));
delete lex->sphead;
lex->sphead= 0;
goto error;
}
if (!lex->sphead->m_db.str || !lex->sphead->m_db.str[0])
{
lex->sphead->m_db.length= strlen(thd->db);
lex->sphead->m_db.str= strmake_root(thd->mem_root, thd->db,
lex->sphead->m_db.length);
}
name= lex->sphead->name(&namelen);
#ifdef HAVE_DLOPEN
if (lex->sphead->m_type == TYPE_ENUM_FUNCTION)
......@@ -3742,13 +3762,26 @@ mysql_execute_command(THD *thd)
goto error;
}
name= thd->strdup(name);
db= thd->strmake(lex->sphead->m_db.str, lex->sphead->m_db.length);
res= (result= lex->sphead->create(thd));
switch (result) {
case SP_OK:
send_ok(thd);
lex->unit.cleanup();
delete lex->sphead;
lex->sphead= 0;
/* only add privileges if really neccessary */
if (sp_automatic_privileges &&
check_procedure_access(thd, DEFAULT_CREATE_PROC_ACLS,
db, name, 1))
{
close_thread_tables(thd);
if (sp_grant_privileges(thd, db, name))
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
ER_PROC_AUTO_GRANT_FAIL,
ER(ER_PROC_AUTO_GRANT_FAIL));
}
send_ok(thd);
break;
case SP_WRITE_ROW_FAILED:
my_error(ER_SP_ALREADY_EXISTS, MYF(0), SP_TYPE_STRING(lex), name);
......@@ -3815,7 +3848,26 @@ mysql_execute_command(THD *thd)
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_procedure_access(thd, EXECUTE_ACL,
sp->m_db.str, sp->m_name.str, 0))
{
#ifndef EMBEDDED_LIBRARY
thd->net.no_send_ok= nsok;
#endif
goto error;
}
sp_change_security_context(thd, sp, &save_ctx);
if (save_ctx.changed &&
check_procedure_access(thd, EXECUTE_ACL,
sp->m_db.str, sp->m_name.str, 0))
{
#ifndef EMBEDDED_LIBRARY
thd->net.no_send_ok= nsok;
#endif
sp_restore_security_context(thd, sp, &save_ctx);
goto error;
}
#endif
select_limit= thd->variables.select_limit;
thd->variables.select_limit= HA_POS_ERROR;
......@@ -3861,7 +3913,8 @@ mysql_execute_command(THD *thd)
result= SP_KEY_NOT_FOUND;
else
{
if (check_sp_definer_access(thd, sp))
if (check_procedure_access(thd, ALTER_PROC_ACL, sp->m_db.str,
sp->m_name.str, 0))
goto error;
memcpy(&lex->sp_chistics, &chistics, sizeof(lex->sp_chistics));
if (lex->sql_command == SQLCOM_ALTER_PROCEDURE)
......@@ -3890,6 +3943,7 @@ mysql_execute_command(THD *thd)
{
sp_head *sp;
int result;
char *db, *name;
if (lex->sql_command == SQLCOM_DROP_PROCEDURE)
sp= sp_find_procedure(thd, lex->spname);
......@@ -3898,8 +3952,17 @@ mysql_execute_command(THD *thd)
mysql_reset_errors(thd);
if (sp)
{
if (check_sp_definer_access(thd, sp))
db= thd->strdup(sp->m_db.str);
name= thd->strdup(sp->m_name.str);
if (check_procedure_access(thd, ALTER_PROC_ACL, db, name, 0))
goto error;
if (sp_automatic_privileges &&
sp_revoke_privileges(thd, db, name))
{
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
ER_PROC_AUTO_REVOKE_FAIL,
ER(ER_PROC_AUTO_REVOKE_FAIL));
}
if (lex->sql_command == SQLCOM_DROP_PROCEDURE)
result= sp_drop_procedure(thd, lex->spname);
else
......@@ -4208,7 +4271,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
/* grant_option is set if there exists a single table or column grant */
if (db_access == want_access ||
(grant_option && !dont_check_global_grants &&
!(want_access & ~(db_access | TABLE_ACLS))))
!(want_access & ~(db_access | TABLE_ACLS | PROC_ACLS))))
DBUG_RETURN(FALSE); /* Ok */
DBUG_PRINT("error",("Access denied"));
......@@ -4304,6 +4367,28 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
}
bool
check_procedure_access(THD *thd, ulong want_access,char *db, char *name,
bool no_errors)
{
TABLE_LIST tables[1];
bzero((char *)tables, sizeof(TABLE_LIST));
tables->db= db;
tables->real_name= tables->alias= name;
if ((thd->master_access & want_access) == want_access && !thd->db)
tables->grant.privilege= want_access;
else if (check_access(thd,want_access,db,&tables->grant.privilege,
0, no_errors))
return TRUE;
if (grant_option)
return check_grant_procedure(thd, want_access, tables, no_errors);
return FALSE;
}
/*
Check if the given table has any of the asked privileges
......@@ -4377,40 +4462,6 @@ static bool check_db_used(THD *thd,TABLE_LIST *tables)
}
/*
Check if the given SP is owned by thd->priv_user/host, or priv_user is root.
QQ This is not quite complete, but it will do as a basic security check
for now. The question is exactly which rights should 'root' have?
Should root have access regardless of host for instance?
SYNOPSIS
check_sp_definer_access()
thd Thread handler
sp The SP pointer
RETURN
0 ok
1 error Error message has been sent
*/
static bool
check_sp_definer_access(THD *thd, sp_head *sp)
{
LEX_STRING *usr, *hst;
if (strcmp("root", thd->priv_user) == 0)
return FALSE; /* QQ Any root is ok now */
usr= &sp->m_definer_user;
hst= &sp->m_definer_host;
if (strncmp(thd->priv_user, usr->str, usr->length) == 0 &&
strncmp(thd->priv_host, hst->str, hst->length) == 0)
return FALSE; /* Both user and host must match */
my_error(ER_SP_ACCESS_DENIED_ERROR, MYF(0), sp->m_qname.str);
return TRUE; /* Not definer or root */
}
/****************************************************************************
Check stack size; Send error if there isn't enough stack to continue
****************************************************************************/
......
......@@ -138,13 +138,16 @@ struct show_privileges_st {
static struct show_privileges_st sys_privileges[]=
{
{"Alter", "Tables", "To alter the table"},
{"Alter routine", "Functions,Procedures", "To alter or drop stored functions/procedures"},
{"Create", "Databases,Tables,Indexes", "To create new databases and tables"},
{"Create routine","Functions,Procedures","To use CREATE FUNCTION/PROCEDURE"},
{"Create temporary tables","Databases","To use CREATE TEMPORARY TABLE"},
{"Create view", "Tables", "To create new views"},
{"Delete", "Tables", "To delete existing rows"},
{"Drop", "Databases,Tables", "To drop databases, tables, and views"},
{"Execute", "Functions,Procedures", "To execute stored routines"},
{"File", "File access on server", "To read and write files on the server"},
{"Grant option", "Databases,Tables", "To give to other users those privileges you possess"},
{"Grant option", "Databases,Tables,Functions,Procedures", "To give to other users those privileges you possess"},
{"Index", "Tables", "To create or drop indexes"},
{"Insert", "Tables", "To insert data into tables"},
{"Lock tables","Databases","To use LOCK TABLES (together with SELECT privilege)"},
......
......@@ -390,6 +390,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
%token RESTORE_SYM
%token RESTRICT
%token REVOKE
%token ROUTINE_SYM
%token ROWS_SYM
%token ROW_FORMAT_SYM
%token ROW_SYM
......@@ -790,7 +791,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
opt_outer table_list table_name opt_option opt_place
opt_attribute opt_attribute_list attribute column_list column_list_id
opt_column_list grant_privileges opt_table grant_list grant_option
grant_privilege grant_privilege_list user_list rename_list
object_privilege object_privilege_list user_list rename_list
clear_privileges flush_options flush_option
equal optional_braces opt_key_definition key_usage_list2
opt_mi_check_type opt_to mi_check_types normal_join
......@@ -1301,6 +1302,7 @@ clear_privileges:
lex->users_list.empty();
lex->columns.empty();
lex->grant= lex->grant_tot_col= 0;
lex->all_privileges= 0;
lex->select_lex.db= 0;
lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
lex->ssl_cipher= lex->x509_subject= lex->x509_issuer= 0;
......@@ -7031,6 +7033,7 @@ keyword:
| RETURNS_SYM {}
| ROLLBACK_SYM {}
| ROLLUP_SYM {}
| ROUTINE_SYM {}
| ROWS_SYM {}
| ROW_FORMAT_SYM {}
| ROW_SYM {}
......@@ -7543,14 +7546,16 @@ revoke_command:
grant:
GRANT clear_privileges grant_privileges ON opt_table TO_SYM grant_list
require_clause grant_options
{
Lex->sql_command = SQLCOM_GRANT;
}
{ Lex->sql_command= SQLCOM_GRANT; }
;
grant_privileges:
grant_privilege_list {}
| ALL opt_privileges { Lex->grant = GLOBAL_ACLS;}
object_privilege_list { }
| ALL opt_privileges
{
Lex->all_privileges= 1;
Lex->grant= GLOBAL_ACLS;
}
;
opt_privileges:
......@@ -7558,11 +7563,11 @@ opt_privileges:
| PRIVILEGES
;
grant_privilege_list:
grant_privilege
| grant_privilege_list ',' grant_privilege;
object_privilege_list:
object_privilege
| object_privilege_list ',' object_privilege;
grant_privilege:
object_privilege:
SELECT_SYM { Lex->which_columns = SELECT_ACL;} opt_column_list {}
| INSERT { Lex->which_columns = INSERT_ACL;} opt_column_list {}
| UPDATE_SYM { Lex->which_columns = UPDATE_ACL; } opt_column_list {}
......@@ -7587,6 +7592,8 @@ grant_privilege:
| REPLICATION CLIENT_SYM { Lex->grant |= REPL_CLIENT_ACL; }
| CREATE VIEW_SYM { Lex->grant |= CREATE_VIEW_ACL; }
| SHOW VIEW_SYM { Lex->grant |= SHOW_VIEW_ACL; }
| CREATE ROUTINE_SYM { Lex->grant |= CREATE_PROC_ACL; }
| ALTER ROUTINE_SYM { Lex->grant |= ALTER_PROC_ACL; }
;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment