database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

Fix for bug#57061 "User without privilege on routine can

Browse Source 
discover its existence".

The problem was that user without any privileges on 
routine was able to find out whether it existed or not.
DROP FUNCTION and DROP PROCEDURE statements were 
checking if routine being dropped existed and reported 
ER_SP_DOES_NOT_EXIST error/warning before checking 
if user had enough privileges to drop it.

This patch solves this problem by changing code not to 
check if routine exists before checking if user has enough 
privileges to drop it. Moreover we no longer perform this 
check using a separate call instead we rely on 
sp_drop_routine() returning SP_KEY_NOT_FOUND if routine 
doesn't exist.

This change also simplifies one of upcoming patches
refactoring global read lock implementation.
This commit is contained in:
Dmitry Lenev
2010-10-07 20:01:17 +04:00
parent 53c5decb7c
commit 51ff281efe
11 changed files with 100 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mysql-test/suite/funcs_1/r/innodb_storedproc_06.result
View File

@@ -110,10 +110,10 @@ Ensure that root always has the GRANT CREATE ROUTINE privilege.
--------------------------------------------------------------------------------
grant create routine on db_storedproc_1.* to 'user_1'@'localhost';
flush privileges;
DROP PROCEDURE IF EXISTS db_storedproc_1.sp3;
DROP FUNCTION IF EXISTS db_storedproc_1.fn1;
user_1@localhost db_storedproc_1
DROP PROCEDURE IF EXISTS sp3;
DROP FUNCTION IF EXISTS fn1;
CREATE PROCEDURE sp3(v1 char(20))
BEGIN
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';

4
mysql-test/suite/funcs_1/r/memory_storedproc_06.result
View File

@@ -111,10 +111,10 @@ Ensure that root always has the GRANT CREATE ROUTINE privilege.
--------------------------------------------------------------------------------
grant create routine on db_storedproc_1.* to 'user_1'@'localhost';
flush privileges;
DROP PROCEDURE IF EXISTS db_storedproc_1.sp3;
DROP FUNCTION IF EXISTS db_storedproc_1.fn1;
user_1@localhost db_storedproc_1
DROP PROCEDURE IF EXISTS sp3;
DROP FUNCTION IF EXISTS fn1;
CREATE PROCEDURE sp3(v1 char(20))
BEGIN
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';

4
mysql-test/suite/funcs_1/r/myisam_storedproc_06.result
View File

@@ -111,10 +111,10 @@ Ensure that root always has the GRANT CREATE ROUTINE privilege.
--------------------------------------------------------------------------------
grant create routine on db_storedproc_1.* to 'user_1'@'localhost';
flush privileges;
DROP PROCEDURE IF EXISTS db_storedproc_1.sp3;
DROP FUNCTION IF EXISTS db_storedproc_1.fn1;
user_1@localhost db_storedproc_1
DROP PROCEDURE IF EXISTS sp3;
DROP FUNCTION IF EXISTS fn1;
CREATE PROCEDURE sp3(v1 char(20))
BEGIN
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';