Bug#19857: When a user with CREATE ROUTINE priv creates a routine it results in NULL p/w

sp_grant_privileges(), the function that GRANTs EXECUTE + ALTER privs on a SP, did so creating a user-entry with not password; mysql_routine_grant() would then write that "change" to the user-table. mysql-test/r/sp-security.result: prove that creating a stored procedure will not destroy the creator's password mysql-test/t/sp-security.test: prove that creating a stored procedure will not destroy the creator's password sql/sql_acl.cc: get password from ACLs, convert to correct format, and use it when forcing GRANTS for SPs
2026-01-06 05:22:24 +03:00 · 2006-06-28 12:40:17 +02:00
parent 3ddea20d8d
commit 5312b34910
3 changed files with 121 additions and 15 deletions
--- a/mysql-test/r/sp-security.result
+++ b/mysql-test/r/sp-security.result
@@ -420,3 +420,34 @@ ERROR HY000: There is no 'mysqltest_1'@'localhost' registered
 ---> connection: root
 DROP USER mysqltest_2@localhost;
 DROP DATABASE mysqltest;
+GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
+user19857@localhost;
+SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
+Host	User	Password
+localhost	user19857	*82DC221D557298F6CE9961037DB1C90604792F5C
+
+---> connection: mysqltest_2_con
+use test;
+CREATE PROCEDURE sp19857() DETERMINISTIC
+BEGIN
+DECLARE a INT;
+SET a=1;
+SELECT a;
+END //
+SHOW CREATE PROCEDURE test.sp19857;
+Procedure	sql_mode	Create Procedure
+sp19857		CREATE DEFINER=`user19857`@`localhost` PROCEDURE `sp19857`()
+    DETERMINISTIC
+BEGIN
+DECLARE a INT;
+SET a=1;
+SELECT a;
+END
+DROP PROCEDURE IF EXISTS test.sp19857;
+
+---> connection: root
+SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
+Host	User	Password
+localhost	user19857	*82DC221D557298F6CE9961037DB1C90604792F5C
+DROP USER user19857@localhost;