1
0
mirror of https://github.com/MariaDB/server.git synced 2025-10-25 18:38:00 +03:00
Commit Graph

35 Commits

Author SHA1 Message Date
kroki/tomash@moonlight.intranet
4272d1efc3 Bug#18630: Arguments of suid routine calculated in wrong security
context.

Routine arguments were evaluated in the security context of the routine
itself, not in the caller's context.

The bug is fixed the following way:

  - Item_func_sp::find_and_check_access() has been split into two
    functions: Item_func_sp::find_and_check_access() itself only
    finds the function and check that the caller have EXECUTE privilege
    on it.  New function set_routine_security_ctx() changes security
    context for SUID routines and checks that definer have EXECUTE
    privilege too.

  - new function sp_head::execute_trigger() is called from
    Table_triggers_list::process_triggers() instead of
    sp_head::execute_function(), and is effectively just as the
    sp_head::execute_function() is, with all non-trigger related code
    removed, and added trigger-specific security context switch.

  - call to Item_func_sp::find_and_check_access() stays outside
    of sp_head::execute_function(), and there is a code in
    sql_parse.cc before the call to sp_head::execute_procedure() that
    checks that the caller have EXECUTE privilege, but both
    sp_head::execute_function() and sp_head::execute_procedure() call
    set_routine_security_ctx() after evaluating their parameters,
    and restore the context after the body is executed.
2006-07-13 17:12:31 +04:00
tnurnberg@mysql.com
763752ef2e Bug#19857: When a user with CREATE ROUTINE priv creates a routine it results in NULL p/w
sp_grant_privileges(), the function that GRANTs EXECUTE + ALTER privs on a SP,
did so creating a user-entry with not password; mysql_routine_grant() would then
write that "change" to the user-table.
2006-06-28 12:40:17 +02:00
msvensson@neptunus.(none)
3f683e2ba4 Cleanup test cases that leaves "stuff" behind 2006-04-18 18:10:47 +02:00
anozdrin@mysql.com
c4cbe46bc7 Fix for BUG#13198: SP executes if definer does not exist.
Basically, this fix contains a test case and removing of a workaround
for replication. This fix became possible after pushing WL#2897
(Complete definer support in stored routines).
2006-03-02 16:23:42 +03:00
anozdrin@mysql.com
fbb5920399 Implementation of WL#2897: Complete definer support in the stored routines.
The idea is to add DEFINER-clause in CREATE PROCEDURE and CREATE FUNCTION
statements. Almost all support of definer in stored routines had been already
done before this patch.

NOTE: this patch changes behaviour of dumping stored routines in mysqldump.
Before this patch, mysqldump did not dump DEFINER-clause for stored routines
and this was documented behaviour. In order to get full information about stored
routines, one should have dumped mysql.proc table. This patch changes this
behaviour, so that DEFINER-clause is dumped.

Since DEFINER-clause is not supported in CREATE PROCEDURE | FUNCTION statements
before this patch, the clause is covered by additional version-specific comments.
2006-03-02 15:18:49 +03:00
anozdrin@mysql.com
a77cc69e62 Fix for BUG#7787: Stored procedures: improper warning for "grant execute" statement.
The problem was that error flag was not reset.
2006-02-22 13:44:04 +03:00
pem@mysql.com
a84c7e1c29 Added new test case for BUG#14533: 'desc tbl' in stored procedure causes error 1142
which is no longer repeatable. (Unclear when this was fixed.)
2006-02-01 14:46:30 +01:00
msvensson@neptunus.(none)
54af4e6d0c Merge neptunus.(none):/home/msvensson/mysql/mysqltestrun_check_testcases/my50-mysqltestrun_check_testcases
into  neptunus.(none):/home/msvensson/mysql/mysqltest_var/my50-mysqltest_var-integration
2006-01-27 10:49:07 +01:00
msvensson@neptunus.(none)
9304785c10 Add new option "check-testcases" to mysql-test-run.pl
Cleanup the sideeffects from most of the  testcases with sideeffects.
2006-01-26 17:54:34 +01:00
pem@mysql.com
cdfe77e2ec Fixed BUG#14834: Server denies to execute Stored Procedure
The problem was that databases with '_' in the name did not match a
  correct ACL with a literal '_' (i.e. '\_') in the db name, only identical
  strings matched. The fix makes this work, and also ACLs with wildcards in
  the db name work.
2005-12-15 15:23:16 +01:00
msvensson@neptunus.(none)
be6f7a3f82 Merge neptunus.(none):/home/msvensson/mysql/ssl_test/my50-ssl_test
into  neptunus.(none):/home/msvensson/mysql/mysql-5.0
2005-10-28 11:00:54 +02:00
evgen@moonbone.local
35e1684206 sp-security.result, sp.result, sp-security.test, sp.test:
Test for bug#12812 moved from sp.test to sp-security.test
2005-10-16 22:47:19 +04:00
msvensson@neptunus.(none)
0ac28d3187 Always test ssl and compress
- Updated after review
2005-10-12 13:56:07 +02:00
monty@mishka.local
1c1f26d5e2 Fixes during review of new pushed code
Fixed new bug when running a SP without a default database
2005-08-20 11:00:00 +03:00
jimw@mysql.com
3a815f45bd Avoid spurious error when restoring INFORMATION_SCHEMA as the current
database after failing to execute a stored procedure in an inaccessible
database. (Bug #12318)
2005-08-11 17:04:16 -07:00
bell@sanja.is.com.ua
8aad35f9d2 Merge sanja.is.com.ua:/home/bell/mysql/bk/mysql-5.0
into  sanja.is.com.ua:/home/bell/mysql/bk/work-bug6-5.0
2005-07-16 00:17:05 +03:00
bell@sanja.is.com.ua
6114bee47c stop evaluation constant functions in WHERE (BUG#4663)
correct value of CURRENT_USER() in SP with "security definer" (BUG#7291)
2005-07-16 00:01:44 +03:00
lenz@mysql.com
fa69727d3f - fixed the "sp-security" test case: drop any possible already existing table to
avoid failing if a previous test failure left the t1 table around
2005-07-07 17:44:10 +02:00
bell@sanja.is.com.ua
56b2fc10a8 fixed environment restoring in case of error during SP function execution (BUG#9503)
#define macro improvement
2005-06-23 18:29:10 +03:00
acurtis@xiphis.org
8df5887ad5 Bug#10246 - Parser: bad syntax for GRANT EXECUTE
Rename some functions
  more fine-grained sp privileges
  make grant/revoke sp grammar less ambigious
2005-05-17 19:54:20 +01:00
jimw@mysql.com
c18307e8a2 Cleanup tests and results after merge from 4.1 of embedded
server testing cleanups.
2005-04-04 12:43:58 -07:00
acurtis@pcgem.rdg.cyberkinetica.com
b1e30904d5 WL#925 - Privileges for stored routines
Implement fine-grained control over access to stored procedures
  Privileges are cached (same way as existing table/column privs)
2004-12-23 10:46:24 +00:00
bell@sanja.is.com.ua
dff05eb951 merge 2004-10-28 11:02:48 +03:00
pem@mysql.comhem.se
2c428ca09d Fixed BUG#6030: Stored procedure has no appropriate DROP privilege.
...and no ALTER privilege either.
  For now, only the definer and root can drop or alter an SP.
2004-10-22 20:29:06 +02:00
bell@sanja.is.com.ua
4714a6e744 errors without code removed
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed
(WL#2133)
2004-10-20 04:04:37 +03:00
monty@mysql.com
f2829d0386 After merge fixes of merge with 4.1 that included the new arena code.
Fixed (together with Guilhem) bugs in mysqlbinlog regarding --offset
Prefix addresses with 0x for easier comparisons of debug logs
Fixed problem where MySQL choosed index-read even if there would be a much better range on the same index
This fix changed some 'index' queries to 'range' queries in the test suite
Don't create 'dummy' WHERE clause for trivial WHERE clauses where we can remove the WHERE clause.
This fix removed of a lot of 'Using where' notes in the test suite.
Give NOTE instead of WARNING if table/function doesn't exists when using DROP IF EXISTS
Give NOTE instead of WARNING for safe field-type conversions
2004-09-09 06:59:26 +03:00
serg@serg.mylan
aa35efd292 after merge fixes 2004-07-22 00:26:33 +02:00
monty@mysql.com
5b3c418b48 After merge fixes
Note: The following tests fails
- fulltext (Sergei has promised to fix)
- rpl_charset (Guilhem should fix)
- rpl_timezone (Dimitray has promised to fix)

Sanja needs to check out the calling of close_thread_tables() in sp_head.cc
2004-07-15 04:19:07 +03:00
pem@mysql.comhem.se
ecd424ac58 Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable.
Also added some related security tests and corrected related error messages.
2004-06-15 15:42:28 +02:00
pem@mysql.comhem.se
5476eb0709 WL#1366: Use the schema (db) associated with an SP.
Phase 4 (final): Remove associated stored procedures when a database is dropped.
2004-03-22 14:44:41 +01:00
pem@mysql.comhem.se
13987057f6 WL#1366: Use the schema (db) associated with an SP.
Phase 3: Made qualified names work for functions as well.
2004-03-19 19:01:54 +01:00
pem@mysql.comhem.se
6c6bbba007 WL#1366: Use the schema (db) associated with an SP.
Phase 2: Make SPs belong to a DB, and use qualified names.
  As a side effect, using USE in an SP is no longer allowed.
  (It just doesn't work otherwise.)
2004-03-11 17:18:59 +01:00
pem@mysql.comhem.se
1631ba625f Fixed BUG#2777: Stored procedure doesn't observe definer's rights.
SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights.
2004-03-02 11:52:19 +01:00
pem@mysql.comhem.se
a7b7a40c5f Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server.
Added missing cleanup in sp-security.test.
2003-12-16 14:15:27 +01:00
pem@mysql.comhem.se
07541b6abf WL#1365: Implement definer's rights execution of stored procedures.
(Also put the hostpart back in the definer column.)
2003-12-13 16:40:52 +01:00