...and no ALTER privilege either.
For now, only the definer and root can drop or alter an SP.
include/mysqld_error.h:
New access denied error code when dropping/altering stored procedures.
include/sql_state.h:
New access denied error code when dropping/altering stored procedures.
mysql-test/r/sp-error.result:
Removed warning for "unitialized variable", as this popped up in unexpected
places after the access control for drop/alter SPs was added. (And the warning
was wrong and planned to be removed anyway.)
mysql-test/r/sp-security.result:
Added tests for access control on who's allowed to drop and alter SPs.
mysql-test/r/sp.result:
Updated results. (Warning removed.)
mysql-test/t/sp-error.test:
Removed warning for "unitialized variable", as this popped up in unexpected
places after the access control for drop/alter SPs was added. (And the warning
was wrong and planned to be removed anyway.)
mysql-test/t/sp-security.test:
Added tests for access control on who's allowed to drop and alter SPs.
sql/share/czech/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/danish/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/dutch/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/english/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/estonian/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/french/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/german/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/greek/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/hungarian/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/italian/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/japanese/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/korean/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/norwegian-ny/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/norwegian/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/polish/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/portuguese/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/romanian/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/russian/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/serbian/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/slovak/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/spanish/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/swedish/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/share/ukrainian/errmsg.txt:
New access denied error message when dropping/altering stored procedures.
sql/sql_parse.cc:
Added minimal access control for DROP/ALTER PROCEDURE/FUNCTION. Only the definer
and root are allowed to do this.
sql/sql_yacc.yy:
Removed warning for "unitialized variable", as this popped up in unexpected
places after the access control for drop/alter SPs was added. (And the warning
was wrong and planned to be removed anyway.)
Removed the support for renaming SPs. It's non-standard, conflicted with a standard
syntax, and was a bit broken anyway.
mysql-test/r/sp-error.result:
Removed test for renaming procedures with alter.
mysql-test/r/sp.result:
Removed test for renaming procedures with alter.
mysql-test/t/sp-error.test:
Removed test for renaming procedures with alter.
mysql-test/t/sp.test:
Removed test for renaming procedures with alter.
sql/sp.cc:
Removed support for renaming SPs. It's non-standard, conflicted with a standard
syntax, and was a bit broken anyway.
sql/sp.h:
Removed support for renaming SPs. It's non-standard, conflicted with a standard
syntax, and was a bit broken anyway.
sql/sql_parse.cc:
Removed support for renaming SPs. It's non-standard, conflicted with a standard
syntax, and was a bit broken anyway.
sql/sql_yacc.yy:
Removed support for renaming SPs. It's non-standard, conflicted with a standard
syntax, and was a bit broken anyway.
crashes server"
(in 4.0 we fix only connection stalling in case of error, crash itself is
fixed in 4.1, the test case for this code is also there).
sql/sql_parse.cc:
Handling of COM_CREATE_DB, COM_DROP_DB:
We should call send_error() if mysql_create_db or mysql_drop_db
return error (like we do it for SQL versions of these commands).
mysql-test/r/view.result:
LOAD DATA with view and CHECK OPTION
mysql-test/t/view.test:
LOAD DATA with view and CHECK OPTION
sql/log_event.cc:
new parameter for load data
sql/mysql_priv.h:
new parameter for load data
sql/sql_lex.cc:
LOAD DATA supported by view
sql/sql_load.cc:
added support of view and CHECK OPTION of view to LOAD DATA
sql/sql_parse.cc:
new parameter for CHECK OPTION
mysql.time_zone* tables".
We are excluding implicitly used time zone tables from privilege
checking.
mysql-test/r/timezone2.result:
Added test for bug #6116 "SET time_zone := ... requires access to
mysql.time_zone tables"
mysql-test/t/timezone2.test:
Added test for bug #6116 "SET time_zone := ... requires access to
mysql.time_zone tables"
sql/sql_parse.cc:
check_table_access(): we should avoid privilege checking for implicitly
used time zone tables.
sql/tztime.cc:
Indicated dependancy between my_tz_get_table_list() function and
my_tz_check_n_skip_implicit_tables() function.
sql/tztime.h:
Added my_tz_check_n_skip_implicit_tables() function which allows easily
determine whenever we have found beggining of the list of implicitly used
time zone tables and fast-forward to its end.
sql/handler.cc:
do not delete the table in the "unkonwn" handler (makes no sense anyway)
sql/handler.h:
more HA_CREATE_USED flags
sql/sql_lex.h:
more ALTER_ flags, no alter_info->is_simple anymore
sql/sql_parse.cc:
no alter_info->is_simple anymore
sql/sql_table.cc:
do not rename the table in the "unkonwn" handler (makes no sense anyway)
smarter ALTER TABLE - don't copy the table if only comment or default values are changed
sql/sql_yacc.yy:
specify what ALTER is todo with flags, not alter_info->is_simple
sql/unireg.cc:
create frm only (but not in the handler) if requested
mysql-test/r/rpl_rotate_logs.result:
changed error message
mysql-test/t/rpl_rotate_logs.test:
changed error message
sql/log_event.cc:
changed function name to prevent injection wrong code from 4.1
sql/mysqld.cc:
changed function name to prevent injection wrong code from 4.1
sql/protocol.cc:
changed function name to prevent injection wrong code from 4.1
sql/protocol.h:
changed function name to prevent injection wrong code from 4.1
sql/sql_class.h:
changed function name to prevent injection wrong code from 4.1
sql/sql_parse.cc:
changed function name to prevent injection wrong code from 4.1
sql/sql_repl.cc:
changed function name to prevent injection wrong code from 4.1
into mysql.com:/home/dlenev/src/mysql-4.1-secfix
sql/mysql_priv.h:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_prepare.cc:
Auto merged
sql/sql_yacc.yy:
Auto merged
he has SELECT and INSERT privileges for table with primary key"
Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has
ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck()
function (this also fixes a bug) and some other code.
mysql-test/r/grant2.result:
Added test for bug #6173 "One can circumvent missing UPDATE privilege if
he has SELECT and INSERT privileges for table with primary key"
mysql-test/t/grant2.test:
Added test for bug #6173 "One can circumvent missing UPDATE privilege if
he has SELECT and INSERT privileges for table with primary key"
sql/mysql_priv.h:
insert_precheck() don't need "update" parameter any longer since
now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE
KEY UPDATE clause.
sql/sql_parse.cc:
insert_precheck() don't need "update" parameter any longer since
now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE
KEY UPDATE clause, so it can determine whenever it is needed to
require UPDATE_ACL by itself. Also calling of mysql_insert() is
simplified.
sql/sql_prepare.cc:
insert_precheck() don't need "update" parameter any longer since
now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE
KEY UPDATE clause, so it can determine whenever it is needed to
require UPDATE_ACL by itself. Also calling of mysql_insert() is
simplified.
sql/sql_yacc.yy:
It is better to set Lex->duplicates= DUP_UPDATE right in parser if we
have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later.
he has SELECT and INSERT privileges for table with primary key"
Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has
ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck()
function (this also fixes a bug) and some other code.
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed
(WL#2133)
include/mysqld_error.h:
new errors added.
mysql-test/r/rpl_charset.result:
new error
mysql-test/r/rpl_timezone.result:
new error
mysql-test/r/sp-security.result:
more clean error message
mysql-test/r/sp.result:
now error state intercepted correctly
mysql-test/t/connect.test:
new error message
mysql-test/t/rpl_charset.test:
new error message
mysql-test/t/rpl_timezone.test:
new error
mysql-test/t/sp-security.test:
more correct error handling
mysql-test/t/sp.test:
now error state intercepted correctly
sql/ha_innodb.cc:
-1/1 (sent/unsent) error reporting removed
sql/ha_innodb.h:
-1/1 (sent/unsent) error reporting removed
sql/item.cc:
only boolean values should be returned by fix_fields()
sql/item_cmpfunc.cc:
only boolean values should be returned by fix_fields()
sql/item_func.cc:
only boolean values should be returned by fix_fields()
net_printf/send_error calls replaced by my_error family functions
sql/item_row.cc:
only boolean values should be returned by fix_fields()
sql/item_subselect.cc:
only boolean values should be returned by fix_fields()
-1/1 (sent/unsent) error reporting removed
sql/item_subselect.h:
-1/1 (sent/unsent) error reporting removed
sql/item_sum.cc:
only boolean values should be returned by fix_fields()
sql/item_timefunc.cc:
only boolean values should be returned by fix_fields()
sql/item_uniq.h:
only boolean values should be returned by fix_fields()
sql/mysql_priv.h:
-1/1 (sent/unsent) error reporting removed
sql/mysqld.cc:
net_printf/send_error calls replaced by my_error family functions
changes in my_message_sql to support error handling correctly
sql/protocol.cc:
net_printf/send_error calls replaced by my_error family functions
sql/protocol_cursor.cc:
net_printf/send_error calls replaced by my_error family functions
sql/repl_failsafe.cc:
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed
sql/repl_failsafe.h:
-1/1 (sent/unsent) error reporting removed
sql/set_var.cc:
net_printf/send_error calls replaced by my_error family functions
sql/share/czech/errmsg.txt:
new error messages
sql/share/danish/errmsg.txt:
new error messages
sql/share/dutch/errmsg.txt:
new error messages
sql/share/english/errmsg.txt:
new error messages
sql/share/estonian/errmsg.txt:
new error messages
sql/share/french/errmsg.txt:
new error messages
sql/share/german/errmsg.txt:
new error messages
sql/share/greek/errmsg.txt:
new error messages
sql/share/hungarian/errmsg.txt:
new error messages
sql/share/italian/errmsg.txt:
new error messages
sql/share/japanese/errmsg.txt:
new error messages
sql/share/korean/errmsg.txt:
new error messages
sql/share/norwegian-ny/errmsg.txt:
new error messages
sql/share/norwegian/errmsg.txt:
new error messages
sql/share/polish/errmsg.txt:
new error messages
sql/share/portuguese/errmsg.txt:
new error messages
sql/share/romanian/errmsg.txt:
new error messages
sql/share/russian/errmsg.txt:
new error messages
sql/share/serbian/errmsg.txt:
new error messages
sql/share/slovak/errmsg.txt:
new error messages
sql/share/spanish/errmsg.txt:
new error messages
sql/share/swedish/errmsg.txt:
new error messages
sql/share/ukrainian/errmsg.txt:
new error messages
sql/slave.cc:
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed
sql/slave.h:
-1/1 (sent/unsent) error reporting removed
sql/sp.cc:
net_printf/send_error calls replaced by my_error family functions
sql/sp_head.cc:
new eror handling support
net_printf/send_error calls replaced by my_error family functions
sql/sp_rcontext.cc:
net_printf/send_error calls replaced by my_error family functions
sql/sql_acl.cc:
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed
sql/sql_acl.h:
-1/1 (sent/unsent) error reporting removed
sql/sql_base.cc:
-1/1 (sent/unsent) error reporting removed
net_printf/send_error calls replaced by my_error family functions
sql/sql_class.cc:
net_printf/send_error calls replaced by my_error family functions
sql/sql_class.h:
my_messhage_sql now set/reset query_error flag
sql/sql_db.cc:
-1/1 (sent/unsent) error reporting removed
sql/sql_delete.cc:
-1/1 (sent/unsent) error reporting removed
net_printf/send_error calls replaced by my_error family functions
sql/sql_do.cc:
-1/1 (sent/unsent) error reporting removed
sql/sql_error.cc:
-1/1 (sent/unsent) error reporting removed
sql/sql_handler.cc:
-1/1 (sent/unsent) error reporting removed
net_printf/send_error calls replaced by my_error family functions
sql/sql_help.cc:
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed
sql/sql_insert.cc:
-1/1 (sent/unsent) error reporting removed
net_printf/send_error calls replaced by my_error family functions
sql/sql_lex.h:
-1/1 (sent/unsent) error reporting removed
sql/sql_load.cc:
-1/1 (sent/unsent) error reporting removed
sql/sql_map.cc:
errors without code removed
sql/sql_parse.cc:
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed from mysql_execute_command
sql/sql_prepare.cc:
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed
sql/sql_repl.cc:
error messages fixed
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed
sql/sql_repl.h:
-1/1 (sent/unsent) error reporting removed
sql/sql_select.cc:
-1/1 (sent/unsent) error reporting removed
sql/sql_select.h:
-1/1 (sent/unsent) error reporting removed
sql/sql_show.cc:
-1/1 (sent/unsent) error reporting removed
net_printf/send_error calls replaced by my_error family functions
sql/sql_table.cc:
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed
sql/sql_trigger.cc:
-1/1 (sent/unsent) error reporting removed
sql/sql_udf.cc:
net_printf/send_error calls replaced by my_error family functions
sql/sql_union.cc:
-1/1 (sent/unsent) error reporting removed
sql/sql_update.cc:
-1/1 (sent/unsent) error reporting removed
net_printf/send_error calls replaced by my_error family functions
sql/sql_view.cc:
-1/1 (sent/unsent) error reporting removed
sql/sql_view.h:
-1/1 (sent/unsent) error reporting removed
sql/sql_yacc.yy:
net_printf/send_error calls replaced by my_error family functions
