mirror of
https://github.com/MariaDB/server.git
synced 2025-11-15 09:02:33 +03:00
09ce0b330b
Implement fine-grained control over access to stored procedures
Privileges are cached (same way as existing table/column privs)
mysql-test/include/system_db_struct.inc:
WL#925 - Privileges for stored routines
New system table: procs_priv
mysql-test/r/connect.result:
WL#925 - Privileges for stored routines
New system table: procs_priv
mysql-test/r/grant.result:
WL#925 - Privileges for stored routines
user table has additional privilege attributes
SHOW PRIVILEGES amended
mysql-test/r/grant2.result:
Fix result
mysql-test/r/information_schema.result:
WL#925 - Privileges for stored routines
New system table procs_priv
New user privileges
mysql-test/r/show_check.result:
Fix result
mysql-test/r/sp-security.result:
WL#925 - Privileges for stored routines
Fix existing tests to work with new privileges
New tests for new privileges
mysql-test/r/sp.result:
WL#925 - Privileges for stored routines
Fix SHOW PRIVILEGES results
mysql-test/r/system_mysql_db.result:
WL#925 - Privileges for stored routines
New system table: procs_priv
user and db tables have new privilege attributes
mysql-test/t/grant2.test:
Fix test
mysql-test/t/show_check.test:
Fix test
mysql-test/t/sp-security.test:
WL#925 - Privileges for stored routines
Allow existing tests to run with new privilege checks
New tests for privileges
mysql-test/t/system_mysql_db_fix.test:
WL#925 - Privileges for stored routines
New system table: procs_priv
scripts/mysql_create_system_tables.sh:
WL#925 - Privileges for stored routines
db and user has new privilege attributes
new system table: procs_priv
scripts/mysql_fix_privilege_tables.sql:
WL#925 - Privileges for stored routines
new system table: procs_priv
scripts/mysql_install_db.sh:
WL#925 - Privileges for stored routines
Amend comment
sql/item_func.cc:
WL#925 - Privileges for stored routines
Privilege check for stored FUNCTION routine
sql/lex.h:
WL#925 - Privileges for stored routines
new token ROUTINE
sql/mysql_priv.h:
WL#925 - Privileges for stored routines
New function: check_procedure_access()
sql/mysqld.cc:
WL#925 - Privileges for stored routines
system option automatic-sp-privileges
sql/set_var.cc:
WL#925 - Privileges for stored routines
system option automatic-sp-privileges
sql/share/errmsg.txt:
WL#925 - Privileges for stored routines
rename errormessage to conform:
ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR
New error messages
ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL
sql/sp.cc:
WL#925 - Privileges for stored routines
new function: sp_exists_routine()
sql/sp.h:
WL#925 - Privileges for stored routines
new function: sp_exists_routine()
sql/sql_acl.cc:
WL#925 - Privileges for stored routines
Implementation for SP privileges.
Privileges are cached in memory hash.
New functions:
mysql_procedure_grant()
check_grant_procedure()
sp_revoke_privileges()
sp_grant_privileges()
sql/sql_acl.h:
WL#925 - Privileges for stored routines
New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL
Alter confusing bit-segments to be shifted
New macros: fix_rights_for_procedure() get_rights_for_procedure()
New functions:
mysql_procedure_grant()
check_grant_procedure()
sp_grant_privileges()
sp_revoke_privileges()
sql/sql_lex.h:
WL#925 - Privileges for stored routines
new all_privileges attribute in LEX
sql/sql_parse.cc:
WL#925 - Privileges for stored routines
Remove function: check_sp_definer_access()
Add handling for SP grants/revokes
Add privilege checks for stored procedure invocation
sql/sql_show.cc:
WL#925 - Privileges for stored routines
update result for SHOW PRIVILEGES
sql/sql_yacc.yy:
WL#925 - Privileges for stored routines
New token ROUTINE
rename some rules
handle CREATE ROUTINE / ALTER ROUTINE privileges
197 lines
7.0 KiB
Plaintext
197 lines
7.0 KiB
Plaintext
use test;
|
|
grant usage on *.* to user1@localhost;
|
|
flush privileges;
|
|
drop database if exists db1_secret;
|
|
create database db1_secret;
|
|
create procedure db1_secret.dummy() begin end;
|
|
drop procedure db1_secret.dummy;
|
|
use db1_secret;
|
|
create table t1 ( u varchar(64), i int );
|
|
create procedure stamp(i int)
|
|
insert into db1_secret.t1 values (user(), i);
|
|
show procedure status like 'stamp';
|
|
Db Name Type Definer Modified Created Security_type Comment
|
|
db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER
|
|
create function db() returns varchar(64) return database();
|
|
show function status like 'db';
|
|
Db Name Type Definer Modified Created Security_type Comment
|
|
db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER
|
|
call stamp(1);
|
|
select * from t1;
|
|
u i
|
|
root@localhost 1
|
|
select db();
|
|
db()
|
|
db1_secret
|
|
grant execute on db1_secret.stamp to user1@'%';
|
|
grant execute on db1_secret.db to user1@'%';
|
|
grant execute on db1_secret.stamp to ''@'%';
|
|
grant execute on db1_secret.db to ''@'%';
|
|
call db1_secret.stamp(2);
|
|
select db1_secret.db();
|
|
db1_secret.db()
|
|
db1_secret
|
|
select * from db1_secret.t1;
|
|
ERROR 42000: select command denied to user 'user1'@'localhost' for table 't1'
|
|
create procedure db1_secret.dummy() begin end;
|
|
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
|
|
drop procedure db1_secret.dummy;
|
|
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
|
|
call db1_secret.stamp(3);
|
|
select db1_secret.db();
|
|
db1_secret.db()
|
|
db1_secret
|
|
select * from db1_secret.t1;
|
|
ERROR 42000: select command denied to user ''@'localhost' for table 't1'
|
|
create procedure db1_secret.dummy() begin end;
|
|
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
|
|
drop procedure db1_secret.dummy;
|
|
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
|
|
select * from t1;
|
|
u i
|
|
root@localhost 1
|
|
user1@localhost 2
|
|
anon@localhost 3
|
|
alter procedure stamp sql security invoker;
|
|
show procedure status like 'stamp';
|
|
Db Name Type Definer Modified Created Security_type Comment
|
|
db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 INVOKER
|
|
alter function db sql security invoker;
|
|
show function status like 'db';
|
|
Db Name Type Definer Modified Created Security_type Comment
|
|
db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 INVOKER
|
|
call stamp(4);
|
|
select * from t1;
|
|
u i
|
|
root@localhost 1
|
|
user1@localhost 2
|
|
anon@localhost 3
|
|
root@localhost 4
|
|
select db();
|
|
db()
|
|
db1_secret
|
|
call db1_secret.stamp(5);
|
|
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
|
|
select db1_secret.db();
|
|
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
|
|
call db1_secret.stamp(6);
|
|
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
|
|
select db1_secret.db();
|
|
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
|
|
drop database if exists db2;
|
|
create database db2;
|
|
use db2;
|
|
create table t2 (s1 int);
|
|
insert into t2 values (0);
|
|
grant usage on db2.* to user1@localhost;
|
|
grant select on db2.* to user1@localhost;
|
|
grant usage on db2.* to user2@localhost;
|
|
grant select,insert,update,delete,create routine on db2.* to user2@localhost;
|
|
grant create routine on db2.* to user1@localhost;
|
|
flush privileges;
|
|
use db2;
|
|
create procedure p () insert into t2 values (1);
|
|
call p();
|
|
ERROR 42000: insert command denied to user 'user1'@'localhost' for table 't2'
|
|
use db2;
|
|
call p();
|
|
ERROR 42000: execute command denied to user 'user2'@'localhost' for routine 'db2.p'
|
|
select * from t2;
|
|
s1
|
|
0
|
|
create procedure q () insert into t2 values (2);
|
|
call q();
|
|
select * from t2;
|
|
s1
|
|
0
|
|
2
|
|
grant usage on db2.q to user2@localhost with grant option;
|
|
grant execute on db2.q to user1@localhost;
|
|
use db2;
|
|
call q();
|
|
select * from t2;
|
|
s1
|
|
0
|
|
2
|
|
2
|
|
alter procedure p modifies sql data;
|
|
drop procedure p;
|
|
alter procedure q modifies sql data;
|
|
ERROR 42000: alter procedure command denied to user 'user1'@'localhost' for routine 'db2.q'
|
|
drop procedure q;
|
|
ERROR 42000: alter procedure command denied to user 'user1'@'localhost' for routine 'db2.q'
|
|
use db2;
|
|
alter procedure q modifies sql data;
|
|
drop procedure q;
|
|
use test;
|
|
select type,db,name from mysql.proc;
|
|
type db name
|
|
FUNCTION db1_secret db
|
|
PROCEDURE db1_secret stamp
|
|
drop database db1_secret;
|
|
drop database db2;
|
|
select type,db,name from mysql.proc;
|
|
type db name
|
|
delete from mysql.user where user='user1' or user='user2';
|
|
delete from mysql.procs_priv where user='user1' or user='user2';
|
|
grant usage on *.* to usera@localhost;
|
|
grant usage on *.* to userb@localhost;
|
|
grant usage on *.* to userc@localhost;
|
|
create database sptest;
|
|
create table t1 ( u varchar(64), i int );
|
|
create procedure sptest.p1(i int) insert into test.t1 values (user(), i);
|
|
grant insert on t1 to usera@localhost;
|
|
grant execute on sptest.p1 to usera@localhost;
|
|
show grants for usera@localhost;
|
|
Grants for usera@localhost
|
|
GRANT USAGE ON *.* TO 'usera'@'localhost'
|
|
GRANT INSERT ON `test`.`t1` TO 'usera'@'localhost'
|
|
GRANT EXECUTE ON `sptest`.`p1` TO 'usera'@'localhost'
|
|
grant execute on sptest.p1 to userc@localhost with grant option;
|
|
show grants for userc@localhost;
|
|
Grants for userc@localhost
|
|
GRANT USAGE ON *.* TO 'userc'@'localhost'
|
|
GRANT EXECUTE ON `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
|
|
call sptest.p1(1);
|
|
grant execute on sptest.p1 to userb@localhost;
|
|
ERROR 42000: grant command denied to user 'usera'@'localhost' for routine 'sptest.p1'
|
|
drop procedure sptest.p1;
|
|
ERROR 42000: alter procedure command denied to user 'usera'@'localhost' for routine 'sptest.p1'
|
|
call sptest.p1(2);
|
|
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
|
grant execute on sptest.p1 to userb@localhost;
|
|
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
|
drop procedure sptest.p1;
|
|
ERROR 42000: alter procedure command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
|
call sptest.p1(3);
|
|
grant execute on sptest.p1 to userb@localhost;
|
|
drop procedure sptest.p1;
|
|
ERROR 42000: alter procedure command denied to user 'userc'@'localhost' for routine 'sptest.p1'
|
|
call sptest.p1(4);
|
|
grant execute on sptest.p1 to userb@localhost;
|
|
ERROR 42000: grant command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
|
drop procedure sptest.p1;
|
|
ERROR 42000: alter procedure command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
|
select * from t1;
|
|
u i
|
|
usera@localhost 1
|
|
userc@localhost 3
|
|
userb@localhost 4
|
|
grant all privileges on sptest.p1 to userc@localhost;
|
|
show grants for userc@localhost;
|
|
Grants for userc@localhost
|
|
GRANT USAGE ON *.* TO 'userc'@'localhost'
|
|
GRANT EXECUTE, ALTER ROUTINE ON `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
|
|
show grants for userb@localhost;
|
|
Grants for userb@localhost
|
|
GRANT USAGE ON *.* TO 'userb'@'localhost'
|
|
GRANT EXECUTE ON `sptest`.`p1` TO 'userb'@'localhost'
|
|
revoke all privileges on sptest.p1 from userb@localhost;
|
|
show grants for userb@localhost;
|
|
Grants for userb@localhost
|
|
GRANT USAGE ON *.* TO 'userb'@'localhost'
|
|
use test;
|
|
drop database sptest;
|
|
delete from mysql.user where user='usera' or user='userb' or user='userc';
|
|
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
|