From: Dmitry Lenev Date: April 22 2011 12:59pm Subject: bzr push into mysql-trunk branch (Dmitry.Lenev:3335 to 3336) Bug#11759114 List-Archive: http://lists.mysql.com/commits/135955 X-Bug: 11759114 Message-Id: <20110422125945.D4C617404B6@bandersnatch> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 3336 Dmitry Lenev 2011-04-22 Fix for bug#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES DIFFERENTLY'. The problem was that attempt to grant EXECUTE or ALTER ROUTINE privilege on stored procedure which didn't exist succeed instead of returning an appropriate error like it happens in similar situation for stored functions or tables. The code which handles granting of privileges on individual routine calls sp_exist_routines() function to check if routine exists and assumes that the 3rd parameter of the latter specifies whether it should check for existence of stored procedure or function. In practice, this parameter had completely different meaning and, as result, this check was not done properly for stored procedures. This fix addresses this problem by bringing sp_exist_routines() signature and code in line with expectation of its caller. @ mysql-test/r/grant.result Added test coverage for bug#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES DIFFERENTLY'. @ mysql-test/t/grant.test Added test coverage for bug#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES DIFFERENTLY'. @ sql/sp.cc Changed meaning of the 3rd parameter in sp_exist_routines() function. Now it specifies whether list of routine names which is passed to this function contains names of stored procedures or functions. This brings sp_exist_routines() in line with assumption made by the code which calls it. @ sql/sp.h Changed meaning of the 3rd parameter in sp_exist_routines() function. Now it specifies whether list of routine names which is passed to this function contains names of stored procedures or functions. This brings sp_exist_routines() in line with assumption made by the code which calls it. modified: mysql-test/r/grant.result mysql-test/t/grant.test sql/sp.cc sql/sp.h 3335 Sergey Glukhov 2011-04-22 [merge] 5.5 -> trunk merge @ mysql-test/r/having.result 5.5 -> trunk merge @ mysql-test/t/having.test 5.5 -> trunk merge @ sql/sql_select.cc 5.5 -> trunk merge modified: mysql-test/r/having.result mysql-test/t/having.test sql/sql_select.cc === modified file 'mysql-test/r/grant.result' --- a/mysql-test/r/grant.result 2011-03-18 14:58:27 +0000 +++ b/mysql-test/r/grant.result 2011-04-22 12:59:10 +0000 @@ -1700,6 +1700,7 @@ Assigning privileges without procs_priv CREATE DATABASE mysqltest1; CREATE PROCEDURE mysqltest1.test() SQL SECURITY DEFINER SELECT 1; +CREATE FUNCTION mysqltest1.test() RETURNS INT RETURN 1; GRANT EXECUTE ON FUNCTION mysqltest1.test TO mysqltest_1@localhost; ERROR 42S02: Table 'mysql.procs_priv' doesn't exist GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost; @@ -2536,3 +2537,25 @@ DROP USER mysqltest_u1@localhost; # End of Bug#38347. +# +# BUG#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES +# DIFFERENTLY'. +# +drop database if exists mysqltest_db1; +create database mysqltest_db1; +create user mysqltest_u1; +# Both GRANT statements below should fail with the same error. +grant execute on function mysqltest_db1.f1 to mysqltest_u1; +ERROR 42000: FUNCTION or PROCEDURE f1 does not exist +grant execute on procedure mysqltest_db1.p1 to mysqltest_u1; +ERROR 42000: FUNCTION or PROCEDURE p1 does not exist +# Let us show that GRANT behaviour for routines is consistent +# with GRANT behaviour for tables. Attempt to grant privilege +# on non-existent table also results in an error. +grant select on mysqltest_db1.t1 to mysqltest_u1; +ERROR 42S02: Table 'mysqltest_db1.t1' doesn't exist +show grants for mysqltest_u1; +Grants for mysqltest_u1@% +GRANT USAGE ON *.* TO 'mysqltest_u1'@'%' +drop database mysqltest_db1; +drop user mysqltest_u1; === modified file 'mysql-test/t/grant.test' --- a/mysql-test/t/grant.test 2011-03-17 11:33:17 +0000 +++ b/mysql-test/t/grant.test 2011-04-22 12:59:10 +0000 @@ -1676,6 +1676,7 @@ FLUSH PRIVILEGES; CREATE DATABASE mysqltest1; CREATE PROCEDURE mysqltest1.test() SQL SECURITY DEFINER SELECT 1; +CREATE FUNCTION mysqltest1.test() RETURNS INT RETURN 1; --error ER_NO_SUCH_TABLE GRANT EXECUTE ON FUNCTION mysqltest1.test TO mysqltest_1@localhost; GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost; @@ -2187,3 +2188,27 @@ DROP USER mysqltest_u1@localhost; --echo --echo # End of Bug#38347. --echo + + +--echo # +--echo # BUG#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES +--echo # DIFFERENTLY'. +--echo # +--disable_warnings +drop database if exists mysqltest_db1; +--enable_warnings +create database mysqltest_db1; +create user mysqltest_u1; +--echo # Both GRANT statements below should fail with the same error. +--error ER_SP_DOES_NOT_EXIST +grant execute on function mysqltest_db1.f1 to mysqltest_u1; +--error ER_SP_DOES_NOT_EXIST +grant execute on procedure mysqltest_db1.p1 to mysqltest_u1; +--echo # Let us show that GRANT behaviour for routines is consistent +--echo # with GRANT behaviour for tables. Attempt to grant privilege +--echo # on non-existent table also results in an error. +--error ER_NO_SUCH_TABLE +grant select on mysqltest_db1.t1 to mysqltest_u1; +show grants for mysqltest_u1; +drop database mysqltest_db1; +drop user mysqltest_u1; === modified file 'sql/sp.cc' --- a/sql/sp.cc 2011-03-09 20:54:55 +0000 +++ b/sql/sp.cc 2011-04-22 12:59:10 +0000 @@ -1696,7 +1696,8 @@ sp_find_routine(THD *thd, int type, sp_n @param thd Thread handler @param routines List of needles in the hay stack - @param any Any of the needles are good enough + @param is_proc Indicates whether routines in the list are procedures + or functions. @return @retval FALSE Found. @@ -1704,7 +1705,7 @@ sp_find_routine(THD *thd, int type, sp_n */ bool -sp_exist_routines(THD *thd, TABLE_LIST *routines, bool any) +sp_exist_routines(THD *thd, TABLE_LIST *routines, bool is_proc) { TABLE_LIST *routine; bool sp_object_found; @@ -1720,17 +1721,14 @@ sp_exist_routines(THD *thd, TABLE_LIST * lex_name.str= thd->strmake(routine->table_name, lex_name.length); name= new sp_name(lex_db, lex_name, true); name->init_qname(thd); - sp_object_found= sp_find_routine(thd, TYPE_ENUM_PROCEDURE, name, - &thd->sp_proc_cache, FALSE) != NULL || - sp_find_routine(thd, TYPE_ENUM_FUNCTION, name, - &thd->sp_func_cache, FALSE) != NULL; + sp_object_found= is_proc ? sp_find_routine(thd, TYPE_ENUM_PROCEDURE, + name, &thd->sp_proc_cache, + FALSE) != NULL : + sp_find_routine(thd, TYPE_ENUM_FUNCTION, + name, &thd->sp_func_cache, + FALSE) != NULL; thd->warning_info->clear_warning_info(thd->query_id); - if (sp_object_found) - { - if (any) - break; - } - else if (!any) + if (! sp_object_found) { my_error(ER_SP_DOES_NOT_EXIST, MYF(0), "FUNCTION or PROCEDURE", routine->table_name); === modified file 'sql/sp.h' --- a/sql/sp.h 2011-03-09 20:54:55 +0000 +++ b/sql/sp.h 2011-04-22 12:59:10 +0000 @@ -110,7 +110,7 @@ sp_cache_routine(THD *thd, int type, sp_ bool lookup_only, sp_head **sp); bool -sp_exist_routines(THD *thd, TABLE_LIST *procs, bool any); +sp_exist_routines(THD *thd, TABLE_LIST *procs, bool is_proc); bool sp_show_create_routine(THD *thd, int type, sp_name *name); No bundle (reason: useless for push emails).