WL#925 - Privileges for stored routines

Implement fine-grained control over access to stored procedures Privileges are cached (same way as existing table/column privs) mysql-test/include/system_db_struct.inc: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/connect.result: WL#925 - Privileges for stored routines New system table: procs_priv mysql-test/r/grant.result: WL#925 - Privileges for stored routines user table has additional privilege attributes SHOW PRIVILEGES amended mysql-test/r/grant2.result: Fix result mysql-test/r/information_schema.result: WL#925 - Privileges for stored routines New system table procs_priv New user privileges mysql-test/r/show_check.result: Fix result mysql-test/r/sp-security.result: WL#925 - Privileges for stored routines Fix existing tests to work with new privileges New tests for new privileges mysql-test/r/sp.result: WL#925 - Privileges for stored routines Fix SHOW PRIVILEGES results mysql-test/r/system_mysql_db.result: WL#925 - Privileges for stored routines New system table: procs_priv user and db tables have new privilege attributes mysql-test/t/grant2.test: Fix test mysql-test/t/show_check.test: Fix test mysql-test/t/sp-security.test: WL#925 - Privileges for stored routines Allow existing tests to run with new privilege checks New tests for privileges mysql-test/t/system_mysql_db_fix.test: WL#925 - Privileges for stored routines New system table: procs_priv scripts/mysql_create_system_tables.sh: WL#925 - Privileges for stored routines db and user has new privilege attributes new system table: procs_priv scripts/mysql_fix_privilege_tables.sql: WL#925 - Privileges for stored routines new system table: procs_priv scripts/mysql_install_db.sh: WL#925 - Privileges for stored routines Amend comment sql/item_func.cc: WL#925 - Privileges for stored routines Privilege check for stored FUNCTION routine sql/lex.h: WL#925 - Privileges for stored routines new token ROUTINE sql/mysql_priv.h: WL#925 - Privileges for stored routines New function: check_procedure_access() sql/mysqld.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/set_var.cc: WL#925 - Privileges for stored routines system option automatic-sp-privileges sql/share/errmsg.txt: WL#925 - Privileges for stored routines rename errormessage to conform: ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR New error messages ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL sql/sp.cc: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sp.h: WL#925 - Privileges for stored routines new function: sp_exists_routine() sql/sql_acl.cc: WL#925 - Privileges for stored routines Implementation for SP privileges. Privileges are cached in memory hash. New functions: mysql_procedure_grant() check_grant_procedure() sp_revoke_privileges() sp_grant_privileges() sql/sql_acl.h: WL#925 - Privileges for stored routines New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL Alter confusing bit-segments to be shifted New macros: fix_rights_for_procedure() get_rights_for_procedure() New functions: mysql_procedure_grant() check_grant_procedure() sp_grant_privileges() sp_revoke_privileges() sql/sql_lex.h: WL#925 - Privileges for stored routines new all_privileges attribute in LEX sql/sql_parse.cc: WL#925 - Privileges for stored routines Remove function: check_sp_definer_access() Add handling for SP grants/revokes Add privilege checks for stored procedure invocation sql/sql_show.cc: WL#925 - Privileges for stored routines update result for SHOW PRIVILEGES sql/sql_yacc.yy: WL#925 - Privileges for stored routines New token ROUTINE rename some rules handle CREATE ROUTINE / ALTER ROUTINE privileges
author: unknown <acurtis@pcgem.rdg.cyberkinetica.com> 2004-12-23 10:46:24 +0000
committer: unknown <acurtis@pcgem.rdg.cyberkinetica.com> 2004-12-23 10:46:24 +0000
commit: 9c9573a4fa727a9d3ad6cecc898fe3cadfac6cc8 (patch)
tree: 1f9ae909b765f73df023264dce5aa52d83e5cb8e /sql/sql_yacc.yy
parent: 67018e8874cc4307b0015cb9d7cbc38a3c32844f (diff)
download: mariadb-git-9c9573a4fa727a9d3ad6cecc898fe3cadfac6cc8.tar.gz
1 files changed, 17 insertions, 10 deletions
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 88cd3daf924..75db6e332f9 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -390,6 +390,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
 %token	RESTORE_SYM
 %token	RESTRICT
 %token	REVOKE
+%token	ROUTINE_SYM
 %token	ROWS_SYM
 %token	ROW_FORMAT_SYM
 %token	ROW_SYM
@@ -790,7 +791,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
 	opt_outer table_list table_name opt_option opt_place
 	opt_attribute opt_attribute_list attribute column_list column_list_id
 	opt_column_list grant_privileges opt_table grant_list grant_option
-	grant_privilege grant_privilege_list user_list rename_list
+	object_privilege object_privilege_list user_list rename_list
 	clear_privileges flush_options flush_option
 	equal optional_braces opt_key_definition key_usage_list2
 	opt_mi_check_type opt_to mi_check_types normal_join
@@ -1301,6 +1302,7 @@ clear_privileges:
           lex->users_list.empty();
           lex->columns.empty();
           lex->grant= lex->grant_tot_col= 0;
+	  lex->all_privileges= 0;
           lex->select_lex.db= 0;
           lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
           lex->ssl_cipher= lex->x509_subject= lex->x509_issuer= 0;
@@ -7031,6 +7033,7 @@ keyword:
 	| RETURNS_SYM           {}
 	| ROLLBACK_SYM		{}
 	| ROLLUP_SYM		{}
+	| ROUTINE_SYM		{}
 	| ROWS_SYM		{}
 	| ROW_FORMAT_SYM	{}
 	| ROW_SYM		{}
@@ -7543,14 +7546,16 @@ revoke_command:
 grant:
 	GRANT clear_privileges grant_privileges ON opt_table TO_SYM grant_list
 	require_clause grant_options
-	{
-	  Lex->sql_command = SQLCOM_GRANT;
-        }
+	{ Lex->sql_command= SQLCOM_GRANT; }
 	;
 
 grant_privileges:
-	grant_privilege_list {}
-	| ALL opt_privileges	{ Lex->grant = GLOBAL_ACLS;}
+	object_privilege_list { }
+	| ALL opt_privileges
+        { 
+          Lex->all_privileges= 1; 
+          Lex->grant= GLOBAL_ACLS;
+        }
         ;
 
 opt_privileges:
@@ -7558,11 +7563,11 @@ opt_privileges:
 	| PRIVILEGES
 	;
 
-grant_privilege_list:
-	grant_privilege
-	| grant_privilege_list ',' grant_privilege;
+object_privilege_list:
+	object_privilege
+	| object_privilege_list ',' object_privilege;
 
-grant_privilege:
+object_privilege:
 	SELECT_SYM	{ Lex->which_columns = SELECT_ACL;} opt_column_list {}
 	| INSERT	{ Lex->which_columns = INSERT_ACL;} opt_column_list {}
 	| UPDATE_SYM	{ Lex->which_columns = UPDATE_ACL; } opt_column_list {}
@@ -7587,6 +7592,8 @@ grant_privilege:
 	| REPLICATION CLIENT_SYM { Lex->grant |= REPL_CLIENT_ACL; }
 	| CREATE VIEW_SYM { Lex->grant |= CREATE_VIEW_ACL; }
 	| SHOW VIEW_SYM { Lex->grant |= SHOW_VIEW_ACL; }
+	| CREATE ROUTINE_SYM { Lex->grant |= CREATE_PROC_ACL; }
+	| ALTER ROUTINE_SYM { Lex->grant |= ALTER_PROC_ACL; }
 	;
author	unknown <acurtis@pcgem.rdg.cyberkinetica.com>	2004-12-23 10:46:24 +0000
committer	unknown <acurtis@pcgem.rdg.cyberkinetica.com>	2004-12-23 10:46:24 +0000
commit	9c9573a4fa727a9d3ad6cecc898fe3cadfac6cc8 (patch)
tree	1f9ae909b765f73df023264dce5aa52d83e5cb8e /sql/sql_yacc.yy
parent	67018e8874cc4307b0015cb9d7cbc38a3c32844f (diff)
download	mariadb-git-9c9573a4fa727a9d3ad6cecc898fe3cadfac6cc8.tar.gz