From bd49d8debfc1821cb9d158efb9cdfc55231e54ee Mon Sep 17 00:00:00 2001
From: unknown <anozdrin/alik@booka.opbmk>
Date: Fri, 23 Mar 2007 14:12:11 +0300
Subject: Fix for BUG#9504: Stored procedures: execute privilege doesn't make
 'use database' okay.

The problem was that we didn't check stored-routine privileges
in check_grant_db().

The patch adds this check.


mysql-test/r/grant.result:
  Update result file.
mysql-test/r/sp-security.result:
  Update result fil.
mysql-test/t/grant.test:
  Added test case for BUG#9504.
mysql-test/t/sp-security.test:
  Update test.
sql/sql_acl.cc:
  Check stored routines privileges.
---
 mysql-test/t/grant.test | 83 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)

(limited to 'mysql-test/t/grant.test')

diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test
index 82bf011d32f..92ed69d3f4b 100644
--- a/mysql-test/t/grant.test
+++ b/mysql-test/t/grant.test
@@ -875,4 +875,87 @@ GRANT PROCESS ON * TO user@localhost;
 disconnect con1;
 connection default;
 
+
+#
+# BUG#9504: Stored procedures: execute privilege doesn't make 'use database'
+# okay.
+#
+
+# Prepare.
+
+--disable_warnings
+DROP DATABASE IF EXISTS mysqltest1;
+DROP DATABASE IF EXISTS mysqltest2;
+DROP DATABASE IF EXISTS mysqltest3;
+DROP DATABASE IF EXISTS mysqltest4;
+--enable_warnings
+
+CREATE DATABASE mysqltest1;
+CREATE DATABASE mysqltest2;
+CREATE DATABASE mysqltest3;
+CREATE DATABASE mysqltest4;
+
+CREATE PROCEDURE mysqltest1.p_def() SQL SECURITY DEFINER
+  SELECT 1;
+
+CREATE PROCEDURE mysqltest2.p_inv() SQL SECURITY INVOKER
+  SELECT 1;
+
+CREATE FUNCTION mysqltest3.f_def() RETURNS INT SQL SECURITY DEFINER
+  RETURN 1;                                                        
+                                                                   
+CREATE FUNCTION mysqltest4.f_inv() RETURNS INT SQL SECURITY INVOKER
+  RETURN 1;
+
+GRANT EXECUTE ON PROCEDURE mysqltest1.p_def TO mysqltest_1@localhost;
+GRANT EXECUTE ON PROCEDURE mysqltest2.p_inv TO mysqltest_1@localhost;
+GRANT EXECUTE ON FUNCTION mysqltest3.f_def TO mysqltest_1@localhost;
+GRANT EXECUTE ON FUNCTION mysqltest4.f_inv TO mysqltest_1@localhost;
+
+GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost;
+
+# Test.
+
+--connect (bug9504_con1,localhost,mysqltest_1,,)
+--echo
+--echo ---> connection: bug9504_con1
+
+# - Check that we can switch to the db;
+
+use mysqltest1;
+
+use mysqltest2;
+
+use mysqltest3;
+
+use mysqltest4;
+
+# - Check that we can call stored routines;
+
+use test;
+
+CALL mysqltest1.p_def();
+
+CALL mysqltest2.p_inv();
+
+SELECT mysqltest3.f_def();
+
+SELECT mysqltest4.f_inv();
+
+# Cleanup.
+
+--connection default
+--echo
+--echo ---> connection: default
+
+--disconnect bug9504_con1
+
+DROP DATABASE mysqltest1;
+DROP DATABASE mysqltest2;
+DROP DATABASE mysqltest3;
+DROP DATABASE mysqltest4;
+
+DROP USER mysqltest_1@localhost;
+
+
 --echo End of 5.0 tests
-- 
cgit v1.2.1