From 9c9573a4fa727a9d3ad6cecc898fe3cadfac6cc8 Mon Sep 17 00:00:00 2001
From: unknown <acurtis@pcgem.rdg.cyberkinetica.com>
Date: Thu, 23 Dec 2004 10:46:24 +0000
Subject: WL#925 - Privileges for stored routines   Implement fine-grained
 control over access to stored procedures   Privileges are cached (same way as
 existing table/column privs)

mysql-test/include/system_db_struct.inc:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
mysql-test/r/connect.result:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
mysql-test/r/grant.result:
  WL#925 - Privileges for stored routines
    user table has additional privilege attributes
    SHOW PRIVILEGES amended
mysql-test/r/grant2.result:
  Fix result
mysql-test/r/information_schema.result:
  WL#925 - Privileges for stored routines
    New system table procs_priv
    New user privileges
mysql-test/r/show_check.result:
  Fix result
mysql-test/r/sp-security.result:
  WL#925 - Privileges for stored routines
    Fix existing tests to work with new privileges
    New tests for new privileges
mysql-test/r/sp.result:
  WL#925 - Privileges for stored routines
    Fix SHOW PRIVILEGES results
mysql-test/r/system_mysql_db.result:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
    user and db tables have new privilege attributes
mysql-test/t/grant2.test:
  Fix test
mysql-test/t/show_check.test:
  Fix test
mysql-test/t/sp-security.test:
  WL#925 - Privileges for stored routines
    Allow existing tests to run with new privilege checks
    New tests for privileges
mysql-test/t/system_mysql_db_fix.test:
  WL#925 - Privileges for stored routines
    New system table: procs_priv
scripts/mysql_create_system_tables.sh:
  WL#925 - Privileges for stored routines
    db and user has new privilege attributes
    new system table: procs_priv
scripts/mysql_fix_privilege_tables.sql:
  WL#925 - Privileges for stored routines
    new system table: procs_priv
scripts/mysql_install_db.sh:
  WL#925 - Privileges for stored routines
    Amend comment
sql/item_func.cc:
  WL#925 - Privileges for stored routines
    Privilege check for stored FUNCTION routine
sql/lex.h:
  WL#925 - Privileges for stored routines
    new token ROUTINE
sql/mysql_priv.h:
  WL#925 - Privileges for stored routines
    New function: check_procedure_access()
sql/mysqld.cc:
  WL#925 - Privileges for stored routines
    system option automatic-sp-privileges
sql/set_var.cc:
  WL#925 - Privileges for stored routines
    system option automatic-sp-privileges
sql/share/errmsg.txt:
  WL#925 - Privileges for stored routines
    rename errormessage to conform:
      ER_SP_ACCESS_DENIED_ERROR -> ER_PROCACCESS_DENIED_ERROR
    New error messages
      ER_NONEXISTING_PROC_GRANT, ER_PROC_AUTO_GRANT_FAIL, ER_PROC_AUTO_REVOKE_FAIL
sql/sp.cc:
  WL#925 - Privileges for stored routines
    new function: sp_exists_routine()
sql/sp.h:
  WL#925 - Privileges for stored routines
    new function: sp_exists_routine()
sql/sql_acl.cc:
  WL#925 - Privileges for stored routines
    Implementation for SP privileges.
    Privileges are cached in memory hash.
    New functions:
      mysql_procedure_grant()
      check_grant_procedure()
      sp_revoke_privileges()
      sp_grant_privileges()
sql/sql_acl.h:
  WL#925 - Privileges for stored routines
    New privilege bits: CREATE_PROC_ACL, ALTER_PROC_ACL
    Alter confusing bit-segments to be shifted
    New macros: fix_rights_for_procedure() get_rights_for_procedure()
    New functions:
      mysql_procedure_grant()
      check_grant_procedure()
      sp_grant_privileges()
      sp_revoke_privileges()
sql/sql_lex.h:
  WL#925 - Privileges for stored routines
    new all_privileges attribute in LEX
sql/sql_parse.cc:
  WL#925 - Privileges for stored routines
    Remove function: check_sp_definer_access()
    Add handling for SP grants/revokes
    Add privilege checks for stored procedure invocation
sql/sql_show.cc:
  WL#925 - Privileges for stored routines
    update result for SHOW PRIVILEGES
sql/sql_yacc.yy:
  WL#925 - Privileges for stored routines
    New token ROUTINE
    rename some rules
    handle CREATE ROUTINE / ALTER ROUTINE privileges
---
 sql/sql_yacc.yy | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

(limited to 'sql/sql_yacc.yy')

diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 88cd3daf924..75db6e332f9 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -390,6 +390,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
 %token	RESTORE_SYM
 %token	RESTRICT
 %token	REVOKE
+%token	ROUTINE_SYM
 %token	ROWS_SYM
 %token	ROW_FORMAT_SYM
 %token	ROW_SYM
@@ -790,7 +791,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
 	opt_outer table_list table_name opt_option opt_place
 	opt_attribute opt_attribute_list attribute column_list column_list_id
 	opt_column_list grant_privileges opt_table grant_list grant_option
-	grant_privilege grant_privilege_list user_list rename_list
+	object_privilege object_privilege_list user_list rename_list
 	clear_privileges flush_options flush_option
 	equal optional_braces opt_key_definition key_usage_list2
 	opt_mi_check_type opt_to mi_check_types normal_join
@@ -1301,6 +1302,7 @@ clear_privileges:
           lex->users_list.empty();
           lex->columns.empty();
           lex->grant= lex->grant_tot_col= 0;
+	  lex->all_privileges= 0;
           lex->select_lex.db= 0;
           lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
           lex->ssl_cipher= lex->x509_subject= lex->x509_issuer= 0;
@@ -7031,6 +7033,7 @@ keyword:
 	| RETURNS_SYM           {}
 	| ROLLBACK_SYM		{}
 	| ROLLUP_SYM		{}
+	| ROUTINE_SYM		{}
 	| ROWS_SYM		{}
 	| ROW_FORMAT_SYM	{}
 	| ROW_SYM		{}
@@ -7543,14 +7546,16 @@ revoke_command:
 grant:
 	GRANT clear_privileges grant_privileges ON opt_table TO_SYM grant_list
 	require_clause grant_options
-	{
-	  Lex->sql_command = SQLCOM_GRANT;
-        }
+	{ Lex->sql_command= SQLCOM_GRANT; }
 	;
 
 grant_privileges:
-	grant_privilege_list {}
-	| ALL opt_privileges	{ Lex->grant = GLOBAL_ACLS;}
+	object_privilege_list { }
+	| ALL opt_privileges
+        { 
+          Lex->all_privileges= 1; 
+          Lex->grant= GLOBAL_ACLS;
+        }
         ;
 
 opt_privileges:
@@ -7558,11 +7563,11 @@ opt_privileges:
 	| PRIVILEGES
 	;
 
-grant_privilege_list:
-	grant_privilege
-	| grant_privilege_list ',' grant_privilege;
+object_privilege_list:
+	object_privilege
+	| object_privilege_list ',' object_privilege;
 
-grant_privilege:
+object_privilege:
 	SELECT_SYM	{ Lex->which_columns = SELECT_ACL;} opt_column_list {}
 	| INSERT	{ Lex->which_columns = INSERT_ACL;} opt_column_list {}
 	| UPDATE_SYM	{ Lex->which_columns = UPDATE_ACL; } opt_column_list {}
@@ -7587,6 +7592,8 @@ grant_privilege:
 	| REPLICATION CLIENT_SYM { Lex->grant |= REPL_CLIENT_ACL; }
 	| CREATE VIEW_SYM { Lex->grant |= CREATE_VIEW_ACL; }
 	| SHOW VIEW_SYM { Lex->grant |= SHOW_VIEW_ACL; }
+	| CREATE ROUTINE_SYM { Lex->grant |= CREATE_PROC_ACL; }
+	| ALTER ROUTINE_SYM { Lex->grant |= ALTER_PROC_ACL; }
 	;
 
 
-- 
cgit v1.2.1