Commit 2c428ca0 authored by pem@mysql.comhem.se's avatar pem@mysql.comhem.se

Fixed BUG#6030: Stored procedure has no appropriate DROP privilege.

  ...and no ALTER privilege either.
  For now, only the definer and root can drop or alter an SP.
parent ebf8dc0d
...@@ -386,4 +386,5 @@ ...@@ -386,4 +386,5 @@
#define ER_ILLEGAL_VALUE_FOR_TYPE 1367 #define ER_ILLEGAL_VALUE_FOR_TYPE 1367
#define ER_VIEW_NONUPD_CHECK 1368 #define ER_VIEW_NONUPD_CHECK 1368
#define ER_VIEW_CHECK_FAILED 1369 #define ER_VIEW_CHECK_FAILED 1369
#define ER_ERROR_MESSAGES 370 #define ER_SP_ACCESS_DENIED_ERROR 1370
#define ER_ERROR_MESSAGES 371
...@@ -203,3 +203,4 @@ ER_SP_CURSOR_AFTER_HANDLER, "42000", "", ...@@ -203,3 +203,4 @@ ER_SP_CURSOR_AFTER_HANDLER, "42000", "",
ER_SP_CASE_NOT_FOUND, "20000", "", ER_SP_CASE_NOT_FOUND, "20000", "",
ER_DIVISION_BY_ZERO, "22012", "", ER_DIVISION_BY_ZERO, "22012", "",
ER_ILLEGAL_VALUE_FOR_TYPE, "22007", "", ER_ILLEGAL_VALUE_FOR_TYPE, "22007", "",
ER_SP_ACCESS_DENIED_ERROR, "42000", "",
...@@ -115,14 +115,6 @@ foo: loop ...@@ -115,14 +115,6 @@ foo: loop
set @x=2; set @x=2;
end loop bar| end loop bar|
ERROR 42000: End-label bar without match ERROR 42000: End-label bar without match
create procedure foo(out x int)
begin
declare y int;
set x = y;
end|
Warnings:
Warning 1311 Referring to uninitialized variable y
drop procedure foo|
create procedure foo() create procedure foo()
return 42| return 42|
ERROR 42000: RETURN is only allowed in a FUNCTION ERROR 42000: RETURN is only allowed in a FUNCTION
......
...@@ -107,13 +107,20 @@ s1 ...@@ -107,13 +107,20 @@ s1
0 0
2 2
2 2
alter procedure p modifies sql data;
drop procedure p;
alter procedure q modifies sql data;
ERROR 42000: Access denied; you are not the procedure/function definer of 'db2.q'
drop procedure q;
ERROR 42000: Access denied; you are not the procedure/function definer of 'db2.q'
use db2;
alter procedure q modifies sql data;
drop procedure q;
use test; use test;
select type,db,name from mysql.proc; select type,db,name from mysql.proc;
type db name type db name
FUNCTION db1_secret db FUNCTION db1_secret db
PROCEDURE db1_secret stamp PROCEDURE db1_secret stamp
PROCEDURE db2 p
PROCEDURE db2 q
drop database db1_secret; drop database db1_secret;
drop database db2; drop database db2;
select type,db,name from mysql.proc; select type,db,name from mysql.proc;
......
...@@ -1843,13 +1843,9 @@ begin ...@@ -1843,13 +1843,9 @@ begin
declare v char; declare v char;
return v; return v;
end| end|
Warnings:
Warning 1311 Referring to uninitialized variable v
select bug4487()| select bug4487()|
bug4487() bug4487()
NULL NULL
Warnings:
Warning 1311 Referring to uninitialized variable v
drop function bug4487| drop function bug4487|
drop procedure if exists bug4941| drop procedure if exists bug4941|
create procedure bug4941(out x int) create procedure bug4941(out x int)
......
...@@ -156,14 +156,6 @@ foo: loop ...@@ -156,14 +156,6 @@ foo: loop
set @x=2; set @x=2;
end loop bar| end loop bar|
# Referring to undef variable
create procedure foo(out x int)
begin
declare y int;
set x = y;
end|
drop procedure foo|
# RETURN in FUNCTION only # RETURN in FUNCTION only
--error 1313 --error 1313
create procedure foo() create procedure foo()
......
...@@ -180,8 +180,32 @@ use db2; ...@@ -180,8 +180,32 @@ use db2;
call q(); call q();
select * from t2; select * from t2;
# Clean up
#
# BUG#6030: Stored procedure has no appropriate DROP privilege
# (or ALTER for that matter)
# still connection con2user1 in db2
# This should work:
alter procedure p modifies sql data;
drop procedure p;
# This should NOT work
--error 1370
alter procedure q modifies sql data;
--error 1370
drop procedure q;
connection con1root; connection con1root;
use db2;
# But root always can
alter procedure q modifies sql data;
drop procedure q;
# Clean up
#Still connection con1root;
use test; use test;
select type,db,name from mysql.proc; select type,db,name from mysql.proc;
drop database db1_secret; drop database db1_secret;
......
...@@ -398,3 +398,4 @@ character-set=latin2 ...@@ -398,3 +398,4 @@ character-set=latin2
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -389,3 +389,4 @@ character-set=latin1 ...@@ -389,3 +389,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -398,3 +398,4 @@ character-set=latin1 ...@@ -398,3 +398,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -386,3 +386,4 @@ character-set=latin1 ...@@ -386,3 +386,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -391,3 +391,4 @@ character-set=latin7 ...@@ -391,3 +391,4 @@ character-set=latin7
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -386,3 +386,4 @@ character-set=latin1 ...@@ -386,3 +386,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -399,3 +399,4 @@ character-set=latin1 ...@@ -399,3 +399,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -386,3 +386,4 @@ character-set=greek ...@@ -386,3 +386,4 @@ character-set=greek
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -391,3 +391,4 @@ character-set=latin2 ...@@ -391,3 +391,4 @@ character-set=latin2
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -386,3 +386,4 @@ character-set=latin1 ...@@ -386,3 +386,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -390,3 +390,4 @@ character-set=ujis ...@@ -390,3 +390,4 @@ character-set=ujis
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -386,3 +386,4 @@ character-set=euckr ...@@ -386,3 +386,4 @@ character-set=euckr
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -388,3 +388,4 @@ character-set=latin1 ...@@ -388,3 +388,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -388,3 +388,4 @@ character-set=latin1 ...@@ -388,3 +388,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -391,3 +391,4 @@ character-set=latin2 ...@@ -391,3 +391,4 @@ character-set=latin2
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -388,3 +388,4 @@ character-set=latin1 ...@@ -388,3 +388,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -391,3 +391,4 @@ character-set=latin2 ...@@ -391,3 +391,4 @@ character-set=latin2
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -391,3 +391,4 @@ character-set=koi8r ...@@ -391,3 +391,4 @@ character-set=koi8r
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION VIEW '%-.64s.%-.64s'" "CHECK OPTION VIEW '%-.64s.%-.64s'"
" CHECK OPTION VIEW '%-.64s.%-.64s' " " CHECK OPTION VIEW '%-.64s.%-.64s' "
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -379,3 +379,4 @@ character-set=cp1250 ...@@ -379,3 +379,4 @@ character-set=cp1250
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -394,3 +394,4 @@ character-set=latin2 ...@@ -394,3 +394,4 @@ character-set=latin2
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -390,3 +390,4 @@ character-set=latin1 ...@@ -390,3 +390,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -386,3 +386,4 @@ character-set=latin1 ...@@ -386,3 +386,4 @@ character-set=latin1
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION on non-updatable view '%-.64s.%-.64s'" "CHECK OPTION on non-updatable view '%-.64s.%-.64s'"
"CHECK OPTION failed '%-.64s.%-.64s'" "CHECK OPTION failed '%-.64s.%-.64s'"
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -392,3 +392,4 @@ character-set=koi8u ...@@ -392,3 +392,4 @@ character-set=koi8u
"Illegal %s '%-.64s' value found during parsing", "Illegal %s '%-.64s' value found during parsing",
"CHECK OPTION VIEW '%-.64s.%-.64s' " "CHECK OPTION VIEW '%-.64s.%-.64s' "
"צ CHECK OPTION VIEW '%-.64s.%-.64s' " "צ CHECK OPTION VIEW '%-.64s.%-.64s' "
"Access denied; you are not the procedure/function definer of '%s'"
...@@ -69,6 +69,7 @@ static void remove_escape(char *name); ...@@ -69,6 +69,7 @@ static void remove_escape(char *name);
static void refresh_status(void); static void refresh_status(void);
static bool append_file_to_dir(THD *thd, const char **filename_ptr, static bool append_file_to_dir(THD *thd, const char **filename_ptr,
const char *table_name); const char *table_name);
static bool check_sp_definer_access(THD *thd, sp_head *sp);
const char *any_db="*any*"; // Special symbol for check_access const char *any_db="*any*"; // Special symbol for check_access
...@@ -3764,12 +3765,31 @@ purposes internal to the MySQL server", MYF(0)); ...@@ -3764,12 +3765,31 @@ purposes internal to the MySQL server", MYF(0));
} }
case SQLCOM_ALTER_PROCEDURE: case SQLCOM_ALTER_PROCEDURE:
case SQLCOM_ALTER_FUNCTION: case SQLCOM_ALTER_FUNCTION:
{
sp_head *sp;
st_sp_chistics chistics;
memcpy(&chistics, &lex->sp_chistics, sizeof(chistics));
if (lex->sql_command == SQLCOM_ALTER_PROCEDURE)
sp= sp_find_procedure(thd, lex->spname);
else
sp= sp_find_function(thd, lex->spname);
mysql_reset_errors(thd);
if (! sp)
res= SP_KEY_NOT_FOUND;
else
{
if (check_sp_definer_access(thd, sp))
{ {
res= -1; res= -1;
break;
}
memcpy(&lex->sp_chistics, &chistics, sizeof(lex->sp_chistics));
if (lex->sql_command == SQLCOM_ALTER_PROCEDURE) if (lex->sql_command == SQLCOM_ALTER_PROCEDURE)
res= sp_update_procedure(thd, lex->spname, &lex->sp_chistics); res= sp_update_procedure(thd, lex->spname, &lex->sp_chistics);
else else
res= sp_update_function(thd, lex->spname, &lex->sp_chistics); res= sp_update_function(thd, lex->spname, &lex->sp_chistics);
}
switch (res) switch (res)
{ {
case SP_OK: case SP_OK:
...@@ -3789,6 +3809,22 @@ purposes internal to the MySQL server", MYF(0)); ...@@ -3789,6 +3809,22 @@ purposes internal to the MySQL server", MYF(0));
case SQLCOM_DROP_PROCEDURE: case SQLCOM_DROP_PROCEDURE:
case SQLCOM_DROP_FUNCTION: case SQLCOM_DROP_FUNCTION:
{ {
sp_head *sp;
if (lex->sql_command == SQLCOM_DROP_PROCEDURE)
sp= sp_find_procedure(thd, lex->spname);
else
sp= sp_find_function(thd, lex->spname);
mysql_reset_errors(thd);
if (! sp)
res= SP_KEY_NOT_FOUND;
else
{
if (check_sp_definer_access(thd, sp))
{
res= -1;
break;
}
if (lex->sql_command == SQLCOM_DROP_PROCEDURE) if (lex->sql_command == SQLCOM_DROP_PROCEDURE)
res= sp_drop_procedure(thd, lex->spname); res= sp_drop_procedure(thd, lex->spname);
else else
...@@ -3812,6 +3848,7 @@ purposes internal to the MySQL server", MYF(0)); ...@@ -3812,6 +3848,7 @@ purposes internal to the MySQL server", MYF(0));
} }
#endif #endif
} }
}
switch (res) switch (res)
{ {
case SP_OK: case SP_OK:
...@@ -4269,6 +4306,41 @@ static bool check_db_used(THD *thd,TABLE_LIST *tables) ...@@ -4269,6 +4306,41 @@ static bool check_db_used(THD *thd,TABLE_LIST *tables)
return FALSE; return FALSE;
} }
/*
Check if the given SP is owned by thd->priv_user/host, or priv_user is root.
QQ This is not quite complete, but it will do as a basic security check
for now. The question is exactly which rights should 'root' have?
Should root have access regardless of host for instance?
SYNOPSIS
check_sp_definer_access()
thd Thread handler
sp The SP pointer
RETURN
0 ok
1 error Error message has been sent
*/
static bool
check_sp_definer_access(THD *thd, sp_head *sp)
{
LEX_STRING *usr, *hst;
if (strcmp("root", thd->priv_user) == 0)
return FALSE; /* QQ Any root is ok now */
usr= &sp->m_definer_user;
hst= &sp->m_definer_host;
if (strncmp(thd->priv_user, usr->str, usr->length) == 0 &&
strncmp(thd->priv_host, hst->str, hst->length) == 0)
return FALSE; /* Both user and host must match */
my_error(ER_SP_ACCESS_DENIED_ERROR, MYF(0), sp->m_qname.str);
return TRUE; /* Not definer or root */
}
/**************************************************************************** /****************************************************************************
Check stack size; Send error if there isn't enough stack to continue Check stack size; Send error if there isn't enough stack to continue
****************************************************************************/ ****************************************************************************/
......
...@@ -6495,12 +6495,6 @@ simple_ident: ...@@ -6495,12 +6495,6 @@ simple_ident:
if (spc && (spv = spc->find_pvar(&$1))) if (spc && (spv = spc->find_pvar(&$1)))
{ /* We're compiling a stored procedure and found a variable */ { /* We're compiling a stored procedure and found a variable */
if (lex->sql_command != SQLCOM_CALL && ! spv->isset)
{
push_warning_printf(YYTHD, MYSQL_ERROR::WARN_LEVEL_WARN,
ER_SP_UNINIT_VAR, ER(ER_SP_UNINIT_VAR),
$1.str);
}
$$ = (Item*) new Item_splocal($1, spv->offset); $$ = (Item*) new Item_splocal($1, spv->offset);
lex->variables_used= 1; lex->variables_used= 1;
lex->safe_to_cache_query=0; lex->safe_to_cache_query=0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment