Fixed BUG#3339: Stored procedures in nonexistent schemas are uncallable.

Also added some related security tests and corrected related error messages.

mysql-test/r/sp-error.result

@@ -33,15 +33,15 @@ ERROR 42000: FUNCTION func1 already exists
 drop procedure proc1|
 drop function func1|
 alter procedure foo|
-ERROR 42000: PROCEDURE foo does not exist
+ERROR 42000: PROCEDURE test.foo does not exist
 alter function foo|
-ERROR 42000: FUNCTION foo does not exist
+ERROR 42000: FUNCTION test.foo does not exist
 drop procedure foo|
-ERROR 42000: PROCEDURE foo does not exist
+ERROR 42000: PROCEDURE test.foo does not exist
 drop function foo|
-ERROR 42000: FUNCTION foo does not exist
+ERROR 42000: FUNCTION test.foo does not exist
 call foo()|
-ERROR 42000: PROCEDURE foo does not exist
+ERROR 42000: PROCEDURE test.foo does not exist
 drop procedure if exists foo|
 Warnings:
 Warning	1298	PROCEDURE foo does not exist
@@ -193,7 +193,7 @@ call p()|
 ERROR 24000: Cursor is not open
 drop procedure p|
 alter procedure bar3 sql security invoker|
-ERROR 42000: PROCEDURE bar3 does not exist
+ERROR 42000: PROCEDURE test.bar3 does not exist
 alter procedure bar3 name
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA|
 ERROR 42000: Identifier name 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' is too long
@@ -395,4 +395,6 @@ select @x|
 0
 drop procedure bug3279|
 drop table t3|
+create procedure nodb.bug3339() begin end|
+ERROR 42000: Unknown database 'nodb'
 drop table t1|

mysql-test/r/sp-security.result

@@ -3,6 +3,8 @@ grant usage on *.* to user1@localhost;
 flush privileges;
 drop database if exists db1_secret;
 create database db1_secret;
+create procedure db1_secret.dummy() begin end;
+drop procedure db1_secret.dummy;
 use db1_secret;
 create table t1 ( u varchar(64), i int );
 create procedure stamp(i int)
@@ -27,12 +29,20 @@ db1_secret.db()
 db1_secret
 select * from db1_secret.t1;
 ERROR 42000: Access denied for user: 'user1'@'localhost' to database 'db1_secret'
+create procedure db1_secret.dummy() begin end;
+ERROR 42000: Unknown database 'db1_secret'
+drop procedure db1_secret.dummy;
+ERROR 42000: PROCEDURE db1_secret.dummy does not exist
 call db1_secret.stamp(3);
 select db1_secret.db();
 db1_secret.db()
 db1_secret
 select * from db1_secret.t1;
 ERROR 42000: Access denied for user: ''@'localhost' to database 'db1_secret'
+create procedure db1_secret.dummy() begin end;
+ERROR 42000: Unknown database 'db1_secret'
+drop procedure db1_secret.dummy;
+ERROR 42000: PROCEDURE db1_secret.dummy does not exist
 select * from t1;
 u	i
 root@localhost	1

mysql-test/t/sp-error.test

@@ -517,7 +517,6 @@ end case|
 call bug3287(2)|
 drop procedure bug3287|
 
-
 #
 # BUG#3297
 #
@@ -548,6 +547,13 @@ select @x|
 drop procedure bug3279|
 drop table t3|
 
+#
+# BUG#3339
+#
+--error 1049
+create procedure nodb.bug3339() begin end|
+
+
 drop table t1|
 
 delimiter ;|

mysql-test/t/sp-security.test

@@ -17,6 +17,10 @@ drop database if exists db1_secret;
 # Create our secret database
 create database db1_secret;
 
+# Can create a procedure in other db
+create procedure db1_secret.dummy() begin end;
+drop procedure db1_secret.dummy;
+
 use db1_secret;
 
 create table t1 ( u varchar(64), i int );
@@ -39,6 +43,7 @@ select db();
 connect (con2user1,localhost,user1,,);
 connect (con3anon,localhost,anon,,);
 
+
 #
 # User1 can
 #
@@ -52,6 +57,13 @@ select db1_secret.db();
 --error 1044
 select * from db1_secret.t1;
 
+# ...and not this
+--error 1049
+create procedure db1_secret.dummy() begin end;
+--error 1298
+drop procedure db1_secret.dummy;
+
+
 #
 # Anonymous can
 #
@@ -65,6 +77,13 @@ select db1_secret.db();
 --error 1044
 select * from db1_secret.t1;
 
+# ...and not this
+--error 1049
+create procedure db1_secret.dummy() begin end;
+--error 1298
+drop procedure db1_secret.dummy;
+
+
 #
 # Check it out
 #

sql/sp.cc

@@ -314,9 +314,19 @@ db_create_routine(THD *thd, int type, sp_head *sp)
   TABLE *table;
   TABLE_LIST tables;
   char definer[HOSTNAME_LENGTH+USERNAME_LENGTH+2];
+  char olddb[128];
+  bool dbchanged;
   DBUG_ENTER("db_create_routine");
   DBUG_PRINT("enter", ("type: %d name: %*s",type,sp->m_name.length,sp->m_name.str));
 
+  dbchanged= FALSE;
+  if ((ret= sp_use_new_db(thd, sp->m_db.str, olddb, sizeof(olddb),
+			  0, &dbchanged)))
+  {
+    ret= SP_NO_DB_ERROR;
+    goto done;
+  }
+
   memset(&tables, 0, sizeof(tables));
   tables.db= (char*)"mysql";
   tables.real_name= tables.alias= (char*)"proc";
@@ -370,6 +380,8 @@ db_create_routine(THD *thd, int type, sp_head *sp)
 
 done:
   close_thread_tables(thd);
+  if (dbchanged)
+    (void)sp_change_db(thd, olddb, 1);
   DBUG_RETURN(ret);
 }
 

sql/sp.h

@@ -27,6 +27,7 @@
 #define SP_GET_FIELD_FAILED  -5
 #define SP_PARSE_ERROR       -6
 #define SP_INTERNAL_ERROR    -7
+#define SP_NO_DB_ERROR       -8
 
 /* Drop all routines in database 'db' */
 int

sql/sql_parse.cc

@@ -3410,6 +3410,11 @@ unsent_create_error:
       delete lex->sphead;
       lex->sphead= 0;
       goto error;
+    case SP_NO_DB_ERROR:
+      net_printf(thd, ER_BAD_DB_ERROR, lex->sphead->m_db);
+      delete lex->sphead;
+      lex->sphead= 0;
+      goto error;
     default:
       net_printf(thd, ER_SP_STORE_FAILED, SP_TYPE_STRING(lex), name);
       delete lex->sphead;
@@ -3425,7 +3430,7 @@ unsent_create_error:
       if (!(sp= sp_find_procedure(thd, lex->spname)))
       {
 	net_printf(thd, ER_SP_DOES_NOT_EXIST, "PROCEDURE",
-		   lex->spname->m_name.str);
+		   lex->spname->m_qname.str);
 	goto error;
       }
       else
@@ -3519,11 +3524,11 @@ unsent_create_error:
 	break;
       case SP_KEY_NOT_FOUND:
 	net_printf(thd, ER_SP_DOES_NOT_EXIST, SP_COM_STRING(lex),
-		   lex->spname->m_name.str);
+		   lex->spname->m_qname.str);
 	goto error;
       default:
 	net_printf(thd, ER_SP_CANT_ALTER, SP_COM_STRING(lex),
-		   lex->spname->m_name.str);
+		   lex->spname->m_qname.str);
 	goto error;
       }
       break;
@@ -3570,11 +3575,11 @@ unsent_create_error:
 	  break;
 	}
 	net_printf(thd, ER_SP_DOES_NOT_EXIST, SP_COM_STRING(lex),
-		   lex->spname->m_name.str);
+		   lex->spname->m_qname.str);
 	goto error;
       default:
 	net_printf(thd, ER_SP_DROP_FAILED, SP_COM_STRING(lex),
-		   lex->spname->m_name.str);
+		   lex->spname->m_qname.str);
 	goto error;
       }
       break;