List:Commits« Previous MessageNext Message »
From:Jim Winstead Date:March 7 2006 9:34pm
Subject:bk commit into 5.1 tree (jimw:1.2159) BUG#17139
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of jimw. When jimw does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2159 06/03/07 12:34:31 jimw@stripped +3 -0
  Bug #17139: Partitions: unprivileged user can effectively drop table
  
  Now the DROP privilege is required on a table in order to be able
  to drop a partition from the table.

  mysql-test/t/partition_grant.test
    1.1 06/03/07 12:34:27 jimw@stripped +43 -0
    New BitKeeper file ``mysql-test/t/partition_grant.test''

  mysql-test/t/partition_grant.test
    1.0 06/03/07 12:34:27 jimw@stripped +0 -0
    BitKeeper file /home/jimw/my/mysql-5.1-17139/mysql-test/t/partition_grant.test

  mysql-test/r/partition_grant.result
    1.1 06/03/07 12:34:26 jimw@stripped +20 -0
    New BitKeeper file ``mysql-test/r/partition_grant.result''

  sql/sql_parse.cc
    1.527 06/03/07 12:34:26 jimw@stripped +7 -2
    Require DROP privilege instead of ALTER for dropping a partition

  mysql-test/r/partition_grant.result
    1.0 06/03/07 12:34:26 jimw@stripped +0 -0
    BitKeeper file /home/jimw/my/mysql-5.1-17139/mysql-test/r/partition_grant.result

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	jimw
# Host:	rama.(none)
# Root:	/home/jimw/my/mysql-5.1-17139

--- 1.526/sql/sql_parse.cc	2006-03-01 12:39:23 -08:00
+++ 1.527/sql/sql_parse.cc	2006-03-07 12:34:26 -08:00
@@ -2975,6 +2975,11 @@
 #else
     {
       ulong priv=0;
+      ulong priv_needed= ALTER_ACL;
+      /* We actually require DROP priv for ALTER TABLE ... DROP PARTITION */
+      if (lex->alter_info.flags & ALTER_DROP_PARTITION)
+        priv_needed= DROP_ACL;
+
       if (lex->name && (!lex->name[0] || strlen(lex->name) >
NAME_LEN))
       {
 	my_error(ER_WRONG_TABLE_NAME, MYF(0), lex->name);
@@ -2999,7 +3004,7 @@
         else
           select_lex->db= first_table->db;
       }
-      if (check_access(thd, ALTER_ACL, first_table->db,
+      if (check_access(thd, priv_needed, first_table->db,
 		       &first_table->grant.privilege, 0, 0,
                        test(first_table->schema_table)) ||
 	  check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0,
@@ -3010,7 +3015,7 @@
 	goto error;				/* purecov: inspected */
       if (grant_option)
       {
-	if (check_grant(thd, ALTER_ACL, all_tables, 0, UINT_MAX, 0))
+	if (check_grant(thd, priv_needed, all_tables, 0, UINT_MAX, 0))
 	  goto error;
 	if (lex->name && !test_all_bits(priv,INSERT_ACL | CREATE_ACL))
 	{					// Rename of table
--- New file ---
+++ mysql-test/r/partition_grant.result	06/03/07 12:34:26
drop schema if exists mysqltest_1;
create schema mysqltest_1;
use mysqltest_1;
create table t1 (a int) partition by list (a) (partition p1 values in (1), partition p2
values in (2), partition p3 values in (3));
insert into t1 values (1),(2);
grant select,alter on mysqltest_1.* to mysqltest_1@localhost;
show grants for current_user;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT SELECT, ALTER ON `mysqltest_1`.* TO 'mysqltest_1'@'localhost'
alter table t1 add b int;
alter table t1 drop partition p2;
ERROR 42000: DROP command denied to user 'mysqltest_1'@'localhost' for table 't1'
grant drop on mysqltest_1.* to mysqltest_1@localhost;
alter table t1 drop partition p2;
revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
drop user mysqltest_1@localhost;
drop table t1;
drop schema mysqltest_1;
End of 5.1 tests

--- New file ---
+++ mysql-test/t/partition_grant.test	06/03/07 12:34:27
-- source include/have_partition.inc
# Grant tests not performed with embedded server
-- source include/not_embedded.inc

--disable_warnings
drop schema if exists mysqltest_1;
--enable_warnings


#
# Bug #17139: ALTER TABLE ... DROP PARTITION should require DROP privilege
#

create schema mysqltest_1;
use mysqltest_1;

create table t1 (a int) partition by list (a) (partition p1 values in (1), partition p2
values in (2), partition p3 values in (3));
insert into t1 values (1),(2);

grant select,alter on mysqltest_1.* to mysqltest_1@localhost;

connect (conn1,localhost,mysqltest_1,,mysqltest_1);
show grants for current_user;
alter table t1 add b int;
--error ER_TABLEACCESS_DENIED_ERROR
alter table t1 drop partition p2;
disconnect conn1;

connection default;
grant drop on mysqltest_1.* to mysqltest_1@localhost;

connect (conn2,localhost,mysqltest_1,,mysqltest_1);
alter table t1 drop partition p2;
disconnect conn2;

connection default;

revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
drop user mysqltest_1@localhost;
drop table t1;
drop schema mysqltest_1;

--echo End of 5.1 tests
Thread
bk commit into 5.1 tree (jimw:1.2159) BUG#17139Jim Winstead7 Mar