From: Date: April 1 2005 11:29am
Subject: bk commit into 5.0 tree (gluh:1.1849) BUG#7214
List-Archive: http://lists.mysql.com/internals/23556
X-Bug: 7214
Message-Id: <200504010929.j319T0Ct017135@eagle.intranet.mysql.r18.ru>

Below is the list of changes that have just been committed into a local
5.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.1849 05/04/01 14:28:55 gluh@stripped +4 -0
  Fix for bug#7214: information_schema: unauthorized user can see metadata
    the fix for 'columns' table only
    Rights check for 'routines' table is already done
    (see WL#2131 Access control for SHOW ... PROCEDURE|FUNCTION ...)

  BitKeeper/etc/logging_ok
    1.312 05/04/01 14:28:54 gluh@stripped +1 -0
    Logging to logging@stripped accepted

  sql/sql_show.cc
    1.231 05/04/01 14:27:36 gluh@stripped +25 -20
    Fix for bug#7214: information_schema: unauthorized user can see metadata

  mysql-test/t/information_schema.test
    1.30 05/04/01 14:27:36 gluh@stripped +10 -3
    Fix for bug#7214: information_schema: unauthorized user can see metadata

  mysql-test/r/information_schema.result
    1.44 05/04/01 14:27:36 gluh@stripped +11 -2
    Fix for bug#7214: information_schema: unauthorized user can see metadata

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	gluh
# Host:	eagle.intranet.mysql.r18.ru
# Root:	/home/gluh/MySQL/Bugs/mysql-5.0.7214

--- 1.230/sql/sql_show.cc	Wed Mar 30 18:00:27 2005
+++ 1.231/sql/sql_show.cc	Fri Apr  1 14:27:36 2005
@@ -2290,8 +2290,32 @@
       char tmp[MAX_FIELD_WIDTH];
       char tmp1[MAX_FIELD_WIDTH];
       String type(tmp,sizeof(tmp), system_charset_info);
+      char *end= tmp;
       count++;
       restore_record(table, s->default_values);
+
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+      uint col_access;
+      check_access(thd,SELECT_ACL | EXTRA_ACL, base_name,
+                   &tables->grant.privilege, 0, 0);
+      col_access= get_column_grant(thd, &tables->grant, tables->db,
+                                   tables->table_name,
+                                   field->field_name) & COL_ACLS;
+      if (lex->orig_sql_command != SQLCOM_SHOW_FIELDS  && !col_access)
+        continue;
+      for (uint bitnr=0; col_access ; col_access>>=1,bitnr++)
+      {
+        if (col_access & 1)
+        {
+          *end++=',';
+          end=strmov(end,grant_types.type_names[bitnr]);
+        }
+      }
+#else
+      end=strmov(end,"");
+#endif
+      table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs);
+
       table->field[1]->store(base_name, strlen(base_name), cs);
       table->field[2]->store(file_name, strlen(file_name), cs);
       table->field[3]->store(field->field_name, strlen(field->field_name),
@@ -2396,31 +2420,12 @@
                    (field->flags & MULTIPLE_KEY_FLAG) ? "MUL":"");
       table->field[15]->store((const char*) pos,
                               strlen((const char*) pos), cs);
-      char *end= tmp;
+      end= tmp;
       if (field->unireg_check == Field::NEXT_NUMBER)
         end=strmov(tmp,"auto_increment");
       table->field[16]->store(tmp, (uint) (end-tmp), cs);
 
       end=tmp;
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
-      uint col_access;
-      check_access(thd,SELECT_ACL | EXTRA_ACL, base_name,
-                   &tables->grant.privilege, 0, 0);
-      col_access= get_column_grant(thd, &tables->grant, tables->db,
-                                   tables->table_name,
-                                   field->field_name) & COL_ACLS;
-      for (uint bitnr=0; col_access ; col_access>>=1,bitnr++)
-      {
-        if (col_access & 1)
-        {
-          *end++=',';
-          end=strmov(end,grant_types.type_names[bitnr]);
-        }
-      }
-#else
-      end=strmov(end,"");
-#endif
-      table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs);
       table->field[18]->store(field->comment.str, field->comment.length, cs);
       if (schema_table_store_record(thd, table))
         DBUG_RETURN(1);

--- 1.311/BitKeeper/etc/logging_ok	Thu Mar 31 17:32:49 2005
+++ 1.312/BitKeeper/etc/logging_ok	Fri Apr  1 14:28:54 2005
@@ -56,6 +56,7 @@
 georg@stripped
 georg@stripped
 gerberb@stripped
+gluh@stripped
 gluh@gluh.(none)
 gluh@stripped
 gordon@stripped

--- 1.43/mysql-test/r/information_schema.result	Fri Mar 25 16:09:14 2005
+++ 1.44/mysql-test/r/information_schema.result	Fri Apr  1 14:27:36 2005
@@ -137,6 +137,15 @@
 show columns from testtets.t1 where field like "%a%";
 Field	Type	Null	Key	Default	Extra
 a	int(11)	YES		NULL	
+grant select (a) on testtets.t1 to mysqltest_2@localhost;
+select table_name, column_name, privileges from information_schema.columns 
+where table_schema = 'testtets' and table_name = 't1';
+table_name	column_name	privileges
+t1	a	select
+show columns from testtets.t1;
+Field	Type	Null	Key	Default	Extra
+a	int(11)	YES		NULL	
+b	varchar(30)	YES	MUL	NULL	
 drop view v1;
 drop tables testtets.t4, testtets.t1, t2, t3;
 drop database testtets;
@@ -352,8 +361,8 @@
 'mysqltest_1'@'localhost'	NULL	test	t1	a	REFERENCES	NO
 delete from mysql.user where user='mysqltest_1' or user='mysqltest_2';
 delete from mysql.db where user='mysqltest_1' or user='mysqltest_2';
-delete from mysql.tables_priv where user='mysqltest_1';
-delete from mysql.columns_priv where user='mysqltest_1';
+delete from mysql.tables_priv where user='mysqltest_1' or user='mysqltest_2';
+delete from mysql.columns_priv where user='mysqltest_1' or user='mysqltest_2';
 flush privileges;
 drop table t1;
 create table t1 (a int null, primary key(a));

--- 1.29/mysql-test/t/information_schema.test	Thu Mar 24 17:32:04 2005
+++ 1.30/mysql-test/t/information_schema.test	Fri Apr  1 14:27:36 2005
@@ -46,6 +46,14 @@
 and column_name= "a";
 show columns from testtets.t1 where field like "%a%";
 
+grant select (a) on testtets.t1 to mysqltest_2@localhost;
+connect (user3,localhost,mysqltest_2,,);
+connection user3;
+select table_name, column_name, privileges from information_schema.columns 
+where table_schema = 'testtets' and table_name = 't1';
+show columns from testtets.t1;
+connection default;
+
 drop view v1;
 drop tables testtets.t4, testtets.t1, t2, t3;
 drop database testtets;
@@ -105,7 +113,6 @@
 select count(*) from information_schema.ROUTINES;
 
 connect (user1,localhost,mysqltest_1,,);
-connect (user3,localhost,mysqltest_2,,);
 connection user1;
 select ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES;
 --error 1305
@@ -164,8 +171,8 @@
 select * from information_schema.COLUMN_PRIVILEGES where grantee like '%mysqltest_1%';
 delete from mysql.user where user='mysqltest_1' or user='mysqltest_2';
 delete from mysql.db where user='mysqltest_1' or user='mysqltest_2';
-delete from mysql.tables_priv where user='mysqltest_1';
-delete from mysql.columns_priv where user='mysqltest_1';
+delete from mysql.tables_priv where user='mysqltest_1' or user='mysqltest_2';
+delete from mysql.columns_priv where user='mysqltest_1' or user='mysqltest_2';
 flush privileges;
 drop table t1;