Below is the list of changes that have just been committed into a local
5.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet
1.1989 05/06/29 16:26:24 gluh@stripped +11 -0
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
sql/sql_view.cc
1.49 05/06/29 16:25:23 gluh@stripped +7 -3
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
sql/sql_update.cc
1.161 05/06/29 16:25:23 gluh@stripped +1 -1
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
sql/sql_show.cc
1.255 05/06/29 16:25:22 gluh@stripped +2 -2
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
sql/sql_repl.cc
1.141 05/06/29 16:25:22 gluh@stripped +2 -2
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
sql/sql_prepare.cc
1.129 05/06/29 16:25:22 gluh@stripped +1 -1
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
sql/sql_parse.cc
1.462 05/06/29 16:25:22 gluh@stripped +86 -41
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
sql/sql_acl.cc
1.162 05/06/29 16:25:22 gluh@stripped +5 -5
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
sql/repl_failsafe.cc
1.55 05/06/29 16:25:22 gluh@stripped +1 -1
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
sql/mysql_priv.h
1.319 05/06/29 16:25:22 gluh@stripped +1 -1
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
mysql-test/t/information_schema.test
1.41 05/06/29 16:25:22 gluh@stripped +37 -1
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
mysql-test/r/information_schema.result
1.58 05/06/29 16:25:22 gluh@stripped +23 -1
Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review)
added privilege check for information schema db & tables
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: gluh
# Host: eagle.intranet.mysql.r18.ru
# Root: /home/gluh/MySQL/Bugs/5.0.9846
--- 1.318/sql/mysql_priv.h Tue Jun 21 19:18:22 2005
+++ 1.319/sql/mysql_priv.h Wed Jun 29 16:25:22 2005
@@ -609,7 +609,7 @@
bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
bool *write_to_binlog);
bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv,
- bool no_grant, bool no_errors);
+ bool no_grant, bool no_errors, bool schema_db);
bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
bool no_errors);
bool check_global_access(THD *thd, ulong want_access);
--- 1.161/sql/sql_acl.cc Wed Jun 22 14:08:21 2005
+++ 1.162/sql/sql_acl.cc Wed Jun 29 16:25:22 2005
@@ -1291,7 +1291,7 @@
(strcmp(thd->user,user) ||
my_strcasecmp(system_charset_info, host, thd->host_or_ip)))
{
- if (check_access(thd, UPDATE_ACL, "mysql",0,1,0))
+ if (check_access(thd, UPDATE_ACL, "mysql",0,1,0,0))
return(1);
}
if (!thd->slave_thread && !thd->user[0])
@@ -5408,7 +5408,7 @@
ulong want_access;
char buff[100];
TABLE *table= tables->table;
- bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+ bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
DBUG_ENTER("fill_schema_user_privileges");
@@ -5461,7 +5461,7 @@
ulong want_access;
char buff[100];
TABLE *table= tables->table;
- bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+ bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
DBUG_ENTER("fill_schema_schema_privileges");
@@ -5516,7 +5516,7 @@
uint index;
char buff[100];
TABLE *table= tables->table;
- bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+ bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
DBUG_ENTER("fill_schema_table_privileges");
@@ -5578,7 +5578,7 @@
uint index;
char buff[100];
TABLE *table= tables->table;
- bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+ bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
DBUG_ENTER("fill_schema_table_privileges");
--- 1.461/sql/sql_parse.cc Mon Jun 27 17:26:04 2005
+++ 1.462/sql/sql_parse.cc Wed Jun 29 16:25:22 2005
@@ -1777,7 +1777,7 @@
remove_escape(table_list.table_name); // This can't have wildcards
if (check_access(thd,SELECT_ACL,table_list.db,&table_list.grant.privilege,
- 0, 0))
+ 0, 0, 0))
break;
if (grant_option &&
check_grant(thd, SELECT_ACL, &table_list, 2, UINT_MAX, 0))
@@ -1818,7 +1818,9 @@
my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL");
break;
}
- if (check_access(thd,CREATE_ACL,db,0,1,0))
+ if (check_access(thd,CREATE_ACL,db,0,1,0,
+ !my_strcasecmp(system_charset_info, db,
+ information_schema_name.str)))
break;
mysql_log.write(thd,command,packet);
bzero(&create_info, sizeof(create_info));
@@ -1837,7 +1839,9 @@
my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL");
break;
}
- if (check_access(thd,DROP_ACL,db,0,1,0))
+ if (check_access(thd,DROP_ACL,db,0,1,0,
+ !my_strcasecmp(system_charset_info, db,
+ information_schema_name.str)))
break;
if (thd->locked_tables || thd->active_transaction())
{
@@ -2123,7 +2127,7 @@
my_error(ER_WRONG_DB_NAME, MYF(0), db);
DBUG_RETURN(1);
}
- if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0))
+ if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0,0))
DBUG_RETURN(1); /* purecov: inspected */
if (!thd->col_access && check_grant_db(thd,db))
{
@@ -2160,7 +2164,7 @@
remove_escape(db); // Fix escaped '_'
remove_escape(table_list->table_name);
if (check_access(thd,SELECT_ACL | EXTRA_ACL,db,
- &table_list->grant.privilege, 0, 0))
+ &table_list->grant.privilege, 0, 0, 0))
DBUG_RETURN(1); /* purecov: inspected */
if (grant_option && check_grant(thd, SELECT_ACL, table_list, 2,
UINT_MAX, 0))
@@ -2391,7 +2395,7 @@
else
res= check_access(thd,
lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL,
- any_db, 0, 0, 0);
+ any_db, 0, 0, 0, 0);
if (res)
goto error;
@@ -2662,7 +2666,8 @@
DBUG_ASSERT(first_table == all_tables && first_table != 0);
if (check_db_used(thd, all_tables) ||
check_access(thd, INDEX_ACL, first_table->db,
- &first_table->grant.privilege, 0, 0))
+ &first_table->grant.privilege, 0, 0,
+ first_table->schema_table))
goto error;
res= mysql_assign_to_keycache(thd, first_table, &lex->ident);
break;
@@ -2672,7 +2677,8 @@
DBUG_ASSERT(first_table == all_tables && first_table != 0);
if (check_db_used(thd, all_tables) ||
check_access(thd, INDEX_ACL, first_table->db,
- &first_table->grant.privilege, 0, 0))
+ &first_table->grant.privilege, 0, 0,
+ first_table->schema_table))
goto error;
res = mysql_preload_keys(thd, first_table);
break;
@@ -2738,7 +2744,8 @@
if (!first_table->db)
first_table->db= thd->db;
if (check_access(thd, CREATE_ACL, first_table->db,
- &first_table->grant.privilege, 0, 0))
+ &first_table->grant.privilege, 0, 0,
+ first_table->schema_table))
goto error; /* purecov: inspected */
if (grant_option)
{
@@ -2984,8 +2991,11 @@
if (!select_lex->db)
select_lex->db= first_table->db;
if (check_access(thd, ALTER_ACL, first_table->db,
- &first_table->grant.privilege, 0, 0) ||
- check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0)||
+ &first_table->grant.privilege, 0, 0,
+ first_table->schema_table) ||
+ check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0,
+ !my_strcasecmp(system_charset_info, select_lex->db,
+ information_schema_name.str))||
check_merge_table_access(thd, first_table->db,
(TABLE_LIST *)
lex->create_info.merge_list.first))
@@ -3035,9 +3045,10 @@
for (table= first_table; table; table= table->next_local->next_local)
{
if (check_access(thd, ALTER_ACL | DROP_ACL, table->db,
- &table->grant.privilege,0,0) ||
+ &table->grant.privilege,0,0, table->schema_table) ||
check_access(thd, INSERT_ACL | CREATE_ACL, table->next_local->db,
- &table->next_local->grant.privilege, 0, 0))
+ &table->next_local->grant.privilege, 0, 0,
+ table->next_local->schema_table))
goto error;
if (grant_option)
{
@@ -3089,7 +3100,7 @@
if (check_db_used(thd, all_tables) ||
check_access(thd, SELECT_ACL | EXTRA_ACL, first_table->db,
- &first_table->grant.privilege, 0, 0))
+ &first_table->grant.privilege, 0, 0, 0))
goto error;
if (grant_option && check_grant(thd, SELECT_ACL, all_tables, 2, UINT_MAX, 0))
goto error;
@@ -3413,7 +3424,7 @@
goto error;
#else
{
- if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0))
+ if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0,0))
goto error;
res= mysqld_show_logs(thd);
break;
@@ -3541,7 +3552,9 @@
break;
}
#endif
- if (check_access(thd,CREATE_ACL,lex->name,0,1,0))
+ if (check_access(thd,CREATE_ACL,lex->name,0,1,0,
+ !my_strcasecmp(system_charset_info, lex->name,
+ information_schema_name.str)))
break;
res= mysql_create_db(thd,(lower_case_table_names == 2 ? alias : lex->name),
&lex->create_info, 0);
@@ -3575,7 +3588,9 @@
break;
}
#endif
- if (check_access(thd,DROP_ACL,lex->name,0,1,0))
+ if (check_access(thd,DROP_ACL,lex->name,0,1,0,
+ !my_strcasecmp(system_charset_info, lex->name,
+ information_schema_name.str)))
break;
if (thd->locked_tables || thd->active_transaction())
{
@@ -3615,7 +3630,9 @@
break;
}
#endif
- if (check_access(thd, ALTER_ACL, db, 0, 1, 0))
+ if (check_access(thd, ALTER_ACL, db, 0, 1, 0,
+ !my_strcasecmp(system_charset_info, db,
+ information_schema_name.str)))
break;
if (thd->locked_tables || thd->active_transaction())
{
@@ -3633,14 +3650,14 @@
my_error(ER_WRONG_DB_NAME, MYF(0), lex->name);
break;
}
- if (check_access(thd,SELECT_ACL,lex->name,0,1,0))
+ if (check_access(thd,SELECT_ACL,lex->name,0,1,0,0))
break;
res=mysqld_show_create_db(thd,lex->name,&lex->create_info);
break;
}
case SQLCOM_CREATE_FUNCTION: // UDF function
{
- if (check_access(thd,INSERT_ACL,"mysql",0,1,0))
+ if (check_access(thd,INSERT_ACL,"mysql",0,1,0,0))
break;
#ifdef HAVE_DLOPEN
if (sp_find_function(thd, lex->spname))
@@ -3658,7 +3675,7 @@
#ifndef NO_EMBEDDED_ACCESS_CHECKS
case SQLCOM_CREATE_USER:
{
- if (check_access(thd, INSERT_ACL, "mysql", 0, 1, 1) &&
+ if (check_access(thd, INSERT_ACL, "mysql", 0, 1, 1, 0) &&
check_global_access(thd,CREATE_USER_ACL))
break;
if (!(res= mysql_create_user(thd, lex->users_list)))
@@ -3674,7 +3691,7 @@
}
case SQLCOM_DROP_USER:
{
- if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 1) &&
+ if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 1, 0) &&
check_global_access(thd,CREATE_USER_ACL))
break;
if (!(res= mysql_drop_user(thd, lex->users_list)))
@@ -3690,7 +3707,7 @@
}
case SQLCOM_RENAME_USER:
{
- if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1) &&
+ if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) &&
check_global_access(thd,CREATE_USER_ACL))
break;
if (!(res= mysql_rename_user(thd, lex->users_list)))
@@ -3706,7 +3723,7 @@
}
case SQLCOM_REVOKE_ALL:
{
- if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1) &&
+ if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) &&
check_global_access(thd,CREATE_USER_ACL))
break;
if (!(res = mysql_revoke_all(thd, lex->users_list)))
@@ -3726,7 +3743,11 @@
if (check_access(thd, lex->grant | lex->grant_tot_col | GRANT_ACL,
first_table ? first_table->db : select_lex->db,
first_table ? &first_table->grant.privilege : 0,
- first_table ? 0 : 1, 0))
+ first_table ? 0 : 1, 0,
+ first_table ? (bool) first_table->schema_table :
+ select_lex->db ?
+ (bool) !my_strcasecmp(system_charset_info, select_lex->db,
+ information_schema_name.str) : 0))
goto error;
if (thd->user) // If not replication
@@ -3751,7 +3772,7 @@
{
// TODO: use check_change_password()
if (check_acl_user(user, &counter) && user->password.str &&
- check_access(thd, UPDATE_ACL,"mysql",0,1,1))
+ check_access(thd, UPDATE_ACL,"mysql",0,1,1,0))
{
my_message(ER_PASSWORD_NOT_ALLOWED,
ER(ER_PASSWORD_NOT_ALLOWED), MYF(0));
@@ -3876,7 +3897,7 @@
case SQLCOM_SHOW_GRANTS:
if ((thd->priv_user &&
!strcmp(thd->priv_user,lex->grant_user->user.str)) ||
- !check_access(thd, SELECT_ACL, "mysql",0,1,0))
+ !check_access(thd, SELECT_ACL, "mysql",0,1,0,0))
{
res = mysql_show_grants(thd,lex->grant_user);
}
@@ -4031,7 +4052,9 @@
DBUG_ASSERT(lex->sphead != 0);
- if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0))
+ if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0,
+ !my_strcasecmp(system_charset_info, lex->sphead->m_db.str,
+ information_schema_name.str)))
{
delete lex->sphead;
lex->sphead= 0;
@@ -4377,7 +4400,7 @@
lex->spname->m_name.length);
if (udf)
{
- if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0))
+ if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0, 0))
goto error;
if (!(res = mysql_drop_function(thd, &lex->spname->m_name)))
{
@@ -4733,7 +4756,8 @@
bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
{
if (check_access(thd, privilege, all_tables->db,
- &all_tables->grant.privilege, 0, 0))
+ &all_tables->grant.privilege, 0, 0,
+ all_tables->schema_table))
return 1;
/* Show only 1 table for check_grant */
@@ -4772,13 +4796,14 @@
bool
check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
- bool dont_check_global_grants, bool no_errors)
+ bool dont_check_global_grants, bool no_errors, bool schema_db)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
ulong db_access;
bool db_is_pattern= test(want_access & GRANT_ACL);
#endif
ulong dummy;
+ const char *db_name;
DBUG_ENTER("check_access");
DBUG_PRINT("enter",("db: %s want_access: %lu master_access: %lu",
db ? db : "", want_access, thd->master_access));
@@ -4796,6 +4821,15 @@
DBUG_RETURN(TRUE); /* purecov: tested */
}
+ db_name= db ? db : thd->db;
+ if (schema_db && (want_access & ~(SELECT_ACL | EXTRA_ACL)))
+ {
+ if (!no_errors)
+ my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
+ thd->priv_user, thd->priv_host, db_name);
+ DBUG_RETURN(TRUE);
+ }
+
#ifdef NO_EMBEDDED_ACCESS_CHECKS
DBUG_RETURN(0);
#else
@@ -4908,6 +4942,15 @@
TABLE_LIST *org_tables=tables;
for (; tables; tables= tables->next_global)
{
+ if (tables->schema_table &&
+ (want_access & ~(SELECT_ACL | EXTRA_ACL)))
+ {
+ if (!no_errors)
+ my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
+ thd->priv_user, thd->priv_host,
+ information_schema_name.str);
+ return TRUE;
+ }
if (tables->derived || tables->schema_table || tables->belong_to_view ||
(tables->table && (int)tables->table->s->tmp_table) ||
my_tz_check_n_skip_implicit_tables(&tables,
@@ -4923,14 +4966,14 @@
else
{
if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
- 0, no_errors))
+ 0, no_errors, tables->schema_table))
return TRUE; // Access denied
found_access=tables->grant.privilege;
found=1;
}
}
else if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
- 0, no_errors))
+ 0, no_errors, tables->schema_table))
return TRUE;
}
if (grant_option)
@@ -4953,7 +4996,7 @@
if ((thd->master_access & want_access) == want_access && !thd->db)
tables->grant.privilege= want_access;
else if (check_access(thd,want_access,db,&tables->grant.privilege,
- 0, no_errors))
+ 0, no_errors, tables->schema_table))
return TRUE;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
@@ -4985,7 +5028,7 @@
ulong save_priv;
if (thd->master_access & SHOW_PROC_ACLS)
return FALSE;
- if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, 0, 1) ||
+ if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, 0, 1, 0) ||
(save_priv & SHOW_PROC_ACLS))
return FALSE;
return check_routine_level_acl(thd, db, name, is_proc);
@@ -5017,7 +5060,7 @@
if (access & want_access)
{
if (!check_access(thd, access, table->db,
- &table->grant.privilege, 0, 1) &&
+ &table->grant.privilege, 0, 1, table->schema_table) &&
!grant_option || !check_grant(thd, access, table, 0, 1, 1))
DBUG_RETURN(0);
}
@@ -6633,7 +6676,8 @@
{
TABLE_LIST *save= table->next_local;
table->next_local= 0;
- if ((check_access(thd, UPDATE_ACL, table->db, &table->grant.privilege,0,1) ||
+ if ((check_access(thd, UPDATE_ACL, table->db, &
+ table->grant.privilege,0,1, table->schema_table) ||
(grant_option && check_grant(thd, UPDATE_ACL, table,0,1,1))) &&
check_one_table_access(thd, SELECT_ACL, table))
goto error;
@@ -6801,11 +6845,11 @@
if (table->derived)
table->grant.privilege= SELECT_ACL;
else if ((check_access(thd, UPDATE_ACL, table->db,
- &table->grant.privilege, 0, 1) ||
+ &table->grant.privilege, 0, 1, table->schema_table) ||
grant_option &&
check_grant(thd, UPDATE_ACL, table, 0, 1, 1)) &&
(check_access(thd, SELECT_ACL, table->db,
- &table->grant.privilege, 0, 0) ||
+ &table->grant.privilege, 0, 0, 0) ||
grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0)))
DBUG_RETURN(TRUE);
@@ -6824,7 +6868,7 @@
!table->table_in_first_from_clause)
{
if (check_access(thd, SELECT_ACL, table->db,
- &table->grant.privilege, 0, 0) ||
+ &table->grant.privilege, 0, 0, 0) ||
grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0))
DBUG_RETURN(TRUE);
}
@@ -7041,7 +7085,8 @@
CREATE_TMP_ACL : CREATE_ACL);
lex->create_info.alias= create_table->alias;
if (check_access(thd, want_priv, create_table->db,
- &create_table->grant.privilege, 0, 0) ||
+ &create_table->grant.privilege, 0, 0,
+ create_table->schema_table) ||
check_merge_table_access(thd, create_table->db,
(TABLE_LIST *)
lex->create_info.merge_list.first))
--- 1.254/sql/sql_show.cc Wed Jun 22 14:08:22 2005
+++ 1.255/sql/sql_show.cc Wed Jun 29 16:25:22 2005
@@ -1985,7 +1985,7 @@
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (with_i_schema || // don't check the rights if information schema db
- !check_access(thd,SELECT_ACL, base_name, &thd->col_access,0,1) ||
+ !check_access(thd,SELECT_ACL, base_name, &thd->col_access,0,1,0) ||
thd->master_access & (DB_ACLS | SHOW_DB_ACL) ||
acl_get(thd->host, thd->ip, thd->priv_user, base_name,0) ||
(grant_option && !check_grant_db(thd, base_name)))
@@ -2379,7 +2379,7 @@
#ifndef NO_EMBEDDED_ACCESS_CHECKS
uint col_access;
check_access(thd,SELECT_ACL | EXTRA_ACL, base_name,
- &tables->grant.privilege, 0, 0);
+ &tables->grant.privilege, 0, 0, 0);
col_access= get_column_grant(thd, &tables->grant,
base_name, file_name,
field->field_name) & COL_ACLS;
--- 1.160/sql/sql_update.cc Wed Jun 1 18:35:04 2005
+++ 1.161/sql/sql_update.cc Wed Jun 29 16:25:23 2005
@@ -717,7 +717,7 @@
{
uint want_privilege= tl->updating ? UPDATE_ACL : SELECT_ACL;
if (check_access(thd, want_privilege,
- tl->db, &tl->grant.privilege, 0, 0) ||
+ tl->db, &tl->grant.privilege, 0, 0, tl->schema_table) ||
(grant_option && check_grant(thd, want_privilege, tl, 0, 1, 0)))
DBUG_RETURN(TRUE);
}
--- 1.48/sql/sql_view.cc Tue Jun 21 22:30:44 2005
+++ 1.49/sql/sql_view.cc Wed Jun 29 16:25:23 2005
@@ -156,11 +156,15 @@
table (i.e. user will not get some privileges by view creation)
*/
if ((check_access(thd, CREATE_VIEW_ACL, view->db, &view->grant.privilege,
- 0, 0) ||
+ 0, 0,
+ !my_strcasecmp(system_charset_info, view->db,
+ information_schema_name.str)) ||
grant_option && check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) ||
(mode != VIEW_CREATE_NEW &&
(check_access(thd, DROP_ACL, view->db, &view->grant.privilege,
- 0, 0) ||
+ 0, 0,
+ !my_strcasecmp(system_charset_info, view->db,
+ information_schema_name.str)) ||
grant_option && check_grant(thd, DROP_ACL, view, 0, 1, 0))))
DBUG_RETURN(TRUE);
for (sl= select_lex; sl; sl= sl->next_select())
@@ -208,7 +212,7 @@
if (!tbl->table_in_first_from_clause)
{
if (check_access(thd, SELECT_ACL, tbl->db,
- &tbl->grant.privilege, 0, 0) ||
+ &tbl->grant.privilege, 0, 0, 0) ||
grant_option && check_grant(thd, SELECT_ACL, tbl, 0, 1, 0))
{
res= TRUE;
--- 1.57/mysql-test/r/information_schema.result Thu Jun 16 13:27:17 2005
+++ 1.58/mysql-test/r/information_schema.result Wed Jun 29 16:25:22 2005
@@ -575,7 +575,7 @@
TABLE_PRIVILEGES
TABLE_CONSTRAINTS
create database information_schema;
-ERROR HY000: Can't create database 'information_schema'; database exists
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
use information_schema;
show full tables like "T%";
Tables_in_information_schema (T%) Table_type
@@ -835,3 +835,25 @@
show create database information_schema;
Database Create Database
information_schema CREATE DATABASE `information_schema` /*!40100 DEFAULT CHARACTER SET utf8 */
+alter database information_schema;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+drop database information_schema;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+drop table information_schema.tables;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+alter table information_schema.tables;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+use information_schema;
+create temporary table schemata(f1 char(10));
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+CREATE PROCEDURE p1 ()
+BEGIN
+SELECT 'foo' FROM DUAL;
+END |
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+select ROUTINE_NAME from routines;
+ROUTINE_NAME
+grant all on information_schema.* to 'user1'@'localhost';
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+grant select on information_schema.* to 'user1'@'localhost';
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
--- 1.40/mysql-test/t/information_schema.test Thu Jun 16 13:27:17 2005
+++ 1.41/mysql-test/t/information_schema.test Wed Jun 29 16:25:22 2005
@@ -326,7 +326,7 @@
where table_schema='information_schema' limit 2;
show tables from information_schema like "T%";
---error 1007
+--error 1044
create database information_schema;
use information_schema;
show full tables like "T%";
@@ -557,3 +557,39 @@
# Bug #9434 SHOW CREATE DATABASE information_schema;
#
show create database information_schema;
+
+#
+# Bug #9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA'
+#
+--error 1044
+alter database information_schema;
+--error 1044
+drop database information_schema;
+--error 1044
+drop table information_schema.tables;
+--error 1044
+alter table information_schema.tables;
+#
+# Bug #9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB
+#
+use information_schema;
+--error 1044
+create temporary table schemata(f1 char(10));
+#
+# Bug #10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
+#
+delimiter |;
+--error 1044
+CREATE PROCEDURE p1 ()
+BEGIN
+ SELECT 'foo' FROM DUAL;
+END |
+delimiter ;|
+select ROUTINE_NAME from routines;
+#
+# Bug #10734 Grant of privileges other than 'select' and 'create view' should fail on schema
+#
+--error 1044
+grant all on information_schema.* to 'user1'@'localhost';
+--error 1044
+grant select on information_schema.* to 'user1'@'localhost';
--- 1.54/sql/repl_failsafe.cc Thu Jun 2 09:15:15 2005
+++ 1.55/sql/repl_failsafe.cc Wed Jun 29 16:25:22 2005
@@ -162,7 +162,7 @@
SLAVE_INFO *si;
uchar *p= packet, *p_end= packet + packet_length;
- if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0))
+ if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0,0))
return 1;
if (!(si = (SLAVE_INFO*)my_malloc(sizeof(SLAVE_INFO), MYF(MY_WME))))
goto err2;
--- 1.140/sql/sql_repl.cc Tue Jun 7 15:13:54 2005
+++ 1.141/sql/sql_repl.cc Wed Jun 29 16:25:22 2005
@@ -769,7 +769,7 @@
int thread_mask;
DBUG_ENTER("start_slave");
- if (check_access(thd, SUPER_ACL, any_db,0,0,0))
+ if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
DBUG_RETURN(1);
lock_slave_threads(mi); // this allows us to cleanly read slave_running
// Get a mask of _stopped_ threads
@@ -894,7 +894,7 @@
if (!thd)
thd = current_thd;
- if (check_access(thd, SUPER_ACL, any_db,0,0,0))
+ if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
return 1;
thd->proc_info = "Killing slave";
int thread_mask;
--- 1.128/sql/sql_prepare.cc Thu Jun 23 21:22:02 2005
+++ 1.129/sql/sql_prepare.cc Wed Jun 29 16:25:22 2005
@@ -1126,7 +1126,7 @@
if (check_table_access(thd, privilege, tables,0))
goto error;
}
- else if (check_access(thd, privilege, any_db,0,0,0))
+ else if (check_access(thd, privilege, any_db,0,0,0,0))
goto error;
#endif
| Thread |
|---|
| • bk commit into 5.0 tree (gluh:1.1989) BUG#10708 | gluh | 29 Jun |
