From: Date: June 29 2005 1:26pm Subject: bk commit into 5.0 tree (gluh:1.1989) BUG#10708 List-Archive: http://lists.mysql.com/internals/26518 X-Bug: 10708 Message-Id: <200506291126.j5TBQWuG018251@eagle.intranet.mysql.r18.ru> Below is the list of changes that have just been committed into a local 5.0 repository of gluh. When gluh does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet 1.1989 05/06/29 16:26:24 gluh@stripped +11 -0 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables sql/sql_view.cc 1.49 05/06/29 16:25:23 gluh@stripped +7 -3 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables sql/sql_update.cc 1.161 05/06/29 16:25:23 gluh@stripped +1 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables sql/sql_show.cc 1.255 05/06/29 16:25:22 gluh@stripped +2 -2 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables sql/sql_repl.cc 1.141 05/06/29 16:25:22 gluh@stripped +2 -2 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables sql/sql_prepare.cc 1.129 05/06/29 16:25:22 gluh@stripped +1 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables sql/sql_parse.cc 1.462 05/06/29 16:25:22 gluh@stripped +86 -41 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables sql/sql_acl.cc 1.162 05/06/29 16:25:22 gluh@stripped +5 -5 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables sql/repl_failsafe.cc 1.55 05/06/29 16:25:22 gluh@stripped +1 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables sql/mysql_priv.h 1.319 05/06/29 16:25:22 gluh@stripped +1 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables mysql-test/t/information_schema.test 1.41 05/06/29 16:25:22 gluh@stripped +37 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables mysql-test/r/information_schema.result 1.58 05/06/29 16:25:22 gluh@stripped +23 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review) added privilege check for information schema db & tables # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: gluh # Host: eagle.intranet.mysql.r18.ru # Root: /home/gluh/MySQL/Bugs/5.0.9846 --- 1.318/sql/mysql_priv.h Tue Jun 21 19:18:22 2005 +++ 1.319/sql/mysql_priv.h Wed Jun 29 16:25:22 2005 @@ -609,7 +609,7 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, bool *write_to_binlog); bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv, - bool no_grant, bool no_errors); + bool no_grant, bool no_errors, bool schema_db); bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables, bool no_errors); bool check_global_access(THD *thd, ulong want_access); --- 1.161/sql/sql_acl.cc Wed Jun 22 14:08:21 2005 +++ 1.162/sql/sql_acl.cc Wed Jun 29 16:25:22 2005 @@ -1291,7 +1291,7 @@ (strcmp(thd->user,user) || my_strcasecmp(system_charset_info, host, thd->host_or_ip))) { - if (check_access(thd, UPDATE_ACL, "mysql",0,1,0)) + if (check_access(thd, UPDATE_ACL, "mysql",0,1,0,0)) return(1); } if (!thd->slave_thread && !thd->user[0]) @@ -5408,7 +5408,7 @@ ulong want_access; char buff[100]; TABLE *table= tables->table; - bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0); char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_user_privileges"); @@ -5461,7 +5461,7 @@ ulong want_access; char buff[100]; TABLE *table= tables->table; - bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0); char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_schema_privileges"); @@ -5516,7 +5516,7 @@ uint index; char buff[100]; TABLE *table= tables->table; - bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0); char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_table_privileges"); @@ -5578,7 +5578,7 @@ uint index; char buff[100]; TABLE *table= tables->table; - bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0); char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_table_privileges"); --- 1.461/sql/sql_parse.cc Mon Jun 27 17:26:04 2005 +++ 1.462/sql/sql_parse.cc Wed Jun 29 16:25:22 2005 @@ -1777,7 +1777,7 @@ remove_escape(table_list.table_name); // This can't have wildcards if (check_access(thd,SELECT_ACL,table_list.db,&table_list.grant.privilege, - 0, 0)) + 0, 0, 0)) break; if (grant_option && check_grant(thd, SELECT_ACL, &table_list, 2, UINT_MAX, 0)) @@ -1818,7 +1818,9 @@ my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL"); break; } - if (check_access(thd,CREATE_ACL,db,0,1,0)) + if (check_access(thd,CREATE_ACL,db,0,1,0, + !my_strcasecmp(system_charset_info, db, + information_schema_name.str))) break; mysql_log.write(thd,command,packet); bzero(&create_info, sizeof(create_info)); @@ -1837,7 +1839,9 @@ my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL"); break; } - if (check_access(thd,DROP_ACL,db,0,1,0)) + if (check_access(thd,DROP_ACL,db,0,1,0, + !my_strcasecmp(system_charset_info, db, + information_schema_name.str))) break; if (thd->locked_tables || thd->active_transaction()) { @@ -2123,7 +2127,7 @@ my_error(ER_WRONG_DB_NAME, MYF(0), db); DBUG_RETURN(1); } - if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0)) + if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0,0)) DBUG_RETURN(1); /* purecov: inspected */ if (!thd->col_access && check_grant_db(thd,db)) { @@ -2160,7 +2164,7 @@ remove_escape(db); // Fix escaped '_' remove_escape(table_list->table_name); if (check_access(thd,SELECT_ACL | EXTRA_ACL,db, - &table_list->grant.privilege, 0, 0)) + &table_list->grant.privilege, 0, 0, 0)) DBUG_RETURN(1); /* purecov: inspected */ if (grant_option && check_grant(thd, SELECT_ACL, table_list, 2, UINT_MAX, 0)) @@ -2391,7 +2395,7 @@ else res= check_access(thd, lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL, - any_db, 0, 0, 0); + any_db, 0, 0, 0, 0); if (res) goto error; @@ -2662,7 +2666,8 @@ DBUG_ASSERT(first_table == all_tables && first_table != 0); if (check_db_used(thd, all_tables) || check_access(thd, INDEX_ACL, first_table->db, - &first_table->grant.privilege, 0, 0)) + &first_table->grant.privilege, 0, 0, + first_table->schema_table)) goto error; res= mysql_assign_to_keycache(thd, first_table, &lex->ident); break; @@ -2672,7 +2677,8 @@ DBUG_ASSERT(first_table == all_tables && first_table != 0); if (check_db_used(thd, all_tables) || check_access(thd, INDEX_ACL, first_table->db, - &first_table->grant.privilege, 0, 0)) + &first_table->grant.privilege, 0, 0, + first_table->schema_table)) goto error; res = mysql_preload_keys(thd, first_table); break; @@ -2738,7 +2744,8 @@ if (!first_table->db) first_table->db= thd->db; if (check_access(thd, CREATE_ACL, first_table->db, - &first_table->grant.privilege, 0, 0)) + &first_table->grant.privilege, 0, 0, + first_table->schema_table)) goto error; /* purecov: inspected */ if (grant_option) { @@ -2984,8 +2991,11 @@ if (!select_lex->db) select_lex->db= first_table->db; if (check_access(thd, ALTER_ACL, first_table->db, - &first_table->grant.privilege, 0, 0) || - check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0)|| + &first_table->grant.privilege, 0, 0, + first_table->schema_table) || + check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0, + !my_strcasecmp(system_charset_info, select_lex->db, + information_schema_name.str))|| check_merge_table_access(thd, first_table->db, (TABLE_LIST *) lex->create_info.merge_list.first)) @@ -3035,9 +3045,10 @@ for (table= first_table; table; table= table->next_local->next_local) { if (check_access(thd, ALTER_ACL | DROP_ACL, table->db, - &table->grant.privilege,0,0) || + &table->grant.privilege,0,0, table->schema_table) || check_access(thd, INSERT_ACL | CREATE_ACL, table->next_local->db, - &table->next_local->grant.privilege, 0, 0)) + &table->next_local->grant.privilege, 0, 0, + table->next_local->schema_table)) goto error; if (grant_option) { @@ -3089,7 +3100,7 @@ if (check_db_used(thd, all_tables) || check_access(thd, SELECT_ACL | EXTRA_ACL, first_table->db, - &first_table->grant.privilege, 0, 0)) + &first_table->grant.privilege, 0, 0, 0)) goto error; if (grant_option && check_grant(thd, SELECT_ACL, all_tables, 2, UINT_MAX, 0)) goto error; @@ -3413,7 +3424,7 @@ goto error; #else { - if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0)) + if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0,0)) goto error; res= mysqld_show_logs(thd); break; @@ -3541,7 +3552,9 @@ break; } #endif - if (check_access(thd,CREATE_ACL,lex->name,0,1,0)) + if (check_access(thd,CREATE_ACL,lex->name,0,1,0, + !my_strcasecmp(system_charset_info, lex->name, + information_schema_name.str))) break; res= mysql_create_db(thd,(lower_case_table_names == 2 ? alias : lex->name), &lex->create_info, 0); @@ -3575,7 +3588,9 @@ break; } #endif - if (check_access(thd,DROP_ACL,lex->name,0,1,0)) + if (check_access(thd,DROP_ACL,lex->name,0,1,0, + !my_strcasecmp(system_charset_info, lex->name, + information_schema_name.str))) break; if (thd->locked_tables || thd->active_transaction()) { @@ -3615,7 +3630,9 @@ break; } #endif - if (check_access(thd, ALTER_ACL, db, 0, 1, 0)) + if (check_access(thd, ALTER_ACL, db, 0, 1, 0, + !my_strcasecmp(system_charset_info, db, + information_schema_name.str))) break; if (thd->locked_tables || thd->active_transaction()) { @@ -3633,14 +3650,14 @@ my_error(ER_WRONG_DB_NAME, MYF(0), lex->name); break; } - if (check_access(thd,SELECT_ACL,lex->name,0,1,0)) + if (check_access(thd,SELECT_ACL,lex->name,0,1,0,0)) break; res=mysqld_show_create_db(thd,lex->name,&lex->create_info); break; } case SQLCOM_CREATE_FUNCTION: // UDF function { - if (check_access(thd,INSERT_ACL,"mysql",0,1,0)) + if (check_access(thd,INSERT_ACL,"mysql",0,1,0,0)) break; #ifdef HAVE_DLOPEN if (sp_find_function(thd, lex->spname)) @@ -3658,7 +3675,7 @@ #ifndef NO_EMBEDDED_ACCESS_CHECKS case SQLCOM_CREATE_USER: { - if (check_access(thd, INSERT_ACL, "mysql", 0, 1, 1) && + if (check_access(thd, INSERT_ACL, "mysql", 0, 1, 1, 0) && check_global_access(thd,CREATE_USER_ACL)) break; if (!(res= mysql_create_user(thd, lex->users_list))) @@ -3674,7 +3691,7 @@ } case SQLCOM_DROP_USER: { - if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 1) && + if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 1, 0) && check_global_access(thd,CREATE_USER_ACL)) break; if (!(res= mysql_drop_user(thd, lex->users_list))) @@ -3690,7 +3707,7 @@ } case SQLCOM_RENAME_USER: { - if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1) && + if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) && check_global_access(thd,CREATE_USER_ACL)) break; if (!(res= mysql_rename_user(thd, lex->users_list))) @@ -3706,7 +3723,7 @@ } case SQLCOM_REVOKE_ALL: { - if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1) && + if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) && check_global_access(thd,CREATE_USER_ACL)) break; if (!(res = mysql_revoke_all(thd, lex->users_list))) @@ -3726,7 +3743,11 @@ if (check_access(thd, lex->grant | lex->grant_tot_col | GRANT_ACL, first_table ? first_table->db : select_lex->db, first_table ? &first_table->grant.privilege : 0, - first_table ? 0 : 1, 0)) + first_table ? 0 : 1, 0, + first_table ? (bool) first_table->schema_table : + select_lex->db ? + (bool) !my_strcasecmp(system_charset_info, select_lex->db, + information_schema_name.str) : 0)) goto error; if (thd->user) // If not replication @@ -3751,7 +3772,7 @@ { // TODO: use check_change_password() if (check_acl_user(user, &counter) && user->password.str && - check_access(thd, UPDATE_ACL,"mysql",0,1,1)) + check_access(thd, UPDATE_ACL,"mysql",0,1,1,0)) { my_message(ER_PASSWORD_NOT_ALLOWED, ER(ER_PASSWORD_NOT_ALLOWED), MYF(0)); @@ -3876,7 +3897,7 @@ case SQLCOM_SHOW_GRANTS: if ((thd->priv_user && !strcmp(thd->priv_user,lex->grant_user->user.str)) || - !check_access(thd, SELECT_ACL, "mysql",0,1,0)) + !check_access(thd, SELECT_ACL, "mysql",0,1,0,0)) { res = mysql_show_grants(thd,lex->grant_user); } @@ -4031,7 +4052,9 @@ DBUG_ASSERT(lex->sphead != 0); - if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0)) + if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0, + !my_strcasecmp(system_charset_info, lex->sphead->m_db.str, + information_schema_name.str))) { delete lex->sphead; lex->sphead= 0; @@ -4377,7 +4400,7 @@ lex->spname->m_name.length); if (udf) { - if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0)) + if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0, 0)) goto error; if (!(res = mysql_drop_function(thd, &lex->spname->m_name))) { @@ -4733,7 +4756,8 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables) { if (check_access(thd, privilege, all_tables->db, - &all_tables->grant.privilege, 0, 0)) + &all_tables->grant.privilege, 0, 0, + all_tables->schema_table)) return 1; /* Show only 1 table for check_grant */ @@ -4772,13 +4796,14 @@ bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, - bool dont_check_global_grants, bool no_errors) + bool dont_check_global_grants, bool no_errors, bool schema_db) { #ifndef NO_EMBEDDED_ACCESS_CHECKS ulong db_access; bool db_is_pattern= test(want_access & GRANT_ACL); #endif ulong dummy; + const char *db_name; DBUG_ENTER("check_access"); DBUG_PRINT("enter",("db: %s want_access: %lu master_access: %lu", db ? db : "", want_access, thd->master_access)); @@ -4796,6 +4821,15 @@ DBUG_RETURN(TRUE); /* purecov: tested */ } + db_name= db ? db : thd->db; + if (schema_db && (want_access & ~(SELECT_ACL | EXTRA_ACL))) + { + if (!no_errors) + my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), + thd->priv_user, thd->priv_host, db_name); + DBUG_RETURN(TRUE); + } + #ifdef NO_EMBEDDED_ACCESS_CHECKS DBUG_RETURN(0); #else @@ -4908,6 +4942,15 @@ TABLE_LIST *org_tables=tables; for (; tables; tables= tables->next_global) { + if (tables->schema_table && + (want_access & ~(SELECT_ACL | EXTRA_ACL))) + { + if (!no_errors) + my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), + thd->priv_user, thd->priv_host, + information_schema_name.str); + return TRUE; + } if (tables->derived || tables->schema_table || tables->belong_to_view || (tables->table && (int)tables->table->s->tmp_table) || my_tz_check_n_skip_implicit_tables(&tables, @@ -4923,14 +4966,14 @@ else { if (check_access(thd,want_access,tables->db,&tables->grant.privilege, - 0, no_errors)) + 0, no_errors, tables->schema_table)) return TRUE; // Access denied found_access=tables->grant.privilege; found=1; } } else if (check_access(thd,want_access,tables->db,&tables->grant.privilege, - 0, no_errors)) + 0, no_errors, tables->schema_table)) return TRUE; } if (grant_option) @@ -4953,7 +4996,7 @@ if ((thd->master_access & want_access) == want_access && !thd->db) tables->grant.privilege= want_access; else if (check_access(thd,want_access,db,&tables->grant.privilege, - 0, no_errors)) + 0, no_errors, tables->schema_table)) return TRUE; #ifndef NO_EMBEDDED_ACCESS_CHECKS @@ -4985,7 +5028,7 @@ ulong save_priv; if (thd->master_access & SHOW_PROC_ACLS) return FALSE; - if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, 0, 1) || + if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, 0, 1, 0) || (save_priv & SHOW_PROC_ACLS)) return FALSE; return check_routine_level_acl(thd, db, name, is_proc); @@ -5017,7 +5060,7 @@ if (access & want_access) { if (!check_access(thd, access, table->db, - &table->grant.privilege, 0, 1) && + &table->grant.privilege, 0, 1, table->schema_table) && !grant_option || !check_grant(thd, access, table, 0, 1, 1)) DBUG_RETURN(0); } @@ -6633,7 +6676,8 @@ { TABLE_LIST *save= table->next_local; table->next_local= 0; - if ((check_access(thd, UPDATE_ACL, table->db, &table->grant.privilege,0,1) || + if ((check_access(thd, UPDATE_ACL, table->db, & + table->grant.privilege,0,1, table->schema_table) || (grant_option && check_grant(thd, UPDATE_ACL, table,0,1,1))) && check_one_table_access(thd, SELECT_ACL, table)) goto error; @@ -6801,11 +6845,11 @@ if (table->derived) table->grant.privilege= SELECT_ACL; else if ((check_access(thd, UPDATE_ACL, table->db, - &table->grant.privilege, 0, 1) || + &table->grant.privilege, 0, 1, table->schema_table) || grant_option && check_grant(thd, UPDATE_ACL, table, 0, 1, 1)) && (check_access(thd, SELECT_ACL, table->db, - &table->grant.privilege, 0, 0) || + &table->grant.privilege, 0, 0, 0) || grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0))) DBUG_RETURN(TRUE); @@ -6824,7 +6868,7 @@ !table->table_in_first_from_clause) { if (check_access(thd, SELECT_ACL, table->db, - &table->grant.privilege, 0, 0) || + &table->grant.privilege, 0, 0, 0) || grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0)) DBUG_RETURN(TRUE); } @@ -7041,7 +7085,8 @@ CREATE_TMP_ACL : CREATE_ACL); lex->create_info.alias= create_table->alias; if (check_access(thd, want_priv, create_table->db, - &create_table->grant.privilege, 0, 0) || + &create_table->grant.privilege, 0, 0, + create_table->schema_table) || check_merge_table_access(thd, create_table->db, (TABLE_LIST *) lex->create_info.merge_list.first)) --- 1.254/sql/sql_show.cc Wed Jun 22 14:08:22 2005 +++ 1.255/sql/sql_show.cc Wed Jun 29 16:25:22 2005 @@ -1985,7 +1985,7 @@ { #ifndef NO_EMBEDDED_ACCESS_CHECKS if (with_i_schema || // don't check the rights if information schema db - !check_access(thd,SELECT_ACL, base_name, &thd->col_access,0,1) || + !check_access(thd,SELECT_ACL, base_name, &thd->col_access,0,1,0) || thd->master_access & (DB_ACLS | SHOW_DB_ACL) || acl_get(thd->host, thd->ip, thd->priv_user, base_name,0) || (grant_option && !check_grant_db(thd, base_name))) @@ -2379,7 +2379,7 @@ #ifndef NO_EMBEDDED_ACCESS_CHECKS uint col_access; check_access(thd,SELECT_ACL | EXTRA_ACL, base_name, - &tables->grant.privilege, 0, 0); + &tables->grant.privilege, 0, 0, 0); col_access= get_column_grant(thd, &tables->grant, base_name, file_name, field->field_name) & COL_ACLS; --- 1.160/sql/sql_update.cc Wed Jun 1 18:35:04 2005 +++ 1.161/sql/sql_update.cc Wed Jun 29 16:25:23 2005 @@ -717,7 +717,7 @@ { uint want_privilege= tl->updating ? UPDATE_ACL : SELECT_ACL; if (check_access(thd, want_privilege, - tl->db, &tl->grant.privilege, 0, 0) || + tl->db, &tl->grant.privilege, 0, 0, tl->schema_table) || (grant_option && check_grant(thd, want_privilege, tl, 0, 1, 0))) DBUG_RETURN(TRUE); } --- 1.48/sql/sql_view.cc Tue Jun 21 22:30:44 2005 +++ 1.49/sql/sql_view.cc Wed Jun 29 16:25:23 2005 @@ -156,11 +156,15 @@ table (i.e. user will not get some privileges by view creation) */ if ((check_access(thd, CREATE_VIEW_ACL, view->db, &view->grant.privilege, - 0, 0) || + 0, 0, + !my_strcasecmp(system_charset_info, view->db, + information_schema_name.str)) || grant_option && check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) || (mode != VIEW_CREATE_NEW && (check_access(thd, DROP_ACL, view->db, &view->grant.privilege, - 0, 0) || + 0, 0, + !my_strcasecmp(system_charset_info, view->db, + information_schema_name.str)) || grant_option && check_grant(thd, DROP_ACL, view, 0, 1, 0)))) DBUG_RETURN(TRUE); for (sl= select_lex; sl; sl= sl->next_select()) @@ -208,7 +212,7 @@ if (!tbl->table_in_first_from_clause) { if (check_access(thd, SELECT_ACL, tbl->db, - &tbl->grant.privilege, 0, 0) || + &tbl->grant.privilege, 0, 0, 0) || grant_option && check_grant(thd, SELECT_ACL, tbl, 0, 1, 0)) { res= TRUE; --- 1.57/mysql-test/r/information_schema.result Thu Jun 16 13:27:17 2005 +++ 1.58/mysql-test/r/information_schema.result Wed Jun 29 16:25:22 2005 @@ -575,7 +575,7 @@ TABLE_PRIVILEGES TABLE_CONSTRAINTS create database information_schema; -ERROR HY000: Can't create database 'information_schema'; database exists +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' use information_schema; show full tables like "T%"; Tables_in_information_schema (T%) Table_type @@ -835,3 +835,25 @@ show create database information_schema; Database Create Database information_schema CREATE DATABASE `information_schema` /*!40100 DEFAULT CHARACTER SET utf8 */ +alter database information_schema; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +drop database information_schema; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +drop table information_schema.tables; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +alter table information_schema.tables; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +use information_schema; +create temporary table schemata(f1 char(10)); +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +CREATE PROCEDURE p1 () +BEGIN +SELECT 'foo' FROM DUAL; +END | +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +select ROUTINE_NAME from routines; +ROUTINE_NAME +grant all on information_schema.* to 'user1'@'localhost'; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +grant select on information_schema.* to 'user1'@'localhost'; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' --- 1.40/mysql-test/t/information_schema.test Thu Jun 16 13:27:17 2005 +++ 1.41/mysql-test/t/information_schema.test Wed Jun 29 16:25:22 2005 @@ -326,7 +326,7 @@ where table_schema='information_schema' limit 2; show tables from information_schema like "T%"; ---error 1007 +--error 1044 create database information_schema; use information_schema; show full tables like "T%"; @@ -557,3 +557,39 @@ # Bug #9434 SHOW CREATE DATABASE information_schema; # show create database information_schema; + +# +# Bug #9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' +# +--error 1044 +alter database information_schema; +--error 1044 +drop database information_schema; +--error 1044 +drop table information_schema.tables; +--error 1044 +alter table information_schema.tables; +# +# Bug #9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB +# +use information_schema; +--error 1044 +create temporary table schemata(f1 char(10)); +# +# Bug #10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA +# +delimiter |; +--error 1044 +CREATE PROCEDURE p1 () +BEGIN + SELECT 'foo' FROM DUAL; +END | +delimiter ;| +select ROUTINE_NAME from routines; +# +# Bug #10734 Grant of privileges other than 'select' and 'create view' should fail on schema +# +--error 1044 +grant all on information_schema.* to 'user1'@'localhost'; +--error 1044 +grant select on information_schema.* to 'user1'@'localhost'; --- 1.54/sql/repl_failsafe.cc Thu Jun 2 09:15:15 2005 +++ 1.55/sql/repl_failsafe.cc Wed Jun 29 16:25:22 2005 @@ -162,7 +162,7 @@ SLAVE_INFO *si; uchar *p= packet, *p_end= packet + packet_length; - if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0)) + if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0,0)) return 1; if (!(si = (SLAVE_INFO*)my_malloc(sizeof(SLAVE_INFO), MYF(MY_WME)))) goto err2; --- 1.140/sql/sql_repl.cc Tue Jun 7 15:13:54 2005 +++ 1.141/sql/sql_repl.cc Wed Jun 29 16:25:22 2005 @@ -769,7 +769,7 @@ int thread_mask; DBUG_ENTER("start_slave"); - if (check_access(thd, SUPER_ACL, any_db,0,0,0)) + if (check_access(thd, SUPER_ACL, any_db,0,0,0,0)) DBUG_RETURN(1); lock_slave_threads(mi); // this allows us to cleanly read slave_running // Get a mask of _stopped_ threads @@ -894,7 +894,7 @@ if (!thd) thd = current_thd; - if (check_access(thd, SUPER_ACL, any_db,0,0,0)) + if (check_access(thd, SUPER_ACL, any_db,0,0,0,0)) return 1; thd->proc_info = "Killing slave"; int thread_mask; --- 1.128/sql/sql_prepare.cc Thu Jun 23 21:22:02 2005 +++ 1.129/sql/sql_prepare.cc Wed Jun 29 16:25:22 2005 @@ -1126,7 +1126,7 @@ if (check_table_access(thd, privilege, tables,0)) goto error; } - else if (check_access(thd, privilege, any_db,0,0,0)) + else if (check_access(thd, privilege, any_db,0,0,0,0)) goto error; #endif