| List: | Internals | « Previous MessageNext Message » | |
| From: | gluh | Date: | September 13 2005 1:07pm |
| Subject: | bk commit into 5.0 tree (gluh:1.1944) BUG#10708 | ||
| View as plain text | |||
Below is the list of changes that have just been committed into a local 5.0 repository of gluh. When gluh does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet 1.1944 05/09/13 16:07:38 gluh@stripped +11 -0 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables sql/sql_view.cc 1.62 05/09/13 16:06:27 gluh@stripped +3 -3 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables sql/sql_update.cc 1.169 05/09/13 16:06:27 gluh@stripped +2 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables sql/sql_show.cc 1.276 05/09/13 16:06:27 gluh@stripped +4 -9 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables sql/sql_repl.cc 1.142 05/09/13 16:06:27 gluh@stripped +2 -2 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables sql/sql_prepare.cc 1.152 05/09/13 16:06:27 gluh@stripped +1 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables sql/sql_parse.cc 1.485 05/09/13 16:06:27 gluh@stripped +91 -41 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables sql/sql_acl.cc 1.168 05/09/13 16:06:27 gluh@stripped +5 -5 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables sql/repl_failsafe.cc 1.55 05/09/13 16:06:27 gluh@stripped +1 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables sql/mysql_priv.h 1.349 05/09/13 16:06:27 gluh@stripped +3 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables mysql-test/t/information_schema.test 1.57 05/09/13 16:06:27 gluh@stripped +37 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables mysql-test/r/information_schema.result 1.80 05/09/13 16:06:27 gluh@stripped +23 -1 Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: gluh # Host: eagle.intranet.mysql.r18.ru # Root: /home/gluh/MySQL/Bugs/5.0.cml --- 1.348/sql/mysql_priv.h Tue Sep 6 22:51:07 2005 +++ 1.349/sql/mysql_priv.h Tue Sep 13 16:06:27 2005 @@ -621,7 +621,7 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, bool *write_to_binlog); bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv, - bool no_grant, bool no_errors); + bool no_grant, bool no_errors, bool schema_db); bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables, bool no_errors); bool check_global_access(THD *thd, ulong want_access); @@ -848,6 +848,8 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond); int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond); bool get_schema_tables_result(JOIN *join); +#define is_schema_db(X) \ + !my_strcasecmp(system_charset_info, information_schema_name.str, (X)) /* sql_prepare.cc */ --- 1.167/sql/sql_acl.cc Fri Sep 2 02:01:25 2005 +++ 1.168/sql/sql_acl.cc Tue Sep 13 16:06:27 2005 @@ -1337,7 +1337,7 @@ (strcmp(thd->user,user) || my_strcasecmp(system_charset_info, host, thd->priv_host))) { - if (check_access(thd, UPDATE_ACL, "mysql",0,1,0)) + if (check_access(thd, UPDATE_ACL, "mysql",0,1,0,0)) return(1); } if (!thd->slave_thread && !thd->user[0]) @@ -5532,7 +5532,7 @@ ulong want_access; char buff[100]; TABLE *table= tables->table; - bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0); char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_user_privileges"); @@ -5585,7 +5585,7 @@ ulong want_access; char buff[100]; TABLE *table= tables->table; - bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0); char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_schema_privileges"); @@ -5640,7 +5640,7 @@ uint index; char buff[100]; TABLE *table= tables->table; - bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0); char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_table_privileges"); @@ -5702,7 +5702,7 @@ uint index; char buff[100]; TABLE *table= tables->table; - bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0); char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_table_privileges"); --- 1.484/sql/sql_parse.cc Mon Sep 12 20:56:50 2005 +++ 1.485/sql/sql_parse.cc Tue Sep 13 16:06:27 2005 @@ -1776,7 +1776,7 @@ remove_escape(table_list.table_name); // This can't have wildcards if (check_access(thd,SELECT_ACL,table_list.db,&table_list.grant.privilege, - 0, 0)) + 0, 0, test(table_list.schema_table))) break; if (grant_option && check_grant(thd, SELECT_ACL, &table_list, 2, UINT_MAX, 0)) @@ -1817,7 +1817,7 @@ my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL"); break; } - if (check_access(thd,CREATE_ACL,db,0,1,0)) + if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db))) break; mysql_log.write(thd,command,packet); bzero(&create_info, sizeof(create_info)); @@ -1836,7 +1836,7 @@ my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL"); break; } - if (check_access(thd,DROP_ACL,db,0,1,0)) + if (check_access(thd,DROP_ACL,db,0,1,0,is_schema_db(db))) break; if (thd->locked_tables || thd->active_transaction()) { @@ -2134,7 +2134,8 @@ my_error(ER_WRONG_DB_NAME, MYF(0), db); DBUG_RETURN(1); } - if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0)) + if (check_access(thd, SELECT_ACL, db, &thd->col_access, 0, 0, + is_schema_db(db))) DBUG_RETURN(1); /* purecov: inspected */ if (!thd->col_access && check_grant_db(thd,db)) { @@ -2173,7 +2174,8 @@ remove_escape(db); // Fix escaped '_' remove_escape(table_list->table_name); if (check_access(thd,SELECT_ACL | EXTRA_ACL,db, - &table_list->grant.privilege, 0, 0)) + &table_list->grant.privilege, 0, 0, + test(table_list->schema_table))) DBUG_RETURN(1); /* purecov: inspected */ if (grant_option && check_grant(thd, SELECT_ACL, table_list, 2, UINT_MAX, 0)) @@ -2430,7 +2432,7 @@ else res= check_access(thd, lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL, - any_db, 0, 0, 0); + any_db, 0, 0, 0, 0); if (res) goto error; @@ -2612,7 +2614,8 @@ DBUG_ASSERT(first_table == all_tables && first_table != 0); if (check_db_used(thd, all_tables) || check_access(thd, INDEX_ACL, first_table->db, - &first_table->grant.privilege, 0, 0)) + &first_table->grant.privilege, 0, 0, + test(first_table->schema_table))) goto error; res= mysql_assign_to_keycache(thd, first_table, &lex->ident); break; @@ -2622,7 +2625,8 @@ DBUG_ASSERT(first_table == all_tables && first_table != 0); if (check_db_used(thd, all_tables) || check_access(thd, INDEX_ACL, first_table->db, - &first_table->grant.privilege, 0, 0)) + &first_table->grant.privilege, 0, 0, + test(first_table->schema_table))) goto error; res = mysql_preload_keys(thd, first_table); break; @@ -2688,7 +2692,8 @@ if (!first_table->db) first_table->db= thd->db; if (check_access(thd, CREATE_ACL, first_table->db, - &first_table->grant.privilege, 0, 0)) + &first_table->grant.privilege, 0, 0, + test(first_table->schema_table))) goto error; /* purecov: inspected */ if (grant_option) { @@ -2953,8 +2958,10 @@ select_lex->db= first_table->db; } if (check_access(thd, ALTER_ACL, first_table->db, - &first_table->grant.privilege, 0, 0) || - check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0)|| + &first_table->grant.privilege, 0, 0, + test(first_table->schema_table)) || + check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0, + is_schema_db(select_lex->db))|| check_merge_table_access(thd, first_table->db, (TABLE_LIST *) lex->create_info.merge_list.first)) @@ -3004,9 +3011,10 @@ for (table= first_table; table; table= table->next_local->next_local) { if (check_access(thd, ALTER_ACL | DROP_ACL, table->db, - &table->grant.privilege,0,0) || + &table->grant.privilege,0,0, test(table->schema_table)) || check_access(thd, INSERT_ACL | CREATE_ACL, table->next_local->db, - &table->next_local->grant.privilege, 0, 0)) + &table->next_local->grant.privilege, 0, 0, + test(table->next_local->schema_table))) goto error; if (grant_option) { @@ -3058,7 +3066,8 @@ if (check_db_used(thd, all_tables) || check_access(thd, SELECT_ACL | EXTRA_ACL, first_table->db, - &first_table->grant.privilege, 0, 0)) + &first_table->grant.privilege, 0, 0, + test(first_table->schema_table))) goto error; if (grant_option && check_grant(thd, SELECT_ACL, all_tables, 2, UINT_MAX, 0)) goto error; @@ -3390,7 +3399,7 @@ goto error; #else { - if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0)) + if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0,0)) goto error; res= mysqld_show_logs(thd); break; @@ -3519,7 +3528,7 @@ break; } #endif - if (check_access(thd,CREATE_ACL,lex->name,0,1,0)) + if (check_access(thd,CREATE_ACL,lex->name,0,1,0,is_schema_db(lex->name))) break; res= mysql_create_db(thd,(lower_case_table_names == 2 ? alias : lex->name), &lex->create_info, 0); @@ -3553,7 +3562,7 @@ break; } #endif - if (check_access(thd,DROP_ACL,lex->name,0,1,0)) + if (check_access(thd,DROP_ACL,lex->name,0,1,0,is_schema_db(lex->name))) break; if (thd->locked_tables || thd->active_transaction()) { @@ -3593,7 +3602,7 @@ break; } #endif - if (check_access(thd, ALTER_ACL, db, 0, 1, 0)) + if (check_access(thd, ALTER_ACL, db, 0, 1, 0, is_schema_db(db))) break; if (thd->locked_tables || thd->active_transaction()) { @@ -3611,14 +3620,14 @@ my_error(ER_WRONG_DB_NAME, MYF(0), lex->name); break; } - if (check_access(thd,SELECT_ACL,lex->name,0,1,0)) + if (check_access(thd,SELECT_ACL,lex->name,0,1,0,is_schema_db(lex->name))) break; res=mysqld_show_create_db(thd,lex->name,&lex->create_info); break; } case SQLCOM_CREATE_FUNCTION: // UDF function { - if (check_access(thd,INSERT_ACL,"mysql",0,1,0)) + if (check_access(thd,INSERT_ACL,"mysql",0,1,0,0)) break; #ifdef HAVE_DLOPEN if (sp_find_function(thd, lex->spname)) @@ -3637,7 +3646,7 @@ #ifndef NO_EMBEDDED_ACCESS_CHECKS case SQLCOM_CREATE_USER: { - if (check_access(thd, INSERT_ACL, "mysql", 0, 1, 1) && + if (check_access(thd, INSERT_ACL, "mysql", 0, 1, 1, 0) && check_global_access(thd,CREATE_USER_ACL)) break; if (!(res= mysql_create_user(thd, lex->users_list))) @@ -3653,7 +3662,7 @@ } case SQLCOM_DROP_USER: { - if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 1) && + if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 1, 0) && check_global_access(thd,CREATE_USER_ACL)) break; if (!(res= mysql_drop_user(thd, lex->users_list))) @@ -3669,7 +3678,7 @@ } case SQLCOM_RENAME_USER: { - if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1) && + if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) && check_global_access(thd,CREATE_USER_ACL)) break; if (!(res= mysql_rename_user(thd, lex->users_list))) @@ -3685,7 +3694,7 @@ } case SQLCOM_REVOKE_ALL: { - if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1) && + if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) && check_global_access(thd,CREATE_USER_ACL)) break; if (!(res = mysql_revoke_all(thd, lex->users_list))) @@ -3705,7 +3714,9 @@ if (check_access(thd, lex->grant | lex->grant_tot_col | GRANT_ACL, first_table ? first_table->db : select_lex->db, first_table ? &first_table->grant.privilege : 0, - first_table ? 0 : 1, 0)) + first_table ? 0 : 1, 0, + first_table ? (bool) first_table->schema_table : + select_lex->db ? is_schema_db(select_lex->db) : 0)) goto error; if (thd->user) // If not replication @@ -3730,7 +3741,7 @@ { // TODO: use check_change_password() if (check_acl_user(user, &counter) && user->password.str && - check_access(thd, UPDATE_ACL,"mysql",0,1,1)) + check_access(thd, UPDATE_ACL,"mysql",0,1,1,0)) { my_message(ER_PASSWORD_NOT_ALLOWED, ER(ER_PASSWORD_NOT_ALLOWED), MYF(0)); @@ -3855,7 +3866,7 @@ case SQLCOM_SHOW_GRANTS: if ((thd->priv_user && !strcmp(thd->priv_user,lex->grant_user->user.str)) || - !check_access(thd, SELECT_ACL, "mysql",0,1,0)) + !check_access(thd, SELECT_ACL, "mysql",0,1,0,0)) { res = mysql_show_grants(thd,lex->grant_user); } @@ -4010,7 +4021,8 @@ DBUG_ASSERT(lex->sphead != 0); - if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0)) + if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0, + is_schema_db(lex->sphead->m_db.str))) { delete lex->sphead; lex->sphead= 0; @@ -4354,7 +4366,7 @@ lex->spname->m_name.length); if (udf) { - if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0)) + if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0, 0)) goto error; if (!(res = mysql_drop_function(thd, &lex->spname->m_name))) { @@ -4719,7 +4731,8 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables) { if (check_access(thd, privilege, all_tables->db, - &all_tables->grant.privilege, 0, 0)) + &all_tables->grant.privilege, 0, 0, + test(all_tables->schema_table))) return 1; /* Show only 1 table for check_grant */ @@ -4758,13 +4771,14 @@ bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, - bool dont_check_global_grants, bool no_errors) + bool dont_check_global_grants, bool no_errors, bool schema_db) { #ifndef NO_EMBEDDED_ACCESS_CHECKS ulong db_access; bool db_is_pattern= test(want_access & GRANT_ACL); #endif ulong dummy; + const char *db_name; DBUG_ENTER("check_access"); DBUG_PRINT("enter",("db: %s want_access: %lu master_access: %lu", db ? db : "", want_access, thd->master_access)); @@ -4782,6 +4796,23 @@ DBUG_RETURN(TRUE); /* purecov: tested */ } + db_name= db ? db : thd->db; + if (schema_db) + { + if (want_access & ~(SELECT_ACL | EXTRA_ACL)) + { + if (!no_errors) + my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), + thd->priv_user, thd->priv_host, db_name); + DBUG_RETURN(TRUE); + } + else + { + *save_priv= SELECT_ACL; + DBUG_RETURN(FALSE); + } + } + #ifdef NO_EMBEDDED_ACCESS_CHECKS DBUG_RETURN(0); #else @@ -4894,6 +4925,15 @@ TABLE_LIST *org_tables=tables; for (; tables; tables= tables->next_global) { + if (tables->schema_table && + (want_access & ~(SELECT_ACL | EXTRA_ACL))) + { + if (!no_errors) + my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), + thd->priv_user, thd->priv_host, + information_schema_name.str); + return TRUE; + } if (tables->derived || tables->schema_table || tables->belong_to_view || (tables->table && (int)tables->table->s->tmp_table) || my_tz_check_n_skip_implicit_tables(&tables, @@ -4909,14 +4949,14 @@ else { if (check_access(thd,want_access,tables->db,&tables->grant.privilege, - 0, no_errors)) + 0, no_errors, test(tables->schema_table))) return TRUE; // Access denied found_access=tables->grant.privilege; found=1; } } else if (check_access(thd,want_access,tables->db,&tables->grant.privilege, - 0, no_errors)) + 0, no_errors, test(tables->schema_table))) return TRUE; } if (grant_option) @@ -4939,7 +4979,7 @@ if ((thd->master_access & want_access) == want_access && !thd->db) tables->grant.privilege= want_access; else if (check_access(thd,want_access,db,&tables->grant.privilege, - 0, no_errors)) + 0, no_errors, test(tables->schema_table))) return TRUE; #ifndef NO_EMBEDDED_ACCESS_CHECKS @@ -4971,7 +5011,11 @@ ulong save_priv; if (thd->master_access & SHOW_PROC_ACLS) return FALSE; - if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, 0, 1) || + /* + There are no routines in information_schema db. So we can safely + pass zero to last paramter of check_access function + */ + if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, 0, 1, 0) || (save_priv & SHOW_PROC_ACLS)) return FALSE; return check_routine_level_acl(thd, db, name, is_proc); @@ -5003,7 +5047,8 @@ if (access & want_access) { if (!check_access(thd, access, table->db, - &table->grant.privilege, 0, 1) && + &table->grant.privilege, 0, 1, + test(table->schema_table)) && !grant_option || !check_grant(thd, access, table, 0, 1, 1)) DBUG_RETURN(0); } @@ -6808,7 +6853,8 @@ { TABLE_LIST *save= table->next_local; table->next_local= 0; - if ((check_access(thd, UPDATE_ACL, table->db, &table->grant.privilege,0,1) || + if ((check_access(thd, UPDATE_ACL, table->db, & + table->grant.privilege,0,1, test(table->schema_table)) || (grant_option && check_grant(thd, UPDATE_ACL, table,0,1,1))) && check_one_table_access(thd, SELECT_ACL, table)) goto error; @@ -6976,11 +7022,13 @@ if (table->derived) table->grant.privilege= SELECT_ACL; else if ((check_access(thd, UPDATE_ACL, table->db, - &table->grant.privilege, 0, 1) || + &table->grant.privilege, 0, 1, + test(table->schema_table)) || grant_option && check_grant(thd, UPDATE_ACL, table, 0, 1, 1)) && (check_access(thd, SELECT_ACL, table->db, - &table->grant.privilege, 0, 0) || + &table->grant.privilege, 0, 0, + test(table->schema_table)) || grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0))) DBUG_RETURN(TRUE); @@ -6999,7 +7047,8 @@ !table->table_in_first_from_clause) { if (check_access(thd, SELECT_ACL, table->db, - &table->grant.privilege, 0, 0) || + &table->grant.privilege, 0, 0, + test(table->schema_table)) || grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0)) DBUG_RETURN(TRUE); } @@ -7216,7 +7265,8 @@ CREATE_TMP_ACL : CREATE_ACL); lex->create_info.alias= create_table->alias; if (check_access(thd, want_priv, create_table->db, - &create_table->grant.privilege, 0, 0) || + &create_table->grant.privilege, 0, 0, + test(create_table->schema_table)) || check_merge_table_access(thd, create_table->db, (TABLE_LIST *) lex->create_info.merge_list.first)) --- 1.275/sql/sql_show.cc Fri Sep 9 16:52:39 2005 +++ 1.276/sql/sql_show.cc Tue Sep 13 16:06:27 2005 @@ -2025,8 +2025,8 @@ (base_name= select_lex->db) && !bases.elements)) { #ifndef NO_EMBEDDED_ACCESS_CHECKS - if (with_i_schema || // don't check the rights if information schema db - !check_access(thd,SELECT_ACL, base_name, &thd->col_access,0,1) || + if (!check_access(thd,SELECT_ACL, base_name, + &thd->col_access, 0, 1, with_i_schema) || thd->master_access & (DB_ACLS | SHOW_DB_ACL) || acl_get(thd->host, thd->ip, thd->priv_user, base_name,0) || (grant_option && !check_grant_db(thd, base_name))) @@ -2448,7 +2448,7 @@ #ifndef NO_EMBEDDED_ACCESS_CHECKS uint col_access; check_access(thd,SELECT_ACL | EXTRA_ACL, base_name, - &tables->grant.privilege, 0, 0); + &tables->grant.privilege, 0, 0, test(tables->schema_table)); col_access= get_column_grant(thd, &tables->grant, base_name, file_name, field->field_name) & COL_ACLS; @@ -2464,12 +2464,7 @@ end=strmov(end,grant_types.type_names[bitnr]); } } - if (tables->schema_table) // any user has 'select' privilege on all - // I_S table columns - table->field[17]->store(grant_types.type_names[0], - strlen(grant_types.type_names[0]), cs); - else - table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs); + table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs); #endif table->field[1]->store(base_name, base_name_length, cs); --- 1.168/sql/sql_update.cc Fri Sep 2 00:42:22 2005 +++ 1.169/sql/sql_update.cc Tue Sep 13 16:06:27 2005 @@ -720,7 +720,8 @@ { uint want_privilege= tl->updating ? UPDATE_ACL : SELECT_ACL; if (check_access(thd, want_privilege, - tl->db, &tl->grant.privilege, 0, 0) || + tl->db, &tl->grant.privilege, 0, 0, + test(tl->schema_table)) || (grant_option && check_grant(thd, want_privilege, tl, 0, 1, 0))) DBUG_RETURN(TRUE); } --- 1.61/sql/sql_view.cc Fri Sep 2 19:06:10 2005 +++ 1.62/sql/sql_view.cc Tue Sep 13 16:06:27 2005 @@ -224,11 +224,11 @@ table (i.e. user will not get some privileges by view creation) */ if ((check_access(thd, CREATE_VIEW_ACL, view->db, &view->grant.privilege, - 0, 0) || + 0, 0, is_schema_db(view->db)) || grant_option && check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) || (mode != VIEW_CREATE_NEW && (check_access(thd, DROP_ACL, view->db, &view->grant.privilege, - 0, 0) || + 0, 0, is_schema_db(view->db)) || grant_option && check_grant(thd, DROP_ACL, view, 0, 1, 0)))) { res= TRUE; @@ -280,7 +280,7 @@ if (!tbl->table_in_first_from_clause) { if (check_access(thd, SELECT_ACL, tbl->db, - &tbl->grant.privilege, 0, 0) || + &tbl->grant.privilege, 0, 0, test(tbl->schema_table)) || grant_option && check_grant(thd, SELECT_ACL, tbl, 0, 1, 0)) { res= TRUE; --- 1.79/mysql-test/r/information_schema.result Wed Sep 7 16:11:48 2005 +++ 1.80/mysql-test/r/information_schema.result Tue Sep 13 16:06:27 2005 @@ -594,7 +594,7 @@ TABLE_PRIVILEGES TRIGGERS create database information_schema; -ERROR HY000: Can't create database 'information_schema'; database exists +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' use information_schema; show full tables like "T%"; Tables_in_information_schema (T%) Table_type @@ -990,3 +990,25 @@ c int(11) YES NULL drop view v1; drop table t1; +alter database information_schema; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +drop database information_schema; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +drop table information_schema.tables; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +alter table information_schema.tables; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +use information_schema; +create temporary table schemata(f1 char(10)); +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +CREATE PROCEDURE p1 () +BEGIN +SELECT 'foo' FROM DUAL; +END | +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +select ROUTINE_NAME from routines; +ROUTINE_NAME +grant all on information_schema.* to 'user1'@'localhost'; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' +grant select on information_schema.* to 'user1'@'localhost'; +ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' --- 1.56/mysql-test/t/information_schema.test Wed Sep 7 16:11:48 2005 +++ 1.57/mysql-test/t/information_schema.test Tue Sep 13 16:06:27 2005 @@ -338,7 +338,7 @@ where table_schema='information_schema' limit 2; show tables from information_schema like "T%"; ---error 1007 +--error 1044 create database information_schema; use information_schema; show full tables like "T%"; @@ -678,3 +678,39 @@ connection default; drop view v1; drop table t1; + +# +# Bug #9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' +# +--error 1044 +alter database information_schema; +--error 1044 +drop database information_schema; +--error 1044 +drop table information_schema.tables; +--error 1044 +alter table information_schema.tables; +# +# Bug #9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB +# +use information_schema; +--error 1044 +create temporary table schemata(f1 char(10)); +# +# Bug #10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA +# +delimiter |; +--error 1044 +CREATE PROCEDURE p1 () +BEGIN + SELECT 'foo' FROM DUAL; +END | +delimiter ;| +select ROUTINE_NAME from routines; +# +# Bug #10734 Grant of privileges other than 'select' and 'create view' should fail on schema +# +--error 1044 +grant all on information_schema.* to 'user1'@'localhost'; +--error 1044 +grant select on information_schema.* to 'user1'@'localhost'; --- 1.54/sql/repl_failsafe.cc Thu Jun 2 09:15:15 2005 +++ 1.55/sql/repl_failsafe.cc Tue Sep 13 16:06:27 2005 @@ -162,7 +162,7 @@ SLAVE_INFO *si; uchar *p= packet, *p_end= packet + packet_length; - if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0)) + if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0,0)) return 1; if (!(si = (SLAVE_INFO*)my_malloc(sizeof(SLAVE_INFO), MYF(MY_WME)))) goto err2; --- 1.141/sql/sql_repl.cc Tue Jul 19 01:49:15 2005 +++ 1.142/sql/sql_repl.cc Tue Sep 13 16:06:27 2005 @@ -769,7 +769,7 @@ int thread_mask; DBUG_ENTER("start_slave"); - if (check_access(thd, SUPER_ACL, any_db,0,0,0)) + if (check_access(thd, SUPER_ACL, any_db,0,0,0,0)) DBUG_RETURN(1); lock_slave_threads(mi); // this allows us to cleanly read slave_running // Get a mask of _stopped_ threads @@ -894,7 +894,7 @@ if (!thd) thd = current_thd; - if (check_access(thd, SUPER_ACL, any_db,0,0,0)) + if (check_access(thd, SUPER_ACL, any_db,0,0,0,0)) return 1; thd->proc_info = "Killing slave"; int thread_mask; --- 1.151/sql/sql_prepare.cc Sat Sep 3 04:13:10 2005 +++ 1.152/sql/sql_prepare.cc Tue Sep 13 16:06:27 2005 @@ -1226,7 +1226,7 @@ if (check_table_access(thd, privilege, tables,0)) goto error; } - else if (check_access(thd, privilege, any_db,0,0,0)) + else if (check_access(thd, privilege, any_db,0,0,0,0)) goto error; #endif
| Thread | ||
|---|---|---|
| • bk commit into 5.0 tree (gluh:1.1944) BUG#10708 | gluh | 13 Sep |
© 1995-2008 MySQL AB. All rights reserved.
Page generated in 0.648 sec. using MySQL 5.1.14-beta-log