MySQL Lists are EOL. Please join:

List:Internals« Previous MessageNext Message »
From:gluh Date:September 13 2005 11:07am
Subject:bk commit into 5.0 tree (gluh:1.1944) BUG#10708
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.1944 05/09/13 16:07:38 gluh@stripped +11 -0
  Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
           Information_schema DB 
  Bug#9846 Inappropriate error displayed while
           dropping table from 'INFORMATION_SCHEMA'
  Bug#10734 Grant of privileges other than 'select' and 
           'create view' should fail on schema 
  Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
  
   cumulative fix for bugs above(after review, 2nd version)
   added privilege check for information schema db & tables

  sql/sql_view.cc
    1.62 05/09/13 16:06:27 gluh@stripped +3 -3
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

  sql/sql_update.cc
    1.169 05/09/13 16:06:27 gluh@stripped +2 -1
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

  sql/sql_show.cc
    1.276 05/09/13 16:06:27 gluh@stripped +4 -9
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

  sql/sql_repl.cc
    1.142 05/09/13 16:06:27 gluh@stripped +2 -2
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

  sql/sql_prepare.cc
    1.152 05/09/13 16:06:27 gluh@stripped +1 -1
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

  sql/sql_parse.cc
    1.485 05/09/13 16:06:27 gluh@stripped +91 -41
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

  sql/sql_acl.cc
    1.168 05/09/13 16:06:27 gluh@stripped +5 -5
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

  sql/repl_failsafe.cc
    1.55 05/09/13 16:06:27 gluh@stripped +1 -1
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

  sql/mysql_priv.h
    1.349 05/09/13 16:06:27 gluh@stripped +3 -1
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

  mysql-test/t/information_schema.test
    1.57 05/09/13 16:06:27 gluh@stripped +37 -1
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

  mysql-test/r/information_schema.result
    1.80 05/09/13 16:06:27 gluh@stripped +23 -1
    Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
             Information_schema DB 
    Bug#9846 Inappropriate error displayed while
             dropping table from 'INFORMATION_SCHEMA'
    Bug#10734 Grant of privileges other than 'select' and 
             'create view' should fail on schema 
    Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
    
     cumulative fix for bugs above(after review, 2nd version)
     added privilege check for information schema db & tables

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	gluh
# Host:	eagle.intranet.mysql.r18.ru
# Root:	/home/gluh/MySQL/Bugs/5.0.cml

--- 1.348/sql/mysql_priv.h	Tue Sep  6 22:51:07 2005
+++ 1.349/sql/mysql_priv.h	Tue Sep 13 16:06:27 2005
@@ -621,7 +621,7 @@
 bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, 
                           bool *write_to_binlog);
 bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv,
-		  bool no_grant, bool no_errors);
+		  bool no_grant, bool no_errors, bool schema_db);
 bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
 			bool no_errors);
 bool check_global_access(THD *thd, ulong want_access);
@@ -848,6 +848,8 @@
 int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
 int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
 bool get_schema_tables_result(JOIN *join);
+#define is_schema_db(X) \
+  !my_strcasecmp(system_charset_info, information_schema_name.str, (X))
 
 /* sql_prepare.cc */
 

--- 1.167/sql/sql_acl.cc	Fri Sep  2 02:01:25 2005
+++ 1.168/sql/sql_acl.cc	Tue Sep 13 16:06:27 2005
@@ -1337,7 +1337,7 @@
       (strcmp(thd->user,user) ||
        my_strcasecmp(system_charset_info, host, thd->priv_host)))
   {
-    if (check_access(thd, UPDATE_ACL, "mysql",0,1,0))
+    if (check_access(thd, UPDATE_ACL, "mysql",0,1,0,0))
       return(1);
   }
   if (!thd->slave_thread && !thd->user[0])
@@ -5532,7 +5532,7 @@
   ulong want_access;
   char buff[100];
   TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
   char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
   DBUG_ENTER("fill_schema_user_privileges");
 
@@ -5585,7 +5585,7 @@
   ulong want_access;
   char buff[100];
   TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
   char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
   DBUG_ENTER("fill_schema_schema_privileges");
 
@@ -5640,7 +5640,7 @@
   uint index;
   char buff[100];
   TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
   char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
   DBUG_ENTER("fill_schema_table_privileges");
 
@@ -5702,7 +5702,7 @@
   uint index;
   char buff[100];
   TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
   char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
   DBUG_ENTER("fill_schema_table_privileges");
 

--- 1.484/sql/sql_parse.cc	Mon Sep 12 20:56:50 2005
+++ 1.485/sql/sql_parse.cc	Tue Sep 13 16:06:27 2005
@@ -1776,7 +1776,7 @@
     remove_escape(table_list.table_name);	// This can't have wildcards
 
     if (check_access(thd,SELECT_ACL,table_list.db,&table_list.grant.privilege,
-		     0, 0))
+		     0, 0, test(table_list.schema_table)))
       break;
     if (grant_option &&
 	check_grant(thd, SELECT_ACL, &table_list, 2, UINT_MAX, 0))
@@ -1817,7 +1817,7 @@
 	my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL");
 	break;
       }
-      if (check_access(thd,CREATE_ACL,db,0,1,0))
+      if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db)))
 	break;
       mysql_log.write(thd,command,packet);
       bzero(&create_info, sizeof(create_info));
@@ -1836,7 +1836,7 @@
 	my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL");
 	break;
       }
-      if (check_access(thd,DROP_ACL,db,0,1,0))
+      if (check_access(thd,DROP_ACL,db,0,1,0,is_schema_db(db)))
 	break;
       if (thd->locked_tables || thd->active_transaction())
       {
@@ -2134,7 +2134,8 @@
         my_error(ER_WRONG_DB_NAME, MYF(0), db);
         DBUG_RETURN(1);
       }
-      if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0))
+      if (check_access(thd, SELECT_ACL, db, &thd->col_access, 0, 0,
+                       is_schema_db(db)))
         DBUG_RETURN(1);			        /* purecov: inspected */
       if (!thd->col_access && check_grant_db(thd,db))
       {
@@ -2173,7 +2174,8 @@
       remove_escape(db);			// Fix escaped '_'
       remove_escape(table_list->table_name);
       if (check_access(thd,SELECT_ACL | EXTRA_ACL,db,
-                       &table_list->grant.privilege, 0, 0))
+                       &table_list->grant.privilege, 0, 0,
+                       test(table_list->schema_table)))
         DBUG_RETURN(1);				/* purecov: inspected */
       if (grant_option && check_grant(thd, SELECT_ACL, table_list, 2,
                                       UINT_MAX, 0))
@@ -2430,7 +2432,7 @@
     else
       res= check_access(thd,
 			lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL,
-			any_db, 0, 0, 0);
+			any_db, 0, 0, 0, 0);
     if (res)
       goto error;
 
@@ -2612,7 +2614,8 @@
     DBUG_ASSERT(first_table == all_tables && first_table != 0);
     if (check_db_used(thd, all_tables) ||
         check_access(thd, INDEX_ACL, first_table->db,
-                     &first_table->grant.privilege, 0, 0))
+                     &first_table->grant.privilege, 0, 0,
+                     test(first_table->schema_table)))
       goto error;
     res= mysql_assign_to_keycache(thd, first_table, &lex->ident);
     break;
@@ -2622,7 +2625,8 @@
     DBUG_ASSERT(first_table == all_tables && first_table != 0);
     if (check_db_used(thd, all_tables) ||
 	check_access(thd, INDEX_ACL, first_table->db,
-                     &first_table->grant.privilege, 0, 0))
+                     &first_table->grant.privilege, 0, 0,
+                     test(first_table->schema_table)))
       goto error;
     res = mysql_preload_keys(thd, first_table);
     break;
@@ -2688,7 +2692,8 @@
     if (!first_table->db)
       first_table->db= thd->db;
     if (check_access(thd, CREATE_ACL, first_table->db,
-		     &first_table->grant.privilege, 0, 0))
+		     &first_table->grant.privilege, 0, 0,
+                     test(first_table->schema_table)))
       goto error;				/* purecov: inspected */
     if (grant_option)
     {
@@ -2953,8 +2958,10 @@
           select_lex->db= first_table->db;
       }
       if (check_access(thd, ALTER_ACL, first_table->db,
-		       &first_table->grant.privilege, 0, 0) ||
-	  check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0)||
+		       &first_table->grant.privilege, 0, 0,
+                       test(first_table->schema_table)) ||
+	  check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0,
+                       is_schema_db(select_lex->db))||
 	  check_merge_table_access(thd, first_table->db,
 				   (TABLE_LIST *)
 				   lex->create_info.merge_list.first))
@@ -3004,9 +3011,10 @@
     for (table= first_table; table; table= table->next_local->next_local)
     {
       if (check_access(thd, ALTER_ACL | DROP_ACL, table->db,
-		       &table->grant.privilege,0,0) ||
+		       &table->grant.privilege,0,0, test(table->schema_table)) ||
 	  check_access(thd, INSERT_ACL | CREATE_ACL, table->next_local->db,
-		       &table->next_local->grant.privilege, 0, 0))
+		       &table->next_local->grant.privilege, 0, 0,
+                       test(table->next_local->schema_table)))
 	goto error;
       if (grant_option)
       {
@@ -3058,7 +3066,8 @@
 
       if (check_db_used(thd, all_tables) ||
 	  check_access(thd, SELECT_ACL | EXTRA_ACL, first_table->db,
-		       &first_table->grant.privilege, 0, 0))
+		       &first_table->grant.privilege, 0, 0, 
+                       test(first_table->schema_table)))
 	goto error;
       if (grant_option && check_grant(thd, SELECT_ACL, all_tables, 2, UINT_MAX, 0))
 	goto error;
@@ -3390,7 +3399,7 @@
     goto error;
 #else
     {
-      if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0))
+      if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0,0))
 	goto error;
       res= mysqld_show_logs(thd);
       break;
@@ -3519,7 +3528,7 @@
       break;
     }
 #endif
-    if (check_access(thd,CREATE_ACL,lex->name,0,1,0))
+    if (check_access(thd,CREATE_ACL,lex->name,0,1,0,is_schema_db(lex->name)))
       break;
     res= mysql_create_db(thd,(lower_case_table_names == 2 ? alias : lex->name),
 			 &lex->create_info, 0);
@@ -3553,7 +3562,7 @@
       break;
     }
 #endif
-    if (check_access(thd,DROP_ACL,lex->name,0,1,0))
+    if (check_access(thd,DROP_ACL,lex->name,0,1,0,is_schema_db(lex->name)))
       break;
     if (thd->locked_tables || thd->active_transaction())
     {
@@ -3593,7 +3602,7 @@
       break;
     }
 #endif
-    if (check_access(thd, ALTER_ACL, db, 0, 1, 0))
+    if (check_access(thd, ALTER_ACL, db, 0, 1, 0, is_schema_db(db)))
       break;
     if (thd->locked_tables || thd->active_transaction())
     {
@@ -3611,14 +3620,14 @@
       my_error(ER_WRONG_DB_NAME, MYF(0), lex->name);
       break;
     }
-    if (check_access(thd,SELECT_ACL,lex->name,0,1,0))
+    if (check_access(thd,SELECT_ACL,lex->name,0,1,0,is_schema_db(lex->name)))
       break;
     res=mysqld_show_create_db(thd,lex->name,&lex->create_info);
     break;
   }
   case SQLCOM_CREATE_FUNCTION:                  // UDF function
   {
-    if (check_access(thd,INSERT_ACL,"mysql",0,1,0))
+    if (check_access(thd,INSERT_ACL,"mysql",0,1,0,0))
       break;
 #ifdef HAVE_DLOPEN
     if (sp_find_function(thd, lex->spname))
@@ -3637,7 +3646,7 @@
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
   case SQLCOM_CREATE_USER:
   {
-    if (check_access(thd, INSERT_ACL, "mysql", 0, 1, 1) &&
+    if (check_access(thd, INSERT_ACL, "mysql", 0, 1, 1, 0) &&
         check_global_access(thd,CREATE_USER_ACL))
       break;
     if (!(res= mysql_create_user(thd, lex->users_list)))
@@ -3653,7 +3662,7 @@
   }
   case SQLCOM_DROP_USER:
   {
-    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 1) &&
+    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 1, 0) &&
         check_global_access(thd,CREATE_USER_ACL))
       break;
     if (!(res= mysql_drop_user(thd, lex->users_list)))
@@ -3669,7 +3678,7 @@
   }
   case SQLCOM_RENAME_USER:
   {
-    if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1) &&
+    if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) &&
         check_global_access(thd,CREATE_USER_ACL))
       break;
     if (!(res= mysql_rename_user(thd, lex->users_list)))
@@ -3685,7 +3694,7 @@
   }
   case SQLCOM_REVOKE_ALL:
   {
-    if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1) &&
+    if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) &&
         check_global_access(thd,CREATE_USER_ACL))
       break;
     if (!(res = mysql_revoke_all(thd, lex->users_list)))
@@ -3705,7 +3714,9 @@
     if (check_access(thd, lex->grant | lex->grant_tot_col | GRANT_ACL,
 		     first_table ?  first_table->db : select_lex->db,
 		     first_table ? &first_table->grant.privilege : 0,
-		     first_table ? 0 : 1, 0))
+		     first_table ? 0 : 1, 0,
+                     first_table ? (bool) first_table->schema_table :
+                     select_lex->db ? is_schema_db(select_lex->db) : 0))
       goto error;
 
     if (thd->user)				// If not replication
@@ -3730,7 +3741,7 @@
         {
           // TODO: use check_change_password()
           if (check_acl_user(user, &counter) && user->password.str &&
-              check_access(thd, UPDATE_ACL,"mysql",0,1,1))
+              check_access(thd, UPDATE_ACL,"mysql",0,1,1,0))
           {
             my_message(ER_PASSWORD_NOT_ALLOWED,
                        ER(ER_PASSWORD_NOT_ALLOWED), MYF(0));
@@ -3855,7 +3866,7 @@
   case SQLCOM_SHOW_GRANTS:
     if ((thd->priv_user &&
 	 !strcmp(thd->priv_user,lex->grant_user->user.str)) ||
-	!check_access(thd, SELECT_ACL, "mysql",0,1,0))
+	!check_access(thd, SELECT_ACL, "mysql",0,1,0,0))
     {
       res = mysql_show_grants(thd,lex->grant_user);
     }
@@ -4010,7 +4021,8 @@
 
     DBUG_ASSERT(lex->sphead != 0);
 
-    if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0))
+    if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0,
+                     is_schema_db(lex->sphead->m_db.str)))
     {
       delete lex->sphead;
       lex->sphead= 0;
@@ -4354,7 +4366,7 @@
                                    lex->spname->m_name.length);
           if (udf)
           {
-	    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0))
+	    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0, 0))
 	      goto error;
 	    if (!(res = mysql_drop_function(thd, &lex->spname->m_name)))
 	    {
@@ -4719,7 +4731,8 @@
 bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
 {
   if (check_access(thd, privilege, all_tables->db,
-		   &all_tables->grant.privilege, 0, 0))
+		   &all_tables->grant.privilege, 0, 0,
+                   test(all_tables->schema_table)))
     return 1;
 
   /* Show only 1 table for check_grant */
@@ -4758,13 +4771,14 @@
 
 bool
 check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
-	     bool dont_check_global_grants, bool no_errors)
+	     bool dont_check_global_grants, bool no_errors, bool schema_db)
 {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
   ulong db_access;
   bool  db_is_pattern= test(want_access & GRANT_ACL);
 #endif
   ulong dummy;
+  const char *db_name;
   DBUG_ENTER("check_access");
   DBUG_PRINT("enter",("db: %s  want_access: %lu  master_access: %lu",
                       db ? db : "", want_access, thd->master_access));
@@ -4782,6 +4796,23 @@
     DBUG_RETURN(TRUE);				/* purecov: tested */
   }
 
+  db_name= db ? db : thd->db;
+  if (schema_db)
+  {
+    if (want_access & ~(SELECT_ACL | EXTRA_ACL))
+    {
+      if (!no_errors)
+        my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
+                 thd->priv_user, thd->priv_host, db_name);
+      DBUG_RETURN(TRUE);
+    }
+    else
+    {
+      *save_priv= SELECT_ACL;
+      DBUG_RETURN(FALSE);
+    }
+  }
+
 #ifdef NO_EMBEDDED_ACCESS_CHECKS
   DBUG_RETURN(0);
 #else
@@ -4894,6 +4925,15 @@
   TABLE_LIST *org_tables=tables;
   for (; tables; tables= tables->next_global)
   {
+    if (tables->schema_table && 
+        (want_access & ~(SELECT_ACL | EXTRA_ACL)))
+    {
+      if (!no_errors)
+        my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
+                 thd->priv_user, thd->priv_host,
+                 information_schema_name.str);
+      return TRUE;
+    }
     if (tables->derived || tables->schema_table || tables->belong_to_view ||
         (tables->table && (int)tables->table->s->tmp_table) ||
         my_tz_check_n_skip_implicit_tables(&tables,
@@ -4909,14 +4949,14 @@
       else
       {
 	if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
-			 0, no_errors))
+			 0, no_errors, test(tables->schema_table)))
 	  return TRUE;				// Access denied
 	found_access=tables->grant.privilege;
 	found=1;
       }
     }
     else if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
-			  0, no_errors))
+			  0, no_errors, test(tables->schema_table)))
       return TRUE;
   }
   if (grant_option)
@@ -4939,7 +4979,7 @@
   if ((thd->master_access & want_access) == want_access && !thd->db)
     tables->grant.privilege= want_access;
   else if (check_access(thd,want_access,db,&tables->grant.privilege,
-			0, no_errors))
+			0, no_errors, test(tables->schema_table)))
     return TRUE;
   
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
@@ -4971,7 +5011,11 @@
   ulong save_priv;
   if (thd->master_access & SHOW_PROC_ACLS)
     return FALSE;
-  if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, 0, 1) ||
+  /*
+    There are no routines in information_schema db. So we can safely
+    pass zero to last paramter of check_access function
+  */
+  if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, 0, 1, 0) ||
       (save_priv & SHOW_PROC_ACLS))
     return FALSE;
   return check_routine_level_acl(thd, db, name, is_proc);
@@ -5003,7 +5047,8 @@
     if (access & want_access)
     {
       if (!check_access(thd, access, table->db,
-                        &table->grant.privilege, 0, 1) &&
+                        &table->grant.privilege, 0, 1,
+                        test(table->schema_table)) &&
           !grant_option || !check_grant(thd, access, table, 0, 1, 1))
         DBUG_RETURN(0);
     }
@@ -6808,7 +6853,8 @@
   {
     TABLE_LIST *save= table->next_local;
     table->next_local= 0;
-    if ((check_access(thd, UPDATE_ACL, table->db, &table->grant.privilege,0,1) ||
+    if ((check_access(thd, UPDATE_ACL, table->db, &
+                      table->grant.privilege,0,1, test(table->schema_table)) ||
         (grant_option && check_grant(thd, UPDATE_ACL, table,0,1,1))) &&
 	check_one_table_access(thd, SELECT_ACL, table))
 	goto error;
@@ -6976,11 +7022,13 @@
     if (table->derived)
       table->grant.privilege= SELECT_ACL;
     else if ((check_access(thd, UPDATE_ACL, table->db,
-                           &table->grant.privilege, 0, 1) ||
+                           &table->grant.privilege, 0, 1,
+                           test(table->schema_table)) ||
               grant_option &&
               check_grant(thd, UPDATE_ACL, table, 0, 1, 1)) &&
              (check_access(thd, SELECT_ACL, table->db,
-                           &table->grant.privilege, 0, 0) ||
+                           &table->grant.privilege, 0, 0,
+                           test(table->schema_table)) ||
               grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0)))
       DBUG_RETURN(TRUE);
 
@@ -6999,7 +7047,8 @@
           !table->table_in_first_from_clause)
       {
 	if (check_access(thd, SELECT_ACL, table->db,
-			 &table->grant.privilege, 0, 0) ||
+			 &table->grant.privilege, 0, 0,
+                         test(table->schema_table)) ||
 	    grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0))
 	  DBUG_RETURN(TRUE);
       }
@@ -7216,7 +7265,8 @@
               CREATE_TMP_ACL : CREATE_ACL);
   lex->create_info.alias= create_table->alias;
   if (check_access(thd, want_priv, create_table->db,
-		   &create_table->grant.privilege, 0, 0) ||
+		   &create_table->grant.privilege, 0, 0,
+                   test(create_table->schema_table)) ||
       check_merge_table_access(thd, create_table->db,
 			       (TABLE_LIST *)
 			       lex->create_info.merge_list.first))

--- 1.275/sql/sql_show.cc	Fri Sep  9 16:52:39 2005
+++ 1.276/sql/sql_show.cc	Tue Sep 13 16:06:27 2005
@@ -2025,8 +2025,8 @@
 	  (base_name= select_lex->db) && !bases.elements))
   {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-    if (with_i_schema ||   // don't check the rights if information schema db
-        !check_access(thd,SELECT_ACL, base_name, &thd->col_access,0,1) ||
+    if (!check_access(thd,SELECT_ACL, base_name, 
+                      &thd->col_access, 0, 1, with_i_schema) ||
         thd->master_access & (DB_ACLS | SHOW_DB_ACL) ||
 	acl_get(thd->host, thd->ip, thd->priv_user, base_name,0) ||
 	(grant_option && !check_grant_db(thd, base_name)))
@@ -2448,7 +2448,7 @@
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
     uint col_access;
     check_access(thd,SELECT_ACL | EXTRA_ACL, base_name,
-                 &tables->grant.privilege, 0, 0);
+                 &tables->grant.privilege, 0, 0, test(tables->schema_table));
     col_access= get_column_grant(thd, &tables->grant, 
                                  base_name, file_name,
                                  field->field_name) & COL_ACLS;
@@ -2464,12 +2464,7 @@
         end=strmov(end,grant_types.type_names[bitnr]);
       }
     }
-    if (tables->schema_table)      // any user has 'select' privilege on all 
-      // I_S table columns
-      table->field[17]->store(grant_types.type_names[0],
-                              strlen(grant_types.type_names[0]), cs);
-    else
-      table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs);
+    table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs);
 
 #endif
     table->field[1]->store(base_name, base_name_length, cs);

--- 1.168/sql/sql_update.cc	Fri Sep  2 00:42:22 2005
+++ 1.169/sql/sql_update.cc	Tue Sep 13 16:06:27 2005
@@ -720,7 +720,8 @@
     {
       uint want_privilege= tl->updating ? UPDATE_ACL : SELECT_ACL;
       if (check_access(thd, want_privilege,
-                        tl->db, &tl->grant.privilege, 0, 0) ||
+                       tl->db, &tl->grant.privilege, 0, 0, 
+                       test(tl->schema_table)) ||
           (grant_option && check_grant(thd, want_privilege, tl, 0, 1, 0)))
         DBUG_RETURN(TRUE);
     }

--- 1.61/sql/sql_view.cc	Fri Sep  2 19:06:10 2005
+++ 1.62/sql/sql_view.cc	Tue Sep 13 16:06:27 2005
@@ -224,11 +224,11 @@
     table (i.e. user will not get some privileges by view creation)
   */
   if ((check_access(thd, CREATE_VIEW_ACL, view->db, &view->grant.privilege,
-                    0, 0) ||
+                    0, 0, is_schema_db(view->db)) ||
        grant_option && check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) ||
       (mode != VIEW_CREATE_NEW &&
        (check_access(thd, DROP_ACL, view->db, &view->grant.privilege,
-                     0, 0) ||
+                     0, 0, is_schema_db(view->db)) ||
         grant_option && check_grant(thd, DROP_ACL, view, 0, 1, 0))))
   {
     res= TRUE;
@@ -280,7 +280,7 @@
       if (!tbl->table_in_first_from_clause)
       {
         if (check_access(thd, SELECT_ACL, tbl->db,
-                         &tbl->grant.privilege, 0, 0) ||
+                         &tbl->grant.privilege, 0, 0, test(tbl->schema_table)) ||
             grant_option && check_grant(thd, SELECT_ACL, tbl, 0, 1, 0))
         {
           res= TRUE;

--- 1.79/mysql-test/r/information_schema.result	Wed Sep  7 16:11:48 2005
+++ 1.80/mysql-test/r/information_schema.result	Tue Sep 13 16:06:27 2005
@@ -594,7 +594,7 @@
 TABLE_PRIVILEGES
 TRIGGERS
 create database information_schema;
-ERROR HY000: Can't create database 'information_schema'; database exists
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
 use information_schema;
 show full tables like "T%";
 Tables_in_information_schema (T%)	Table_type
@@ -990,3 +990,25 @@
 c	int(11)	YES		NULL	
 drop view v1;
 drop table t1;
+alter database information_schema;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+drop database information_schema;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+drop table information_schema.tables;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+alter table information_schema.tables;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+use information_schema;
+create temporary table schemata(f1 char(10));
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+CREATE PROCEDURE p1 ()
+BEGIN
+SELECT 'foo' FROM DUAL;
+END |
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+select  ROUTINE_NAME from routines;
+ROUTINE_NAME
+grant all on information_schema.* to 'user1'@'localhost';
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+grant select on information_schema.* to 'user1'@'localhost';
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'

--- 1.56/mysql-test/t/information_schema.test	Wed Sep  7 16:11:48 2005
+++ 1.57/mysql-test/t/information_schema.test	Tue Sep 13 16:06:27 2005
@@ -338,7 +338,7 @@
 where table_schema='information_schema' limit 2;
 show tables from information_schema like "T%";
 
---error 1007
+--error 1044
 create database information_schema;
 use information_schema;
 show full tables like "T%";
@@ -678,3 +678,39 @@
 connection default;
 drop view v1;
 drop table t1;
+
+#
+# Bug #9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA'
+#
+--error 1044
+alter database information_schema;
+--error 1044
+drop database information_schema;
+--error 1044
+drop table information_schema.tables;
+--error 1044
+alter table information_schema.tables;
+#
+# Bug #9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB
+#
+use information_schema;
+--error 1044
+create temporary table schemata(f1 char(10));
+#
+# Bug #10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
+#
+delimiter |;
+--error 1044
+CREATE PROCEDURE p1 ()
+BEGIN
+  SELECT 'foo' FROM DUAL;
+END |
+delimiter ;|
+select  ROUTINE_NAME from routines;
+#
+# Bug #10734 Grant of privileges other than 'select' and 'create view' should fail on schema
+#
+--error 1044
+grant all on information_schema.* to 'user1'@'localhost';
+--error 1044
+grant select on information_schema.* to 'user1'@'localhost';

--- 1.54/sql/repl_failsafe.cc	Thu Jun  2 09:15:15 2005
+++ 1.55/sql/repl_failsafe.cc	Tue Sep 13 16:06:27 2005
@@ -162,7 +162,7 @@
   SLAVE_INFO *si;
   uchar *p= packet, *p_end= packet + packet_length;
 
-  if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0))
+  if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0,0))
     return 1;
   if (!(si = (SLAVE_INFO*)my_malloc(sizeof(SLAVE_INFO), MYF(MY_WME))))
     goto err2;

--- 1.141/sql/sql_repl.cc	Tue Jul 19 01:49:15 2005
+++ 1.142/sql/sql_repl.cc	Tue Sep 13 16:06:27 2005
@@ -769,7 +769,7 @@
   int thread_mask;
   DBUG_ENTER("start_slave");
 
-  if (check_access(thd, SUPER_ACL, any_db,0,0,0))
+  if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
     DBUG_RETURN(1);
   lock_slave_threads(mi);  // this allows us to cleanly read slave_running
   // Get a mask of _stopped_ threads
@@ -894,7 +894,7 @@
   if (!thd)
     thd = current_thd;
 
-  if (check_access(thd, SUPER_ACL, any_db,0,0,0))
+  if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
     return 1;
   thd->proc_info = "Killing slave";
   int thread_mask;

--- 1.151/sql/sql_prepare.cc	Sat Sep  3 04:13:10 2005
+++ 1.152/sql/sql_prepare.cc	Tue Sep 13 16:06:27 2005
@@ -1226,7 +1226,7 @@
     if (check_table_access(thd, privilege, tables,0))
       goto error;
   }
-  else if (check_access(thd, privilege, any_db,0,0,0))
+  else if (check_access(thd, privilege, any_db,0,0,0,0))
     goto error;
 #endif
 
Thread
bk commit into 5.0 tree (gluh:1.1944) BUG#10708gluh13 Sep