• Kristofer Pettersson's avatar
    Bug#27145 EXTRA_ACL troubles · 0659b857
    Kristofer Pettersson authored
    The flag EXTRA_ACL is used in conjugation with our access checks, yet it is
    not clear what impact this flag has.
    This is a code clean up which replaces use of EXTRA_ACL with an explicit
    function parameter.
    The patch also fixes privilege checks for:
    - SHOW CREATE TABLE: The new privilege requirement is any privilege on
      the table-level.
    - CHECKSUM TABLE: Requires SELECT on the table level.
    - SHOW CREATE VIEW: Requires SHOW_VIEW and SELECT on the table level
      (just as the manual claims)
    - SHOW INDEX: Requires any privilege on any column combination.
    
    
    mysql-test/r/grant.result:
      * Error message now shows correct command (SHOW instead of SELECT)
    mysql-test/r/grant2.result:
      * Error message now shows correct command (SHOW instead of SELECT)
    mysql-test/r/grant4.result:
      * This test file tests privilege requirements for
        SHOW COLUMNS
        CREATE TABLE .. LIKE
        SHOW CREATE TABLE
        SHOW INDEX
        CHECKSUM TABLE
        SHOW CREATE VIEW
    mysql-test/r/information_schema_db.result:
      * Added SELECT privilege to testdb_2 as
        SHOW CREATE VIEW now demands this privilege
        as well as SHOW VIEW.
    mysql-test/r/outfile.result:
      * Changed error code
    mysql-test/r/view_grant.result:
      * Additional SELECT privilege is now needed
        for SHOW CREATE VIEW
    mysql-test/t/grant4.test:
      * This test file tests privilege requirements for
        SHOW COLUMNS
        CREATE TABLE .. LIKE
        SHOW CREATE TABLE
        SHOW INDEX
        CHECKSUM TABLE
        SHOW CREATE VIEW
    mysql-test/t/information_schema_db.test:
      * Added SELECT privilege to testdb_2 as
        SHOW CREATE VIEW now demands this privilege
        as well as SHOW VIEW.
    mysql-test/t/outfile.test:
      * Changed error code
    mysql-test/t/view_grant.test:
      * Additional SELECT privilege is now needed
        for SHOW CREATE VIEW
    sql/mysql_priv.h:
      * Replaced EXTRA_ACL with a parameter
    sql/sp_head.cc:
      * Replaced EXTRA_ACL with a parameter
    sql/sql_acl.cc:
      * Converted function documentation to doxygen and clarified some behaviors.
      * Changed value from uint to bool to better reflect its meaning.
      * Removed pointless variable orig_want_access
      * Added function has_any_table_level_privileges to help with requirements
        checks during SHOW CREATE TABLE.
    sql/sql_acl.h:
      * changed signature of check_grant()
      * introduced access control function has_any_table_leevl_privileges()
    sql/sql_base.cc:
      * Check_table_access has new signature
    sql/sql_cache.cc:
      * Check_table_access has new signature
    sql/sql_parse.cc:
      * Rewrote function documentation in doxygen comments for: check_access,
        check_table_acces, check_grant.
      * Removed EXTRA_ACL flag where it doesn't hold any meaningful purpose anymore
        and replaced it with a function parameter where any privileges on any column
        combination would satisfy the requirement.
      * Fixed privilege check for SHOW COLUMNS and SHOW INDEX
      * Modified check_table_access to gain clarity in what EXTRA_ACL actually does.
      * Modified check_access to gain clarity in what EXTRA_ACL actually does.
      * Fixed privilege check for CREATE TABLE .. LIKE .. ; It now requires SELECT
        privileges on the table.
      * Fixed privilege check for SHOW CREATE TABLE ..; It now requires any privilege
        on the table level.
    sql/sql_plugin.cc:
      * check_table_access has new signature
    sql/sql_prepare.cc:
      * check_table_access has new signature
    sql/sql_show.cc:
      * check_table_access has new signature
    sql/sql_trigger.cc:
      * check_table_access has new signature
    sql/sql_update.cc:
      * check grant has new signature
    sql/sql_view.cc:
      * check_table_access has new signature
    0659b857
sql_plugin.cc 98.5 KB