Commit 8a84f4ef authored by unknown's avatar unknown

Merge sanja.is.com.ua:/home/bell/mysql/bk/mysql-5.0

into  sanja.is.com.ua:/home/bell/mysql/bk/work-owner2-5.0


sql/mysql_priv.h:
  Auto merged
sql/sql_acl.cc:
  Auto merged
sql/sql_parse.cc:
  Auto merged
sql/sql_show.cc:
  Auto merged
sql/sql_view.cc:
  Auto merged
parents e6c6c907 01d8dbda
......@@ -594,7 +594,7 @@ TABLE_CONSTRAINTS
TABLE_PRIVILEGES
TRIGGERS
create database information_schema;
ERROR HY000: Can't create database 'information_schema'; database exists
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
use information_schema;
show full tables like "T%";
Tables_in_information_schema (T%) Table_type
......@@ -990,3 +990,25 @@ Field Type Null Key Default Extra
c int(11) YES NULL
drop view v1;
drop table t1;
alter database information_schema;
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
drop database information_schema;
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
drop table information_schema.tables;
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
alter table information_schema.tables;
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
use information_schema;
create temporary table schemata(f1 char(10));
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
CREATE PROCEDURE p1 ()
BEGIN
SELECT 'foo' FROM DUAL;
END |
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
select ROUTINE_NAME from routines;
ROUTINE_NAME
grant all on information_schema.* to 'user1'@'localhost';
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
grant select on information_schema.* to 'user1'@'localhost';
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
......@@ -338,7 +338,7 @@ from information_schema.tables
where table_schema='information_schema' limit 2;
show tables from information_schema like "T%";
--error 1007
--error 1044
create database information_schema;
use information_schema;
show full tables like "T%";
......@@ -678,3 +678,39 @@ show fields from test.v1;
connection default;
drop view v1;
drop table t1;
#
# Bug #9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA'
#
--error 1044
alter database information_schema;
--error 1044
drop database information_schema;
--error 1044
drop table information_schema.tables;
--error 1044
alter table information_schema.tables;
#
# Bug #9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB
#
use information_schema;
--error 1044
create temporary table schemata(f1 char(10));
#
# Bug #10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
#
delimiter |;
--error 1044
CREATE PROCEDURE p1 ()
BEGIN
SELECT 'foo' FROM DUAL;
END |
delimiter ;|
select ROUTINE_NAME from routines;
#
# Bug #10734 Grant of privileges other than 'select' and 'create view' should fail on schema
#
--error 1044
grant all on information_schema.* to 'user1'@'localhost';
--error 1044
grant select on information_schema.* to 'user1'@'localhost';
......@@ -627,7 +627,7 @@ void close_connection(THD *thd, uint errcode, bool lock);
bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
bool *write_to_binlog);
bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv,
bool no_grant, bool no_errors);
bool no_grant, bool no_errors, bool schema_db);
bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
bool no_errors);
bool check_global_access(THD *thd, ulong want_access);
......@@ -854,6 +854,8 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
bool get_schema_tables_result(JOIN *join);
#define is_schema_db(X) \
!my_strcasecmp(system_charset_info, information_schema_name.str, (X))
/* sql_prepare.cc */
......
......@@ -162,7 +162,7 @@ int register_slave(THD* thd, uchar* packet, uint packet_length)
SLAVE_INFO *si;
uchar *p= packet, *p_end= packet + packet_length;
if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0))
if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0,0))
return 1;
if (!(si = (SLAVE_INFO*)my_malloc(sizeof(SLAVE_INFO), MYF(MY_WME))))
goto err2;
......
......@@ -1337,7 +1337,7 @@ bool check_change_password(THD *thd, const char *host, const char *user,
(strcmp(thd->user,user) ||
my_strcasecmp(system_charset_info, host, thd->priv_host)))
{
if (check_access(thd, UPDATE_ACL, "mysql",0,1,0))
if (check_access(thd, UPDATE_ACL, "mysql",0,1,0,0))
return(1);
}
if (!thd->slave_thread && !thd->user[0])
......@@ -5556,7 +5556,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
ulong want_access;
char buff[100];
TABLE *table= tables->table;
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
DBUG_ENTER("fill_schema_user_privileges");
......@@ -5609,7 +5609,7 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
ulong want_access;
char buff[100];
TABLE *table= tables->table;
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
DBUG_ENTER("fill_schema_schema_privileges");
......@@ -5664,7 +5664,7 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
uint index;
char buff[100];
TABLE *table= tables->table;
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
DBUG_ENTER("fill_schema_table_privileges");
......@@ -5726,7 +5726,7 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
uint index;
char buff[100];
TABLE *table= tables->table;
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
DBUG_ENTER("fill_schema_table_privileges");
......
This diff is collapsed.
......@@ -1235,7 +1235,7 @@ static int mysql_test_select(Prepared_statement *stmt,
if (check_table_access(thd, privilege, tables,0))
goto error;
}
else if (check_access(thd, privilege, any_db,0,0,0))
else if (check_access(thd, privilege, any_db,0,0,0,0))
goto error;
#endif
......
......@@ -769,7 +769,7 @@ int start_slave(THD* thd , MASTER_INFO* mi, bool net_report)
int thread_mask;
DBUG_ENTER("start_slave");
if (check_access(thd, SUPER_ACL, any_db,0,0,0))
if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
DBUG_RETURN(1);
lock_slave_threads(mi); // this allows us to cleanly read slave_running
// Get a mask of _stopped_ threads
......@@ -894,7 +894,7 @@ int stop_slave(THD* thd, MASTER_INFO* mi, bool net_report )
if (!thd)
thd = current_thd;
if (check_access(thd, SUPER_ACL, any_db,0,0,0))
if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
return 1;
thd->proc_info = "Killing slave";
int thread_mask;
......
......@@ -2055,8 +2055,8 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond)
(base_name= select_lex->db) && !bases.elements))
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (with_i_schema || // don't check the rights if information schema db
!check_access(thd,SELECT_ACL, base_name, &thd->col_access,0,1) ||
if (!check_access(thd,SELECT_ACL, base_name,
&thd->col_access, 0, 1, with_i_schema) ||
thd->master_access & (DB_ACLS | SHOW_DB_ACL) ||
acl_get(thd->host, thd->ip, thd->priv_user, base_name,0) ||
(grant_option && !check_grant_db(thd, base_name)))
......@@ -2478,7 +2478,7 @@ static int get_schema_column_record(THD *thd, struct st_table_list *tables,
#ifndef NO_EMBEDDED_ACCESS_CHECKS
uint col_access;
check_access(thd,SELECT_ACL | EXTRA_ACL, base_name,
&tables->grant.privilege, 0, 0);
&tables->grant.privilege, 0, 0, test(tables->schema_table));
col_access= get_column_grant(thd, &tables->grant,
base_name, file_name,
field->field_name) & COL_ACLS;
......@@ -2494,12 +2494,7 @@ static int get_schema_column_record(THD *thd, struct st_table_list *tables,
end=strmov(end,grant_types.type_names[bitnr]);
}
}
if (tables->schema_table) // any user has 'select' privilege on all
// I_S table columns
table->field[17]->store(grant_types.type_names[0],
strlen(grant_types.type_names[0]), cs);
else
table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs);
table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs);
#endif
table->field[1]->store(base_name, base_name_length, cs);
......
......@@ -720,7 +720,8 @@ bool mysql_multi_update_prepare(THD *thd)
{
uint want_privilege= tl->updating ? UPDATE_ACL : SELECT_ACL;
if (check_access(thd, want_privilege,
tl->db, &tl->grant.privilege, 0, 0) ||
tl->db, &tl->grant.privilege, 0, 0,
test(tl->schema_table)) ||
(grant_option && check_grant(thd, want_privilege, tl, 0, 1, 0)))
DBUG_RETURN(TRUE);
}
......
......@@ -254,11 +254,11 @@ bool mysql_create_view(THD *thd,
table (i.e. user will not get some privileges by view creation)
*/
if ((check_access(thd, CREATE_VIEW_ACL, view->db, &view->grant.privilege,
0, 0) ||
0, 0, is_schema_db(view->db)) ||
grant_option && check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) ||
(mode != VIEW_CREATE_NEW &&
(check_access(thd, DROP_ACL, view->db, &view->grant.privilege,
0, 0) ||
0, 0, is_schema_db(view->db)) ||
grant_option && check_grant(thd, DROP_ACL, view, 0, 1, 0))))
{
res= TRUE;
......@@ -310,7 +310,7 @@ bool mysql_create_view(THD *thd,
if (!tbl->table_in_first_from_clause)
{
if (check_access(thd, SELECT_ACL, tbl->db,
&tbl->grant.privilege, 0, 0) ||
&tbl->grant.privilege, 0, 0, test(tbl->schema_table)) ||
grant_option && check_grant(thd, SELECT_ACL, tbl, 0, 1, 0))
{
res= TRUE;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment