Commit d505eac7 authored by thek@adventure.(none)'s avatar thek@adventure.(none)

Merge adventure.(none):/home/thek/Development/cpp/bug24988/my51-bug24988

into  adventure.(none):/home/thek/Development/cpp/mysql-5.1-runtime
parents 7fc2ddbf 5f06a456
...@@ -1667,7 +1667,7 @@ extern ulong log_output_options; ...@@ -1667,7 +1667,7 @@ extern ulong log_output_options;
extern my_bool opt_log_queries_not_using_indexes; extern my_bool opt_log_queries_not_using_indexes;
extern bool opt_disable_networking, opt_skip_show_db; extern bool opt_disable_networking, opt_skip_show_db;
extern my_bool opt_character_set_client_handshake; extern my_bool opt_character_set_client_handshake;
extern bool volatile abort_loop, shutdown_in_progress, grant_option; extern bool volatile abort_loop, shutdown_in_progress;
extern uint volatile thread_count, thread_running, global_read_lock; extern uint volatile thread_count, thread_running, global_read_lock;
extern my_bool opt_sql_bin_update, opt_safe_user_create, opt_no_mix_types; extern my_bool opt_sql_bin_update, opt_safe_user_create, opt_no_mix_types;
extern my_bool opt_safe_show_db, opt_local_infile, opt_myisam_use_mmap; extern my_bool opt_safe_show_db, opt_local_infile, opt_myisam_use_mmap;
......
...@@ -347,7 +347,15 @@ bool opt_endinfo, using_udf_functions; ...@@ -347,7 +347,15 @@ bool opt_endinfo, using_udf_functions;
my_bool locked_in_memory; my_bool locked_in_memory;
bool opt_using_transactions, using_update_log; bool opt_using_transactions, using_update_log;
bool volatile abort_loop; bool volatile abort_loop;
bool volatile shutdown_in_progress, grant_option; bool volatile shutdown_in_progress;
/**
@brief 'grant_option' is used to indicate if privileges needs
to be checked, in which case the lock, LOCK_grant, is used
to protect access to the grant table.
@note This flag is dropped in 5.1
@see grant_init()
*/
bool volatile grant_option;
my_bool opt_skip_slave_start = 0; // If set, slave is not autostarted my_bool opt_skip_slave_start = 0; // If set, slave is not autostarted
my_bool opt_reckless_slave = 0; my_bool opt_reckless_slave = 0;
......
...@@ -3136,7 +3136,6 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list, ...@@ -3136,7 +3136,6 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list,
} }
} }
} }
grant_option=TRUE;
thd->mem_root= old_root; thd->mem_root= old_root;
pthread_mutex_unlock(&acl_cache->lock); pthread_mutex_unlock(&acl_cache->lock);
...@@ -3310,7 +3309,6 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc, ...@@ -3310,7 +3309,6 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc,
continue; continue;
} }
} }
grant_option=TRUE;
thd->mem_root= old_root; thd->mem_root= old_root;
pthread_mutex_unlock(&acl_cache->lock); pthread_mutex_unlock(&acl_cache->lock);
if (!result && !no_error) if (!result && !no_error)
...@@ -3458,7 +3456,6 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list, ...@@ -3458,7 +3456,6 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
void grant_free(void) void grant_free(void)
{ {
DBUG_ENTER("grant_free"); DBUG_ENTER("grant_free");
grant_option = FALSE;
hash_free(&column_priv_hash); hash_free(&column_priv_hash);
hash_free(&proc_priv_hash); hash_free(&proc_priv_hash);
hash_free(&func_priv_hash); hash_free(&func_priv_hash);
...@@ -3522,7 +3519,6 @@ static my_bool grant_load(TABLE_LIST *tables) ...@@ -3522,7 +3519,6 @@ static my_bool grant_load(TABLE_LIST *tables)
THR_MALLOC); THR_MALLOC);
DBUG_ENTER("grant_load"); DBUG_ENTER("grant_load");
grant_option = FALSE;
(void) hash_init(&column_priv_hash,system_charset_info, (void) hash_init(&column_priv_hash,system_charset_info,
0,0,0, (hash_get_key) get_grant_table, 0,0,0, (hash_get_key) get_grant_table,
(hash_free_key) free_grant_table,0); (hash_free_key) free_grant_table,0);
...@@ -3552,7 +3548,6 @@ static my_bool grant_load(TABLE_LIST *tables) ...@@ -3552,7 +3548,6 @@ static my_bool grant_load(TABLE_LIST *tables)
if (!(mem_check=new (memex_ptr) GRANT_TABLE(t_table,c_table))) if (!(mem_check=new (memex_ptr) GRANT_TABLE(t_table,c_table)))
{ {
/* This could only happen if we are out memory */ /* This could only happen if we are out memory */
grant_option= FALSE;
goto end_unlock; goto end_unlock;
} }
...@@ -3575,7 +3570,6 @@ static my_bool grant_load(TABLE_LIST *tables) ...@@ -3575,7 +3570,6 @@ static my_bool grant_load(TABLE_LIST *tables)
else if (my_hash_insert(&column_priv_hash,(byte*) mem_check)) else if (my_hash_insert(&column_priv_hash,(byte*) mem_check))
{ {
delete mem_check; delete mem_check;
grant_option= FALSE;
goto end_unlock; goto end_unlock;
} }
} }
...@@ -3592,7 +3586,6 @@ static my_bool grant_load(TABLE_LIST *tables) ...@@ -3592,7 +3586,6 @@ static my_bool grant_load(TABLE_LIST *tables)
if (!(mem_check=new (&memex) GRANT_NAME(p_table))) if (!(mem_check=new (&memex) GRANT_NAME(p_table)))
{ {
/* This could only happen if we are out memory */ /* This could only happen if we are out memory */
grant_option= FALSE;
goto end_unlock; goto end_unlock;
} }
...@@ -3631,13 +3624,11 @@ static my_bool grant_load(TABLE_LIST *tables) ...@@ -3631,13 +3624,11 @@ static my_bool grant_load(TABLE_LIST *tables)
else if (my_hash_insert(hash, (byte*) mem_check)) else if (my_hash_insert(hash, (byte*) mem_check))
{ {
delete mem_check; delete mem_check;
grant_option= FALSE;
goto end_unlock; goto end_unlock;
} }
} }
while (!p_table->file->index_next(p_table->record[0])); while (!p_table->file->index_next(p_table->record[0]));
} }
grant_option= TRUE;
return_val=0; // Return ok return_val=0; // Return ok
end_unlock: end_unlock:
...@@ -3670,7 +3661,6 @@ my_bool grant_reload(THD *thd) ...@@ -3670,7 +3661,6 @@ my_bool grant_reload(THD *thd)
{ {
TABLE_LIST tables[3]; TABLE_LIST tables[3];
HASH old_column_priv_hash, old_proc_priv_hash, old_func_priv_hash; HASH old_column_priv_hash, old_proc_priv_hash, old_func_priv_hash;
bool old_grant_option;
MEM_ROOT old_mem; MEM_ROOT old_mem;
my_bool return_val= 1; my_bool return_val= 1;
DBUG_ENTER("grant_reload"); DBUG_ENTER("grant_reload");
...@@ -3700,7 +3690,6 @@ my_bool grant_reload(THD *thd) ...@@ -3700,7 +3690,6 @@ my_bool grant_reload(THD *thd)
old_column_priv_hash= column_priv_hash; old_column_priv_hash= column_priv_hash;
old_proc_priv_hash= proc_priv_hash; old_proc_priv_hash= proc_priv_hash;
old_func_priv_hash= func_priv_hash; old_func_priv_hash= func_priv_hash;
old_grant_option= grant_option;
old_mem= memex; old_mem= memex;
if ((return_val= grant_load(tables))) if ((return_val= grant_load(tables)))
...@@ -3710,7 +3699,6 @@ my_bool grant_reload(THD *thd) ...@@ -3710,7 +3699,6 @@ my_bool grant_reload(THD *thd)
column_priv_hash= old_column_priv_hash; /* purecov: deadcode */ column_priv_hash= old_column_priv_hash; /* purecov: deadcode */
proc_priv_hash= old_proc_priv_hash; proc_priv_hash= old_proc_priv_hash;
func_priv_hash= old_func_priv_hash; func_priv_hash= old_func_priv_hash;
grant_option= old_grant_option; /* purecov: deadcode */
memex= old_mem; /* purecov: deadcode */ memex= old_mem; /* purecov: deadcode */
} }
else else
...@@ -4007,8 +3995,6 @@ bool check_grant_all_columns(THD *thd, ulong want_access, GRANT_INFO *grant, ...@@ -4007,8 +3995,6 @@ bool check_grant_all_columns(THD *thd, ulong want_access, GRANT_INFO *grant,
want_access &= ~grant->privilege; want_access &= ~grant->privilege;
if (!want_access) if (!want_access)
return 0; // Already checked return 0; // Already checked
if (!grant_option)
goto err2;
rw_rdlock(&LOCK_grant); rw_rdlock(&LOCK_grant);
...@@ -4198,8 +4184,6 @@ bool check_routine_level_acl(THD *thd, const char *db, const char *name, ...@@ -4198,8 +4184,6 @@ bool check_routine_level_acl(THD *thd, const char *db, const char *name,
bool is_proc) bool is_proc)
{ {
bool no_routine_acl= 1; bool no_routine_acl= 1;
if (grant_option)
{
GRANT_NAME *grant_proc; GRANT_NAME *grant_proc;
Security_context *sctx= thd->security_ctx; Security_context *sctx= thd->security_ctx;
rw_rdlock(&LOCK_grant); rw_rdlock(&LOCK_grant);
...@@ -4209,7 +4193,6 @@ bool check_routine_level_acl(THD *thd, const char *db, const char *name, ...@@ -4209,7 +4193,6 @@ bool check_routine_level_acl(THD *thd, const char *db, const char *name,
name, is_proc, 0))) name, is_proc, 0)))
no_routine_acl= !(grant_proc->privs & SHOW_PROC_ACLS); no_routine_acl= !(grant_proc->privs & SHOW_PROC_ACLS);
rw_unlock(&LOCK_grant); rw_unlock(&LOCK_grant);
}
return no_routine_acl; return no_routine_acl;
} }
...@@ -6403,12 +6386,6 @@ void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant, ...@@ -6403,12 +6386,6 @@ void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
/* db privileges */ /* db privileges */
grant->privilege|= acl_get(sctx->host, sctx->ip, sctx->priv_user, db, 0); grant->privilege|= acl_get(sctx->host, sctx->ip, sctx->priv_user, db, 0);
if (!grant_option)
{
DBUG_PRINT("info", ("privilege 0x%lx", grant->privilege));
DBUG_VOID_RETURN;
}
/* table privileges */ /* table privileges */
rw_rdlock(&LOCK_grant); rw_rdlock(&LOCK_grant);
if (grant->version != grant_version) if (grant->version != grant_version)
......
...@@ -1448,7 +1448,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch) ...@@ -1448,7 +1448,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
if (!force_switch && if (!force_switch &&
!(db_access & DB_ACLS) && !(db_access & DB_ACLS) &&
(!grant_option || check_grant_db(thd, new_db_file_name.str))) check_grant_db(thd, new_db_file_name.str))
{ {
my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
sctx->priv_user, sctx->priv_user,
......
...@@ -189,15 +189,12 @@ static int check_insert_fields(THD *thd, TABLE_LIST *table_list, ...@@ -189,15 +189,12 @@ static int check_insert_fields(THD *thd, TABLE_LIST *table_list,
return -1; return -1;
} }
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
if (grant_option)
{
Field_iterator_table field_it; Field_iterator_table field_it;
field_it.set_table(table); field_it.set_table(table);
if (check_grant_all_columns(thd, INSERT_ACL, &table->grant, if (check_grant_all_columns(thd, INSERT_ACL, &table->grant,
table->s->db.str, table->s->table_name.str, table->s->db.str, table->s->table_name.str,
&field_it)) &field_it))
return -1; return -1;
}
#endif #endif
clear_timestamp_auto_bits(table->timestamp_field_type, clear_timestamp_auto_bits(table->timestamp_field_type,
TIMESTAMP_AUTO_SET_ON_INSERT); TIMESTAMP_AUTO_SET_ON_INSERT);
......
...@@ -987,8 +987,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, ...@@ -987,8 +987,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
if (check_access(thd,SELECT_ACL,table_list.db,&table_list.grant.privilege, if (check_access(thd,SELECT_ACL,table_list.db,&table_list.grant.privilege,
0, 0, test(table_list.schema_table))) 0, 0, test(table_list.schema_table)))
break; break;
if (grant_option && if (check_grant(thd, SELECT_ACL, &table_list, 2, UINT_MAX, 0))
check_grant(thd, SELECT_ACL, &table_list, 2, UINT_MAX, 0))
break; break;
/* init structures for VIEW processing */ /* init structures for VIEW processing */
table_list.select_lex= &(thd->lex->select_lex); table_list.select_lex= &(thd->lex->select_lex);
...@@ -2049,12 +2048,10 @@ mysql_execute_command(THD *thd) ...@@ -2049,12 +2048,10 @@ mysql_execute_command(THD *thd)
&first_table->grant.privilege, 0, 0, &first_table->grant.privilege, 0, 0,
test(first_table->schema_table))) test(first_table->schema_table)))
goto error; /* purecov: inspected */ goto error; /* purecov: inspected */
if (grant_option)
{
/* Check that the first table has CREATE privilege */ /* Check that the first table has CREATE privilege */
if (check_grant(thd, CREATE_ACL, all_tables, 0, 1, 0)) if (check_grant(thd, CREATE_ACL, all_tables, 0, 1, 0))
goto error; goto error;
}
pthread_mutex_lock(&LOCK_active_mi); pthread_mutex_lock(&LOCK_active_mi);
/* /*
fetch_master_table will send the error to the client on failure. fetch_master_table will send the error to the client on failure.
...@@ -2379,8 +2376,6 @@ mysql_execute_command(THD *thd) ...@@ -2379,8 +2376,6 @@ mysql_execute_command(THD *thd)
(TABLE_LIST *) (TABLE_LIST *)
create_info.merge_list.first)) create_info.merge_list.first))
goto error; /* purecov: inspected */ goto error; /* purecov: inspected */
if (grant_option)
{
if (check_grant(thd, priv_needed, all_tables, 0, UINT_MAX, 0)) if (check_grant(thd, priv_needed, all_tables, 0, UINT_MAX, 0))
goto error; goto error;
if (lex->name.str && !test_all_bits(priv,INSERT_ACL | CREATE_ACL)) if (lex->name.str && !test_all_bits(priv,INSERT_ACL | CREATE_ACL))
...@@ -2394,7 +2389,7 @@ mysql_execute_command(THD *thd) ...@@ -2394,7 +2389,7 @@ mysql_execute_command(THD *thd)
UINT_MAX, 0)) UINT_MAX, 0))
goto error; goto error;
} }
}
/* Don't yet allow changing of symlinks with ALTER TABLE */ /* Don't yet allow changing of symlinks with ALTER TABLE */
if (create_info.data_file_name) if (create_info.data_file_name)
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN, 0, push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN, 0,
...@@ -2436,8 +2431,6 @@ mysql_execute_command(THD *thd) ...@@ -2436,8 +2431,6 @@ mysql_execute_command(THD *thd)
&table->next_local->grant.privilege, 0, 0, &table->next_local->grant.privilege, 0, 0,
test(table->next_local->schema_table))) test(table->next_local->schema_table)))
goto error; goto error;
if (grant_option)
{
TABLE_LIST old_list, new_list; TABLE_LIST old_list, new_list;
/* /*
we do not need initialize old_list and new_list because we will we do not need initialize old_list and new_list because we will
...@@ -2451,7 +2444,6 @@ mysql_execute_command(THD *thd) ...@@ -2451,7 +2444,6 @@ mysql_execute_command(THD *thd)
check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0, 1, 0))) check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0, 1, 0)))
goto error; goto error;
} }
}
query_cache_invalidate3(thd, first_table, 0); query_cache_invalidate3(thd, first_table, 0);
if (end_active_trans(thd) || mysql_rename_tables(thd, first_table, 0)) if (end_active_trans(thd) || mysql_rename_tables(thd, first_table, 0))
goto error; goto error;
...@@ -2949,7 +2941,7 @@ mysql_execute_command(THD *thd) ...@@ -2949,7 +2941,7 @@ mysql_execute_command(THD *thd)
goto error; goto error;
#else #else
{ {
if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0,0)) if (check_access(thd, FILE_ACL, any_db,0,0,0,0))
goto error; goto error;
res= ha_show_status(thd, lex->create_info.db_type, HA_ENGINE_LOGS); res= ha_show_status(thd, lex->create_info.db_type, HA_ENGINE_LOGS);
break; break;
...@@ -3403,8 +3395,7 @@ mysql_execute_command(THD *thd) ...@@ -3403,8 +3395,7 @@ mysql_execute_command(THD *thd)
uint grants= lex->all_privileges uint grants= lex->all_privileges
? (PROC_ACLS & ~GRANT_ACL) | (lex->grant & GRANT_ACL) ? (PROC_ACLS & ~GRANT_ACL) | (lex->grant & GRANT_ACL)
: lex->grant; : lex->grant;
if (grant_option && if (check_grant_routine(thd, grants | GRANT_ACL, all_tables,
check_grant_routine(thd, grants | GRANT_ACL, all_tables,
lex->type == TYPE_ENUM_PROCEDURE, 0)) lex->type == TYPE_ENUM_PROCEDURE, 0))
goto error; goto error;
/* Conditionally writes to binlog */ /* Conditionally writes to binlog */
...@@ -3415,9 +3406,7 @@ mysql_execute_command(THD *thd) ...@@ -3415,9 +3406,7 @@ mysql_execute_command(THD *thd)
} }
else else
{ {
if (grant_option && check_grant(thd, if (check_grant(thd,(lex->grant | lex->grant_tot_col | GRANT_ACL),
(lex->grant | lex->grant_tot_col |
GRANT_ACL),
all_tables, 0, UINT_MAX, 0)) all_tables, 0, UINT_MAX, 0))
goto error; goto error;
/* Conditionally writes to binlog */ /* Conditionally writes to binlog */
...@@ -4533,8 +4522,7 @@ bool check_single_table_access(THD *thd, ulong privilege, ...@@ -4533,8 +4522,7 @@ bool check_single_table_access(THD *thd, ulong privilege,
goto deny; goto deny;
/* Show only 1 table for check_grant */ /* Show only 1 table for check_grant */
if (grant_option && if (!(all_tables->belong_to_view &&
!(all_tables->belong_to_view &&
(thd->lex->sql_command == SQLCOM_SHOW_FIELDS)) && (thd->lex->sql_command == SQLCOM_SHOW_FIELDS)) &&
check_grant(thd, privilege, all_tables, 0, 1, no_errors)) check_grant(thd, privilege, all_tables, 0, 1, no_errors))
goto deny; goto deny;
...@@ -4702,9 +4690,8 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, ...@@ -4702,9 +4690,8 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
db_access, want_access)); db_access, want_access));
db_access= ((*save_priv=(db_access | sctx->master_access)) & want_access); db_access= ((*save_priv=(db_access | sctx->master_access)) & want_access);
/* grant_option is set if there exists a single table or column grant */
if (db_access == want_access || if (db_access == want_access ||
(grant_option && !dont_check_global_grants && (!dont_check_global_grants &&
!(want_access & ~(db_access | TABLE_ACLS | PROC_ACLS)))) !(want_access & ~(db_access | TABLE_ACLS | PROC_ACLS))))
DBUG_RETURN(FALSE); /* Ok */ DBUG_RETURN(FALSE); /* Ok */
...@@ -4803,8 +4790,7 @@ static bool check_show_access(THD *thd, TABLE_LIST *table) ...@@ -4803,8 +4790,7 @@ static bool check_show_access(THD *thd, TABLE_LIST *table)
test(dst_table->schema_table))) test(dst_table->schema_table)))
return FALSE; return FALSE;
return (grant_option && return (check_grant(thd, SELECT_ACL, dst_table, 2, UINT_MAX, FALSE));
check_grant(thd, SELECT_ACL, dst_table, 2, UINT_MAX, FALSE));
} }
default: default:
break; break;
...@@ -4841,8 +4827,6 @@ bool ...@@ -4841,8 +4827,6 @@ bool
check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables, check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
bool no_errors) bool no_errors)
{ {
uint found=0;
ulong found_access=0;
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
TABLE_LIST *org_tables= tables; TABLE_LIST *org_tables= tables;
#endif #endif
...@@ -4892,27 +4876,18 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables, ...@@ -4892,27 +4876,18 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
thd->db) thd->db)
tables->grant.privilege= want_access; tables->grant.privilege= want_access;
else if (tables->db && thd->db && strcmp(tables->db, thd->db) == 0) else if (tables->db && thd->db && strcmp(tables->db, thd->db) == 0)
{
if (found && !grant_option) // db already checked
tables->grant.privilege=found_access;
else
{ {
if (check_access(thd,want_access,tables->db,&tables->grant.privilege, if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
0, no_errors, test(tables->schema_table))) 0, no_errors, test(tables->schema_table)))
goto deny; // Access denied goto deny; // Access denied
found_access=tables->grant.privilege;
found=1;
}
} }
else if (check_access(thd,want_access,tables->db,&tables->grant.privilege, else if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
0, no_errors, test(tables->schema_table))) 0, no_errors, test(tables->schema_table)))
goto deny; goto deny;
} }
thd->security_ctx= backup_ctx; thd->security_ctx= backup_ctx;
if (grant_option)
return check_grant(thd,want_access & ~EXTRA_ACL,org_tables, return check_grant(thd,want_access & ~EXTRA_ACL,org_tables,
test(want_access & EXTRA_ACL), UINT_MAX, no_errors); test(want_access & EXTRA_ACL), UINT_MAX, no_errors);
return FALSE;
deny: deny:
thd->security_ctx= backup_ctx; thd->security_ctx= backup_ctx;
return TRUE; return TRUE;
...@@ -4942,11 +4917,10 @@ check_routine_access(THD *thd, ulong want_access,char *db, char *name, ...@@ -4942,11 +4917,10 @@ check_routine_access(THD *thd, ulong want_access,char *db, char *name,
return TRUE; return TRUE;
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
if (grant_option)
return check_grant_routine(thd, want_access, tables, is_proc, no_errors); return check_grant_routine(thd, want_access, tables, is_proc, no_errors);
#endif #else
return FALSE; return FALSE;
#endif
} }
...@@ -5008,7 +4982,7 @@ bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table) ...@@ -5008,7 +4982,7 @@ bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table)
if (!check_access(thd, access, table->db, if (!check_access(thd, access, table->db,
&table->grant.privilege, 0, 1, &table->grant.privilege, 0, 1,
test(table->schema_table)) && test(table->schema_table)) &&
!grant_option || !check_grant(thd, access, table, 0, 1, 1)) !check_grant(thd, access, table, 0, 1, 1))
DBUG_RETURN(0); DBUG_RETURN(0);
} }
} }
...@@ -6624,12 +6598,11 @@ bool multi_update_precheck(THD *thd, TABLE_LIST *tables) ...@@ -6624,12 +6598,11 @@ bool multi_update_precheck(THD *thd, TABLE_LIST *tables)
else if ((check_access(thd, UPDATE_ACL, table->db, else if ((check_access(thd, UPDATE_ACL, table->db,
&table->grant.privilege, 0, 1, &table->grant.privilege, 0, 1,
test(table->schema_table)) || test(table->schema_table)) ||
grant_option &&
check_grant(thd, UPDATE_ACL, table, 0, 1, 1)) && check_grant(thd, UPDATE_ACL, table, 0, 1, 1)) &&
(check_access(thd, SELECT_ACL, table->db, (check_access(thd, SELECT_ACL, table->db,
&table->grant.privilege, 0, 0, &table->grant.privilege, 0, 0,
test(table->schema_table)) || test(table->schema_table)) ||
grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0))) check_grant(thd, SELECT_ACL, table, 0, 1, 0)))
DBUG_RETURN(TRUE); DBUG_RETURN(TRUE);
table->table_in_first_from_clause= 1; table->table_in_first_from_clause= 1;
...@@ -6647,7 +6620,7 @@ bool multi_update_precheck(THD *thd, TABLE_LIST *tables) ...@@ -6647,7 +6620,7 @@ bool multi_update_precheck(THD *thd, TABLE_LIST *tables)
if (check_access(thd, SELECT_ACL, table->db, if (check_access(thd, SELECT_ACL, table->db,
&table->grant.privilege, 0, 0, &table->grant.privilege, 0, 0,
test(table->schema_table)) || test(table->schema_table)) ||
grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0)) check_grant(thd, SELECT_ACL, table, 0, 1, 0))
DBUG_RETURN(TRUE); DBUG_RETURN(TRUE);
} }
} }
...@@ -6869,7 +6842,7 @@ static bool check_show_create_table_access(THD *thd, TABLE_LIST *table) ...@@ -6869,7 +6842,7 @@ static bool check_show_create_table_access(THD *thd, TABLE_LIST *table)
return check_access(thd, SELECT_ACL | EXTRA_ACL, table->db, return check_access(thd, SELECT_ACL | EXTRA_ACL, table->db,
&table->grant.privilege, 0, 0, &table->grant.privilege, 0, 0,
test(table->schema_table)) || test(table->schema_table)) ||
grant_option && check_grant(thd, SELECT_ACL, table, 2, UINT_MAX, 0); check_grant(thd, SELECT_ACL, table, 2, UINT_MAX, 0);
} }
...@@ -6905,7 +6878,7 @@ bool create_table_precheck(THD *thd, TABLE_LIST *tables, ...@@ -6905,7 +6878,7 @@ bool create_table_precheck(THD *thd, TABLE_LIST *tables,
(TABLE_LIST *) (TABLE_LIST *)
lex->create_info.merge_list.first)) lex->create_info.merge_list.first))
goto err; goto err;
if (grant_option && want_priv != CREATE_TMP_ACL && if (want_priv != CREATE_TMP_ACL &&
check_grant(thd, want_priv, create_table, 0, 1, 0)) check_grant(thd, want_priv, create_table, 0, 1, 0))
goto err; goto err;
......
...@@ -706,7 +706,7 @@ bool mysqld_show_create_db(THD *thd, char *dbname, ...@@ -706,7 +706,7 @@ bool mysqld_show_create_db(THD *thd, char *dbname,
else else
db_access= (acl_get(sctx->host, sctx->ip, sctx->priv_user, dbname, 0) | db_access= (acl_get(sctx->host, sctx->ip, sctx->priv_user, dbname, 0) |
sctx->master_access); sctx->master_access);
if (!(db_access & DB_ACLS) && (!grant_option || check_grant_db(thd,dbname))) if (!(db_access & DB_ACLS) && check_grant_db(thd,dbname))
{ {
my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
sctx->priv_user, sctx->host_or_ip, dbname); sctx->priv_user, sctx->host_or_ip, dbname);
...@@ -2649,7 +2649,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) ...@@ -2649,7 +2649,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond)
&thd->col_access, 0, 1, with_i_schema) || &thd->col_access, 0, 1, with_i_schema) ||
sctx->master_access & (DB_ACLS | SHOW_DB_ACL) || sctx->master_access & (DB_ACLS | SHOW_DB_ACL) ||
acl_get(sctx->host, sctx->ip, sctx->priv_user, base_name,0) || acl_get(sctx->host, sctx->ip, sctx->priv_user, base_name,0) ||
(grant_option && !check_grant_db(thd, base_name))) !check_grant_db(thd, base_name))
#endif #endif
{ {
List<char> files; List<char> files;
...@@ -2849,7 +2849,7 @@ int fill_schema_shemata(THD *thd, TABLE_LIST *tables, COND *cond) ...@@ -2849,7 +2849,7 @@ int fill_schema_shemata(THD *thd, TABLE_LIST *tables, COND *cond)
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
if (sctx->master_access & (DB_ACLS | SHOW_DB_ACL) || if (sctx->master_access & (DB_ACLS | SHOW_DB_ACL) ||
acl_get(sctx->host, sctx->ip, sctx->priv_user, file_name,0) || acl_get(sctx->host, sctx->ip, sctx->priv_user, file_name,0) ||
(grant_option && !check_grant_db(thd, file_name))) !check_grant_db(thd, file_name))
#endif #endif
{ {
load_db_opt_by_name(thd, file_name, &create); load_db_opt_by_name(thd, file_name, &create);
......
...@@ -936,7 +936,7 @@ bool mysql_multi_update_prepare(THD *thd) ...@@ -936,7 +936,7 @@ bool mysql_multi_update_prepare(THD *thd)
if (check_access(thd, want_privilege, if (check_access(thd, want_privilege,
tl->db, &tl->grant.privilege, 0, 0, tl->db, &tl->grant.privilege, 0, 0,
test(tl->schema_table)) || test(tl->schema_table)) ||
(grant_option && check_grant(thd, want_privilege, tl, 0, 1, 0))) check_grant(thd, want_privilege, tl, 0, 1, 0))
DBUG_RETURN(TRUE); DBUG_RETURN(TRUE);
} }
} }
......
...@@ -322,11 +322,11 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, ...@@ -322,11 +322,11 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
*/ */
if ((check_access(thd, CREATE_VIEW_ACL, view->db, &view->grant.privilege, if ((check_access(thd, CREATE_VIEW_ACL, view->db, &view->grant.privilege,
0, 0, is_schema_db(view->db)) || 0, 0, is_schema_db(view->db)) ||
grant_option && check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) || check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) ||
(mode != VIEW_CREATE_NEW && (mode != VIEW_CREATE_NEW &&
(check_access(thd, DROP_ACL, view->db, &view->grant.privilege, (check_access(thd, DROP_ACL, view->db, &view->grant.privilege,
0, 0, is_schema_db(view->db)) || 0, 0, is_schema_db(view->db)) ||
grant_option && check_grant(thd, DROP_ACL, view, 0, 1, 0)))) check_grant(thd, DROP_ACL, view, 0, 1, 0))))
{ {
res= TRUE; res= TRUE;
goto err; goto err;
...@@ -379,7 +379,7 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, ...@@ -379,7 +379,7 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
{ {
if (check_access(thd, SELECT_ACL, tbl->db, if (check_access(thd, SELECT_ACL, tbl->db,
&tbl->grant.privilege, 0, 0, test(tbl->schema_table)) || &tbl->grant.privilege, 0, 0, test(tbl->schema_table)) ||
grant_option && check_grant(thd, SELECT_ACL, tbl, 0, 1, 0)) check_grant(thd, SELECT_ACL, tbl, 0, 1, 0))
{ {
res= TRUE; res= TRUE;
goto err; goto err;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment