Fix for bug#9785 SELECT privilege for the whole database

                 is needed to do SHOW CREATE DATABASE
  To allow SHOW CREATE DATABASE when the user can use the database
parent 55ee78ed
...@@ -397,7 +397,8 @@ ERROR 42000: Access denied for user 'mysqltest_2'@'localhost' to database 'mysql ...@@ -397,7 +397,8 @@ ERROR 42000: Access denied for user 'mysqltest_2'@'localhost' to database 'mysql
select * from mysqltest.t1; select * from mysqltest.t1;
ERROR 42000: SELECT command denied to user 'mysqltest_3'@'localhost' for table 't1' ERROR 42000: SELECT command denied to user 'mysqltest_3'@'localhost' for table 't1'
show create database mysqltest; show create database mysqltest;
ERROR 42000: Access denied for user 'mysqltest_3'@'localhost' to database 'mysqltest' Database Create Database
mysqltest CREATE DATABASE `mysqltest` /*!40100 DEFAULT CHARACTER SET latin1 */
drop table mysqltest.t1; drop table mysqltest.t1;
drop database mysqltest; drop database mysqltest;
set names binary; set names binary;
...@@ -565,4 +566,19 @@ DROP TABLE urkunde; ...@@ -565,4 +566,19 @@ DROP TABLE urkunde;
SHOW TABLES FROM non_existing_database; SHOW TABLES FROM non_existing_database;
ERROR 42000: Unknown database 'non_existing_database' ERROR 42000: Unknown database 'non_existing_database'
SHOW AUTHORS; SHOW AUTHORS;
create database mysqltest;
show create database mysqltest;
Database Create Database
mysqltest CREATE DATABASE `mysqltest` /*!40100 DEFAULT CHARACTER SET latin1 */
create table mysqltest.t1(a int);
insert into mysqltest.t1 values(1);
grant select on `mysqltest`.`t1` to mysqltest_4@localhost;
show create database mysqltest;
Database Create Database
mysqltest CREATE DATABASE `mysqltest` /*!40100 DEFAULT CHARACTER SET latin1 */
delete from mysql.user where user='mysqltest_4';
delete from mysql.db where user='mysqltest_4';
delete from mysql.tables_priv where user='mysqltest_4';
flush privileges;
drop database mysqltest;
End of 5.1 tests End of 5.1 tests
...@@ -312,7 +312,6 @@ connect (con3,localhost,mysqltest_3,,test); ...@@ -312,7 +312,6 @@ connect (con3,localhost,mysqltest_3,,test);
connection con3; connection con3;
--error 1142 --error 1142
select * from mysqltest.t1; select * from mysqltest.t1;
--error 1044
show create database mysqltest; show create database mysqltest;
drop table mysqltest.t1; drop table mysqltest.t1;
drop database mysqltest; drop database mysqltest;
...@@ -431,4 +430,22 @@ SHOW TABLES FROM non_existing_database; ...@@ -431,4 +430,22 @@ SHOW TABLES FROM non_existing_database;
SHOW AUTHORS; SHOW AUTHORS;
--enable_result_log --enable_result_log
#
# Test for bug #9785 SELECT privilege for the whole database is needed to do SHOW CREATE DATABASE
#
create database mysqltest;
show create database mysqltest;
create table mysqltest.t1(a int);
insert into mysqltest.t1 values(1);
grant select on `mysqltest`.`t1` to mysqltest_4@localhost;
connect (con4,localhost,mysqltest_4,,mysqltest);
connection con4;
show create database mysqltest;
connection default;
delete from mysql.user where user='mysqltest_4';
delete from mysql.db where user='mysqltest_4';
delete from mysql.tables_priv where user='mysqltest_4';
flush privileges;
drop database mysqltest;
--echo End of 5.1 tests --echo End of 5.1 tests
...@@ -3664,8 +3664,6 @@ mysql_execute_command(THD *thd) ...@@ -3664,8 +3664,6 @@ mysql_execute_command(THD *thd)
my_error(ER_WRONG_DB_NAME, MYF(0), lex->name); my_error(ER_WRONG_DB_NAME, MYF(0), lex->name);
break; break;
} }
if (check_access(thd,SELECT_ACL,lex->name,0,1,0,is_schema_db(lex->name)))
break;
res=mysqld_show_create_db(thd,lex->name,&lex->create_info); res=mysqld_show_create_db(thd,lex->name,&lex->create_info);
break; break;
} }
......
...@@ -482,12 +482,6 @@ bool mysqld_show_create_db(THD *thd, char *dbname, ...@@ -482,12 +482,6 @@ bool mysqld_show_create_db(THD *thd, char *dbname,
Protocol *protocol=thd->protocol; Protocol *protocol=thd->protocol;
DBUG_ENTER("mysql_show_create_db"); DBUG_ENTER("mysql_show_create_db");
if (check_db_name(dbname))
{
my_error(ER_WRONG_DB_NAME, MYF(0), dbname);
DBUG_RETURN(TRUE);
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
if (test_all_bits(sctx->master_access, DB_ACLS)) if (test_all_bits(sctx->master_access, DB_ACLS))
db_access=DB_ACLS; db_access=DB_ACLS;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment