Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in

         Information_schema DB 
Bug#9846 Inappropriate error displayed while
         dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and 
         'create view' should fail on schema 
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA

 cumulative fix for bugs above(after review, 2nd version)
 added privilege check for information schema db & tables

mysql-test/r/information_schema.result

@@ -594,7 +594,7 @@ TABLE_CONSTRAINTS
 TABLE_PRIVILEGES
 TRIGGERS
 create database information_schema;
-ERROR HY000: Can't create database 'information_schema'; database exists
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
 use information_schema;
 show full tables like "T%";
 Tables_in_information_schema (T%)	Table_type
@@ -990,3 +990,25 @@ Field	Type	Null	Key	Default	Extra
 c	int(11)	YES		NULL	
 drop view v1;
 drop table t1;
+alter database information_schema;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+drop database information_schema;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+drop table information_schema.tables;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+alter table information_schema.tables;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+use information_schema;
+create temporary table schemata(f1 char(10));
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+CREATE PROCEDURE p1 ()
+BEGIN
+SELECT 'foo' FROM DUAL;
+END |
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+select  ROUTINE_NAME from routines;
+ROUTINE_NAME
+grant all on information_schema.* to 'user1'@'localhost';
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+grant select on information_schema.* to 'user1'@'localhost';
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'

mysql-test/t/information_schema.test

@@ -338,7 +338,7 @@ from information_schema.tables
 where table_schema='information_schema' limit 2;
 show tables from information_schema like "T%";
 
---error 1007
+--error 1044
 create database information_schema;
 use information_schema;
 show full tables like "T%";
@@ -678,3 +678,39 @@ show fields from test.v1;
 connection default;
 drop view v1;
 drop table t1;
+
+#
+# Bug #9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA'
+#
+--error 1044
+alter database information_schema;
+--error 1044
+drop database information_schema;
+--error 1044
+drop table information_schema.tables;
+--error 1044
+alter table information_schema.tables;
+#
+# Bug #9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB
+#
+use information_schema;
+--error 1044
+create temporary table schemata(f1 char(10));
+#
+# Bug #10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
+#
+delimiter |;
+--error 1044
+CREATE PROCEDURE p1 ()
+BEGIN
+  SELECT 'foo' FROM DUAL;
+END |
+delimiter ;|
+select  ROUTINE_NAME from routines;
+#
+# Bug #10734 Grant of privileges other than 'select' and 'create view' should fail on schema
+#
+--error 1044
+grant all on information_schema.* to 'user1'@'localhost';
+--error 1044
+grant select on information_schema.* to 'user1'@'localhost';

sql/mysql_priv.h

@@ -621,7 +621,7 @@ void close_connection(THD *thd, uint errcode, bool lock);
 bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, 
                           bool *write_to_binlog);
 bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv,
-		  bool no_grant, bool no_errors);
+		  bool no_grant, bool no_errors, bool schema_db);
 bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
 			bool no_errors);
 bool check_global_access(THD *thd, ulong want_access);
@@ -848,6 +848,8 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
 int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
 int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
 bool get_schema_tables_result(JOIN *join);
+#define is_schema_db(X) \
+  !my_strcasecmp(system_charset_info, information_schema_name.str, (X))
 
 /* sql_prepare.cc */
 

sql/repl_failsafe.cc

@@ -162,7 +162,7 @@ int register_slave(THD* thd, uchar* packet, uint packet_length)
   SLAVE_INFO *si;
   uchar *p= packet, *p_end= packet + packet_length;
 
-  if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0))
+  if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0,0))
     return 1;
   if (!(si = (SLAVE_INFO*)my_malloc(sizeof(SLAVE_INFO), MYF(MY_WME))))
     goto err2;

sql/sql_acl.cc

@@ -1337,7 +1337,7 @@ bool check_change_password(THD *thd, const char *host, const char *user,
       (strcmp(thd->user,user) ||
        my_strcasecmp(system_charset_info, host, thd->priv_host)))
   {
-    if (check_access(thd, UPDATE_ACL, "mysql",0,1,0))
+    if (check_access(thd, UPDATE_ACL, "mysql",0,1,0,0))
       return(1);
   }
   if (!thd->slave_thread && !thd->user[0])
@@ -5532,7 +5532,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
   ulong want_access;
   char buff[100];
   TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
   char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
   DBUG_ENTER("fill_schema_user_privileges");
 
@@ -5585,7 +5585,7 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
   ulong want_access;
   char buff[100];
   TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
   char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
   DBUG_ENTER("fill_schema_schema_privileges");
 
@@ -5640,7 +5640,7 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
   uint index;
   char buff[100];
   TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
   char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
   DBUG_ENTER("fill_schema_table_privileges");
 
@@ -5702,7 +5702,7 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
   uint index;
   char buff[100];
   TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
   char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
   DBUG_ENTER("fill_schema_table_privileges");
 

sql/sql_parse.cc

@@ -1776,7 +1776,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
     remove_escape(table_list.table_name);	// This can't have wildcards
 
     if (check_access(thd,SELECT_ACL,table_list.db,&table_list.grant.privilege,
-		     0, 0))
+		     0, 0, test(table_list.schema_table)))
       break;
     if (grant_option &&
 	check_grant(thd, SELECT_ACL, &table_list, 2, UINT_MAX, 0))
@@ -1817,7 +1817,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
 	my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL");
 	break;
       }
-      if (check_access(thd,CREATE_ACL,db,0,1,0))
+      if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db)))
 	break;
       mysql_log.write(thd,command,packet);
       bzero(&create_info, sizeof(create_info));
@@ -1836,7 +1836,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
 	my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL");
 	break;
       }
-      if (check_access(thd,DROP_ACL,db,0,1,0))
+      if (check_access(thd,DROP_ACL,db,0,1,0,is_schema_db(db)))
 	break;
       if (thd->locked_tables || thd->active_transaction())
       {
@@ -2134,7 +2134,8 @@ int prepare_schema_table(THD *thd, LEX *lex, Table_ident *table_ident,
         my_error(ER_WRONG_DB_NAME, MYF(0), db);
         DBUG_RETURN(1);
       }
-      if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0))
+      if (check_access(thd, SELECT_ACL, db, &thd->col_access, 0, 0,
+                       is_schema_db(db)))
         DBUG_RETURN(1);			        /* purecov: inspected */
       if (!thd->col_access && check_grant_db(thd,db))
       {
@@ -2173,7 +2174,8 @@ int prepare_schema_table(THD *thd, LEX *lex, Table_ident *table_ident,
       remove_escape(db);			// Fix escaped '_'
       remove_escape(table_list->table_name);
       if (check_access(thd,SELECT_ACL | EXTRA_ACL,db,
-                       &table_list->grant.privilege, 0, 0))
+                       &table_list->grant.privilege, 0, 0,
+                       test(table_list->schema_table)))
         DBUG_RETURN(1);				/* purecov: inspected */
       if (grant_option && check_grant(thd, SELECT_ACL, table_list, 2,
                                       UINT_MAX, 0))
@@ -2430,7 +2432,7 @@ mysql_execute_command(THD *thd)
     else
       res= check_access(thd,
 			lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL,
-			any_db, 0, 0, 0);
+			any_db, 0, 0, 0, 0);
     if (res)
       goto error;
 
@@ -2612,7 +2614,8 @@ mysql_execute_command(THD *thd)
     DBUG_ASSERT(first_table == all_tables && first_table != 0);
     if (check_db_used(thd, all_tables) ||
         check_access(thd, INDEX_ACL, first_table->db,
-                     &first_table->grant.privilege, 0, 0))
+                     &first_table->grant.privilege, 0, 0,
+                     test(first_table->schema_table)))
       goto error;
     res= mysql_assign_to_keycache(thd, first_table, &lex->ident);
     break;
@@ -2622,7 +2625,8 @@ mysql_execute_command(THD *thd)
     DBUG_ASSERT(first_table == all_tables && first_table != 0);
     if (check_db_used(thd, all_tables) ||
 	check_access(thd, INDEX_ACL, first_table->db,
-                     &first_table->grant.privilege, 0, 0))
+                     &first_table->grant.privilege, 0, 0,
+                     test(first_table->schema_table)))
       goto error;
     res = mysql_preload_keys(thd, first_table);
     break;
@@ -2688,7 +2692,8 @@ mysql_execute_command(THD *thd)
     if (!first_table->db)
       first_table->db= thd->db;
     if (check_access(thd, CREATE_ACL, first_table->db,
-		     &first_table->grant.privilege, 0, 0))
+		     &first_table->grant.privilege, 0, 0,
+                     test(first_table->schema_table)))
       goto error;				/* purecov: inspected */
     if (grant_option)
     {
@@ -2953,8 +2958,10 @@ end_with_restore_list:
           select_lex->db= first_table->db;
       }
       if (check_access(thd, ALTER_ACL, first_table->db,
-		       &first_table->grant.privilege, 0, 0) ||
-	  check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0)||
+		       &first_table->grant.privilege, 0, 0,
+                       test(first_table->schema_table)) ||
+	  check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0,
+                       is_schema_db(select_lex->db))||
 	  check_merge_table_access(thd, first_table->db,
 				   (TABLE_LIST *)
 				   lex->create_info.merge_list.first))
@@ -3004,9 +3011,10 @@ end_with_restore_list:
     for (table= first_table; table; table= table->next_local->next_local)
     {
       if (check_access(thd, ALTER_ACL | DROP_ACL, table->db,
-		       &table->grant.privilege,0,0) ||
+		       &table->grant.privilege,0,0, test(table->schema_table)) ||
 	  check_access(thd, INSERT_ACL | CREATE_ACL, table->next_local->db,
-		       &table->next_local->grant.privilege, 0, 0))
+		       &table->next_local->grant.privilege, 0, 0,
+                       test(table->next_local->schema_table)))
 	goto error;
       if (grant_option)
       {
@@ -3058,7 +3066,8 @@ end_with_restore_list:
 
       if (check_db_used(thd, all_tables) ||
 	  check_access(thd, SELECT_ACL | EXTRA_ACL, first_table->db,
-		       &first_table->grant.privilege, 0, 0))
+		       &first_table->grant.privilege, 0, 0, 
+                       test(first_table->schema_table)))
 	goto error;
       if (grant_option && check_grant(thd, SELECT_ACL, all_tables, 2, UINT_MAX, 0))
 	goto error;
@@ -3390,7 +3399,7 @@ end_with_restore_list:
     goto error;
 #else
     {
-      if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0))
+      if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0,0))
 	goto error;
       res= mysqld_show_logs(thd);
       break;
@@ -3519,7 +3528,7 @@ end_with_restore_list:
       break;
     }
 #endif
-    if (check_access(thd,CREATE_ACL,lex->name,0,1,0))
+    if (check_access(thd,CREATE_ACL,lex->name,0,1,0,is_schema_db(lex->name)))
       break;
     res= mysql_create_db(thd,(lower_case_table_names == 2 ? alias : lex->name),
 			 &lex->create_info, 0);
@@ -3553,7 +3562,7 @@ end_with_restore_list:
       break;
     }
 #endif
-    if (check_access(thd,DROP_ACL,lex->name,0,1,0))
+    if (check_access(thd,DROP_ACL,lex->name,0,1,0,is_schema_db(lex->name)))
       break;
     if (thd->locked_tables || thd->active_transaction())
     {
@@ -3593,7 +3602,7 @@ end_with_restore_list:
       break;
     }
 #endif
-    if (check_access(thd, ALTER_ACL, db, 0, 1, 0))
+    if (check_access(thd, ALTER_ACL, db, 0, 1, 0, is_schema_db(db)))
       break;
     if (thd->locked_tables || thd->active_transaction())
     {
@@ -3611,14 +3620,14 @@ end_with_restore_list:
       my_error(ER_WRONG_DB_NAME, MYF(0), lex->name);
       break;
     }
-    if (check_access(thd,SELECT_ACL,lex->name,0,1,0))
+    if (check_access(thd,SELECT_ACL,lex->name,0,1,0,is_schema_db(lex->name)))
       break;
     res=mysqld_show_create_db(thd,lex->name,&lex->create_info);
     break;
   }
   case SQLCOM_CREATE_FUNCTION:                  // UDF function
   {
-    if (check_access(thd,INSERT_ACL,"mysql",0,1,0))
+    if (check_access(thd,INSERT_ACL,"mysql",0,1,0,0))
       break;
 #ifdef HAVE_DLOPEN
     if (sp_find_function(thd, lex->spname))
@@ -3637,7 +3646,7 @@ end_with_restore_list:
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
   case SQLCOM_CREATE_USER:
   {
-    if (check_access(thd, INSERT_ACL, "mysql", 0, 1, 1) &&
+    if (check_access(thd, INSERT_ACL, "mysql", 0, 1, 1, 0) &&
         check_global_access(thd,CREATE_USER_ACL))
       break;
     if (!(res= mysql_create_user(thd, lex->users_list)))
@@ -3653,7 +3662,7 @@ end_with_restore_list:
   }
   case SQLCOM_DROP_USER:
   {
-    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 1) &&
+    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 1, 0) &&
         check_global_access(thd,CREATE_USER_ACL))
       break;
     if (!(res= mysql_drop_user(thd, lex->users_list)))
@@ -3669,7 +3678,7 @@ end_with_restore_list:
   }
   case SQLCOM_RENAME_USER:
   {
-    if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1) &&
+    if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) &&
         check_global_access(thd,CREATE_USER_ACL))
       break;
     if (!(res= mysql_rename_user(thd, lex->users_list)))
@@ -3685,7 +3694,7 @@ end_with_restore_list:
   }
   case SQLCOM_REVOKE_ALL:
   {
-    if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1) &&
+    if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) &&
         check_global_access(thd,CREATE_USER_ACL))
       break;
     if (!(res = mysql_revoke_all(thd, lex->users_list)))
@@ -3705,7 +3714,9 @@ end_with_restore_list:
     if (check_access(thd, lex->grant | lex->grant_tot_col | GRANT_ACL,
 		     first_table ?  first_table->db : select_lex->db,
 		     first_table ? &first_table->grant.privilege : 0,
-		     first_table ? 0 : 1, 0))
+		     first_table ? 0 : 1, 0,
+                     first_table ? (bool) first_table->schema_table :
+                     select_lex->db ? is_schema_db(select_lex->db) : 0))
       goto error;
 
     if (thd->user)				// If not replication
@@ -3730,7 +3741,7 @@ end_with_restore_list:
         {
           // TODO: use check_change_password()
           if (check_acl_user(user, &counter) && user->password.str &&
-              check_access(thd, UPDATE_ACL,"mysql",0,1,1))
+              check_access(thd, UPDATE_ACL,"mysql",0,1,1,0))
           {
             my_message(ER_PASSWORD_NOT_ALLOWED,
                        ER(ER_PASSWORD_NOT_ALLOWED), MYF(0));
@@ -3855,7 +3866,7 @@ end_with_restore_list:
   case SQLCOM_SHOW_GRANTS:
     if ((thd->priv_user &&
 	 !strcmp(thd->priv_user,lex->grant_user->user.str)) ||
-	!check_access(thd, SELECT_ACL, "mysql",0,1,0))
+	!check_access(thd, SELECT_ACL, "mysql",0,1,0,0))
     {
       res = mysql_show_grants(thd,lex->grant_user);
     }
@@ -4010,7 +4021,8 @@ end_with_restore_list:
 
     DBUG_ASSERT(lex->sphead != 0);
 
-    if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0))
+    if (check_access(thd, CREATE_PROC_ACL, lex->sphead->m_db.str, 0, 0, 0,
+                     is_schema_db(lex->sphead->m_db.str)))
     {
       delete lex->sphead;
       lex->sphead= 0;
@@ -4354,7 +4366,7 @@ end_with_restore_list:
                                    lex->spname->m_name.length);
           if (udf)
           {
-	    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0))
+	    if (check_access(thd, DELETE_ACL, "mysql", 0, 1, 0, 0))
 	      goto error;
 	    if (!(res = mysql_drop_function(thd, &lex->spname->m_name)))
 	    {
@@ -4719,7 +4731,8 @@ cleanup:
 bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
 {
   if (check_access(thd, privilege, all_tables->db,
-		   &all_tables->grant.privilege, 0, 0))
+		   &all_tables->grant.privilege, 0, 0,
+                   test(all_tables->schema_table)))
     return 1;
 
   /* Show only 1 table for check_grant */
@@ -4758,13 +4771,14 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
 
 bool
 check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
-	     bool dont_check_global_grants, bool no_errors)
+	     bool dont_check_global_grants, bool no_errors, bool schema_db)
 {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
   ulong db_access;
   bool  db_is_pattern= test(want_access & GRANT_ACL);
 #endif
   ulong dummy;
+  const char *db_name;
   DBUG_ENTER("check_access");
   DBUG_PRINT("enter",("db: %s  want_access: %lu  master_access: %lu",
                       db ? db : "", want_access, thd->master_access));
@@ -4782,6 +4796,23 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
     DBUG_RETURN(TRUE);				/* purecov: tested */
   }
 
+  db_name= db ? db : thd->db;
+  if (schema_db)
+  {
+    if (want_access & ~(SELECT_ACL | EXTRA_ACL))
+    {
+      if (!no_errors)
+        my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
+                 thd->priv_user, thd->priv_host, db_name);
+      DBUG_RETURN(TRUE);
+    }
+    else
+    {
+      *save_priv= SELECT_ACL;
+      DBUG_RETURN(FALSE);
+    }
+  }
+
 #ifdef NO_EMBEDDED_ACCESS_CHECKS
   DBUG_RETURN(0);
 #else
@@ -4894,6 +4925,15 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
   TABLE_LIST *org_tables=tables;
   for (; tables; tables= tables->next_global)
   {
+    if (tables->schema_table && 
+        (want_access & ~(SELECT_ACL | EXTRA_ACL)))
+    {
+      if (!no_errors)
+        my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
+                 thd->priv_user, thd->priv_host,
+                 information_schema_name.str);
+      return TRUE;
+    }
     if (tables->derived || tables->schema_table || tables->belong_to_view ||
         (tables->table && (int)tables->table->s->tmp_table) ||
         my_tz_check_n_skip_implicit_tables(&tables,
@@ -4909,14 +4949,14 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
       else
       {
 	if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
-			 0, no_errors))
+			 0, no_errors, test(tables->schema_table)))
 	  return TRUE;				// Access denied
 	found_access=tables->grant.privilege;
 	found=1;
       }
     }
     else if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
-			  0, no_errors))
+			  0, no_errors, test(tables->schema_table)))
       return TRUE;
   }
   if (grant_option)
@@ -4939,7 +4979,7 @@ check_routine_access(THD *thd, ulong want_access,char *db, char *name,
   if ((thd->master_access & want_access) == want_access && !thd->db)
     tables->grant.privilege= want_access;
   else if (check_access(thd,want_access,db,&tables->grant.privilege,
-			0, no_errors))
+			0, no_errors, test(tables->schema_table)))
     return TRUE;
   
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
@@ -4971,7 +5011,11 @@ bool check_some_routine_access(THD *thd, const char *db, const char *name,
   ulong save_priv;
   if (thd->master_access & SHOW_PROC_ACLS)
     return FALSE;
-  if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, 0, 1) ||
+  /*
+    There are no routines in information_schema db. So we can safely
+    pass zero to last paramter of check_access function
+  */
+  if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, 0, 1, 0) ||
       (save_priv & SHOW_PROC_ACLS))
     return FALSE;
   return check_routine_level_acl(thd, db, name, is_proc);
@@ -5003,7 +5047,8 @@ bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table)
     if (access & want_access)
     {
       if (!check_access(thd, access, table->db,
-                        &table->grant.privilege, 0, 1) &&
+                        &table->grant.privilege, 0, 1,
+                        test(table->schema_table)) &&
           !grant_option || !check_grant(thd, access, table, 0, 1, 1))
         DBUG_RETURN(0);
     }
@@ -6808,7 +6853,8 @@ static bool check_multi_update_lock(THD *thd)
   {
     TABLE_LIST *save= table->next_local;
     table->next_local= 0;
-    if ((check_access(thd, UPDATE_ACL, table->db, &table->grant.privilege,0,1) ||
+    if ((check_access(thd, UPDATE_ACL, table->db, &
+                      table->grant.privilege,0,1, test(table->schema_table)) ||
         (grant_option && check_grant(thd, UPDATE_ACL, table,0,1,1))) &&
 	check_one_table_access(thd, SELECT_ACL, table))
 	goto error;
@@ -6976,11 +7022,13 @@ bool multi_update_precheck(THD *thd, TABLE_LIST *tables)
     if (table->derived)
       table->grant.privilege= SELECT_ACL;
     else if ((check_access(thd, UPDATE_ACL, table->db,
-                           &table->grant.privilege, 0, 1) ||
+                           &table->grant.privilege, 0, 1,
+                           test(table->schema_table)) ||
               grant_option &&
               check_grant(thd, UPDATE_ACL, table, 0, 1, 1)) &&
              (check_access(thd, SELECT_ACL, table->db,
-                           &table->grant.privilege, 0, 0) ||
+                           &table->grant.privilege, 0, 0,
+                           test(table->schema_table)) ||
               grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0)))
       DBUG_RETURN(TRUE);
 
@@ -6999,7 +7047,8 @@ bool multi_update_precheck(THD *thd, TABLE_LIST *tables)
           !table->table_in_first_from_clause)
       {
 	if (check_access(thd, SELECT_ACL, table->db,
-			 &table->grant.privilege, 0, 0) ||
+			 &table->grant.privilege, 0, 0,
+                         test(table->schema_table)) ||
 	    grant_option && check_grant(thd, SELECT_ACL, table, 0, 1, 0))
 	  DBUG_RETURN(TRUE);
       }
@@ -7216,7 +7265,8 @@ bool create_table_precheck(THD *thd, TABLE_LIST *tables,
               CREATE_TMP_ACL : CREATE_ACL);
   lex->create_info.alias= create_table->alias;
   if (check_access(thd, want_priv, create_table->db,
-		   &create_table->grant.privilege, 0, 0) ||
+		   &create_table->grant.privilege, 0, 0,
+                   test(create_table->schema_table)) ||
       check_merge_table_access(thd, create_table->db,
 			       (TABLE_LIST *)
 			       lex->create_info.merge_list.first))

sql/sql_prepare.cc

@@ -1226,7 +1226,7 @@ static int mysql_test_select(Prepared_statement *stmt,
     if (check_table_access(thd, privilege, tables,0))
       goto error;
   }
-  else if (check_access(thd, privilege, any_db,0,0,0))
+  else if (check_access(thd, privilege, any_db,0,0,0,0))
     goto error;
 #endif
 

sql/sql_repl.cc

@@ -769,7 +769,7 @@ int start_slave(THD* thd , MASTER_INFO* mi,  bool net_report)
   int thread_mask;
   DBUG_ENTER("start_slave");
 
-  if (check_access(thd, SUPER_ACL, any_db,0,0,0))
+  if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
     DBUG_RETURN(1);
   lock_slave_threads(mi);  // this allows us to cleanly read slave_running
   // Get a mask of _stopped_ threads
@@ -894,7 +894,7 @@ int stop_slave(THD* thd, MASTER_INFO* mi, bool net_report )
   if (!thd)
     thd = current_thd;
 
-  if (check_access(thd, SUPER_ACL, any_db,0,0,0))
+  if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
     return 1;
   thd->proc_info = "Killing slave";
   int thread_mask;

sql/sql_show.cc

@@ -2025,8 +2025,8 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond)
 	  (base_name= select_lex->db) && !bases.elements))
   {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-    if (with_i_schema ||   // don't check the rights if information schema db
-        !check_access(thd,SELECT_ACL, base_name, &thd->col_access,0,1) ||
+    if (!check_access(thd,SELECT_ACL, base_name, 
+                      &thd->col_access, 0, 1, with_i_schema) ||
         thd->master_access & (DB_ACLS | SHOW_DB_ACL) ||
 	acl_get(thd->host, thd->ip, thd->priv_user, base_name,0) ||
 	(grant_option && !check_grant_db(thd, base_name)))
@@ -2448,7 +2448,7 @@ static int get_schema_column_record(THD *thd, struct st_table_list *tables,
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
     uint col_access;
     check_access(thd,SELECT_ACL | EXTRA_ACL, base_name,
-                 &tables->grant.privilege, 0, 0);
+                 &tables->grant.privilege, 0, 0, test(tables->schema_table));
     col_access= get_column_grant(thd, &tables->grant, 
                                  base_name, file_name,
                                  field->field_name) & COL_ACLS;
@@ -2464,11 +2464,6 @@ static int get_schema_column_record(THD *thd, struct st_table_list *tables,
         end=strmov(end,grant_types.type_names[bitnr]);
       }
     }
-    if (tables->schema_table)      // any user has 'select' privilege on all 
-      // I_S table columns
-      table->field[17]->store(grant_types.type_names[0],
-                              strlen(grant_types.type_names[0]), cs);
-    else
     table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs);
 
 #endif

sql/sql_update.cc

@@ -720,7 +720,8 @@ bool mysql_multi_update_prepare(THD *thd)
     {
       uint want_privilege= tl->updating ? UPDATE_ACL : SELECT_ACL;
       if (check_access(thd, want_privilege,
-                        tl->db, &tl->grant.privilege, 0, 0) ||
+                       tl->db, &tl->grant.privilege, 0, 0, 
+                       test(tl->schema_table)) ||
           (grant_option && check_grant(thd, want_privilege, tl, 0, 1, 0)))
         DBUG_RETURN(TRUE);
     }

sql/sql_view.cc

@@ -224,11 +224,11 @@ bool mysql_create_view(THD *thd,
     table (i.e. user will not get some privileges by view creation)
   */
   if ((check_access(thd, CREATE_VIEW_ACL, view->db, &view->grant.privilege,
-                    0, 0) ||
+                    0, 0, is_schema_db(view->db)) ||
        grant_option && check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) ||
       (mode != VIEW_CREATE_NEW &&
        (check_access(thd, DROP_ACL, view->db, &view->grant.privilege,
-                     0, 0) ||
+                     0, 0, is_schema_db(view->db)) ||
         grant_option && check_grant(thd, DROP_ACL, view, 0, 1, 0))))
   {
     res= TRUE;
@@ -280,7 +280,7 @@ bool mysql_create_view(THD *thd,
       if (!tbl->table_in_first_from_clause)
       {
         if (check_access(thd, SELECT_ACL, tbl->db,
-                         &tbl->grant.privilege, 0, 0) ||
+                         &tbl->grant.privilege, 0, 0, test(tbl->schema_table)) ||
             grant_option && check_grant(thd, SELECT_ACL, tbl, 0, 1, 0))
         {
           res= TRUE;