Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in

Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables

Bug#9683 INFORMATION_SCH: Creation of temporary table allowed in
Information_schema DB Bug#9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA' Bug#10734 Grant of privileges other than 'select' and 'create view' should fail on schema Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA cumulative fix for bugs above(after review, 2nd version) added privilege check for information schema db & tables
3764875c · unknown · b50eb4cd · 3764875c · 3764875c · 3764875c
Commit 3764875c authored Sep 13, 2005 by unknown
11 changed files
--- a/mysql-test/r/information_schema.result
+++ b/mysql-test/r/information_schema.result
@@ -594,7 +594,7 @@ TABLE_CONSTRAINTS
 TABLE_PRIVILEGES
 TRIGGERS
 create database information_schema;
-ERROR HY000: Can't create database 'information_schema'; database exists
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
 use information_schema;
 show full tables like "T%";
 Tables_in_information_schema (T%)	Table_type
@@ -990,3 +990,25 @@ Field	Type	Null	Key	Default	Extra
 c	int(11)	YES		NULL	
 drop view v1;
 drop table t1;
+alter database information_schema;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+drop database information_schema;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+drop table information_schema.tables;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+alter table information_schema.tables;
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+use information_schema;
+create temporary table schemata(f1 char(10));
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+CREATE PROCEDURE p1 ()
+BEGIN
+SELECT 'foo' FROM DUAL;
+END |
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+select  ROUTINE_NAME from routines;
+ROUTINE_NAME
+grant all on information_schema.* to 'user1'@'localhost';
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
+grant select on information_schema.* to 'user1'@'localhost';
+ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
--- a/mysql-test/t/information_schema.test
+++ b/mysql-test/t/information_schema.test
@@ -338,7 +338,7 @@ from information_schema.tables
 where table_schema='information_schema' limit 2;
 show tables from information_schema like "T%";
--error 1007
+--error 1044
 create database information_schema;
 use information_schema;
 show full tables like "T%";
@@ -678,3 +678,39 @@ show fields from test.v1;
 connection default;
 drop view v1;
 drop table t1;
+#
+# Bug #9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA'
+#
+--error 1044
+alter database information_schema;
+--error 1044
+drop database information_schema;
+--error 1044
+drop table information_schema.tables;
+--error 1044
+alter table information_schema.tables;
+#
+# Bug #9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB
+#
+use information_schema;
+--error 1044
+create temporary table schemata(f1 char(10));
+#
+# Bug #10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
+#
+delimiter |;
+--error 1044
+CREATE PROCEDURE p1 ()
+BEGIN
+  SELECT 'foo' FROM DUAL;
+END |
+delimiter ;|
+select  ROUTINE_NAME from routines;
+#
+# Bug #10734 Grant of privileges other than 'select' and 'create view' should fail on schema
+#
+--error 1044
+grant all on information_schema.* to 'user1'@'localhost';
+--error 1044
+grant select on information_schema.* to 'user1'@'localhost';
--- a/sql/mysql_priv.h
+++ b/sql/mysql_priv.h
@@ -621,7 +621,7 @@ void close_connection(THD *thd, uint errcode, bool lock);
 bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, 
                          bool *write_to_binlog);
 bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv,
-		  bool no_grant, bool no_errors);
+		  bool no_grant, bool no_errors, bool schema_db);
 bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
 			bool no_errors);
 bool check_global_access(THD *thd, ulong want_access);
@@ -848,6 +848,8 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
 int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
 int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
 bool get_schema_tables_result(JOIN *join);
+#define is_schema_db(X) \
+  !my_strcasecmp(system_charset_info, information_schema_name.str, (X))
 /* sql_prepare.cc */

--- a/sql/repl_failsafe.cc
+++ b/sql/repl_failsafe.cc
@@ -162,7 +162,7 @@ int register_slave(THD* thd, uchar* packet, uint packet_length)
  SLAVE_INFO *si;
  uchar *p= packet, *p_end= packet + packet_length;
-  if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0))
+  if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0,0))
    return 1;
  if (!(si = (SLAVE_INFO*)my_malloc(sizeof(SLAVE_INFO), MYF(MY_WME))))
    goto err2;

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1337,7 +1337,7 @@ bool check_change_password(THD *thd, const char *host, const char *user,
      (strcmp(thd->user,user) ||
       my_strcasecmp(system_charset_info, host, thd->priv_host)))
  {
-    if (check_access(thd, UPDATE_ACL, "mysql",0,1,0))
+    if (check_access(thd, UPDATE_ACL, "mysql",0,1,0,0))
      return(1);
  }
  if (!thd->slave_thread && !thd->user[0])
@@ -5532,7 +5532,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
  ulong want_access;
  char buff[100];
  TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
  char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
  DBUG_ENTER("fill_schema_user_privileges");
@@ -5585,7 +5585,7 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
  ulong want_access;
  char buff[100];
  TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
  char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
  DBUG_ENTER("fill_schema_schema_privileges");
@@ -5640,7 +5640,7 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
  uint index;
  char buff[100];
  TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
  char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
  DBUG_ENTER("fill_schema_table_privileges");
@@ -5702,7 +5702,7 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
  uint index;
  char buff[100];
  TABLE *table= tables->table;
-  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
+  bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1,0);
  char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%";
  DBUG_ENTER("fill_schema_table_privileges");

--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@@ -1226,7 +1226,7 @@ static int mysql_test_select(Prepared_statement *stmt,
    if (check_table_access(thd, privilege, tables,0))
      goto error;
  }
-  else if (check_access(thd, privilege, any_db,0,0,0))
+  else if (check_access(thd, privilege, any_db,0,0,0,0))
    goto error;
 #endif

--- a/sql/sql_repl.cc
+++ b/sql/sql_repl.cc
@@ -769,7 +769,7 @@ int start_slave(THD* thd , MASTER_INFO* mi,  bool net_report)
  int thread_mask;
  DBUG_ENTER("start_slave");
-  if (check_access(thd, SUPER_ACL, any_db,0,0,0))
+  if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
    DBUG_RETURN(1);
  lock_slave_threads(mi);  // this allows us to cleanly read slave_running
  // Get a mask of _stopped_ threads
@@ -894,7 +894,7 @@ int stop_slave(THD* thd, MASTER_INFO* mi, bool net_report )
  if (!thd)
    thd = current_thd;
-  if (check_access(thd, SUPER_ACL, any_db,0,0,0))
+  if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
    return 1;
  thd->proc_info = "Killing slave";
  int thread_mask;

--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -2025,8 +2025,8 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond)
 	  (base_name= select_lex->db) && !bases.elements))
  {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-    if (with_i_schema ||   // don't check the rights if information schema db
+    if (!check_access(thd,SELECT_ACL, base_name, 
-        !check_access(thd,SELECT_ACL, base_name, &thd->col_access,0,1) ||
+                      &thd->col_access, 0, 1, with_i_schema) ||
        thd->master_access & (DB_ACLS | SHOW_DB_ACL) ||
 	acl_get(thd->host, thd->ip, thd->priv_user, base_name,0) ||
 	(grant_option && !check_grant_db(thd, base_name)))
@@ -2448,7 +2448,7 @@ static int get_schema_column_record(THD *thd, struct st_table_list *tables,
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
    uint col_access;
    check_access(thd,SELECT_ACL | EXTRA_ACL, base_name,
-                 &tables->grant.privilege, 0, 0);
+                 &tables->grant.privilege, 0, 0, test(tables->schema_table));
    col_access= get_column_grant(thd, &tables->grant, 
                                 base_name, file_name,
                                 field->field_name) & COL_ACLS;
@@ -2464,12 +2464,7 @@ static int get_schema_column_record(THD *thd, struct st_table_list *tables,
        end=strmov(end,grant_types.type_names[bitnr]);
      }
    }
-    if (tables->schema_table)      // any user has 'select' privilege on all 
+    table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs);
-      // I_S table columns
-      table->field[17]->store(grant_types.type_names[0],
-                              strlen(grant_types.type_names[0]), cs);
-    else
-      table->field[17]->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), cs);
 #endif
    table->field[1]->store(base_name, base_name_length, cs);

--- a/sql/sql_update.cc
+++ b/sql/sql_update.cc
@@ -720,7 +720,8 @@ bool mysql_multi_update_prepare(THD *thd)
    {
      uint want_privilege= tl->updating ? UPDATE_ACL : SELECT_ACL;
      if (check_access(thd, want_privilege,
-                        tl->db, &tl->grant.privilege, 0, 0) ||
+                       tl->db, &tl->grant.privilege, 0, 0, 
+                       test(tl->schema_table)) ||
          (grant_option && check_grant(thd, want_privilege, tl, 0, 1, 0)))
        DBUG_RETURN(TRUE);
    }

--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@@ -224,11 +224,11 @@ bool mysql_create_view(THD *thd,
    table (i.e. user will not get some privileges by view creation)
  */
  if ((check_access(thd, CREATE_VIEW_ACL, view->db, &view->grant.privilege,
-                    0, 0) ||
+                    0, 0, is_schema_db(view->db)) ||
       grant_option && check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) ||
      (mode != VIEW_CREATE_NEW &&
       (check_access(thd, DROP_ACL, view->db, &view->grant.privilege,
-                     0, 0) ||
+                     0, 0, is_schema_db(view->db)) ||
        grant_option && check_grant(thd, DROP_ACL, view, 0, 1, 0))))
  {
    res= TRUE;
@@ -280,7 +280,7 @@ bool mysql_create_view(THD *thd,
      if (!tbl->table_in_first_from_clause)
      {
        if (check_access(thd, SELECT_ACL, tbl->db,
-                         &tbl->grant.privilege, 0, 0) ||
+                         &tbl->grant.privilege, 0, 0, test(tbl->schema_table)) ||
            grant_option && check_grant(thd, SELECT_ACL, tbl, 0, 1, 0))
        {
          res= TRUE;