Require FILE privilege to DROP a table with FILE_NAME.

modified: mysql-test/suite/connect/r/bin.result mysql-test/suite/connect/t/grant.inc storage/connect/ha_connect.cc storage/connect/ha_connect.h

Require FILE privilege to DROP a table with FILE_NAME.
modified: mysql-test/suite/connect/r/bin.result mysql-test/suite/connect/t/grant.inc storage/connect/ha_connect.cc storage/connect/ha_connect.h
8087daae · Alexander Barkov · 79f84fdc · 8087daae · 8087daae · 8087daae
Commit 8087daae authored Mar 22, 2013 by Alexander Barkov
4 changed files
--- a/mysql-test/suite/connect/r/bin.result
+++ b/mysql-test/suite/connect/r/bin.result
@@ -48,6 +48,8 @@ ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
 ALTER TABLE t1 READONLY=1;
 ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
 DROP TABLE t1;
+ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
+DROP TABLE t1;
 DROP USER user@localhost;
 #
 # Testing errors

--- a/mysql-test/suite/connect/t/grant.inc
+++ b/mysql-test/suite/connect/t/grant.inc
@@ -41,7 +41,8 @@ DELETE FROM t1;
 TRUNCATE TABLE t1;
 --error ER_ACCESS_DENIED_ERROR
 ALTER TABLE t1 READONLY=1;
-# TODO: DROP
+--error ER_ACCESS_DENIED_ERROR
+DROP TABLE t1;
 --disconnect user
 --connection default
 DROP TABLE t1;

--- a/storage/connect/ha_connect.cc
+++ b/storage/connect/ha_connect.cc
@@ -2884,9 +2884,8 @@ int ha_connect::delete_all_rows()
 } // end of delete_all_rows
-bool ha_connect::check_privileges(THD *thd, TABLE *table_arg)
+bool ha_connect::check_privileges(THD *thd, PTOS options)
 {
-  PTOS  options= GetTableOptionStruct(table_arg);
  if (!options || !options->type)
    goto err;
@@ -2967,7 +2966,8 @@ int ha_connect::external_lock(THD *thd, int lock_type)
  if (!g)
    DBUG_RETURN(HA_ERR_INTERNAL_ERROR);
-  if (lock_type != F_UNLCK && check_privileges(thd, table))
+  PTOS options= GetTableOptionStruct(table);
+  if (lock_type != F_UNLCK && check_privileges(thd, options))
    DBUG_RETURN(HA_ERR_INTERNAL_ERROR);
  // Action will depend on lock_type
@@ -3265,6 +3265,12 @@ int ha_connect::delete_or_rename_table(const char *name, const char *to)
  // Now we can work
  pos= share->option_struct;
+  if (check_privileges(thd, pos))
+  {
+    free_table_share(share);
+    DBUG_RETURN(HA_ERR_INTERNAL_ERROR);
+  }
  if (IsFileType(GetTypeID(pos->type)) && !pos->filename) {
    // This is a table whose files must be erased or renamed */
    char ftype[8], *new_exts[2];
@@ -3887,7 +3893,7 @@ int ha_connect::create(const char *name, TABLE *table_arg,
  DBUG_ASSERT(options);
  type= GetTypeID(options->type);
-  if (check_privileges(current_thd, table_arg))
+  if (check_privileges(current_thd, options))
    DBUG_RETURN(HA_ERR_INTERNAL_ERROR);
  if (options->data_charset) {

--- a/storage/connect/ha_connect.h
+++ b/storage/connect/ha_connect.h
@@ -361,7 +361,7 @@ const char *GetValStr(OPVAL vop, bool neg);
  int optimize(THD* thd, HA_CHECK_OPT* check_opt);
 protected:
-  bool check_privileges(THD *thd, TABLE *table_arg);
+  bool check_privileges(THD *thd, PTOS options);
  char *GetListOption(const char *opname, const char *oplist, const char *def= NULL);
 #if defined(MARIADB)
  char *encode(PGLOBAL g, char *cnm);