fixed

bug #3342 "SHOW CREATE DATABASE seems to require DROP privilege"
(now it require only SELECT privilege on database)

mysql-test/r/show_check.result

@@ -362,3 +362,41 @@ t1	HEAP	Fixed	0	5	#	#	#	5	NULL	NULL	NULL	NULL	latin1_swedish_ci	NULL
 t2	HEAP	Fixed	0	5	#	#	#	5	NULL	NULL	NULL	NULL	latin1_swedish_ci	NULL		
 t3	HEAP	Fixed	0	9	#	#	#	9	NULL	NULL	NULL	NULL	latin1_swedish_ci	NULL		
 drop table t1, t2, t3;
+create database test_$1;
+show create database test_$1;
+Database	Create Database
+test_$1	CREATE DATABASE `test_$1` /*!40100 DEFAULT CHARACTER SET latin1 */
+create table test_$1.t1(a int);
+insert into test_$1.t1 values(1);
+grant select on `test_$1`.* to mysqltest_1@localhost;
+grant usage  on `test_$1`.* to mysqltest_2@localhost;
+grant drop   on `test_$1`.* to mysqltest_3@localhost;
+select * from t1;
+a
+1
+show create database test_$1;
+Database	Create Database
+test_$1	CREATE DATABASE `test_$1` /*!40100 DEFAULT CHARACTER SET latin1 */
+drop table t1;
+ERROR 42000: Access denied for user: 'mysqltest_1'@'localhost' to database 'test_$1'
+drop database test_$1;
+ERROR 42000: Access denied for user: 'mysqltest_1'@'localhost' to database 'test_$1'
+select * from test_$1.t1;
+ERROR 42000: Access denied for user: 'mysqltest_2'@'localhost' to database 'test_$1'
+show create database test_$1;
+ERROR 42000: Access denied for user: 'mysqltest_2'@'localhost' to database 'test_$1'
+drop table test_$1.t1;
+ERROR 42000: Access denied for user: 'mysqltest_2'@'localhost' to database 'test_$1'
+drop database test_$1;
+ERROR 42000: Access denied for user: 'mysqltest_2'@'localhost' to database 'test_$1'
+select * from test_$1.t1;
+ERROR 42000: Access denied for user: 'mysqltest_3'@'localhost' to database 'test_$1'
+show create database test_$1;
+ERROR 42000: Access denied for user: 'mysqltest_3'@'localhost' to database 'test_$1'
+drop table test_$1.t1;
+drop database test_$1;
+delete from mysql.user 
+where user='mysqltest_1' || user='mysqltest_2' || user='mysqltest_3';
+delete from mysql.db   
+where user='mysqltest_1' || user='mysqltest_2' || user='mysqltest_3';
+flush privileges;

mysql-test/t/show_check.test

@@ -256,3 +256,51 @@ delete from t3 where a=5;
 show table status;
 
 drop table t1, t2, t3;
+
+#
+# Test for bug #3342 SHOW CREATE DATABASE seems to require DROP privilege
+#
+
+create database test_$1;
+show create database test_$1;
+create table test_$1.t1(a int);
+insert into test_$1.t1 values(1);
+grant select on `test_$1`.* to mysqltest_1@localhost;
+grant usage  on `test_$1`.* to mysqltest_2@localhost;
+grant drop   on `test_$1`.* to mysqltest_3@localhost;
+
+connect (con1,localhost,mysqltest_1,,test_$1);
+connection con1;
+select * from t1;
+show create database test_$1;
+--error 1044
+drop table t1;
+--error 1044
+drop database test_$1;
+
+connect (con2,localhost,mysqltest_2,,test);
+connection con2;
+--error 1044
+select * from test_$1.t1;
+--error 1044
+show create database test_$1;
+--error 1044
+drop table test_$1.t1;
+--error 1044
+drop database test_$1;
+
+connect (con3,localhost,mysqltest_3,,test);
+connection con3;
+--error 1044
+select * from test_$1.t1;
+--error 1044
+show create database test_$1;
+drop table test_$1.t1;
+drop database test_$1;
+
+connection default;
+delete from mysql.user 
+where user='mysqltest_1' || user='mysqltest_2' || user='mysqltest_3';
+delete from mysql.db   
+where user='mysqltest_1' || user='mysqltest_2' || user='mysqltest_3';
+flush privileges;

sql/sql_parse.cc

@@ -3131,7 +3131,7 @@ mysql_execute_command(THD *thd)
       net_printf(thd,ER_WRONG_DB_NAME, lex->name);
       break;
     }
-    if (check_access(thd,DROP_ACL,lex->name,0,1,0))
+    if (check_access(thd,SELECT_ACL,lex->name,0,1,0))
       break;
     if (thd->locked_tables || thd->active_transaction())
     {