From 0ed4b9c0ba5ccd9b125f15b094748114399247b3 Mon Sep 17 00:00:00 2001
From: "venu@myvenu.com" <>
Date: Mon, 24 Feb 2003 17:22:02 -0800
Subject: [PATCH] Fix for the prepared statement access checks

---
 sql/sql_prepare.cc | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
index 3cb4c4e8244..7639f32353c 100644
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@@ -454,8 +454,17 @@ static bool mysql_test_insert_fields(PREP_STMT *stmt,
   List_item *values;
   DBUG_ENTER("mysql_test_insert_fields");
 
-  if (!(table= open_ltable(thd,table_list,table_list->lock_type)))
-    DBUG_RETURN(1);
+  my_bool update=(thd->lex.value_list.elements ? UPDATE_ACL : 0);
+  ulong privilege= (thd->lex.duplicates == DUP_REPLACE ?
+                    INSERT_ACL | DELETE_ACL : INSERT_ACL | update);
+
+  if (check_access(thd,privilege,table_list->db,
+                   &table_list->grant.privilege) || 
+      (grant_option && check_grant(thd,privilege,table_list)) || 
+      open_and_lock_tables(thd, table_list))
+    DBUG_RETURN(1); 
+  
+  table= table_list->table;
 
   if ((values= its++))
   {
@@ -502,7 +511,10 @@ static bool mysql_test_upd_fields(PREP_STMT *stmt, TABLE_LIST *table_list,
   THD *thd= stmt->thd;
   DBUG_ENTER("mysql_test_upd_fields");
 
-  if (open_and_lock_tables(thd, table_list))
+  if (check_access(thd,UPDATE_ACL,table_list->db,
+                   &table_list->grant.privilege) || 
+      (grant_option && check_grant(thd,UPDATE_ACL,table_list)) || 
+      open_and_lock_tables(thd, table_list))
     DBUG_RETURN(1);
 
   if (setup_tables(table_list) ||
@@ -545,6 +557,15 @@ static bool mysql_test_select_fields(PREP_STMT *stmt, TABLE_LIST *tables,
   select_result *result= thd->lex.result;
   DBUG_ENTER("mysql_test_select_fields");
 
+  ulong privilege= lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL;
+  if (tables)
+  {
+    if (check_table_access(thd, privilege, tables))
+      DBUG_RETURN(1);
+  }
+  else if (check_access(thd, privilege, "*any*"))
+    DBUG_RETURN(1);
+
   if ((&lex->select_lex != lex->all_selects_list &&
        lex->unit.create_total_list(thd, lex, &tables, 0)))
    DBUG_RETURN(1);
@@ -716,8 +737,8 @@ static void init_stmt_execute(PREP_STMT *stmt)
   TODO: When the new table structure is ready, then have a status bit 
         to indicate the table is altered, and re-do the setup_* 
         and open the tables back.
-  */
-  if (tables)
+  */  
+  for (; tables ; tables= tables->next)
     tables->table= 0; //safety - nasty init
 }