From f4060b4b81f04580d144d3b70e8dae456697252a Mon Sep 17 00:00:00 2001 From: "ramil/ram@mysql.com/ramil.myoffice.izhnet.ru" <> Date: Tue, 17 Apr 2007 16:52:50 +0500 Subject: [PATCH 1/2] Fix for bug #27515: DROP previlege is not required anymore for RENAME TABLE Added missed DROP privilege check on the original table for RENAME TABLE command. --- mysql-test/r/grant.result | 11 +++++++++++ mysql-test/t/grant.test | 23 ++++++++++++++++++++++- sql/sql_parse.cc | 2 +- 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index 1960f3a76b9..4e4e2ccff48 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -492,3 +492,14 @@ delete from mysql.db where user='mysqltest1'; delete from mysql.tables_priv where user='mysqltest1'; flush privileges; drop database mysqltest; +create database db27515; +use db27515; +create table t1 (a int); +grant alter on db27515.t1 to user27515@localhost; +grant insert, create on db27515.t2 to user27515@localhost; +rename table t1 to t2; +ERROR 42000: DROP command denied to user 'user27515'@'localhost' for table 't1' +revoke all privileges, grant option from user27515@localhost; +drop user user27515@localhost; +drop database db27515; +End of 4.1 tests diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test index 3365145650a..ea148c67262 100644 --- a/mysql-test/t/grant.test +++ b/mysql-test/t/grant.test @@ -451,4 +451,25 @@ delete from mysql.tables_priv where user='mysqltest1'; flush privileges; drop database mysqltest; -# End of 4.1 tests +# +# Bug #27515: DROP previlege is not required for RENAME TABLE +# +connection master; +create database db27515; +use db27515; +create table t1 (a int); +grant alter on db27515.t1 to user27515@localhost; +grant insert, create on db27515.t2 to user27515@localhost; + +connect (conn27515, localhost, user27515, , db27515); +connection conn27515; +--error 1142 +rename table t1 to t2; +disconnect conn27515; + +connection master; +revoke all privileges, grant option from user27515@localhost; +drop user user27515@localhost; +drop database db27515; + +--echo End of 4.1 tests diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 66b68cfc2f1..659926bdea3 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -2818,7 +2818,7 @@ unsent_create_error: old_list=table[0]; new_list=table->next[0]; old_list.next=new_list.next=0; - if (check_grant(thd, ALTER_ACL, &old_list, 0, UINT_MAX, 0) || + if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, UINT_MAX, 0) || (!test_all_bits(table->next->grant.privilege, INSERT_ACL | CREATE_ACL) && check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0, From d13861546e8402e75e837f1e3e14dee7fc2ef032 Mon Sep 17 00:00:00 2001 From: "ramil/ram@mysql.com/ramil.myoffice.izhnet.ru" <> Date: Tue, 24 Apr 2007 11:26:40 +0500 Subject: [PATCH 2/2] after-merge fix --- mysql-test/r/grant.result | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index d63e4181026..f1f573e0350 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -657,6 +657,17 @@ delete from mysql.db where user='mysqltest1'; delete from mysql.tables_priv where user='mysqltest1'; flush privileges; drop database mysqltest; +create database db27515; +use db27515; +create table t1 (a int); +grant alter on db27515.t1 to user27515@localhost; +grant insert, create on db27515.t2 to user27515@localhost; +rename table t1 to t2; +ERROR 42000: DROP command denied to user 'user27515'@'localhost' for table 't1' +revoke all privileges, grant option from user27515@localhost; +drop user user27515@localhost; +drop database db27515; +End of 4.1 tests use test; create table t1 (a int); create table t2 as select * from mysql.user where user='';