Fix for bug #6765 "Implicit access to time zone description

tables requires privileges for them if some table or column level grants
present" (with after-review fixes).

We should set SELECT_ACL for implicitly opened tables in 
my_tz_check_n_skip_implicit_tables() to be able to bypass privilege
checking in check_grant(). Also we should exclude those tables from
privilege checking in multi-update.


mysql-test/r/timezone2.result:
  Extended test for bug #6116 "SET time_zone := ... requires access to
  mysql.time_zone tables"
  Added test for bug #6765 "Implicit access to time zone description 
  tables requires privileges for them if some table or column level grants
  present"
mysql-test/t/timezone2.test:
  Extended test for bug #6116 "SET time_zone := ... requires access to
  mysql.time_zone tables"
  Added test for bug #6765 "Implicit access to time zone description 
  tables requires privileges for them if some table or column level grants
  present"
sql/item_geofunc.cc:
  sql_acl.h is now included via mysql_priv.h
sql/item_strfunc.cc:
  sql_acl.h is now included via mysql_priv.h
sql/log.cc:
  sql_acl.h is now included via mysql_priv.h
sql/mysql_priv.h:
  Now we have to include sql_acl.h before tztime.h, since 
  my_tz_check_n_skip_implicit_tables() defined there requires
  SELECT_ACL constant defined in sql_acl.h.
sql/mysqld.cc:
  sql_acl.h is now included via mysql_priv.h
sql/repl_failsafe.cc:
  sql_acl.h is now included via mysql_priv.h
sql/set_var.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_acl.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_base.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_cache.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_class.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_db.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_derived.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_do.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_insert.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_parse.cc:
  check_one_table_access(): Tweaked comments.
  multi_update_precheck(): Added skipping of implicitly opened tables
    during privilege checking.
sql/sql_prepare.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_repl.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_show.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_update.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_yacc.yy:
  sql_acl.h is now included via mysql_priv.h
sql/tztime.h:
  my_tz_check_n_skip_implicit_tables():
    We should set SELECT_ACL for implictly opened tables to be able to
    bypass privilege checking in check_grant().

1 files changed, 41 insertions, 2 deletions

diff --git a/mysql-test/t/timezone2.test b/mysql-test/t/timezone2.test
index ad8089e1a37..d185a647921 100644
--- a/mysql-test/t/timezone2.test
+++ b/mysql-test/t/timezone2.test
@@ -2,7 +2,7 @@
 
 # Preparing playground
 --disable_warnings
-drop table if exists t1;
+drop table if exists t1, t2;
 --enable_warnings
 
 
@@ -205,25 +205,64 @@ drop table t1;
 # even for unprivileged users.
 #
 
+# Let us prepare playground
 delete from mysql.user where user like 'mysqltest\_%';
 delete from mysql.db where user like 'mysqltest\_%';
 delete from mysql.tables_priv where user like 'mysqltest\_%';
 delete from mysql.columns_priv where user like 'mysqltest\_%';
 flush privileges;
+create table t1 (a int, b datetime);
+create table t2 (c int, d datetime);
 
-grant usage on mysqltest.* to mysqltest_1@localhost;
+grant all privileges on test.* to mysqltest_1@localhost;
 connect (tzuser, localhost, mysqltest_1,,);
 connection tzuser;
 show grants for current_user();
 set time_zone= '+00:00';
 set time_zone= 'Europe/Moscow';
 select convert_tz('2004-10-21 19:00:00', 'Europe/Moscow', 'UTC');
+select convert_tz(b, 'Europe/Moscow', 'UTC') from t1;
+# Let us also check whenever multi-update works ok
+update t1, t2 set t1.b = convert_tz('2004-10-21 19:00:00', 'Europe/Moscow', 'UTC')
+              where t1.a = t2.c and t2.d = (select max(d) from t2);
 # But still these two statements should not work:
 --error 1044
 select * from mysql.time_zone_name;
 --error 1044
 select Name, convert_tz('2004-10-21 19:00:00', Name, 'UTC') from mysql.time_zone_name;
 
+#
+# Test for bug #6765 "Implicit access to time zone description tables
+# requires privileges for them if some table or column level grants
+# present"
+#
+connection default;
+# Let use some table-level grants instead of db-level 
+# to make life more interesting
+delete from mysql.db where user like 'mysqltest\_%';
+flush privileges;
+grant all privileges on test.t1 to mysqltest_1@localhost;
+grant all privileges on test.t2 to mysqltest_1@localhost;
+# The test itself is almost the same as previous one
+connect (tzuser2, localhost, mysqltest_1,,);
+connection tzuser2;
+show grants for current_user();
+set time_zone= '+00:00';
+set time_zone= 'Europe/Moscow';
+select convert_tz('2004-11-31 12:00:00', 'Europe/Moscow', 'UTC');
+select convert_tz(b, 'Europe/Moscow', 'UTC') from t1;
+update t1, t2 set t1.b = convert_tz('2004-11-30 12:00:00', 'Europe/Moscow', 'UTC')
+              where t1.a = t2.c and t2.d = (select max(d) from t2);
+# Again these two statements should not work (but with different errors):
+--error 1142
+select * from mysql.time_zone_name;
+--error 1142
+select Name, convert_tz('2004-11-30 12:00:00', Name, 'UTC') from mysql.time_zone_name;
+
+# Clean-up
 connection default;
 delete from mysql.user where user like 'mysqltest\_%';
+delete from mysql.db where user like 'mysqltest\_%';
+delete from mysql.tables_priv where user like 'mysqltest\_%';
 flush privileges;
+drop table t1, t2;