Fix for BUG#27337: Privileges are not properly restored.

The problem was that THD::db_access variable was not restored after
database switch in stored-routine-execution code.

The fix is to restore THD::db_access in this case.

Unfortunately, this fix requires additional changes,
because in prepare_schema_table(), called on the parsing stage, we checked
privileges. That was wrong according to our design, but this flaw haven't
struck so far, because it was masked. All privilege checkings must be
done on the execution stage in order to be compatible with prepared statements
and stored routines. So, this patch also contains patch for
prepare_schema_table(), which moves the checkings to the execution phase.


mysql-test/r/grant.result:
  Updated result file.
mysql-test/t/grant.test:
  Added test case for BUG#27337.
sql/mysql_priv.h:
  Added function declaration.
sql/sql_db.cc:
  Fix for BUG#27337 -- set THD::db_access even if we're called
  from stored-routine-execution code.
sql/sql_parse.cc:
  Split prepare_schema_table() into two functions:
    - prepare_schema_table(), which is called from the parser (parsing stage);
    - check_show_access(), which is called on the execution stage.
sql/sql_show.cc:
  Ignore schema_select_lex member if its table is NULL.

1 files changed, 20 insertions, 23 deletions

diff --git a/sql/sql_db.cc b/sql/sql_db.cc
index d7aecb78363..963457cc896 100644
--- a/sql/sql_db.cc
+++ b/sql/sql_db.cc
@@ -1308,30 +1308,27 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
   DBUG_PRINT("info",("Use database: %s", new_db_file_name.str));
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-  if (!force_switch) /* FIXME: this is BUG#27337. */
+  db_access=
+    test_all_bits(sctx->master_access, DB_ACLS) ?
+    DB_ACLS :
+    acl_get(sctx->host,
+            sctx->ip,
+            sctx->priv_user,
+            new_db_file_name.str,
+            FALSE) | sctx->master_access;
+
+  if (!force_switch &&
+      !(db_access & DB_ACLS) &&
+      (!grant_option || check_grant_db(thd, new_db_file_name.str)))
   {
-    db_access=
-      test_all_bits(sctx->master_access, DB_ACLS) ?
-      DB_ACLS :
-      acl_get(sctx->host,
-              sctx->ip,
-              sctx->priv_user,
-              new_db_file_name.str,
-              FALSE) | sctx->master_access;
-
-    if (!force_switch &&
-        !(db_access & DB_ACLS) &&
-        (!grant_option || check_grant_db(thd, new_db_file_name.str)))
-    {
-      my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
-               sctx->priv_user,
-               sctx->priv_host,
-               new_db_file_name.str);
-      mysql_log.write(thd, COM_INIT_DB, ER(ER_DBACCESS_DENIED_ERROR),
-                      sctx->priv_user, sctx->priv_host, new_db_file_name.str);
-      my_free(new_db_file_name.str, MYF(0));
-      DBUG_RETURN(TRUE);
-    }
+    my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
+             sctx->priv_user,
+             sctx->priv_host,
+             new_db_file_name.str);
+    mysql_log.write(thd, COM_INIT_DB, ER(ER_DBACCESS_DENIED_ERROR),
+                    sctx->priv_user, sctx->priv_host, new_db_file_name.str);
+    my_free(new_db_file_name.str, MYF(0));
+    DBUG_RETURN(TRUE);
   }
 #endif