diff options
| -rw-r--r-- | mysql-test/r/grant2.result | 1 | ||||
| -rw-r--r-- | mysql-test/t/grant2.test | 1 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 11 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 18 | ||||
| -rw-r--r-- | sql/sql_update.cc | 2 | ||||
| -rw-r--r-- | tests/grant.pl | 4 |
6 files changed, 23 insertions, 14 deletions
diff --git a/mysql-test/r/grant2.result b/mysql-test/r/grant2.result index 821f67536f3..e6c78fdfdd4 100644 --- a/mysql-test/r/grant2.result +++ b/mysql-test/r/grant2.result @@ -23,6 +23,7 @@ grant select on `my\_1`.* to mysqltest_4@localhost with grant option; ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass' with grant option; +ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysql' show grants for mysqltest_1@localhost; Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' diff --git a/mysql-test/t/grant2.test b/mysql-test/t/grant2.test index 3b1200f8a6e..58f91fddcc2 100644 --- a/mysql-test/t/grant2.test +++ b/mysql-test/t/grant2.test @@ -36,6 +36,7 @@ set @@sql_mode='NO_AUTO_CREATE_USER'; select @@sql_mode; --error 1211 grant select on `my\_1`.* to mysqltest_4@localhost with grant option; +--error 1044 grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass' with grant option; disconnect user1; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 3759840d3bb..c51e5e00aa1 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1642,17 +1642,6 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, } else { - /* - Check that the user isn't trying to change a password for another - user if he doesn't have UPDATE privilege to the MySQL database - */ - DBUG_ASSERT(combo.host.str != 0); - if (thd->user && combo.password.str && - (strcmp(thd->user,combo.user.str) || - my_strcasecmp(system_charset_info, - combo.host.str, thd->host_or_ip)) && - check_access(thd, UPDATE_ACL, "mysql",0,1,0)) - goto end; old_row_exists = 1; store_record(table,record[1]); // Save copy for update if (combo.password.str) // If password given diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 4b069dd56e8..898dbc05a9a 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3626,6 +3626,24 @@ unsent_create_error: first_table ? 0 : 1, 0)) goto error; + if (thd->user) // If not replication + { + LEX_USER *user; + List_iterator <LEX_USER> user_list(lex->users_list); + while ((user=user_list++)) + { + if (user->password.str && + strcmp(thd->user, user->user.str) || + user->host.str && + my_strcasecmp(system_charset_info, + user->host.str, thd->host_or_ip)) + { + if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 0)) + goto error; + break; // We are allowed to do changes + } + } + } if (specialflag & SPECIAL_NO_RESOLVE) { LEX_USER *user; diff --git a/sql/sql_update.cc b/sql/sql_update.cc index e215141ff0a..3ee656b00ce 100644 --- a/sql/sql_update.cc +++ b/sql/sql_update.cc @@ -219,7 +219,7 @@ int mysql_update(THD *thd, #ifndef NO_EMBEDDED_ACCESS_CHECKS /* Check values */ table_list->grant.want_privilege= table->grant.want_privilege= - (SELECT_ACL & ~~table->grant.privilege); + (SELECT_ACL & ~table->grant.privilege); #endif if (setup_fields(thd, 0, table_list, values, 1, 0, 0)) { diff --git a/tests/grant.pl b/tests/grant.pl index cd6a2eb80de..4f2bd1a61cb 100644 --- a/tests/grant.pl +++ b/tests/grant.pl @@ -201,7 +201,7 @@ safe_query("select * from mysql.db where user = '$opt_user'"); safe_query("grant CREATE,UPDATE,DROP on $opt_database.* to $user"); user_connect(0); user_query("create table $opt_database.test2 (a int not null)"); -user_query("update test,test2 SET test.a=1 where 1"); +user_query("update test,test2 SET test.a=1 where 1",1); user_query("update test,test2 SET test.a=test2.a where 1",1); safe_query("grant SELECT on $opt_database.* to $user"); user_connect(0); @@ -375,7 +375,7 @@ user_query("delete from $opt_database.test where a=2"); user_query("delete from $opt_database.test where A=2"); user_query("update test set b=5 where b>0"); user_query("update test set a=11 where b>5",1); -user_query("update test,test2 SET test.b=5 where b>0"); +user_query("update test,test2 SET test.b=5 where b>0",1); user_query("update test,test2 SET test.a=11 where b>0",1); user_query("update test,test2 SET test.b=test2.a where b>0",1); user_query("update test,test2 SET test.b=11 where test2.a>0",1); |