From 313761cb40d7ba89c860e0c823f20f59698dab4c Mon Sep 17 00:00:00 2001
From: unknown <monty@mysql.com>
Date: Tue, 3 Feb 2004 19:17:23 +0100
Subject: Ensure that privileges are tested properly for multi-table-updates.
 Now one need only SELECT privilege for tables that are only read in UPDATE
 statements with many tables. (Bug #2377).

sql/sql_acl.cc:
  Comment cleanup
sql/sql_parse.cc:
  Merged duplicate code.
  Removed some outdated 'tables->db' tests.
  Check privileges for multi-updates properly (Bug #2377)
sql/sql_show.cc:
  Remove disabled code
sql/sql_update.cc:
  Ensure that privileges are tested properly for multi-table-updates
tests/grant.pl:
  Added more tests
tests/grant.res:
  updated results
---
 sql/sql_update.cc | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

(limited to 'sql/sql_update.cc')

diff --git a/sql/sql_update.cc b/sql/sql_update.cc
index 4f5f21d61ad..d2ccd02051b 100644
--- a/sql/sql_update.cc
+++ b/sql/sql_update.cc
@@ -15,8 +15,9 @@
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
 
 
-/* Update of records 
-   Multi-table updates were introduced by Monty and Sinisa <sinisa@mysql.com>
+/*
+  Single table and multi table updates of tables.
+  Multi-table updates were introduced by Sinisa & Monty
 */
 
 #include "mysql_priv.h"
@@ -398,20 +399,33 @@ int mysql_multi_update(THD *thd,
   TABLE_LIST *tl;
   DBUG_ENTER("mysql_multi_update");
 
-  table_list->grant.want_privilege=(SELECT_ACL & ~table_list->grant.privilege);
   if ((res=open_and_lock_tables(thd,table_list)))
     DBUG_RETURN(res);
 
   thd->select_limit=HA_POS_ERROR;
+
+  /*
+    Ensure that we have update privilege for all tables and columns in the
+    SET part
+  */
+  for (tl= table_list ; tl ; tl=tl->next)
+  {
+    TABLE *table= tl->table;
+    table->grant.want_privilege= (UPDATE_ACL & ~table->grant.privilege);
+  }
+
   if (setup_fields(thd, table_list, *fields, 1, 0, 0))
     DBUG_RETURN(-1);
 
   /*
     Count tables and setup timestamp handling
   */
-  for (tl= (TABLE_LIST*) table_list ; tl ; tl=tl->next)
+  for (tl= table_list ; tl ; tl=tl->next)
   {
     TABLE *table= tl->table;
+
+    /* We only need SELECT privilege for columns in the values list */
+    table->grant.want_privilege= (SELECT_ACL & ~table->grant.privilege);
     if (table->timestamp_field)
     {
       table->time_stamp=0;
-- 
cgit v1.2.1