Fix for bug #6765 "Implicit access to time zone description

tables requires privileges for them if some table or column level grants
present" (with after-review fixes).

We should set SELECT_ACL for implicitly opened tables in 
my_tz_check_n_skip_implicit_tables() to be able to bypass privilege
checking in check_grant(). Also we should exclude those tables from
privilege checking in multi-update.


mysql-test/r/timezone2.result:
  Extended test for bug #6116 "SET time_zone := ... requires access to
  mysql.time_zone tables"
  Added test for bug #6765 "Implicit access to time zone description 
  tables requires privileges for them if some table or column level grants
  present"
mysql-test/t/timezone2.test:
  Extended test for bug #6116 "SET time_zone := ... requires access to
  mysql.time_zone tables"
  Added test for bug #6765 "Implicit access to time zone description 
  tables requires privileges for them if some table or column level grants
  present"
sql/item_geofunc.cc:
  sql_acl.h is now included via mysql_priv.h
sql/item_strfunc.cc:
  sql_acl.h is now included via mysql_priv.h
sql/log.cc:
  sql_acl.h is now included via mysql_priv.h
sql/mysql_priv.h:
  Now we have to include sql_acl.h before tztime.h, since 
  my_tz_check_n_skip_implicit_tables() defined there requires
  SELECT_ACL constant defined in sql_acl.h.
sql/mysqld.cc:
  sql_acl.h is now included via mysql_priv.h
sql/repl_failsafe.cc:
  sql_acl.h is now included via mysql_priv.h
sql/set_var.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_acl.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_base.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_cache.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_class.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_db.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_derived.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_do.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_insert.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_parse.cc:
  check_one_table_access(): Tweaked comments.
  multi_update_precheck(): Added skipping of implicitly opened tables
    during privilege checking.
sql/sql_prepare.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_repl.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_show.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_update.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_yacc.yy:
  sql_acl.h is now included via mysql_priv.h
sql/tztime.h:
  my_tz_check_n_skip_implicit_tables():
    We should set SELECT_ACL for implictly opened tables to be able to
    bypass privilege checking in check_grant().

1 files changed, 34 insertions, 2 deletions

diff --git a/mysql-test/r/timezone2.result b/mysql-test/r/timezone2.result
index 86264bf5b7e..1c98fd18a08 100644
--- a/mysql-test/r/timezone2.result
+++ b/mysql-test/r/timezone2.result
@@ -1,4 +1,4 @@
-drop table if exists t1;
+drop table if exists t1, t2;
 create table t1 (ts timestamp);
 set time_zone='+00:00';
 select unix_timestamp(utc_timestamp())-unix_timestamp(current_timestamp());
@@ -256,18 +256,50 @@ delete from mysql.db where user like 'mysqltest\_%';
 delete from mysql.tables_priv where user like 'mysqltest\_%';
 delete from mysql.columns_priv where user like 'mysqltest\_%';
 flush privileges;
-grant usage on mysqltest.* to mysqltest_1@localhost;
+create table t1 (a int, b datetime);
+create table t2 (c int, d datetime);
+grant all privileges on test.* to mysqltest_1@localhost;
 show grants for current_user();
 Grants for mysqltest_1@localhost
 GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
+GRANT ALL PRIVILEGES ON `test`.* TO 'mysqltest_1'@'localhost'
 set time_zone= '+00:00';
 set time_zone= 'Europe/Moscow';
 select convert_tz('2004-10-21 19:00:00', 'Europe/Moscow', 'UTC');
 convert_tz('2004-10-21 19:00:00', 'Europe/Moscow', 'UTC')
 2004-10-21 15:00:00
+select convert_tz(b, 'Europe/Moscow', 'UTC') from t1;
+convert_tz(b, 'Europe/Moscow', 'UTC')
+update t1, t2 set t1.b = convert_tz('2004-10-21 19:00:00', 'Europe/Moscow', 'UTC')
+where t1.a = t2.c and t2.d = (select max(d) from t2);
 select * from mysql.time_zone_name;
 ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysql'
 select Name, convert_tz('2004-10-21 19:00:00', Name, 'UTC') from mysql.time_zone_name;
 ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysql'
+delete from mysql.db where user like 'mysqltest\_%';
+flush privileges;
+grant all privileges on test.t1 to mysqltest_1@localhost;
+grant all privileges on test.t2 to mysqltest_1@localhost;
+show grants for current_user();
+Grants for mysqltest_1@localhost
+GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
+GRANT ALL PRIVILEGES ON `test`.`t2` TO 'mysqltest_1'@'localhost'
+GRANT ALL PRIVILEGES ON `test`.`t1` TO 'mysqltest_1'@'localhost'
+set time_zone= '+00:00';
+set time_zone= 'Europe/Moscow';
+select convert_tz('2004-11-31 12:00:00', 'Europe/Moscow', 'UTC');
+convert_tz('2004-11-31 12:00:00', 'Europe/Moscow', 'UTC')
+2004-12-01 09:00:00
+select convert_tz(b, 'Europe/Moscow', 'UTC') from t1;
+convert_tz(b, 'Europe/Moscow', 'UTC')
+update t1, t2 set t1.b = convert_tz('2004-11-30 12:00:00', 'Europe/Moscow', 'UTC')
+where t1.a = t2.c and t2.d = (select max(d) from t2);
+select * from mysql.time_zone_name;
+ERROR 42000: select command denied to user 'mysqltest_1'@'localhost' for table 'time_zone_name'
+select Name, convert_tz('2004-11-30 12:00:00', Name, 'UTC') from mysql.time_zone_name;
+ERROR 42000: select command denied to user 'mysqltest_1'@'localhost' for table 'time_zone_name'
 delete from mysql.user where user like 'mysqltest\_%';
+delete from mysql.db where user like 'mysqltest\_%';
+delete from mysql.tables_priv where user like 'mysqltest\_%';
 flush privileges;
+drop table t1, t2;