From 9ad51c631c7ef6d5ed4bea0b6171a98502844c81 Mon Sep 17 00:00:00 2001
From: unknown <dlenev@brandersnatch.localdomain>
Date: Thu, 9 Dec 2004 13:31:46 +0300
Subject: Fix for bug #6765 "Implicit access to time zone description tables
 requires privileges for them if some table or column level grants present"
 (with after-review fixes).

We should set SELECT_ACL for implicitly opened tables in
my_tz_check_n_skip_implicit_tables() to be able to bypass privilege
checking in check_grant(). Also we should exclude those tables from
privilege checking in multi-update.


mysql-test/r/timezone2.result:
  Extended test for bug #6116 "SET time_zone := ... requires access to
  mysql.time_zone tables"
  Added test for bug #6765 "Implicit access to time zone description
  tables requires privileges for them if some table or column level grants
  present"
mysql-test/t/timezone2.test:
  Extended test for bug #6116 "SET time_zone := ... requires access to
  mysql.time_zone tables"
  Added test for bug #6765 "Implicit access to time zone description
  tables requires privileges for them if some table or column level grants
  present"
sql/item_geofunc.cc:
  sql_acl.h is now included via mysql_priv.h
sql/item_strfunc.cc:
  sql_acl.h is now included via mysql_priv.h
sql/log.cc:
  sql_acl.h is now included via mysql_priv.h
sql/mysql_priv.h:
  Now we have to include sql_acl.h before tztime.h, since
  my_tz_check_n_skip_implicit_tables() defined there requires
  SELECT_ACL constant defined in sql_acl.h.
sql/mysqld.cc:
  sql_acl.h is now included via mysql_priv.h
sql/repl_failsafe.cc:
  sql_acl.h is now included via mysql_priv.h
sql/set_var.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_acl.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_base.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_cache.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_class.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_db.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_derived.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_do.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_insert.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_parse.cc:
  check_one_table_access(): Tweaked comments.
  multi_update_precheck(): Added skipping of implicitly opened tables
    during privilege checking.
sql/sql_prepare.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_repl.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_show.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_update.cc:
  sql_acl.h is now included via mysql_priv.h
sql/sql_yacc.yy:
  sql_acl.h is now included via mysql_priv.h
sql/tztime.h:
  my_tz_check_n_skip_implicit_tables():
    We should set SELECT_ACL for implictly opened tables to be able to
    bypass privilege checking in check_grant().
---
 sql/sql_insert.cc | 1 -
 1 file changed, 1 deletion(-)

(limited to 'sql/sql_insert.cc')

diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc
index d590d3b5093..f191a4b327a 100644
--- a/sql/sql_insert.cc
+++ b/sql/sql_insert.cc
@@ -18,7 +18,6 @@
 /* Insert of records */
 
 #include "mysql_priv.h"
-#include "sql_acl.h"
 
 static int check_null_fields(THD *thd,TABLE *entry);
 #ifndef EMBEDDED_LIBRARY
-- 
cgit v1.2.1


From 46364ddb1978802ad9bf5418738b03d0cfe8bd61 Mon Sep 17 00:00:00 2001
From: unknown <acurtis@pcgem.rdg.cyberkinetica.com>
Date: Mon, 13 Dec 2004 12:26:28 +0000
Subject: WL#2274 - INSERT..SELECT..UPDATE   UPDATE clause conflicts with
 SELECT for use of item_list field.   Alter UPDATE clause to use new lex field
 update_list   Tests included

mysql-test/r/insert_update.result:
  WL#2274
    New tests for INSERT..SELECT..UPDATE
mysql-test/t/insert_update.test:
  WL#2274
    New tests for INSERT..SELECT..UPDATE
sql/mysql_priv.h:
  Remove function - insert_select_precheck()
sql/sql_class.h:
  WL#2274
    New constructor for class select_insert
sql/sql_insert.cc:
  WL#2274
    Move code into mysql_prepare_insert
    Add checks as param values may be NULL
sql/sql_lex.cc:
  WL#2274
    initialize lex->update_list
sql/sql_lex.h:
  WL#2274
    New field in LEX: update_list
sql/sql_parse.cc:
  WL#2274
    INSERT..UPDATE clause now populates lex->update_list
    Remove redundant function: insert_select_precheck()
sql/sql_prepare.cc:
  WL#2274
    invoke insert_precheck() instead of insert_select_precheck()
sql/sql_yacc.yy:
  WL#2274
    Enable INSERT..SELECT..UPDATE syntax
    New rule - insert_update_list, to populate lex->update_list
---
 sql/sql_insert.cc | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

(limited to 'sql/sql_insert.cc')

diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc
index 768acb0cf9e..ce64890523a 100644
--- a/sql/sql_insert.cc
+++ b/sql/sql_insert.cc
@@ -197,15 +197,6 @@ int mysql_insert(THD *thd,TABLE_LIST *table_list,
   thd->used_tables=0;
   values= its++;
 
-  if (duplic == DUP_UPDATE && !table->insert_values)
-  {
-    /* it should be allocated before Item::fix_fields() */
-    table->insert_values= 
-      (byte *)alloc_root(thd->mem_root, table->rec_buff_length);
-    if (!table->insert_values)
-      goto abort;
-  }
-
   if (mysql_prepare_insert(thd, table_list, insert_table_list, table,
 			   fields, values, update_fields,
 			   update_values, duplic))
@@ -448,14 +439,24 @@ int mysql_prepare_insert(THD *thd, TABLE_LIST *table_list,
 			 enum_duplicates duplic)
 {
   DBUG_ENTER("mysql_prepare_insert");
-  if (check_insert_fields(thd, table, fields, *values, 1) ||
+  if (duplic == DUP_UPDATE && !table->insert_values)
+  {
+    /* it should be allocated before Item::fix_fields() */
+    table->insert_values= 
+      (byte *)alloc_root(thd->mem_root, table->rec_buff_length);
+    if (!table->insert_values)
+      DBUG_RETURN(-1);
+  }
+  if ((values && check_insert_fields(thd, table, fields, *values, 1)) ||
       setup_tables(insert_table_list) ||
-      setup_fields(thd, 0, insert_table_list, *values, 0, 0, 0) ||
+      (values && setup_fields(thd, 0, insert_table_list, *values, 0, 0, 0)) ||
       (duplic == DUP_UPDATE &&
        (setup_fields(thd, 0, insert_table_list, update_fields, 1, 0, 0) ||
         setup_fields(thd, 0, insert_table_list, update_values, 1, 0, 0))))
     DBUG_RETURN(-1);
-  if (find_real_table_in_list(table_list->next, 
+  if ((thd->lex->sql_command==SQLCOM_INSERT ||
+       thd->lex->sql_command==SQLCOM_REPLACE) &&
+      find_real_table_in_list(table_list->next, 
 			      table_list->db, table_list->real_name))
   {
     my_error(ER_UPDATE_TABLE_USED, MYF(0), table_list->real_name);
@@ -550,8 +551,10 @@ int write_record(TABLE *table,COPY_INFO *info)
            that matches, is updated. If update causes a conflict again,
            an error is returned
         */
+	DBUG_ASSERT(table->insert_values != NULL);
         store_record(table,insert_values);
         restore_record(table,record[1]);
+	DBUG_ASSERT(info->update_fields->elements==info->update_values->elements);
         if (fill_record(*info->update_fields, *info->update_values, 0))
           goto err;
         if ((error=table->file->update_row(table->record[1],table->record[0])))
-- 
cgit v1.2.1