Commit 8537cf2f authored by unknown's avatar unknown
Browse files

Fix for bug #6116 "SET time_zone := ... requires access to 

mysql.time_zone* tables".

We are excluding implicitly used time zone tables from privilege
checking.


mysql-test/r/timezone2.result:
  Added test for bug #6116 "SET time_zone := ... requires access to 
  mysql.time_zone tables"
mysql-test/t/timezone2.test:
  Added test for bug #6116 "SET time_zone := ... requires access to 
  mysql.time_zone tables"
sql/sql_parse.cc:
  check_table_access(): we should avoid privilege checking for implicitly
  used time zone tables.
sql/tztime.cc:
  Indicated dependancy between my_tz_get_table_list() function and
  my_tz_check_n_skip_implicit_tables() function.
sql/tztime.h:
  Added my_tz_check_n_skip_implicit_tables() function which allows easily
  determine whenever we have found beggining of the list of implicitly used
  time zone tables and fast-forward to its end.
parent 8f823600

mysql-test/r/timezone2.result

+20 −0
Original line number Diff line number Diff line
@@ -251,3 +251,23 @@ select convert_tz(ts, @@time_zone, 'Japan') from t1; 
convert_tz(ts, @@time_zone, 'Japan')

2001-09-09 10:46:40

drop table t1;

delete from mysql.user where user like 'mysqltest\_%';

delete from mysql.db where user like 'mysqltest\_%';

delete from mysql.tables_priv where user like 'mysqltest\_%';

delete from mysql.columns_priv where user like 'mysqltest\_%';

flush privileges;

grant usage on mysqltest.* to mysqltest_1@localhost;

show grants for current_user();

Grants for mysqltest_1@localhost

GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'

set time_zone= '+00:00';

set time_zone= 'Europe/Moscow';

select convert_tz('2004-10-21 19:00:00', 'Europe/Moscow', 'UTC');

convert_tz('2004-10-21 19:00:00', 'Europe/Moscow', 'UTC')

2004-10-21 15:00:00

select * from mysql.time_zone_name;

ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysql'

select Name, convert_tz('2004-10-21 19:00:00', Name, 'UTC') from mysql.time_zone_name;

ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysql'

delete from mysql.user where user like 'mysqltest\_%';

flush privileges;

mysql-test/t/timezone2.test

+28 −0
Original line number Diff line number Diff line
@@ -199,3 +199,31 @@ insert into t1 (ts) values (now()); 
select convert_tz(ts, @@time_zone, 'Japan') from t1;

drop table t1;



#

# Test for bug #6116 "SET time_zone := ... requires access to mysql.time_zone

# tables". We should allow implicit access to time zone description tables

# even for unprivileged users.

#



delete from mysql.user where user like 'mysqltest\_%';

delete from mysql.db where user like 'mysqltest\_%';

delete from mysql.tables_priv where user like 'mysqltest\_%';

delete from mysql.columns_priv where user like 'mysqltest\_%';

flush privileges;



grant usage on mysqltest.* to mysqltest_1@localhost;

connect (tzuser, localhost, mysqltest_1,,);

connection tzuser;

show grants for current_user();

set time_zone= '+00:00';

set time_zone= 'Europe/Moscow';

select convert_tz('2004-10-21 19:00:00', 'Europe/Moscow', 'UTC');

# But still these two statements should not work:

--error 1044

select * from mysql.time_zone_name;

--error 1044

select Name, convert_tz('2004-10-21 19:00:00', Name, 'UTC') from mysql.time_zone_name;



connection default;

delete from mysql.user where user like 'mysqltest\_%';

flush privileges;

sql/sql_parse.cc

+4 −1
Original line number Diff line number Diff line
@@ -3724,7 +3724,10 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables, 
  TABLE_LIST *org_tables=tables;

  for (; tables ; tables=tables->next)

  {

    if (tables->derived || (tables->table && (int)tables->table->tmp_table))

    if (tables->derived ||

        (tables->table && (int)tables->table->tmp_table) ||

        my_tz_check_n_skip_implicit_tables(&tables,

                                           thd->lex->time_zone_tables_used))

      continue;

    if ((thd->master_access & want_access) == (want_access & ~EXTRA_ACL) &&

	thd->db)

sql/tztime.cc

+4 −0
Original line number Diff line number Diff line
@@ -1434,6 +1434,10 @@ tz_init_table_list(TABLE_LIST *tz_tabs) 
    This function creates list of TABLE_LIST objects allocated in thd's

    memroot, which can be used for opening of time zone tables.



  NOTE

    my_tz_check_n_skip_implicit_tables() function depends on fact that

    elements of list created are allocated as TABLE_LIST[4] array.



  RETURN VALUES

    Returns pointer to first TABLE_LIST object, (could be 0 if time zone

    tables don't exist) and &fake_time_zone_tables_list in case of error.

sql/tztime.h

+29 −0
Original line number Diff line number Diff line
@@ -64,6 +64,35 @@ extern Time_zone * my_tz_find(const String *name, TABLE_LIST *tz_tables); 
extern my_bool     my_tz_init(THD *org_thd, const char *default_tzname, my_bool bootstrap);

extern void        my_tz_free();





/*

  Check if we have pointer to the beggining of list of implictly used

  time zone tables and fast-forward to its end.



  SYNOPSIS

    my_tz_check_n_skip_implicit_tables()

      table     - (in/out) pointer to element of table list to check

      tz_tables - list of implicitly used time zone tables received

                  from my_tz_get_table_list() function.



  NOTE

    This function relies on my_tz_get_table_list() implementation.



  RETURN VALUE

    TRUE  - if table points to the beggining of tz_tables list

    FALSE - otherwise.

*/

inline bool my_tz_check_n_skip_implicit_tables(TABLE_LIST **table,

                                               TABLE_LIST *tz_tables)

{

  if (*table == tz_tables)

  {

    (*table)+= 3;

    return TRUE;

  }

  return FALSE;

}



/* 

  Maximum length of time zone name that we support 

  (Time zone name is char(64) in db)