aboutsummaryrefslogtreecommitdiff
path: root/modules/pkgs/mariadb/MDEV-10463.patch
blob: c094257b8412b22c790d9edf769b423ffea3fb7d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index ae38745..73edb18 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -4850,6 +4850,7 @@ int fill_schema_schemata(THD *thd, TABLE_LIST *tables, COND *cond)
   TABLE *table= tables->table;
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
   Security_context *sctx= thd->security_ctx;
+  ulong db_access= sctx->db_access;
 #endif
   DBUG_ENTER("fill_schema_shemata");
 
@@ -4891,9 +4892,20 @@ int fill_schema_schemata(THD *thd, TABLE_LIST *tables, COND *cond)
       continue;
     }
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-    if (sctx->master_access & (DB_ACLS | SHOW_DB_ACL) ||
-	acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0) ||
-	!check_grant_db(thd, db_name->str))
+  if (test_all_bits(sctx->master_access, DB_ACLS))
+    db_access= DB_ACLS;
+  else
+  {
+    db_access= acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, FALSE);
+    if (sctx->priv_role[0])
+    {
+      /* include a possible currently set role for access */
+      db_access|= acl_get("", "", sctx->priv_role, db_name->str, FALSE);
+    }
+  }
+  if ((sctx->master_access & SHOW_DB_ACL) ||
+      (db_access & DB_ACLS) ||
+      !check_grant_db(thd, db_name->str))
 #endif
     {
       load_db_opt_by_name(thd, db_name->str, &create);