Bug#51770: UNINSTALL PLUGIN requires no privileges

The problem was that UNINSTALL PLUGIN wasn't performing privilege
checks before removing a plugin. Any user (including users without 
any kind of privileges) could uninstall any plugin.

The solution is to verify if the user has the DELETE privilege for
the mysql.plugin table before uninstalling a plugin.

mysql-test/r/plugin_not_embedded.result

@@ -0,0 +1,11 @@
+#
+# Bug#51770: UNINSTALL PLUGIN requires no privileges
+#
+GRANT INSERT ON mysql.plugin TO bug51770@localhost;
+INSTALL PLUGIN example SONAME 'ha_example.so';
+UNINSTALL PLUGIN example;
+ERROR 42000: DELETE command denied to user 'bug51770'@'localhost' for table 'plugin'
+GRANT DELETE ON mysql.plugin TO bug51770@localhost;
+FLUSH PRIVILEGES;
+UNINSTALL PLUGIN example;
+DROP USER bug51770@localhost;

mysql-test/t/plugin_not_embedded-master.opt

@@ -0,0 +1 @@
+$EXAMPLE_PLUGIN_OPT

mysql-test/t/plugin_not_embedded.test

@@ -0,0 +1,20 @@
+--source include/not_embedded.inc
+--source include/have_example_plugin.inc
+
+--echo #
+--echo # Bug#51770: UNINSTALL PLUGIN requires no privileges
+--echo #
+
+GRANT INSERT ON mysql.plugin TO bug51770@localhost;
+connect(con1,localhost,bug51770,,);
+eval INSTALL PLUGIN example SONAME $HA_EXAMPLE_SO;
+--error ER_TABLEACCESS_DENIED_ERROR
+UNINSTALL PLUGIN example;
+connection default;
+GRANT DELETE ON mysql.plugin TO bug51770@localhost;
+FLUSH PRIVILEGES;
+connection con1;
+UNINSTALL PLUGIN example;
+disconnect con1;
+connection default;
+DROP USER bug51770@localhost;

sql/sql_plugin.cc

@@ -1736,6 +1736,8 @@ bool mysql_uninstall_plugin(THD *thd, const LEX_STRING *name)
   bzero(&tables, sizeof(tables));
   tables.db= (char *)"mysql";
   tables.table_name= tables.alias= (char *)"plugin";
+  if (check_table_access(thd, DELETE_ACL, &tables, 1, FALSE))
+    DBUG_RETURN(TRUE);
 
   /* need to open before acquiring LOCK_plugin or it will deadlock */
   if (! (table= open_ltable(thd, &tables, TL_WRITE, 0)))