Bug#36086: SELECT * from views don't check column grants

This patch also fixes bugs 36963 and 35600.
                      
- In many places a view was confused with an anonymous derived
  table, i.e. access checking was skipped. Fixed by introducing a
  predicate to tell the difference between named and anonymous
  derived tables.
                      
- When inserting fields for "SELECT * ", there was no 
  distinction between base tables and views, where one should be
  made. View privileges are checked elsewhere.

mysql-test/include/grant_cache.inc:
  Bug#36086: Changed test case.
mysql-test/r/grant2.result:
  Bug#36086: Changed test result.
mysql-test/r/grant_cache_no_prot.result:
  Bug#36086: Changed test result.
mysql-test/r/grant_cache_ps_prot.result:
  Bug#36086: Changed test result.
mysql-test/r/view_grant.result:
  Bug#36086: Test result.
mysql-test/t/grant2.test:
  Bug#36086: Changed test case.
mysql-test/t/view_grant.test:
  Bug#36086: Test case.
sql/item.cc:
  Bug#36086: Replaced conditional with new methods.
sql/sql_acl.cc:
  Bug no 35600: 
  In mysql_table_grant:
    Replaced conditional with the new accessor method.
  
  In check_grant:
   - Changed the requirement table->derived != null to 
     checking all anonymous derived tables.
   - Use of the accessor methods for getting object and database 
     names.
      
  Bug#36086: In check_grant_all_columns:
    - Updated comment. This function is now called for views
      as well.
    - The error message should not disclose any column names 
      unless the user has privilege to see all column names.
    - Changed names of Field_iterator_table_ref methods.
sql/sql_base.cc:
  Bug no 36963: In insert_fields()
    - Commented.
    - We should call check_grant_all_columns() for views in  
      this case.        
    - Changed names of Field_iterator_table_ref methods.
    - We should not disclose column names in the error message
      when the user has no approprate privilege.
sql/sql_cache.cc:
  Bug#36086: Replaced test with new predicate method.
sql/sql_derived.cc:
  Bug#36086: commenting only. Updated and doxygenated
  comment for mysql_derived_prepare().
sql/sql_parse.cc:
  Bug no 35600: 
  - In check_single_table_access:
    Due to the bug, check_grant would raise an error for a
    SHOW CREATE TABLE command for a TEMPTABLE view. It should in
    fact not be be invoked in this case. This table privilege
    is checked already.
    There is a test case for this in information_schema_db.test.
      
  - In check_access: replaced table->derived
sql/table.cc:
  Bug#36086: 
  
  - In TABLE_LIST::set_underlying_merge(): 
    Commenting only. Doxygenated, corrected spelling,
    added.
  
  - Renamed table_name() and db_name() methods of 
    Field_iterator_table_ref in order to be consistent
    with new methods in TABLE_LIST.
sql/table.h:
  Bug#36086: 
    - Commented GRANT_INFO.
    - Added a predicate is_anonymous_derived_table() to    
      TABLE_LIST.
    - Added get_table_name() and get_db_name() to   
      TABLE_LIST in order to hide the disparate   
      representation of these properties.

1 files changed, 1 insertions, 1 deletions

diff --git a/mysql-test/r/grant2.result b/mysql-test/r/grant2.result
index b94de265d0c..03c4ea042f6 100644
--- a/mysql-test/r/grant2.result
+++ b/mysql-test/r/grant2.result
@@ -434,7 +434,7 @@ USE db1;
 SELECT c FROM t2;
 ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
 SELECT * FROM t2;
-ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
+ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for table 't2'
 SELECT * FROM t1 JOIN t2 USING (b);
 ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
 DROP TABLE db1.t1, db1.t2;