Fix for bug #11555 "Stored procedures: current SP tables locking make

impossible view security".

We should not expose names of tables which are explicitly or implicitly (via
routine or trigger) used by view even if we find that they are missing.
So during building of list of prelocked tables for statement we track which
routines (and therefore tables for these routines) are used from views. We
mark elements of LEX::routines set which correspond to routines used in views
by setting Sroutine_hash_entry::belong_to_view member to point to TABLE_LIST
object for topmost view which uses routine. We propagate this mark to all
routines which are used by this routine and which we add to this set. We also
mark tables used by such routine which we add to the list of tables for
prelocking as belonging to this view.


mysql-test/r/sp-error.result:
  Added test for bug #11555 "Stored procedures: current SP tables locking make 
  impossible view security".
mysql-test/r/view.result:
  We should not expose tables which are expicitly/implicitly used in view in
  check table statement.
mysql-test/t/sp-error.test:
  Added test for bug #11555 "Stored procedures: current SP tables locking make 
  impossible view security".
mysql-test/t/view.test:
  Removed comment obsoleted by bugfix.
sql/sp.cc:
  We should not expose names of tables which are explicitly or implicitly
  (via routine or trigger) used by view even if we find that they are missing.
  So during building of list of prelocked tables for statement we track which
  routines (and therefore tables for these routines) are used from views. We
  mark elements of LEX::routines set which correspond to routines used in views
  by setting Sroutine_hash_entry::belong_to_view member to point to TABLE_LIST
  object for topmost view which uses routine. We propagate this mark to all
  routines which are used by this routine and which we add to this set. We also
  mark tables used by such routine which we add to the list of tables for
  prelocking as belonging to this view.
sql/sp.h:
  sp_cache_routines_and_add_tables_for_view()/for_triggers():
    To be able to determine correctly uppermost view which uses this view/table
    with trigger we have to pass pointer to TABLE_LIST object instead of pointer
    to view's LEX or to Table_triggers_list object.
sql/sp_head.cc:
  sp_head::add_used_tables_to_table_list():
    Added new argument which allows to mark tables which are added to table
    list for prelocking as belonging to view (this allows properly hide names
    of tables which are used in routines used by views).
sql/sp_head.h:
  sp_head::add_used_tables_to_table_list():
    Added new argument which allows to mark tables which are added to table
    list for prelocking as belonging to view (this allows properly hide names
    of tables which are used in routines used by views).
sql/sql_base.cc:
  open_tables():
    sp_cache_routines_and_add_tables_for_view()/for_triggers() now accept
    pointer to table list element as last argument, this allows them to determine
    correctly uppermost view which uses this view/table with trigger.
sql/sql_trigger.h:
  Table_triggers_list:
    sp_cache_routines_and_add_tables_for_triggers() now accept pointer to table
    list element as last argument, this allows to determine correctly uppermost
    view which uses this table with trigger.

4 files changed, 104 insertions, 4 deletions

diff --git a/mysql-test/r/sp-error.result b/mysql-test/r/sp-error.result
index 963f14820be..d01ff78ce7f 100644
--- a/mysql-test/r/sp-error.result
+++ b/mysql-test/r/sp-error.result
@@ -1055,3 +1055,43 @@ Db	Name	Type	Definer	Modified	Created	Security_type	Comment
 mysqltest2	p1	PROCEDURE	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	DEFINER	
 drop database mysqltest2;
 use test;
+drop function if exists bug11555_1;
+drop function if exists bug11555_2;
+drop view if exists v1, v2, v3, v4;
+create function bug11555_1() returns int return (select max(i) from t1);
+create function bug11555_2() returns int return bug11555_1();
+create view v1 as select bug11555_1();
+ERROR 42S02: Table 'test.t1' doesn't exist
+create view v2 as select bug11555_2();
+ERROR 42S02: Table 'test.t1' doesn't exist
+create table t1 (i int);
+create view v1 as select bug11555_1();
+create view v2 as select bug11555_2();
+create view v3 as select * from v1;
+drop table t1;
+select * from v1;
+ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from v2;
+ERROR HY000: View 'test.v2' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from v3;
+ERROR HY000: View 'test.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+create view v4 as select * from v1;
+ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+drop view v1, v2, v3;
+drop function bug11555_1;
+drop function bug11555_2;
+create table t1 (i int);
+create table t2 (i int);
+create trigger t1_ai after insert on t1 for each row insert into t2 values (new.i);
+create view v1 as select * from t1;
+drop table t2;
+insert into v1 values (1);
+ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+drop trigger t1_ai;
+create function bug11555_1() returns int return (select max(i) from t2);
+create trigger t1_ai after insert on t1 for each row set @a:=bug11555_1();
+insert into v1 values (2);
+ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+drop function bug11555_1;
+drop table t1;
+drop view v1;
diff --git a/mysql-test/r/view.result b/mysql-test/r/view.result
index ebb2c190eb1..6d7a6040858 100644
--- a/mysql-test/r/view.result
+++ b/mysql-test/r/view.result
@@ -1933,11 +1933,11 @@ create function f1 () returns int return (select max(col1) from t1);
 DROP TABLE t1;
 CHECK TABLE v1, v2, v3, v4, v5, v6;
 Table	Op	Msg_type	Msg_text
-test.v1	check	error	Table 'test.t1' doesn't exist
+test.v1	check	error	View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
 test.v2	check	status	OK
-test.v3	check	error	Table 'test.t1' doesn't exist
+test.v3	check	error	View 'test.v3' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
 test.v4	check	status	OK
-test.v5	check	error	Table 'test.t1' doesn't exist
+test.v5	check	error	View 'test.v5' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
 test.v6	check	status	OK
 drop function f1;
 drop function f2;
diff --git a/mysql-test/t/sp-error.test b/mysql-test/t/sp-error.test
index 69e5f73817b..27bb8d6653d 100644
--- a/mysql-test/t/sp-error.test
+++ b/mysql-test/t/sp-error.test
@@ -1519,6 +1519,67 @@ drop database mysqltest2;
 use test;
 
 
+# BUG#11555 "Stored procedures: current SP tables locking make 
+# impossible view security". We should not expose names of tables
+# which are implicitly used by view (via stored routines/triggers).
+#
+# Note that SQL standard assumes that you simply won't be able drop table
+# and leave some objects (routines/views/triggers) which were depending on
+# it. Such objects should be dropped in advance (by default) or will be
+# dropped simultaneously with table (DROP TABLE with CASCADE clause).
+# So these tests probably should go away once we will implement standard
+# behavior.
+--disable_warnings
+drop function if exists bug11555_1;
+drop function if exists bug11555_2;
+drop view if exists v1, v2, v3, v4;
+--enable_warnings
+create function bug11555_1() returns int return (select max(i) from t1);
+create function bug11555_2() returns int return bug11555_1();
+# It is OK to report name of implicitly used table which is missing
+# when we create view.
+--error ER_NO_SUCH_TABLE
+create view v1 as select bug11555_1();
+--error ER_NO_SUCH_TABLE
+create view v2 as select bug11555_2();
+# But we should hide name of missing implicitly used table when we use view
+create table t1 (i int);
+create view v1 as select bug11555_1();
+create view v2 as select bug11555_2();
+create view v3 as select * from v1;
+drop table t1;
+--error ER_VIEW_INVALID
+select * from v1;
+--error ER_VIEW_INVALID
+select * from v2;
+--error ER_VIEW_INVALID
+select * from v3;
+# Note that creation of view which depends on broken view is yet 
+# another form of view usage.
+--error ER_VIEW_INVALID
+create view v4 as select * from v1;
+drop view v1, v2, v3;
+# We also should hide details about broken triggers which are
+# invoked for view.
+drop function bug11555_1;
+drop function bug11555_2;
+create table t1 (i int);
+create table t2 (i int);
+create trigger t1_ai after insert on t1 for each row insert into t2 values (new.i);
+create view v1 as select * from t1;
+drop table t2;
+--error ER_VIEW_INVALID
+insert into v1 values (1);
+drop trigger t1_ai;
+create function bug11555_1() returns int return (select max(i) from t2);
+create trigger t1_ai after insert on t1 for each row set @a:=bug11555_1();
+--error ER_VIEW_INVALID
+insert into v1 values (2);
+drop function bug11555_1;
+drop table t1;
+drop view v1;
+
+
 # BUG#NNNN: New bug synopsis
 #
 #--disable_warnings
diff --git a/mysql-test/t/view.test b/mysql-test/t/view.test
index ac103278f08..d15f2de4ca0 100644
--- a/mysql-test/t/view.test
+++ b/mysql-test/t/view.test
@@ -1744,7 +1744,6 @@ drop function f1;
 CHECK TABLE v1, v2, v3, v4, v5, v6;
 create function f1 () returns int return (select max(col1) from t1);
 DROP TABLE t1;
-# following will show underlying table until BUG#11555 fix
 CHECK TABLE v1, v2, v3, v4, v5, v6;
 drop function f1;
 drop function f2;