Bug#36086: SELECT * from views don't check column grants

This patch also fixes bugs 36963 and 35600.
                      
- In many places a view was confused with an anonymous derived
  table, i.e. access checking was skipped. Fixed by introducing a
  predicate to tell the difference between named and anonymous
  derived tables.
                      
- When inserting fields for "SELECT * ", there was no 
  distinction between base tables and views, where one should be
  made. View privileges are checked elsewhere.

mysql-test/include/grant_cache.inc:
  Bug#36086: Changed test case.
mysql-test/r/grant2.result:
  Bug#36086: Changed test result.
mysql-test/r/grant_cache_no_prot.result:
  Bug#36086: Changed test result.
mysql-test/r/grant_cache_ps_prot.result:
  Bug#36086: Changed test result.
mysql-test/r/view_grant.result:
  Bug#36086: Test result.
mysql-test/t/grant2.test:
  Bug#36086: Changed test case.
mysql-test/t/view_grant.test:
  Bug#36086: Test case.
sql/item.cc:
  Bug#36086: Replaced conditional with new methods.
sql/sql_acl.cc:
  Bug no 35600: 
  In mysql_table_grant:
    Replaced conditional with the new accessor method.
  
  In check_grant:
   - Changed the requirement table->derived != null to 
     checking all anonymous derived tables.
   - Use of the accessor methods for getting object and database 
     names.
      
  Bug#36086: In check_grant_all_columns:
    - Updated comment. This function is now called for views
      as well.
    - The error message should not disclose any column names 
      unless the user has privilege to see all column names.
    - Changed names of Field_iterator_table_ref methods.
sql/sql_base.cc:
  Bug no 36963: In insert_fields()
    - Commented.
    - We should call check_grant_all_columns() for views in  
      this case.        
    - Changed names of Field_iterator_table_ref methods.
    - We should not disclose column names in the error message
      when the user has no approprate privilege.
sql/sql_cache.cc:
  Bug#36086: Replaced test with new predicate method.
sql/sql_derived.cc:
  Bug#36086: commenting only. Updated and doxygenated
  comment for mysql_derived_prepare().
sql/sql_parse.cc:
  Bug no 35600: 
  - In check_single_table_access:
    Due to the bug, check_grant would raise an error for a
    SHOW CREATE TABLE command for a TEMPTABLE view. It should in
    fact not be be invoked in this case. This table privilege
    is checked already.
    There is a test case for this in information_schema_db.test.
      
  - In check_access: replaced table->derived
sql/table.cc:
  Bug#36086: 
  
  - In TABLE_LIST::set_underlying_merge(): 
    Commenting only. Doxygenated, corrected spelling,
    added.
  
  - Renamed table_name() and db_name() methods of 
    Field_iterator_table_ref in order to be consistent
    with new methods in TABLE_LIST.
sql/table.h:
  Bug#36086: 
    - Commented GRANT_INFO.
    - Added a predicate is_anonymous_derived_table() to    
      TABLE_LIST.
    - Added get_table_name() and get_db_name() to   
      TABLE_LIST in order to hide the disparate   
      representation of these properties.

1 files changed, 53 insertions, 23 deletions

diff --git a/sql/sql_derived.cc b/sql/sql_derived.cc
index 10b42e11b26..41be98621a6 100644
--- a/sql/sql_derived.cc
+++ b/sql/sql_derived.cc
@@ -73,29 +73,59 @@ out:
 }
 
 
-/*
-  Create temporary table structure (but do not fill it)
-
-  SYNOPSIS
-    mysql_derived_prepare()
-    thd			Thread handle
-    lex                 LEX for this thread
-    orig_table_list     TABLE_LIST for the upper SELECT
-
-  IMPLEMENTATION
-    Derived table is resolved with temporary table.
-
-    After table creation, the above TABLE_LIST is updated with a new table.
-
-    This function is called before any command containing derived table
-    is executed.
-
-    Derived tables is stored in thd->derived_tables and freed in
-    close_thread_tables()
-
-  RETURN
-    FALSE  OK
-    TRUE   Error
+/**
+  @brief Create temporary table structure (but do not fill it).
+
+  @param thd Thread handle
+  @param lex LEX for this thread
+  @param orig_table_list TABLE_LIST for the upper SELECT
+
+  @details 
+
+  This function is called before any command containing derived tables is
+  executed. Currently the function is used for derived tables, i.e.
+
+  - Anonymous derived tables, or 
+  - Named derived tables (aka views) with the @c TEMPTABLE algorithm.
+   
+  The table reference, contained in @c orig_table_list, is updated with the
+  fields of a new temporary table.
+
+  Derived tables are stored in @c thd->derived_tables and closed by
+  close_thread_tables().
+
+  This function is part of the procedure that starts in
+  open_and_lock_tables(), a procedure that - among other things - introduces
+  new table and table reference objects (to represent derived tables) that
+  don't exist in the privilege database. This means that normal privilege
+  checking cannot handle them. Hence this function does some extra tricks in
+  order to bypass normal privilege checking, by exploiting the fact that the
+  current state of privilege verification is attached as GRANT_INFO structures
+  on the relevant TABLE and TABLE_REF objects.
+
+  For table references, the current state of accrued access is stored inside
+  TABLE_LIST::grant. Hence this function must update the state of fulfilled
+  privileges for the new TABLE_LIST, an operation which is normally performed
+  exclusively by the table and database access checking functions,
+  check_access() and check_grant(), respectively. This modification is done
+  for both views and anonymous derived tables: The @c SELECT privilege is set
+  as fulfilled by the user. However, if a view is referenced and the table
+  reference is queried against directly (see TABLE_LIST::referencing_view),
+  the state of privilege checking (GRANT_INFO struct) is copied as-is to the
+  temporary table.
+
+  This function implements a signature called "derived table processor", and
+  is passed as a function pointer to mysql_handle_derived().
+
+  @note This function sets @c SELECT_ACL for @c TEMPTABLE views as well as
+  anonymous derived tables, but this is ok since later access checking will
+  distinguish between them.
+
+  @see mysql_handle_derived(), mysql_derived_filling(), GRANT_INFO
+
+  @return
+    false  OK
+    true   Error
 */
 
 bool mysql_derived_prepare(THD *thd, LEX *lex, TABLE_LIST *orig_table_list)