Bug#35996: SELECT + SHOW VIEW should be enough to display

view definition

During SHOW CREATE VIEW there is no reason to 'anonymize'
errors that name objects that a user does not have access
to. Moreover it was inconsistently implemented. For example
base tables being referenced from a view appear to be ok,
but not views. The manual on the other hand is clear: If a
user has the privileges SELECT and SHOW VIEW, the view
definition is available to that user, period. The fix
changes the behavior to support the manual.


mysql-test/r/information_schema_db.result:
  Bug#35996: Changed warnings.
mysql-test/r/view_grant.result:
  Bug#35996: Changed warnings, test result.
mysql-test/t/information_schema_db.test:
  Bug#35996: Changed test case to reflect new behavior.
mysql-test/t/view_grant.test:
  Bug#35996: Test case.
sql/sql_acl.cc:
  Bug#35996: Code no longer necessary, we may as well exempt 
  SHOW CREATE VIEW from this check.
sql/sql_show.cc:
  Bug#35996: The fix: An Internal_error_handler that hides
  most errors raised by access checking as they are not
  relevant to SHOW CREATE VIEW.
sql/table.cc:
  Bug#35996: Restricting this hack to act only when there is 
  no Internal_error_handler.

1 files changed, 125 insertions, 18 deletions

diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index bb377e676e2..a065d953b67 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -581,6 +581,126 @@ find_files(THD *thd, List<LEX_STRING> *files, const char *db,
 }
 
 
+/**
+   An Internal_error_handler that suppresses errors regarding views'
+   underlying tables that occur during privilege checking within SHOW CREATE
+   VIEW commands. This happens in the cases when
+
+   - A view's underlying table (e.g. referenced in its SELECT list) does not
+     exist. There should not be an error as no attempt was made to access it
+     per se.
+
+   - Access is denied for some table, column, function or stored procedure
+     such as mentioned above. This error gets raised automatically, since we
+     can't untangle its access checking from that of the view itself.
+ */
+class Show_create_error_handler : public Internal_error_handler {
+  
+  TABLE_LIST *m_top_view;
+  bool m_handling;
+  Security_context *m_sctx;
+
+  char m_view_access_denied_message[MYSQL_ERRMSG_SIZE];
+  char *m_view_access_denied_message_ptr;
+
+public:
+
+  /**
+     Creates a new Show_create_error_handler for the particular security
+     context and view. 
+
+     @thd Thread context, used for security context information if needed.
+     @top_view The view. We do not verify at this point that top_view is in
+     fact a view since, alas, these things do not stay constant.
+  */
+  explicit Show_create_error_handler(THD *thd, TABLE_LIST *top_view) : 
+    m_top_view(top_view), m_handling(FALSE),
+    m_view_access_denied_message_ptr(NULL) 
+  {
+    
+    m_sctx = test(m_top_view->security_ctx) ?
+      m_top_view->security_ctx : thd->security_ctx;
+  }
+
+  /**
+     Lazy instantiation of 'view access denied' message. The purpose of the
+     Show_create_error_handler is to hide details of underlying tables for
+     which we have no privileges behind ER_VIEW_INVALID messages. But this
+     obviously does not apply if we lack privileges on the view itself.
+     Unfortunately the information about for which table privilege checking
+     failed is not available at this point. The only way for us to check is by
+     reconstructing the actual error message and see if it's the same.
+  */
+  char* get_view_access_denied_message() 
+  {
+    if (!m_view_access_denied_message_ptr)
+    {
+      m_view_access_denied_message_ptr= m_view_access_denied_message;
+      my_snprintf(m_view_access_denied_message, MYSQL_ERRMSG_SIZE,
+                  ER(ER_TABLEACCESS_DENIED_ERROR), "SHOW VIEW",
+                  m_sctx->priv_user,
+                  m_sctx->host_or_ip, m_top_view->get_table_name());
+    }
+    return m_view_access_denied_message_ptr;
+  }
+
+  bool handle_error(uint sql_errno, const char *message, 
+                    MYSQL_ERROR::enum_warning_level level, THD *thd) {
+    /* 
+       The handler does not handle the errors raised by itself.
+       At this point we know if top_view is really a view.
+    */
+    if (m_handling || !m_top_view->view)
+      return FALSE;
+
+    m_handling= TRUE;
+
+    bool is_handled;
+    
+    switch (sql_errno)
+    {
+    case ER_TABLEACCESS_DENIED_ERROR:
+      if (!strcmp(get_view_access_denied_message(), message))
+      {
+        /* Access to top view is not granted, don't interfere. */
+        is_handled= FALSE;
+        break;
+      }
+    case ER_COLUMNACCESS_DENIED_ERROR:
+    case ER_VIEW_NO_EXPLAIN: /* Error was anonymized, ignore all the same. */
+    case ER_PROCACCESS_DENIED_ERROR:
+      is_handled= TRUE;
+      break;
+
+    case ER_NO_SUCH_TABLE:
+      /* Established behavior: warn if underlying tables are missing. */
+      push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN, 
+                          ER_VIEW_INVALID,
+                          ER(ER_VIEW_INVALID),
+                          m_top_view->get_db_name(),
+                          m_top_view->get_table_name());
+      is_handled= TRUE;
+      break;
+
+    case ER_SP_DOES_NOT_EXIST:
+      /* Established behavior: warn if underlying functions are missing. */
+      push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN, 
+                          ER_VIEW_INVALID,
+                          ER(ER_VIEW_INVALID),
+                          m_top_view->get_db_name(),
+                          m_top_view->get_table_name());
+      is_handled= TRUE;
+      break;
+    default:
+      is_handled= FALSE;
+    }
+
+    m_handling= FALSE;
+    return is_handled;
+  }
+};
+
+
 bool
 mysqld_show_create(THD *thd, TABLE_LIST *table_list)
 {
@@ -594,26 +714,13 @@ mysqld_show_create(THD *thd, TABLE_LIST *table_list)
   /* We want to preserve the tree for views. */
   thd->lex->view_prepare_mode= TRUE;
 
-  /* Only one table for now, but VIEW can involve several tables */
-  if (open_normal_and_derived_tables(thd, table_list, 0))
   {
-    if (!table_list->view ||
-        (thd->is_error() && thd->main_da.sql_errno() != ER_VIEW_INVALID))
+    Show_create_error_handler view_error_suppressor(thd, table_list);
+    thd->push_internal_handler(&view_error_suppressor);
+    bool error= open_normal_and_derived_tables(thd, table_list, 0);
+    thd->pop_internal_handler();
+    if (error && thd->main_da.is_error())
       DBUG_RETURN(TRUE);
-
-    /*
-      Clear all messages with 'error' level status and
-      issue a warning with 'warning' level status in 
-      case of invalid view and last error is ER_VIEW_INVALID
-    */
-    mysql_reset_errors(thd, true);
-    thd->clear_error();
-
-    push_warning_printf(thd,MYSQL_ERROR::WARN_LEVEL_WARN,
-                        ER_VIEW_INVALID,
-                        ER(ER_VIEW_INVALID),
-                        table_list->view_db.str,
-                        table_list->view_name.str);
   }
 
   /* TODO: add environment variables show when it become possible */