BUG#18681: View privileges are broken

The check for view security was lacking several points :
1. Check with the right set of permissions : for each table ref that
participates in a view there were the right credentials to use in it's
security_ctx member, but these weren't used for checking the credentials.
This makes hard enforcing the SQL SECURITY DEFINER|INVOKER property
consistently.
2. Because of the above the security checking for views was just ruled out
in explicit ways in several places.
3. The security was checked only for the columns of the tables that are
brought into the query from a view. So if there is no column reference
outside of the view definition it was not detecting the lack of access to
the tables in the view in SQL SECURITY INVOKER mode.

The fix below tries to fix the above 3 points.


mysql-test/r/grant.result:
  removed nondeterminism (unspecified order) in some test output
mysql-test/r/view_grant.result:
  Somewhat extended test case for the bug and similar queries.
mysql-test/t/grant.test:
  removed nondeterminism (unspecified order) in some test output
mysql-test/t/view_grant.test:
  Somewhat extended test case for the bug and similar queries.
sql/mysql_priv.h:
  A wrapper for setup_tables that also checks access to the tables
sql/sql_acl.cc:
  removed artificial security check stop and used the table ref's credentials.
sql/sql_base.cc:
  a wrapper for setup_tables to check access to the tables
sql/sql_delete.cc:
  wrapper called.
sql/sql_insert.cc:
  wrapper called
sql/sql_load.cc:
  wrapper called
sql/sql_parse.cc:
  wrapper called and artificial check stop removed
sql/sql_select.cc:
  wrapper called
sql/sql_update.cc:
  wrapper called
sql/table.cc:
  Mask table access to the view error as well.

1 files changed, 10 insertions, 7 deletions

diff --git a/sql/sql_update.cc b/sql/sql_update.cc
index dfe23c9a503..b4ae779f9e2 100644
--- a/sql/sql_update.cc
+++ b/sql/sql_update.cc
@@ -613,9 +613,11 @@ bool mysql_prepare_update(THD *thd, TABLE_LIST *table_list,
   tables.alias= table_list->alias;
   thd->lex->allow_sum_func= 0;
 
-  if (setup_tables(thd, &select_lex->context, &select_lex->top_join_list,
-                   table_list, conds, &select_lex->leaf_tables,
-                   FALSE) ||
+  if (setup_tables_and_check_access(thd, &select_lex->context, 
+                                    &select_lex->top_join_list,
+                                    table_list, conds, 
+                                    &select_lex->leaf_tables,
+                                    FALSE, UPDATE_ACL) ||
       setup_conds(thd, table_list, select_lex->leaf_tables, conds) ||
       select_lex->setup_ref_array(thd, order_num) ||
       setup_order(thd, select_lex->ref_pointer_array,
@@ -706,10 +708,11 @@ reopen_tables:
     call in setup_tables()).
   */
 
-  if (setup_tables(thd, &lex->select_lex.context,
-                   &lex->select_lex.top_join_list,
-                   table_list, &lex->select_lex.where,
-                   &lex->select_lex.leaf_tables, FALSE))
+  if (setup_tables_and_check_access(thd, &lex->select_lex.context,
+                                    &lex->select_lex.top_join_list,
+                                    table_list, &lex->select_lex.where,
+                                    &lex->select_lex.leaf_tables, FALSE,
+                                    UPDATE_ACL))
     DBUG_RETURN(TRUE);
 
   if (setup_fields_with_no_wrap(thd, 0, *fields, 1, 0, 0))