Bug#17254: Error for DEFINER security on VIEW provides too much info

If a view was created with the DEFINER security and later the definer user
was dropped then a SELECT from the view throws the error message saying that
there is no definer user is registered. This is ok for a root but too much
for a mere user.

Now the st_table_list::prepare_view_securety_context() function reveals
the absence of the definer only to a superuser and throws the 'access denied'
error to others.


mysql-test/t/view_grant.test:
  Added a test case for bug#17254: Error for DEFINER security on VIEW provides too much info
mysql-test/r/view_grant.result:
  Added a test case for bug#17254: Error for DEFINER security on VIEW provides too much info
sql/table.cc:
  Bug#17254: Error for DEFINER security on VIEW provides too much info
  Now the st_table_list::prepare_view_securety_context() function reveals
  the absence of the definer only to a superuser and throws the 'access denied'
  error to others.

1 files changed, 12 insertions, 1 deletions

diff --git a/sql/table.cc b/sql/table.cc
index 5d5d5095e7c..6bc43e48110 100644
--- a/sql/table.cc
+++ b/sql/table.cc
@@ -2458,7 +2458,18 @@ bool st_table_list::prepare_view_securety_context(THD *thd)
       }
       else
       {
-        my_error(ER_NO_SUCH_USER, MYF(0), definer.user.str, definer.host.str);
+        if (thd->security_ctx->master_access & SUPER_ACL)
+        {
+          my_error(ER_NO_SUCH_USER, MYF(0), definer.user.str, definer.host.str);
+
+        }
+        else
+        {
+           my_error(ER_ACCESS_DENIED_ERROR, MYF(0),
+                    thd->security_ctx->priv_user,
+                    thd->security_ctx->priv_host,
+                    (thd->password ?  ER(ER_YES) : ER(ER_NO)));
+        }
         DBUG_RETURN(TRUE);
       }
     }