MWL#182: Explain running statements: address review feedback

- Fix the year in Monty Program Ab copyrights in the new files.
- Fix permissions handling so that SHOW EXPLAIN's handling is the 
  same as SHOW PROCESSLIST's.

5 files changed, 29 insertions, 7 deletions

diff --git a/sql/my_apc.cc b/sql/my_apc.cc
index 48d539aed78..b5f2300c17f 100644
--- a/sql/my_apc.cc
+++ b/sql/my_apc.cc
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2009, 2011, Monty Program Ab
+   Copyright (c) 2011 - 2012, Monty Program Ab
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/my_apc.h b/sql/my_apc.h
index 99861ca3194..88df8145186 100644
--- a/sql/my_apc.h
+++ b/sql/my_apc.h
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2009, 2011, Monty Program Ab
+   Copyright (c) 2011 - 2012, Monty Program Ab
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_class.h b/sql/sql_class.h
index 73123151738..d1183225a83 100644
--- a/sql/sql_class.h
+++ b/sql/sql_class.h
@@ -1552,7 +1552,7 @@ public:
 };
 
 class THD;
-void mysqld_show_explain(THD *thd, ulong thread_id);
+void mysqld_show_explain(THD *thd, const char *calling_user, ulong thread_id);
 #ifndef DBUG_OFF
 void dbug_serve_apcs(THD *thd, int n_calls);
 #endif 
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 18db712d6cb..9ebb1b3f36e 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -3130,6 +3130,7 @@ end_with_restore_list:
     break;
   case SQLCOM_SHOW_EXPLAIN:
   {
+    const char *effective_user;
     /* Same security as SHOW PROCESSLIST (TODO check this) */
     if (!thd->security_ctx->priv_user[0] &&
         check_global_access(thd,PROCESS_ACL))
@@ -3150,8 +3151,10 @@ end_with_restore_list:
 		 MYF(0));
       goto error;
     }
+    effective_user=(thd->security_ctx->master_access & PROCESS_ACL ?  NullS :
+                     thd->security_ctx->priv_user);
 
-    mysqld_show_explain(thd, (ulong)it->val_int());
+    mysqld_show_explain(thd, effective_user, (ulong)it->val_int());
     break;
   }
   case SQLCOM_SHOW_AUTHORS:
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index 145f4fbebcc..d26c8f18340 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -2002,8 +2002,11 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose)
 /*
   SHOW EXPLAIN FOR command handler
 
-  @param  thd         Current thread's thd
-  @param  thread_id   Thread whose explain we need
+  @param  thd          Current thread's thd
+  @param  calling_user User that invoked SHOW EXPLAIN, or NULL if the user 
+                       has SUPER or PROCESS privileges, and so is allowed
+                       to run SHOW EXPLAIN on anybody.
+  @param  thread_id    Thread whose explain we need
 
   @notes
   - Attempt to do "SHOW EXPLAIN FOR <myself>" will properly produce "target not
@@ -2011,7 +2014,7 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose)
   - todo: check how all this can/will work when using thread pools
 */
 
-void mysqld_show_explain(THD *thd, ulong thread_id)
+void mysqld_show_explain(THD *thd, const char *calling_user, ulong thread_id)
 {
   THD *tmp;
   Protocol *protocol= thd->protocol;
@@ -2043,6 +2046,22 @@ void mysqld_show_explain(THD *thd, ulong thread_id)
   
   if (tmp)
   {
+    Security_context *tmp_sctx= tmp->security_ctx;
+    /*
+      If calling_user==NULL, calling thread has SUPER or PROCESS
+      privilege, and so can do SHOW EXPLAIN on any user.
+      
+      if calling_user!=NULL, he's only allowed to view SHOW EXPLAIN on
+      his own threads.
+    */
+    if (calling_user && (!tmp_sctx->user || strcmp(calling_user, 
+                                                   tmp_sctx->user)))
+    {
+      my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "PROCESSLIST");
+      mysql_mutex_unlock(&tmp->LOCK_thd_data);
+      DBUG_VOID_RETURN;
+    }
+
     bool bres;
     /* 
       Ok we've found the thread of interest and it won't go away because