From 7e60f71001595df62b92a089869dd67fcc15a1ee Mon Sep 17 00:00:00 2001
From: Sergey Glukhov <Sergey.Glukhov@sun.com>
Date: Thu, 2 Oct 2008 14:37:07 +0500
Subject: [PATCH] Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
 The problem: I_S views table does not check the presence of
 SHOW_VIEW_ACL|SELECT_ACL privileges for a view. It leads to discrepancy
 between SHOW CREATE VIEW and I_S.VIEWS. The fix: added appropriate check.

mysql-test/r/information_schema_db.result:
  test result
mysql-test/t/information_schema_db.test:
  test case
sql/sql_show.cc:
  The problem:
  I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
  privileges for a view. It leads to discrepancy between SHOW CREATE VIEW
  and I_S.VIEWS.
  The fix:
  added appropriate check.
---
 mysql-test/r/information_schema_db.result | 21 ++++++++++++++++
 mysql-test/t/information_schema_db.test   | 30 +++++++++++++++++++++++
 sql/sql_show.cc                           | 21 ++++++++++++++++
 3 files changed, 72 insertions(+)

diff --git a/mysql-test/r/information_schema_db.result b/mysql-test/r/information_schema_db.result
index ef63ef719a4..b9c3358f47e 100644
--- a/mysql-test/r/information_schema_db.result
+++ b/mysql-test/r/information_schema_db.result
@@ -209,3 +209,24 @@ drop view testdb_1.v1, v2, testdb_1.v3, v4;
 drop database testdb_1;
 drop user testdb_1@localhost;
 drop user testdb_2@localhost;
+create database testdb_1;
+create table testdb_1.t1 (a int);
+create view testdb_1.v1 as select * from testdb_1.t1;
+grant show view on testdb_1.* to mysqltest_1@localhost;
+grant select on testdb_1.v1 to mysqltest_1@localhost;
+select table_schema, table_name, view_definition from information_schema.views
+where table_name='v1';
+table_schema	table_name	view_definition
+testdb_1	v1	/* ALGORITHM=UNDEFINED */ select `testdb_1`.`t1`.`a` AS `a` from `testdb_1`.`t1`
+show create view testdb_1.v1;
+View	Create View
+v1	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v1` AS select `testdb_1`.`t1`.`a` AS `a` from `testdb_1`.`t1`
+revoke select on testdb_1.v1 from mysqltest_1@localhost;
+select table_schema, table_name, view_definition from information_schema.views
+where table_name='v1';
+table_schema	table_name	view_definition
+testdb_1	v1	
+show create view testdb_1.v1;
+ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 'v1'
+drop user mysqltest_1@localhost;
+drop database testdb_1;
diff --git a/mysql-test/t/information_schema_db.test b/mysql-test/t/information_schema_db.test
index 666f331c7b9..6353e94fd51 100644
--- a/mysql-test/t/information_schema_db.test
+++ b/mysql-test/t/information_schema_db.test
@@ -82,6 +82,7 @@ drop function func2;
 drop database `inf%`;
 drop procedure mbase.p1;
 drop database mbase;
+disconnect user1;
 
 #
 # Bug#18282 INFORMATION_SCHEMA.TABLES provides inconsistent info about invalid views
@@ -210,3 +211,32 @@ drop view testdb_1.v1, v2, testdb_1.v3, v4;
 drop database testdb_1;
 drop user testdb_1@localhost;
 drop user testdb_2@localhost;
+
+#
+# Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
+#
+create database testdb_1;
+create table testdb_1.t1 (a int);
+create view testdb_1.v1 as select * from testdb_1.t1;
+
+grant show view on testdb_1.* to mysqltest_1@localhost;
+grant select on testdb_1.v1 to mysqltest_1@localhost;
+
+connect (user1,localhost,mysqltest_1,,test);
+connection user1;
+select table_schema, table_name, view_definition from information_schema.views
+where table_name='v1';
+show create view testdb_1.v1;
+
+connection default;
+revoke select on testdb_1.v1 from mysqltest_1@localhost;
+connection user1;
+select table_schema, table_name, view_definition from information_schema.views
+where table_name='v1';
+--error ER_TABLEACCESS_DENIED_ERROR
+show create view testdb_1.v1;
+
+connection default;
+drop user mysqltest_1@localhost;
+drop database testdb_1;
+disconnect user1;
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index c30e0a00d95..8203622cf6e 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -3170,6 +3170,27 @@ static int get_schema_views_record(THD *thd, TABLE_LIST *tables,
           !my_strcasecmp(system_charset_info, tables->definer.host.str,
                          sctx->priv_host))
         tables->allowed_show= TRUE;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+      else
+      {
+        if ((thd->col_access & (SHOW_VIEW_ACL|SELECT_ACL)) ==
+            (SHOW_VIEW_ACL|SELECT_ACL))
+          tables->allowed_show= TRUE;
+        else
+        {
+          TABLE_LIST table_list;
+          uint view_access;
+          memset(&table_list, 0, sizeof(table_list));
+          table_list.db= tables->view_db.str;
+          table_list.table_name= tables->view_name.str;
+          table_list.grant.privilege= thd->col_access;
+          view_access= get_table_grant(thd, &table_list);
+          if ((view_access & (SHOW_VIEW_ACL|SELECT_ACL)) ==
+              (SHOW_VIEW_ACL|SELECT_ACL))
+            tables->allowed_show= TRUE;
+        }
+      }
+#endif
     }
     restore_record(table, s->default_values);
     table->field[1]->store(tables->view_db.str, tables->view_db.length, cs);