Bug#27145 EXTRA_ACL troubles

The flag EXTRA_ACL is used in conjugation with our access checks, yet it is
not clear what impact this flag has.
This is a code clean up which replaces use of EXTRA_ACL with an explicit
function parameter.
The patch also fixes privilege checks for:
- SHOW CREATE TABLE: The new privilege requirement is any privilege on
  the table-level.
- CHECKSUM TABLE: Requires SELECT on the table level.
- SHOW CREATE VIEW: Requires SHOW_VIEW and SELECT on the table level
  (just as the manual claims)
- SHOW INDEX: Requires any privilege on any column combination.


mysql-test/r/grant.result:
  * Error message now shows correct command (SHOW instead of SELECT)
mysql-test/r/grant2.result:
  * Error message now shows correct command (SHOW instead of SELECT)
mysql-test/r/grant4.result:
  * This test file tests privilege requirements for
    SHOW COLUMNS
    CREATE TABLE .. LIKE
    SHOW CREATE TABLE
    SHOW INDEX
    CHECKSUM TABLE
    SHOW CREATE VIEW
mysql-test/r/information_schema_db.result:
  * Added SELECT privilege to testdb_2 as
    SHOW CREATE VIEW now demands this privilege
    as well as SHOW VIEW.
mysql-test/r/outfile.result:
  * Changed error code
mysql-test/r/view_grant.result:
  * Additional SELECT privilege is now needed
    for SHOW CREATE VIEW
mysql-test/t/grant4.test:
  * This test file tests privilege requirements for
    SHOW COLUMNS
    CREATE TABLE .. LIKE
    SHOW CREATE TABLE
    SHOW INDEX
    CHECKSUM TABLE
    SHOW CREATE VIEW
mysql-test/t/information_schema_db.test:
  * Added SELECT privilege to testdb_2 as
    SHOW CREATE VIEW now demands this privilege
    as well as SHOW VIEW.
mysql-test/t/outfile.test:
  * Changed error code
mysql-test/t/view_grant.test:
  * Additional SELECT privilege is now needed
    for SHOW CREATE VIEW
sql/mysql_priv.h:
  * Replaced EXTRA_ACL with a parameter
sql/sp_head.cc:
  * Replaced EXTRA_ACL with a parameter
sql/sql_acl.cc:
  * Converted function documentation to doxygen and clarified some behaviors.
  * Changed value from uint to bool to better reflect its meaning.
  * Removed pointless variable orig_want_access
  * Added function has_any_table_level_privileges to help with requirements
    checks during SHOW CREATE TABLE.
sql/sql_acl.h:
  * changed signature of check_grant()
  * introduced access control function has_any_table_leevl_privileges()
sql/sql_base.cc:
  * Check_table_access has new signature
sql/sql_cache.cc:
  * Check_table_access has new signature
sql/sql_parse.cc:
  * Rewrote function documentation in doxygen comments for: check_access,
    check_table_acces, check_grant.
  * Removed EXTRA_ACL flag where it doesn't hold any meaningful purpose anymore
    and replaced it with a function parameter where any privileges on any column
    combination would satisfy the requirement.
  * Fixed privilege check for SHOW COLUMNS and SHOW INDEX
  * Modified check_table_access to gain clarity in what EXTRA_ACL actually does.
  * Modified check_access to gain clarity in what EXTRA_ACL actually does.
  * Fixed privilege check for CREATE TABLE .. LIKE .. ; It now requires SELECT
    privileges on the table.
  * Fixed privilege check for SHOW CREATE TABLE ..; It now requires any privilege
    on the table level.
sql/sql_plugin.cc:
  * check_table_access has new signature
sql/sql_prepare.cc:
  * check_table_access has new signature
sql/sql_show.cc:
  * check_table_access has new signature
sql/sql_trigger.cc:
  * check_table_access has new signature
sql/sql_update.cc:
  * check grant has new signature
sql/sql_view.cc:
  * check_table_access has new signature

sql/sql_show.cc

@@ -560,7 +560,7 @@ find_files(THD *thd, List<LEX_STRING> *files, const char *db,
       table_list.table_name= uname;
       table_list.table_name_length= file_name_len;
       table_list.grant.privilege=col_access;
-      if (check_grant(thd, TABLE_ACLS, &table_list, 1, 1, 1))
+      if (check_grant(thd, TABLE_ACLS, &table_list, TRUE, 1, TRUE))
         continue;
     }
 #endif
@@ -3745,8 +3745,9 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables,
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
     uint col_access;
-    check_access(thd,SELECT_ACL | EXTRA_ACL, db_name->str,
-                 &tables->grant.privilege, 0, 0, test(tables->schema_table));
+    check_access(thd,SELECT_ACL, db_name->str,
+                 &tables->grant.privilege, FALSE, FALSE,
+                 test(tables->schema_table));
     col_access= get_column_grant(thd, &tables->grant, 
                                  db_name->str, table_name->str,
                                  field->field_name) & COL_ACLS;
@@ -4174,7 +4175,8 @@ int fill_schema_proc(THD *thd, TABLE_LIST *tables, COND *cond)
   proc_tables.table_name= proc_tables.alias= (char*) "proc";
   proc_tables.table_name_length= 4;
   proc_tables.lock_type= TL_READ;
-  full_access= !check_table_access(thd, SELECT_ACL, &proc_tables, 1, TRUE);
+  full_access= !check_table_access(thd, SELECT_ACL, &proc_tables, FALSE,
+                                   1, TRUE);
   if (!(proc_table= open_proc_table_for_read(thd, &open_tables_state_backup)))
   {
     DBUG_RETURN(1);
@@ -4583,7 +4585,7 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
     Table_triggers_list *triggers= tables->table->triggers;
     int event, timing;
 
-    if (check_table_access(thd, TRIGGER_ACL, tables, 1, TRUE))
+    if (check_table_access(thd, TRIGGER_ACL, tables, FALSE, 1, TRUE))
       goto ret;
 
     for (event= 0; event < (int)TRG_EVENT_MAX; event++)
@@ -7044,7 +7046,7 @@ bool show_create_trigger(THD *thd, const sp_name *trg_name)
   if (!lst)
     return TRUE;
 
-  if (check_table_access(thd, TRIGGER_ACL, lst, 1, TRUE))
+  if (check_table_access(thd, TRIGGER_ACL, lst, FALSE, 1, TRUE))
   {
     my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "TRIGGER");
     return TRUE;