Bug#17254: Error for DEFINER security on VIEW provides too much info

If a view was created with the DEFINER security and later the definer user
was dropped then a SELECT from the view throws the error message saying that
there is no definer user is registered. This is ok for a root but too much
for a mere user.

Now the st_table_list::prepare_view_securety_context() function reveals
the absence of the definer only to a superuser and throws the 'access denied'
error to others.


mysql-test/t/view_grant.test:
  Added a test case for bug#17254: Error for DEFINER security on VIEW provides too much info
mysql-test/r/view_grant.result:
  Added a test case for bug#17254: Error for DEFINER security on VIEW provides too much info
sql/table.cc:
  Bug#17254: Error for DEFINER security on VIEW provides too much info
  Now the st_table_list::prepare_view_securety_context() function reveals
  the absence of the definer only to a superuser and throws the 'access denied'
  error to others.

mysql-test/r/view_grant.result

@@ -712,3 +712,23 @@ DROP FUNCTION f1;
 DROP VIEW v2;
 DROP VIEW v1;
 DROP USER mysqltest_u1@localhost;
+CREATE DATABASE db17254;
+USE db17254;
+CREATE TABLE t1 (f1 INT);
+INSERT INTO t1 VALUES (10),(20);
+CREATE USER def_17254@localhost;
+GRANT SELECT ON db17254.* TO def_17254@localhost;
+CREATE USER inv_17254@localhost;
+GRANT SELECT ON db17254.t1 TO inv_17254@localhost;
+GRANT CREATE VIEW ON db17254.* TO def_17254@localhost;
+CREATE VIEW v1 AS SELECT * FROM t1;
+DROP USER def_17254@localhost;
+for a user
+SELECT * FROM v1;
+ERROR 42000: SELECT command denied to user 'inv_17254'@'localhost' for table 'v1
+'
+for a superuser
+SELECT * FROM v1;
+ERROR HY000: There is no 'def_17254'@'localhost' registered
+DROP USER inv_17254@localhost;
+DROP DATABASE db17254;

mysql-test/t/view_grant.test

@@ -927,4 +927,41 @@ DROP VIEW v2;
 DROP VIEW v1;
 DROP USER mysqltest_u1@localhost;
 
+#
+# Bug#17254: Error for DEFINER security on VIEW provides too much info
+#
+connect (root,localhost,root,,);
+connection root;
+CREATE DATABASE db17254;
+USE db17254;
+CREATE TABLE t1 (f1 INT);
+INSERT INTO t1 VALUES (10),(20);
+CREATE USER def_17254@localhost;
+GRANT SELECT ON db17254.* TO def_17254@localhost;
+CREATE USER inv_17254@localhost;
+GRANT SELECT ON db17254.t1 TO inv_17254@localhost;
+GRANT CREATE VIEW ON db17254.* TO def_17254@localhost;
+
+connect (def,localhost,def_17254,,db17254);
+connection def;
+CREATE VIEW v1 AS SELECT * FROM t1;
+
+connection root;
+DROP USER def_17254@localhost;
+
+connect (inv,localhost,inv_17254,,db17254);
+connection inv;
+--echo for a user
+--error 1142
+SELECT * FROM v1;
+
+connection root;
+--echo for a superuser
+--error 1449
+SELECT * FROM v1;
+DROP USER inv_17254@localhost;
+DROP DATABASE db17254;
+disconnect def;
+disconnect inv;
+
 # End of 5.0 tests.

sql/table.cc

@@ -2458,7 +2458,18 @@ bool st_table_list::prepare_view_securety_context(THD *thd)
       }
       else
       {
-        my_error(ER_NO_SUCH_USER, MYF(0), definer.user.str, definer.host.str);
+        if (thd->security_ctx->master_access & SUPER_ACL)
+        {
+          my_error(ER_NO_SUCH_USER, MYF(0), definer.user.str, definer.host.str);
+
+        }
+        else
+        {
+           my_error(ER_ACCESS_DENIED_ERROR, MYF(0),
+                    thd->security_ctx->priv_user,
+                    thd->security_ctx->priv_host,
+                    (thd->password ?  ER(ER_YES) : ER(ER_NO)));
+        }
         DBUG_RETURN(TRUE);
       }
     }