Bug#35868410 ER_ROW_IS_REFERENCED vs ER_ROW_IS_REFERENCED_2 breaks

backwards compatibility

1) Fixed to use a single error code (*_2) for foreign key errors
   irrespective of whether error details are displayed or not.
2) Fixed to display parent/child table details in error message
   also when user is granted access to it via db level grant.

Change-Id: I8fd980864e73ab269dda4c8b1df63730939dfa86

Author: Samar Pratap Singh

mysql-test/r/foreign_key.result

@@ -4091,6 +4091,10 @@ CREATE TABLE t1(fld1 INT PRIMARY KEY, fld2 INT) ENGINE=INNODB;
 CREATE TABLE t2(fld1 INT PRIMARY KEY, fld2 INT, CONSTRAINT fk2
 FOREIGN KEY (fld1) REFERENCES t1 (fld1)) ENGINE=InnoDB;
 CREATE TABLE t3(fld1 INT PRIMARY KEY, fld2 INT) ENGINE=InnoDB;
+CREATE TABLE parent (id INT NOT NULL, PRIMARY KEY (id)) ENGINE=INNODB;
+CREATE TABLE child (id INT, parent_id INT, INDEX par_ind (parent_id), FOREIGN KEY (parent_id) REFERENCES parent(id)) ENGINE=INNODB;
+INSERT INTO parent (id) VALUES(1);
+INSERT INTO child (id,parent_id) VALUES(1,1);
 # Set up stored routines
 CREATE PROCEDURE p1() SQL SECURITY INVOKER INSERT INTO t2 (fld1, fld2) VALUES (1, 2);
 CREATE PROCEDURE p2() SQL SECURITY DEFINER INSERT INTO t2 (fld1, fld2) VALUES (1, 2);
@@ -4111,6 +4115,10 @@ CREATE SQL SECURITY DEFINER VIEW v2 AS SELECT * FROM t2;
 CREATE USER user1@localhost;
 CREATE USER user2@localhost;
 CREATE USER user3@localhost;
+CREATE USER user4@localhost;
+CREATE USER user5@localhost;
+CREATE USER user6@localhost;
+CREATE USER user7@localhost;
 GRANT INSERT (fld1, fld2) ON t2 TO user1@localhost;
 GRANT INSERT ON v1 TO user2@localhost;
 GRANT INSERT ON v2 TO user2@localhost;
@@ -4122,17 +4130,23 @@ GRANT EXECUTE ON PROCEDURE p1 TO user2@localhost;
 GRANT EXECUTE ON PROCEDURE p2 TO user2@localhost;
 GRANT EXECUTE ON FUNCTION f1 TO user2@localhost;
 GRANT EXECUTE ON FUNCTION f2 TO user2@localhost;
+GRANT SELECT, DELETE, INSERT, UPDATE on wl8910db.* to user4@localhost;
+GRANT SELECT, DELETE, INSERT, UPDATE on wl8910db.parent to user5@localhost;
+GRANT SELECT, DELETE, INSERT, UPDATE on wl8910db.parent to user6@localhost;
+GRANT SELECT, DELETE, INSERT, UPDATE on wl8910db.child to user6@localhost;
+GRANT SELECT ON wl8910db.* TO user7@localhost;
+GRANT DELETE ON wl8910db.parent TO user7@localhost;
 connect  con1, localhost, user1,,wl8910db;
 # Without patch, reveals parent table's information.
 INSERT INTO t2 (fld1, fld2) VALUES (1, 2);
 ERROR 23000: Cannot add or update a child row: a foreign key constraint fails
 # Warning displayed does not reveal parent table information.
 INSERT IGNORE INTO t2 (fld1, fld2) VALUES (1, 2);
 Warnings:
-Warning	1216	Cannot add or update a child row: a foreign key constraint fails
+Warning	1452	Cannot add or update a child row: a foreign key constraint fails
 SHOW WARNINGS;
 Level	Code	Message
-Warning	1216	Cannot add or update a child row: a foreign key constraint fails
+Warning	1452	Cannot add or update a child row: a foreign key constraint fails
 connection default;
 GRANT SELECT ON t1 TO user1@localhost;
 connection con1;
@@ -4147,10 +4161,10 @@ ERROR 23000: Cannot add or update a child row: a foreign key constraint fails
 # Warning displayed does not reveal parent table information.
 INSERT IGNORE INTO t2 (fld1, fld2) VALUES (1, 2);
 Warnings:
-Warning	1216	Cannot add or update a child row: a foreign key constraint fails
+Warning	1452	Cannot add or update a child row: a foreign key constraint fails
 SHOW WARNINGS;
 Level	Code	Message
-Warning	1216	Cannot add or update a child row: a foreign key constraint fails
+Warning	1452	Cannot add or update a child row: a foreign key constraint fails
 connection default;
 GRANT SELECT ON t3 TO user1@localhost;
 connection con1;
@@ -4159,7 +4173,6 @@ ERROR 23000: Cannot add or update a child row: a foreign key constraint fails (`
 connection default;
 GRANT INSERT (fld1, fld2) ON t2 TO user2@localhost;
 GRANT CREATE ROUTINE ON wl8910db.* TO user2@localhost;
-GRANT CREATE VIEW ON wl8910db.* TO user2@localhost;
 # Tests where DML reports FK constraint failure within Stored Routines.
 connect  con2, localhost, user2,,wl8910db;
 # The SQL security for p1 is invoker where invoker lacks permission
@@ -4191,7 +4204,9 @@ ERROR 23000: Cannot add or update a child row: a foreign key constraint fails
 connection default;
 GRANT SELECT ON t1 TO user2@localhost;
 GRANT SELECT ON t3 TO user2@localhost;
-connection con2;
+GRANT CREATE VIEW ON wl8910db.* TO user2@localhost;
+disconnect con2;
+connect  con2, localhost, user2,,wl8910db;
 # DML on view executed within the definer context where the invoker
 # has access to the parent table, hence the parent table information
 # is displayed.
@@ -4226,16 +4241,44 @@ SELECT f3();
 ERROR 23000: Cannot add or update a child row: a foreign key constraint fails (`wl8910db`.`t2`, CONSTRAINT `fk2` FOREIGN KEY (`fld1`) REFERENCES `t1` (`fld1`))
 INSERT INTO v3 VALUES(4, 5);
 ERROR 23000: Cannot add or update a child row: a foreign key constraint fails (`wl8910db`.`t2`, CONSTRAINT `fk2` FOREIGN KEY (`fld1`) REFERENCES `t1` (`fld1`))
+# user4 have access to the child table, hence the child table
+# information is displayed.
+connect  con4, localhost, user4,,wl8910db;
+DELETE FROM parent WHERE id = 1;
+ERROR 23000: Cannot delete or update a parent row: a foreign key constraint fails (`wl8910db`.`child`, CONSTRAINT `child_ibfk_1` FOREIGN KEY (`parent_id`) REFERENCES `parent` (`id`))
+# user5 do not have access to the child table, hence the child table
+# information is not displayed.
+connect  con5, localhost, user5,,wl8910db;
+DELETE FROM parent WHERE id = 1;
+ERROR 23000: Cannot delete or update a parent row: a foreign key constraint fails
+# user6 have access to the child table, hence the child table
+# information is displayed.
+connect  con6, localhost, user6,,wl8910db;
+DELETE FROM parent WHERE id = 1;
+ERROR 23000: Cannot delete or update a parent row: a foreign key constraint fails (`wl8910db`.`child`, CONSTRAINT `child_ibfk_1` FOREIGN KEY (`parent_id`) REFERENCES `parent` (`id`))
+# user7 have access to the child table, hence the child table
+# information is displayed.
+connect  con7, localhost, user7,,wl8910db;
+DELETE FROM parent WHERE id = 1;
+ERROR 23000: Cannot delete or update a parent row: a foreign key constraint fails (`wl8910db`.`child`, CONSTRAINT `child_ibfk_1` FOREIGN KEY (`parent_id`) REFERENCES `parent` (`id`))
 # Cleanup
 connection default;
 disconnect con1;
 disconnect con2;
 disconnect con3;
+disconnect con4;
+disconnect con5;
+disconnect con6;
+disconnect con7;
 DROP VIEW v1, v2, v3;
-DROP TABLE t2, t3, t1;
+DROP TABLE t2, t3, t1, parent, child;
 DROP USER user1@localhost;
 DROP USER user2@localhost;
 DROP USER user3@localhost;
+DROP USER user4@localhost;
+DROP USER user5@localhost;
+DROP USER user6@localhost;
+DROP USER user7@localhost;
 DROP PROCEDURE p1;
 DROP PROCEDURE p2;
 DROP PROCEDURE p3;

mysql-test/t/foreign_key.test

@@ -4010,6 +4010,10 @@ CREATE TABLE t1(fld1 INT PRIMARY KEY, fld2 INT) ENGINE=INNODB;
 CREATE TABLE t2(fld1 INT PRIMARY KEY, fld2 INT, CONSTRAINT fk2
 FOREIGN KEY (fld1) REFERENCES t1 (fld1)) ENGINE=InnoDB;
 CREATE TABLE t3(fld1 INT PRIMARY KEY, fld2 INT) ENGINE=InnoDB;
+CREATE TABLE parent (id INT NOT NULL, PRIMARY KEY (id)) ENGINE=INNODB;
+CREATE TABLE child (id INT, parent_id INT, INDEX par_ind (parent_id), FOREIGN KEY (parent_id) REFERENCES parent(id)) ENGINE=INNODB;
+INSERT INTO parent (id) VALUES(1);
+INSERT INTO child (id,parent_id) VALUES(1,1);
 
 --echo # Set up stored routines
 CREATE PROCEDURE p1() SQL SECURITY INVOKER INSERT INTO t2 (fld1, fld2) VALUES (1, 2);
@@ -4037,6 +4041,10 @@ CREATE SQL SECURITY DEFINER VIEW v2 AS SELECT * FROM t2;
 CREATE USER user1@localhost;
 CREATE USER user2@localhost;
 CREATE USER user3@localhost;
+CREATE USER user4@localhost;
+CREATE USER user5@localhost;
+CREATE USER user6@localhost;
+CREATE USER user7@localhost;
 GRANT INSERT (fld1, fld2) ON t2 TO user1@localhost;
 GRANT INSERT ON v1 TO user2@localhost;
 GRANT INSERT ON v2 TO user2@localhost;
@@ -4046,12 +4054,18 @@ GRANT EXECUTE ON PROCEDURE p1 TO user2@localhost;
 GRANT EXECUTE ON PROCEDURE p2 TO user2@localhost;
 GRANT EXECUTE ON FUNCTION f1 TO user2@localhost;
 GRANT EXECUTE ON FUNCTION f2 TO user2@localhost;
+GRANT SELECT, DELETE, INSERT, UPDATE on wl8910db.* to user4@localhost;
+GRANT SELECT, DELETE, INSERT, UPDATE on wl8910db.parent to user5@localhost;
+GRANT SELECT, DELETE, INSERT, UPDATE on wl8910db.parent to user6@localhost;
+GRANT SELECT, DELETE, INSERT, UPDATE on wl8910db.child to user6@localhost;
+GRANT SELECT ON wl8910db.* TO user7@localhost;
+GRANT DELETE ON wl8910db.parent TO user7@localhost;
 
 --enable_connect_log
 
 connect (con1, localhost, user1,,wl8910db);
 --echo # Without patch, reveals parent table's information.
---error ER_NO_REFERENCED_ROW
+--error ER_NO_REFERENCED_ROW_2
 INSERT INTO t2 (fld1, fld2) VALUES (1, 2);
 
 --echo # Warning displayed does not reveal parent table information.
@@ -4070,7 +4084,7 @@ ALTER TABLE t2 ADD CONSTRAINT fk3 FOREIGN KEY (fld2) REFERENCES t3(fld1);
 
 connection con1;
 --echo # Without patch, reveals parent table's information.
---error ER_NO_REFERENCED_ROW
+--error ER_NO_REFERENCED_ROW_2
 INSERT INTO t2 (fld1, fld2) VALUES (1, 2);
 
 --echo # Warning displayed does not reveal parent table information.
@@ -4087,14 +4101,13 @@ INSERT INTO t2 (fld1, fld2) VALUES (1, 2);
 connection default;
 GRANT INSERT (fld1, fld2) ON t2 TO user2@localhost;
 GRANT CREATE ROUTINE ON wl8910db.* TO user2@localhost;
-GRANT CREATE VIEW ON wl8910db.* TO user2@localhost;
 
 --echo # Tests where DML reports FK constraint failure within Stored Routines.
 connect (con2, localhost, user2,,wl8910db);
 
 --echo # The SQL security for p1 is invoker where invoker lacks permission
 --echo # to parent table, hence parent table information is not displayed.
---error ER_NO_REFERENCED_ROW
+--error ER_NO_REFERENCED_ROW_2
 CALL p1();
 
 --echo # The SQL security p2 is definer, where the definer has access privilege
@@ -4104,7 +4117,7 @@ CALL p2();
 
 --echo # The SQL security for f1 is invoker where invoker lacks permission
 --echo # to parent table, hence parent table information is not displayed.
---error ER_NO_REFERENCED_ROW
+--error ER_NO_REFERENCED_ROW_2
 SELECT f1();
 
 --echo # The SQL security f2 is definer, where the definer has access privilege
@@ -4116,20 +4129,23 @@ SELECT f2();
 
 --echo # The invoker does not have access to the parent table, hence the parent
 --echo # table information is not displayed.
---error ER_NO_REFERENCED_ROW
+--error ER_NO_REFERENCED_ROW_2
 INSERT INTO v1 VALUES (1, 2);
 
 --echo # DML on view executed within the definer context where the invoker does
 --echo # not have access to the parent table, hence the parent table information
 --echo # is not displayed.
---error ER_NO_REFERENCED_ROW
+--error ER_NO_REFERENCED_ROW_2
 INSERT INTO v2 VALUES (1, 2);
 
 connection default;
 GRANT SELECT ON t1 TO user2@localhost;
 GRANT SELECT ON t3 TO user2@localhost;
+GRANT CREATE VIEW ON wl8910db.* TO user2@localhost;
+
+disconnect con2;
+connect (con2, localhost, user2,,wl8910db);
 
-connection con2;
 --echo # DML on view executed within the definer context where the invoker
 --echo # has access to the parent table, hence the parent table information
 --echo # is displayed.
@@ -4178,16 +4194,48 @@ SELECT f3();
 --error ER_NO_REFERENCED_ROW_2
 INSERT INTO v3 VALUES(4, 5);
 
+--echo # user4 have access to the child table, hence the child table
+--echo # information is displayed.
+connect (con4, localhost, user4,,wl8910db);
+--error ER_ROW_IS_REFERENCED_2
+DELETE FROM parent WHERE id = 1;
+
+--echo # user5 do not have access to the child table, hence the child table
+--echo # information is not displayed.
+connect (con5, localhost, user5,,wl8910db);
+--error ER_ROW_IS_REFERENCED_2
+DELETE FROM parent WHERE id = 1;
+
+--echo # user6 have access to the child table, hence the child table
+--echo # information is displayed.
+connect (con6, localhost, user6,,wl8910db);
+--error ER_ROW_IS_REFERENCED_2
+DELETE FROM parent WHERE id = 1;
+
+--echo # user7 have access to the child table, hence the child table
+--echo # information is displayed.
+connect (con7, localhost, user7,,wl8910db);
+--error ER_ROW_IS_REFERENCED_2
+DELETE FROM parent WHERE id = 1;
+
 --echo # Cleanup
 connection default;
 disconnect con1;
 disconnect con2;
 disconnect con3;
+disconnect con4;
+disconnect con5;
+disconnect con6;
+disconnect con7;
 DROP VIEW v1, v2, v3;
-DROP TABLE t2, t3, t1;
+DROP TABLE t2, t3, t1, parent, child;
 DROP USER user1@localhost;
 DROP USER user2@localhost;
 DROP USER user3@localhost;
+DROP USER user4@localhost;
+DROP USER user5@localhost;
+DROP USER user6@localhost;
+DROP USER user7@localhost;
 DROP PROCEDURE p1;
 DROP PROCEDURE p2;
 DROP PROCEDURE p3;

share/messages_to_clients.txt

@@ -5674,11 +5674,11 @@ ER_FORBID_SCHEMA_CHANGE
         eng "Changing schema from '%-.192s' to '%-.192s' is not allowed."
         ger "Wechsel des Schemas von '%-.192s' auf '%-.192s' ist nicht erlaubt"
 ER_ROW_IS_REFERENCED_2 23000
-        eng "Cannot delete or update a parent row: a foreign key constraint fails (%.192s)"
-        ger "Kann Eltern-Zeile nicht löschen oder aktualisieren: eine Fremdschlüsselbedingung schlägt fehl (%.192s)"
+        eng "Cannot delete or update a parent row: a foreign key constraint fails%.192s"
+        ger "Kann Eltern-Zeile nicht löschen oder aktualisieren: eine Fremdschlüsselbedingung schlägt fehl%.192s"
 ER_NO_REFERENCED_ROW_2 23000
-        eng "Cannot add or update a child row: a foreign key constraint fails (%.192s)"
-        ger "Kann Kind-Zeile nicht hinzufügen oder aktualisieren: eine Fremdschlüsselbedingung schlägt fehl (%.192s)"
+        eng "Cannot add or update a child row: a foreign key constraint fails%.192s"
+        ger "Kann Kind-Zeile nicht hinzufügen oder aktualisieren: eine Fremdschlüsselbedingung schlägt fehl%.192s"
 ER_SP_BAD_VAR_SHADOW 42000
         eng "Variable '%-.64s' must be quoted with `...`, or renamed"
         ger "Variable '%-.64s' muss mit `...` geschützt oder aber umbenannt werden"

sql/error_handler.cc

@@ -496,7 +496,9 @@ bool Info_schema_error_handler::handle_condition(
 
 bool Foreign_key_error_handler::handle_condition(
     THD *, uint sql_errno, const char *, Sql_condition::enum_severity_level *,
-    const char *) {
+    const char *msg) {
+  std::string message{msg};
+  if (!message.ends_with(')')) return false;
   const TABLE_SHARE *share = m_table_handler->get_table_share();
 
   if (sql_errno == ER_NO_REFERENCED_ROW_2) {
@@ -506,8 +508,9 @@ bool Foreign_key_error_handler::handle_condition(
                       fk->referenced_table_db.length,
                       fk->referenced_table_name.str,
                       fk->referenced_table_name.length, TL_READ);
-      if (check_table_access(m_thd, TABLE_OP_ACLS, &table, true, 1, true)) {
-        my_error(ER_NO_REFERENCED_ROW, MYF(0));
+      if (check_some_access(m_thd, TABLE_OP_ACLS, &table) ||
+          ((&table)->grant.privilege & TABLE_OP_ACLS) == 0) {
+        my_error(ER_NO_REFERENCED_ROW_2, MYF(0), "");
         return true;
       }
     }
@@ -519,8 +522,9 @@ bool Foreign_key_error_handler::handle_condition(
                       fk_p->referencing_table_db.length,
                       fk_p->referencing_table_name.str,
                       fk_p->referencing_table_name.length, TL_READ);
-      if (check_table_access(m_thd, TABLE_OP_ACLS, &table, true, 1, true)) {
-        my_error(ER_ROW_IS_REFERENCED, MYF(0));
+      if (check_some_access(m_thd, TABLE_OP_ACLS, &table) ||
+          ((&table)->grant.privilege & TABLE_OP_ACLS) == 0) {
+        my_error(ER_ROW_IS_REFERENCED_2, MYF(0), "");
         return true;
       }
     }

sql/error_handler.h

@@ -404,12 +404,9 @@ class Info_schema_error_handler : public Internal_error_handler {
 };
 
 /**
-   An Internal_error_handler that converts errors related to foreign key
-   constraint checks 'ER_NO_REFERENCED_ROW_2' and 'ER_ROW_IS_REFERENCED_2'
-   to ER_NO_REFERENCED_ROW and ER_ROW_IS_REFERENCED based on privilege checks.
-   This prevents from revealing parent and child tables information respectively
-   when the foreign key constraint check fails and user does not have privileges
-   to access those tables.
+   An Internal_error_handler that prevents revealing parent and child tables
+   information when the foreign key constraint check fails and user does not
+   have privileges to access those tables.
 */
 class Foreign_key_error_handler : public Internal_error_handler {
   handler *m_table_handler;

sql/handler.cc

@@ -4366,7 +4366,9 @@ void handler::print_error(int error, myf errflag) {
       */
       thd->push_internal_handler(&foreign_key_error_handler);
       get_error_message(error, &str);
-      my_error(ER_ROW_IS_REFERENCED_2, errflag, str.c_ptr_safe());
+      std::string err_msg = str.c_ptr_safe();
+      err_msg = " (" + err_msg + ")";
+      my_error(ER_ROW_IS_REFERENCED_2, errflag, err_msg.c_str());
       thd->pop_internal_handler();
       return;
     }
@@ -4378,7 +4380,9 @@ void handler::print_error(int error, myf errflag) {
       */
       thd->push_internal_handler(&foreign_key_error_handler);
       get_error_message(error, &str);
-      my_error(ER_NO_REFERENCED_ROW_2, errflag, str.c_ptr_safe());
+      std::string err_msg = str.c_ptr_safe();
+      err_msg = " (" + err_msg + ")";
+      my_error(ER_NO_REFERENCED_ROW_2, errflag, err_msg.c_str());
       thd->pop_internal_handler();
       return;
     }