Implement table-level TRIGGER privilege to control access to triggers.
Before this path global SUPER privilege was used for this purpose, that
was the big security problem.
In details, before this patch SUPER privilege was required:
- for the user at CREATE TRIGGER time to create a new trigger;
- for the user at DROP TRIGGER time to drop the existing trigger;
- for the definer at trigger activation time to execute the trigger (if the
definer loses SUPER privilege, all its triggers become unavailable);
This patch changes the behaviour in the following way:
- TRIGGER privilege on the subject table for trigger is required:
- for the user at CREATE TRIGGER time to create a new trigger;
- for the user at DROP TRIGGER time to drop the existing trigger;
- for the definer at trigger activation time to execute the trigger
(if the definer loses TRIGGER privilege on the subject table, all its
triggers on this table become unavailable).
- SUPER privilege is still required:
- for the user at CREATE TRIGGER time to explicitly set the trigger
definer to the user other than CURRENT_USER().
When the server works with database of the previous version (w/o TRIGGER
privilege), or if the database is being upgraded from the previous versions,
TRIGGER privilege is granted to whose users, who have CREATE privilege.
post-review change - use pointer instead of copy on the stack.
WL#1034 (Internal CRON)
This patch adds INFORMATION_SCHEMA.EVENTS table with the following format:
EVENT_CATALOG - MYSQL_TYPE_STRING (Always NULL)
EVENT_SCHEMA - MYSQL_TYPE_STRING (the database)
EVENT_NAME - MYSQL_TYPE_STRING (the name)
DEFINER - MYSQL_TYPE_STRING (user@host)
EVENT_BODY - MYSQL_TYPE_STRING (the body from mysql.event)
EVENT_TYPE - MYSQL_TYPE_STRING ("ONE TIME" | "RECURRING")
EXECUTE_AT - MYSQL_TYPE_TIMESTAMP (set for "ONE TIME" otherwise NULL)
INTERVAL_VALUE - MYSQL_TYPE_LONG (set for RECURRING otherwise NULL)
INTERVAL_FIELD - MYSQL_TYPE_STRING (set for RECURRING otherwise NULL)
SQL_MODE - MYSQL_TYPE_STRING (for now NULL)
STARTS - MYSQL_TYPE_TIMESTAMP (starts from mysql.event)
ENDS - MYSQL_TYPE_TIMESTAMP (ends from mysql.event)
STATUS - MYSQL_TYPE_STRING (ENABLED | DISABLED)
ON_COMPLETION - MYSQL_TYPE_STRING (NOT PRESERVE | PRESERVE)
CREATED - MYSQL_TYPE_TIMESTAMP
LAST_ALTERED - MYSQL_TYPE_TIMESTAMP
LAST_EXECUTED - MYSQL_TYPE_TIMESTAMP
EVENT_COMMENT - MYSQL_TYPE_STRING
SQL_MODE is NULL for now, because the value is still not stored in mysql.event .
Support will be added as a fix for another bug.
This patch also adds SHOW [FULL] EVENTS [FROM db] [LIKE pattern]
1. SHOW EVENTS shows always only the events on the same user,
because the PK of mysql.event is (definer, db, name) several
users may have event with the same name -> no information disclosure.
2. SHOW FULL EVENTS - shows the events (in the current db as SHOW EVENTS)
of all users. The user has to have PROCESS privilege, if not then
SHOW FULL EVENTS behave like SHOW EVENTS.
3. If [FROM db] is specified then this db is considered.
4. Event names can be filtered with LIKE pattern.
SHOW EVENTS returns table with the following columns, which are subset of
the data which is returned by SELECT * FROM I_S.EVENTS
Db
Name
Definer
Type
Execute at
Interval value
Interval field
Starts
Ends
Status
fix INSERT/REPLACE statements so test suite runs again.
The question is why we have 2 parallel universes - 2 different
ways to start the test suite, a shell and perl version. One more case
where redundancy makes life nightmare.
new file
mysql_fix_privilege_tables.sql, mysql_create_system_tables.sh:
Adding true BINARY/VARBINARY: fixing "password" type, not to be 0x00-padding.
Many files:
Adding true BINARY/VARBINARY: fixing tests not to output 0x00 bytes.
Adding true BINARY/VARBINARY: new pad_char structure member.
ctype-bin.c:
Adding true BINARY/VARBINARY: new pad_char structure member.
New strnxfrm, with two trailing length bytes.
field.cc:
Adding true BINARY/VARBINARY.
Two separate problems. A key buffer was too small in sp.cc for multi-byte
fields, and the creation and fixing of mysql.proc in the scripts hadn't been
updated with the correct character sets and collations (like the other
system tables had).
Note: No special test case, as the use of utf8 for mysql.proc will make
any existing crash (if the buffer overrrun wasn't fixed).
the row type is dynamic (For 4.1 tables old 'VARCHAR' fields are converted to
true VARCHAR in the next ALTER TABLE)
This ensures that one can use MySQL 5.0 privilege tables with MySQL 4.1.
(Fix imported from main 5.0 tree to 5.0.3 build tree.)
of concurrent connections for the same account)"
Added support of account specific max_user_connections limit. Made all
user limits to be counted per account instead of the old behavior,
which was per user/host accounting. Added option which enables the old
behavior. Added testing of these to the test suite.
(After review version).
NO SQL
CONTAINS SQL (default)
READS SQL DATA
MODIFIES SQL DATA
These are needed as hints for the replication.
(Before this, we did have the default in the mysql.proc table, but no support in the parser.)
Instead of trying to open time zone tables during calculation of CONVERT_TZ() function
or setting of @@time_zone variable we should open and lock them with the rest of
statement's table (so we should add them to global table list) and after that use such
pre-opened tables for loading info about time zones.
