Implement table-level TRIGGER privilege to control access to triggers.
Before this path global SUPER privilege was used for this purpose, that
was the big security problem.
In details, before this patch SUPER privilege was required:
- for the user at CREATE TRIGGER time to create a new trigger;
- for the user at DROP TRIGGER time to drop the existing trigger;
- for the definer at trigger activation time to execute the trigger (if the
definer loses SUPER privilege, all its triggers become unavailable);
This patch changes the behaviour in the following way:
- TRIGGER privilege on the subject table for trigger is required:
- for the user at CREATE TRIGGER time to create a new trigger;
- for the user at DROP TRIGGER time to drop the existing trigger;
- for the definer at trigger activation time to execute the trigger
(if the definer loses TRIGGER privilege on the subject table, all its
triggers on this table become unavailable).
- SUPER privilege is still required:
- for the user at CREATE TRIGGER time to explicitly set the trigger
definer to the user other than CURRENT_USER().
When the server works with database of the previous version (w/o TRIGGER
privilege), or if the database is being upgraded from the previous versions,
TRIGGER privilege is granted to whose users, who have CREATE privilege.
post-review change - use pointer instead of copy on the stack.
WL#1034 (Internal CRON)
This patch adds INFORMATION_SCHEMA.EVENTS table with the following format:
EVENT_CATALOG - MYSQL_TYPE_STRING (Always NULL)
EVENT_SCHEMA - MYSQL_TYPE_STRING (the database)
EVENT_NAME - MYSQL_TYPE_STRING (the name)
DEFINER - MYSQL_TYPE_STRING (user@host)
EVENT_BODY - MYSQL_TYPE_STRING (the body from mysql.event)
EVENT_TYPE - MYSQL_TYPE_STRING ("ONE TIME" | "RECURRING")
EXECUTE_AT - MYSQL_TYPE_TIMESTAMP (set for "ONE TIME" otherwise NULL)
INTERVAL_VALUE - MYSQL_TYPE_LONG (set for RECURRING otherwise NULL)
INTERVAL_FIELD - MYSQL_TYPE_STRING (set for RECURRING otherwise NULL)
SQL_MODE - MYSQL_TYPE_STRING (for now NULL)
STARTS - MYSQL_TYPE_TIMESTAMP (starts from mysql.event)
ENDS - MYSQL_TYPE_TIMESTAMP (ends from mysql.event)
STATUS - MYSQL_TYPE_STRING (ENABLED | DISABLED)
ON_COMPLETION - MYSQL_TYPE_STRING (NOT PRESERVE | PRESERVE)
CREATED - MYSQL_TYPE_TIMESTAMP
LAST_ALTERED - MYSQL_TYPE_TIMESTAMP
LAST_EXECUTED - MYSQL_TYPE_TIMESTAMP
EVENT_COMMENT - MYSQL_TYPE_STRING
SQL_MODE is NULL for now, because the value is still not stored in mysql.event .
Support will be added as a fix for another bug.
This patch also adds SHOW [FULL] EVENTS [FROM db] [LIKE pattern]
1. SHOW EVENTS shows always only the events on the same user,
because the PK of mysql.event is (definer, db, name) several
users may have event with the same name -> no information disclosure.
2. SHOW FULL EVENTS - shows the events (in the current db as SHOW EVENTS)
of all users. The user has to have PROCESS privilege, if not then
SHOW FULL EVENTS behave like SHOW EVENTS.
3. If [FROM db] is specified then this db is considered.
4. Event names can be filtered with LIKE pattern.
SHOW EVENTS returns table with the following columns, which are subset of
the data which is returned by SELECT * FROM I_S.EVENTS
Db
Name
Definer
Type
Execute at
Interval value
Interval field
Starts
Ends
Status
Before the interval expression was considered to be in seconds, now it is
just a number and the type of interval is considered.
- this changeset introduces also fix for bug#16432 (Events: error re interval
misrepresents the facts)
the code of event_timed::set_interval() was refactored anyway so it is meaningful to
fix the bug in the same changeset.
Adding test case.
sql_yacc.yy:
Adding TEXT_STRING_filesystem, which
converts from character_set_client to
character_set_conversion.
Replacing TEXT_STRING_sys to TEXT_STRING_filesystem
in LOAD DATA and SELECT INTO OUTFILE contexts.
sql_class.h, sql_class.cc:
Adding character_set_filesystem variable,
and charset_is_character_set_filesystem
flag (to avoid conversion when it's not necessary).
set_var.h, set_var.cc:
Adding sys_var_character_set_filesystem
mysqld.cc:
Adding --character-set-filesystem startup option.
Optimised version of ADD/DROP/REORGANIZE partitions for
non-NDB storage engines.
New syntax to handle REBUILD/OPTIMIZE/ANALYZE/CHECK/REPAIR partitions
Quite a few bug fixes
Absence of table in left part of LEFT/RIGHT join wasn't checked before
name resolution which resulted in NULL dereferencing and server crash.
Modified rules:
"table_ref LEFT opt_outer JOIN_SYM table_ref" and "table_ref RIGHT opt_outer
JOIN_SYM table_ref"
NULL check is moved before push_new_name_resolution_context()
- fixed test results
- fixed bug caught by information_schema.test . Bison temporal
variables are very nice but extremely error-prone (Count one more
time just to be sure).
1) Fixes breakage in embedded server build for XMLPath push.
2) Hides PARTITION engine from view.
3) Add ENGINES information schema (and it should now be clear from this patch on how to turn any show command into an information schema).
- fix EVENT_ACL problem that GRANT ALL on some_db.* to someone@somewhere did not get to mysql.db
- fix crash when the following is executed :
CREATE EVENT P() CREATE EVENT E ON SCHEDULER 1 SECOND DO ROLLBACK;
(creation works as well as calling P() which creates the event).
to Crash": the bug was that due to non-standard name
resolution precedence in stored procedures (See Bug#5967)
a stored procedure variable took precedence over a table column
when the arguments for VALUES() function were resolved.
The implementation of VALUES() function was not designed to work
with Item_splocal and crashed.
VALUES() function is non-standard. It can refer to, and
is meaningful for, table columns only. The patch disables SP
variables as possible arguments of VALUES() function.
according to the standard.
The idea is to use Field-classes to implement stored routines
variables. Also, we should provide facade to Item-hierarchy
by Item_field class (it is necessary, since SRVs take part
in expressions).
The patch fixes the following bugs:
- BUG#8702: Stored Procedures: No Error/Warning shown for inappropriate data
type matching;
- BUG#8768: Functions: For any unsigned data type, -ve values can be passed
and returned;
- BUG#8769: Functions: For Int datatypes, out of range values can be passed
and returned;
- BUG#9078: STORED PROCDURE: Decimal digits are not displayed when we use
DECIMAL datatype;
- BUG#9572: Stored procedures: variable type declarations ignored;
- BUG#12903: upper function does not work inside a function;
- BUG#13705: parameters to stored procedures are not verified;
- BUG#13808: ENUM type stored procedure parameter accepts non-enumerated
data;
- BUG#13909: Varchar Stored Procedure Parameter always BINARY string (ignores
CHARACTER SET);
- BUG#14161: Stored procedure cannot retrieve bigint unsigned;
- BUG#14188: BINARY variables have no 0x00 padding;
- BUG#15148: Stored procedure variables accept non-scalar values;
