Implement table-level TRIGGER privilege to control access to triggers.
Before this path global SUPER privilege was used for this purpose, that
was the big security problem.
In details, before this patch SUPER privilege was required:
- for the user at CREATE TRIGGER time to create a new trigger;
- for the user at DROP TRIGGER time to drop the existing trigger;
- for the definer at trigger activation time to execute the trigger (if the
definer loses SUPER privilege, all its triggers become unavailable);
This patch changes the behaviour in the following way:
- TRIGGER privilege on the subject table for trigger is required:
- for the user at CREATE TRIGGER time to create a new trigger;
- for the user at DROP TRIGGER time to drop the existing trigger;
- for the definer at trigger activation time to execute the trigger
(if the definer loses TRIGGER privilege on the subject table, all its
triggers on this table become unavailable).
- SUPER privilege is still required:
- for the user at CREATE TRIGGER time to explicitly set the trigger
definer to the user other than CURRENT_USER().
When the server works with database of the previous version (w/o TRIGGER
privilege), or if the database is being upgraded from the previous versions,
TRIGGER privilege is granted to whose users, who have CREATE privilege.
- fixed test results
- fixed bug caught by information_schema.test . Bison temporal
variables are very nice but extremely error-prone (Count one more
time just to be sure).
ps_grant.result:
Fixing result order.
grant.result:
Adding test case,
fixing result order.
grant.test:
Adding test case.
sql_acl.cc:
Fixed that my_charset_latin1 was incorrectly used instead of system_charset_info.
This problem was previously fixed by Ingo in 5.0.
This patch is basically a backport of the same changes into 4.1.
fixing tests accordingly
item.cc:
Bug #10892 user variables not auto cast for comparisons
When mixing strings with different character sets,
and coercibility is the same, we allow conversion
if one character set is superset for other character set.
are not specified in an insert. Most of these changes are actually to
clean up the test suite to either specify defaults to avoid warnings,
or add the warnings to the results. Related to bug #5986.
to behave well on 5.0 tables (well now you can't use tables from 4.1
and 5.0 with 4.0 because former use utf8, but still it is nice to have
similar code in acl_init() and replace_user_table()).
This also will make such GRANTs working in 5.0 (they are broken now).
Logging to logging@openlogging.org accepted
sql_acl.cc, grant.test, grant.result:
BUG 5831 Changed mysql_revoke_all() to successfully delete all privileges for a user in one pass.
