mirror of
https://github.com/MariaDB/server.git
synced 2025-02-02 12:01:42 +01:00
0a1f7e921b
Implement table-level TRIGGER privilege to control access to triggers.
Before this path global SUPER privilege was used for this purpose, that
was the big security problem.
In details, before this patch SUPER privilege was required:
- for the user at CREATE TRIGGER time to create a new trigger;
- for the user at DROP TRIGGER time to drop the existing trigger;
- for the definer at trigger activation time to execute the trigger (if the
definer loses SUPER privilege, all its triggers become unavailable);
This patch changes the behaviour in the following way:
- TRIGGER privilege on the subject table for trigger is required:
- for the user at CREATE TRIGGER time to create a new trigger;
- for the user at DROP TRIGGER time to drop the existing trigger;
- for the definer at trigger activation time to execute the trigger
(if the definer loses TRIGGER privilege on the subject table, all its
triggers on this table become unavailable).
- SUPER privilege is still required:
- for the user at CREATE TRIGGER time to explicitly set the trigger
definer to the user other than CURRENT_USER().
When the server works with database of the previous version (w/o TRIGGER
privilege), or if the database is being upgraded from the previous versions,
TRIGGER privilege is granted to whose users, who have CREATE privilege.
|
||
|---|---|---|
| .. | ||
| extra | ||
| include | ||
| lib | ||
| misc | ||
| ndb | ||
| r | ||
| std_data | ||
| suite/jp | ||
| t | ||
| create-test-result | ||
| fix-result | ||
| init_db.sql | ||
| install_test_db.sh | ||
| Makefile.am | ||
| my_create_tables.c | ||
| my_manage.c | ||
| my_manage.h | ||
| mysql-stress-test.pl | ||
| mysql-test-run.pl | ||
| mysql-test-run.sh | ||
| mysql_test_run_new.c | ||
| README | ||
| README.gcov | ||
| README.stress | ||
| resolve-stack | ||
| suppress.purify | ||
| valgrind.supp | ||
This directory contains a test suite for mysql daemon. To run the currently existing test cases, simply execute ./mysql-test-run in this directory. It will fire up the newly built mysqld and test it. If you want to run a test with a running MySQL server use the --extern option to mysql-test-run. Please note that in this mode the test suite expects user to specify test names to run. Otherwise it falls back to the normal "non-extern" behaviour. The reason is that some tests could not run with external server. Here is the sample command to test "alias" and "analyze" tests on external server: mysql-test-run --extern alias analyze To match your setup you might also need to provide --socket, --user and other relevant options. Note that you do not have to have to do make install, and you could actually have a co-existing MySQL installation - the tests will not conflict with it. All tests must pass. If one or more of them fail on your system, please read the following manual section of how to report the problem: http://dev.mysql.com/doc/mysql/en/MySQL_test_suite.html You can create your own test cases. To create a test case: xemacs t/test_case_name.test in the file, put a set of SQL commands that will create some tables, load test data, run some queries to manipulate it. We would appreciate if the test tables were called t1, t2, t3 ... (to not conflict too much with existing tables). Your test should begin by dropping the tables you are going to create and end by dropping them again. This will ensure that one can run the test over and over again. If you are using mysqltest commands (like result file names) in your test case you should do create the result file as follows: mysql-test-run --record test_case_name or mysqltest --record < t/test_case_name.test If you only have a simple test cases consistent of SQL commands and comments you can create the test case one of the following ways: mysql-test-run --record test_case_name mysql test < t/test_case_name.test > r/test_case_name.result mysqltest --record --record-file=r/test_case_name.result < t/test_case_name.test When this is done, take a look at r/test_case_name.result - If the result is wrong, you have found a bug; In this case you should edit the test result to the correct results so that we can verify that the bug is corrected in future releases. To submit your test case, put your .test file and .result file(s) into a tar.gz archive, add a README that explains the problem, ftp the archive to ftp://support.mysql.com/pub/mysql/secret/ and send a mail to bugs@lists.mysql.com