summaryrefslogtreecommitdiff
path: root/sql
diff options
context:
space:
mode:
authorunknown <anozdrin@mysql.com>2006-02-01 13:28:45 +0300
committerunknown <anozdrin@mysql.com>2006-02-01 13:28:45 +0300
commit6aaed7330ca9af51b93974a1de99420eec7ce55d (patch)
treeb3bc2ba52c3c27d83ec06079218da2c9e8a4dc79 /sql
parent55c304a17b25ed19af984bf3b923e5aaf966f74a (diff)
downloadmariadb-git-6aaed7330ca9af51b93974a1de99420eec7ce55d.tar.gz
Fix for BUG#9412: Triggers: should have trigger privilege.
Implement table-level TRIGGER privilege to control access to triggers. Before this path global SUPER privilege was used for this purpose, that was the big security problem. In details, before this patch SUPER privilege was required: - for the user at CREATE TRIGGER time to create a new trigger; - for the user at DROP TRIGGER time to drop the existing trigger; - for the definer at trigger activation time to execute the trigger (if the definer loses SUPER privilege, all its triggers become unavailable); This patch changes the behaviour in the following way: - TRIGGER privilege on the subject table for trigger is required: - for the user at CREATE TRIGGER time to create a new trigger; - for the user at DROP TRIGGER time to drop the existing trigger; - for the definer at trigger activation time to execute the trigger (if the definer loses TRIGGER privilege on the subject table, all its triggers on this table become unavailable). - SUPER privilege is still required: - for the user at CREATE TRIGGER time to explicitly set the trigger definer to the user other than CURRENT_USER(). When the server works with database of the previous version (w/o TRIGGER privilege), or if the database is being upgraded from the previous versions, TRIGGER privilege is granted to whose users, who have CREATE privilege. mysql-test/r/grant.result: Updated the result file after adding TRIGGER privilege. mysql-test/r/information_schema.result: Updated the result file after adding TRIGGER privilege. mysql-test/r/lowercase_table_grant.result: Updated the result file after adding TRIGGER privilege. mysql-test/r/ps.result: Updated the result file after adding TRIGGER privilege. mysql-test/r/sp.result: Updated the result file after adding TRIGGER privilege. mysql-test/r/trigger-compat.result: Updated the result file after adding TRIGGER privilege. mysql-test/r/trigger-grant.result: Updated the result file after adding TRIGGER privilege. mysql-test/t/trigger-compat.test: Grant table-level TRIGGER privilege instead of global SUPER one. mysql-test/t/trigger-grant.test: 1. Grant table-level TRIGGER privilege instead of global SUPER one. 2. Updated the test case to check that SUPER is required to specify the user other than the current as a definer. scripts/mysql_create_system_tables.sh: Added TRIGGER privilege. scripts/mysql_fix_privilege_tables.sql: Added TRIGGER privilege. sql/sql_acl.cc: Added TRIGGER privilege. sql/sql_acl.h: Added TRIGGER privilege. sql/sql_show.cc: Added TRIGGER privilege. sql/sql_trigger.cc: Check TRIGGER privilege instead of SUPER. sql/sql_yacc.yy: Added TRIGGER privilege.
Diffstat (limited to 'sql')
-rw-r--r--sql/sql_acl.cc10
-rw-r--r--sql/sql_acl.h16
-rw-r--r--sql/sql_show.cc1
-rw-r--r--sql/sql_trigger.cc48
-rw-r--r--sql/sql_yacc.yy1
5 files changed, 45 insertions, 31 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 8877d607e92..dc56880a1a0 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -361,6 +361,12 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
if (table->s->fields <= 37 && (user.access & CREATE_ACL))
user.access|= EVENT_ACL;
+ /*
+ if it is pre 5.1.6 privilege then map TRIGGER privilege on CREATE.
+ */
+ if (table->s->fields <= 38 && (user.access & SUPER_ACL))
+ user.access|= TRIGGER_ACL;
+
user.sort= get_sort(2,user.host.hostname,user.user);
user.hostname_length= (user.host.hostname ?
(uint) strlen(user.host.hostname) : 0);
@@ -4070,13 +4076,13 @@ static const char *command_array[]=
"ALTER", "SHOW DATABASES", "SUPER", "CREATE TEMPORARY TABLES",
"LOCK TABLES", "EXECUTE", "REPLICATION SLAVE", "REPLICATION CLIENT",
"CREATE VIEW", "SHOW VIEW", "CREATE ROUTINE", "ALTER ROUTINE",
- "CREATE USER", "EVENT"
+ "CREATE USER", "EVENT", "TRIGGER"
};
static uint command_lengths[]=
{
6, 6, 6, 6, 6, 4, 6, 8, 7, 4, 5, 10, 5, 5, 14, 5, 23, 11, 7, 17, 18, 11, 9,
- 14, 13, 11, 5
+ 14, 13, 11, 5, 7
};
diff --git a/sql/sql_acl.h b/sql/sql_acl.h
index f42406ca1d2..66799986413 100644
--- a/sql/sql_acl.h
+++ b/sql/sql_acl.h
@@ -43,6 +43,7 @@
#define ALTER_PROC_ACL (1L << 24)
#define CREATE_USER_ACL (1L << 25)
#define EVENT_ACL (1L << 26)
+#define TRIGGER_ACL (1L << 27)
/*
don't forget to update
1. static struct show_privileges_st sys_privileges[]
@@ -57,12 +58,12 @@
(UPDATE_ACL | SELECT_ACL | INSERT_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_TMP_ACL | \
LOCK_TABLES_ACL | EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | \
- CREATE_PROC_ACL | ALTER_PROC_ACL | EVENT_ACL)
+ CREATE_PROC_ACL | ALTER_PROC_ACL | EVENT_ACL | TRIGGER_ACL)
#define TABLE_ACLS \
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_VIEW_ACL | \
- SHOW_VIEW_ACL)
+ SHOW_VIEW_ACL | TRIGGER_ACL)
#define COL_ACLS \
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)
@@ -79,7 +80,7 @@
REFERENCES_ACL | INDEX_ACL | ALTER_ACL | SHOW_DB_ACL | SUPER_ACL | \
CREATE_TMP_ACL | LOCK_TABLES_ACL | REPL_SLAVE_ACL | REPL_CLIENT_ACL | \
EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL | \
- ALTER_PROC_ACL | CREATE_USER_ACL | EVENT_ACL)
+ ALTER_PROC_ACL | CREATE_USER_ACL | EVENT_ACL | TRIGGER_ACL)
#define DEFAULT_CREATE_PROC_ACLS \
(ALTER_PROC_ACL | EXECUTE_ACL)
@@ -97,7 +98,7 @@
#define DB_CHUNK3 (CREATE_VIEW_ACL | SHOW_VIEW_ACL | \
CREATE_PROC_ACL | ALTER_PROC_ACL )
#define DB_CHUNK4 (EXECUTE_ACL)
-#define DB_CHUNK5 (EVENT_ACL)
+#define DB_CHUNK5 (EVENT_ACL | TRIGGER_ACL)
#define fix_rights_for_db(A) (((A) & DB_CHUNK0) | \
(((A) << 4) & DB_CHUNK1) | \
@@ -114,12 +115,15 @@
#define TBL_CHUNK0 DB_CHUNK0
#define TBL_CHUNK1 DB_CHUNK1
#define TBL_CHUNK2 (CREATE_VIEW_ACL | SHOW_VIEW_ACL)
+#define TBL_CHUNK3 TRIGGER_ACL
#define fix_rights_for_table(A) (((A) & TBL_CHUNK0) | \
(((A) << 4) & TBL_CHUNK1) | \
- (((A) << 11) & TBL_CHUNK2))
+ (((A) << 11) & TBL_CHUNK2) | \
+ (((A) << 15) & TBL_CHUNK3))
#define get_rights_for_table(A) (((A) & TBL_CHUNK0) | \
(((A) & TBL_CHUNK1) >> 4) | \
- (((A) & TBL_CHUNK2) >> 11))
+ (((A) & TBL_CHUNK2) >> 11) | \
+ (((A) & TBL_CHUNK3) >> 15))
#define fix_rights_for_column(A) (((A) & 7) | (((A) & ~7) << 8))
#define get_rights_for_column(A) (((A) & 7) | ((A) >> 8))
#define fix_rights_for_procedure(A) ((((A) << 18) & EXECUTE_ACL) | \
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index 6f8072f1b9f..55c402638d8 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -267,6 +267,7 @@ static struct show_privileges_st sys_privileges[]=
{"Show view","Tables","To see views with SHOW CREATE VIEW"},
{"Shutdown","Server Admin", "To shut down the server"},
{"Super","Server Admin","To use KILL thread, SET GLOBAL, CHANGE MASTER, etc."},
+ {"Trigger","Tables", "To use triggers"},
{"Update", "Tables", "To update existing rows"},
{"Usage","Server Admin","No privileges - allow connect only"},
{NullS, NullS, NullS}
diff --git a/sql/sql_trigger.cc b/sql/sql_trigger.cc
index b9da49632d2..ec41e02f439 100644
--- a/sql/sql_trigger.cc
+++ b/sql/sql_trigger.cc
@@ -177,12 +177,20 @@ bool mysql_create_or_drop_trigger(THD *thd, TABLE_LIST *tables, bool create)
DBUG_ASSERT(tables->next_global == 0);
/*
- TODO: We should check if user has TRIGGER privilege for table here.
- Now we just require SUPER privilege for creating/dropping because
- we don't have proper privilege checking for triggers in place yet.
+ Check that the user has TRIGGER privilege on the subject table.
*/
- if (check_global_access(thd, SUPER_ACL))
- DBUG_RETURN(TRUE);
+ {
+ bool err_status;
+ TABLE_LIST **save_query_tables_own_last= thd->lex->query_tables_own_last;
+ thd->lex->query_tables_own_last= 0;
+
+ err_status= check_table_access(thd, TRIGGER_ACL, tables, 0);
+
+ thd->lex->query_tables_own_last= save_query_tables_own_last;
+
+ if (err_status)
+ DBUG_RETURN(TRUE);
+ }
/*
There is no DETERMINISTIC clause for triggers, so can't check it.
@@ -1151,24 +1159,10 @@ bool Table_triggers_list::process_triggers(THD *thd, trg_event_type event,
if (sp_change_security_context(thd, sp_trigger, &save_ctx))
return TRUE;
- /*
- NOTE: TRIGGER_ACL should be used below.
- */
-
- if (check_global_access(thd, SUPER_ACL))
- {
- sp_restore_security_context(thd, save_ctx);
- return TRUE;
- }
-
- /*
- If the trigger uses special variables (NEW/OLD), check that we have
- SELECT and UPDATE privileges on the subject table.
- */
-
- if (is_special_var_used(event, time_type))
{
TABLE_LIST table_list, **save_query_tables_own_last;
+ ulong wanted_access = TRIGGER_ACL;
+
bzero((char *) &table_list, sizeof (table_list));
table_list.db= (char *) table->s->db.str;
table_list.db_length= table->s->db.length;
@@ -1178,9 +1172,17 @@ bool Table_triggers_list::process_triggers(THD *thd, trg_event_type event,
table_list.table= table;
save_query_tables_own_last= thd->lex->query_tables_own_last;
thd->lex->query_tables_own_last= 0;
+
+ /*
+ If the trigger uses special variables (NEW/OLD), check that we have
+ SELECT and UPDATE privileges on the subject table.
+ */
+
+ if (is_special_var_used(event, time_type))
+ wanted_access|= SELECT_ACL | UPDATE_ACL;
+
+ err_status= check_table_access(thd, wanted_access, &table_list, 0);
- err_status= check_table_access(thd, SELECT_ACL | UPDATE_ACL,
- &table_list, 0);
thd->lex->query_tables_own_last= save_query_tables_own_last;
if (err_status)
{
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index a86eccb493f..513dc0b7416 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -10237,6 +10237,7 @@ object_privilege:
| ALTER ROUTINE_SYM { Lex->grant |= ALTER_PROC_ACL; }
| CREATE USER { Lex->grant |= CREATE_USER_ACL; }
| EVENT_SYM { Lex->grant |= EVENT_ACL;}
+ | TRIGGER_SYM { Lex->grant |= TRIGGER_ACL; }
;
View Lorry Controller Status