Fix for the following bugs:

  - BUG#15166: Wrong update permissions required to execute triggers
  - BUG#15196: Wrong select permission required to execute triggers

The idea of the fix is to check necessary privileges
in Item_trigger_field::fix_fields(), instead of having "special variables"
technique. To achieve this, we should pass to an Item_trigger_field instance
a flag, which will indicate the usage/access type of this trigger variable.


mysql-test/r/trigger-grant.result:
  Update the result file.
mysql-test/t/trigger-grant.test:
  Add test cases for BUG#15166 and BUG#15196
sql/item.cc:
  Item_trigger_field: check appropriate (SELECT/UPDATE) privilege in fix_fields().
sql/item.h:
  Add a flag to specify access type for trigger field.
sql/sql_trigger.cc:
  "Special variable" technique of checking privileges for NEW/OLD variables
  was replaced by checking table- and column-level privileges in
  Item_trigger_field::fix_fields().
sql/sql_trigger.h:
  "Special variable" technique of checking privileges for NEW/OLD variables
  was replaced by checking table- and column-level privileges in
  Item_trigger_field::fix_fields().
sql/sql_yacc.yy:
  Specify access type for trigger fields.

1 files changed, 20 insertions, 34 deletions

diff --git a/sql/sql_trigger.cc b/sql/sql_trigger.cc
index c70914edc31..53743314782 100644
--- a/sql/sql_trigger.cc
+++ b/sql/sql_trigger.cc
@@ -381,7 +381,12 @@ bool Table_triggers_list::create_trigger(THD *thd, TABLE_LIST *tables,
   for (trg_field= (Item_trigger_field *)(lex->trg_table_fields.first);
        trg_field; trg_field= trg_field->next_trg_field)
   {
-    trg_field->setup_field(thd, table);
+    /*
+      NOTE: now we do not check privileges at CREATE TRIGGER time. This will
+      be changed in the future.
+    */
+    trg_field->setup_field(thd, table, NULL);
+
     if (!trg_field->fixed &&
         trg_field->fix_fields(thd, (Item **)0))
       return 1;
@@ -828,8 +833,7 @@ bool Table_triggers_list::check_n_load(THD *thd, const char *db,
 
       char *trg_name_buff;
       List_iterator_fast<ulonglong> itm(triggers->definition_modes_list);
-      List_iterator_fast<LEX_STRING> it_definer(triggers->
-                                                definers_list);
+      List_iterator_fast<LEX_STRING> it_definer(triggers->definers_list);
       LEX *old_lex= thd->lex, lex;
       sp_rcontext *save_spcont= thd->spcont;
       ulong save_sql_mode= thd->variables.sql_mode;
@@ -844,6 +848,7 @@ bool Table_triggers_list::check_n_load(THD *thd, const char *db,
       {
         trg_sql_mode= itm++;
         LEX_STRING *trg_definer= it_definer++;
+
         thd->variables.sql_mode= (ulong)*trg_sql_mode;
         lex_start(thd, (uchar*)trg_create_str->str, trg_create_str->length);
 
@@ -917,11 +922,11 @@ bool Table_triggers_list::check_n_load(THD *thd, const char *db,
                (Item_trigger_field *)(lex.trg_table_fields.first);
              trg_field;
              trg_field= trg_field->next_trg_field)
-          trg_field->setup_field(thd, table);
-
-        triggers->m_spec_var_used[lex.trg_chistics.event]
-          [lex.trg_chistics.action_time]=
-          lex.trg_table_fields.first ? TRUE : FALSE;
+        {
+          trg_field->setup_field(thd, table, 
+            &triggers->subject_table_grants[lex.trg_chistics.event]
+                                           [lex.trg_chistics.action_time]);
+        }
 
         lex_end(&lex);
       }
@@ -1172,33 +1177,14 @@ bool Table_triggers_list::process_triggers(THD *thd, trg_event_type event,
     }
 
     /*
-      If the trigger uses special variables (NEW/OLD), check that we have
-      SELECT and UPDATE privileges on the subject table.
+      Fetch information about table-level privileges to GRANT_INFO structure for
+      subject table. Check of privileges that will use it and information about
+      column-level privileges will happen in Item_trigger_field::fix_fields().
     */
-    
-    if (is_special_var_used(event, time_type))
-    {
-      TABLE_LIST table_list, **save_query_tables_own_last;
-      bzero((char *) &table_list, sizeof (table_list));
-      table_list.db= (char *) table->s->db;
-      table_list.db_length= strlen(table_list.db);
-      table_list.table_name= (char *) table->s->table_name;
-      table_list.table_name_length= strlen(table_list.table_name);
-      table_list.alias= (char *) table->alias;
-      table_list.table= table;
-      save_query_tables_own_last= thd->lex->query_tables_own_last;
-      thd->lex->query_tables_own_last= 0;
-
-      err_status= check_table_access(thd, SELECT_ACL | UPDATE_ACL,
-                                     &table_list, 0);
-      thd->lex->query_tables_own_last= save_query_tables_own_last;
-      if (err_status)
-      {
-        sp_restore_security_context(thd, save_ctx);
-        return TRUE;
-      }
-    }
-    
+
+    fill_effective_table_privileges(thd,
+                                    &subject_table_grants[event][time_type],
+                                    table->s->db, table->s->table_name);
 #endif // NO_EMBEDDED_ACCESS_CHECKS
 
     thd->reset_sub_statement_state(&statement_state, SUB_STMT_TRIGGER);