From 378147a23d2744f71fbfb677021c5901c811d156 Mon Sep 17 00:00:00 2001 From: "anozdrin@mysql.com" <> Date: Tue, 24 Jan 2006 20:15:12 +0300 Subject: Fix for the following bugs: - BUG#15166: Wrong update permissions required to execute triggers - BUG#15196: Wrong select permission required to execute triggers The idea of the fix is to check necessary privileges in Item_trigger_field::fix_fields(), instead of having "special variables" technique. To achieve this, we should pass to an Item_trigger_field instance a flag, which will indicate the usage/access type of this trigger variable. --- sql/sql_trigger.cc | 54 ++++++++++++++++++++---------------------------------- 1 file changed, 20 insertions(+), 34 deletions(-) (limited to 'sql/sql_trigger.cc') diff --git a/sql/sql_trigger.cc b/sql/sql_trigger.cc index c70914edc31..53743314782 100644 --- a/sql/sql_trigger.cc +++ b/sql/sql_trigger.cc @@ -381,7 +381,12 @@ bool Table_triggers_list::create_trigger(THD *thd, TABLE_LIST *tables, for (trg_field= (Item_trigger_field *)(lex->trg_table_fields.first); trg_field; trg_field= trg_field->next_trg_field) { - trg_field->setup_field(thd, table); + /* + NOTE: now we do not check privileges at CREATE TRIGGER time. This will + be changed in the future. + */ + trg_field->setup_field(thd, table, NULL); + if (!trg_field->fixed && trg_field->fix_fields(thd, (Item **)0)) return 1; @@ -828,8 +833,7 @@ bool Table_triggers_list::check_n_load(THD *thd, const char *db, char *trg_name_buff; List_iterator_fast itm(triggers->definition_modes_list); - List_iterator_fast it_definer(triggers-> - definers_list); + List_iterator_fast it_definer(triggers->definers_list); LEX *old_lex= thd->lex, lex; sp_rcontext *save_spcont= thd->spcont; ulong save_sql_mode= thd->variables.sql_mode; @@ -844,6 +848,7 @@ bool Table_triggers_list::check_n_load(THD *thd, const char *db, { trg_sql_mode= itm++; LEX_STRING *trg_definer= it_definer++; + thd->variables.sql_mode= (ulong)*trg_sql_mode; lex_start(thd, (uchar*)trg_create_str->str, trg_create_str->length); @@ -917,11 +922,11 @@ bool Table_triggers_list::check_n_load(THD *thd, const char *db, (Item_trigger_field *)(lex.trg_table_fields.first); trg_field; trg_field= trg_field->next_trg_field) - trg_field->setup_field(thd, table); - - triggers->m_spec_var_used[lex.trg_chistics.event] - [lex.trg_chistics.action_time]= - lex.trg_table_fields.first ? TRUE : FALSE; + { + trg_field->setup_field(thd, table, + &triggers->subject_table_grants[lex.trg_chistics.event] + [lex.trg_chistics.action_time]); + } lex_end(&lex); } @@ -1172,33 +1177,14 @@ bool Table_triggers_list::process_triggers(THD *thd, trg_event_type event, } /* - If the trigger uses special variables (NEW/OLD), check that we have - SELECT and UPDATE privileges on the subject table. + Fetch information about table-level privileges to GRANT_INFO structure for + subject table. Check of privileges that will use it and information about + column-level privileges will happen in Item_trigger_field::fix_fields(). */ - - if (is_special_var_used(event, time_type)) - { - TABLE_LIST table_list, **save_query_tables_own_last; - bzero((char *) &table_list, sizeof (table_list)); - table_list.db= (char *) table->s->db; - table_list.db_length= strlen(table_list.db); - table_list.table_name= (char *) table->s->table_name; - table_list.table_name_length= strlen(table_list.table_name); - table_list.alias= (char *) table->alias; - table_list.table= table; - save_query_tables_own_last= thd->lex->query_tables_own_last; - thd->lex->query_tables_own_last= 0; - - err_status= check_table_access(thd, SELECT_ACL | UPDATE_ACL, - &table_list, 0); - thd->lex->query_tables_own_last= save_query_tables_own_last; - if (err_status) - { - sp_restore_security_context(thd, save_ctx); - return TRUE; - } - } - + + fill_effective_table_privileges(thd, + &subject_table_grants[event][time_type], + table->s->db, table->s->table_name); #endif // NO_EMBEDDED_ACCESS_CHECKS thd->reset_sub_statement_state(&statement_state, SUB_STMT_TRIGGER); -- cgit v1.2.1