Below is the list of changes that have just been committed into a local
5.1 repository of andrey. When andrey does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet
1.2394 06/05/05 13:27:12 andrey@lmy004. +3 -0
fix for bug #18897: Events: unauthorized action possible with alter event rename
sql/event.cc
1.40 06/05/05 13:27:02 andrey@lmy004. +5 -0
check whether the user has access to the new schema
fix for bug #18897: Events: unauthorized action possible with alter event rename
mysql-test/t/events_bugs.test
1.7 06/05/05 13:27:02 andrey@lmy004. +21 -0
add test case for bug 18897 Events: unauthorized action possible with alter event rename
mysql-test/r/events_bugs.result
1.9 06/05/05 13:27:02 andrey@lmy004. +11 -0
update result
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: andrey
# Host: lmy004.
# Root: /work/mysql-5.1-bug18897
--- 1.8/mysql-test/r/events_bugs.result 2006-03-28 12:23:20 +02:00
+++ 1.9/mysql-test/r/events_bugs.result 2006-05-05 13:27:02 +02:00
@@ -1,5 +1,16 @@
create database if not exists events_test;
use events_test;
+set global event_scheduler=0;
+create user sally@localhost;
+create database db_x;
+grant event on events_test.* to sally@localhost;
+grant select on db_x.* to sally@localhost;
+create event sally1 on schedule every 10 second do select 42;
+alter event sally1 rename to db_x.sally1;
+ERROR 42000: Access denied for user 'sally'@'localhost' to database 'db_x'
+drop event sally1;
+drop user sally@localhost;
+drop database db_x;
CREATE EVENT lower_case ON SCHEDULE EVERY 1 MINUTE DO SELECT 1;
CREATE EVENT Lower_case ON SCHEDULE EVERY 2 MINUTE DO SELECT 2;
ERROR HY000: Event 'Lower_case' already exists
--- 1.6/mysql-test/t/events_bugs.test 2006-03-28 10:42:40 +02:00
+++ 1.7/mysql-test/t/events_bugs.test 2006-05-05 13:27:02 +02:00
@@ -2,6 +2,27 @@ create database if not exists events_tes
use events_test;
#
+# START - 18897: Events: unauthorized action possible with alter event rename
+#
+set global event_scheduler=0;
+create user sally@localhost;
+create database db_x;
+grant event on events_test.* to sally@localhost;
+grant select on db_x.* to sally@localhost;
+connect (conn2,localhost,sally,,events_test);
+create event sally1 on schedule every 10 second do select 42;
+--error ER_DBACCESS_DENIED_ERROR
+alter event sally1 rename to db_x.sally1;
+drop event sally1;
+disconnect conn2;
+connection default;
+drop user sally@localhost;
+drop database db_x;
+#
+# END - 18897: Events: unauthorized action possible with alter event rename
+#
+
+#
# START - 16415: Events: event names are case sensitive
#
CREATE EVENT lower_case ON SCHEDULE EVERY 1 MINUTE DO SELECT 1;
--- 1.39/sql/event.cc 2006-04-07 09:13:20 +02:00
+++ 1.40/sql/event.cc 2006-05-05 13:27:02 +02:00
@@ -877,6 +877,11 @@ db_update_event(THD *thd, Event_timed *e
/* first look whether we overwrite */
if (new_name)
{
+ /* This emits an error, so we just jump to err: */
+ if (check_access(thd, EVENT_ACL, new_name->m_db.str, 0, 0, 0,
+ is_schema_db(new_name->m_db.str)))
+ goto err;
+
if (!sortcmp_lex_string(et->name, new_name->m_name, system_charset_info) &&
!sortcmp_lex_string(et->dbname, new_name->m_db, system_charset_info))
{
| Thread |
|---|
| • bk commit into 5.1 tree (andrey:1.2394) BUG#18897 | ahristov | 5 May |
