Below is the list of changes that have just been committed into a local
5.1 repository of andrey. When andrey does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet
1.2209 06/06/15 19:17:32 andrey@lmy004. +4 -0
fix for bug #18897: Events: unauthorized action possible with alter event rename
ALTER EVENT db.abc RENAME TO db2.xyz
has to check whether the user has EVENT_ACL to db2.
Also the following
ALTER EVENT db1.abc RENAME TO xyz
will emit an error if there is no selected (current) database
(it was crashing before)
sql/sql_parse.cc
1.560 06/06/15 19:17:25 andrey@lmy004. +3 -1
Additional check for the situation when no db is selected.
CREATE EVENT abc and ALTER EVENT db.abc RENAME TO xyz,
and DROP EVENT abc
won't work if there is no selected DB.
sql/event.cc
1.43 06/06/15 19:17:24 andrey@lmy004. +5 -0
Peform a check whether the user has EVENT_ACL on
new_name->m_db.str . It's guaranteed by a check in sql_parse.cc
that new_name->m_db.str is not NULL
mysql-test/t/events_bugs.test
1.8 06/06/15 19:17:24 andrey@lmy004. +29 -0
add test case for bug 18897 Events: unauthorized action possible with alter event
rename
- test rename to db the user does not have access to
- test rename when there is no selected db
mysql-test/r/events_bugs.result
1.11 06/06/15 19:17:24 andrey@lmy004. +20 -0
update result
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: andrey
# Host: lmy004.
# Root: /work/mysql-5.1-runtime-bug18897
--- 1.559/sql/sql_parse.cc 2006-06-15 04:53:51 +02:00
+++ 1.560/sql/sql_parse.cc 2006-06-15 19:17:25 +02:00
@@ -3823,7 +3823,9 @@ end_with_restore_list:
uint rows_affected= 1;
DBUG_ASSERT(lex->et);
do {
- if (! lex->et->dbname.str)
+ if (! lex->et->dbname.str ||
+ (lex->sql_command == SQLCOM_ALTER_EVENT && lex->spname &&
+ !lex->spname->m_db.str))
{
my_message(ER_NO_DB_ERROR, ER(ER_NO_DB_ERROR), MYF(0));
res= true;
--- 1.10/mysql-test/r/events_bugs.result 2006-05-22 21:54:46 +02:00
+++ 1.11/mysql-test/r/events_bugs.result 2006-06-15 19:17:24 +02:00
@@ -178,4 +178,24 @@ drop procedure ee_16407_6_pendant;
set global event_scheduler= 2;
drop table events_smode_test;
set sql_mode=@old_sql_mode;
+set global event_scheduler=2;
+create user mysqltest_user1@localhost;
+create database mysqltest_db1;
+grant event on events_test.* to mysqltest_user1@localhost;
+grant select on mysqltest_db1.* to sally@localhost;
+create event mysqltest_user1 on schedule every 10 second do select 42;
+alter event mysqltest_user1 rename to mysqltest_db1.mysqltest_user1;
+ERROR 42000: Access denied for user 'mysqltest_user1'@'localhost' to database 'mysqltest_db1'
+"Let's test now rename when there is no select DB"
+select database();
+database()
+NULL
+alter event events_test.mysqltest_user1 rename to mysqltest_user1;
+ERROR 3D000: No database selected
+select * from information_schema.events;
+EVENT_CATALOG EVENT_SCHEMA EVENT_NAME DEFINER EVENT_BODY EVENT_TYPE EXECUTE_AT INTERVAL_VALUE INTERVAL_FIELD SQL_MODE STARTS ENDS STATUS ON_COMPLETION CREATED LAST_ALTERED LAST_EXECUTED EVENT_COMMENT
+NULL events_test mysqltest_user1 mysqltest_user1@localhost select 42 RECURRING NULL 10 SECOND 2006-06-15 16:23:20 NULL ENABLED NOT PRESERVE 2006-06-15 19:23:20 2006-06-15 19:23:20 NULL
+drop event events_test.mysqltest_user1;
+drop user mysqltest_user1@localhost;
+drop database mysqltest_db1;
drop database events_test;
--- 1.7/mysql-test/t/events_bugs.test 2006-05-22 20:45:57 +02:00
+++ 1.8/mysql-test/t/events_bugs.test 2006-06-15 19:17:24 +02:00
@@ -172,4 +172,33 @@ set sql_mode=@old_sql_mode;
#
# End - 16407: Events: Changes in sql_mode won't be taken into account
#
+
+#
+# START - 18897: Events: unauthorized action possible with alter event rename
+#
+set global event_scheduler=2;
+create user mysqltest_user1@localhost;
+create database mysqltest_db1;
+grant event on events_test.* to mysqltest_user1@localhost;
+grant select on mysqltest_db1.* to sally@localhost;
+connect (conn2,localhost,mysqltest_user1,,events_test);
+create event mysqltest_user1 on schedule every 10 second do select 42;
+--error ER_DBACCESS_DENIED_ERROR
+alter event mysqltest_user1 rename to mysqltest_db1.mysqltest_user1;
+--echo "Let's test now rename when there is no select DB"
+disconnect conn2;
+connect (conn2,localhost,mysqltest_user1,,*NO-ONE*);
+select database();
+--error ER_NO_DB_ERROR
+alter event events_test.mysqltest_user1 rename to mysqltest_user1;
+select * from information_schema.events;
+drop event events_test.mysqltest_user1;
+disconnect conn2;
+connection default;
+drop user mysqltest_user1@localhost;
+drop database mysqltest_db1;
+#
+# END - 18897: Events: unauthorized action possible with alter event rename
+#
+
drop database events_test;
--- 1.42/sql/event.cc 2006-06-04 20:05:16 +02:00
+++ 1.43/sql/event.cc 2006-06-15 19:17:24 +02:00
@@ -830,6 +830,11 @@ db_update_event(THD *thd, Event_timed *e
/* first look whether we overwrite */
if (new_name)
{
+ /* This emits an error, so we just jump to err: */
+ if (check_access(thd, EVENT_ACL, new_name->m_db.str, 0, 0, 0,
+ is_schema_db(new_name->m_db.str)))
+ goto err;
+
if (!sortcmp_lex_string(et->name, new_name->m_name, scs) &&
!sortcmp_lex_string(et->dbname, new_name->m_db, scs))
{
| Thread |
|---|
| • bk commit into 5.1 tree (andrey:1.2209) BUG#18897 | ahristov | 15 Jun |
