Commit 2b276ab2 authored by unknown's avatar unknown

Fix for bug #18897 "Events: unauthorized action possible with

alter event rename".

ALTER EVENT ... RENAME statement hasn't checked privileges
for the target database. It also caused server crashes when
target database was not specified explicitly and there was
no current database.

This fix adds missing privilege check and check for the case
when target database is not specified explicitly or implicitly.


mysql-test/r/events_bugs.result:
  update result
mysql-test/t/events_bugs.test:
  add test case for bug 18897 Events: unauthorized action possible with alter event
  rename:
  - test rename to db the user does not have access to
  - test rename when there is no selected db
sql/sql_parse.cc:
  Additional check for the situation when no db is selected.
  CREATE EVENT abc and ALTER EVENT db.abc RENAME TO xyz,
  and DROP EVENT abc
  won't work if there is no selected DB.
parent e9e7d883
...@@ -178,4 +178,27 @@ drop procedure ee_16407_6_pendant; ...@@ -178,4 +178,27 @@ drop procedure ee_16407_6_pendant;
set global event_scheduler= 2; set global event_scheduler= 2;
drop table events_smode_test; drop table events_smode_test;
set sql_mode=@old_sql_mode; set sql_mode=@old_sql_mode;
set global event_scheduler=2;
delete from mysql.user where User like 'mysqltest_%';
delete from mysql.db where User like 'mysqltest_%';
flush privileges;
drop database if exists mysqltest_db1;
create user mysqltest_user1@localhost;
create database mysqltest_db1;
grant event on events_test.* to mysqltest_user1@localhost;
create event mysqltest_user1 on schedule every 10 second do select 42;
alter event mysqltest_user1 rename to mysqltest_db1.mysqltest_user1;
ERROR 42000: Access denied for user 'mysqltest_user1'@'localhost' to database 'mysqltest_db1'
"Let's test now rename when there is no select DB"
select database();
database()
NULL
alter event events_test.mysqltest_user1 rename to mysqltest_user1;
ERROR 3D000: No database selected
select event_schema, event_name, definer, event_type, status from information_schema.events;
event_schema event_name definer event_type status
events_test mysqltest_user1 mysqltest_user1@localhost RECURRING ENABLED
drop event events_test.mysqltest_user1;
drop user mysqltest_user1@localhost;
drop database mysqltest_db1;
drop database events_test; drop database events_test;
...@@ -172,4 +172,38 @@ set sql_mode=@old_sql_mode; ...@@ -172,4 +172,38 @@ set sql_mode=@old_sql_mode;
# #
# End - 16407: Events: Changes in sql_mode won't be taken into account # End - 16407: Events: Changes in sql_mode won't be taken into account
# #
#
# START - 18897: Events: unauthorized action possible with alter event rename
#
set global event_scheduler=2;
--disable_warnings
delete from mysql.user where User like 'mysqltest_%';
delete from mysql.db where User like 'mysqltest_%';
flush privileges;
drop database if exists mysqltest_db1;
--enable_warnings
create user mysqltest_user1@localhost;
create database mysqltest_db1;
grant event on events_test.* to mysqltest_user1@localhost;
connect (conn2,localhost,mysqltest_user1,,events_test);
create event mysqltest_user1 on schedule every 10 second do select 42;
--error ER_DBACCESS_DENIED_ERROR
alter event mysqltest_user1 rename to mysqltest_db1.mysqltest_user1;
--echo "Let's test now rename when there is no select DB"
disconnect conn2;
connect (conn2,localhost,mysqltest_user1,,*NO-ONE*);
select database();
--error ER_NO_DB_ERROR
alter event events_test.mysqltest_user1 rename to mysqltest_user1;
select event_schema, event_name, definer, event_type, status from information_schema.events;
drop event events_test.mysqltest_user1;
disconnect conn2;
connection default;
drop user mysqltest_user1@localhost;
drop database mysqltest_db1;
#
# END - 18897: Events: unauthorized action possible with alter event rename
#
drop database events_test; drop database events_test;
...@@ -3823,7 +3823,9 @@ mysql_execute_command(THD *thd) ...@@ -3823,7 +3823,9 @@ mysql_execute_command(THD *thd)
uint rows_affected= 1; uint rows_affected= 1;
DBUG_ASSERT(lex->et); DBUG_ASSERT(lex->et);
do { do {
if (! lex->et->dbname.str) if (! lex->et->dbname.str ||
(lex->sql_command == SQLCOM_ALTER_EVENT && lex->spname &&
!lex->spname->m_db.str))
{ {
my_message(ER_NO_DB_ERROR, ER(ER_NO_DB_ERROR), MYF(0)); my_message(ER_NO_DB_ERROR, ER(ER_NO_DB_ERROR), MYF(0));
res= true; res= true;
...@@ -3831,7 +3833,10 @@ mysql_execute_command(THD *thd) ...@@ -3831,7 +3833,10 @@ mysql_execute_command(THD *thd)
} }
if (check_access(thd, EVENT_ACL, lex->et->dbname.str, 0, 0, 0, if (check_access(thd, EVENT_ACL, lex->et->dbname.str, 0, 0, 0,
is_schema_db(lex->et->dbname.str))) is_schema_db(lex->et->dbname.str)) ||
(lex->sql_command == SQLCOM_ALTER_EVENT && lex->spname &&
(check_access(thd, EVENT_ACL, lex->spname->m_db.str, 0, 0, 0,
is_schema_db(lex->spname->m_db.str)))))
break; break;
if (end_active_trans(thd)) if (end_active_trans(thd))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment