diff options
| author | unknown <andrey@lmy004.> | 2006-06-23 17:29:01 +0200 |
|---|---|---|
| committer | unknown <andrey@lmy004.> | 2006-06-23 17:29:01 +0200 |
| commit | d6cf50ca8b6fa7d4ddec56f2403ee8ada2e0c9ab (patch) | |
| tree | ee00f13082b79397694f09b4c7f575884ea81448 /mysql-test/t/events_bugs.test | |
| parent | f684f86b827470a2a2d68cb79843a3a2dbced0f5 (diff) | |
| download | mariadb-git-d6cf50ca8b6fa7d4ddec56f2403ee8ada2e0c9ab.tar.gz | |
Fix for bug #18897 "Events: unauthorized action possible with
alter event rename".
ALTER EVENT ... RENAME statement hasn't checked privileges
for the target database. It also caused server crashes when
target database was not specified explicitly and there was
no current database.
This fix adds missing privilege check and check for the case
when target database is not specified explicitly or implicitly.
mysql-test/r/events_bugs.result:
update result
mysql-test/t/events_bugs.test:
add test case for bug 18897 Events: unauthorized action possible with alter event
rename:
- test rename to db the user does not have access to
- test rename when there is no selected db
sql/sql_parse.cc:
Additional check for the situation when no db is selected.
CREATE EVENT abc and ALTER EVENT db.abc RENAME TO xyz,
and DROP EVENT abc
won't work if there is no selected DB.
Diffstat (limited to 'mysql-test/t/events_bugs.test')
| -rw-r--r-- | mysql-test/t/events_bugs.test | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/mysql-test/t/events_bugs.test b/mysql-test/t/events_bugs.test index e3b79a6bd13..12d75fede5c 100644 --- a/mysql-test/t/events_bugs.test +++ b/mysql-test/t/events_bugs.test @@ -172,4 +172,38 @@ set sql_mode=@old_sql_mode; # # End - 16407: Events: Changes in sql_mode won't be taken into account # + +# +# START - 18897: Events: unauthorized action possible with alter event rename +# +set global event_scheduler=2; +--disable_warnings +delete from mysql.user where User like 'mysqltest_%'; +delete from mysql.db where User like 'mysqltest_%'; +flush privileges; +drop database if exists mysqltest_db1; +--enable_warnings +create user mysqltest_user1@localhost; +create database mysqltest_db1; +grant event on events_test.* to mysqltest_user1@localhost; +connect (conn2,localhost,mysqltest_user1,,events_test); +create event mysqltest_user1 on schedule every 10 second do select 42; +--error ER_DBACCESS_DENIED_ERROR +alter event mysqltest_user1 rename to mysqltest_db1.mysqltest_user1; +--echo "Let's test now rename when there is no select DB" +disconnect conn2; +connect (conn2,localhost,mysqltest_user1,,*NO-ONE*); +select database(); +--error ER_NO_DB_ERROR +alter event events_test.mysqltest_user1 rename to mysqltest_user1; +select event_schema, event_name, definer, event_type, status from information_schema.events; +drop event events_test.mysqltest_user1; +disconnect conn2; +connection default; +drop user mysqltest_user1@localhost; +drop database mysqltest_db1; +# +# END - 18897: Events: unauthorized action possible with alter event rename +# + drop database events_test; |