mariadb/mysql-test/r/grant2.result

134 lines
5.4 KiB
Text
Raw Normal View History

SET NAMES binary;
Fix for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck() function (this also fixes a bug) and some other code. mysql-test/r/grant2.result: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" mysql-test/t/grant2.test: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" sql/mysql_priv.h: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause. sql/sql_parse.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_prepare.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_yacc.yy: It is better to set Lex->duplicates= DUP_UPDATE right in parser if we have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later.
2004-10-20 14:04:43 +02:00
drop database if exists mysqltest;
2005-03-27 15:46:06 +02:00
drop database if exists mysqltest_1;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
Fix for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck() function (this also fixes a bug) and some other code. mysql-test/r/grant2.result: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" mysql-test/t/grant2.test: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" sql/mysql_priv.h: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause. sql/sql_parse.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_prepare.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_yacc.yy: It is better to set Lex->duplicates= DUP_UPDATE right in parser if we have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later.
2004-10-20 14:04:43 +02:00
delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges;
grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option;
select current_user();
current_user()
mysqltest_1@localhost
grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option;
grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'my_%'
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT ALL PRIVILEGES ON `my\_%`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION
show grants for mysqltest_2@localhost;
Grants for mysqltest_2@localhost
GRANT USAGE ON *.* TO 'mysqltest_2'@'localhost'
GRANT ALL PRIVILEGES ON `my\_1`.* TO 'mysqltest_2'@'localhost' WITH GRANT OPTION
show grants for mysqltest_3@localhost;
ERROR 42000: There is no such grant defined for user 'mysqltest_3' on host 'localhost'
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
flush privileges;
2005-03-27 15:46:06 +02:00
create database mysqltest_1;
grant all privileges on `mysqltest\_1`.* to mysqltest_1@localhost with grant option;
select current_user();
current_user()
mysqltest_1@localhost
show databases;
Database
mysqltest_1
test
grant all privileges on `mysqltest_1`.* to mysqltest_1@localhost with grant option;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest_1'
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT ALL PRIVILEGES ON `mysqltest\_1`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
drop database mysqltest_1;
flush privileges;
Fix for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck() function (this also fixes a bug) and some other code. mysql-test/r/grant2.result: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" mysql-test/t/grant2.test: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" sql/mysql_priv.h: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause. sql/sql_parse.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_prepare.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_yacc.yy: It is better to set Lex->duplicates= DUP_UPDATE right in parser if we have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later.
2004-10-20 14:04:43 +02:00
create database mysqltest;
grant INSERT, SELECT on mysqltest.* to mysqltest_1@localhost;
flush privileges;
use mysqltest;
create table t1 (id int primary key, data varchar(255));
show grants for current_user();
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT SELECT, INSERT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
insert into t1 values (1, 'I can''t change it!');
update t1 set data='I can change it!' where id = 1;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest'
insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!';
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest'
select * from t1;
id data
1 I can't change it!
drop table t1;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
flush privileges;
create table t1 (a int, b int);
grant select (a) on t1 to mysqltest_1@localhost with grant option;
grant select (a,b) on t1 to mysqltest_2@localhost;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 't1'
grant select on t1 to mysqltest_3@localhost;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1'
drop table t1;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges;
drop database mysqltest;
use test;
create database mysqltest_1;
create table mysqltest_1.t1 (i int);
insert into mysqltest_1.t1 values (1),(2),(3);
GRANT ALL ON mysqltest_1.t1 TO mysqltest_1@'127.0.0.0/255.0.0.0';
show grants for current_user();
Grants for mysqltest_1@127.0.0.0/255.0.0.0
GRANT USAGE ON *.* TO 'mysqltest_1'@'127.0.0.0/255.0.0.0'
GRANT ALL PRIVILEGES ON `mysqltest_1`.`t1` TO 'mysqltest_1'@'127.0.0.0/255.0.0.0'
select * from t1;
i
1
2
3
REVOKE ALL ON mysqltest_1.t1 FROM mysqltest_1@'127.0.0.0/255.0.0.0';
delete from mysql.user where user like 'mysqltest\_1';
flush privileges;
drop table mysqltest_1.t1;
grant all on mysqltest_1.* to mysqltest_1@'127.0.0.1';
select current_user();
current_user()
mysqltest_1@127.0.0.1
set password = password('changed');
select host, length(password) from mysql.user where user like 'mysqltest\_1';
host length(password)
127.0.0.1 41
revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.1';
delete from mysql.user where user like 'mysqltest\_1';
flush privileges;
grant all on mysqltest_1.* to mysqltest_1@'127.0.0.0/255.0.0.0';
select current_user();
current_user()
mysqltest_1@127.0.0.0/255.0.0.0
set password = password('changed');
select host, length(password) from mysql.user where user like 'mysqltest\_1';
host length(password)
127.0.0.0/255.0.0.0 41
revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.0/255.0.0.0';
delete from mysql.user where user like 'mysqltest\_1';
flush privileges;
drop database mysqltest_1;
set password = password("changed");
ERROR 42000: Access denied for user ''@'localhost' to database 'mysql'
Fix for bug #12423 "Deadlock when doing FLUSH PRIVILEGES and GRANT in multi-threaded environment". To avoid deadlocks between several simultaneously run account management commands (particularly between FLUSH PRIVILEGES/SET PASSWORD and GRANT commands) we should always take table and internal locks during their execution in the same order. In other words we should first open and lock privilege tables and only then obtain acl_cache::lock/LOCK_grant locks. mysql-test/r/grant2.result: Added test for bug #12423 "Deadlock when doing FLUSH PRIVILEGES and GRANT in multi-threaded environment". mysql-test/t/grant2.test: Added test for bug #12423 "Deadlock when doing FLUSH PRIVILEGES and GRANT in multi-threaded environment". sql/mysqld.cc: acl_init/grant_init() are now used only at server start up so they always allocate temporary THD object and don't need argument for passing pointer to it. sql/sql_acl.cc: To avoid deadlocks between several simultaneously run account management commands (particularly between FLUSH PRIVILEGES/SET PASSWORD and GRANT commands) we should always take table and internal locks during their execution in the same order. In other words we should first open and lock privilege tables and only then obtain acl_cache::lock/LOCK_grant locks. Changed acl_reload()/grant_reload() and change_password()/update_user_table() in such way that they obey this principle. Now in acl_reload()/grant_reload()/ change_password() we open and lock privilege tables, then obtain internal locks and then call acl_load()/grant_load()/update_user_table() functions to do actual loading or updating. sql/sql_acl.h: acl_init/grant_init() are now used only at server start up so they always allocate temporary THD object and don't need argument for passing pointer to it. acl_reload()/grant_reload() now are able to report about their success or failure through return value. sql/sql_parse.cc: If reload_acl_and_cache() is called from SIGHUP handler we have to allocate temporary THD for execution of acl_reload()/grant_reload().
2005-09-01 14:52:59 +02:00
lock table mysql.user write;
flush privileges;
grant all on *.* to 'mysqltest_1'@'localhost';
unlock tables;
lock table mysql.user write;
set password for 'mysqltest_1'@'localhost' = password('');
revoke all on *.* from 'mysqltest_1'@'localhost';
unlock tables;
drop user 'mysqltest_1'@'localhost';