mirror of
https://github.com/MariaDB/server.git
synced 2025-01-20 14:02:32 +01:00
299 lines
8.6 KiB
Text
299 lines
8.6 KiB
Text
|
--source include/have_plugin_auth.inc
|
||
|
|
--source include/not_embedded.inc
|
||
|
|
|
||
|
|
query_vertical SELECT PLUGIN_STATUS, PLUGIN_TYPE, PLUGIN_DESCRIPTION
|
||
|
|
FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='test_plugin_server';
|
||
|
|
|
||
|
|
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
|
|
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
||
|
|
|
||
|
|
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
|
||
|
|
|
||
|
|
--echo ## test plugin auth
|
||
|
|
--disable_query_log
|
||
|
|
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
|
||
|
|
connect(plug_con,localhost,plug,plug_dest);
|
||
|
|
--enable_query_log
|
||
|
|
|
||
|
|
GRANT PROXY ON plug_dest TO plug;
|
||
|
|
|
||
|
|
connect(plug_con,localhost,plug,plug_dest);
|
||
|
|
|
||
|
|
connection plug_con;
|
||
|
|
select USER(),CURRENT_USER();
|
||
|
|
|
||
|
|
--echo ## test SET PASSWORD
|
||
|
|
#--error ER_SET_PASSWORD_AUTH_PLUGIN
|
||
|
|
SET PASSWORD = PASSWORD('plug_dest');
|
||
|
|
|
||
|
|
connection default;
|
||
|
|
disconnect plug_con;
|
||
|
|
|
||
|
|
--echo ## test bad credentials
|
||
|
|
--disable_query_log
|
||
|
|
--error ER_ACCESS_DENIED_ERROR
|
||
|
|
connect(plug_con,localhost,plug,bad_credentials);
|
||
|
|
--enable_query_log
|
||
|
|
|
||
|
|
--echo ## test bad default plugin : should get CR_AUTH_PLUGIN_CANNOT_LOAD
|
||
|
|
--disable_result_log
|
||
|
|
--disable_query_log
|
||
|
|
--error 2059
|
||
|
|
connect(plug_con_wrongp,localhost,plug,plug_dest,,,,,wrong_plugin_name);
|
||
|
|
--enable_query_log
|
||
|
|
--enable_result_log
|
||
|
|
|
||
|
|
--echo ## test correct default plugin
|
||
|
|
connect(plug_con_rightp,localhost,plug,plug_dest,,,,,auth_test_plugin);
|
||
|
|
connection plug_con_rightp;
|
||
|
|
select USER(),CURRENT_USER();
|
||
|
|
connection default;
|
||
|
|
disconnect plug_con_rightp;
|
||
|
|
|
||
|
|
--echo ## test no_auto_create_user sql mode with plugin users
|
||
|
|
SET @@sql_mode=no_auto_create_user;
|
||
|
|
GRANT INSERT ON TEST.* TO grant_user IDENTIFIED WITH 'test_plugin_server';
|
||
|
|
SET @@sql_mode=default;
|
||
|
|
DROP USER grant_user;
|
||
|
|
|
||
|
|
--echo ## test utf-8 user name
|
||
|
|
CREATE USER `Ÿ` IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
|
|
|
||
|
|
GRANT PROXY ON plug_dest TO `Ÿ`;
|
||
|
|
|
||
|
|
connect(non_ascii,localhost,Ÿ,plug_dest);
|
||
|
|
connection non_ascii;
|
||
|
|
select USER(),CURRENT_USER();
|
||
|
|
|
||
|
|
connection default;
|
||
|
|
disconnect non_ascii;
|
||
|
|
DROP USER `Ÿ`;
|
||
|
|
|
||
|
|
--echo ## test GRANT ... IDENTIFIED WITH/BY ...
|
||
|
|
|
||
|
|
CREATE DATABASE test_grant_db;
|
||
|
|
|
||
|
|
--echo # create new user via GRANT WITH
|
||
|
|
GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user
|
||
|
|
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
|
|
|
||
|
|
GRANT PROXY ON plug_dest TO new_grant_user;
|
||
|
|
|
||
|
|
connect(plug_con_grant,localhost,new_grant_user,plug_dest);
|
||
|
|
connection plug_con_grant;
|
||
|
|
select USER(),CURRENT_USER();
|
||
|
|
USE test_grant_db;
|
||
|
|
CREATE TABLE t1 (a INT);
|
||
|
|
DROP TABLE t1;
|
||
|
|
connection default;
|
||
|
|
disconnect plug_con_grant;
|
||
|
|
REVOKE ALL PRIVILEGES ON test_grant_db.* FROM new_grant_user;
|
||
|
|
|
||
|
|
--echo # try re-create existing user via GRANT IDENTIFIED BY
|
||
|
|
GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user
|
||
|
|
IDENTIFIED BY 'unused_password';
|
||
|
|
|
||
|
|
--echo # make sure password doesn't take precendence
|
||
|
|
--disable_query_log
|
||
|
|
--error ER_ACCESS_DENIED_ERROR
|
||
|
|
connect(plug_con_grant_deny,localhost,new_grant_user,unused_password);
|
||
|
|
--enable_query_log
|
||
|
|
|
||
|
|
--echo #make sure plugin auth still available
|
||
|
|
connect(plug_con_grant,localhost,new_grant_user,plug_dest);
|
||
|
|
connection plug_con_grant;
|
||
|
|
select USER(),CURRENT_USER();
|
||
|
|
USE test_grant_db;
|
||
|
|
CREATE TABLE t1 (a INT);
|
||
|
|
DROP TABLE t1;
|
||
|
|
connection default;
|
||
|
|
disconnect plug_con_grant;
|
||
|
|
|
||
|
|
DROP USER new_grant_user;
|
||
|
|
|
||
|
|
--echo # try re-create existing user via GRANT IDENTIFIED WITH
|
||
|
|
|
||
|
|
--error ER_GRANT_PLUGIN_USER_EXISTS
|
||
|
|
GRANT ALL PRIVILEGES ON test_grant_db.* TO plug
|
||
|
|
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
|
|
|
||
|
|
--error ER_GRANT_PLUGIN_USER_EXISTS
|
||
|
|
GRANT ALL PRIVILEGES ON test_grant_db.* TO plug_dest
|
||
|
|
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
|
|
|
||
|
|
--error ER_PARSE_ERROR
|
||
|
|
REVOKE SELECT on test_grant_db.* FROM joro
|
||
|
|
INDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
|
|
|
||
|
|
--error ER_PARSE_ERROR
|
||
|
|
REVOKE SELECT on test_grant_db.* FROM joro
|
||
|
|
INDENTIFIED BY 'plug_dest_passwd';
|
||
|
|
|
||
|
|
--error ER_PARSE_ERROR
|
||
|
|
REVOKE SELECT on test_grant_db.* FROM joro
|
||
|
|
INDENTIFIED BY PASSWORD 'plug_dest_passwd';
|
||
|
|
|
||
|
|
DROP DATABASE test_grant_db;
|
||
|
|
|
||
|
|
--echo ## GRANT PROXY tests
|
||
|
|
|
||
|
|
CREATE USER grant_plug IDENTIFIED WITH 'test_plugin_server'
|
||
|
|
AS 'grant_plug_dest';
|
||
|
|
CREATE USER grant_plug_dest IDENTIFIED BY 'grant_plug_dest_passwd';
|
||
|
|
CREATE USER grant_plug_dest2 IDENTIFIED BY 'grant_plug_dest_passwd2';
|
||
|
|
|
||
|
|
--echo # ALL PRIVILEGES doesn't include PROXY
|
||
|
|
GRANT ALL PRIVILEGES ON *.* TO grant_plug;
|
||
|
|
--disable_query_log
|
||
|
|
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
|
||
|
|
connect(grant_plug_con,localhost,grant_plug,grant_plug_dest);
|
||
|
|
--enable_query_log
|
||
|
|
|
||
|
|
--error ER_PARSE_ERROR : this should fail : can't combine PROXY
|
||
|
|
GRANT ALL PRIVILEGES,PROXY ON grant_plug_dest TO grant_plug;
|
||
|
|
|
||
|
|
--echo this should fail : can't combine PROXY
|
||
|
|
--error ER_PARSE_ERROR
|
||
|
|
GRANT ALL SELECT,PROXY ON grant_plug_dest TO grant_plug;
|
||
|
|
|
||
|
|
--echo # this should fail : no such grant
|
||
|
|
--error ER_NONEXISTING_GRANT
|
||
|
|
REVOKE PROXY ON grant_plug_dest FROM grant_plug;
|
||
|
|
|
||
|
|
connect(grant_plug_dest_con,localhost,grant_plug_dest,grant_plug_dest_passwd);
|
||
|
|
connection grant_plug_dest_con;
|
||
|
|
--echo in grant_plug_dest_con
|
||
|
|
|
||
|
|
--echo ## testing what an ordinary user can grant
|
||
|
|
--echo this should fail : no rights to grant all
|
||
|
|
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
|
||
|
|
GRANT PROXY ON ''@'' TO grant_plug;
|
||
|
|
|
||
|
|
--echo this should fail : not the same user
|
||
|
|
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
|
||
|
|
GRANT PROXY ON grant_plug TO grant_plug_dest;
|
||
|
|
|
||
|
|
--echo this should fail : same user, but on a different host
|
||
|
|
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
|
||
|
|
GRANT PROXY ON grant_plug_dest TO grant_plug;
|
||
|
|
|
||
|
|
--echo this should work : same user
|
||
|
|
GRANT PROXY ON grant_plug_dest@localhost TO grant_plug_dest2;
|
||
|
|
REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug_dest2;
|
||
|
|
|
||
|
|
--echo this should work : same user
|
||
|
|
GRANT PROXY ON grant_plug_dest@localhost TO grant_plug WITH GRANT OPTION;
|
||
|
|
REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug;
|
||
|
|
|
||
|
|
--echo this should fail : can't create users
|
||
|
|
--error ER_CANT_CREATE_USER_WITH_GRANT
|
||
|
|
GRANT PROXY ON grant_plug_dest@localhost TO grant_plug@localhost;
|
||
|
|
|
||
|
|
connection default;
|
||
|
|
--echo in default connection
|
||
|
|
disconnect grant_plug_dest_con;
|
||
|
|
|
||
|
|
--echo # test what root can grant
|
||
|
|
|
||
|
|
--echo should work : root has PROXY to all users
|
||
|
|
GRANT PROXY ON ''@'' TO grant_plug;
|
||
|
|
REVOKE PROXY ON ''@'' FROM grant_plug;
|
||
|
|
|
||
|
|
--echo should work : root has PROXY to all users
|
||
|
|
GRANT PROXY ON ''@'' TO proxy_admin IDENTIFIED BY 'test'
|
||
|
|
WITH GRANT OPTION;
|
||
|
|
|
||
|
|
--echo need USAGE : PROXY doesn't contain it.
|
||
|
|
GRANT USAGE on *.* TO proxy_admin;
|
||
|
|
|
||
|
|
connect (proxy_admin_con,localhost,proxy_admin,test);
|
||
|
|
connection proxy_admin_con;
|
||
|
|
--echo in proxy_admin_con;
|
||
|
|
|
||
|
|
--echo should work : proxy_admin has proxy to ''@''
|
||
|
|
GRANT PROXY ON future_user TO grant_plug;
|
||
|
|
|
||
|
|
connection default;
|
||
|
|
--echo in default connection
|
||
|
|
disconnect proxy_admin_con;
|
||
|
|
|
||
|
|
SHOW GRANTS FOR grant_plug;
|
||
|
|
REVOKE PROXY ON future_user FROM grant_plug;
|
||
|
|
SHOW GRANTS FOR grant_plug;
|
||
|
|
|
||
|
|
--echo ## testing drop user
|
||
|
|
CREATE USER test_drop@localhost;
|
||
|
|
GRANT PROXY ON future_user TO test_drop@localhost;
|
||
|
|
SHOW GRANTS FOR test_drop@localhost;
|
||
|
|
DROP USER test_drop@localhost;
|
||
|
|
SELECT * FROM mysql.proxy_priv WHERE Host = 'test_drop' AND User = 'localhost';
|
||
|
|
|
||
|
|
DROP USER proxy_admin;
|
||
|
|
|
||
|
|
DROP USER grant_plug,grant_plug_dest,grant_plug_dest2;
|
||
|
|
|
||
|
|
--echo ## END GRANT PROXY tests
|
||
|
|
|
||
|
|
--echo ## cleanup
|
||
|
|
DROP USER plug;
|
||
|
|
DROP USER plug_dest;
|
||
|
|
|
||
|
|
--echo ## @@proxy_user tests
|
||
|
|
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
|
|
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
||
|
|
GRANT PROXY ON plug_dest TO plug;
|
||
|
|
|
||
|
|
SELECT USER(),CURRENT_USER(),@@LOCAL.proxy_user;
|
||
|
|
|
||
|
|
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
|
|
SELECT @@GLOBAL.proxy_user;
|
||
|
|
SELECT @@LOCAL.proxy_user;
|
||
|
|
|
||
|
|
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
|
|
SET GLOBAL proxy_user = 'test';
|
||
|
|
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
|
|
SET LOCAL proxy_user = 'test';
|
||
|
|
SELECT @@LOCAL.proxy_user;
|
||
|
|
|
||
|
|
connect(plug_con,localhost,plug,plug_dest);
|
||
|
|
connection plug_con;
|
||
|
|
--echo # in connection plug_con
|
||
|
|
SELECT @@LOCAL.proxy_user;
|
||
|
|
connection default;
|
||
|
|
--echo # in connection default
|
||
|
|
disconnect plug_con;
|
||
|
|
|
||
|
|
--echo ## cleanup
|
||
|
|
DROP USER plug;
|
||
|
|
DROP USER plug_dest;
|
||
|
|
--echo ## END @@proxy_user tests
|
||
|
|
|
||
|
|
--echo ## @@external_user tests
|
||
|
|
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
|
|
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
||
|
|
GRANT PROXY ON plug_dest TO plug;
|
||
|
|
SELECT USER(),CURRENT_USER(),@@LOCAL.external_user;
|
||
|
|
|
||
|
|
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
|
|
SELECT @@GLOBAL.external_user;
|
||
|
|
SELECT @@LOCAL.external_user;
|
||
|
|
|
||
|
|
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
|
|
SET GLOBAL external_user = 'test';
|
||
|
|
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
|
|
SET LOCAL external_user = 'test';
|
||
|
|
SELECT @@LOCAL.external_user;
|
||
|
|
|
||
|
|
connect(plug_con,localhost,plug,plug_dest);
|
||
|
|
connection plug_con;
|
||
|
|
--echo # in connection plug_con
|
||
|
|
SELECT @@LOCAL.external_user;
|
||
|
|
connection default;
|
||
|
|
--echo # in connection default
|
||
|
|
disconnect plug_con;
|
||
|
|
|
||
|
|
--echo ## cleanup
|
||
|
|
DROP USER plug;
|
||
|
|
DROP USER plug_dest;
|
||
|
|
--echo ## END @@external_user tests
|