mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-30 18:41:56 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/t/sp-security.test

101 lines
1.6 KiB
Text
Raw Normal View History

WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
#
# Testing SQL SECURITY of stored procedures
#
connect (con1root,localhost,root,,);
connection con1root;
use test;
# Create dummy user with no particular access rights
grant usage on *.* to dummy@localhost;
--disable_warnings
drop database if exists db1_secret;
--enable_warnings
# Create our secret database
create database db1_secret;
use db1_secret;
create table t1 ( u varchar(64), i int );
# Our test procedure
create procedure stamp(i int)
insert into db1_secret.t1 values (user(), i);
--replace_column 4 '0000-00-00 00:00:00' 5 '0000-00-00 00:00:00'
show procedure status like 'stamp';
# root can, of course
call stamp(1);
select * from t1;
connect (con2dummy,localhost,dummy,,);
connect (con3anon,localhost,anon,,);
#
# Dummy can
#
connection con2dummy;
# This should work...
call stamp(2);
# ...but not this
--error 1044
select * from db1_secret.t1;
#
# Anonymous can
#
connection con3anon;
# This should work...
call stamp(3);
# ...but not this
--error 1044
select * from db1_secret.t1;
#
# Check it out
#
connection con1root;
select * from t1;
#
# Change to invoker's rights
#
alter procedure stamp sql security invoker;
--replace_column 4 '0000-00-00 00:00:00' 5 '0000-00-00 00:00:00'
show procedure status like 'stamp';
# root still can
call stamp(4);
select * from t1;
#
# Dummy cannot
#
connection con2dummy;
# This should not work
--error 1044
call stamp(5);
#
# Anonymous cannot
#
connection con3anon;
# This should not work
--error 1044
call stamp(6);
# Clean up
connection con1root;
Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. Added missing cleanup in sp-security.test. mysql-test/r/sp-security.result: Added clean-up. mysql-test/t/sp-security.test: Added clean-up. sql/item_func.cc: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. sql/sp_head.cc: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. sql/sp_head.h: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. sql/sql_parse.cc: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server.
2003-12-16 14:15:27 +01:00
drop procedure stamp;
WL#1365: Implement definer's rights execution of stored procedures. (Also put the hostpart back in the definer column.) mysql-test/r/sp-error.result: Moved error test from sp.test mysql-test/r/sp.result: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. mysql-test/t/sp-error.test: Moved error test from sp.test mysql-test/t/sp.test: Moved error test to sp-error.test. Put hostpart back into definer column in mysql.proc. sql/item_func.cc: (Maybe) switch security context before invoking a stored function. sql/sp.cc: Renamed creator into definer, for more consistent terminology, and put the hostpart back. sql/sp_head.cc: Some fixes in the way things are allocated, and moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sp_head.h: Moved set_info() definition here from sp_head.h. creator is now called definer, and is split into a user and host part. Added functions for (possible) change and restore of privileges, for sql security definer calls. sql/sql_acl.cc: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_acl.h: New function acl_getroot_no_password() for getting the privileges used when calling an SP with sql security definer. sql/sql_parse.cc: (Maybe) switch security context before invoking a stored procedure. sql/sql_yacc.yy: Fixed typo.
2003-12-13 16:40:52 +01:00
use test;
drop database db1_secret;
delete from mysql.user where user='dummy';
Reference in a new issue Copy permalink