mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/main/grant5.result

475 lines
19 KiB
Text
Raw Normal View History

MDEV-6625 SHOW GRANTS for current_user_name@wrong_host_name
2014-08-21 21:25:22 +02:00
SHOW GRANTS FOR root@invalid_host;
ERROR 42000: There is no such grant defined for user 'root' on host 'invalid_host'
MDEV-9580 SHOW GRANTS FOR <current_user> fails use get_current_user() to distinguish user name without a hostname and a role name. move privilege checks inside mysql_show_grants() to remove duplicate get_current_user() calls
2016-04-21 14:51:37 +02:00
create user test;
create user foo;
create role foo;
grant foo to test;
Post-merge: Update test results
2016-07-01 05:56:18 +02:00
connect conn_1, localhost, test,,;
MDEV-9580 SHOW GRANTS FOR <current_user> fails use get_current_user() to distinguish user name without a hostname and a role name. move privilege checks inside mysql_show_grants() to remove duplicate get_current_user() calls
2016-04-21 14:51:37 +02:00
set role foo;
show grants for test;
Grants for test@%
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT `foo` TO `test`@`%`
GRANT USAGE ON *.* TO `test`@`%`
MDEV-9580 SHOW GRANTS FOR <current_user> fails use get_current_user() to distinguish user name without a hostname and a role name. move privilege checks inside mysql_show_grants() to remove duplicate get_current_user() calls
2016-04-21 14:51:37 +02:00
show grants for foo;
Grants for foo
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT USAGE ON *.* TO `foo`
MDEV-9580 SHOW GRANTS FOR <current_user> fails use get_current_user() to distinguish user name without a hostname and a role name. move privilege checks inside mysql_show_grants() to remove duplicate get_current_user() calls
2016-04-21 14:51:37 +02:00
show grants for foo@'%';
ERROR 42000: Access denied for user 'test'@'%' to database 'mysql'
Post-merge: Update test results
2016-07-01 05:56:18 +02:00
connection default;
MDEV-9580 SHOW GRANTS FOR <current_user> fails use get_current_user() to distinguish user name without a hostname and a role name. move privilege checks inside mysql_show_grants() to remove duplicate get_current_user() calls
2016-04-21 14:51:37 +02:00
drop user test, foo;
drop role foo;
MDEV-17975 Assertion `! is_set()' or `!is_set() || (m_status == DA_OK_BULK && is_bulk_op())' failed upon REVOKE under LOCK TABLE open_grant_tables() returns -1/0/1, where -1 is an error, while 1 is not. Don't store it's return value in bool
2018-12-19 15:23:54 +01:00
CREATE TABLE t1 (a INT);
LOCK TABLE t1 WRITE;
REVOKE EXECUTE ON PROCEDURE sp FROM u;
Merge 10.3 into 10.4
2019-01-06 16:43:02 +01:00
ERROR HY000: Table 'procs_priv' was not locked with LOCK TABLES
MDEV-17975 Assertion `! is_set()' or `!is_set() || (m_status == DA_OK_BULK && is_bulk_op())' failed upon REVOKE under LOCK TABLE open_grant_tables() returns -1/0/1, where -1 is an error, while 1 is not. Don't store it's return value in bool
2018-12-19 15:23:54 +01:00
REVOKE PROCESS ON *.* FROM u;
Merge 10.3 into 10.4
2019-01-06 16:43:02 +01:00
ERROR HY000: Table 'db' was not locked with LOCK TABLES
MDEV-17975 Assertion `! is_set()' or `!is_set() || (m_status == DA_OK_BULK && is_bulk_op())' failed upon REVOKE under LOCK TABLE open_grant_tables() returns -1/0/1, where -1 is an error, while 1 is not. Don't store it's return value in bool
2018-12-19 15:23:54 +01:00
DROP TABLE t1;
Merge branch '10.2' into 10.3
2020-08-03 13:41:29 +02:00
create database mysqltest1;
use mysqltest1;
create table t1(id int);
insert t1 values(2);
create user u1@localhost;
grant select on mysqltest1.t1 to u1@localhost;
grant update on mysqltest1.* to u1@localhost;
connect u1, localhost, u1;
update mysqltest1.t1 set id=1 where id=2;
connection default;
disconnect u1;
drop user u1@localhost;
drop database mysqltest1;
fix grant5 test to return to the original database.
2024-10-04 10:13:10 +02:00
use test;
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
#
Merge 10.3 into 10.4
2020-10-29 12:38:38 +01:00
# MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role
#
Merge 10.2 into 10.3
2020-10-28 09:01:50 +01:00
CREATE ROLE test_role;
CREATE USER test_user;
GRANT test_role TO test_user;
SET DEFAULT ROLE test_role FOR test_user;
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT `test_role` TO `test_user`@`%`
GRANT USAGE ON *.* TO `test_user`@`%`
MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE - Proceed with commit fafb35ee517f309d9e507f6e3908caca5d8cd257 Reviewed by: serg@mariadb.com
2021-07-07 10:58:25 +02:00
SET DEFAULT ROLE `test_role` FOR `test_user`@`%`
Merge 10.2 into 10.3
2020-10-28 09:01:50 +01:00
SET DEFAULT ROLE NONE for test_user;
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT `test_role` TO `test_user`@`%`
GRANT USAGE ON *.* TO `test_user`@`%`
Merge 10.3 into 10.4
2020-10-29 12:38:38 +01:00
connect test_user, localhost, test_user;
Merge 10.2 into 10.3
2020-10-28 09:01:50 +01:00
SET ROLE test_role;
SET DEFAULT ROLE test_role;
SHOW GRANTS;
Merge 10.3 into 10.4
2020-10-29 12:38:38 +01:00
Grants for test_user@%
GRANT `test_role` TO `test_user`@`%`
GRANT USAGE ON *.* TO `test_user`@`%`
Merge 10.2 into 10.3
2020-10-28 09:01:50 +01:00
GRANT USAGE ON *.* TO `test_role`
Merge branch '10.3' into 10.4
2021-07-31 22:59:58 +02:00
SET DEFAULT ROLE `test_role` FOR `test_user`@`%`
Merge 10.2 into 10.3
2020-10-28 09:01:50 +01:00
SET DEFAULT ROLE NONE;
SHOW GRANTS;
Merge 10.3 into 10.4
2020-10-29 12:38:38 +01:00
Grants for test_user@%
GRANT `test_role` TO `test_user`@`%`
GRANT USAGE ON *.* TO `test_user`@`%`
Merge 10.2 into 10.3
2020-10-28 09:01:50 +01:00
GRANT USAGE ON *.* TO `test_role`
Merge 10.3 into 10.4
2020-10-29 12:38:38 +01:00
disconnect test_user;
connection default;
Merge 10.2 into 10.3
2020-10-28 09:01:50 +01:00
DROP USER test_user;
DROP ROLE test_role;
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
#
# MDEV-20076: SHOW GRANTS does not quote role names properly
#
create role 'role1';
create role 'fetch';
create role 'role-1';
create role 'rock\'n\'roll';
create user 'user1'@'localhost';
create user 'fetch'@'localhost';
create user 'user-1'@'localhost';
create user 'O\'Brien'@'localhost';
grant select on mysql.user to role1;
grant select on mysql.user to 'fetch';
grant select on mysql.user to 'role-1';
grant select on mysql.user to 'rock\'n\'roll';
GRANT 'role1' TO 'user1'@'localhost';
GRANT 'fetch' TO 'fetch'@'localhost';
GRANT 'role-1' TO 'user-1'@'localhost';
GRANT 'rock\'n\'roll' TO 'O\'Brien'@'localhost';
show grants for 'role1';
Grants for role1
GRANT USAGE ON *.* TO `role1`
GRANT SELECT ON `mysql`.`user` TO `role1`
show grants for 'fetch';
Grants for fetch
GRANT USAGE ON *.* TO `fetch`
GRANT SELECT ON `mysql`.`user` TO `fetch`
show grants for 'role-1';
Grants for role-1
GRANT USAGE ON *.* TO `role-1`
GRANT SELECT ON `mysql`.`user` TO `role-1`
show grants for 'rock\'n\'roll';
Grants for rock'n'roll
GRANT USAGE ON *.* TO `rock'n'roll`
GRANT SELECT ON `mysql`.`user` TO `rock'n'roll`
show grants for 'user1'@'localhost';
Grants for user1@localhost
GRANT `role1` TO `user1`@`localhost`
GRANT USAGE ON *.* TO `user1`@`localhost`
show grants for 'fetch'@'localhost';
Grants for fetch@localhost
GRANT `fetch` TO `fetch`@`localhost`
GRANT USAGE ON *.* TO `fetch`@`localhost`
show grants for 'user-1'@'localhost';
Grants for user-1@localhost
GRANT `role-1` TO `user-1`@`localhost`
GRANT USAGE ON *.* TO `user-1`@`localhost`
show grants for 'O\'Brien'@'localhost';
Grants for O'Brien@localhost
GRANT `rock'n'roll` TO `O'Brien`@`localhost`
GRANT USAGE ON *.* TO `O'Brien`@`localhost`
set @save_sql_quote_show_create= @@sql_quote_show_create;
set @@sql_quote_show_create= OFF;
show grants for 'role1';
Grants for role1
GRANT USAGE ON *.* TO role1
GRANT SELECT ON `mysql`.`user` TO role1
show grants for 'fetch';
Grants for fetch
GRANT USAGE ON *.* TO `fetch`
GRANT SELECT ON `mysql`.`user` TO `fetch`
show grants for 'role-1';
Grants for role-1
GRANT USAGE ON *.* TO `role-1`
GRANT SELECT ON `mysql`.`user` TO `role-1`
show grants for 'rock\'n\'roll';
Grants for rock'n'roll
GRANT USAGE ON *.* TO `rock'n'roll`
GRANT SELECT ON `mysql`.`user` TO `rock'n'roll`
show grants for 'user1'@'localhost';
Grants for user1@localhost
GRANT role1 TO user1@localhost
GRANT USAGE ON *.* TO user1@localhost
show grants for 'fetch'@'localhost';
Grants for fetch@localhost
GRANT `fetch` TO `fetch`@localhost
GRANT USAGE ON *.* TO `fetch`@localhost
show grants for 'user-1'@'localhost';
Grants for user-1@localhost
GRANT `role-1` TO `user-1`@localhost
GRANT USAGE ON *.* TO `user-1`@localhost
show grants for 'O\'Brien'@'localhost';
Grants for O'Brien@localhost
GRANT `rock'n'roll` TO `O'Brien`@localhost
GRANT USAGE ON *.* TO `O'Brien`@localhost
set @@sql_quote_show_create= @save_sql_quote_show_create;
drop role 'role1';
drop role 'fetch';
drop role 'role-1';
drop role 'rock\'n\'roll';
drop user 'user1'@'localhost';
drop user 'fetch'@'localhost';
drop user 'user-1'@'localhost';
drop user 'O\'Brien'@'localhost';
MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE - Proceed with commit fafb35ee517f309d9e507f6e3908caca5d8cd257 Reviewed by: serg@mariadb.com
2021-07-07 10:58:25 +02:00
#
# MDEV-26080 SHOW GRANTS does not quote role names properly for DEFAULT ROLE
#
CREATE USER 'test-user';
CREATE ROLE `r``o'l"e`;
Fix grant5.test with view protocol
2024-10-15 12:42:45 +02:00
select user as User from mysql.user where is_role='Y';
Merge branch '10.3' into 10.4
2021-07-31 22:59:58 +02:00
User
MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE - Proceed with commit fafb35ee517f309d9e507f6e3908caca5d8cd257 Reviewed by: serg@mariadb.com
2021-07-07 10:58:25 +02:00
r`o'l"e
GRANT `r``o'l"e` TO 'test-user';
SET DEFAULT ROLE `r``o'l"e` FOR 'test-user';
SHOW GRANTS FOR 'test-user';
Grants for test-user@%
GRANT `r``o'l"e` TO `test-user`@`%`
GRANT USAGE ON *.* TO `test-user`@`%`
SET DEFAULT ROLE `r``o'l"e` FOR `test-user`@`%`
DROP ROLE `r``o'l"e`;
DROP USER 'test-user';
MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB - Added missing information about database of corresponding table for various types of commands - Update some typos - Reviewed by: <vicentiu@mariadb.org>
2022-07-16 14:39:17 +02:00
#
# MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB
#
create database db1;
create user foo@localhost;
grant create on db1.* to foo@localhost;
connect con1,localhost,foo,,db1;
create table t(t int);
show columns in t;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table `db1`.`t`
show columns in db1.t;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table `db1`.`t`
create view t_v as select * from t;
ERROR 42000: CREATE VIEW command denied to user 'foo'@'localhost' for table `db1`.`t_v`
show create view t_v;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table `db1`.`t_v`
create table t2(id int primary key, b int);
create table t3(a int, b int, CONSTRAINT `fk_db2_db1_t1`
FOREIGN KEY (a)
REFERENCES `db1 `.t1 (a)
ON DELETE CASCADE
ON UPDATE RESTRICT);
ERROR 42000: Incorrect database name 'db1 '
create table t3(a int, b int, CONSTRAINT `fk_db2_db3_t1`
FOREIGN KEY (a)
REFERENCES db3.t1 (a)
ON DELETE CASCADE
ON UPDATE RESTRICT);
ERROR 42000: REFERENCES command denied to user 'foo'@'localhost' for table `db3`.`t1`
create table t1(a int, b int, CONSTRAINT `fk_db2_db3_t1`
FOREIGN KEY (a)
REFERENCES t2 (id)
ON DELETE CASCADE
ON UPDATE RESTRICT);
ERROR 42000: REFERENCES command denied to user 'foo'@'localhost' for table `db1`.`t2`
connection default;
disconnect con1;
grant create view, select on db1.* to foo@localhost;
connect con1,localhost,foo,,db1;
create view t_v as select * from t;
show grants;
Grants for foo@localhost
GRANT USAGE ON *.* TO `foo`@`localhost`
GRANT SELECT, CREATE, CREATE VIEW ON `db1`.* TO `foo`@`localhost`
show create view t_v;
ERROR 42000: SHOW VIEW command denied to user 'foo'@'localhost' for table `db1`.`t_v`
connection default;
disconnect con1;
grant show view on db1.* to foo@localhost;
connect con1,localhost,foo,,db1;
show grants;
Grants for foo@localhost
GRANT USAGE ON *.* TO `foo`@`localhost`
GRANT SELECT, CREATE, CREATE VIEW, SHOW VIEW ON `db1`.* TO `foo`@`localhost`
show create view t_v;
View Create View character_set_client collation_connection
t_v CREATE ALGORITHM=UNDEFINED DEFINER=`foo`@`localhost` SQL SECURITY DEFINER VIEW `t_v` AS select `t`.`t` AS `t` from `t` latin1 latin1_swedish_ci
connection default;
disconnect con1;
drop database db1;
drop user foo@localhost;
MDEV-28455: CREATE TEMPORARY TABLES privilege is insufficient for SHOW COLUMNS =========== Problem ============= - `show columns` is not working for temporary tables, even though there is enough privilege `create temporary tables`. =========== Solution ============= - Append `TMP_TABLE_ACLS` privilege when running `show columns` for temp tables. - Additionally `check_access()` for database only once, not for each field =========== Additionally ============= - Update comments for function `check_table_access` arguments Reviewed by: <vicentiu@mariadb.org>
2022-07-04 15:27:36 +02:00
#
# MDEV-28455: CREATE TEMPORARY TABLES privilege
# is insufficient for SHOW COLUMNS
#
create database db;
create user foo@localhost;
create user bar@localhost;
create user buz@localhost;
grant create temporary tables on db.* to foo@localhost;
grant create temporary tables on db.* to bar@localhost;
connect con1,localhost,foo,,db;
create temporary table tmp (a int, key(a));
show tables;
Tables_in_db
show full tables;
Tables_in_db Table_type
show table status;
Name Engine Version Row_format Rows Avg_row_length Data_length Max_data_length Index_length Data_free Auto_increment Create_time Update_time Check_time Collation Checksum Create_options Comment Max_index_length Temporary
show index in tmp;
Table Non_unique Key_name Seq_in_index Column_name Collation Cardinality Sub_part Packed Null Index_type Comment Index_comment
tmp 1 a 1 a A NULL NULL NULL YES BTREE
show columns in tmp;
Field Type Null Key Default Extra
a int(11) YES MUL NULL
show full columns in tmp;
Field Type Collation Null Key Default Extra Privileges Comment
a int(11) NULL YES MUL NULL select,insert,update,references
# we don't expect to show temporary tables in information_schema.columns
select * from information_schema.columns where table_schema='db';
TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME ORDINAL_POSITION COLUMN_DEFAULT IS_NULLABLE DATA_TYPE CHARACTER_MAXIMUM_LENGTH CHARACTER_OCTET_LENGTH NUMERIC_PRECISION NUMERIC_SCALE DATETIME_PRECISION CHARACTER_SET_NAME COLLATION_NAME COLUMN_TYPE COLUMN_KEY EXTRA PRIVILEGES COLUMN_COMMENT IS_GENERATED GENERATION_EXPRESSION
disconnect con1;
connect con1,localhost,bar,,db;
show full columns in tmp;
ERROR 42000: SELECT command denied to user 'bar'@'localhost' for table `db`.`tmp`
disconnect con1;
connection default;
grant select on db.* to bar@localhost;
connect con1,localhost,bar,,db;
show grants for current_user;
Grants for bar@localhost
GRANT USAGE ON *.* TO `bar`@`localhost`
GRANT SELECT, CREATE TEMPORARY TABLES ON `db`.* TO `bar`@`localhost`
show full columns in tmp;
ERROR 42S02: Table 'db.tmp' doesn't exist
disconnect con1;
connect con1,localhost,buz,,;
show columns in db.tmp;
ERROR 42000: SELECT command denied to user 'buz'@'localhost' for table `db`.`tmp`
disconnect con1;
connection default;
drop database db;
drop user foo@localhost;
drop user bar@localhost;
drop user buz@localhost;
MDEV-30023 Revoking Privilege on the Column Yields the Error The change from MDEV-29465 exposed a flaw in replace_column_table where again we were not properly updating the column-level bits. replace_table_table was changed in MDEV-29465 to properly update grant_table->init_cols, however replace_column_table still only modified grant_column->rights when the GRANT_COLUMN already existed. This lead to a missmatch between GRANT_COLUMN::init_rights and GRANT_COLUMN::rights, *if* the GRANT_COLUMN already existed. As an example: GRANT SELECT (col1) ... Here: For col1 GRANT_COLUMN::init_rights and GRANT_COLUMN::rights are set to 1 (SELECT) in replace_column_table. GRANT INSERT (col1) ... Here, without this patch GRANT_COLUMN::init_rights is still 1 and GRANT_COLUMN::rights is 3 (SELECT_PRIV | INSERT_PRIV) Finally, if before this patch, one does: REVOKE SELECT (col1) ... replace_table_table will see that init_rights loses bit 1 thus it considers there are no more rights granted on that particular table. This prompts the whole GRANT_TABLE to be removed via the first revoke, when the GRANT_COLUMN corresponding to it should still have init_rights == 2. By also updating replace_column_table to keep init_rights in sync properly, the issue is resolved. Reviewed by <serg@mariadb.com>
2022-11-24 18:50:14 +01:00
CREATE USER foo;
CREATE DATABASE db;
CREATE TABLE db.test_getcolpriv(col1 INT, col2 INT);
GRANT SELECT (col1,col2) ON db.test_getcolpriv TO foo;
GRANT INSERT (col1) ON db.test_getcolpriv TO foo;
SHOW GRANTS FOR foo;
Grants for foo@%
GRANT USAGE ON *.* TO `foo`@`%`
MDEV-30056 Impossible to export column grants
2022-11-25 19:04:31 +01:00
GRANT SELECT (`col2`, `col1`), INSERT (`col1`) ON `db`.`test_getcolpriv` TO `foo`@`%`
MDEV-30023 Revoking Privilege on the Column Yields the Error The change from MDEV-29465 exposed a flaw in replace_column_table where again we were not properly updating the column-level bits. replace_table_table was changed in MDEV-29465 to properly update grant_table->init_cols, however replace_column_table still only modified grant_column->rights when the GRANT_COLUMN already existed. This lead to a missmatch between GRANT_COLUMN::init_rights and GRANT_COLUMN::rights, *if* the GRANT_COLUMN already existed. As an example: GRANT SELECT (col1) ... Here: For col1 GRANT_COLUMN::init_rights and GRANT_COLUMN::rights are set to 1 (SELECT) in replace_column_table. GRANT INSERT (col1) ... Here, without this patch GRANT_COLUMN::init_rights is still 1 and GRANT_COLUMN::rights is 3 (SELECT_PRIV | INSERT_PRIV) Finally, if before this patch, one does: REVOKE SELECT (col1) ... replace_table_table will see that init_rights loses bit 1 thus it considers there are no more rights granted on that particular table. This prompts the whole GRANT_TABLE to be removed via the first revoke, when the GRANT_COLUMN corresponding to it should still have init_rights == 2. By also updating replace_column_table to keep init_rights in sync properly, the issue is resolved. Reviewed by <serg@mariadb.com>
2022-11-24 18:50:14 +01:00
REVOKE SELECT (col1,col2) ON db.test_getcolpriv FROM foo;
SHOW GRANTS FOR foo;
Grants for foo@%
GRANT USAGE ON *.* TO `foo`@`%`
MDEV-30056 Impossible to export column grants
2022-11-25 19:04:31 +01:00
GRANT INSERT (`col1`) ON `db`.`test_getcolpriv` TO `foo`@`%`
MDEV-30023 Revoking Privilege on the Column Yields the Error The change from MDEV-29465 exposed a flaw in replace_column_table where again we were not properly updating the column-level bits. replace_table_table was changed in MDEV-29465 to properly update grant_table->init_cols, however replace_column_table still only modified grant_column->rights when the GRANT_COLUMN already existed. This lead to a missmatch between GRANT_COLUMN::init_rights and GRANT_COLUMN::rights, *if* the GRANT_COLUMN already existed. As an example: GRANT SELECT (col1) ... Here: For col1 GRANT_COLUMN::init_rights and GRANT_COLUMN::rights are set to 1 (SELECT) in replace_column_table. GRANT INSERT (col1) ... Here, without this patch GRANT_COLUMN::init_rights is still 1 and GRANT_COLUMN::rights is 3 (SELECT_PRIV | INSERT_PRIV) Finally, if before this patch, one does: REVOKE SELECT (col1) ... replace_table_table will see that init_rights loses bit 1 thus it considers there are no more rights granted on that particular table. This prompts the whole GRANT_TABLE to be removed via the first revoke, when the GRANT_COLUMN corresponding to it should still have init_rights == 2. By also updating replace_column_table to keep init_rights in sync properly, the issue is resolved. Reviewed by <serg@mariadb.com>
2022-11-24 18:50:14 +01:00
REVOKE INSERT (col1) ON db.test_getcolpriv FROM foo;
SHOW GRANTS FOR foo;
Grants for foo@%
GRANT USAGE ON *.* TO `foo`@`%`
FLUSH PRIVILEGES;
SHOW GRANTS FOR foo;
Grants for foo@%
GRANT USAGE ON *.* TO `foo`@`%`
DROP USER foo;
DROP DATABASE db;
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
# End of 10.3 tests
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
create user u1@h identified with 'mysql_native_password' using 'pwd';
ERROR HY000: Password hash should be a 41-digit hexadecimal number
create user u1@h identified with 'mysql_native_password' using password('pwd');
create user u2@h identified with 'mysql_native_password' using '*975B2CD4FF9AE554FE8AD33168FBFC326D2021DD';
create user u3@h identified with 'mysql_native_password';
set password for u3@h = 'pwd';
ERROR HY000: Password hash should be a 41-digit hexadecimal number
set password for u3@h = password('pwd');
create user u4@h identified with 'mysql_native_password';
set password for u4@h = '*975B2CD4FF9AE554FE8AD33168FBFC326D2021DD';
create user u5@h identified with 'mysql_old_password' using 'pwd';
ERROR HY000: Password hash should be a 16-digit hexadecimal number
create user u5@h identified with 'mysql_old_password' using password('pwd');
create user u6@h identified with 'mysql_old_password' using '78a302dd267f6044';
create user u7@h identified with 'mysql_old_password';
set password for u7@h = 'pwd';
ERROR HY000: Password hash should be a 41-digit hexadecimal number
set password for u7@h = old_password('pwd');
create user u8@h identified with 'mysql_old_password';
set password for u8@h = '78a302dd267f6044';
Fix grant5.test with view protocol
2024-10-15 12:42:45 +02:00
select user as User,host as Host,plugin,authentication_string from mysql.user where host='h';
MDEV-17658 change the structure of mysql.user table Implement User_table_json. Fix scripts to use mysql.global_priv. Fix tests.
2018-11-24 14:13:41 +01:00
User Host plugin authentication_string
u1 h mysql_native_password *975B2CD4FF9AE554FE8AD33168FBFC326D2021DD
u2 h mysql_native_password *975B2CD4FF9AE554FE8AD33168FBFC326D2021DD
u3 h mysql_native_password *975B2CD4FF9AE554FE8AD33168FBFC326D2021DD
u4 h mysql_native_password *975B2CD4FF9AE554FE8AD33168FBFC326D2021DD
u5 h mysql_old_password 78a302dd267f6044
u6 h mysql_old_password 78a302dd267f6044
u7 h mysql_old_password 78a302dd267f6044
u8 h mysql_old_password 78a302dd267f6044
update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'bad') where user='u1';
update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'bad') where user='u5';
update mysql.global_priv set priv=json_set(priv, '$.plugin', 'nonexistent') where user='u8';
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
flush privileges;
show create user u1@h;
MDEV-17950 SHOW GRANTS FOR does not work for a user identified with non-existing plugin Revert the side effect of 7c40996cc866. Do not convert password hash to its binary representation when a user entry is loaded. Do it lazily on the first authenticatation attempt. As a collateral - force all authentication plugins to follow the protocol and read_packet at least once before accessing info->username (username is not available before first client handshake packet is read). Fix PAM and GSSAPI plugins to behave.
2019-01-12 15:56:25 +01:00
CREATE USER for u1@h
Merge branch '10.3' into 10.4
2020-02-11 14:40:35 +01:00
CREATE USER `u1`@`h` IDENTIFIED BY PASSWORD 'bad'
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
show create user u2@h;
CREATE USER for u2@h
Merge branch '10.3' into 10.4
2020-02-11 14:40:35 +01:00
CREATE USER `u2`@`h` IDENTIFIED BY PASSWORD '*975B2CD4FF9AE554FE8AD33168FBFC326D2021DD'
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
show create user u3@h;
CREATE USER for u3@h
Merge branch '10.3' into 10.4
2020-02-11 14:40:35 +01:00
CREATE USER `u3`@`h` IDENTIFIED BY PASSWORD '*975B2CD4FF9AE554FE8AD33168FBFC326D2021DD'
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
show create user u4@h;
CREATE USER for u4@h
Merge branch '10.3' into 10.4
2020-02-11 14:40:35 +01:00
CREATE USER `u4`@`h` IDENTIFIED BY PASSWORD '*975B2CD4FF9AE554FE8AD33168FBFC326D2021DD'
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
show create user u5@h;
MDEV-17950 SHOW GRANTS FOR does not work for a user identified with non-existing plugin Revert the side effect of 7c40996cc866. Do not convert password hash to its binary representation when a user entry is loaded. Do it lazily on the first authenticatation attempt. As a collateral - force all authentication plugins to follow the protocol and read_packet at least once before accessing info->username (username is not available before first client handshake packet is read). Fix PAM and GSSAPI plugins to behave.
2019-01-12 15:56:25 +01:00
CREATE USER for u5@h
Merge branch '10.3' into 10.4
2020-02-11 14:40:35 +01:00
CREATE USER `u5`@`h` IDENTIFIED BY PASSWORD 'bad'
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
show create user u6@h;
CREATE USER for u6@h
Merge branch '10.3' into 10.4
2020-02-11 14:40:35 +01:00
CREATE USER `u6`@`h` IDENTIFIED BY PASSWORD '78a302dd267f6044'
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
show create user u7@h;
CREATE USER for u7@h
Merge branch '10.3' into 10.4
2020-02-11 14:40:35 +01:00
CREATE USER `u7`@`h` IDENTIFIED BY PASSWORD '78a302dd267f6044'
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
show create user u8@h;
MDEV-17950 SHOW GRANTS FOR does not work for a user identified with non-existing plugin Revert the side effect of 7c40996cc866. Do not convert password hash to its binary representation when a user entry is loaded. Do it lazily on the first authenticatation attempt. As a collateral - force all authentication plugins to follow the protocol and read_packet at least once before accessing info->username (username is not available before first client handshake packet is read). Fix PAM and GSSAPI plugins to behave.
2019-01-12 15:56:25 +01:00
CREATE USER for u8@h
Merge branch '10.3' into 10.4
2020-02-11 14:40:35 +01:00
CREATE USER `u8`@`h` IDENTIFIED VIA nonexistent USING '78a302dd267f6044'
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
grant select on *.* to u1@h;
grant select on *.* to u2@h;
grant select on *.* to u3@h;
grant select on *.* to u4@h;
grant select on *.* to u5@h;
grant select on *.* to u6@h;
grant select on *.* to u7@h;
grant select on *.* to u8@h;
Fix grant5.test with view protocol
2024-10-15 12:42:45 +02:00
select user as User,select_priv as Select_priv,plugin,authentication_string from mysql.user where user like 'u_';
MDEV-17658 change the structure of mysql.user table Implement User_table_json. Fix scripts to use mysql.global_priv. Fix tests.
2018-11-24 14:13:41 +01:00
User Select_priv plugin authentication_string
MDEV-17950 SHOW GRANTS FOR does not work for a user identified with non-existing plugin Revert the side effect of 7c40996cc866. Do not convert password hash to its binary representation when a user entry is loaded. Do it lazily on the first authenticatation attempt. As a collateral - force all authentication plugins to follow the protocol and read_packet at least once before accessing info->username (username is not available before first client handshake packet is read). Fix PAM and GSSAPI plugins to behave.
2019-01-12 15:56:25 +01:00
u1 Y mysql_native_password bad
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
u2 Y mysql_native_password *975B2CD4FF9AE554FE8AD33168FBFC326D2021DD
u3 Y mysql_native_password *975B2CD4FF9AE554FE8AD33168FBFC326D2021DD
u4 Y mysql_native_password *975B2CD4FF9AE554FE8AD33168FBFC326D2021DD
MDEV-17950 SHOW GRANTS FOR does not work for a user identified with non-existing plugin Revert the side effect of 7c40996cc866. Do not convert password hash to its binary representation when a user entry is loaded. Do it lazily on the first authenticatation attempt. As a collateral - force all authentication plugins to follow the protocol and read_packet at least once before accessing info->username (username is not available before first client handshake packet is read). Fix PAM and GSSAPI plugins to behave.
2019-01-12 15:56:25 +01:00
u5 Y mysql_old_password bad
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
u6 Y mysql_old_password 78a302dd267f6044
u7 Y mysql_old_password 78a302dd267f6044
MDEV-17950 SHOW GRANTS FOR does not work for a user identified with non-existing plugin Revert the side effect of 7c40996cc866. Do not convert password hash to its binary representation when a user entry is loaded. Do it lazily on the first authenticatation attempt. As a collateral - force all authentication plugins to follow the protocol and read_packet at least once before accessing info->username (username is not available before first client handshake packet is read). Fix PAM and GSSAPI plugins to behave.
2019-01-12 15:56:25 +01:00
u8 Y nonexistent 78a302dd267f6044
MDEV-12321 authentication plugin: SET PASSWORD support Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2018-10-17 12:48:13 +02:00
drop user u1@h, u2@h, u3@h, u4@h, u5@h, u6@h, u7@h, u8@h;
MDEV-14735 better matching order for grants fixes MDEV-14732 mysql.db privileges evaluated on order of grants rather than hierarchically MDEV-8269 Correct fix for Bug #20181776 :- ACCESS CONTROL DOESN'T MATCH MOST SPECIFIC HOST WHEN IT CONTAINS WILDCARD reimplement the old ad hoc get_sort() function to use a wildcard pattern ordering logic that works correctly in may be all practical cases. get_sort() is renamed to catch merge errors at compilation time. moved to a separate included file, because of a long comment.
2019-06-10 12:13:39 +02:00
create database mysqltest_1;
create user twg@'%' identified by 'test';
create table mysqltest_1.t1(id int);
grant create, drop on `mysqltest_1%`.* to twg@'%';
grant all privileges on `mysqltest_1`.* to twg@'%';
connect conn1,localhost,twg,test,mysqltest_1;
insert into t1 values(1);
disconnect conn1;
connection default;
revoke all privileges, grant option from twg@'%';
grant create, drop on `mysqlt%`.* to twg@'%';
grant all privileges on `mysqlt%1`.* to twg@'%';
connect conn1,localhost,twg,test,mysqltest_1;
insert into t1 values(1);
disconnect conn1;
connection default;
revoke all privileges, grant option from twg@'%';
grant create, drop on `mysqlt%`.* to twg@'%';
grant all privileges on `%mysqltest_1`.* to twg@'%';
connect conn1,localhost,twg,test,mysqltest_1;
insert into t1 values(1);
disconnect conn1;
connection default;
drop database mysqltest_1;
drop user twg@'%';
bugfix: crash on the empty db name followup for 0a43df4fbc7
2019-06-17 23:33:04 +02:00
insert mysql.tables_priv (host,db,user,table_name,grantor,table_priv) values ('localhost','','otto','t1','root@localhost','select');
flush privileges;
delete from mysql.tables_priv where db='';
MDEV-21560 Assertion `grant_table || grant_table_role' failed in check_grant_all_columns With RETURNING it can happen that the user has some privileges on the table (namely, DELETE), but later needs different privileges on individual columns (namely, SELECT). Do the same as in check_grant_column() - ER_COLUMNACCESS_DENIED_ERROR, not an assert.
2020-06-13 12:49:22 +02:00
create database db;
create table db.t1 (a int);
insert into db.t1 values (1);
create user foo;
grant delete on db.* to foo;
connect con1,localhost,foo,,;
show create table db.t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
Merge 10.3 into 10.4
2022-09-13 15:36:38 +02:00
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci
MDEV-21560 Assertion `grant_table || grant_table_role' failed in check_grant_all_columns With RETURNING it can happen that the user has some privileges on the table (namely, DELETE), but later needs different privileges on individual columns (namely, SELECT). Do the same as in check_grant_column() - ER_COLUMNACCESS_DENIED_ERROR, not an assert.
2020-06-13 12:49:22 +02:00
delete from db.t1 returning *;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'a' in table 't1'
disconnect con1;
connection default;
drop database db;
drop user foo;
MDEV-23009 SIGSEGV in get_field from acl_load (on optimized builds) Classes that handle privilege tables (like Tables_priv_table) could read some columns conditionally but they expect a certain minimal number of colunms always to exist. Add a check for a minimal required number of columns in privilege tables, don't use a table that has fewer columns than required.
2020-07-23 16:17:59 +02:00
call mtr.add_suppression('mysql.host table is damaged');
create table mysql.host (c1 int);
insert mysql.host values (1);
flush privileges;
ERROR HY000: Fatal error: mysql.host table is damaged or in unsupported 3.20 format
drop table mysql.host;
MDEV-30826 Invalid data on mysql.host segfaults the server after an upgrade to 10.4 convert empty host.db to "%", just as it's done for host.hostname (in update_hostname())
2023-03-10 18:14:45 +01:00
#
# MDEV-30826 Invalid data on mysql.host segfaults the server after an upgrade to 10.4
#
create table mysql.host (host char(60) binary default '' not null, db char(64) binary default '' not null, select_priv enum('n','y') collate utf8_general_ci default 'n' not null, insert_priv enum('n','y') collate utf8_general_ci default 'n' not null, update_priv enum('n','y') collate utf8_general_ci default 'n' not null, delete_priv enum('n','y') collate utf8_general_ci default 'n' not null, create_priv enum('n','y') collate utf8_general_ci default 'n' not null, drop_priv enum('n','y') collate utf8_general_ci default 'n' not null, grant_priv enum('n','y') collate utf8_general_ci default 'n' not null, references_priv enum('n','y') collate utf8_general_ci default 'n' not null, index_priv enum('n','y') collate utf8_general_ci default 'n' not null, alter_priv enum('n','y') collate utf8_general_ci default 'n' not null, create_tmp_table_priv enum('n','y') collate utf8_general_ci default 'n' not null, lock_tables_priv enum('n','y') collate utf8_general_ci default 'n' not null, create_view_priv enum('n','y') collate utf8_general_ci default 'n' not null, show_view_priv enum('n','y') collate utf8_general_ci default 'n' not null, create_routine_priv enum('n','y') collate utf8_general_ci default 'n' not null, alter_routine_priv enum('n','y') collate utf8_general_ci default 'n' not null, execute_priv enum('n','y') collate utf8_general_ci default 'n' not null, trigger_priv enum('n','y') collate utf8_general_ci default 'n' not null, primary key /*host*/ (host,db)) engine=myisam character set utf8 collate utf8_bin comment='host privileges; merged with database privileges';
insert mysql.host values('10.5.0.0/255.255.0.0','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','N');
flush privileges;
drop table mysql.host;
Merge branch '10.3' into 10.4
2020-02-11 14:40:35 +01:00
# End of 10.4 tests
MDEV-30826 Invalid data on mysql.host segfaults the server after an upgrade to 10.4 convert empty host.db to "%", just as it's done for host.hostname (in update_hostname())
2023-03-10 18:14:45 +01:00
#
MDEV-18151 Skipped error returning for GRANT/SET PASSWORD Make error issueing for GRANT and SET PASSWORD the same. Report errors wich were skipped before.
2024-10-04 09:28:46 +02:00
# MDEV-18151: Skipped error returning for GRANT/SET PASSWORD
#
CREATE USER foo@localhost;
GRANT FILE ON *.* TO foo@localhost IDENTIFIED VIA not_installed_plugin;
ERROR HY000: Plugin 'not_installed_plugin' is not loaded
DROP USER foo@localhost;
CREATE USER foo@localhost IDENTIFIED VIA not_installed_plugin;
ERROR HY000: Plugin 'not_installed_plugin' is not loaded
# End of 10.5 tests
Reference in a new issue Copy permalink