mariadb/mysql-test/r/sp-security.result

use test;
grant usage on *.* to user1@localhost;
flush privileges;
drop table if exists t1;
drop database if exists db1_secret;
create database db1_secret;
create procedure db1_secret.dummy() begin end;
drop procedure db1_secret.dummy;
use db1_secret;
create table t1 ( u varchar(64), i int );
create procedure stamp(i int)
insert into db1_secret.t1 values (user(), i);
show procedure status like 'stamp';
Db	Name	Type	Definer	Modified	Created	Security_type	Comment
db1_secret	stamp	PROCEDURE	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	DEFINER	
create function db() returns varchar(64) return database();
show function status like 'db';
Db	Name	Type	Definer	Modified	Created	Security_type	Comment
db1_secret	db	FUNCTION	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	DEFINER	
call stamp(1);
select * from t1;
u	i
root@localhost	1
select db();
db()
db1_secret
grant execute on procedure db1_secret.stamp to user1@'%';
grant execute on function db1_secret.db to user1@'%';
grant execute on procedure db1_secret.stamp to ''@'%';
grant execute on function db1_secret.db to ''@'%';
call db1_secret.stamp(2);
select db1_secret.db();
db1_secret.db()
db1_secret
select * from db1_secret.t1;
ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1'
create procedure db1_secret.dummy() begin end;
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
drop procedure db1_secret.dummy;
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
call db1_secret.stamp(3);
select db1_secret.db();
db1_secret.db()
db1_secret
select * from db1_secret.t1;
ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1'
create procedure db1_secret.dummy() begin end;
ERROR 42000: Access denied for user ''@'%' to database 'db1_secret'
drop procedure db1_secret.dummy;
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
select * from t1;
u	i
root@localhost	1
user1@localhost	2
anon@localhost	3
alter procedure stamp sql security invoker;
show procedure status like 'stamp';
Db	Name	Type	Definer	Modified	Created	Security_type	Comment
db1_secret	stamp	PROCEDURE	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	INVOKER	
alter function db sql security invoker;
show function status like 'db';
Db	Name	Type	Definer	Modified	Created	Security_type	Comment
db1_secret	db	FUNCTION	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	INVOKER	
call stamp(4);
select * from t1;
u	i
root@localhost	1
user1@localhost	2
anon@localhost	3
root@localhost	4
select db();
db()
db1_secret
call db1_secret.stamp(5);
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
select db1_secret.db();
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
call db1_secret.stamp(6);
ERROR 42000: Access denied for user ''@'%' to database 'db1_secret'
select db1_secret.db();
ERROR 42000: Access denied for user ''@'%' to database 'db1_secret'
drop database if exists db2;
create database db2;
use db2;
create table t2 (s1 int);
insert into t2 values (0);
grant usage on db2.* to user1@localhost;
grant select on db2.* to user1@localhost;
grant usage on db2.* to user2@localhost;
grant select,insert,update,delete,create routine on db2.* to user2@localhost;
grant create routine on db2.* to user1@localhost;
flush privileges;
use db2;
create procedure p () insert into t2 values (1);
call p();
ERROR 42000: INSERT command denied to user 'user1'@'localhost' for table 't2'
use db2;
call p();
ERROR 42000: execute command denied to user 'user2'@'localhost' for routine 'db2.p'
select * from t2;
s1
0
create procedure q () insert into t2 values (2);
call q();
select * from t2;
s1
0
2
grant usage on procedure db2.q to user2@localhost with grant option;
grant execute on procedure db2.q to user1@localhost;
use db2;
call q();
select * from t2;
s1
0
2
2
alter procedure p modifies sql data;
drop procedure p;
alter procedure q modifies sql data;
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q'
drop procedure q;
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q'
use db2;
alter procedure q modifies sql data;
drop procedure q;
use test;
select type,db,name from mysql.proc;
type	db	name
FUNCTION	db1_secret	db
PROCEDURE	db1_secret	stamp
drop database db1_secret;
drop database db2;
select type,db,name from mysql.proc;
type	db	name
delete from mysql.user where user='user1' or user='user2';
delete from mysql.user where user='' and host='%';
delete from mysql.procs_priv where user='user1' or user='user2';
delete from mysql.procs_priv where user='' and host='%';
delete from mysql.db where user='user2';
flush privileges;
grant usage on *.* to usera@localhost;
grant usage on *.* to userb@localhost;
grant usage on *.* to userc@localhost;
create database sptest;
create table t1 ( u varchar(64), i int );
create procedure sptest.p1(i int) insert into test.t1 values (user(), i);
grant insert on t1 to usera@localhost;
grant execute on procedure sptest.p1 to usera@localhost;
show grants for usera@localhost;
Grants for usera@localhost
GRANT USAGE ON *.* TO 'usera'@'localhost'
GRANT INSERT ON `test`.`t1` TO 'usera'@'localhost'
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'usera'@'localhost'
grant execute on procedure sptest.p1 to userc@localhost with grant option;
show grants for userc@localhost;
Grants for userc@localhost
GRANT USAGE ON *.* TO 'userc'@'localhost'
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
call sptest.p1(1);
grant execute on procedure sptest.p1 to userb@localhost;
ERROR 42000: grant command denied to user 'usera'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
ERROR 42000: alter routine command denied to user 'usera'@'localhost' for routine 'sptest.p1'
call sptest.p1(2);
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
grant execute on procedure sptest.p1 to userb@localhost;
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1'
call sptest.p1(3);
grant execute on procedure sptest.p1 to userb@localhost;
drop procedure sptest.p1;
ERROR 42000: alter routine command denied to user 'userc'@'localhost' for routine 'sptest.p1'
call sptest.p1(4);
grant execute on procedure sptest.p1 to userb@localhost;
ERROR 42000: grant command denied to user 'userb'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1'
select * from t1;
u	i
usera@localhost	1
userc@localhost	3
userb@localhost	4
grant all privileges on procedure sptest.p1 to userc@localhost;
show grants for userc@localhost;
Grants for userc@localhost
GRANT USAGE ON *.* TO 'userc'@'localhost'
GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
show grants for userb@localhost;
Grants for userb@localhost
GRANT USAGE ON *.* TO 'userb'@'localhost'
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userb'@'localhost'
revoke all privileges on procedure sptest.p1 from userb@localhost;
show grants for userb@localhost;
Grants for userb@localhost
GRANT USAGE ON *.* TO 'userb'@'localhost'
use test;
drop database sptest;
delete from mysql.user where user='usera' or user='userb' or user='userc';
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
delete from mysql.tables_priv where user='usera';
flush privileges;
drop table t1;
drop function if exists bug_9503;
create database mysqltest//
use mysqltest//
create table t1 (s1 int)//
grant select on t1 to user1@localhost//
create function bug_9503 () returns int sql security invoker begin declare v int;
select min(s1) into v from t1; return v; end//
use mysqltest;
select bug_9503();
ERROR 42000: execute command denied to user 'user1'@'localhost' for routine 'mysqltest.bug_9503'
grant execute on function bug_9503 to user1@localhost;
do 1;
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
drop function bug_9503;
use test;
drop database mysqltest;
use test;
select current_user();
current_user()
root@localhost
select user();
user()
root@localhost
create procedure bug7291_0 () sql security invoker select current_user(), user();
create procedure bug7291_1 () sql security definer call bug7291_0();
create procedure bug7291_2 () sql security invoker call bug7291_0();
grant execute on procedure bug7291_0 to user1@localhost;
grant execute on procedure bug7291_1 to user1@localhost;
grant execute on procedure bug7291_2 to user1@localhost;
call bug7291_2();
current_user()	user()
user1@localhost	user1@localhost
call bug7291_1();
current_user()	user()
root@localhost	user1@localhost
drop procedure bug7291_1;
drop procedure bug7291_2;
drop procedure bug7291_0;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
drop user user1@localhost;
drop database if exists mysqltest_1;
create database mysqltest_1;
create procedure mysqltest_1.p1()
begin
select 1 from dual;
end//
grant usage on *.* to mysqltest_1@localhost;
call mysqltest_1.p1();
ERROR 42000: execute command denied to user 'mysqltest_1'@'localhost' for routine 'mysqltest_1.p1'
call mysqltest_1.p1();
ERROR 42000: execute command denied to user 'mysqltest_1'@'localhost' for routine 'mysqltest_1.p1'
drop procedure mysqltest_1.p1;
drop database mysqltest_1;
revoke usage on *.* from mysqltest_1@localhost;
drop user mysqltest_1@localhost;
drop function if exists bug12812|
create function bug12812() returns char(2)
begin
return 'ok';
end;
create user user_bug12812@localhost IDENTIFIED BY 'ABC'|
SELECT test.bug12812()|
ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine 'test.bug12812'
CREATE VIEW v1 AS SELECT test.bug12812()|
ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine 'test.bug12812'
DROP USER user_bug12812@localhost|
drop function bug12812|
create database db_bug14834;
create user user1_bug14834@localhost identified by '';
grant all on `db\_bug14834`.* to user1_bug14834@localhost;
create user user2_bug14834@localhost identified by '';
grant all on `db\_bug14834`.* to user2_bug14834@localhost;
create user user3_bug14834@localhost identified by '';
grant all on `db__ug14834`.* to user3_bug14834@localhost;
create procedure p_bug14834() select user(), current_user();
call p_bug14834();
user()	current_user()
user1_bug14834@localhost	user1_bug14834@localhost
call p_bug14834();
user()	current_user()
user2_bug14834@localhost	user1_bug14834@localhost
call p_bug14834();
user()	current_user()
user3_bug14834@localhost	user1_bug14834@localhost
drop user user1_bug14834@localhost;
drop user user2_bug14834@localhost;
drop user user3_bug14834@localhost;
drop database db_bug14834;
create database db_bug14533;
use db_bug14533;
create table t1 (id int);
create user user_bug14533@localhost identified by '';
create procedure bug14533_1()
sql security definer
desc db_bug14533.t1;
create procedure bug14533_2()
sql security definer
select * from db_bug14533.t1;
grant execute on procedure db_bug14533.bug14533_1 to user_bug14533@localhost;
grant execute on procedure db_bug14533.bug14533_2 to user_bug14533@localhost;
call db_bug14533.bug14533_1();
Field	Type	Null	Key	Default	Extra
id	int(11)	YES		NULL	
call db_bug14533.bug14533_2();
id
desc db_bug14533.t1;
ERROR 42000: SELECT command denied to user 'user_bug14533'@'localhost' for table 't1'
select * from db_bug14533.t1;
ERROR 42000: SELECT command denied to user 'user_bug14533'@'localhost' for table 't1'
drop user user_bug14533@localhost;
drop database db_bug14533;
CREATE DATABASE db_bug7787;
use db_bug7787;
CREATE PROCEDURE p1()
SHOW INNODB STATUS;
Warnings:
Warning	1287	'SHOW INNODB STATUS' is deprecated; use 'SHOW ENGINE INNODB STATUS' instead
GRANT EXECUTE ON PROCEDURE p1 TO user_bug7787@localhost;
DROP DATABASE db_bug7787;
drop user user_bug7787@localhost;
use test;

---> connection: root
DROP DATABASE IF EXISTS mysqltest;
CREATE DATABASE mysqltest;
CREATE USER mysqltest_1@localhost;
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_1@localhost;
CREATE USER mysqltest_2@localhost;
GRANT SUPER ON *.* TO mysqltest_2@localhost;
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_2@localhost;

---> connection: mysqltest_2_con
use mysqltest;
CREATE PROCEDURE wl2897_p1() SELECT 1;
CREATE FUNCTION wl2897_f1() RETURNS INT RETURN 1;

---> connection: mysqltest_1_con
use mysqltest;
CREATE DEFINER=root@localhost PROCEDURE wl2897_p2() SELECT 2;
ERROR 42000: Access denied; you need the SUPER privilege for this operation
CREATE DEFINER=root@localhost FUNCTION wl2897_f2() RETURNS INT RETURN 2;
ERROR 42000: Access denied; you need the SUPER privilege for this operation

---> connection: mysqltest_2_con
use mysqltest;
CREATE DEFINER='a @ b @ c'@localhost PROCEDURE wl2897_p3() SELECT 3;
Warnings:
Note	1449	There is no 'a @ b @ c'@'localhost' registered
CREATE DEFINER='a @ b @ c'@localhost FUNCTION wl2897_f3() RETURNS INT RETURN 3;
Warnings:
Note	1449	There is no 'a @ b @ c'@'localhost' registered

---> connection: con1root
use mysqltest;
SHOW CREATE PROCEDURE wl2897_p1;
Procedure	sql_mode	Create Procedure
wl2897_p1		CREATE DEFINER=`mysqltest_2`@`localhost` PROCEDURE `wl2897_p1`()
SELECT 1
SHOW CREATE PROCEDURE wl2897_p3;
Procedure	sql_mode	Create Procedure
wl2897_p3		CREATE DEFINER=`a @ b @ c`@`localhost` PROCEDURE `wl2897_p3`()
SELECT 3
SHOW CREATE FUNCTION wl2897_f1;
Function	sql_mode	Create Function
wl2897_f1		CREATE DEFINER=`mysqltest_2`@`localhost` FUNCTION `wl2897_f1`() RETURNS int(11)
RETURN 1
SHOW CREATE FUNCTION wl2897_f3;
Function	sql_mode	Create Function
wl2897_f3		CREATE DEFINER=`a @ b @ c`@`localhost` FUNCTION `wl2897_f3`() RETURNS int(11)
RETURN 3
DROP USER mysqltest_1@localhost;
DROP USER mysqltest_2@localhost;
DROP DATABASE mysqltest;

---> connection: root
DROP DATABASE IF EXISTS mysqltest;
CREATE DATABASE mysqltest;
CREATE USER mysqltest_1@localhost;
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_1@localhost;
CREATE USER mysqltest_2@localhost;
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_2@localhost;

---> connection: mysqltest_1_con
use mysqltest;
CREATE PROCEDURE bug13198_p1()
SELECT 1;
CREATE FUNCTION bug13198_f1() RETURNS INT
RETURN 1;
CALL bug13198_p1();
1
1
SELECT bug13198_f1();
bug13198_f1()
1

---> connection: mysqltest_2_con
use mysqltest;
CALL bug13198_p1();
1
1
SELECT bug13198_f1();
bug13198_f1()
1

---> connection: root
DROP USER mysqltest_1@localhost;

---> connection: mysqltest_2_con
use mysqltest;
CALL bug13198_p1();
ERROR HY000: There is no 'mysqltest_1'@'localhost' registered
SELECT bug13198_f1();
ERROR HY000: There is no 'mysqltest_1'@'localhost' registered

---> connection: root
DROP USER mysqltest_2@localhost;
DROP DATABASE mysqltest;
GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
user19857@localhost;
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
Host	User	Password
localhost	user19857	*82DC221D557298F6CE9961037DB1C90604792F5C

---> connection: mysqltest_2_con
use test;
CREATE PROCEDURE sp19857() DETERMINISTIC
BEGIN
DECLARE a INT;
SET a=1;
SELECT a;
END //
SHOW CREATE PROCEDURE test.sp19857;
Procedure	sql_mode	Create Procedure
sp19857		CREATE DEFINER=`user19857`@`localhost` PROCEDURE `sp19857`()
    DETERMINISTIC
BEGIN
DECLARE a INT;
SET a=1;
SELECT a;
END
DROP PROCEDURE IF EXISTS test.sp19857;

---> connection: root
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
Host	User	Password
localhost	user19857	*82DC221D557298F6CE9961037DB1C90604792F5C
DROP USER user19857@localhost;
DROP TABLE IF EXISTS t1;
DROP VIEW IF EXISTS v1;
DROP FUNCTION IF EXISTS f_suid;
DROP PROCEDURE IF EXISTS p_suid;
DROP FUNCTION IF EXISTS f_evil;
DELETE FROM mysql.user WHERE user LIKE 'mysqltest\_%';
DELETE FROM mysql.db WHERE user LIKE 'mysqltest\_%';
DELETE FROM mysql.tables_priv WHERE user LIKE 'mysqltest\_%';
DELETE FROM mysql.columns_priv WHERE user LIKE 'mysqltest\_%';
FLUSH PRIVILEGES;
CREATE TABLE t1 (i INT);
CREATE FUNCTION f_suid(i INT) RETURNS INT SQL SECURITY DEFINER RETURN 0;
CREATE PROCEDURE p_suid(IN i INT) SQL SECURITY DEFINER SET @c:= 0;
CREATE USER mysqltest_u1@localhost;
GRANT EXECUTE ON test.* TO mysqltest_u1@localhost;
CREATE DEFINER=mysqltest_u1@localhost FUNCTION f_evil () RETURNS INT
SQL SECURITY INVOKER
BEGIN
SET @a:= CURRENT_USER();
SET @b:= (SELECT COUNT(*) FROM t1);
RETURN @b;
END|
CREATE SQL SECURITY INVOKER VIEW v1 AS SELECT f_evil();
SELECT COUNT(*) FROM t1;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
SELECT f_evil();
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
SELECT @a, @b;
@a	@b
mysqltest_u1@localhost	NULL
SELECT f_suid(f_evil());
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
SELECT @a, @b;
@a	@b
mysqltest_u1@localhost	NULL
CALL p_suid(f_evil());
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
SELECT @a, @b;
@a	@b
mysqltest_u1@localhost	NULL
SELECT * FROM v1;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'v1'
SELECT @a, @b;
@a	@b
mysqltest_u1@localhost	NULL
DROP VIEW v1;
DROP FUNCTION f_evil;
DROP USER mysqltest_u1@localhost;
DROP PROCEDURE p_suid;
DROP FUNCTION f_suid;
DROP TABLE t1;
End of 5.0 tests.