mariadb/mysql-test/t/grant2.test

# Grant tests not performed with embedded server
-- source include/not_embedded.inc

SET NAMES binary;

#
# GRANT tests that require several connections
# (usually it's GRANT, reconnect as another user, try something)
#


# prepare playground before tests
--disable_warnings
drop database if exists mysqltest;
drop database if exists mysqltest_1;
--enable_warnings
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges;


#
# wild_compare fun
#

grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option;
connect (user1,localhost,mysqltest_1,,);
connection user1;
select current_user();
grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option;
--error 1044
grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option;
disconnect user1;
connection default;
show grants for mysqltest_1@localhost;
show grants for mysqltest_2@localhost;
--error 1141
show grants for mysqltest_3@localhost;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
flush privileges;

#
# wild_compare part two - acl_cache
#
create database mysqltest_1;
grant all privileges on `mysqltest\_1`.* to mysqltest_1@localhost with grant option;
connect (user2,localhost,mysqltest_1,,);
connection user2;
select current_user();
show databases;
--error 1044
grant all privileges on `mysqltest_1`.* to mysqltest_1@localhost with grant option;
disconnect user2;
connection default;
show grants for mysqltest_1@localhost;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
drop database mysqltest_1;
flush privileges;

#
# Bug #6173: One can circumvent missing UPDATE privilege if he has SELECT
# and INSERT privilege for table with primary key
#
create database mysqltest;
grant INSERT, SELECT on mysqltest.* to mysqltest_1@localhost;
flush privileges;
use mysqltest;
create table t1 (id int primary key, data varchar(255));

connect (mrbad, localhost, mysqltest_1,,mysqltest);
connection mrbad;
show grants for current_user();
insert into t1 values (1, 'I can''t change it!');
--error 1044
update t1 set data='I can change it!' where id = 1;
# This should not be allowed since it too require UPDATE privilege.
--error 1044
insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!';
select * from t1;
disconnect mrbad;

connection default;
drop table t1;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
flush privileges;

create table t1 (a int, b int);
grant select (a) on t1 to mysqltest_1@localhost with grant option;
connect (mrugly, localhost, mysqltest_1,,mysqltest);
connection mrugly;
--error 1143
grant select (a,b) on t1 to mysqltest_2@localhost;
--error 1142
grant select on t1 to mysqltest_3@localhost;
disconnect mrugly;

connection default;
drop table t1;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges;

drop database mysqltest;
use test;

# Bug #3309: Test IP addresses with netmask
create database mysqltest_1;
create table mysqltest_1.t1 (i int);
insert into mysqltest_1.t1 values (1),(2),(3);
GRANT ALL ON mysqltest_1.t1 TO mysqltest_1@'127.0.0.0/255.0.0.0';
connect (n1,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,$MASTER_MYSOCK);
connection n1;
show grants for current_user();
select * from t1;
disconnect n1;
connection default;
REVOKE ALL ON mysqltest_1.t1 FROM mysqltest_1@'127.0.0.0/255.0.0.0';
drop table mysqltest_1.t1;
drop database mysqltest_1;
Shift skipping of some tests with embedded server from within mysql-test-run to the tests themselves. mysql-test/t/bdb-deadlock.test: Don't run this test with embedded server mysql-test/mysql-test-run.sh: Remove tests from being skipped with embedded server mysql-test/t/connect.test: Skip test under embedded server mysql-test/t/flush_block_commit.test: Skip test under embedded server mysql-test/t/grant.test: Skip test under embedded server mysql-test/t/grant2.test: Skip test under embedded server mysql-test/t/grant_cache.test: Skip test under embedded server 2005-03-30 01:50:16 +02:00			`# Grant tests not performed with embedded server`
			`-- source include/not_embedded.inc`

Bug#4338: mysql-test-run fails if compiled with non-latin1 character set 2004-07-08 15:54:07 +02:00			`SET NAMES binary;`

wild_compare fun: bug in GRANT db_pattern.* ... 2003-07-22 22:00:51 +02:00			`#`
			`# GRANT tests that require several connections`
			`# (usually it's GRANT, reconnect as another user, try something)`
			`#`


Fix for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck() function (this also fixes a bug) and some other code. mysql-test/r/grant2.result: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" mysql-test/t/grant2.test: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" sql/mysql_priv.h: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause. sql/sql_parse.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_prepare.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_yacc.yy: It is better to set Lex->duplicates= DUP_UPDATE right in parser if we have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later. 2004-10-20 14:04:43 +02:00			`# prepare playground before tests`
			`--disable_warnings`
			`drop database if exists mysqltest;`
more wild_compare tests 2005-03-27 15:46:06 +02:00			`drop database if exists mysqltest_1;`
Fix for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck() function (this also fixes a bug) and some other code. mysql-test/r/grant2.result: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" mysql-test/t/grant2.test: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" sql/mysql_priv.h: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause. sql/sql_parse.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_prepare.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_yacc.yy: It is better to set Lex->duplicates= DUP_UPDATE right in parser if we have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later. 2004-10-20 14:04:43 +02:00			`--enable_warnings`
			`delete from mysql.user where user like 'mysqltest\_%';`
			`delete from mysql.db where user like 'mysqltest\_%';`
			`delete from mysql.tables_priv where user like 'mysqltest\_%';`
			`delete from mysql.columns_priv where user like 'mysqltest\_%';`
			`flush privileges;`


wild_compare fun: bug in GRANT db_pattern.* ... 2003-07-22 22:00:51 +02:00			`#`
			`# wild_compare fun`
			`#`

			grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option;
			`connect (user1,localhost,mysqltest_1,,);`
			`connection user1;`
			`select current_user();`
now GRANT db.* ... compares patterns correctly to prevent privilege escalation 2003-07-22 22:21:23 +02:00			grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option;
wild_compare fun: bug in GRANT db_pattern.* ... 2003-07-22 22:00:51 +02:00			`--error 1044`
now GRANT db.* ... compares patterns correctly to prevent privilege escalation 2003-07-22 22:21:23 +02:00			grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option;
wild_compare fun: bug in GRANT db_pattern.* ... 2003-07-22 22:00:51 +02:00			`disconnect user1;`
test results fixed 2003-07-28 16:58:51 +02:00			`connection default;`
now GRANT db.* ... compares patterns correctly to prevent privilege escalation 2003-07-22 22:21:23 +02:00			`show grants for mysqltest_1@localhost;`
			`show grants for mysqltest_2@localhost;`
			`--error 1141`
			`show grants for mysqltest_3@localhost;`
wild_compare fun: bug in GRANT db_pattern.* ... 2003-07-22 22:00:51 +02:00			`delete from mysql.user where user like 'mysqltest\_%';`
			`delete from mysql.db where user like 'mysqltest\_%';`
			`flush privileges;`

more wild_compare tests 2005-03-27 15:46:06 +02:00			`#`
			`# wild_compare part two - acl_cache`
			`#`
			`create database mysqltest_1;`
			grant all privileges on `mysqltest\_1`.* to mysqltest_1@localhost with grant option;
			`connect (user2,localhost,mysqltest_1,,);`
			`connection user2;`
			`select current_user();`
			`show databases;`
			`--error 1044`
			grant all privileges on `mysqltest_1`.* to mysqltest_1@localhost with grant option;
			`disconnect user2;`
			`connection default;`
			`show grants for mysqltest_1@localhost;`
			`delete from mysql.user where user like 'mysqltest\_%';`
			`delete from mysql.db where user like 'mysqltest\_%';`
			`drop database mysqltest_1;`
			`flush privileges;`
Fix for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck() function (this also fixes a bug) and some other code. mysql-test/r/grant2.result: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" mysql-test/t/grant2.test: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" sql/mysql_priv.h: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause. sql/sql_parse.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_prepare.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_yacc.yy: It is better to set Lex->duplicates= DUP_UPDATE right in parser if we have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later. 2004-10-20 14:04:43 +02:00
			`#`
			`# Bug #6173: One can circumvent missing UPDATE privilege if he has SELECT`
			`# and INSERT privilege for table with primary key`
			`#`
			`create database mysqltest;`
			`grant INSERT, SELECT on mysqltest.* to mysqltest_1@localhost;`
			`flush privileges;`
			`use mysqltest;`
			`create table t1 (id int primary key, data varchar(255));`

post-merge mysql-test/r/grant2.result: new test case mysql-test/r/variables.result: don't fail w/o innodb mysql-test/t/grant2.test: new test case mysql-test/t/multi_update.test: don't fail w/o innodb mysql-test/t/variables.test: don't fail w/o innodb sql/sql_acl.cc: cleanup 2004-12-31 11:52:14 +01:00			`connect (mrbad, localhost, mysqltest_1,,mysqltest);`
Fix for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck() function (this also fixes a bug) and some other code. mysql-test/r/grant2.result: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" mysql-test/t/grant2.test: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" sql/mysql_priv.h: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause. sql/sql_parse.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_prepare.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_yacc.yy: It is better to set Lex->duplicates= DUP_UPDATE right in parser if we have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later. 2004-10-20 14:04:43 +02:00			`connection mrbad;`
			`show grants for current_user();`
			`insert into t1 values (1, 'I can''t change it!');`
			`--error 1044`
			`update t1 set data='I can change it!' where id = 1;`
			`# This should not be allowed since it too require UPDATE privilege.`
			`--error 1044`
			`insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!';`
			`select * from t1;`
post-merge mysql-test/r/grant2.result: new test case mysql-test/r/variables.result: don't fail w/o innodb mysql-test/t/grant2.test: new test case mysql-test/t/multi_update.test: don't fail w/o innodb mysql-test/t/variables.test: don't fail w/o innodb sql/sql_acl.cc: cleanup 2004-12-31 11:52:14 +01:00			`disconnect mrbad;`

			`connection default;`
			`drop table t1;`
			`delete from mysql.user where user like 'mysqltest\_%';`
			`delete from mysql.db where user like 'mysqltest\_%';`
			`flush privileges;`

			`create table t1 (a int, b int);`
			`grant select (a) on t1 to mysqltest_1@localhost with grant option;`
			`connect (mrugly, localhost, mysqltest_1,,mysqltest);`
			`connection mrugly;`
			`--error 1143`
			`grant select (a,b) on t1 to mysqltest_2@localhost;`
			`--error 1142`
			`grant select on t1 to mysqltest_3@localhost;`
			`disconnect mrugly;`
Fix for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck() function (this also fixes a bug) and some other code. mysql-test/r/grant2.result: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" mysql-test/t/grant2.test: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" sql/mysql_priv.h: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause. sql/sql_parse.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_prepare.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_yacc.yy: It is better to set Lex->duplicates= DUP_UPDATE right in parser if we have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later. 2004-10-20 14:04:43 +02:00
			`connection default;`
			`drop table t1;`
			`delete from mysql.user where user like 'mysqltest\_%';`
			`delete from mysql.db where user like 'mysqltest\_%';`
post-merge mysql-test/r/grant2.result: new test case mysql-test/r/variables.result: don't fail w/o innodb mysql-test/t/grant2.test: new test case mysql-test/t/multi_update.test: don't fail w/o innodb mysql-test/t/variables.test: don't fail w/o innodb sql/sql_acl.cc: cleanup 2004-12-31 11:52:14 +01:00			`delete from mysql.tables_priv where user like 'mysqltest\_%';`
			`delete from mysql.columns_priv where user like 'mysqltest\_%';`
Fix for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck() function (this also fixes a bug) and some other code. mysql-test/r/grant2.result: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" mysql-test/t/grant2.test: Added test for bug #6173 "One can circumvent missing UPDATE privilege if he has SELECT and INSERT privileges for table with primary key" sql/mysql_priv.h: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause. sql/sql_parse.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_prepare.cc: insert_precheck() don't need "update" parameter any longer since now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE KEY UPDATE clause, so it can determine whenever it is needed to require UPDATE_ACL by itself. Also calling of mysql_insert() is simplified. sql/sql_yacc.yy: It is better to set Lex->duplicates= DUP_UPDATE right in parser if we have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later. 2004-10-20 14:04:43 +02:00			`flush privileges;`
post-merge mysql-test/r/grant2.result: new test case mysql-test/r/variables.result: don't fail w/o innodb mysql-test/t/grant2.test: new test case mysql-test/t/multi_update.test: don't fail w/o innodb mysql-test/t/variables.test: don't fail w/o innodb sql/sql_acl.cc: cleanup 2004-12-31 11:52:14 +01:00
			`drop database mysqltest;`
			`use test;`

Fix bug in checking of table-specific grats that caused IP/NETMASK hostnames to not be matched correctly. (Bug #3309) sql/sql_acl.cc: Use an acl_host_or_ip in the GRANT_TABLE struct instead of storing the host itself, and use compare_hostname() in testing it. This adds support for IP addresses with netmasks to table-specific grants, and results in simplified code by making use of compare_hostname() in more places. mysql-test/r/grant2.result: Add new results mysql-test/t/grant2.test: Add new regression test 2005-03-03 01:30:24 +01:00			`# Bug #3309: Test IP addresses with netmask`
			`create database mysqltest_1;`
			`create table mysqltest_1.t1 (i int);`
			`insert into mysqltest_1.t1 values (1),(2),(3);`
			`GRANT ALL ON mysqltest_1.t1 TO mysqltest_1@'127.0.0.0/255.0.0.0';`
			`connect (n1,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,$MASTER_MYSOCK);`
			`connection n1;`
			`show grants for current_user();`
			`select * from t1;`
			`disconnect n1;`
			`connection default;`
			`REVOKE ALL ON mysqltest_1.t1 FROM mysqltest_1@'127.0.0.0/255.0.0.0';`
			`drop table mysqltest_1.t1;`
			`drop database mysqltest_1;`