2009-02-02 22:20:25 +01:00
|
|
|
# Can't run with embedded server because we use GRANT
|
2005-04-04 12:43:58 -07:00
|
|
|
-- source include/not_embedded.inc
|
|
|
|
|
2009-02-02 22:20:25 +01:00
|
|
|
# Save the initial number of concurrent sessions
|
|
|
|
--source include/count_sessions.inc
|
|
|
|
|
|
|
|
|
2005-03-22 15:57:24 +02:00
|
|
|
# Test of GRANT commands
|
|
|
|
|
|
|
|
SET NAMES binary;
|
|
|
|
connect (master,localhost,root,,);
|
|
|
|
connection master;
|
|
|
|
|
|
|
|
# Cleanup
|
|
|
|
--disable_warnings
|
|
|
|
drop table if exists t1;
|
|
|
|
--enable_warnings
|
|
|
|
|
|
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
|
|
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|
|
|
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
create user mysqltest_1@localhost;
|
2005-03-23 19:18:25 +01:00
|
|
|
grant create user on *.* to mysqltest_1@localhost;
|
2005-03-22 15:57:24 +02:00
|
|
|
grant select on `my\_1`.* to mysqltest_1@localhost with grant option;
|
|
|
|
connect (user_a,localhost,mysqltest_1,,);
|
|
|
|
connection user_a;
|
2009-02-02 22:20:25 +01:00
|
|
|
--error ER_CANT_CREATE_USER_WITH_GRANT
|
2005-03-22 15:57:24 +02:00
|
|
|
grant select on `my\_1`.* to mysqltest_2@localhost;
|
2005-03-23 19:18:25 +01:00
|
|
|
create user mysqltest_2@localhost;
|
2005-03-22 15:57:24 +02:00
|
|
|
disconnect user_a;
|
2009-02-02 22:20:25 +01:00
|
|
|
disconnect master;
|
2005-03-22 15:57:24 +02:00
|
|
|
connection default;
|
|
|
|
|
|
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
|
|
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|
|
|
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|
|
|
flush privileges;
|
2007-09-20 18:10:35 +02:00
|
|
|
|
|
|
|
#
|
2009-02-02 22:20:25 +01:00
|
|
|
# Bug#19828 Case sensitivity in Grant/Revoke
|
2007-09-20 18:10:35 +02:00
|
|
|
#
|
|
|
|
|
|
|
|
grant select on test.* to CUser@localhost;
|
|
|
|
grant select on test.* to CUser@LOCALHOST;
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
|
|
|
|
|
|
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
|
|
|
|
|
|
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
|
|
|
|
|
|
|
|
DROP USER CUser@localhost;
|
2010-10-18 21:03:53 +07:00
|
|
|
--error ER_CANNOT_USER
|
2007-09-20 18:10:35 +02:00
|
|
|
DROP USER CUser@LOCALHOST;
|
|
|
|
|
|
|
|
#### table grants
|
|
|
|
create table t1 (a int);
|
|
|
|
grant select on test.t1 to CUser@localhost;
|
|
|
|
grant select on test.t1 to CUser@LOCALHOST;
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
|
|
|
|
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
|
|
|
|
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
|
|
|
|
|
|
DROP USER CUser@localhost;
|
2010-10-18 21:03:53 +07:00
|
|
|
--error ER_CANNOT_USER
|
2007-09-20 18:10:35 +02:00
|
|
|
DROP USER CUser@LOCALHOST;
|
|
|
|
|
|
|
|
### column grants
|
|
|
|
|
|
|
|
grant select(a) on test.t1 to CUser@localhost;
|
|
|
|
grant select(a) on test.t1 to CUser@LOCALHOST;
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
|
|
|
|
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
|
|
|
|
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
|
|
|
|
|
|
DROP USER CUser@localhost;
|
2010-10-18 21:03:53 +07:00
|
|
|
--error ER_CANNOT_USER
|
2007-09-20 18:10:35 +02:00
|
|
|
DROP USER CUser@LOCALHOST;
|
|
|
|
|
|
|
|
drop table t1;
|
|
|
|
|
|
|
|
# revoke on a specific DB only
|
|
|
|
|
|
|
|
grant select on test.* to CUser2@localhost;
|
|
|
|
grant select on test.* to CUser2@LOCALHOST;
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
|
|
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
|
|
|
|
|
|
|
|
REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST';
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
|
|
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
|
|
|
|
|
2010-10-18 21:03:53 +07:00
|
|
|
--error ER_NONEXISTING_GRANT
|
2007-09-20 18:10:35 +02:00
|
|
|
REVOKE SELECT ON test.* FROM 'CUser2'@'localhost';
|
|
|
|
flush privileges;
|
|
|
|
|
|
|
|
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
|
|
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
|
|
|
|
|
|
|
|
DROP USER CUser2@localhost;
|
2010-10-18 21:03:53 +07:00
|
|
|
--error ER_CANNOT_USER
|
2007-09-20 18:10:35 +02:00
|
|
|
DROP USER CUser2@LOCALHOST;
|
2008-02-13 19:34:12 +04:00
|
|
|
|
|
|
|
|
|
|
|
#
|
2009-02-02 22:20:25 +01:00
|
|
|
# Bug#31194 Privilege ordering does not order properly for wildcard values
|
2008-02-13 19:34:12 +04:00
|
|
|
#
|
|
|
|
|
|
|
|
CREATE DATABASE mysqltest_1;
|
|
|
|
CREATE TABLE mysqltest_1.t1 (a INT);
|
|
|
|
CREATE USER 'mysqltest1'@'%';
|
|
|
|
GRANT SELECT, UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%';
|
|
|
|
REVOKE SELECT ON `mysqltest_1`.* FROM 'mysqltest1'@'%';
|
|
|
|
GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%';
|
|
|
|
FLUSH PRIVILEGES;
|
|
|
|
|
|
|
|
connect (conn1,localhost,mysqltest1,,);
|
|
|
|
connection conn1;
|
|
|
|
SHOW GRANTS;
|
|
|
|
SELECT * FROM mysqltest_1.t1;
|
|
|
|
disconnect conn1;
|
|
|
|
|
|
|
|
connection default;
|
|
|
|
DROP USER 'mysqltest1'@'%';
|
|
|
|
DROP DATABASE mysqltest_1;
|
|
|
|
|
2009-10-20 11:47:57 +05:30
|
|
|
--echo #
|
|
|
|
--echo # Bug#41597 - After rename of user, there are additional grants
|
|
|
|
--echo # when grants are reapplied.
|
|
|
|
--echo #
|
|
|
|
|
|
|
|
CREATE DATABASE temp;
|
|
|
|
CREATE TABLE temp.t1(a INT, b VARCHAR(10));
|
|
|
|
INSERT INTO temp.t1 VALUES(1, 'name1');
|
|
|
|
INSERT INTO temp.t1 VALUES(2, 'name2');
|
|
|
|
INSERT INTO temp.t1 VALUES(3, 'name3');
|
|
|
|
|
|
|
|
|
|
|
|
CREATE USER 'user1'@'%';
|
|
|
|
RENAME USER 'user1'@'%' TO 'user2'@'%';
|
|
|
|
--echo # Show privileges after rename and BEFORE grant
|
|
|
|
SHOW GRANTS FOR 'user2'@'%';
|
|
|
|
GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%';
|
|
|
|
--echo # Show privileges after rename and grant
|
|
|
|
SHOW GRANTS FOR 'user2'@'%';
|
|
|
|
|
|
|
|
--echo # Connect as the renamed user
|
|
|
|
connect (conn1, localhost, user2,,);
|
|
|
|
connection conn1;
|
|
|
|
SHOW GRANTS;
|
|
|
|
SELECT a FROM temp.t1;
|
|
|
|
--echo # Check for additional privileges by accessing a
|
|
|
|
--echo # non privileged column. We shouldn't be able to
|
|
|
|
--echo # access this column.
|
|
|
|
--error ER_COLUMNACCESS_DENIED_ERROR
|
|
|
|
SELECT b FROM temp.t1;
|
|
|
|
disconnect conn1;
|
|
|
|
|
|
|
|
connection default;
|
|
|
|
DROP USER 'user2'@'%';
|
|
|
|
DROP DATABASE temp;
|
2008-02-13 19:34:12 +04:00
|
|
|
|
|
|
|
--echo End of 5.0 tests
|
2009-02-02 22:20:25 +01:00
|
|
|
|
|
|
|
# Wait till we reached the initial number of concurrent sessions
|
|
|
|
--source include/wait_until_count_sessions.inc
|