mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 20:12:31 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding security tests for "ALTER TABLE t1 FILE_NAME='xxx'"

Browse source 
modified:
  mysql-test/suite/connect/r/bin.result
  mysql-test/suite/connect/r/csv.result
  mysql-test/suite/connect/r/dbf.result
  mysql-test/suite/connect/r/fix.result
  mysql-test/suite/connect/r/vec.result
  mysql-test/suite/connect/r/xml.result
  mysql-test/suite/connect/t/grant.inc
  storage/connect/ha_connect.cc
This commit is contained in:
Alexander Barkov 2013-04-04 11:31:20 +04:00
parent b0e07ff5b7
commit d12e1c92a1
8 changed files with 105 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
mysql-test/suite/connect/r/bin.result
View file

@ -51,6 +51,8 @@ TRUNCATE TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 READONLY=1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 FILE_NAME='t2.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
CREATE VIEW v1 AS SELECT * FROM t1;
@ -71,8 +73,21 @@ UPDATE v1 SET a=123;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DELETE FROM v1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
SELECT user();
user()
root@localhost
DROP VIEW v1;
DROP TABLE t1;
CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=BIN;
Warnings:
Warning 1105 No file name. Table will use t1.bin
INSERT INTO t1 VALUES (10);
SELECT user();
user()
user@localhost
ALTER TABLE t1 FILE_NAME='t1.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
DROP USER user@localhost;
#
# End of grant.inc

15
mysql-test/suite/connect/r/csv.result
View file

@ -51,6 +51,8 @@ TRUNCATE TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 READONLY=1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 FILE_NAME='t2.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
CREATE VIEW v1 AS SELECT * FROM t1;
@ -71,8 +73,21 @@ UPDATE v1 SET a=123;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DELETE FROM v1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
SELECT user();
user()
root@localhost
DROP VIEW v1;
DROP TABLE t1;
CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=CSV;
Warnings:
Warning 1105 No file name. Table will use t1.csv
INSERT INTO t1 VALUES (10);
SELECT user();
user()
user@localhost
ALTER TABLE t1 FILE_NAME='t1.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
DROP USER user@localhost;
#
# End of grant.inc

15
mysql-test/suite/connect/r/dbf.result
View file

@ -51,6 +51,8 @@ TRUNCATE TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 READONLY=1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 FILE_NAME='t2.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
CREATE VIEW v1 AS SELECT * FROM t1;
@ -71,8 +73,21 @@ UPDATE v1 SET a=123;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DELETE FROM v1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
SELECT user();
user()
root@localhost
DROP VIEW v1;
DROP TABLE t1;
CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=DBF;
Warnings:
Warning 1105 No file name. Table will use t1.dbf
INSERT INTO t1 VALUES (10);
SELECT user();
user()
user@localhost
ALTER TABLE t1 FILE_NAME='t1.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
DROP USER user@localhost;
#
# End of grant.inc

15
mysql-test/suite/connect/r/fix.result
View file

@ -51,6 +51,8 @@ TRUNCATE TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 READONLY=1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 FILE_NAME='t2.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
CREATE VIEW v1 AS SELECT * FROM t1;
@ -71,8 +73,21 @@ UPDATE v1 SET a=123;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DELETE FROM v1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
SELECT user();
user()
root@localhost
DROP VIEW v1;
DROP TABLE t1;
CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=FIX;
Warnings:
Warning 1105 No file name. Table will use t1.fix
INSERT INTO t1 VALUES (10);
SELECT user();
user()
user@localhost
ALTER TABLE t1 FILE_NAME='t1.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
DROP USER user@localhost;
#
# End of grant.inc

15
mysql-test/suite/connect/r/vec.result
View file

@ -51,6 +51,8 @@ TRUNCATE TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 READONLY=1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 FILE_NAME='t2.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
CREATE VIEW v1 AS SELECT * FROM t1;
@ -71,8 +73,21 @@ UPDATE v1 SET a=123;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DELETE FROM v1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
SELECT user();
user()
root@localhost
DROP VIEW v1;
DROP TABLE t1;
CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=VEC MAX_ROWS=100;
Warnings:
Warning 1105 No file name. Table will use t1.vec
INSERT INTO t1 VALUES (10);
SELECT user();
user()
user@localhost
ALTER TABLE t1 FILE_NAME='t1.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
DROP USER user@localhost;
#
# End of grant.inc

15
mysql-test/suite/connect/r/xml.result
View file

@ -53,6 +53,8 @@ TRUNCATE TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 READONLY=1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
ALTER TABLE t1 FILE_NAME='t2.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
CREATE VIEW v1 AS SELECT * FROM t1;
@ -73,8 +75,21 @@ UPDATE v1 SET a=123;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DELETE FROM v1;
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
SELECT user();
user()
root@localhost
DROP VIEW v1;
DROP TABLE t1;
CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=XML OPTION_LIST='xmlsup=libxml2,rownode=row';
Warnings:
Warning 1105 No file name. Table will use t1.xml
INSERT INTO t1 VALUES (10);
SELECT user();
user()
user@localhost
ALTER TABLE t1 FILE_NAME='t1.EXT';
ERROR 28000: Access denied for user 'user'@'localhost' (using password: NO)
DROP TABLE t1;
DROP USER user@localhost;
#
# End of grant.inc

13
mysql-test/suite/connect/t/grant.inc
View file

@ -45,6 +45,8 @@ TRUNCATE TABLE t1;
--error ER_ACCESS_DENIED_ERROR
ALTER TABLE t1 READONLY=1;
--error ER_ACCESS_DENIED_ERROR
ALTER TABLE t1 FILE_NAME='t2.EXT';
--error ER_ACCESS_DENIED_ERROR
DROP TABLE t1;
--error ER_ACCESS_DENIED_ERROR
CREATE VIEW v1 AS SELECT * FROM t1;
@ -62,11 +64,20 @@ INSERT INTO v1 VALUES (2);
UPDATE v1 SET a=123;
--error ER_ACCESS_DENIED_ERROR
DELETE FROM v1;
--disconnect user
--connection default
SELECT user();
DROP VIEW v1;
DROP TABLE t1;
--remove_file $MYSQLD_DATADIR/test/t1.EXT
--eval CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT $TABLE_OPTIONS
INSERT INTO t1 VALUES (10);
--connection user
SELECT user();
--error ER_ACCESS_DENIED_ERROR
ALTER TABLE t1 FILE_NAME='t1.EXT';
--connection default
DROP TABLE t1;
--disconnect user
DROP USER user@localhost;
--echo #

8
storage/connect/ha_connect.cc
View file

@ -4250,17 +4250,15 @@ bool ha_connect::check_if_incompatible_data(HA_CREATE_INFO *info,
DBUG_ENTER("ha_connect::check_if_incompatible_data");
// TO DO: implement and check it.
THD *thd= current_thd;
#if 0
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN, 0,
"The current version of CONNECT did not check what you changed in ALTER. Use at your own risk");
if (table) {
PTOS options= info->option_struct;
if (options->filename)
return COMPATIBLE_DATA_NO;
DBUG_RETURN(COMPATIBLE_DATA_NO);
} // endif table
#endif // 0
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN, 0,
"The current version of CONNECT did not check what you changed in ALTER. Use at your own risk");
DBUG_RETURN(COMPATIBLE_DATA_YES);
} // end of check_if_incompatible_data