SET NAMES binary; # # GRANT tests that require several connections # (usually it's GRANT, reconnect as another user, try something) # # prepare playground before tests --disable_warnings drop database if exists mysqltest; --enable_warnings delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; # # wild_compare fun # grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option; connect (user1,localhost,mysqltest_1,,); connection user1; select current_user(); select current_user; grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option; --error 1044 grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option; # # NO_AUTO_CREATE_USER mode # set @@sql_mode='NO_AUTO_CREATE_USER'; select @@sql_mode; --error 1211 grant select on `my\_1`.* to mysqltest_4@localhost with grant option; grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass' with grant option; disconnect user1; connection default; show grants for mysqltest_1@localhost; show grants for mysqltest_2@localhost; --error 1141 show grants for mysqltest_3@localhost; delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; flush privileges; # # Bug #6173: One can circumvent missing UPDATE privilege if he has SELECT # and INSERT privilege for table with primary key # create database mysqltest; grant INSERT, SELECT on mysqltest.* to mysqltest_1@localhost; flush privileges; use mysqltest; create table t1 (id int primary key, data varchar(255)); connect (mrbad, localhost, mysqltest_1,,); connection mrbad; show grants for current_user(); use mysqltest; insert into t1 values (1, 'I can''t change it!'); --error 1044 update t1 set data='I can change it!' where id = 1; # This should not be allowed since it too require UPDATE privilege. --error 1044 insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!'; select * from t1; connection default; drop table t1; drop database mysqltest; use test; delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; flush privileges; # # Create and drop user # set sql_mode='maxdb'; --disable_warnings drop table if exists t1, t2; --enable_warnings create table t1(c1 int); create table t2(c1 int, c2 int); # # Three forms of CREATE USER create user 'mysqltest_1'; --error 1396 create user 'mysqltest_1'; create user 'mysqltest_2' identified by 'Mysqltest-2'; create user 'mysqltest_3' identified by password 'fffffffffffffffffffffffffffffffffffffffff'; grant select on *.* to 'mysqltest_2'; grant insert on test.* to 'mysqltest_2'; grant update on test.t1 to 'mysqltest_2'; grant update (c2) on test.t2 to 'mysqltest_2'; select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password; select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user; select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name; select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name; show grants for 'mysqltest_1'; show grants for 'mysqltest_2'; # # Drop drop user 'mysqltest_1'; select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password; select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user; select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name; select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name; --error 1141 show grants for 'mysqltest_1'; # # Rename rename user 'mysqltest_2' to 'mysqltest_1'; select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password; select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user; select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name; select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name; show grants for 'mysqltest_1'; drop user 'mysqltest_1', 'mysqltest_3'; # # Grant must not create user --error 1211 grant all on test.t1 to 'mysqltest_1'; --error 1396 drop user 'mysqltest_1'; # # Cleanup drop table t1, t2; # # Add a stray record insert into mysql.db set user='mysqltest_1', db='%', host='%'; flush privileges; --error 1141 show grants for 'mysqltest_1'; --error 1269 revoke all privileges, grant option from 'mysqltest_1'; drop user 'mysqltest_1'; select host,db,user from mysql.db where user = 'mysqltest_1' order by host,db,user; # # Add a stray record insert into mysql.tables_priv set host='%', db='test', user='mysqltest_1', table_name='t1'; flush privileges; --error 1141 show grants for 'mysqltest_1'; drop user 'mysqltest_1'; select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' order by host,db,user,table_name; # # Add a stray record insert into mysql.columns_priv set host='%', db='test', user='mysqltest_1', table_name='t1', column_name='c1'; flush privileges; --error 1141 show grants for 'mysqltest_1'; drop user 'mysqltest_1'; select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' order by host,db,user,table_name,column_name; # # Handle multi user lists create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3'; drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3'; create user 'mysqltest_1', 'mysqltest_2' identified by 'Mysqltest-2', 'mysqltest_3' identified by password 'fffffffffffffffffffffffffffffffffffffffff'; rename user 'mysqltest_1' to 'mysqltest_1a', 'mysqltest_2' TO 'mysqltest_2a', 'mysqltest_3' TO 'mysqltest_3a'; --error 1396 drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3'; drop user 'mysqltest_1a', 'mysqltest_2a', 'mysqltest_3a'; # # Let one of multiple users fail create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3'; --error 1396 create user 'mysqltest_1a', 'mysqltest_2', 'mysqltest_3a'; --error 1396 rename user 'mysqltest_1a' to 'mysqltest_1b', 'mysqltest_2a' TO 'mysqltest_2b', 'mysqltest_3a' TO 'mysqltest_3b'; drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3'; --error 1396 drop user 'mysqltest_1b', 'mysqltest_2b', 'mysqltest_3b'; # # Obsolete syntax has been dropped create user 'mysqltest_2' identified by 'Mysqltest-2'; --error 1064 drop user 'mysqltest_2' identified by 'Mysqltest-2'; # # Strange user names create user '%@b'@'b'; show grants for '%@b'@'b'; grant select on mysql.* to '%@b'@'b'; show grants for '%@b'@'b'; rename user '%@b'@'b' to '%@a'@'a'; --error 1141 show grants for '%@b'@'b'; show grants for '%@a'@'a'; drop user '%@a'@'a'; # # USAGE WITH GRANT OPTION is sufficient. create user mysqltest_2@localhost; grant usage on *.* to mysqltest_2@localhost with grant option; connect (user2,localhost,mysqltest_2,,); connection user2; --error 1044 select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password; create user mysqltest_A@'%'; rename user mysqltest_A@'%' to mysqltest_B@'%'; drop user mysqltest_B@'%'; disconnect user2; connection default; drop user mysqltest_2@localhost; # # ALL PRIVILEGES without GRANT OPTION is not sufficient. create user mysqltest_3@localhost; grant all privileges on mysql.* to mysqltest_3@localhost; connect (user3,localhost,mysqltest_3,,); connection user3; select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password; insert into mysql.user set host='%', user='mysqltest_B'; --error 1044 create user mysqltest_A@'%'; --error 1044 rename user mysqltest_B@'%' to mysqltest_C@'%'; --error 1044 drop user mysqltest_B@'%'; disconnect user3; connection default; drop user mysqltest_B@'%'; drop user mysqltest_3@localhost; #