mirror of
https://github.com/MariaDB/server.git
synced 2025-11-03 20:36:16 +01:00
451 lines
14 KiB
Text
451 lines
14 KiB
Text
# this test mostly test privilege control (what doesn't work
|
|
# in the embedded server by default). So skip the test in embedded-server mode.
|
|
-- source include/not_embedded.inc
|
|
-- source include/have_innodb.inc
|
|
-- source include/testdb_only.inc
|
|
|
|
set local sql_mode="";
|
|
set global sql_mode="";
|
|
|
|
--replace_result 'Tables_in_INFORMATION_SCHEMA (T%)' 'Tables_in_information_schema (T%)'
|
|
--sorted_result
|
|
show tables from INFORMATION_SCHEMA like 'T%';
|
|
create database `inf%`;
|
|
create database mbase;
|
|
use `inf%`;
|
|
show tables;
|
|
|
|
--echo #
|
|
--echo # Bug#18113 SELECT * FROM information_schema.xxx crashes server
|
|
--echo # Bug#17204 second CALL to procedure crashes Server
|
|
--echo #
|
|
# Crash happened when one selected data from one of INFORMATION_SCHEMA
|
|
# tables and in order to build its contents server had to open view which
|
|
# used stored function and table or view on which one had not global or
|
|
# database-level privileges (e.g. had only table-level or had no
|
|
# privileges at all).
|
|
#
|
|
--disable_view_protocol
|
|
grant all privileges on `inf%`.* to 'mysqltest_1'@'localhost';
|
|
grant all privileges on `mbase`.* to 'mysqltest_1'@'localhost';
|
|
create table t1 (f1 int);
|
|
delimiter |;
|
|
--enable_prepare_warnings
|
|
create function func1(curr_int int) returns int
|
|
begin
|
|
declare ret_val int;
|
|
select max(f1) from t1 into ret_val;
|
|
return ret_val;
|
|
end|
|
|
--disable_prepare_warnings
|
|
delimiter ;|
|
|
create view v1 as select f1 from t1 where f1 = func1(f1);
|
|
create function func2() returns int return 1;
|
|
|
|
use mbase;
|
|
delimiter |;
|
|
create procedure p1 ()
|
|
begin
|
|
select table_name from information_schema.key_column_usage
|
|
order by table_name;
|
|
end|
|
|
delimiter ;|
|
|
|
|
create table t1
|
|
(f1 int(10) unsigned not null,
|
|
f2 varchar(100) not null,
|
|
primary key (f1), unique key (f2));
|
|
|
|
connect (user1,localhost,mysqltest_1,,"*NO-ONE*");
|
|
connection user1;
|
|
--disable_result_log
|
|
select * from information_schema.tables;
|
|
call mbase.p1();
|
|
call mbase.p1();
|
|
call mbase.p1();
|
|
--enable_result_log
|
|
|
|
connection default;
|
|
use `inf%`;
|
|
drop user mysqltest_1@localhost;
|
|
drop table t1;
|
|
select table_name, table_type, table_comment from information_schema.tables
|
|
where table_schema='inf%' and func2();
|
|
select table_name, table_type, table_comment from information_schema.tables
|
|
where table_schema='inf%' and func2();
|
|
drop view v1;
|
|
drop function func1;
|
|
drop function func2;
|
|
|
|
drop database `inf%`;
|
|
drop procedure mbase.p1;
|
|
drop database mbase;
|
|
disconnect user1;
|
|
|
|
--echo #
|
|
--echo # Bug#18282 INFORMATION_SCHEMA.TABLES provides inconsistent info about invalid views
|
|
--echo #
|
|
use test;
|
|
create table t1 (i int);
|
|
create function f1 () returns int return (select max(i) from t1);
|
|
create view v1 as select f1();
|
|
create table t2 (id int);
|
|
create function f2 () returns int return (select max(i) from t2);
|
|
create view v2 as select f2();
|
|
drop table t2;
|
|
select table_name, table_type, table_comment from information_schema.tables
|
|
where table_schema='test' order by table_name;
|
|
drop table t1;
|
|
select table_name, table_type, table_comment from information_schema.tables
|
|
where table_schema='test' order by table_name;
|
|
drop function f1;
|
|
drop function f2;
|
|
drop view v1, v2;
|
|
--enable_view_protocol
|
|
|
|
--echo #
|
|
--echo # Bug#20543 select on information_schema strange warnings, view, different
|
|
--echo # schemas/users
|
|
--echo #
|
|
--disable_service_connection
|
|
create database testdb_1;
|
|
create user testdb_1@localhost;
|
|
grant all on testdb_1.* to testdb_1@localhost with grant option;
|
|
|
|
create user testdb_2@localhost;
|
|
grant all on test.* to testdb_2@localhost with grant option;
|
|
|
|
connect (testdb_1,localhost,testdb_1,,testdb_1);
|
|
create table t1 (f1 char(4));
|
|
create view v1 as select f1 from t1;
|
|
grant insert on v1 to testdb_2@localhost;
|
|
|
|
create view v5 as select f1 from t1;
|
|
grant select, show view on v5 to testdb_2@localhost;
|
|
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
create definer=`no_such_user`@`no_such_host` view v6 as select f1 from t1;
|
|
|
|
connection default;
|
|
use testdb_1;
|
|
create view v6 as select f1 from t1;
|
|
grant select, show view on v6 to testdb_2@localhost;
|
|
|
|
create table t2 (f1 char(4));
|
|
create definer=`no_such_user`@`no_such_host` view v7 as select * from t2;
|
|
|
|
show fields from testdb_1.v6;
|
|
show create view testdb_1.v6;
|
|
|
|
show create view testdb_1.v7;
|
|
show fields from testdb_1.v7;
|
|
|
|
connection testdb_1;
|
|
|
|
create table t3 (f1 char(4), f2 char(4));
|
|
create view v3 as select f1,f2 from t3;
|
|
grant insert(f1), insert(f2) on v3 to testdb_2@localhost;
|
|
|
|
connect (testdb_2,localhost,testdb_2,,test);
|
|
create view v2 as select f1 from testdb_1.v1;
|
|
create view v4 as select f1,f2 from testdb_1.v3;
|
|
|
|
show fields from testdb_1.v5;
|
|
show create view testdb_1.v5;
|
|
|
|
show fields from testdb_1.v6;
|
|
show create view testdb_1.v6;
|
|
|
|
connection testdb_1;
|
|
show fields from testdb_1.v7;
|
|
show create view testdb_1.v7;
|
|
|
|
revoke insert(f1) on v3 from testdb_2@localhost;
|
|
revoke select,show view on v5 from testdb_2@localhost;
|
|
connection default;
|
|
use testdb_1;
|
|
revoke select,show view on v6 from testdb_2@localhost;
|
|
connection testdb_2;
|
|
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
show fields from testdb_1.v5;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
show create view testdb_1.v5;
|
|
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
show fields from testdb_1.v6;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
show create view testdb_1.v6;
|
|
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
show fields from testdb_1.v7;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
show create view testdb_1.v7;
|
|
|
|
show create view v4;
|
|
#--error ER_VIEW_NO_EXPLAIN
|
|
show fields from v4;
|
|
|
|
show fields from v2;
|
|
show fields from testdb_1.v1;
|
|
show create view v2;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
show create view testdb_1.v1;
|
|
|
|
select table_name from information_schema.columns a
|
|
where a.table_name = 'v2';
|
|
select view_definition from information_schema.views a
|
|
where a.table_name = 'v2';
|
|
select view_definition from information_schema.views a
|
|
where a.table_name = 'testdb_1.v1';
|
|
|
|
--error ER_VIEW_INVALID
|
|
select * from v2;
|
|
|
|
connection default;
|
|
use test;
|
|
drop view testdb_1.v1, v2, testdb_1.v3, v4;
|
|
drop database testdb_1;
|
|
connection testdb_1;
|
|
disconnect testdb_1;
|
|
--source include/wait_until_disconnected.inc
|
|
connection testdb_2;
|
|
disconnect testdb_2;
|
|
--source include/wait_until_disconnected.inc
|
|
connection default;
|
|
drop user testdb_1@localhost;
|
|
drop user testdb_2@localhost;
|
|
|
|
--echo #
|
|
--echo # Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
|
|
--echo #
|
|
create database testdb_1;
|
|
create table testdb_1.t1 (a int);
|
|
create view testdb_1.v1 as select * from testdb_1.t1;
|
|
|
|
grant show view on testdb_1.* to mysqltest_1@localhost;
|
|
grant select on testdb_1.v1 to mysqltest_1@localhost;
|
|
|
|
connect (user1,localhost,mysqltest_1,,"*NO-ONE*");
|
|
connection user1;
|
|
select table_schema, table_name, view_definition from information_schema.views
|
|
where table_name='v1';
|
|
show create view testdb_1.v1;
|
|
|
|
connection default;
|
|
revoke select on testdb_1.v1 from mysqltest_1@localhost;
|
|
connection user1;
|
|
select table_schema, table_name, view_definition from information_schema.views
|
|
where table_name='v1';
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
show create view testdb_1.v1;
|
|
|
|
connection default;
|
|
drop user mysqltest_1@localhost;
|
|
drop database testdb_1;
|
|
connection user1;
|
|
disconnect user1;
|
|
--source include/wait_until_disconnected.inc
|
|
connection default;
|
|
|
|
set global sql_mode=default;
|
|
|
|
--echo #
|
|
--echo # MDEV-20549 SQL SECURITY DEFINER does not work for INFORMATION_SCHEMA tables
|
|
--echo #
|
|
|
|
create user foo@localhost;
|
|
grant select on test.* to foo@localhost;
|
|
create procedure rootonly() select 1;
|
|
create sql security definer view v1d as select current_user(),user from information_schema.processlist where command!='daemon';
|
|
create sql security invoker view v1i as select current_user(),user from information_schema.processlist where command!='daemon';
|
|
create sql security definer view v2d as select table_name from information_schema.tables where table_schema='mysql' and table_name like '%user%';
|
|
create sql security invoker view v2i as select table_name from information_schema.tables where table_schema='mysql' and table_name like '%user%';
|
|
create sql security definer view v3d as select schema_name from information_schema.schemata where schema_name like '%mysql%';
|
|
create sql security invoker view v3i as select schema_name from information_schema.schemata where schema_name like '%mysql%';
|
|
create sql security definer view v4d as select routine_name from information_schema.routines where routine_schema='test';
|
|
create sql security invoker view v4i as select routine_name from information_schema.routines where routine_schema='test';
|
|
create sql security definer view v5d as select view_definition > '' from information_schema.views where table_name='v1d';
|
|
create sql security invoker view v5i as select view_definition > '' from information_schema.views where table_name='v1d';
|
|
connect foo,localhost,foo;
|
|
select * from v1d;
|
|
select * from v1i;
|
|
select * from v2d;
|
|
select * from v2i;
|
|
select * from v3d;
|
|
select * from v3i;
|
|
select * from v4d;
|
|
select * from v4i;
|
|
select * from v5d;
|
|
select * from v5i;
|
|
connection default;
|
|
select * from v1d;
|
|
select * from v1i;
|
|
select * from v2d;
|
|
select * from v2i;
|
|
select * from v3d;
|
|
select * from v3i;
|
|
select * from v4d;
|
|
select * from v4i;
|
|
select * from v5d;
|
|
select * from v5i;
|
|
disconnect foo;
|
|
drop view v1d, v1i, v2d, v2i, v3d, v3i, v4d, v4i, v5d, v5i;
|
|
drop user foo@localhost;
|
|
drop procedure rootonly;
|
|
--enable_service_connection
|
|
|
|
--echo #
|
|
--echo # End of 10.2 tests
|
|
--echo #
|
|
|
|
--echo #
|
|
--echo # MDEV-32500 Information schema leaks table names and structure to unauthorized users
|
|
--echo #
|
|
create database db;
|
|
create table db.t1 (x int, key(x)) engine=InnoDB;
|
|
create table db.t2 (a int, b int, c int, unique(b), check(c>b), foreign key(c) references db.t1(x)) engine=InnoDB;
|
|
create table db.t3 (d int, e int, f int, unique(e), check(f>e), foreign key(f) references db.t1(x),
|
|
foreign key(e) references db.t2(b),
|
|
foreign key(d) references db.t3(f)
|
|
) engine=InnoDB;
|
|
|
|
create user u@localhost;
|
|
grant select (a) on db.t2 to u@localhost;
|
|
grant update (d) on db.t3 to u@localhost;
|
|
|
|
--connect con1,localhost,u,,db
|
|
--sorted_result
|
|
select table_name, column_name from information_schema.columns where table_name like 't_';
|
|
select table_name, column_name from information_schema.key_column_usage where table_name like 't_';
|
|
select table_name, unique_constraint_name, referenced_table_name from information_schema.referential_constraints where table_name like 't_';
|
|
select table_name, constraint_name, constraint_type from information_schema.table_constraints where table_name like 't_';
|
|
show index in t2;
|
|
show index in t3;
|
|
|
|
--disconnect con1
|
|
--connection default
|
|
drop user u@localhost;
|
|
drop database db;
|
|
|
|
--echo #
|
|
--echo # End of 10.4 tests
|
|
--echo #
|
|
|
|
--echo #
|
|
--echo # MDEV-23729 INFORMATION_SCHEMA Table info. about user locked due to
|
|
--echo # max_password_errors
|
|
--echo #
|
|
--echo # MDEV-32218 message to notify end-user N-days prior the password get
|
|
--echo # expired
|
|
--echo #
|
|
|
|
--disable_service_connection
|
|
set @old_max_password_errors=@@max_password_errors;
|
|
set global max_password_errors=2;
|
|
|
|
# must use replace_regex for case insensitive replacement
|
|
let $hostname_re= `select concat('/@\'', @@hostname, '\'/@HOSTNAME/i')`;
|
|
|
|
# set the password_last_changed value
|
|
set timestamp= unix_timestamp('2020-01-02 2:3:4');
|
|
|
|
create user nice_user;
|
|
create user naughty_user identified by 'naughty_user_passwd';
|
|
|
|
alter user naughty_user password expire interval 10 day;
|
|
|
|
--sorted_result
|
|
--replace_regex $hostname_re
|
|
eval select * from information_schema.users;
|
|
|
|
alter user nice_user password expire interval 10 day;
|
|
--sorted_result
|
|
--replace_regex $hostname_re
|
|
select * from information_schema.users;
|
|
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
--error ER_ACCESS_DENIED_ERROR
|
|
connect(con1, localhost, naughty_user, wrong_passwd);
|
|
|
|
--sorted_result
|
|
--replace_regex $hostname_re
|
|
select * from information_schema.users;
|
|
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
--error ER_ACCESS_DENIED_ERROR
|
|
connect(con1, localhost, naughty_user, wrong_passwd);
|
|
|
|
--sorted_result
|
|
--replace_regex $hostname_re
|
|
select * from information_schema.users;
|
|
|
|
|
|
--echo # Show all users that are blocked due to max_password_errors reached.
|
|
select user from information_schema.users
|
|
where password_errors >= @@global.max_password_errors;
|
|
|
|
|
|
set global max_password_errors=3;
|
|
|
|
connect(con1, localhost, naughty_user, naughty_user_passwd);
|
|
connection default;
|
|
|
|
--sorted_result
|
|
--replace_regex $hostname_re
|
|
select * from information_schema.users;
|
|
disconnect con1;
|
|
|
|
--echo # test FLUSH PRIVILEGES
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
--error ER_ACCESS_DENIED_ERROR
|
|
connect(con1, localhost, naughty_user, wrong_passwd);
|
|
select * from information_schema.users where user like '''naughty%';
|
|
flush privileges;
|
|
select * from information_schema.users where user like '''naughty%';
|
|
|
|
--echo # Test unprivileged output
|
|
|
|
connect(con2, localhost, nice_user);
|
|
set timestamp= unix_timestamp('2020-01-02 2:3:4');
|
|
# timestamp was normal at the login moment, so the password was expired
|
|
set password= password('nice_passwd');
|
|
|
|
--sorted_result
|
|
--replace_regex $hostname_re
|
|
select * from information_schema.users;
|
|
|
|
--echo # Delete user while some connection is still alive, then select.
|
|
connection default;
|
|
drop user nice_user;
|
|
connection con2;
|
|
# and here you are, select from your table
|
|
--error ER_INVALID_CURRENT_USER
|
|
select * from information_schema.users;
|
|
|
|
disconnect con2;
|
|
connection default;
|
|
drop user naughty_user;
|
|
set global max_password_errors=@old_max_password_errors;
|
|
|
|
--echo # more password expiration tests
|
|
set global default_password_lifetime= 2;
|
|
create user u1@localhost password expire;
|
|
create user u2@localhost password expire default;
|
|
create user u3@localhost password expire interval 10 day;
|
|
create user u4@localhost password expire interval 20 day;
|
|
create user u5@localhost password expire never;
|
|
set timestamp= unix_timestamp('2020-01-17 2:3:4');
|
|
|
|
select * from information_schema.users where user like '''u_''%';
|
|
set global default_password_lifetime= default;
|
|
select * from information_schema.users where user like '''u_''%';
|
|
|
|
drop user u1@localhost;
|
|
drop user u2@localhost;
|
|
drop user u3@localhost;
|
|
drop user u4@localhost;
|
|
drop user u5@localhost;
|
|
--enable_service_connection
|
|
|
|
--echo # End of 10.0 tests
|