mirror of
https://github.com/MariaDB/server.git
synced 2025-10-18 21:52:10 +02:00
eeb00ceffd
Follow-up patch with adjustments of test files and updates of result files for tests. Some of tests were rewritten slighlty. Everywhere where common pattern used: ----- CREATE USER userA; --connect con1 ... userA ... <sql statements...> --disconnect con1 DROP USER userA; ----- the DROP USER statement has been eclosed into the directive --disable_warnings --enable_warnings This change is caused by the race conddition between --disconnect and DROP USER since a number of currently running sessions established on behalf the user being dropped is counted by holding the rw_lock THD_list_iterator::lock that is not acquired on execution the DROP USER statement but the lock is taken as the last step on handling disconnection (when the client is already sending the next statement). Therefore, for the cases where the command --disconnect precedes the DROP USER statement we hide the possible warnings about presence of active sessions for the user being deleted to make tests deterministic.
83 lines
2.6 KiB
Text
83 lines
2.6 KiB
Text
create role r1;
|
|
create role r2;
|
|
create role r3;
|
|
create user u1;
|
|
grant r2 to r1;
|
|
grant r3 to r2;
|
|
grant r1 to u1;
|
|
show grants for u1;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%`
|
|
GRANT `r1` TO `u1`@`%`
|
|
show grants for r1;
|
|
Grants for r1
|
|
GRANT USAGE ON *.* TO `r1`
|
|
GRANT USAGE ON *.* TO `r2`
|
|
GRANT USAGE ON *.* TO `r3`
|
|
GRANT `r2` TO `r1`
|
|
GRANT `r3` TO `r2`
|
|
grant SELECT on *.* to u1;
|
|
grant INSERT on mysql.* to r1;
|
|
grant DELETE on mysql.roles_mapping to r2;
|
|
grant UPDATE on mysql.user to r3;
|
|
create function mysql.test_func (s CHAR(20))
|
|
returns CHAR(50) DETERMINISTIC
|
|
return concat('Test string: ',s);
|
|
create procedure mysql.test_proc (OUT param1 INT)
|
|
begin
|
|
select COUNT(*) into param1 from mysql.roles_mapping;
|
|
end|
|
|
grant execute on function mysql.test_func to r2;
|
|
grant execute on procedure mysql.test_proc to r3;
|
|
revoke execute on procedure mysql.test_proc from r2;
|
|
ERROR 42000: There is no such grant defined for user 'r2' on host '' on routine 'test_proc'
|
|
show grants for r1;
|
|
Grants for r1
|
|
GRANT DELETE ON `mysql`.`roles_mapping` TO `r2`
|
|
GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO `r2`
|
|
GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO `r3`
|
|
GRANT INSERT ON `mysql`.* TO `r1`
|
|
GRANT UPDATE ON `mysql`.`user` TO `r3`
|
|
GRANT USAGE ON *.* TO `r1`
|
|
GRANT USAGE ON *.* TO `r2`
|
|
GRANT USAGE ON *.* TO `r3`
|
|
GRANT `r2` TO `r1`
|
|
GRANT `r3` TO `r2`
|
|
show grants for r2;
|
|
Grants for r2
|
|
GRANT DELETE ON `mysql`.`roles_mapping` TO `r2`
|
|
GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO `r2`
|
|
GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO `r3`
|
|
GRANT UPDATE ON `mysql`.`user` TO `r3`
|
|
GRANT USAGE ON *.* TO `r2`
|
|
GRANT USAGE ON *.* TO `r3`
|
|
GRANT `r3` TO `r2`
|
|
show grants for r3;
|
|
Grants for r3
|
|
GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO `r3`
|
|
GRANT UPDATE ON `mysql`.`user` TO `r3`
|
|
GRANT USAGE ON *.* TO `r3`
|
|
drop function mysql.test_func;
|
|
drop procedure mysql.test_proc;
|
|
create function mysql.test_func (s CHAR(20))
|
|
returns CHAR(50) DETERMINISTIC
|
|
return concat('Test string: ',s);
|
|
show grants for r2;
|
|
Grants for r2
|
|
GRANT DELETE ON `mysql`.`roles_mapping` TO `r2`
|
|
GRANT UPDATE ON `mysql`.`user` TO `r3`
|
|
GRANT USAGE ON *.* TO `r2`
|
|
GRANT USAGE ON *.* TO `r3`
|
|
GRANT `r3` TO `r2`
|
|
connect u1,localhost,u1,,;
|
|
select mysql.test_func("none");
|
|
ERROR 42000: execute command denied to user 'u1'@'%' for routine 'mysql.test_func'
|
|
set role r1;
|
|
select mysql.test_func("r1");
|
|
ERROR 42000: execute command denied to user 'u1'@'%' for routine 'mysql.test_func'
|
|
connection default;
|
|
drop function mysql.test_func;
|
|
drop role r1, r2, r3;
|
|
drop user u1;
|
|
Warnings:
|
|
Note 4226 Dropped users ['u1'@'%'] have active connections. Use KILL CONNECTION if they should not be used anymore.
|