mirror of
https://github.com/MariaDB/server.git
synced 2025-02-02 12:01:42 +01:00
1fbb61754b
First one is related to Bug#7905. One should not be allowed to create new user with password without UPDATE privilege to MySQL database. Furthermore, executing the same GRANT statement twice would actually crash the server and corrupt privilege database. Other bug was that one could update a column, using the existing value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1) without SELECT privilege to the field (a in the above example) Fixed tests grant.pl and grant2, which were wrong.
264 lines
9.1 KiB
Text
264 lines
9.1 KiB
Text
SET NAMES binary;
|
|
|
|
#
|
|
# GRANT tests that require several connections
|
|
# (usually it's GRANT, reconnect as another user, try something)
|
|
#
|
|
|
|
|
|
# prepare playground before tests
|
|
--disable_warnings
|
|
drop database if exists mysqltest;
|
|
--enable_warnings
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
|
|
|
|
#
|
|
# wild_compare fun
|
|
#
|
|
|
|
grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option;
|
|
connect (user1,localhost,mysqltest_1,,);
|
|
connection user1;
|
|
select current_user();
|
|
select current_user;
|
|
grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option;
|
|
--error 1044
|
|
grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option;
|
|
#
|
|
# NO_AUTO_CREATE_USER mode
|
|
#
|
|
set @@sql_mode='NO_AUTO_CREATE_USER';
|
|
select @@sql_mode;
|
|
--error 1211
|
|
grant select on `my\_1`.* to mysqltest_4@localhost with grant option;
|
|
--error 1044
|
|
grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass'
|
|
with grant option;
|
|
disconnect user1;
|
|
connection default;
|
|
show grants for mysqltest_1@localhost;
|
|
show grants for mysqltest_2@localhost;
|
|
--error 1141
|
|
show grants for mysqltest_3@localhost;
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
|
|
|
|
#
|
|
# Bug #6173: One can circumvent missing UPDATE privilege if he has SELECT
|
|
# and INSERT privilege for table with primary key
|
|
#
|
|
create database mysqltest;
|
|
grant INSERT, SELECT on mysqltest.* to mysqltest_1@localhost;
|
|
flush privileges;
|
|
use mysqltest;
|
|
create table t1 (id int primary key, data varchar(255));
|
|
|
|
connect (mrbad, localhost, mysqltest_1,,mysqltest);
|
|
connection mrbad;
|
|
show grants for current_user();
|
|
insert into t1 values (1, 'I can''t change it!');
|
|
--error 1142
|
|
update t1 set data='I can change it!' where id = 1;
|
|
# This should not be allowed since it too require UPDATE privilege.
|
|
--error 1142
|
|
insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!';
|
|
select * from t1;
|
|
disconnect mrbad;
|
|
|
|
connection default;
|
|
drop table t1;
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
#
|
|
#
|
|
create table t1 (a int, b int);
|
|
grant select (a) on t1 to mysqltest_1@localhost with grant option;
|
|
connect (mrugly, localhost, mysqltest_1,,mysqltest);
|
|
connection mrugly;
|
|
--error 1143
|
|
grant select (a,b) on t1 to mysqltest_2@localhost;
|
|
--error 1142
|
|
grant select on t1 to mysqltest_3@localhost;
|
|
disconnect mrugly;
|
|
|
|
connection default;
|
|
drop table t1;
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
|
|
drop database mysqltest;
|
|
use test;
|
|
|
|
#
|
|
# Create and drop user
|
|
#
|
|
set sql_mode='maxdb';
|
|
--disable_warnings
|
|
drop table if exists t1, t2;
|
|
--enable_warnings
|
|
create table t1(c1 int);
|
|
create table t2(c1 int, c2 int);
|
|
#
|
|
# Three forms of CREATE USER
|
|
create user 'mysqltest_1';
|
|
--error 1396
|
|
create user 'mysqltest_1';
|
|
create user 'mysqltest_2' identified by 'Mysqltest-2';
|
|
create user 'mysqltest_3' identified by password 'fffffffffffffffffffffffffffffffffffffffff';
|
|
grant select on *.* to 'mysqltest_2';
|
|
grant insert on test.* to 'mysqltest_2';
|
|
grant update on test.t1 to 'mysqltest_2';
|
|
grant update (c2) on test.t2 to 'mysqltest_2';
|
|
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
|
|
select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
|
|
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
|
|
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
|
|
show grants for 'mysqltest_1';
|
|
show grants for 'mysqltest_2';
|
|
#
|
|
# Drop
|
|
drop user 'mysqltest_1';
|
|
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
|
|
select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
|
|
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
|
|
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
|
|
--error 1141
|
|
show grants for 'mysqltest_1';
|
|
#
|
|
# Rename
|
|
rename user 'mysqltest_2' to 'mysqltest_1';
|
|
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
|
|
select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
|
|
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
|
|
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
|
|
show grants for 'mysqltest_1';
|
|
drop user 'mysqltest_1', 'mysqltest_3';
|
|
#
|
|
# Grant must not create user
|
|
--error 1211
|
|
grant all on test.t1 to 'mysqltest_1';
|
|
--error 1396
|
|
drop user 'mysqltest_1';
|
|
#
|
|
# Cleanup
|
|
drop table t1, t2;
|
|
#
|
|
# Add a stray record
|
|
insert into mysql.db set user='mysqltest_1', db='%', host='%';
|
|
flush privileges;
|
|
--error 1141
|
|
show grants for 'mysqltest_1';
|
|
--error 1269
|
|
revoke all privileges, grant option from 'mysqltest_1';
|
|
drop user 'mysqltest_1';
|
|
select host,db,user from mysql.db where user = 'mysqltest_1' order by host,db,user;
|
|
#
|
|
# Add a stray record
|
|
insert into mysql.tables_priv set host='%', db='test', user='mysqltest_1', table_name='t1';
|
|
flush privileges;
|
|
--error 1141
|
|
show grants for 'mysqltest_1';
|
|
drop user 'mysqltest_1';
|
|
select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' order by host,db,user,table_name;
|
|
#
|
|
# Add a stray record
|
|
insert into mysql.columns_priv set host='%', db='test', user='mysqltest_1', table_name='t1', column_name='c1';
|
|
flush privileges;
|
|
--error 1141
|
|
show grants for 'mysqltest_1';
|
|
drop user 'mysqltest_1';
|
|
select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' order by host,db,user,table_name,column_name;
|
|
#
|
|
# Handle multi user lists
|
|
create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
|
|
drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
|
|
create user 'mysqltest_1', 'mysqltest_2' identified by 'Mysqltest-2', 'mysqltest_3' identified by password 'fffffffffffffffffffffffffffffffffffffffff';
|
|
rename user 'mysqltest_1' to 'mysqltest_1a', 'mysqltest_2' TO 'mysqltest_2a', 'mysqltest_3' TO 'mysqltest_3a';
|
|
--error 1396
|
|
drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
|
|
drop user 'mysqltest_1a', 'mysqltest_2a', 'mysqltest_3a';
|
|
#
|
|
# Let one of multiple users fail
|
|
create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
|
|
--error 1396
|
|
create user 'mysqltest_1a', 'mysqltest_2', 'mysqltest_3a';
|
|
--error 1396
|
|
rename user 'mysqltest_1a' to 'mysqltest_1b', 'mysqltest_2a' TO 'mysqltest_2b', 'mysqltest_3a' TO 'mysqltest_3b';
|
|
drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
|
|
--error 1396
|
|
drop user 'mysqltest_1b', 'mysqltest_2b', 'mysqltest_3b';
|
|
#
|
|
# Obsolete syntax has been dropped
|
|
create user 'mysqltest_2' identified by 'Mysqltest-2';
|
|
--error 1064
|
|
drop user 'mysqltest_2' identified by 'Mysqltest-2';
|
|
#
|
|
# Strange user names
|
|
create user '%@b'@'b';
|
|
show grants for '%@b'@'b';
|
|
grant select on mysql.* to '%@b'@'b';
|
|
show grants for '%@b'@'b';
|
|
rename user '%@b'@'b' to '%@a'@'a';
|
|
--error 1141
|
|
show grants for '%@b'@'b';
|
|
show grants for '%@a'@'a';
|
|
drop user '%@a'@'a';
|
|
#
|
|
# USAGE WITH GRANT OPTION is sufficient.
|
|
create user mysqltest_2@localhost;
|
|
grant usage on *.* to mysqltest_2@localhost with grant option;
|
|
connect (user2,localhost,mysqltest_2,,);
|
|
connection user2;
|
|
--error 1142
|
|
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
|
|
create user mysqltest_A@'%';
|
|
rename user mysqltest_A@'%' to mysqltest_B@'%';
|
|
drop user mysqltest_B@'%';
|
|
disconnect user2;
|
|
connection default;
|
|
drop user mysqltest_2@localhost;
|
|
#
|
|
# ALL PRIVILEGES without GRANT OPTION is not sufficient.
|
|
create user mysqltest_3@localhost;
|
|
grant all privileges on mysql.* to mysqltest_3@localhost;
|
|
connect (user3,localhost,mysqltest_3,,);
|
|
connection user3;
|
|
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
|
|
insert into mysql.user set host='%', user='mysqltest_B';
|
|
--error 1044
|
|
create user mysqltest_A@'%';
|
|
--error 1044
|
|
rename user mysqltest_B@'%' to mysqltest_C@'%';
|
|
--error 1044
|
|
drop user mysqltest_B@'%';
|
|
disconnect user3;
|
|
connection default;
|
|
drop user mysqltest_B@'%';
|
|
drop user mysqltest_3@localhost;
|
|
#
|
|
# Bug #3309: Test IP addresses with netmask
|
|
set @@sql_mode='';
|
|
create database mysqltest_1;
|
|
create table mysqltest_1.t1 (i int);
|
|
insert into mysqltest_1.t1 values (1),(2),(3);
|
|
GRANT ALL ON mysqltest_1.t1 TO mysqltest_1@'127.0.0.0/255.0.0.0';
|
|
connect (n1,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,$MASTER_MYSOCK);
|
|
connection n1;
|
|
show grants for current_user();
|
|
select * from t1;
|
|
disconnect n1;
|
|
connection default;
|
|
REVOKE ALL ON mysqltest_1.t1 FROM mysqltest_1@'127.0.0.0/255.0.0.0';
|
|
drop table mysqltest_1.t1;
|
|
drop database mysqltest_1;
|