mirror of
https://github.com/MariaDB/server.git
synced 2025-01-17 20:42:30 +01:00
0253ea7f22
Also fixes: MDEV-21487: Implement option for mysql_upgrade that allows root@localhost to be replaced MDEV-21486: Implement option for mysql_install_db that allows root@localhost to be replaced Add user mariadb.sys to be definer of user view (and has right on underlying table global_priv for required operation over global_priv (SELECT,UPDATE,DELETE)) Also changed definer of gis functions in case of creation, but they work with any definer so upgrade script do not try to push this change.
1025 lines
32 KiB
Text
1025 lines
32 KiB
Text
# Grant tests not performed with embedded server
|
|
-- source include/not_embedded.inc
|
|
|
|
# Save the initial number of concurrent sessions
|
|
--source include/count_sessions.inc
|
|
|
|
select priv into @root_priv from mysql.global_priv where user='root' and host='localhost';
|
|
set GLOBAL sql_mode="";
|
|
set LOCAL sql_mode="";
|
|
SET NAMES binary;
|
|
|
|
#
|
|
# GRANT tests that require several connections
|
|
# (usually it's GRANT, reconnect as another user, try something)
|
|
#
|
|
|
|
|
|
# prepare playground before tests
|
|
--disable_warnings
|
|
drop database if exists mysqltest;
|
|
drop database if exists mysqltest_1;
|
|
--enable_warnings
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
|
|
|
|
grant all privileges on `my\_1`.* to mysqltest_1@localhost with grant option;
|
|
grant create user on *.* to mysqltest_1@localhost;
|
|
create user mysqltest_2@localhost;
|
|
connect (user_a,localhost,mysqltest_1,,);
|
|
connection user_a;
|
|
grant select on `my\_1`.* to mysqltest_2@localhost;
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass';
|
|
disconnect user_a;
|
|
connection default;
|
|
grant update on mysql.* to mysqltest_1@localhost;
|
|
connect (user_b,localhost,mysqltest_1,,);
|
|
connection user_b;
|
|
grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass';
|
|
grant select on `my\_1`.* to mysqltest_3@localhost;
|
|
disconnect user_b;
|
|
connection default;
|
|
grant insert on mysql.* to mysqltest_1@localhost;
|
|
connect (user_c,localhost,mysqltest_1,,);
|
|
connection user_c;
|
|
grant select on `my\_1`.* to mysqltest_3@localhost;
|
|
grant select on `my\_1`.* to mysqltest_4@localhost identified by 'pass';
|
|
disconnect user_c;
|
|
connection default;
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
|
|
#
|
|
# wild_compare fun
|
|
#
|
|
|
|
grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option;
|
|
grant create user on *.* to mysqltest_1@localhost;
|
|
connect (user1,localhost,mysqltest_1,,);
|
|
connection user1;
|
|
select current_user();
|
|
grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option;
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option;
|
|
|
|
#
|
|
# NO_AUTO_CREATE_USER mode
|
|
#
|
|
set @@sql_mode='NO_AUTO_CREATE_USER';
|
|
select @@sql_mode;
|
|
#
|
|
# GRANT without IDENTIFIED BY does not create new users
|
|
#
|
|
--error ER_PASSWORD_NO_MATCH
|
|
grant select on `my\_1`.* to mysqltest_4@localhost with grant option;
|
|
grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass'
|
|
with grant option;
|
|
disconnect user1;
|
|
connection default;
|
|
show grants for mysqltest_1@localhost;
|
|
show grants for mysqltest_2@localhost;
|
|
--error ER_NONEXISTING_GRANT
|
|
show grants for mysqltest_3@localhost;
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
|
|
#
|
|
# wild_compare part two - acl_cache
|
|
#
|
|
create database mysqltest_1;
|
|
grant all privileges on `mysqltest\_1`.* to mysqltest_1@localhost with grant option;
|
|
connect (user2,localhost,mysqltest_1,,);
|
|
connection user2;
|
|
select current_user();
|
|
show databases;
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
grant all privileges on `mysqltest_1`.* to mysqltest_1@localhost with grant option;
|
|
disconnect user2;
|
|
connection default;
|
|
show grants for mysqltest_1@localhost;
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
drop database mysqltest_1;
|
|
flush privileges;
|
|
|
|
#
|
|
# Bug#6173 One can circumvent missing UPDATE privilege if he has SELECT and
|
|
# INSERT privilege for table with primary key
|
|
#
|
|
create database mysqltest;
|
|
grant INSERT, SELECT on mysqltest.* to mysqltest_1@localhost;
|
|
flush privileges;
|
|
use mysqltest;
|
|
create table t1 (id int primary key, data varchar(255));
|
|
|
|
connect (mrbad, localhost, mysqltest_1,,mysqltest);
|
|
connection mrbad;
|
|
show grants for current_user();
|
|
insert into t1 values (1, 'I can''t change it!');
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
update t1 set data='I can change it!' where id = 1;
|
|
# This should not be allowed since it too require UPDATE privilege.
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!';
|
|
select * from t1;
|
|
disconnect mrbad;
|
|
|
|
connection default;
|
|
drop table t1;
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
#
|
|
#
|
|
create table t1 (a int, b int);
|
|
grant select (a) on t1 to mysqltest_1@localhost with grant option;
|
|
connect (mrugly, localhost, mysqltest_1,,mysqltest);
|
|
connection mrugly;
|
|
--error ER_COLUMNACCESS_DENIED_ERROR
|
|
grant select (a,b) on t1 to mysqltest_2@localhost;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
grant select on t1 to mysqltest_3@localhost;
|
|
disconnect mrugly;
|
|
|
|
connection default;
|
|
drop table t1;
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
|
|
drop database mysqltest;
|
|
use test;
|
|
|
|
|
|
#
|
|
# Bug#15775 "drop user" command does not refresh acl_check_hosts
|
|
#
|
|
|
|
# Create some test users
|
|
create user mysqltest_1@host1;
|
|
create user mysqltest_2@host2;
|
|
create user mysqltest_3@host3;
|
|
create user mysqltest_4@host4;
|
|
create user mysqltest_5@host5;
|
|
create user mysqltest_6@host6;
|
|
create user mysqltest_7@host7;
|
|
flush privileges;
|
|
|
|
# Drop one user
|
|
drop user mysqltest_3@host3;
|
|
|
|
# This connect failed before fix since the acl_check_hosts list was corrupted by the "drop user"
|
|
connect (con8,127.0.0.1,root,,test,$MASTER_MYPORT,);
|
|
disconnect con8;
|
|
connection default;
|
|
|
|
# Clean up - Drop all of the remaining users at once
|
|
drop user mysqltest_1@host1, mysqltest_2@host2, mysqltest_4@host4,
|
|
mysqltest_5@host5, mysqltest_6@host6, mysqltest_7@host7;
|
|
|
|
# Check that it's still possible to connect
|
|
connect (con9,127.0.0.1,root,,test,$MASTER_MYPORT,);
|
|
disconnect con9;
|
|
connection default;
|
|
|
|
#
|
|
# Bug#16180 Setting SQL_LOG_OFF without SUPER privilege is silently ignored
|
|
#
|
|
create database mysqltest_1;
|
|
grant select, insert, update on `mysqltest\_1`.* to mysqltest_1@localhost;
|
|
connect (con10,localhost,mysqltest_1,,);
|
|
connection con10;
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
set sql_log_off = 1;
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
set sql_log_bin = 0;
|
|
disconnect con10;
|
|
connection default;
|
|
delete from mysql.user where user like 'mysqltest\_1';
|
|
delete from mysql.db where user like 'mysqltest\_1';
|
|
drop database mysqltest_1;
|
|
flush privileges;
|
|
|
|
# End of 4.1 tests
|
|
# Create and drop user
|
|
#
|
|
set sql_mode='maxdb';
|
|
--disable_warnings
|
|
drop table if exists t1, t2;
|
|
--enable_warnings
|
|
create table t1(c1 int);
|
|
create table t2(c1 int, c2 int);
|
|
#
|
|
# Three forms of CREATE USER
|
|
create user 'mysqltest_1';
|
|
--error ER_CANNOT_USER
|
|
create user 'mysqltest_1';
|
|
create user 'mysqltest_2' identified by 'Mysqltest-2';
|
|
create user 'mysqltest_3' identified by password 'fffffffffffffffffffffffffffffffffffffffff';
|
|
grant select on *.* to 'mysqltest_2';
|
|
grant insert on test.* to 'mysqltest_2';
|
|
grant update on test.t1 to 'mysqltest_2';
|
|
grant update (c2) on test.t2 to 'mysqltest_2';
|
|
--sorted_result
|
|
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%';
|
|
--sorted_result
|
|
select host,db,user from mysql.db where user like 'mysqltest_%';
|
|
--sorted_result
|
|
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%';
|
|
--sorted_result
|
|
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%';
|
|
show grants for 'mysqltest_1';
|
|
show grants for 'mysqltest_2';
|
|
#
|
|
# Drop
|
|
drop user 'mysqltest_1';
|
|
--sorted_result
|
|
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%';
|
|
--sorted_result
|
|
select host,db,user from mysql.db where user like 'mysqltest_%';
|
|
--sorted_result
|
|
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%';
|
|
--sorted_result
|
|
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%';
|
|
--error ER_NONEXISTING_GRANT
|
|
show grants for 'mysqltest_1';
|
|
#
|
|
# Rename
|
|
rename user 'mysqltest_2' to 'mysqltest_1';
|
|
--sorted_result
|
|
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
|
|
--sorted_result
|
|
select host,db,user from mysql.db where user like 'mysqltest_%' ;
|
|
--sorted_result
|
|
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' ;
|
|
--sorted_result
|
|
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' ;
|
|
show grants for 'mysqltest_1';
|
|
drop user 'mysqltest_1', 'mysqltest_3';
|
|
--error ER_CANNOT_USER
|
|
drop user 'mysqltest_1';
|
|
#
|
|
# Cleanup
|
|
drop table t1, t2;
|
|
#
|
|
# Add a stray record
|
|
insert into mysql.db set user='mysqltest_1', db='%', host='%';
|
|
flush privileges;
|
|
--error ER_NONEXISTING_GRANT
|
|
show grants for 'mysqltest_1';
|
|
--error ER_REVOKE_GRANTS
|
|
revoke all privileges, grant option from 'mysqltest_1';
|
|
drop user 'mysqltest_1';
|
|
--sorted_result
|
|
select host,db,user from mysql.db where user = 'mysqltest_1' ;
|
|
#
|
|
# Add a stray record
|
|
insert into mysql.tables_priv set host='%', db='test', user='mysqltest_1', table_name='t1';
|
|
flush privileges;
|
|
--error ER_NONEXISTING_GRANT
|
|
show grants for 'mysqltest_1';
|
|
drop user 'mysqltest_1';
|
|
--sorted_result
|
|
select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' ;
|
|
#
|
|
# Add a stray record
|
|
insert into mysql.columns_priv set host='%', db='test', user='mysqltest_1', table_name='t1', column_name='c1';
|
|
flush privileges;
|
|
--error ER_NONEXISTING_GRANT
|
|
show grants for 'mysqltest_1';
|
|
drop user 'mysqltest_1';
|
|
--sorted_result
|
|
select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' ;
|
|
#
|
|
# Handle multi user lists
|
|
create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
|
|
drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
|
|
create user 'mysqltest_1', 'mysqltest_2' identified by 'Mysqltest-2', 'mysqltest_3' identified by password 'fffffffffffffffffffffffffffffffffffffffff';
|
|
rename user 'mysqltest_1' to 'mysqltest_1a', 'mysqltest_2' TO 'mysqltest_2a', 'mysqltest_3' TO 'mysqltest_3a';
|
|
--error ER_CANNOT_USER
|
|
drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
|
|
drop user 'mysqltest_1a', 'mysqltest_2a', 'mysqltest_3a';
|
|
#
|
|
# Let one of multiple users fail
|
|
create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
|
|
--error ER_CANNOT_USER
|
|
create user 'mysqltest_1a', 'mysqltest_2', 'mysqltest_3a';
|
|
--error ER_CANNOT_USER
|
|
rename user 'mysqltest_1a' to 'mysqltest_1b', 'mysqltest_2a' TO 'mysqltest_2b', 'mysqltest_3a' TO 'mysqltest_3b';
|
|
drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
|
|
--error ER_CANNOT_USER
|
|
drop user 'mysqltest_1b', 'mysqltest_2b', 'mysqltest_3b';
|
|
#
|
|
# Obsolete syntax has been dropped
|
|
create user 'mysqltest_2' identified by 'Mysqltest-2';
|
|
--error ER_PARSE_ERROR
|
|
drop user 'mysqltest_2' identified by 'Mysqltest-2';
|
|
drop user 'mysqltest_2';
|
|
#
|
|
# Strange user names
|
|
create user '%@b'@'b';
|
|
show grants for '%@b'@'b';
|
|
grant select on mysql.* to '%@b'@'b';
|
|
show grants for '%@b'@'b';
|
|
rename user '%@b'@'b' to '%@a'@'a';
|
|
--error ER_NONEXISTING_GRANT
|
|
show grants for '%@b'@'b';
|
|
show grants for '%@a'@'a';
|
|
drop user '%@a'@'a';
|
|
#
|
|
# CREATE USER privilege is enough
|
|
#
|
|
create user mysqltest_2@localhost;
|
|
grant create user on *.* to mysqltest_2@localhost;
|
|
connect (user3,localhost,mysqltest_2,,);
|
|
connection user3;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
|
|
create user mysqltest_A@'%';
|
|
rename user mysqltest_A@'%' to mysqltest_B@'%';
|
|
drop user mysqltest_B@'%';
|
|
disconnect user3;
|
|
connection default;
|
|
drop user mysqltest_2@localhost;
|
|
#
|
|
# INSERT/UPDATE/DELETE is ok too
|
|
create user mysqltest_3@localhost;
|
|
grant INSERT,DELETE,UPDATE on mysql.* to mysqltest_3@localhost;
|
|
connect (user4,localhost,mysqltest_3,,);
|
|
connection user4;
|
|
show grants;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
|
|
insert into mysql.global_priv set host='%', user='mysqltest_B';
|
|
create user mysqltest_A@'%';
|
|
rename user mysqltest_B@'%' to mysqltest_C@'%';
|
|
drop user mysqltest_C@'%';
|
|
drop user mysqltest_A@'%';
|
|
disconnect user4;
|
|
connection default;
|
|
drop user mysqltest_3@localhost;
|
|
#
|
|
# Bug#3309 Test IP addresses with netmask
|
|
set @@sql_mode='';
|
|
create database mysqltest_1;
|
|
create table mysqltest_1.t1 (i int);
|
|
insert into mysqltest_1.t1 values (1),(2),(3);
|
|
GRANT ALL ON mysqltest_1.t1 TO mysqltest_1@'127.0.0.0/255.0.0.0';
|
|
connect (n1,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,$MASTER_MYSOCK);
|
|
connection n1;
|
|
show grants for current_user();
|
|
select * from t1;
|
|
disconnect n1;
|
|
connection default;
|
|
REVOKE ALL ON mysqltest_1.t1 FROM mysqltest_1@'127.0.0.0/255.0.0.0';
|
|
delete from mysql.user where user like 'mysqltest\_1';
|
|
flush privileges;
|
|
drop table mysqltest_1.t1;
|
|
|
|
#
|
|
# Bug#12302 Hostname resolution preventing password changes
|
|
# 'SET PASSWORD = ...' didn't work if connecting hostname !=
|
|
# hostname the current user is authenticated as. Note that a test for this
|
|
# was also added to the test above.
|
|
#
|
|
grant all on mysqltest_1.* to mysqltest_1@'127.0.0.1';
|
|
connect (b12302,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,);
|
|
connection b12302;
|
|
select current_user();
|
|
set password = password('changed');
|
|
disconnect b12302;
|
|
connection default;
|
|
select host, length(authentication_string) from mysql.user where user like 'mysqltest\_1';
|
|
revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.1';
|
|
delete from mysql.user where user like 'mysqltest\_1';
|
|
flush privileges;
|
|
grant all on mysqltest_1.* to mysqltest_1@'127.0.0.0/255.0.0.0';
|
|
connect (b12302_2,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,);
|
|
connection b12302_2;
|
|
select current_user();
|
|
set password = password('changed');
|
|
disconnect b12302_2;
|
|
connection default;
|
|
select host, length(authentication_string) from mysql.user where user like 'mysqltest\_1';
|
|
revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.0/255.0.0.0';
|
|
delete from mysql.user where user like 'mysqltest\_1';
|
|
flush privileges;
|
|
drop database mysqltest_1;
|
|
|
|
--source include/add_anonymous_users.inc
|
|
|
|
# But anonymous users can't change their password
|
|
connect (n5,localhost,test,,test,$MASTER_MYPORT,$MASTER_MYSOCK);
|
|
connection n5;
|
|
--error ER_PASSWORD_ANONYMOUS_USER
|
|
set password = password("changed");
|
|
disconnect n5;
|
|
connection default;
|
|
|
|
--source include/delete_anonymous_users.inc
|
|
|
|
|
|
# Bug#12423 "Deadlock when doing FLUSH PRIVILEGES and GRANT in
|
|
# multi-threaded environment". We should be able to execute FLUSH
|
|
# PRIVILEGES and SET PASSWORD simultaneously with other account
|
|
# management commands (such as GRANT and REVOKE) without causing
|
|
# deadlocks. To achieve this we should ensure that all account
|
|
# management commands take table and internal locks in the same order.
|
|
connect (con2root,localhost,root,,);
|
|
connect (con3root,localhost,root,,);
|
|
# Check that we can execute FLUSH PRIVILEGES and GRANT simultaneously
|
|
# This will check that locks are taken in proper order during both
|
|
# user/db-level and table/column-level privileges reloading.
|
|
connection default;
|
|
lock table mysql.user write;
|
|
connection con2root;
|
|
send flush privileges;
|
|
connection con3root;
|
|
send grant all on *.* to 'mysqltest_1'@'localhost';
|
|
connection default;
|
|
unlock tables;
|
|
connection con2root;
|
|
reap;
|
|
connection con3root;
|
|
reap;
|
|
# Check for simultaneous SET PASSWORD and REVOKE.
|
|
connection default;
|
|
lock table mysql.user write;
|
|
connection con2root;
|
|
send set password for 'mysqltest_1'@'localhost' = password('');
|
|
connection con3root;
|
|
send revoke all on *.* from 'mysqltest_1'@'localhost';
|
|
connection default;
|
|
unlock tables;
|
|
connection con2root;
|
|
reap;
|
|
connection con3root;
|
|
reap;
|
|
connection default;
|
|
# Clean-up
|
|
drop user 'mysqltest_1'@'localhost';
|
|
disconnect con2root;
|
|
disconnect con3root;
|
|
|
|
# End of 4.1 tests
|
|
|
|
#
|
|
# Bug#17279 user with no global privs and with create
|
|
# priv in db can create databases
|
|
#
|
|
|
|
create database TESTDB;
|
|
create table t2(a int);
|
|
create temporary table t1 as select * from mysql.global_priv;
|
|
delete from mysql.global_priv where host='localhost';
|
|
INSERT INTO mysql.global_priv (host, user, priv) VALUES
|
|
('%','mysqltest_1',json_object('authentication_string', password('password')));
|
|
INSERT INTO mysql.db (host, db, user, select_priv) VALUES
|
|
('%','TESTDB','mysqltest_1','Y');
|
|
FLUSH PRIVILEGES;
|
|
|
|
connect (con1,localhost,mysqltest_1,password,TESTDB);
|
|
|
|
# The user mysqltest_1 should only be allowed access to
|
|
# database TESTDB, not TEStdb
|
|
# On system with "lowercase names" we get error "ER_DB_CREATE_EXISTS: Can't create db..."
|
|
--error ER_DBACCESS_DENIED_ERROR, ER_DB_CREATE_EXISTS
|
|
create database TEStdb;
|
|
|
|
# Clean-up
|
|
connection default;
|
|
disconnect con1;
|
|
delete from mysql.global_priv;
|
|
delete from mysql.db where host='%' and user='mysqltest_1' and db='TESTDB';
|
|
insert into mysql.global_priv select * from t1;
|
|
drop table t1, t2;
|
|
drop database TESTDB;
|
|
flush privileges;
|
|
|
|
#
|
|
# Bug#13310 incorrect user parsing by SP
|
|
#
|
|
|
|
SET @old_log_bin_trust_function_creators= @@global.log_bin_trust_function_creators;
|
|
SET GLOBAL log_bin_trust_function_creators = 1;
|
|
|
|
GRANT ALL PRIVILEGES ON test.* TO `a@`@localhost;
|
|
GRANT EXECUTE ON * TO `a@`@localhost;
|
|
connect (bug13310,localhost,'a@',,test);
|
|
connection bug13310;
|
|
CREATE TABLE t2 (s1 INT);
|
|
INSERT INTO t2 VALUES (1);
|
|
--disable_warnings
|
|
DROP FUNCTION IF EXISTS f2;
|
|
--enable_warnings
|
|
delimiter //;
|
|
CREATE FUNCTION f2 () RETURNS INT
|
|
BEGIN DECLARE v INT; SELECT s1 FROM t2 INTO v; RETURN v; END//
|
|
delimiter ;//
|
|
SELECT f2();
|
|
|
|
DROP FUNCTION f2;
|
|
DROP TABLE t2;
|
|
disconnect bug13310;
|
|
connection default;
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM `a@`@localhost;
|
|
DROP USER `a@`@localhost;
|
|
|
|
SET @@global.log_bin_trust_function_creators= @old_log_bin_trust_function_creators;
|
|
|
|
|
|
#
|
|
# Bug#25578 CREATE TABLE LIKE does not require any privileges on source table
|
|
#
|
|
--disable_warnings
|
|
drop database if exists mysqltest_1;
|
|
drop database if exists mysqltest_2;
|
|
--enable_warnings
|
|
--error 0,ER_CANNOT_USER
|
|
drop user mysqltest_u1@localhost;
|
|
|
|
create database mysqltest_1;
|
|
create database mysqltest_2;
|
|
grant all on mysqltest_1.* to mysqltest_u1@localhost;
|
|
use mysqltest_2;
|
|
create table t1 (i int);
|
|
|
|
# Connect as user with all rights on mysqltest_1 but with no rights on mysqltest_2.
|
|
connect (user1,localhost,mysqltest_u1,,mysqltest_1);
|
|
connection user1;
|
|
# As expected error is emitted
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
show create table mysqltest_2.t1;
|
|
# This should emit error as well
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
create table t1 like mysqltest_2.t1;
|
|
|
|
# Now let us check that SELECT privilege on the source is enough
|
|
connection default;
|
|
grant select on mysqltest_2.t1 to mysqltest_u1@localhost;
|
|
connection user1;
|
|
show create table mysqltest_2.t1;
|
|
create table t1 like mysqltest_2.t1;
|
|
|
|
# Clean-up
|
|
connection default;
|
|
disconnect user1;
|
|
use test;
|
|
drop database mysqltest_1;
|
|
drop database mysqltest_2;
|
|
drop user mysqltest_u1@localhost;
|
|
|
|
|
|
#
|
|
# Bug#18660 Can't grant any privileges on single table in database
|
|
# with underscore char
|
|
#
|
|
grant all on `mysqltest\_%`.* to mysqltest_1@localhost with grant option;
|
|
grant usage on *.* to mysqltest_2@localhost;
|
|
connect (con18600_1,localhost,mysqltest_1,,);
|
|
|
|
create database mysqltest_1;
|
|
use mysqltest_1;
|
|
create table t1 (f1 int);
|
|
|
|
grant create on `mysqltest\_1`.* to mysqltest_2@localhost;
|
|
grant select on mysqltest_1.t1 to mysqltest_2@localhost;
|
|
connect (con3,localhost,mysqltest_2,,);
|
|
connection con3;
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
create database mysqltest_3;
|
|
use mysqltest_1;
|
|
create table t2(f1 int);
|
|
select * from t1;
|
|
connection default;
|
|
drop database mysqltest_1;
|
|
|
|
connection default;
|
|
disconnect con3;
|
|
disconnect con18600_1;
|
|
revoke all privileges, grant option from mysqltest_1@localhost;
|
|
revoke all privileges, grant option from mysqltest_2@localhost;
|
|
drop user mysqltest_1@localhost;
|
|
drop user mysqltest_2@localhost;
|
|
|
|
|
|
#
|
|
# Bug#30468 column level privileges not respected when joining tables
|
|
#
|
|
CREATE DATABASE db1;
|
|
|
|
USE db1;
|
|
CREATE TABLE t1 (a INT, b INT);
|
|
INSERT INTO t1 VALUES (1,1),(2,2);
|
|
|
|
CREATE TABLE t2 (b INT, c INT);
|
|
INSERT INTO t2 VALUES (1,100),(2,200);
|
|
|
|
GRANT SELECT ON t1 TO mysqltest1@localhost;
|
|
GRANT SELECT (b) ON t2 TO mysqltest1@localhost;
|
|
|
|
connect (conn1,localhost,mysqltest1,,);
|
|
connection conn1;
|
|
USE db1;
|
|
--error ER_COLUMNACCESS_DENIED_ERROR
|
|
SELECT c FROM t2;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
SELECT * FROM t2;
|
|
--error ER_COLUMNACCESS_DENIED_ERROR
|
|
SELECT * FROM t1 JOIN t2 USING (b);
|
|
|
|
connection default;
|
|
disconnect conn1;
|
|
USE test;
|
|
DROP TABLE db1.t1, db1.t2;
|
|
DROP USER mysqltest1@localhost;
|
|
DROP DATABASE db1;
|
|
|
|
|
|
--echo End of 5.0 tests
|
|
|
|
#
|
|
# Bug #48319: Server crashes on "GRANT/REVOKE ... TO CURRENT_USER"
|
|
#
|
|
|
|
# work out who we are.
|
|
USE mysql;
|
|
SELECT LEFT(CURRENT_USER(),INSTR(CURRENT_USER(),'@')-1) INTO @u;
|
|
SELECT MID(CURRENT_USER(),INSTR(CURRENT_USER(),'@')+1) INTO @h;
|
|
|
|
# show current privs.
|
|
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
|
|
|
|
# show that GRANT ... TO CURRENT_USER() no longer crashes
|
|
GRANT INSERT ON *.* TO CURRENT_USER();
|
|
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
|
|
|
|
# show that GRANT ... TO CURRENT_USER() IDENTIFIED BY ... works now
|
|
GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'keksdose';
|
|
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
|
|
|
|
UPDATE global_priv SET priv=@root_priv where user='root' and host='localhost';
|
|
FLUSH PRIVILEGES;
|
|
|
|
USE test;
|
|
|
|
--echo End of 5.1 tests
|
|
|
|
|
|
--echo
|
|
--echo # --
|
|
--echo # -- Bug#11746602: 27480 - Extend CREATE TEMPORARY TABLES privilege to
|
|
--echo # -- allow temp table operations
|
|
--echo # --
|
|
--echo # -- Bug#12771903: User with create temporary tables priv only has full
|
|
--echo # -- access to a regular table
|
|
--echo # --
|
|
--echo
|
|
|
|
--echo ############################################################################
|
|
--echo # Setup environment.
|
|
--echo ###########################################################################
|
|
|
|
--disable_warnings
|
|
DROP DATABASE IF EXISTS mysqltest_db1;
|
|
DROP DATABASE IF EXISTS mysqltest_db2;
|
|
--enable_warnings
|
|
|
|
CREATE DATABASE mysqltest_db1;
|
|
CREATE DATABASE mysqltest_db2;
|
|
|
|
--echo # mysqltest_u1@localhost has CREATE_TMP_ACL, FILE_ACL and EXECUTE_ACL only
|
|
--echo # (EXECUTE_ACL is needed to call p0, and FILE_ACL is needed for SELECT
|
|
--echo # OUTFILE/LOAD DATA INFILE).
|
|
GRANT FILE ON *.* TO mysqltest_u1@localhost;
|
|
GRANT CREATE TEMPORARY TABLES, EXECUTE ON mysqltest_db1.* TO mysqltest_u1@localhost;
|
|
|
|
--echo # mysqltest_u2@localhost has all privileges but CREATE_TMP_ACL.
|
|
GRANT ALL PRIVILEGES ON mysqltest_db1.* TO mysqltest_u2@localhost;
|
|
REVOKE CREATE TEMPORARY TABLES ON mysqltest_db1.* FROM mysqltest_u2@localhost;
|
|
|
|
--echo # mysqltest_u3@localhost has CREATE_TMP_ACL & EXECUTE_ACL.
|
|
--echo # This user is required to check SUID-stored-routines.
|
|
GRANT CREATE TEMPORARY TABLES ON mysqltest_db1.* TO mysqltest_u3@localhost;
|
|
GRANT EXECUTE ON mysqltest_db1.* TO mysqltest_u3@localhost;
|
|
|
|
--echo # mysqltest_u4@localhost has only EXECUTE_ACL.
|
|
--echo # We need this user to check that once created temporary tables
|
|
--echo # are accessible by anyone.
|
|
GRANT EXECUTE ON mysqltest_db1.* TO mysqltest_u4@localhost;
|
|
|
|
--echo # mysqltest_u5@localhost has CREATE_TMP_ACL and SELECT_ACL, UPDATE_ACL,
|
|
--echo # DELETE_ACL on mysqltest_db1; and only CREATE_TMP_ACL on mysqltest_db2.
|
|
--echo # By means of this user we check privileges required for merge tables.
|
|
GRANT CREATE TEMPORARY TABLES ON mysqltest_db1.* TO mysqltest_u5@localhost;
|
|
GRANT CREATE TEMPORARY TABLES ON mysqltest_db2.* TO mysqltest_u5@localhost;
|
|
GRANT SELECT, UPDATE, DELETE ON mysqltest_db1.* TO mysqltest_u5@localhost;
|
|
|
|
--echo # Create stored routine to test how privilege checking is done for its
|
|
--echo # arguments.
|
|
CREATE PROCEDURE mysqltest_db1.p0(i INT) SELECT i;
|
|
|
|
--echo # Create SUID-stored-routines.
|
|
CREATE DEFINER = mysqltest_u3@localhost PROCEDURE mysqltest_db1.p1()
|
|
CREATE TEMPORARY TABLE t4(x INT);
|
|
|
|
CREATE DEFINER = mysqltest_u3@localhost PROCEDURE mysqltest_db1.p2()
|
|
INSERT INTO t4 VALUES (1), (2), (3);
|
|
|
|
CREATE DEFINER = mysqltest_u3@localhost PROCEDURE mysqltest_db1.p3()
|
|
SELECT * FROM t4 ORDER BY x;
|
|
|
|
--echo # We need separate key cache to test CACHE INDEX and LOAD INDEX.
|
|
SET GLOBAL keycache1.key_buffer_size = 128 * 1024;
|
|
|
|
CREATE TABLE mysqltest_db2.t2_1(a INT);
|
|
|
|
--echo ###########################################################################
|
|
--echo # Check that CREATE_TMP_ACL is enough to issue almost any supported
|
|
--echo # SQL-statement against temporary tables (loosely follow order in
|
|
--echo # sql_command enum).
|
|
--echo ###########################################################################
|
|
|
|
--connect (con1,localhost,mysqltest_u1,,mysqltest_db1)
|
|
|
|
--echo #
|
|
--echo # Variants of CREATE TABLE.
|
|
--echo #
|
|
CREATE TEMPORARY TABLE t1(a INT);
|
|
CREATE TEMPORARY TABLE t2 LIKE t1;
|
|
CREATE TEMPORARY TABLE t3(a INT, b INT, PRIMARY KEY (a));
|
|
CREATE TEMPORARY TABLE t4 SELECT * FROM t1;
|
|
--echo # Check that we do *not* allow creation of MERGE table with underlying
|
|
--echo # temporary table without additional privileges.
|
|
CREATE TEMPORARY TABLE t5(a INT) ENGINE = MyISAM;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CREATE TEMPORARY TABLE t6(a INT) ENGINE = MERGE UNION = (t5);
|
|
--echo # Check that we allow creation of MERGE table with no underlying table
|
|
--echo # without additional privileges.
|
|
CREATE TEMPORARY TABLE t6(a INT) ENGINE = MERGE UNION = ();
|
|
|
|
--echo #
|
|
--echo # SELECT.
|
|
--echo #
|
|
INSERT INTO t1 VALUES (1), (2), (3);
|
|
SELECT * FROM t1 ORDER BY a;
|
|
|
|
--echo #
|
|
--echo # CREATE/DROP INDEX.
|
|
--echo #
|
|
CREATE INDEX idx1 ON t3(b);
|
|
DROP INDEX idx1 ON t3;
|
|
|
|
--echo #
|
|
--echo # ALTER TABLE.
|
|
--echo #
|
|
ALTER TABLE t4 ADD COLUMN b INT;
|
|
--echo # Check that we allow altering of MERGE table with no underlying
|
|
--echo # without additional privileges.
|
|
ALTER TABLE t6 UNION = ();
|
|
--echo # Check that we do *not* allow altering of MERGE table with underlying
|
|
--echo # temporary table without additional privileges.
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
ALTER TABLE t6 UNION = (t5);
|
|
|
|
--echo #
|
|
--echo # Simple INSERT and INSERT ... SELECT.
|
|
--echo #
|
|
INSERT INTO t1 VALUES (4);
|
|
INSERT INTO t2 SELECT a FROM t1;
|
|
SELECT * FROM t1 ORDER BY a;
|
|
SELECT * FROM t2 ORDER BY a;
|
|
|
|
--echo #
|
|
--echo # UPDATE and multi-UPDATE.
|
|
--echo #
|
|
UPDATE t1 SET a = a * 10;
|
|
UPDATE t1 SET a = 100 WHERE a = 10;
|
|
UPDATE t1, t2 SET t1.a = 200 WHERE t1.a = t2.a * 10 AND t1.a = 20;
|
|
SELECT * FROM t1 ORDER BY a;
|
|
|
|
--echo #
|
|
--echo # DELETE and multi-DELETE.
|
|
--echo #
|
|
DELETE FROM t1 WHERE a = 100;
|
|
DELETE t1 FROM t1, t2 WHERE t1.a = t2.a * 100 AND t1.a = 200;
|
|
SELECT * FROM t1 ORDER BY a;
|
|
|
|
--echo #
|
|
--echo # TRUNCATE TABLE.
|
|
--echo #
|
|
TRUNCATE TABLE t1;
|
|
SELECT * FROM t1 ORDER BY a;
|
|
|
|
--echo #
|
|
--echo # SHOW COLUMNS/DESCRIBE and SHOW KEYS.
|
|
--echo #
|
|
SHOW COLUMNS FROM t1;
|
|
SHOW KEYS FROM t3;
|
|
|
|
--echo #
|
|
--echo # SHOW CREATE TABLE.
|
|
--echo #
|
|
SHOW CREATE TABLE t1;
|
|
|
|
--echo #
|
|
--echo # LOAD DATA INFILE (also SELECT INTO OUTFILE).
|
|
--echo #
|
|
INSERT INTO t1 VALUES (1), (2), (3);
|
|
--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
|
|
--eval SELECT a INTO OUTFILE '$MYSQLTEST_VARDIR/tmp/bug27480.txt' FROM t1
|
|
--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
|
|
--eval LOAD DATA INFILE '$MYSQLTEST_VARDIR/tmp/bug27480.txt' INTO TABLE t1
|
|
--remove_file $MYSQLTEST_VARDIR/tmp/bug27480.txt
|
|
SELECT * FROM t1 ORDER BY a;
|
|
|
|
--echo #
|
|
--echo # SET.
|
|
--echo #
|
|
SET @a := (SELECT COUNT(*) FROM t1);
|
|
SELECT @a;
|
|
|
|
--echo #
|
|
--echo # LOCK TABLES.
|
|
--echo #
|
|
LOCK TABLES t1 READ;
|
|
UNLOCK TABLES;
|
|
|
|
--echo #
|
|
--echo # CHECK/REPAIR/ANALYZE/OPTIMIZE and CHECKSUM.
|
|
--echo #
|
|
ANALYZE TABLE t1;
|
|
CHECK TABLE t1;
|
|
OPTIMIZE TABLE t1;
|
|
REPAIR TABLE t1;
|
|
|
|
--echo #
|
|
--echo # REPLACE and REPLACE ... SELECT.
|
|
--echo #
|
|
INSERT INTO t3 VALUES (1, 111), (2, 222), (3, 333);
|
|
REPLACE INTO t3 VALUES (1, 1111), (4, 444), (0, 001);
|
|
REPLACE INTO t2 SELECT b FROM t3;
|
|
SELECT * FROM t2 ORDER BY a;
|
|
SELECT * FROM t3 ORDER BY a;
|
|
|
|
--echo #
|
|
--echo # CACHE and LOAD INDEX.
|
|
--echo #
|
|
CACHE INDEX t3 IN keycache1;
|
|
LOAD INDEX INTO CACHE t3;
|
|
|
|
--echo #
|
|
--echo # RENAME should work for temporary tables
|
|
--echo #
|
|
RENAME TABLE t3 TO t3_1;
|
|
|
|
--echo #
|
|
--echo # HANDLER OPEN/READ/CLOSE.
|
|
--echo #
|
|
HANDLER t1 OPEN;
|
|
HANDLER t1 READ NEXT;
|
|
HANDLER t1 CLOSE;
|
|
|
|
--echo #
|
|
--echo # DO.
|
|
--echo #
|
|
DO (SELECT COUNT(*) FROM t1);
|
|
|
|
--echo #
|
|
--echo # CHECKSUM TABLE.
|
|
--echo #
|
|
DELETE FROM t1;
|
|
CHECKSUM TABLE t1;
|
|
|
|
--echo #
|
|
--echo # CALL.
|
|
--echo #
|
|
CALL p0((SELECT COUNT(*) FROM t1));
|
|
|
|
--echo #
|
|
--echo # PREPARE, EXECUTE and DEALLOCATE.
|
|
--echo #
|
|
PREPARE stmt1 FROM 'SELECT * FROM t1 ORDER BY a';
|
|
PREPARE stmt2 FROM 'SELECT * FROM t2 ORDER BY a';
|
|
EXECUTE stmt1;
|
|
EXECUTE stmt2;
|
|
DEALLOCATE PREPARE stmt1;
|
|
DEALLOCATE PREPARE stmt2;
|
|
|
|
--echo #
|
|
--echo # DROP TABLE and DROP TEMPORARY TABLE.
|
|
--echo #
|
|
DROP TABLE t1;
|
|
|
|
CREATE TEMPORARY TABLE t1(a INT);
|
|
DROP TEMPORARY TABLE t1;
|
|
|
|
|
|
--echo ###########################################################################
|
|
--echo # - Check that even having all privileges but CREATE_TMP_ACL is not enough
|
|
--echo # to create temporary tables.
|
|
--echo # - Check that creation/working with temporary tables is possible via
|
|
--echo # SUID-stored-routines.
|
|
--echo # - Check that even outside of SUID context we can access temporary
|
|
--echo # table once it is created.
|
|
--echo ###########################################################################
|
|
|
|
--connect (con2,localhost,mysqltest_u2,,mysqltest_db1)
|
|
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
CREATE TEMPORARY TABLE t2(a INT);
|
|
|
|
CALL p1();
|
|
|
|
CALL p2();
|
|
|
|
CALL p3();
|
|
|
|
--echo # Check that once table is created it can be accessed even
|
|
--echo # outside of such a SUID context.
|
|
INSERT INTO t4 VALUES (4);
|
|
UPDATE t4 SET x = 10 WHERE x = 1;
|
|
DELETE FROM t4 WHERE x < 3;
|
|
SELECT * FROM t4 ORDER BY x;
|
|
DROP TEMPORARY TABLE t4;
|
|
|
|
--echo ###########################################################################
|
|
--echo # - Check that once table is created it can be accessed from within any
|
|
--echo # context, even by user without any privileges on tables.
|
|
--echo ###########################################################################
|
|
|
|
--connect (con3,localhost,mysqltest_u4,,mysqltest_db1)
|
|
|
|
CALL p1();
|
|
INSERT INTO t4 VALUES (4);
|
|
UPDATE t4 SET x = 10 WHERE x = 1;
|
|
DELETE FROM t4 WHERE x < 3;
|
|
SELECT * FROM t4 ORDER BY x;
|
|
DROP TEMPORARY TABLE t4;
|
|
|
|
--echo ###########################################################################
|
|
--echo # Check special case for MERGE-tables:
|
|
--echo # - CREATE_TMP_ACL is required to create a temporary merge table;
|
|
--echo # - SELECT_ACL, UPDATE_ACL and DELETE_ACL are required to include
|
|
--echo # a temporary table into the underlying-table-list.
|
|
--echo ###########################################################################
|
|
|
|
--connect (con4,localhost,mysqltest_u5,,mysqltest_db1)
|
|
|
|
CREATE TEMPORARY TABLE t7(a INT);
|
|
CREATE TEMPORARY TABLE t8(a INT);
|
|
CREATE TEMPORARY TABLE t9(a INT);
|
|
CREATE TEMPORARY TABLE t10(a INT) ENGINE = MERGE UNION = (t7, t8);
|
|
|
|
ALTER TABLE t10 UNION = (t9);
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
ALTER TABLE t10 UNION = (mysqltest_db2.t2_1);
|
|
|
|
CREATE TEMPORARY TABLE mysqltest_db2.t2_2(a INT) ENGINE = MERGE UNION = (t7, t8);
|
|
|
|
ALTER TABLE mysqltest_db2.t2_2 UNION = (t9);
|
|
ALTER TABLE mysqltest_db2.t2_2 UNION = ();
|
|
|
|
DROP TEMPORARY TABLE mysqltest_db2.t2_2;
|
|
DROP TEMPORARY TABLE t10;
|
|
|
|
DROP TEMPORARY TABLE t7;
|
|
DROP TEMPORARY TABLE t8;
|
|
DROP TEMPORARY TABLE t9;
|
|
|
|
--echo ###########################################################################
|
|
--echo # That's all. Cleanup.
|
|
--echo ###########################################################################
|
|
|
|
--connection default
|
|
|
|
--echo # All remaining temporary tables are automatically dropped.
|
|
--disconnect con1
|
|
--disconnect con2
|
|
--disconnect con3
|
|
--disconnect con4
|
|
|
|
SET GLOBAL keycache1.key_buffer_size = 0;
|
|
DROP DATABASE mysqltest_db1;
|
|
DROP DATABASE mysqltest_db2;
|
|
DROP USER mysqltest_u1@localhost;
|
|
DROP USER mysqltest_u2@localhost;
|
|
DROP USER mysqltest_u3@localhost;
|
|
DROP USER mysqltest_u4@localhost;
|
|
DROP USER mysqltest_u5@localhost;
|
|
|
|
|
|
set GLOBAL sql_mode=default;
|
|
# Wait till we reached the initial number of concurrent sessions
|
|
--source include/wait_until_count_sessions.inc
|