mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-27 17:33:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/main/skip_grants.test
Tingyao Nian b3df1ec97a MDEV-24815 Add 'allow-suspicious-udfs' and 'skip-grant-tables' to system variables 
Make two existing command line options "allow-suspicious-udfs" and
"skip-grant-tables" visible as global system variables.

Both options have security implications, but users were not able to check
their states in the server prior to this change. This was a security
issue, as the user may not be aware if the options are enabled. By adding
them into system variables, it increases users’ visibility into their
security configurations.

Create new MTR tests to verify that the system variables align with the
command line options. Minor adjustments to the existing MTR due to the new
members in system variables.

Before:
    mysql> SHOW VARIABLES WHERE
    Variable_Name LIKE 'allow_suspicious_udfs' OR
    Variable_Name LIKE 'skip_grant_tables';
    Empty set (0.000 sec)

After:
    mysql> SHOW VARIABLES WHERE
    Variable_Name LIKE 'allow_suspicious_udfs' OR
    Variable_Name LIKE 'skip_grant_tables';
    +-----------------------+-------+
    | Variable_name         | Value |
    +-----------------------+-------+
    | allow_suspicious_udfs | OFF   |
    | skip_grant_tables     | OFF   |
    +-----------------------+-------+

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.
2022-05-26 11:23:13 +10:00

189 lines
4.3 KiB
Text
Raw Blame History

# This tests not performed with embedded server
-- source include/not_embedded.inc
-- disable_ps_protocol
use test;
#
# BUG#16777: Can not create trigger nor view w/o definer if --skip-grant-tables
# specified
#
# Also, the following test cases have been moved here:
# - test that we can create VIEW if privileges check switched off has been
# moved here;
# - test that we can create and drop procedure without warnings (BUG#9993);
# - BUG#17595: "DROP FUNCTION IF EXISTS" crashes server;
# - BUG#13504: creation view with DEFINER clause if --skip-grant-tables
#
# Test case.
CREATE TABLE t1(c INT);
# - try to create with implicit definer (definer would be ''@'');
CREATE TRIGGER t1_bi BEFORE INSERT ON t1
FOR EACH ROW
SET @a = 1;
CREATE VIEW v1 AS SELECT * FROM t1;
CREATE PROCEDURE p1()
SELECT 1;
CREATE FUNCTION f1() RETURNS INT
RETURN 1;
# - try to create with explicit definer;
CREATE DEFINER=a@b TRIGGER ti_ai AFTER INSERT ON t1
FOR EACH ROW
SET @b = 1;
CREATE DEFINER=a@b VIEW v2 AS SELECT * FROM t1;
CREATE DEFINER=a@b PROCEDURE p2()
SELECT 2;
CREATE DEFINER=a@b FUNCTION f2() RETURNS INT
RETURN 2;
# - try to create with explicit definer with empty host;
CREATE DEFINER=a@'' TRIGGER ti_bu BEFORE UPDATE ON t1
FOR EACH ROW
SET @c = 1;
CREATE DEFINER=a@'' VIEW v3 AS SELECT * FROM t1;
CREATE DEFINER=a@'' PROCEDURE p3()
SELECT 3;
CREATE DEFINER=a@'' FUNCTION f3() RETURNS INT
RETURN 3;
# - check that empty host name is treated correctly;
SHOW CREATE VIEW v3;
SHOW CREATE PROCEDURE p3;
SHOW CREATE FUNCTION f3;
# Cleanup.
DROP TRIGGER t1_bi;
DROP TRIGGER ti_ai;
DROP TRIGGER ti_bu;
DROP VIEW v1;
DROP VIEW v2;
DROP VIEW v3;
DROP TABLE t1;
DROP PROCEDURE p1;
DROP PROCEDURE p2;
DROP PROCEDURE p3;
DROP FUNCTION f1;
DROP FUNCTION f2;
DROP FUNCTION f3;
--echo #
--echo # Bug #26807 "set global event_scheduler=1" and --skip-grant-tables crashes server
--echo #
--disable_warnings
set global event_scheduler=1;
--enable_warnings
set global event_scheduler=0;
--echo #
--echo # Bug#26285 Selecting information_schema crahes server
--echo #
select count(*) from information_schema.COLUMN_PRIVILEGES;
select count(*) from information_schema.SCHEMA_PRIVILEGES;
select count(*) from information_schema.TABLE_PRIVILEGES;
select count(*) from information_schema.USER_PRIVILEGES;
--echo #
--echo # End of 5.0 tests
--echo #
--echo #
--echo # Bug#29817 Queries with UDF fail with non-descriptive error
--echo # if mysql.proc is missing
--echo #
--error ER_SP_DOES_NOT_EXIST
select no_such_function(1);
--echo #
--echo # End of 5.1 tests
--echo #
--echo #
--echo # MDEV-8280 crash in 'show global status' with --skip-grant-tables
--echo #
show global status like 'Acl%';
--echo #
--echo # End of 10.1 tests
--echo #
--echo #
--echo # MDEV-22966 Server crashes or hangs with SET ROLE when started with skip-grant-tables
--echo #
--error ER_OPTION_PREVENTS_STATEMENT
set role x;
--echo #
--echo # End of 10.2 tests
--echo #
#
# MDEV-18297
# How to reset a forgotten root password
#
--error ER_OPTION_PREVENTS_STATEMENT
show create user root@localhost;
insert mysql.global_priv values ('foo', 'bar', '{}');
insert mysql.global_priv values ('baz', 'baz', '{"plugin":"baz"}');
--error ER_OPTION_PREVENTS_STATEMENT
set password for bar@foo = password("pass word");
flush privileges;
show create user root@localhost;
show create user bar@foo;
show create user baz@baz;
set password for bar@foo = password("pass word");
show create user bar@foo;
alter user baz@baz identified with mysql_native_password as password("baz");
show create user baz@baz;
drop user bar@foo;
drop user baz@baz;
# Need to restart the server to restore the "--skip-grant-tables" state
--source include/restart_mysqld.inc
--enable_ps_protocol
--echo #
--echo # End of 10.3 tests
--echo #
--echo #
--echo # MDEV-24815 Show "--skip-grant-tables" state in SYSTEM VARIABLES
--echo #
SELECT @@skip_grant_tables AS EXPECT_1;
# Also check when the server starts without "--skip-grant-table" option
--let $restart_parameters = "--skip-skip-grant-tables"
--source include/restart_mysqld.inc
SELECT @@skip_grant_tables AS EXPECT_0;
# Need to restart the server to restore the "--skip-grant-tables" state
--let $restart_parameters = "--skip-grant-tables"
--source include/restart_mysqld.inc
--echo #
--echo # End of 10.10 tests
--echo #
Reference in a new issue View git blame Copy permalink