mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-31 11:01:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/main/grant5.test
Anel Husakovic 64f822c142 MDEV-28455: CREATE TEMPORARY TABLES privilege is insufficient for SHOW COLUMNS 
=========== Problem =============
- `show columns` is not working for temporary tables, even though there
is enough privilege `create temporary tables`.
=========== Solution =============
- Append `TMP_TABLE_ACLS` privilege when running `show columns` for temp
tables.
- Additionally `check_access()` for database only once, not for each
field
=========== Additionally =============
- Update comments for function `check_table_access` arguments

Reviewed by: <vicentiu@mariadb.org>
2022-10-18 10:25:55 +03:00

262 lines
7.1 KiB
Text
Raw Blame History

-- source include/not_embedded.inc
#
# MDEV-6625 SHOW GRANTS for current_user_name@wrong_host_name
#
--error ER_NONEXISTING_GRANT
SHOW GRANTS FOR root@invalid_host;
#
# MDEV-9580 SHOW GRANTS FOR <current_user> fails
#
create user test;
create user foo;
create role foo;
grant foo to test;
--connect (conn_1, localhost, test,,)
set role foo;
show grants for test; # user
show grants for foo; # role
--error ER_DBACCESS_DENIED_ERROR
show grants for foo@'%'; # user
--connection default
drop user test, foo;
drop role foo;
#
# MDEV-17975 Assertion `! is_set()' or `!is_set() || (m_status == DA_OK_BULK && is_bulk_op())' failed upon REVOKE under LOCK TABLE
#
CREATE TABLE t1 (a INT);
LOCK TABLE t1 WRITE;
--error ER_TABLE_NOT_LOCKED
REVOKE EXECUTE ON PROCEDURE sp FROM u;
--error ER_TABLE_NOT_LOCKED
REVOKE PROCESS ON *.* FROM u;
DROP TABLE t1;
#
# MDEV-23010 UPDATE privilege at Database and Table level fail to update with SELECT command denied to user
#
create database mysqltest1;
use mysqltest1;
create table t1(id int);
insert t1 values(2);
create user u1@localhost;
grant select on mysqltest1.t1 to u1@localhost;
grant update on mysqltest1.* to u1@localhost;
connect u1, localhost, u1;
update mysqltest1.t1 set id=1 where id=2;
connection default;
disconnect u1;
drop user u1@localhost;
drop database mysqltest1;
#
# MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role
#
CREATE ROLE test_role;
CREATE USER test_user;
GRANT test_role TO test_user;
SET DEFAULT ROLE test_role FOR test_user;
SHOW GRANTS FOR test_user;
SET DEFAULT ROLE NONE for test_user;
SHOW GRANTS FOR test_user;
SET ROLE test_role;
SET DEFAULT ROLE test_role;
SHOW GRANTS;
SET DEFAULT ROLE NONE;
SHOW GRANTS;
DROP USER test_user;
DROP ROLE test_role;
#
# End of 10.1 tests
#
--echo #
--echo # MDEV-20076: SHOW GRANTS does not quote role names properly
--echo #
create role 'role1';
create role 'fetch';
create role 'role-1';
create role 'rock\'n\'roll';
create user 'user1'@'localhost';
create user 'fetch'@'localhost';
create user 'user-1'@'localhost';
create user 'O\'Brien'@'localhost';
grant select on mysql.user to role1;
grant select on mysql.user to 'fetch';
grant select on mysql.user to 'role-1';
grant select on mysql.user to 'rock\'n\'roll';
GRANT 'role1' TO 'user1'@'localhost';
GRANT 'fetch' TO 'fetch'@'localhost';
GRANT 'role-1' TO 'user-1'@'localhost';
GRANT 'rock\'n\'roll' TO 'O\'Brien'@'localhost';
show grants for 'role1';
show grants for 'fetch';
show grants for 'role-1';
show grants for 'rock\'n\'roll';
show grants for 'user1'@'localhost';
show grants for 'fetch'@'localhost';
show grants for 'user-1'@'localhost';
show grants for 'O\'Brien'@'localhost';
set @save_sql_quote_show_create= @@sql_quote_show_create;
set @@sql_quote_show_create= OFF;
show grants for 'role1';
show grants for 'fetch';
show grants for 'role-1';
show grants for 'rock\'n\'roll';
show grants for 'user1'@'localhost';
show grants for 'fetch'@'localhost';
show grants for 'user-1'@'localhost';
show grants for 'O\'Brien'@'localhost';
set @@sql_quote_show_create= @save_sql_quote_show_create;
drop role 'role1';
drop role 'fetch';
drop role 'role-1';
drop role 'rock\'n\'roll';
drop user 'user1'@'localhost';
drop user 'fetch'@'localhost';
drop user 'user-1'@'localhost';
drop user 'O\'Brien'@'localhost';
--echo #
--echo # MDEV-26080 SHOW GRANTS does not quote role names properly for DEFAULT ROLE
--echo #
CREATE USER 'test-user';
CREATE ROLE `r``o'l"e`;
select user from mysql.user where is_role='Y';
GRANT `r``o'l"e` TO 'test-user';
SET DEFAULT ROLE `r``o'l"e` FOR 'test-user';
# it is expected that quotes won't be shown correctly
SHOW GRANTS FOR 'test-user';
DROP ROLE `r``o'l"e`;
DROP USER 'test-user';
--echo #
--echo # MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB
--echo #
create database db1;
create user foo@localhost;
grant create on db1.* to foo@localhost;
--connect (con1,localhost,foo,,db1)
create table t(t int);
--error ER_TABLEACCESS_DENIED_ERROR
show columns in t;
--error ER_TABLEACCESS_DENIED_ERROR
show columns in db1.t;
# CREATE_VIEW_ACL needed
--error ER_TABLEACCESS_DENIED_ERROR
create view t_v as select * from t;
# show create view needs to have SELECT_ACL and SHOW_VIEW_ACL
--error ER_TABLEACCESS_DENIED_ERROR
show create view t_v;
create table t2(id int primary key, b int);
# Reference non existing DB with wrong DB name
--error ER_WRONG_DB_NAME
create table t3(a int, b int, CONSTRAINT `fk_db2_db1_t1`
FOREIGN KEY (a)
REFERENCES `db1 `.t1 (a)
ON DELETE CASCADE
ON UPDATE RESTRICT);
# Reference non-existing DB (with qualified DB name)
--error ER_TABLEACCESS_DENIED_ERROR
create table t3(a int, b int, CONSTRAINT `fk_db2_db3_t1`
FOREIGN KEY (a)
REFERENCES db3.t1 (a)
ON DELETE CASCADE
ON UPDATE RESTRICT);
# Reference DB (with not qualified DB name)
--error ER_TABLEACCESS_DENIED_ERROR
create table t1(a int, b int, CONSTRAINT `fk_db2_db3_t1`
FOREIGN KEY (a)
REFERENCES t2 (id)
ON DELETE CASCADE
ON UPDATE RESTRICT);
--connection default
--disconnect con1
# Add CREATE_VIEW_ACL and SELECT_ACL
grant create view, select on db1.* to foo@localhost;
--connect (con1,localhost,foo,,db1)
create view t_v as select * from t;
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
show create view t_v;
--connection default
--disconnect con1
# Add SHOW_VIEW_ACL
grant show view on db1.* to foo@localhost;
--connect (con1,localhost,foo,,db1)
show grants;
show create view t_v;
--connection default
--disconnect con1
drop database db1;
drop user foo@localhost;
--echo #
--echo # MDEV-28455: CREATE TEMPORARY TABLES privilege
--echo # is insufficient for SHOW COLUMNS
--echo #
create database db;
create user foo@localhost;
create user bar@localhost;
create user buz@localhost;
grant create temporary tables on db.* to foo@localhost;
grant create temporary tables on db.* to bar@localhost;
--connect (con1,localhost,foo,,db)
create temporary table tmp (a int, key(a));
show tables;
show full tables;
show table status;
show index in tmp;
show columns in tmp;
show full columns in tmp;
--echo # we don't expect to show temporary tables in information_schema.columns
select * from information_schema.columns where table_schema='db';
--disconnect con1
--connect (con1,localhost,bar,,db)
# User doesn't have `select` privilege on table
--error ER_TABLEACCESS_DENIED_ERROR
show full columns in tmp;
--disconnect con1
--connection default
grant select on db.* to bar@localhost;
--connect (con1,localhost,bar,,db)
# Table doesn't exist for this session
show grants for current_user;
--error ER_NO_SUCH_TABLE
show full columns in tmp;
--disconnect con1
--connect (con1,localhost,buz,,)
--error ER_TABLEACCESS_DENIED_ERROR
show columns in db.tmp;
--disconnect con1
--connection default
# Cleanup
drop database db;
drop user foo@localhost;
drop user bar@localhost;
drop user buz@localhost;
--echo # End of 10.3 tests
Reference in a new issue View git blame Copy permalink