mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 12:02:42 +01:00
0253ea7f22
Also fixes: MDEV-21487: Implement option for mysql_upgrade that allows root@localhost to be replaced MDEV-21486: Implement option for mysql_install_db that allows root@localhost to be replaced Add user mariadb.sys to be definer of user view (and has right on underlying table global_priv for required operation over global_priv (SELECT,UPDATE,DELETE)) Also changed definer of gis functions in case of creation, but they work with any definer so upgrade script do not try to push this change.
348 lines
13 KiB
Text
348 lines
13 KiB
Text
CREATE DATABASE test_user_db;
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
========== test 1.1.3.2 ====================================
|
|
CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
|
|
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
|
GRANT PROXY ON `plug%dest` TO plug_user;
|
|
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
|
|
REVOKE PROXY ON `plug%dest` FROM plug_user;
|
|
GRANT PROXY ON plug_dest TO plug_user;
|
|
current_user()
|
|
plug_dest@%
|
|
user()
|
|
plug_user@localhost
|
|
Tables_in_test_user_db
|
|
t1
|
|
REVOKE PROXY ON plug_dest FROM plug_user;
|
|
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
|
|
DROP USER plug_user,plug_dest;
|
|
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
|
|
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
|
|
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
|
GRANT PROXY ON plug_dest TO plug_user;
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
plug_user test_plugin_server plug_dest
|
|
1)
|
|
current_user()
|
|
plug_dest@%
|
|
user()
|
|
plug_user@localhost
|
|
Tables_in_test_user_db
|
|
t1
|
|
REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user';
|
|
2)
|
|
current_user()
|
|
plug_dest@%
|
|
user()
|
|
plug_user@localhost
|
|
Tables_in_test_user_db
|
|
t1
|
|
REVOKE PROXY ON plug_dest FROM plug_user;
|
|
3)
|
|
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
|
|
DROP USER plug_user,plug_dest;
|
|
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
|
|
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
|
|
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
|
1)
|
|
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
|
|
GRANT PROXY ON plug_dest TO plug_user;
|
|
2)
|
|
current_user()
|
|
plug_dest@%
|
|
user()
|
|
plug_user@localhost
|
|
Tables_in_test_user_db
|
|
t1
|
|
REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user';
|
|
DROP USER plug_user,plug_dest;
|
|
========== test 1.2 ========================================
|
|
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
|
|
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
|
|
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
|
GRANT PROXY ON plug_dest TO plug_user;
|
|
current_user()
|
|
plug_dest@%
|
|
user()
|
|
plug_user@localhost
|
|
RENAME USER plug_dest TO new_dest;
|
|
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
|
|
GRANT PROXY ON new_dest TO plug_user;
|
|
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
new_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
plug_user test_plugin_server plug_dest
|
|
DROP USER plug_user,new_dest;
|
|
CREATE USER plug_user
|
|
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
|
|
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
|
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
|
|
GRANT PROXY ON plug_dest TO plug_user;
|
|
current_user()
|
|
plug_dest@%
|
|
user()
|
|
plug_user@localhost
|
|
RENAME USER plug_dest TO new_dest;
|
|
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
|
|
GRANT PROXY ON new_dest TO plug_user;
|
|
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
new_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
plug_user test_plugin_server plug_dest
|
|
DROP USER plug_user,new_dest;
|
|
CREATE USER plug_user
|
|
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
|
|
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
|
GRANT PROXY ON plug_dest TO plug_user;
|
|
connect plug_user,localhost,plug_user,plug_dest;
|
|
select USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
plug_user@localhost plug_dest@%
|
|
connection default;
|
|
disconnect plug_user;
|
|
RENAME USER plug_user TO new_user;
|
|
connect plug_user,localhost,new_user,plug_dest;
|
|
select USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
new_user@localhost plug_dest@%
|
|
connection default;
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
new_user test_plugin_server plug_dest
|
|
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
disconnect plug_user;
|
|
UPDATE mysql.global_priv SET user='plug_user' WHERE user='new_user';
|
|
FLUSH PRIVILEGES;
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
plug_user test_plugin_server plug_dest
|
|
DROP USER plug_dest,plug_user;
|
|
========== test 1.3 ========================================
|
|
CREATE USER plug_user
|
|
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
|
|
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
|
GRANT PROXY ON plug_dest TO plug_user;
|
|
connect plug_user,localhost,plug_user,plug_dest;
|
|
select USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
plug_user@localhost plug_dest@%
|
|
connection default;
|
|
disconnect plug_user;
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
plug_user test_plugin_server plug_dest
|
|
UPDATE mysql.global_priv SET user='new_user' WHERE user='plug_user';
|
|
FLUSH PRIVILEGES;
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
new_user test_plugin_server plug_dest
|
|
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.authentication_string', 'new_dest') WHERE user='new_user';
|
|
FLUSH PRIVILEGES;
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
new_user test_plugin_server new_dest
|
|
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.plugin', 'new_plugin_server') WHERE user='new_user';
|
|
FLUSH PRIVILEGES;
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
new_user new_plugin_server new_dest
|
|
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
ERROR HY000: Plugin 'new_plugin_server' is not loaded
|
|
UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.plugin', 'test_plugin_server') WHERE user='new_user';
|
|
UPDATE mysql.global_priv SET user='new_dest' WHERE user='plug_dest';
|
|
FLUSH PRIVILEGES;
|
|
GRANT PROXY ON new_dest TO new_user;
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
new_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
new_user test_plugin_server new_dest
|
|
connect plug_user,localhost,new_user,new_dest;
|
|
select USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
new_user@localhost new_dest@%
|
|
connection default;
|
|
disconnect plug_user;
|
|
UPDATE mysql.global_priv SET user='plug_dest' WHERE user='new_dest';
|
|
FLUSH PRIVILEGES;
|
|
CREATE USER new_dest IDENTIFIED BY 'new_dest_passwd';
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
mariadb.sys mysql_native_password
|
|
new_dest mysql_native_password *01422E86A6FFF84618914AF149F9AEF64B84170A
|
|
new_user test_plugin_server new_dest
|
|
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
|
|
GRANT ALL PRIVILEGES ON test.* TO new_user;
|
|
connect plug_user,localhost,new_dest,new_dest_passwd;
|
|
select USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
new_dest@localhost new_dest@%
|
|
connection default;
|
|
disconnect plug_user;
|
|
DROP USER new_user,new_dest,plug_dest;
|
|
========== test 2, 2.1, 2.2 ================================
|
|
CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
|
|
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
test_plugin_server proxied_user
|
|
mariadb.sys mysql_native_password
|
|
proxied_user mysql_native_password *D7A51428CD38DB3C5293B9321DA1228BFB1611DD
|
|
connect proxy_con,localhost,proxied_user,proxied_user_passwd;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxied_user@localhost proxied_user@%
|
|
========== test 2.2.1 ======================================
|
|
SELECT @@proxy_user;
|
|
@@proxy_user
|
|
NULL
|
|
connection default;
|
|
disconnect proxy_con;
|
|
ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES)
|
|
GRANT PROXY ON proxied_user TO ''@'%%';
|
|
connect proxy_con,localhost,proxied_user,proxied_user_passwd;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxied_user@localhost proxied_user@%
|
|
connection default;
|
|
disconnect proxy_con;
|
|
connect proxy_con,localhost,proxy_user,proxied_user;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxy_user@localhost proxied_user@%
|
|
========== test 2.2.1 ======================================
|
|
SELECT @@proxy_user;
|
|
@@proxy_user
|
|
''@'%%'
|
|
connection default;
|
|
disconnect proxy_con;
|
|
DROP USER ''@'%%',proxied_user;
|
|
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'%%'
|
|
IDENTIFIED WITH test_plugin_server AS 'proxied_user';
|
|
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
test_plugin_server proxied_user
|
|
mariadb.sys mysql_native_password
|
|
proxied_user mysql_native_password *D7A51428CD38DB3C5293B9321DA1228BFB1611DD
|
|
connect proxy_con,localhost,proxied_user,proxied_user_passwd;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxied_user@localhost proxied_user@%
|
|
SELECT @@proxy_user;
|
|
@@proxy_user
|
|
NULL
|
|
connection default;
|
|
disconnect proxy_con;
|
|
ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES)
|
|
GRANT PROXY ON proxied_user TO ''@'%%';
|
|
connect proxy_con,localhost,proxied_user,proxied_user_passwd;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxied_user@localhost proxied_user@%
|
|
connection default;
|
|
disconnect proxy_con;
|
|
connect proxy_con,localhost,proxy_user,proxied_user;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxy_user@localhost proxied_user@%
|
|
SELECT @@proxy_user;
|
|
@@proxy_user
|
|
''@'%%'
|
|
connection default;
|
|
disconnect proxy_con;
|
|
DROP USER ''@'%%',proxied_user;
|
|
CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
|
|
CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd';
|
|
CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd';
|
|
CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd';
|
|
CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd';
|
|
CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd';
|
|
GRANT PROXY ON proxied_user_1 TO ''@'%%';
|
|
GRANT PROXY ON proxied_user_2 TO ''@'%%';
|
|
GRANT PROXY ON proxied_user_3 TO ''@'%%';
|
|
GRANT PROXY ON proxied_user_4 TO ''@'%%';
|
|
GRANT PROXY ON proxied_user_5 TO ''@'%%';
|
|
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
|
|
User plugin authentication_string
|
|
test_plugin_server proxied_user
|
|
mariadb.sys mysql_native_password
|
|
proxied_user_1 mysql_native_password *551D5A5177FCC3340F7D2FB0F4D8D1EEA7F7EF71
|
|
proxied_user_2 mysql_native_password *3D948F77C6A988AFDCA9755AB2A6724362557220
|
|
proxied_user_3 mysql_native_password *41A18925D237DEE738C76581153990B037F462E3
|
|
proxied_user_4 mysql_native_password *F990073A9B96FF535C2D0721406042B8751E593F
|
|
proxied_user_5 mysql_native_password *5AA915C5D0B5B1336336FD2BF7768BC09FD1F5B2
|
|
connect proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd';
|
|
connect proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd;
|
|
connect proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd;
|
|
connect proxy_con_4,localhost,proxied_user_4,proxied_user_4_pwd;
|
|
connect proxy_con_5,localhost,proxied_user_5,proxied_user_5_pwd;
|
|
connection proxy_con_1;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxied_user_1@localhost proxied_user_1@%
|
|
SELECT @@proxy_user;
|
|
@@proxy_user
|
|
NULL
|
|
connection proxy_con_2;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxied_user_2@localhost proxied_user_2@%
|
|
SELECT @@proxy_user;
|
|
@@proxy_user
|
|
NULL
|
|
connection proxy_con_3;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxied_user_3@localhost proxied_user_3@%
|
|
SELECT @@proxy_user;
|
|
@@proxy_user
|
|
NULL
|
|
connection proxy_con_4;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxied_user_4@localhost proxied_user_4@%
|
|
SELECT @@proxy_user;
|
|
@@proxy_user
|
|
NULL
|
|
connection proxy_con_5;
|
|
SELECT USER(),CURRENT_USER();
|
|
USER() CURRENT_USER()
|
|
proxied_user_5@localhost proxied_user_5@%
|
|
SELECT @@proxy_user;
|
|
@@proxy_user
|
|
NULL
|
|
connection default;
|
|
disconnect proxy_con_1;
|
|
disconnect proxy_con_2;
|
|
disconnect proxy_con_3;
|
|
disconnect proxy_con_4;
|
|
disconnect proxy_con_5;
|
|
DROP USER ''@'%%',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5;
|
|
========== test 3 ==========================================
|
|
GRANT ALL PRIVILEGES ON *.* TO plug_user
|
|
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
|
|
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
|
GRANT PROXY ON plug_dest TO plug_user;
|
|
FLUSH PRIVILEGES;
|
|
DROP USER plug_user, plug_dest;
|
|
DROP DATABASE test_user_db;
|