mariadb/mysql-test/main/grant3.test
2022-10-07 15:24:02 +02:00

241 lines
7.2 KiB
Text

# Can't run with embedded server because we use GRANT
-- source include/not_embedded.inc
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
set global sql_mode="";
set local sql_mode="";
# Test of GRANT commands
SET NAMES binary;
connect (master,localhost,root,,);
connection master;
# Cleanup
--disable_warnings
drop table if exists t1;
--enable_warnings
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges;
create user mysqltest_1@localhost;
grant create user on *.* to mysqltest_1@localhost;
grant select on `my\_1`.* to mysqltest_1@localhost with grant option;
connect (user_a,localhost,mysqltest_1,,);
connection user_a;
--error ER_CANT_CREATE_USER_WITH_GRANT
grant select on `my\_1`.* to mysqltest_2@localhost;
create user mysqltest_2@localhost;
disconnect user_a;
disconnect master;
connection default;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges;
#
# Bug#19828 Case sensitivity in Grant/Revoke
#
grant select on test.* to CUser@localhost;
grant select on test.* to CUser@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
DROP USER CUser@localhost;
--error ER_CANNOT_USER
DROP USER CUser@LOCALHOST;
#### table grants
create table t1 (a int);
grant select on test.t1 to CUser@localhost;
grant select on test.t1 to CUser@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
DROP USER CUser@localhost;
--error ER_CANNOT_USER
DROP USER CUser@LOCALHOST;
### column grants
grant select(a) on test.t1 to CUser@localhost;
grant select(a) on test.t1 to CUser@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
DROP USER CUser@localhost;
--error ER_CANNOT_USER
DROP USER CUser@LOCALHOST;
drop table t1;
# revoke on a specific DB only
grant select on test.* to CUser2@localhost;
grant select on test.* to CUser2@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
--error ER_NONEXISTING_GRANT
REVOKE SELECT ON test.* FROM 'CUser2'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
DROP USER CUser2@localhost;
--error ER_CANNOT_USER
DROP USER CUser2@LOCALHOST;
#
# Bug#31194 Privilege ordering does not order properly for wildcard values
#
CREATE DATABASE mysqltest_1;
CREATE TABLE mysqltest_1.t1 (a INT);
CREATE USER 'mysqltest1'@'%';
GRANT SELECT, UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%';
REVOKE SELECT ON `mysqltest_1`.* FROM 'mysqltest1'@'%';
GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%';
FLUSH PRIVILEGES;
connect (conn1,localhost,mysqltest1,,);
connection conn1;
SHOW GRANTS;
SELECT * FROM mysqltest_1.t1;
disconnect conn1;
connection default;
DROP USER 'mysqltest1'@'%';
DROP DATABASE mysqltest_1;
--echo #
--echo # Bug#41597 - After rename of user, there are additional grants
--echo # when grants are reapplied.
--echo #
CREATE DATABASE temp;
CREATE TABLE temp.t1(a INT, b VARCHAR(10));
INSERT INTO temp.t1 VALUES(1, 'name1');
INSERT INTO temp.t1 VALUES(2, 'name2');
INSERT INTO temp.t1 VALUES(3, 'name3');
CREATE USER 'user1'@'%';
RENAME USER 'user1'@'%' TO 'user2'@'%';
--echo # Show privileges after rename and BEFORE grant
SHOW GRANTS FOR 'user2'@'%';
GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%';
--echo # Show privileges after rename and grant
SHOW GRANTS FOR 'user2'@'%';
--echo # Connect as the renamed user
connect (conn1, localhost, user2,,);
connection conn1;
SHOW GRANTS;
SELECT a FROM temp.t1;
--echo # Check for additional privileges by accessing a
--echo # non privileged column. We shouldn't be able to
--echo # access this column.
--error ER_COLUMNACCESS_DENIED_ERROR
SELECT b FROM temp.t1;
disconnect conn1;
connection default;
DROP USER 'user2'@'%';
DROP DATABASE temp;
set global sql_mode=default;
--echo #
--echo # End of 5.0 tests
--echo #
create database db1;
create user foo@localhost;
grant create on db1.* to foo@localhost;
connect foo,localhost,foo;
create temporary table t as values (1),(2),(3);
use db1;
--error ER_TABLEACCESS_DENIED_ERROR
create table t1 as select * from test.t;
--error ER_TABLEACCESS_DENIED_ERROR
create table t1 as values (1),(2),(3);
create table t1 (a int);
disconnect foo;
connection default;
revoke create on db1.* from foo@localhost;
grant insert on db1.* to foo@localhost;
connect foo,localhost,foo;
use db1;
--error ER_TABLEACCESS_DENIED_ERROR
create table t2 as values (1),(2),(3);
disconnect foo;
connection default;
drop user foo@localhost;
drop database db1;
# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc