mirror of
https://github.com/MariaDB/server.git
synced 2025-01-30 10:31:54 +01:00
241bb22699
Added missing cleanup in sp-security.test. mysql-test/r/sp-security.result: Added clean-up. mysql-test/t/sp-security.test: Added clean-up. sql/item_func.cc: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. sql/sp_head.cc: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. sql/sp_head.h: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server. sql/sql_parse.cc: Forgot to wrap things in #ifndef NO_EMBEDDED_ACCESS_CHECKS for the embedded server.
100 lines
1.6 KiB
Text
100 lines
1.6 KiB
Text
#
|
|
# Testing SQL SECURITY of stored procedures
|
|
#
|
|
|
|
connect (con1root,localhost,root,,);
|
|
|
|
connection con1root;
|
|
use test;
|
|
|
|
# Create dummy user with no particular access rights
|
|
grant usage on *.* to dummy@localhost;
|
|
|
|
--disable_warnings
|
|
drop database if exists db1_secret;
|
|
--enable_warnings
|
|
# Create our secret database
|
|
create database db1_secret;
|
|
|
|
use db1_secret;
|
|
|
|
create table t1 ( u varchar(64), i int );
|
|
|
|
# Our test procedure
|
|
create procedure stamp(i int)
|
|
insert into db1_secret.t1 values (user(), i);
|
|
--replace_column 4 '0000-00-00 00:00:00' 5 '0000-00-00 00:00:00'
|
|
show procedure status like 'stamp';
|
|
|
|
# root can, of course
|
|
call stamp(1);
|
|
select * from t1;
|
|
|
|
connect (con2dummy,localhost,dummy,,);
|
|
connect (con3anon,localhost,anon,,);
|
|
|
|
#
|
|
# Dummy can
|
|
#
|
|
connection con2dummy;
|
|
|
|
# This should work...
|
|
call stamp(2);
|
|
|
|
# ...but not this
|
|
--error 1044
|
|
select * from db1_secret.t1;
|
|
|
|
#
|
|
# Anonymous can
|
|
#
|
|
connection con3anon;
|
|
|
|
# This should work...
|
|
call stamp(3);
|
|
|
|
# ...but not this
|
|
--error 1044
|
|
select * from db1_secret.t1;
|
|
|
|
#
|
|
# Check it out
|
|
#
|
|
connection con1root;
|
|
select * from t1;
|
|
|
|
#
|
|
# Change to invoker's rights
|
|
#
|
|
alter procedure stamp sql security invoker;
|
|
--replace_column 4 '0000-00-00 00:00:00' 5 '0000-00-00 00:00:00'
|
|
show procedure status like 'stamp';
|
|
|
|
# root still can
|
|
call stamp(4);
|
|
select * from t1;
|
|
|
|
#
|
|
# Dummy cannot
|
|
#
|
|
connection con2dummy;
|
|
|
|
# This should not work
|
|
--error 1044
|
|
call stamp(5);
|
|
|
|
#
|
|
# Anonymous cannot
|
|
#
|
|
connection con3anon;
|
|
|
|
# This should not work
|
|
--error 1044
|
|
call stamp(6);
|
|
|
|
# Clean up
|
|
connection con1root;
|
|
drop procedure stamp;
|
|
use test;
|
|
drop database db1_secret;
|
|
delete from mysql.user where user='dummy';
|