mirror of
https://github.com/MariaDB/server.git
synced 2025-02-02 03:51:50 +01:00
cdfe77e2ec
The problem was that databases with '_' in the name did not match a correct ACL with a literal '_' (i.e. '\_') in the db name, only identical strings matched. The fix makes this work, and also ACLs with wildcards in the db name work.
484 lines
11 KiB
Text
484 lines
11 KiB
Text
#
|
|
# Testing SQL SECURITY of stored procedures
|
|
#
|
|
|
|
# Can't test with embedded server that doesn't support grants
|
|
-- source include/not_embedded.inc
|
|
|
|
connect (con1root,localhost,root,,);
|
|
|
|
connection con1root;
|
|
use test;
|
|
|
|
# Create user user1 with no particular access rights
|
|
grant usage on *.* to user1@localhost;
|
|
flush privileges;
|
|
|
|
--disable_warnings
|
|
drop table if exists t1;
|
|
drop database if exists db1_secret;
|
|
--enable_warnings
|
|
# Create our secret database
|
|
create database db1_secret;
|
|
|
|
# Can create a procedure in other db
|
|
create procedure db1_secret.dummy() begin end;
|
|
drop procedure db1_secret.dummy;
|
|
|
|
use db1_secret;
|
|
|
|
create table t1 ( u varchar(64), i int );
|
|
|
|
# A test procedure and function
|
|
create procedure stamp(i int)
|
|
insert into db1_secret.t1 values (user(), i);
|
|
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
|
|
show procedure status like 'stamp';
|
|
|
|
create function db() returns varchar(64) return database();
|
|
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
|
|
show function status like 'db';
|
|
|
|
# root can, of course
|
|
call stamp(1);
|
|
select * from t1;
|
|
select db();
|
|
|
|
grant execute on procedure db1_secret.stamp to user1@'%';
|
|
grant execute on function db1_secret.db to user1@'%';
|
|
grant execute on procedure db1_secret.stamp to ''@'%';
|
|
grant execute on function db1_secret.db to ''@'%';
|
|
|
|
connect (con2user1,localhost,user1,,);
|
|
connect (con3anon,localhost,anon,,);
|
|
|
|
|
|
#
|
|
# User1 can
|
|
#
|
|
connection con2user1;
|
|
|
|
# This should work...
|
|
call db1_secret.stamp(2);
|
|
select db1_secret.db();
|
|
|
|
# ...but not this
|
|
--error 1142
|
|
select * from db1_secret.t1;
|
|
|
|
# ...and not this
|
|
--error 1044
|
|
create procedure db1_secret.dummy() begin end;
|
|
--error 1305
|
|
drop procedure db1_secret.dummy;
|
|
|
|
|
|
#
|
|
# Anonymous can
|
|
#
|
|
connection con3anon;
|
|
|
|
# This should work...
|
|
call db1_secret.stamp(3);
|
|
select db1_secret.db();
|
|
|
|
# ...but not this
|
|
--error 1142
|
|
select * from db1_secret.t1;
|
|
|
|
# ...and not this
|
|
--error 1044
|
|
create procedure db1_secret.dummy() begin end;
|
|
--error 1305
|
|
drop procedure db1_secret.dummy;
|
|
|
|
|
|
#
|
|
# Check it out
|
|
#
|
|
connection con1root;
|
|
select * from t1;
|
|
|
|
#
|
|
# Change to invoker's rights
|
|
#
|
|
alter procedure stamp sql security invoker;
|
|
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
|
|
show procedure status like 'stamp';
|
|
|
|
alter function db sql security invoker;
|
|
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
|
|
show function status like 'db';
|
|
|
|
# root still can
|
|
call stamp(4);
|
|
select * from t1;
|
|
select db();
|
|
|
|
#
|
|
# User1 cannot
|
|
#
|
|
connection con2user1;
|
|
|
|
# This should not work
|
|
--error 1044
|
|
call db1_secret.stamp(5);
|
|
--error 1044
|
|
select db1_secret.db();
|
|
|
|
#
|
|
# Anonymous cannot
|
|
#
|
|
connection con3anon;
|
|
|
|
# This should not work
|
|
--error 1044
|
|
call db1_secret.stamp(6);
|
|
--error 1044
|
|
select db1_secret.db();
|
|
|
|
#
|
|
# BUG#2777
|
|
#
|
|
|
|
connection con1root;
|
|
--disable_warnings
|
|
drop database if exists db2;
|
|
--enable_warnings
|
|
create database db2;
|
|
|
|
use db2;
|
|
|
|
create table t2 (s1 int);
|
|
insert into t2 values (0);
|
|
|
|
grant usage on db2.* to user1@localhost;
|
|
grant select on db2.* to user1@localhost;
|
|
grant usage on db2.* to user2@localhost;
|
|
grant select,insert,update,delete,create routine on db2.* to user2@localhost;
|
|
grant create routine on db2.* to user1@localhost;
|
|
flush privileges;
|
|
|
|
connection con2user1;
|
|
use db2;
|
|
|
|
create procedure p () insert into t2 values (1);
|
|
|
|
# Check that this doesn't work.
|
|
--error 1142
|
|
call p();
|
|
|
|
connect (con4user2,localhost,user2,,);
|
|
|
|
connection con4user2;
|
|
use db2;
|
|
|
|
# This should not work, since p is executed with definer's (user1's) rights.
|
|
--error 1370
|
|
call p();
|
|
select * from t2;
|
|
|
|
create procedure q () insert into t2 values (2);
|
|
|
|
call q();
|
|
select * from t2;
|
|
|
|
connection con1root;
|
|
grant usage on procedure db2.q to user2@localhost with grant option;
|
|
|
|
connection con4user2;
|
|
grant execute on procedure db2.q to user1@localhost;
|
|
|
|
connection con2user1;
|
|
use db2;
|
|
|
|
# This should work
|
|
call q();
|
|
select * from t2;
|
|
|
|
|
|
#
|
|
# BUG#6030: Stored procedure has no appropriate DROP privilege
|
|
# (or ALTER for that matter)
|
|
|
|
# still connection con2user1 in db2
|
|
|
|
# This should work:
|
|
alter procedure p modifies sql data;
|
|
drop procedure p;
|
|
|
|
# This should NOT work
|
|
--error 1370
|
|
alter procedure q modifies sql data;
|
|
--error 1370
|
|
drop procedure q;
|
|
|
|
connection con1root;
|
|
use db2;
|
|
# But root always can
|
|
alter procedure q modifies sql data;
|
|
drop procedure q;
|
|
|
|
|
|
# Clean up
|
|
#Still connection con1root;
|
|
disconnect con2user1;
|
|
disconnect con3anon;
|
|
disconnect con4user2;
|
|
use test;
|
|
select type,db,name from mysql.proc;
|
|
drop database db1_secret;
|
|
drop database db2;
|
|
# Make sure the routines are gone
|
|
select type,db,name from mysql.proc;
|
|
# Get rid of the users
|
|
delete from mysql.user where user='user1' or user='user2';
|
|
# And any routine privileges
|
|
delete from mysql.procs_priv where user='user1' or user='user2';
|
|
|
|
#
|
|
# Test the new security acls
|
|
#
|
|
grant usage on *.* to usera@localhost;
|
|
grant usage on *.* to userb@localhost;
|
|
grant usage on *.* to userc@localhost;
|
|
create database sptest;
|
|
create table t1 ( u varchar(64), i int );
|
|
create procedure sptest.p1(i int) insert into test.t1 values (user(), i);
|
|
grant insert on t1 to usera@localhost;
|
|
grant execute on procedure sptest.p1 to usera@localhost;
|
|
show grants for usera@localhost;
|
|
grant execute on procedure sptest.p1 to userc@localhost with grant option;
|
|
show grants for userc@localhost;
|
|
|
|
connect (con2usera,localhost,usera,,);
|
|
connect (con3userb,localhost,userb,,);
|
|
connect (con4userc,localhost,userc,,);
|
|
|
|
connection con2usera;
|
|
call sptest.p1(1);
|
|
--error 1370
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
|
--error 1370
|
|
drop procedure sptest.p1;
|
|
|
|
connection con3userb;
|
|
--error 1370
|
|
call sptest.p1(2);
|
|
--error 1370
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
|
--error 1370
|
|
drop procedure sptest.p1;
|
|
|
|
connection con4userc;
|
|
call sptest.p1(3);
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
|
--error 1370
|
|
drop procedure sptest.p1;
|
|
|
|
connection con3userb;
|
|
call sptest.p1(4);
|
|
--error 1370
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
|
--error 1370
|
|
drop procedure sptest.p1;
|
|
|
|
connection con1root;
|
|
select * from t1;
|
|
|
|
grant all privileges on procedure sptest.p1 to userc@localhost;
|
|
show grants for userc@localhost;
|
|
show grants for userb@localhost;
|
|
|
|
connection con4userc;
|
|
revoke all privileges on procedure sptest.p1 from userb@localhost;
|
|
|
|
connection con1root;
|
|
show grants for userb@localhost;
|
|
|
|
#cleanup
|
|
disconnect con4userc;
|
|
disconnect con3userb;
|
|
disconnect con2usera;
|
|
use test;
|
|
drop database sptest;
|
|
delete from mysql.user where user='usera' or user='userb' or user='userc';
|
|
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
|
|
|
|
#
|
|
# BUG#9503: reseting correct parameters of thread after error in SP function
|
|
#
|
|
connect (root,localhost,root,,test);
|
|
connection root;
|
|
|
|
--disable_warnings
|
|
drop function if exists bug_9503;
|
|
--enable_warnings
|
|
delimiter //;
|
|
create database mysqltest//
|
|
use mysqltest//
|
|
create table t1 (s1 int)//
|
|
grant select on t1 to user1@localhost//
|
|
create function bug_9503 () returns int sql security invoker begin declare v int;
|
|
select min(s1) into v from t1; return v; end//
|
|
delimiter ;//
|
|
|
|
connect (user1,localhost,user1,,test);
|
|
connection user1;
|
|
use mysqltest;
|
|
-- error 1370
|
|
select bug_9503();
|
|
|
|
connection root;
|
|
grant execute on function bug_9503 to user1@localhost;
|
|
|
|
connection user1;
|
|
do 1;
|
|
use test;
|
|
|
|
disconnect user1;
|
|
connection root;
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
|
|
drop function bug_9503;
|
|
use test;
|
|
drop database mysqltest;
|
|
|
|
#
|
|
# correct value from current_user() in function run from "security definer"
|
|
# (BUG#7291)
|
|
#
|
|
connection con1root;
|
|
use test;
|
|
|
|
select current_user();
|
|
select user();
|
|
create procedure bug7291_0 () sql security invoker select current_user(), user();
|
|
create procedure bug7291_1 () sql security definer call bug7291_0();
|
|
create procedure bug7291_2 () sql security invoker call bug7291_0();
|
|
grant execute on procedure bug7291_0 to user1@localhost;
|
|
grant execute on procedure bug7291_1 to user1@localhost;
|
|
grant execute on procedure bug7291_2 to user1@localhost;
|
|
|
|
connect (user1,localhost,user1,,);
|
|
connection user1;
|
|
|
|
call bug7291_2();
|
|
call bug7291_1();
|
|
|
|
connection con1root;
|
|
drop procedure bug7291_1;
|
|
drop procedure bug7291_2;
|
|
drop procedure bug7291_0;
|
|
disconnect user1;
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
|
|
drop user user1@localhost;
|
|
|
|
#
|
|
# Bug #12318: Wrong error message when accessing an inaccessible stored
|
|
# procedure in another database when the current database is
|
|
# information_schema.
|
|
#
|
|
|
|
--disable_warnings
|
|
drop database if exists mysqltest_1;
|
|
--enable_warnings
|
|
|
|
create database mysqltest_1;
|
|
delimiter //;
|
|
create procedure mysqltest_1.p1()
|
|
begin
|
|
select 1 from dual;
|
|
end//
|
|
delimiter ;//
|
|
|
|
grant usage on *.* to mysqltest_1@localhost;
|
|
|
|
connect (n1,localhost,mysqltest_1,,information_schema,$MASTER_MYPORT,$MASTER_MYSOCK);
|
|
connection n1;
|
|
--error 1370
|
|
call mysqltest_1.p1();
|
|
disconnect n1;
|
|
# Test also without a current database
|
|
connect (n2,localhost,mysqltest_1,,*NO-ONE*,$MASTER_MYPORT,$MASTER_MYSOCK);
|
|
connection n2;
|
|
--error 1370
|
|
call mysqltest_1.p1();
|
|
disconnect n2;
|
|
|
|
connection default;
|
|
|
|
drop procedure mysqltest_1.p1;
|
|
drop database mysqltest_1;
|
|
|
|
revoke usage on *.* from mysqltest_1@localhost;
|
|
drop user mysqltest_1@localhost;
|
|
|
|
#
|
|
# BUG#12812 create view calling a function works without execute right
|
|
# on function
|
|
delimiter |;
|
|
--disable_warnings
|
|
drop function if exists bug12812|
|
|
--enable_warnings
|
|
create function bug12812() returns char(2)
|
|
begin
|
|
return 'ok';
|
|
end;
|
|
create user user_bug12812@localhost IDENTIFIED BY 'ABC'|
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (test_user_12812,localhost,user_bug12812,ABC,test)|
|
|
--error 1370
|
|
SELECT test.bug12812()|
|
|
--error 1370
|
|
CREATE VIEW v1 AS SELECT test.bug12812()|
|
|
# Cleanup
|
|
connection default|
|
|
disconnect test_user_12812|
|
|
DROP USER user_bug12812@localhost|
|
|
drop function bug12812|
|
|
delimiter ;|
|
|
|
|
|
|
#
|
|
# BUG#14834: Server denies to execute Stored Procedure
|
|
#
|
|
# The problem here was with '_' in the database name.
|
|
#
|
|
create database db_bug14834;
|
|
|
|
create user user1_bug14834@localhost identified by '';
|
|
# The exact name of the database (no wildcard)
|
|
grant all on `db\_bug14834`.* to user1_bug14834@localhost;
|
|
|
|
create user user2_bug14834@localhost identified by '';
|
|
# The exact name of the database (no wildcard)
|
|
grant all on `db\_bug14834`.* to user2_bug14834@localhost;
|
|
|
|
create user user3_bug14834@localhost identified by '';
|
|
# Wildcards in the database name
|
|
grant all on `db__ug14834`.* to user3_bug14834@localhost;
|
|
|
|
connect (user1_bug14834,localhost,user1_bug14834,,db_bug14834);
|
|
# Create the procedure and check that we can call it
|
|
create procedure p_bug14834() select user(), current_user();
|
|
call p_bug14834();
|
|
|
|
connect (user2_bug14834,localhost,user2_bug14834,,db_bug14834);
|
|
# This didn't work before
|
|
call p_bug14834();
|
|
|
|
connect (user3_bug14834,localhost,user3_bug14834,,db_bug14834);
|
|
# Should also work
|
|
call p_bug14834();
|
|
|
|
# Cleanup
|
|
connection default;
|
|
disconnect user1_bug14834;
|
|
disconnect user2_bug14834;
|
|
disconnect user3_bug14834;
|
|
drop user user1_bug14834@localhost;
|
|
drop user user2_bug14834@localhost;
|
|
drop user user3_bug14834@localhost;
|
|
drop database db_bug14834;
|
|
|
|
# End of 5.0 bugs.
|