mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-30 10:31:54 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/suite/roles
History
Vicențiu Ciorbaru be758322e2 MDEV-12366: FLUSH PRIVILEGES can break hierarchy of roles 
Whenever we call merge_role_privileges on a role, we make use of
the role->counter variable to check if all it's children have had their
privileges merged. Only if all children have had their privileges merged,
do we update the privileges on parent. This is done to prevent extra work.
The same idea is employed during flush privileges. You only begin merging
from "leaf" roles. The recursive calls will merge their parents at some point.
A problem arises when we try to "re-merge" a parent. Take the following graph:

{noformat}
     A (0)  ----  C (2) ---- D (2)  ---- USER
                 /          /
     B (0)  ----/          /
                          /
     E (0) --------------/
{noformat}

In parentheses we have the "counter" value right before we start to iterate
through the roles hash and propagate values. It represents the number of roles
granted to the current role. The order in which we iterate through the roles
hash is alphabetical.

* First merge A, which leads to decreasing the counter for C to 1. Since C is
not 0, we don't proceed with merging into C.

* Second we merge B, which leads to decreasing the counter for C to 0. Now
we proceed with merging into C. This leads to reducing the counter for D to 1
as part of C merge process.

* Third as we iterate through the hash, we see that C has counter 0, thus we
start the merge process *again*. This leads to reducing the counter for
D to 0! We then attempt to merge D.

* Fourth we start merging E. When E sees D as it's parent (according to the code)
it attempts to reduce D's counter, which leads to overflow. Now D's counter is
a very large number, thus E's privileges are not forwarded to D yet.

To correct this behavior we must make sure to only start merging from initial
leaf nodes.
2017-12-19 12:33:25 +02:00
..
acl_load_mutex-5170.result
acl_load_mutex-5170.test
admin.result
admin.test
create_and_drop_current.result remove hostname-dependent part of the test 2013-11-03 13:12:40 +01:00
create_and_drop_current.test remove hostname-dependent part of the test 2013-11-03 13:12:40 +01:00
create_and_drop_role.result MDEV-11533: Roles with trailing white spaces are not cleared correctly 2016-12-10 22:23:25 +02:00
create_and_drop_role.test MDEV-11533: Roles with trailing white spaces are not cleared correctly 2016-12-10 22:23:25 +02:00
create_and_drop_role_invalid_user_table.result misc fixes for buildbot 2013-11-07 14:30:21 +01:00
create_and_drop_role_invalid_user_table.test misc fixes for buildbot 2013-11-07 14:30:21 +01:00
create_and_grant_role.result
create_and_grant_role.test
current_role_view-12666.result MDEV-12666: CURRENT_ROLE() and DATABASE() does not work in a view 2017-06-15 19:20:35 +03:00
current_role_view-12666.test MDEV-12666: CURRENT_ROLE() and DATABASE() does not work in a view 2017-06-15 19:20:35 +03:00
default_create_user_not_role.result
default_create_user_not_role.test
definer.result MDEV-13676: Field "create Procedure" is NULL, even if the the user has role which is the definer. (SHOW CREATE PROCEDURE) 2017-10-11 12:15:52 +03:00
definer.test MDEV-13676: Field "create Procedure" is NULL, even if the the user has role which is the definer. (SHOW CREATE PROCEDURE) 2017-10-11 12:15:52 +03:00
drop_current_user-5176.result
drop_current_user-5176.test post-review cleanup 2013-10-27 08:19:21 +01:00
drop_routines.result remove inherited routine grants when a routine is dropped 2013-10-26 15:52:29 +02:00
drop_routines.test remove inherited routine grants when a routine is dropped 2013-10-26 15:52:29 +02:00
flush_roles-12366.result MDEV-12366: FLUSH PRIVILEGES can break hierarchy of roles 2017-12-19 12:33:25 +02:00
flush_roles-12366.test MDEV-12366: FLUSH PRIVILEGES can break hierarchy of roles 2017-12-19 12:33:25 +02:00
grant-5771.result MDEV-5771 Privileges acquired via roles depend on the order of granting 2014-03-19 09:57:45 +01:00
grant-5771.test MDEV-5771 Privileges acquired via roles depend on the order of granting 2014-03-19 09:57:45 +01:00
grant_empty.result MDEV-5668 Assertion `granted_role->is_role()' fails on granting role with empty name 2014-03-01 11:55:31 +01:00
grant_empty.test MDEV-5668 Assertion `granted_role->is_role()' fails on granting role with empty name 2014-03-01 11:55:31 +01:00
grant_proxy-5526.result MDEV-5526 Assertion `proxied_user->host.length' fails on GRANT PROXY ON <role> 2014-01-29 00:05:24 +01:00
grant_proxy-5526.test fixes: 2014-02-02 10:09:05 +01:00
grant_revoke_current.result grant/revoke ... to/from current_role 2013-11-02 16:26:35 +01:00
grant_revoke_current.test grant/revoke ... to/from current_role 2013-11-02 16:26:35 +01:00
grant_role_auto_create_user.result minor cleanup 2013-12-25 21:21:47 +01:00
grant_role_auto_create_user.test minor cleanup 2013-12-25 21:21:47 +01:00
ip-6401.result MDEV-6401 SET ROLE returning ERROR 1959 Invalid role specification for valid role 2014-06-27 09:32:55 +02:00
ip-6401.test add comment to a test 2015-10-22 10:27:36 +02:00
none_public.result 10.0-base merge (roles) 2013-10-29 15:08:44 +01:00
none_public.test
password.result MDEV-5526 Assertion `proxied_user->host.length' fails on GRANT PROXY ON <role> 2014-01-29 00:05:24 +01:00
password.test MDEV-5526 Assertion `proxied_user->host.length' fails on GRANT PROXY ON <role> 2014-01-29 00:05:24 +01:00
ps.result MDEV-5521 SET ROLE as prepared statement crashes the server 2014-01-28 21:02:17 +01:00
ps.test MDEV-5521 SET ROLE as prepared statement crashes the server 2014-01-28 21:02:17 +01:00
rebuild_role_grants.result MDEV-8614 Assertion `status == 0' failed in add_role_user_mapping_action on RENAME USER 2015-10-22 13:09:38 +02:00
rebuild_role_grants.test MDEV-8614 Assertion `status == 0' failed in add_role_user_mapping_action on RENAME USER 2015-10-22 13:09:38 +02:00
recursive.inc
recursive.result
recursive.test
recursive_dbug.result MDEV-5771 Privileges acquired via roles depend on the order of granting 2014-03-19 09:57:45 +01:00
recursive_dbug.test
rename_user.result
rename_user.test
revoke_all.result Implemented REVOKE ALL FROM for Roles and role grants. 2013-10-26 15:38:48 +02:00
revoke_all.test Implemented REVOKE ALL FROM for Roles and role grants. 2013-10-26 15:38:48 +02:00
role_case_sensitive-10744.result MDEV-10744: Roles are not fully case sensitive 2016-12-01 15:01:33 +01:00
role_case_sensitive-10744.test MDEV-10744: Roles are not fully case sensitive 2016-12-01 15:01:33 +01:00
rpl_definer.result
rpl_definer.test
rpl_grant_revoke_current_role-8638.result MDEV-8638: REVOKE ALL PRIVILEGES, GRANT OPTION FROM CURRENT_ROLE breaks replication 2016-06-22 16:41:38 +03:00
rpl_grant_revoke_current_role-8638.test include/master-slave.inc must always be included last 2017-09-20 18:17:50 +02:00
set_and_drop.result
set_and_drop.test
set_role-5232.result MDEV-5232 SET ROLE checks privileges differently from check_access() 2013-11-04 13:37:39 +01:00
set_role-5232.test MDEV-5232 SET ROLE checks privileges differently from check_access() 2013-11-04 13:37:39 +01:00
set_role-9614.result [MDEV-9614] Roles and Users longer than 6 characters 2016-06-22 16:41:38 +03:00
set_role-9614.test [MDEV-9614] Roles and Users longer than 6 characters 2016-06-22 16:41:38 +03:00
set_role-13655.result MDEV-13655: Set role does not properly grant privileges. 2017-12-19 12:33:25 +02:00
set_role-13655.test MDEV-13655: Set role does not properly grant privileges. 2017-12-19 12:33:25 +02:00
set_role-database-recursive.result
set_role-database-recursive.test
set_role-database-simple.result
set_role-database-simple.test
set_role-multiple-role.result
set_role-multiple-role.test
set_role-recursive.result 10.0-base merge (roles) 2013-10-29 15:08:44 +01:00
set_role-recursive.test
set_role-routine-simple.result
set_role-routine-simple.test
set_role-simple.result 10.0-base merge (roles) 2013-10-29 15:08:44 +01:00
set_role-simple.test
set_role-table-column-priv.result
set_role-table-column-priv.test
set_role-table-simple.result
set_role-table-simple.test
show_create_database-10463.result MDEV-10463: Granted as a whole to roles, databases are not show in SHOW DATABASES 2017-06-15 19:20:35 +03:00
show_create_database-10463.test MDEV-10463: Granted as a whole to roles, databases are not show in SHOW DATABASES 2017-06-15 19:20:35 +03:00
show_grants.result
show_grants.test