mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 20:12:31 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/t/outfile.test
Kristofer Pettersson 0659b857e7 Bug#27145 EXTRA_ACL troubles 
The flag EXTRA_ACL is used in conjugation with our access checks, yet it is
not clear what impact this flag has.
This is a code clean up which replaces use of EXTRA_ACL with an explicit
function parameter.
The patch also fixes privilege checks for:
- SHOW CREATE TABLE: The new privilege requirement is any privilege on
  the table-level.
- CHECKSUM TABLE: Requires SELECT on the table level.
- SHOW CREATE VIEW: Requires SHOW_VIEW and SELECT on the table level
  (just as the manual claims)
- SHOW INDEX: Requires any privilege on any column combination.


mysql-test/r/grant.result:
  * Error message now shows correct command (SHOW instead of SELECT)
mysql-test/r/grant2.result:
  * Error message now shows correct command (SHOW instead of SELECT)
mysql-test/r/grant4.result:
  * This test file tests privilege requirements for
    SHOW COLUMNS
    CREATE TABLE .. LIKE
    SHOW CREATE TABLE
    SHOW INDEX
    CHECKSUM TABLE
    SHOW CREATE VIEW
mysql-test/r/information_schema_db.result:
  * Added SELECT privilege to testdb_2 as
    SHOW CREATE VIEW now demands this privilege
    as well as SHOW VIEW.
mysql-test/r/outfile.result:
  * Changed error code
mysql-test/r/view_grant.result:
  * Additional SELECT privilege is now needed
    for SHOW CREATE VIEW
mysql-test/t/grant4.test:
  * This test file tests privilege requirements for
    SHOW COLUMNS
    CREATE TABLE .. LIKE
    SHOW CREATE TABLE
    SHOW INDEX
    CHECKSUM TABLE
    SHOW CREATE VIEW
mysql-test/t/information_schema_db.test:
  * Added SELECT privilege to testdb_2 as
    SHOW CREATE VIEW now demands this privilege
    as well as SHOW VIEW.
mysql-test/t/outfile.test:
  * Changed error code
mysql-test/t/view_grant.test:
  * Additional SELECT privilege is now needed
    for SHOW CREATE VIEW
sql/mysql_priv.h:
  * Replaced EXTRA_ACL with a parameter
sql/sp_head.cc:
  * Replaced EXTRA_ACL with a parameter
sql/sql_acl.cc:
  * Converted function documentation to doxygen and clarified some behaviors.
  * Changed value from uint to bool to better reflect its meaning.
  * Removed pointless variable orig_want_access
  * Added function has_any_table_level_privileges to help with requirements
    checks during SHOW CREATE TABLE.
sql/sql_acl.h:
  * changed signature of check_grant()
  * introduced access control function has_any_table_leevl_privileges()
sql/sql_base.cc:
  * Check_table_access has new signature
sql/sql_cache.cc:
  * Check_table_access has new signature
sql/sql_parse.cc:
  * Rewrote function documentation in doxygen comments for: check_access,
    check_table_acces, check_grant.
  * Removed EXTRA_ACL flag where it doesn't hold any meaningful purpose anymore
    and replaced it with a function parameter where any privileges on any column
    combination would satisfy the requirement.
  * Fixed privilege check for SHOW COLUMNS and SHOW INDEX
  * Modified check_table_access to gain clarity in what EXTRA_ACL actually does.
  * Modified check_access to gain clarity in what EXTRA_ACL actually does.
  * Fixed privilege check for CREATE TABLE .. LIKE .. ; It now requires SELECT
    privileges on the table.
  * Fixed privilege check for SHOW CREATE TABLE ..; It now requires any privilege
    on the table level.
sql/sql_plugin.cc:
  * check_table_access has new signature
sql/sql_prepare.cc:
  * check_table_access has new signature
sql/sql_show.cc:
  * check_table_access has new signature
sql/sql_trigger.cc:
  * check_table_access has new signature
sql/sql_update.cc:
  * check grant has new signature
sql/sql_view.cc:
  * check_table_access has new signature
2009-10-19 14:58:13 +02:00

141 lines
4 KiB
Text
Raw Blame History

disable_query_log;
-- source include/test_outfile.inc
# Server are started in "var/master-data", so "../../tmp" will be "var/tmp"
eval set @tmpdir="../../tmp";
enable_query_log;
-- source include/have_outfile.inc
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
#
# test of into outfile|dumpfile
#
--disable_warnings
drop table if exists t1;
--enable_warnings
create table t1 (`a` blob);
insert into t1 values("hello world"),("Hello mars"),(NULL);
disable_query_log;
eval select * into outfile "../../tmp/outfile-test.1" from t1;
enable_query_log;
select load_file(concat(@tmpdir,"/outfile-test.1"));
disable_query_log;
eval select * into dumpfile "../../tmp/outfile-test.2" from t1 limit 1;
enable_query_log;
select load_file(concat(@tmpdir,"/outfile-test.2"));
disable_query_log;
eval select * into dumpfile "../../tmp/outfile-test.3" from t1 where a is null;
enable_query_log;
select load_file(concat(@tmpdir,"/outfile-test.3"));
# the following should give errors
disable_query_log;
--error ER_FILE_EXISTS_ERROR
eval select * into outfile "../../tmp/outfile-test.1" from t1;
--error ER_FILE_EXISTS_ERROR
eval select * into dumpfile "../../tmp/outfile-test.2" from t1;
--error ER_FILE_EXISTS_ERROR
eval select * into dumpfile "../../tmp/outfile-test.3" from t1;
enable_query_log;
select load_file(concat(@tmpdir,"/outfile-test.not-exist"));
--remove_file $MYSQLTEST_VARDIR/tmp/outfile-test.1
--remove_file $MYSQLTEST_VARDIR/tmp/outfile-test.2
--remove_file $MYSQLTEST_VARDIR/tmp/outfile-test.3
drop table t1;
# Bug#8191 SELECT INTO OUTFILE insists on FROM clause
disable_query_log;
eval select 1 into outfile "../../tmp/outfile-test.4";
enable_query_log;
select load_file(concat(@tmpdir,"/outfile-test.4"));
--remove_file $MYSQLTEST_VARDIR/tmp/outfile-test.4
#
# Bug#5382 'explain select into outfile' crashes the server
#
CREATE TABLE t1 (a INT);
EXPLAIN
SELECT *
INTO OUTFILE '/tmp/t1.txt'
FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\r\n'
FROM t1;
DROP TABLE t1;
# End of 4.1 tests
#
# Bug#13202 SELECT * INTO OUTFILE ... FROM information_schema.schemata now fails
#
disable_query_log;
eval SELECT * INTO OUTFILE "../../tmp/outfile-test.4"
FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'
FROM information_schema.schemata LIMIT 0, 5;
# enable_query_log;
--remove_file $MYSQLTEST_VARDIR/tmp/outfile-test.4
use information_schema;
# disable_query_log;
eval SELECT * INTO OUTFILE "../../tmp/outfile-test.4"
FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'
FROM schemata LIMIT 0, 5;
enable_query_log;
--remove_file $MYSQLTEST_VARDIR/tmp/outfile-test.4
use test;
#
# Bug#18628 mysql-test-run: security problem
#
# It should not be possible to write to a file outside of vardir
create table t1(a int);
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--error ER_OPTION_PREVENTS_STATEMENT
eval select * into outfile "$MYSQL_TEST_DIR/outfile-test1" from t1;
drop table t1;
#
# Bug#28181 Access denied to 'information_schema when
# select into out file (regression)
#
create database mysqltest;
create user user_1@localhost;
grant all on mysqltest.* to user_1@localhost;
connect (con28181_1,localhost,user_1,,mysqltest);
--error ER_ACCESS_DENIED_ERROR
eval select schema_name
into outfile "../../tmp/outfile-test.4"
fields terminated by ',' optionally enclosed by '"'
lines terminated by '\n'
from information_schema.schemata
where schema_name like 'mysqltest';
connection default;
disconnect con28181_1;
grant file on *.* to user_1@localhost;
connect (con28181_2,localhost,user_1,,mysqltest);
eval select schema_name
into outfile "../../tmp/outfile-test.4"
fields terminated by ',' optionally enclosed by '"'
lines terminated by '\n'
from information_schema.schemata
where schema_name like 'mysqltest';
connection default;
disconnect con28181_2;
--remove_file $MYSQLTEST_VARDIR/tmp/outfile-test.4
use test;
revoke all privileges on *.* from user_1@localhost;
drop user user_1@localhost;
drop database mysqltest;
# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc
Reference in a new issue View git blame Copy permalink