mariadb/mysql-test/t/grant3.test

# Can't run with embedded server because we use GRANT
-- source include/not_embedded.inc

# Save the initial number of concurrent sessions
--source include/count_sessions.inc


# Test of GRANT commands

SET NAMES binary;
connect (master,localhost,root,,);
connection master;

# Cleanup
--disable_warnings
drop table if exists t1;
--enable_warnings

delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges;

create user mysqltest_1@localhost;
grant create user on *.* to mysqltest_1@localhost;
grant select on `my\_1`.* to mysqltest_1@localhost with grant option;
connect (user_a,localhost,mysqltest_1,,);
connection user_a;
--error ER_CANT_CREATE_USER_WITH_GRANT
grant select on `my\_1`.* to mysqltest_2@localhost;
create user mysqltest_2@localhost;
disconnect user_a;
disconnect master;
connection default;

delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges;

#
# Bug#19828 Case sensitivity in Grant/Revoke
#

grant select on test.* to CUser@localhost;
grant select on test.* to CUser@LOCALHOST;
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;

DROP USER CUser@localhost;
DROP USER CUser@LOCALHOST;

#### table grants
create table t1 (a int);
grant select on test.t1 to CUser@localhost;
grant select on test.t1 to CUser@LOCALHOST;
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;

DROP USER CUser@localhost;
DROP USER CUser@LOCALHOST;

### column grants

grant select(a) on test.t1 to CUser@localhost;
grant select(a) on test.t1 to CUser@LOCALHOST;
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;

DROP USER CUser@localhost;
DROP USER CUser@LOCALHOST;

drop table t1;

# revoke on a specific DB only

grant select on test.* to CUser2@localhost;
grant select on test.* to CUser2@LOCALHOST;
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;

REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST';
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;

REVOKE SELECT ON test.* FROM 'CUser2'@'localhost';
flush privileges;

SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;

DROP USER CUser2@localhost;
DROP USER CUser2@LOCALHOST;


#
# Bug#31194 Privilege ordering does not order properly for wildcard values
#

CREATE DATABASE mysqltest_1;
CREATE TABLE mysqltest_1.t1 (a INT);
CREATE USER 'mysqltest1'@'%';
GRANT SELECT, UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%';
REVOKE SELECT ON `mysqltest_1`.* FROM 'mysqltest1'@'%';
GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%';
FLUSH PRIVILEGES;

connect (conn1,localhost,mysqltest1,,);
connection conn1;
SHOW GRANTS;
SELECT * FROM mysqltest_1.t1;
disconnect conn1;

connection default;
DROP USER 'mysqltest1'@'%';
DROP DATABASE mysqltest_1;

--echo #
--echo # Bug#41597 - After rename of user, there are additional grants
--echo #             when grants are reapplied.
--echo #

CREATE DATABASE temp;
CREATE TABLE temp.t1(a INT, b VARCHAR(10));
INSERT INTO temp.t1 VALUES(1, 'name1');
INSERT INTO temp.t1 VALUES(2, 'name2');
INSERT INTO temp.t1 VALUES(3, 'name3');


CREATE USER 'user1'@'%';
RENAME USER 'user1'@'%' TO 'user2'@'%';
--echo # Show privileges after rename and BEFORE grant
SHOW GRANTS FOR 'user2'@'%';
GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%';
--echo # Show privileges after rename and grant
SHOW GRANTS FOR 'user2'@'%';

--echo # Connect as the renamed user
connect (conn1, localhost, user2,,);
connection conn1;
SHOW GRANTS;
SELECT a FROM temp.t1;
--echo # Check for additional privileges by accessing a
--echo # non privileged column. We shouldn't be able to 
--echo # access this column.
--error ER_COLUMNACCESS_DENIED_ERROR 
SELECT b FROM temp.t1;
disconnect conn1;

connection default;
DROP USER 'user2'@'%';
DROP DATABASE temp;

--echo End of 5.0 tests

# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc