mirror of
https://github.com/MariaDB/server.git
synced 2025-01-20 05:52:27 +01:00
cb26bb932c
This variable is defined by default and one should not do it directly as the socket variable is not available on Windows.
351 lines
14 KiB
Text
351 lines
14 KiB
Text
# suite/funcs_1/t/is_table_privileges.test
|
|
#
|
|
# Check the layout of information_schema.table_privileges and the impact of
|
|
# CREATE/ALTER/DROP TABLE/VIEW/SCHEMA ... on it.
|
|
#
|
|
# Note:
|
|
# This test is not intended
|
|
# - to show information about the all time existing tables
|
|
# within the databases information_schema and mysql
|
|
# - for checking storage engine properties
|
|
# Therefore please do not alter $engine_type and $other_engine_type.
|
|
#
|
|
# Author:
|
|
# 2008-01-23 mleich WL#4203 Reorganize and fix the data dictionary tests of
|
|
# testsuite funcs_1
|
|
# Create this script based on older scripts and new code.
|
|
#
|
|
|
|
# This test cannot be used for the embedded server because we check here
|
|
# privileges.
|
|
--source include/not_embedded.inc
|
|
|
|
let $engine_type = MEMORY;
|
|
let $other_engine_type = MyISAM;
|
|
|
|
let $is_table = TABLE_PRIVILEGES;
|
|
|
|
# The table INFORMATION_SCHEMA.TABLE_PRIVILEGES must exist
|
|
eval SHOW TABLES FROM information_schema LIKE '$is_table';
|
|
|
|
--echo #######################################################################
|
|
--echo # Testcase 3.2.1.1: INFORMATION_SCHEMA tables can be queried via SELECT
|
|
--echo #######################################################################
|
|
# Ensure that every INFORMATION_SCHEMA table can be queried with a SELECT
|
|
# statement, just as if it were an ordinary user-defined table.
|
|
#
|
|
--source suite/funcs_1/datadict/is_table_query.inc
|
|
|
|
|
|
--echo #########################################################################
|
|
--echo # Testcase 3.2.11.1: INFORMATION_SCHEMA.TABLE_PRIVILEGES layout
|
|
--echo #########################################################################
|
|
# Ensure that the INFORMATION_SCHEMA.TABLE_PRIVILEGES table has the following
|
|
# columns, in the following order:
|
|
#
|
|
# GRANTEE (shows the name of a user who has either granted, or been granted a
|
|
# table privilege),
|
|
# TABLE_CATALOG (always shows NULL),
|
|
# TABLE_SCHEMA (shows the name of the schema, or database, in which the table
|
|
# for which a privilege has been granted resides),
|
|
# TABLE_NAME (shows the name of the table),
|
|
# PRIVILEGE_TYPE (shows the type of privilege that was granted; must be either
|
|
# SELECT, INSERT, UPDATE, DELETE, REFERENCES, ALTER, INDEX, DROP or
|
|
# CREATE VIEW),
|
|
# IS_GRANTABLE (shows whether that privilege was granted WITH GRANT OPTION).
|
|
#
|
|
--source suite/funcs_1/datadict/datadict_bug_12777.inc
|
|
eval DESCRIBE information_schema.$is_table;
|
|
--source suite/funcs_1/datadict/datadict_bug_12777.inc
|
|
eval SHOW CREATE TABLE information_schema.$is_table;
|
|
--source suite/funcs_1/datadict/datadict_bug_12777.inc
|
|
eval SHOW COLUMNS FROM information_schema.$is_table;
|
|
|
|
# Note: Retrieval of information within information_schema.columns
|
|
# about information_schema.table_privileges is in is_columns_is.test.
|
|
|
|
# Show that TABLE_CATALOG is always NULL.
|
|
SELECT table_catalog, table_schema, table_name, privilege_type
|
|
FROM information_schema.table_privileges WHERE table_catalog IS NOT NULL;
|
|
|
|
--echo ######################################################################
|
|
--echo # Testcase 3.2.11.2+3.2.11.3+3.2.11.4:
|
|
--echo # INFORMATION_SCHEMA.TABLE_PRIVILEGES accessible information
|
|
--echo ######################################################################
|
|
# 3.2.11.2: Ensure that the table shows the relevant information on every
|
|
# table privilege which has been granted to the current user or
|
|
# PUBLIC, or which was granted by the current user.
|
|
# 3.2.11.3: Ensure that the table does not show any information on any table
|
|
# privilege which was granted to any user other than the current
|
|
# user or PUBLIC, or which was granted by any user other than the
|
|
# current user.
|
|
# 3.2.11.4: Ensure that the table does not show any information on any
|
|
# privileges that are not table privileges for the current user.
|
|
#
|
|
# To be implemented:
|
|
# Check of content within information_schema.table_privileges about
|
|
# databases like 'information_schema' or 'mysql'.
|
|
# 2008-02-15 Neither root nor a just created low privileged user has table
|
|
# privileges within these schemas.
|
|
#
|
|
--disable_warnings
|
|
DROP DATABASE IF EXISTS db_datadict;
|
|
--enable_warnings
|
|
CREATE DATABASE db_datadict;
|
|
--replace_result $engine_type <engine_type>
|
|
eval
|
|
CREATE TABLE db_datadict.tb1(f1 INT, f2 INT, f3 INT)
|
|
ENGINE = $engine_type;
|
|
|
|
--error 0,ER_CANNOT_USER
|
|
DROP USER 'testuser1'@'localhost';
|
|
CREATE USER 'testuser1'@'localhost';
|
|
GRANT CREATE, SELECT ON db_datadict.*
|
|
TO 'testuser1'@'localhost' WITH GRANT OPTION;
|
|
GRANT SELECT ON db_datadict.tb1 TO 'testuser1'@'localhost';
|
|
--error 0,ER_CANNOT_USER
|
|
DROP USER 'testuser2'@'localhost';
|
|
CREATE USER 'testuser2'@'localhost';
|
|
GRANT ALL ON db_datadict.tb1 TO 'testuser2'@'localhost' WITH GRANT OPTION;
|
|
--error 0,ER_CANNOT_USER
|
|
DROP USER 'testuser3'@'localhost';
|
|
CREATE USER 'testuser3'@'localhost';
|
|
|
|
let $my_select = SELECT * FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 'tb%'
|
|
ORDER BY grantee,table_schema,table_name,privilege_type;
|
|
|
|
--echo # Establish connection testuser1 (user=testuser1)
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (testuser1, localhost, testuser1, , db_datadict);
|
|
--replace_result $other_engine_type <other_engine_type>
|
|
eval
|
|
CREATE TABLE tb3 (f1 TEXT)
|
|
ENGINE = $other_engine_type;
|
|
GRANT SELECT ON db_datadict.tb3 TO 'testuser3'@'localhost';
|
|
eval $my_select;
|
|
SHOW GRANTS FOR 'testuser1'@'localhost';
|
|
|
|
--echo # Establish connection testuser2 (user=testuser3)
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (testuser2, localhost, testuser2, , db_datadict);
|
|
# we see only table privileges for this user, and not any other privileges
|
|
eval $my_select;
|
|
SHOW GRANTS FOR 'testuser2'@'localhost';
|
|
|
|
--echo # Establish connection testuser3 (user=testuser3)
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (testuser3, localhost, testuser3, , db_datadict);
|
|
# we see only table privileges for this user, and not any other privileges
|
|
eval $my_select;
|
|
SHOW GRANTS FOR 'testuser3'@'localhost';
|
|
|
|
--echo # Switch to connection default and close the other connections
|
|
connection default;
|
|
disconnect testuser1;
|
|
disconnect testuser2;
|
|
disconnect testuser3;
|
|
|
|
# we see only 'public' table privileges
|
|
eval $my_select;
|
|
SHOW GRANTS FOR 'testuser1'@'localhost';
|
|
SHOW GRANTS FOR 'testuser2'@'localhost';
|
|
SHOW GRANTS FOR 'testuser3'@'localhost';
|
|
|
|
# Cleanup
|
|
DROP USER 'testuser1'@'localhost';
|
|
DROP USER 'testuser2'@'localhost';
|
|
DROP USER 'testuser3'@'localhost';
|
|
DROP DATABASE db_datadict;
|
|
|
|
|
|
--echo ################################################################################
|
|
--echo # 3.2.1.13+3.2.1.14+3.2.1.15: INFORMATION_SCHEMA.TABLE_PRIVILEGES modifications
|
|
--echo ################################################################################
|
|
# 3.2.1.13: Ensure that the creation of any new database object (e.g. table or
|
|
# column) automatically inserts all relevant information on that
|
|
# object into every appropriate INFORMATION_SCHEMA table.
|
|
# 3.2.1.14: Ensure that the alteration of any existing database object
|
|
# automatically updates all relevant information on that object in
|
|
# every appropriate INFORMATION_SCHEMA table.
|
|
# 3.2.1.15: Ensure that the dropping of any existing database object
|
|
# automatically deletes all relevant information on that object from
|
|
# every appropriate INFORMATION_SCHEMA table.
|
|
#
|
|
# Note (mleich):
|
|
# The MySQL privilege system allows to GRANT objects before they exist.
|
|
# (Exception: Grant privileges for columns of not existing tables/views.)
|
|
# There is also no migration of privileges if objects (tables,views,columns)
|
|
# are moved to other databases (tables only), renamed or dropped.
|
|
#
|
|
--disable_warnings
|
|
DROP TABLE IF EXISTS test.t1_table;
|
|
DROP VIEW IF EXISTS test.t1_view;
|
|
DROP DATABASE IF EXISTS db_datadict;
|
|
--enable_warnings
|
|
CREATE DATABASE db_datadict;
|
|
--replace_result $engine_type <engine_type>
|
|
eval
|
|
CREATE TABLE test.t1_table (f1 BIGINT)
|
|
DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci
|
|
COMMENT = 'Initial Comment' ENGINE = $engine_type;
|
|
CREATE VIEW test.t1_view AS SELECT 1;
|
|
|
|
--error 0,ER_CANNOT_USER
|
|
DROP USER 'testuser1'@'localhost';
|
|
CREATE USER 'testuser1'@'localhost';
|
|
--error 0,ER_CANNOT_USER
|
|
DROP USER 'the_user'@'localhost';
|
|
#
|
|
# Check granted TABLE and VIEW
|
|
SELECT table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%';
|
|
GRANT ALL ON test.t1_table TO 'testuser1'@'localhost';
|
|
GRANT ALL ON test.t1_view TO 'testuser1'@'localhost';
|
|
SELECT * FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY grantee, table_schema, table_name, privilege_type;
|
|
#
|
|
# Check modification of GRANTEE (migration of permissions)
|
|
SELECT DISTINCT grantee, table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY grantee, table_name;
|
|
RENAME USER 'testuser1'@'localhost' TO 'the_user'@'localhost';
|
|
# FIXME: mleich Workaround for bug to be reported
|
|
# It looks like an immediate reloading of the system tables is missing in case
|
|
# of RENAME USER.
|
|
FLUSH PRIVILEGES;
|
|
SELECT DISTINCT grantee, table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY grantee, table_name;
|
|
--error ER_NONEXISTING_GRANT
|
|
SHOW GRANTS FOR 'testuser1'@'localhost';
|
|
SHOW GRANTS FOR 'the_user'@'localhost';
|
|
#
|
|
# Check modification of TABLE_SCHEMA (no migration of permissions)
|
|
SELECT DISTINCT table_schema,table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY table_schema,table_name;
|
|
RENAME TABLE test.t1_table TO db_datadict.t1_table;
|
|
--error ER_FORBID_SCHEMA_CHANGE
|
|
RENAME TABLE test.t1_view TO db_datadict.t1_view;
|
|
SELECT DISTINCT table_schema,table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY table_schema,table_name;
|
|
SHOW GRANTS FOR 'the_user'@'localhost';
|
|
REVOKE ALL PRIVILEGES ON test.t1_table FROM 'the_user'@'localhost';
|
|
REVOKE ALL PRIVILEGES ON test.t1_view FROM 'the_user'@'localhost';
|
|
DROP VIEW test.t1_view;
|
|
CREATE VIEW db_datadict.t1_view AS SELECT 1;
|
|
GRANT ALL ON db_datadict.t1_table TO 'the_user'@'localhost';
|
|
GRANT ALL ON db_datadict.t1_view TO 'the_user'@'localhost';
|
|
#
|
|
# Check modification of TABLE_NAME (no migration of permissions)
|
|
SELECT DISTINCT table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY table_name;
|
|
RENAME TABLE db_datadict.t1_table TO db_datadict.t1_tablex;
|
|
RENAME TABLE db_datadict.t1_view TO db_datadict.t1_viewx;
|
|
SELECT DISTINCT table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY table_name;
|
|
RENAME TABLE db_datadict.t1_tablex TO db_datadict.t1_table;
|
|
RENAME TABLE db_datadict.t1_viewx TO db_datadict.t1_view;
|
|
#
|
|
# Check impact of DROP TABLE/VIEW (no removal of permissions)
|
|
SELECT DISTINCT table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY table_name;
|
|
DROP TABLE db_datadict.t1_table;
|
|
DROP VIEW db_datadict.t1_view;
|
|
SELECT DISTINCT table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY table_name;
|
|
#
|
|
# Check impact of DROP SCHEMA (no removal of permissions)
|
|
--replace_result $engine_type <engine_type>
|
|
eval
|
|
CREATE TABLE db_datadict.t1_table
|
|
ENGINE = $engine_type AS
|
|
SELECT 1;
|
|
CREATE VIEW db_datadict.t1_view AS SELECT 1;
|
|
GRANT ALL ON db_datadict.t1_table TO 'the_user'@'localhost';
|
|
GRANT ALL ON db_datadict.t1_view TO 'the_user'@'localhost';
|
|
SELECT DISTINCT table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY table_name;
|
|
DROP DATABASE db_datadict;
|
|
SELECT DISTINCT table_name FROM information_schema.table_privileges
|
|
WHERE table_name LIKE 't1_%'
|
|
ORDER BY table_name;
|
|
|
|
# Cleanup
|
|
DROP USER 'the_user'@'localhost';
|
|
|
|
|
|
--echo ########################################################################
|
|
--echo # Testcases 3.2.1.3-3.2.1.5 + 3.2.1.8-3.2.1.12: INSERT/UPDATE/DELETE and
|
|
--echo # DDL on INFORMATION_SCHEMA table are not supported
|
|
--echo ########################################################################
|
|
# 3.2.1.3: Ensure that no user may execute an INSERT statement on any
|
|
# INFORMATION_SCHEMA table.
|
|
# 3.2.1.4: Ensure that no user may execute an UPDATE statement on any
|
|
# INFORMATION_SCHEMA table.
|
|
# 3.2.1.5: Ensure that no user may execute a DELETE statement on any
|
|
# INFORMATION_SCHEMA table.
|
|
# 3.2.1.8: Ensure that no user may create an index on an
|
|
# INFORMATION_SCHEMA table.
|
|
# 3.2.1.9: Ensure that no user may alter the definition of an
|
|
# INFORMATION_SCHEMA table.
|
|
# 3.2.1.10: Ensure that no user may drop an INFORMATION_SCHEMA table.
|
|
# 3.2.1.11: Ensure that no user may move an INFORMATION_SCHEMA table to any
|
|
# other database.
|
|
# 3.2.1.12: Ensure that no user may directly add to, alter, or delete any data
|
|
# in an INFORMATION_SCHEMA table.
|
|
#
|
|
--disable_warnings
|
|
DROP DATABASE IF EXISTS db_datadict;
|
|
--enable_warnings
|
|
CREATE DATABASE db_datadict;
|
|
--replace_result $engine_type <engine_type>
|
|
eval
|
|
CREATE TABLE db_datadict.t1 (f1 BIGINT, f2 BIGINT)
|
|
ENGINE = $engine_type;
|
|
--error 0,ER_CANNOT_USER
|
|
DROP USER 'testuser1'@'localhost';
|
|
CREATE USER 'testuser1'@'localhost';
|
|
GRANT SELECT (f1) ON db_datadict.t1 TO 'testuser1'@'localhost';
|
|
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
INSERT INTO information_schema.table_privileges
|
|
SELECT * FROM information_schema.table_privileges;
|
|
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
UPDATE information_schema.table_privileges SET table_schema = 'test'
|
|
WHERE table_name = 't1';
|
|
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
DELETE FROM information_schema.table_privileges WHERE table_name = 't1';
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
TRUNCATE information_schema.table_privileges;
|
|
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
CREATE INDEX my_idx_on_tables
|
|
ON information_schema.table_privileges(table_schema);
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
ALTER TABLE information_schema.table_privileges ADD f1 INT;
|
|
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
DROP TABLE information_schema.table_privileges;
|
|
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
ALTER TABLE information_schema.table_privileges
|
|
RENAME db_datadict.table_privileges;
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
ALTER TABLE information_schema.table_privileges
|
|
RENAME information_schema.xtable_privileges;
|
|
|
|
# Cleanup
|
|
DROP DATABASE db_datadict;
|
|
DROP USER 'testuser1'@'localhost';
|
|
|