mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-05-15 11:27:39 +02:00
Code Issues Projects Releases Packages Wiki Activity
mariadb/mysql-test/suite/roles
History
Daniel Black 8bbe3a3cd2 MDEV-21194: mariadb-install-db doesn't properly grant proxy privileges to all created user accounts 
mariadb-install-db --auth-root-authentication-method=normal created 4
root accounts by default, but only two of these had PROXY privilege
granted.

mariadb-install-db (default option
--auth-root-authentication-method=socket) as non-root user also didn't
grant PROXY priv to the created nonroot@localhost user.

To fix this, in mysql_system_tables_data.sql, we re-use tmp_user_nopasswd
as this contains the list of all root users.

REPLACE INTO tmp_proxies_priv SELECT @current_hostname, IFNULL(@auth_root_socket, 'root')
creates the $user@$current_host but will not error if @auth_root_socket
is null. Note @current_hostname lines are filtered out with
--cross-bootstrap in mariadb-install-db so it was needed to include this
expression for consistency.

Like the existing mysql_system_tables.sql is used to create teh
$user@localhost proxies_priv.

Test cases roles.acl_statistics, perfschema,privilege_table_io depends on the number of proxy users.

After:

--auth-root-authentication-method=normal:

MariaDB [mysql]> select * from global_priv;
+-----------+-------------+--------------------------------------------------------------------------------------------------------------------------+
| Host      | User        | Priv                                                                                                                     |
+-----------+-------------+--------------------------------------------------------------------------------------------------------------------------+
| localhost | mariadb.sys | {"access":0,"plugin":"mysql_native_password","authentication_string":"","account_locked":true,"password_last_changed":0} |
| localhost | root        | {"access":18446744073709551615}                                                                                          |
| bark      | root        | {"access":18446744073709551615}                                                                                          |
| 127.0.0.1 | root        | {"access":18446744073709551615}                                                                                          |
| ::1       | root        | {"access":18446744073709551615}                                                                                          |
| localhost |             | {}                                                                                                                       |
| bark      |             | {}                                                                                                                       |
+-----------+-------------+--------------------------------------------------------------------------------------------------------------------------+
7 rows in set (0.001 sec)

MariaDB [mysql]> select * from proxies_priv;
+-----------+------+--------------+--------------+------------+---------+---------------------+
| Host      | User | Proxied_host | Proxied_user | With_grant | Grantor | Timestamp           |
+-----------+------+--------------+--------------+------------+---------+---------------------+
| localhost | root |              |              |          1 |         | 2023-07-10 12:12:24 |
| 127.0.0.1 | root |              |              |          1 |         | 2023-07-10 12:12:24 |
| ::1       | root |              |              |          1 |         | 2023-07-10 12:12:24 |
| bark      | root |              |              |          1 |         | 2023-07-10 12:12:24 |
+-----------+------+--------------+--------------+------------+---------+---------------------+

--auth-root-authentication-method=socket:

MariaDB [mysql]> select * from proxies_priv;
+-----------+------+--------------+--------------+------------+---------+---------------------+
| Host      | User | Proxied_host | Proxied_user | With_grant | Grantor | Timestamp           |
+-----------+------+--------------+--------------+------------+---------+---------------------+
| localhost | root |              |              |          1 |         | 2023-07-10 12:11:55 |
| localhost | dan  |              |              |          1 |         | 2023-07-10 12:11:55 |
| bark      | dan  |              |              |          1 |         | 2023-07-10 12:11:55 |
+-----------+------+--------------+--------------+------------+---------+---------------------+
3 rows in set (0.017 sec)

MariaDB [mysql]> select * from global_priv;
+-----------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------+
| Host      | User        | Priv                                                                                                                                       |
+-----------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------+
| localhost | mariadb.sys | {"access":0,"plugin":"mysql_native_password","authentication_string":"","account_locked":true,"password_last_changed":0}                   |
| localhost | root        | {"access":18446744073709551615,"plugin":"mysql_native_password","authentication_string":"invalid","auth_or":[{},{"plugin":"unix_socket"}]} |
| localhost | dan         | {"access":18446744073709551615,"plugin":"mysql_native_password","authentication_string":"invalid","auth_or":[{},{"plugin":"unix_socket"}]} |
| localhost |             | {}                                                                                                                                         |
| bark      |             | {}                                                                                                                                         |
+-----------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------+
5 rows in set (0.000 sec)

MariaDB [mysql]> show grants;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for dan@localhost                                                                                                               |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO `dan`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'dan'@'localhost' WITH GRANT OPTION                                                                           |
+----------------------------------------------------------------------------------------------------------------------------------------+
2023-09-19 08:07:07 +10:00
..
acl_load_mutex-5170.result Fixed failing test acl_load_mutex-5170 2018-06-19 16:23:34 +03:00
acl_load_mutex-5170.test MDEV-23511 shutdown_server 10 times out, causing server kill at shutdown 2020-08-21 14:48:53 +03:00
acl_statistics.opt Updated mtr files to support different compiled in options 2019-09-01 19:17:35 +03:00
acl_statistics.result MDEV-21194: mariadb-install-db doesn't properly grant proxy privileges to all created user accounts 2023-09-19 08:07:07 +10:00
acl_statistics.test
admin.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
admin.test
create_and_drop_current.result
create_and_drop_current.test
create_and_drop_role.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
create_and_drop_role.test
create_and_drop_role_invalid_user_table.result more verbose tests 2020-04-27 09:22:36 +02:00
create_and_drop_role_invalid_user_table.test MDEV-17658 change the structure of mysql.user table 2018-12-12 00:31:44 +01:00
create_and_grant_role.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
create_and_grant_role.test
current_role_view-12666.result Merge branch '10.1' into 10.2 2017-07-05 19:08:55 +02:00
current_role_view-12666.test MDEV-12666: CURRENT_ROLE() and DATABASE() does not work in a view 2017-06-15 19:20:35 +03:00
default_create_user_not_role.result MDEV-17658 change the structure of mysql.user table 2018-12-12 00:31:44 +01:00
default_create_user_not_role.test
definer.result MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB 2022-09-30 08:48:57 +02:00
definer.test Updated mtr files to support different compiled in options 2019-09-01 19:17:35 +03:00
drop_current_role.result Merge branch '10.1' into 10.2 2020-08-02 11:05:29 +02:00
drop_current_role.test improve the error message for a dropped current role 2020-07-30 23:50:56 +02:00
drop_current_user-5176.result
drop_current_user-5176.test
drop_routines.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
drop_routines.test
flush_roles-12366.result Merge remote-tracking branch 'origin/10.1' into 10.2 2017-12-22 12:23:39 +02:00
flush_roles-12366.test MDEV-12366: FLUSH PRIVILEGES can break hierarchy of roles 2017-12-19 12:33:25 +02:00
flush_roles-17898.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
flush_roles-17898.test Merge 10.3 into 10.4 2019-04-03 11:43:39 +03:00
grant-5771.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
grant-5771.test
grant_empty.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
grant_empty.test
grant_proxy-5526.result MDEV-20076: SHOW GRANTS does not quote role names properly 2020-02-05 17:22:26 +01:00
grant_proxy-5526.test
grant_revoke_current.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
grant_revoke_current.test MDEV-19650: Privilege bug on MariaDB 10.4 2020-05-07 10:54:56 +02:00
grant_role_auto_create_user.result MDEV-17658 change the structure of mysql.user table 2018-12-12 00:31:44 +01:00
grant_role_auto_create_user.test
i_s_applicable_roles_is_default.result MDEV-12484 Enable unix socket authentication by default 2019-02-12 19:14:37 +01:00
i_s_applicable_roles_is_default.test MDEV-12484 Enable unix socket authentication by default 2019-02-12 19:14:37 +01:00
ip-6401.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
ip-6401.test
none_public.result MDEV-17658 change the structure of mysql.user table 2018-12-12 00:31:44 +01:00
none_public.test MDEV-17658 change the structure of mysql.user table 2018-12-12 00:31:44 +01:00
password.result
password.test
prepare_stmt_with_role.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
prepare_stmt_with_role.test
ps.result
ps.test
rebuild_role_grants.result Merge 10.2 into 10.3 2021-10-21 13:41:04 +03:00
rebuild_role_grants.test MDEV-17964: Assertion `status == 0' failed in add_role_user_mapping_action 2021-10-15 19:19:36 +03:00
recursive.inc
recursive.result MDEV-30056 Impossible to export column grants 2022-12-02 16:19:13 +01:00
recursive.test
recursive_dbug.result MDEV-30056 Impossible to export column grants 2022-12-02 16:19:13 +01:00
recursive_dbug.test
rename_user.result Merge branch '10.3' into 10.4 2022-08-02 14:15:39 +02:00
rename_user.test MDEV-29131 Assertion `status == 0' failed when renaming user after deleting table roles_mapping 2022-07-29 21:58:38 +02:00
revoke_all.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
revoke_all.test
role_case_sensitive-10744.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
role_case_sensitive-10744.test
role_grant_propagate.result MDEV-30526 Assertion `rights == merged->cols' failed in update_role_columns 2023-02-21 23:22:56 +01:00
role_grant_propagate.test MDEV-30526 Assertion `rights == merged->cols' failed in update_role_columns 2023-02-21 23:22:56 +01:00
roles_tables_priv-29465.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
roles_tables_priv-29465.test MDEV-29465: Inherited columns privs for roles wrongly set mysql.tables_priv column 2022-09-14 14:40:50 +03:00
rpl_definer.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
rpl_definer.test
rpl_grant_revoke_current_role-8638.result
rpl_grant_revoke_current_role-8638.test include/master-slave.inc must always be included last 2017-09-20 18:17:50 +02:00
set_and_drop.result MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB 2022-09-30 08:48:57 +02:00
set_and_drop.test
set_default_role_clear.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
set_default_role_clear.test
set_default_role_for.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
set_default_role_for.test MDEV-17658 change the structure of mysql.user table 2018-12-12 00:31:44 +01:00
set_default_role_invalid.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
set_default_role_invalid.test MDEV-22312: Bad error message for SET DEFAULT ROLE when user account is not granted the role 2020-05-28 17:08:40 +02:00
set_default_role_new_connection.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
set_default_role_new_connection.test
set_default_role_ps-6960.result MDEV-17658 change the structure of mysql.user table 2018-12-12 00:31:44 +01:00
set_default_role_ps-6960.test MDEV-17658 change the structure of mysql.user table 2018-12-12 00:31:44 +01:00
set_role-5232.result MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB 2022-09-30 08:48:57 +02:00
set_role-5232.test
set_role-9614.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
set_role-9614.test
set_role-13655.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
set_role-13655.test MDEV-13655: Set role does not properly grant privileges. 2017-12-19 12:33:25 +02:00
set_role-database-recursive.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
set_role-database-recursive.test
set_role-database-simple.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
set_role-database-simple.test
set_role-multiple-role.result MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB 2022-09-30 08:48:57 +02:00
set_role-multiple-role.test
set_role-recursive.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
set_role-recursive.test
set_role-routine-simple.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
set_role-routine-simple.test
set_role-simple.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
set_role-simple.test
set_role-table-column-priv.result Merge 10.3 into 10.4 2022-12-13 11:37:33 +02:00
set_role-table-column-priv.test
set_role-table-simple.result Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
set_role-table-simple.test
show_create_database-10463.result MDEV-29446 Change SHOW CREATE TABLE to display default collation 2022-09-12 22:10:39 +04:00
show_create_database-10463.test Merge branch '10.2' into 10.3 2019-09-03 13:17:32 +03:00
show_grants.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
show_grants.test MDEV-24289: show grants missing with grant option 2020-11-26 18:10:40 +01:00
show_grants_replicated.result MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE 2021-07-09 08:25:54 +02:00
show_grants_replicated.test