mirror of
https://github.com/MariaDB/server.git
synced 2025-01-19 21:42:35 +01:00
9fae9ef66f
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
513 lines
18 KiB
Text
513 lines
18 KiB
Text
use test;
|
|
grant usage on *.* to user1@localhost;
|
|
flush privileges;
|
|
drop table if exists t1;
|
|
drop database if exists db1_secret;
|
|
create database db1_secret;
|
|
create procedure db1_secret.dummy() begin end;
|
|
drop procedure db1_secret.dummy;
|
|
use db1_secret;
|
|
create table t1 ( u varchar(64), i int );
|
|
insert into t1 values('test', 0);
|
|
create procedure stamp(i int)
|
|
insert into db1_secret.t1 values (user(), i);
|
|
show procedure status like 'stamp';
|
|
Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation
|
|
db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER latin1 latin1_swedish_ci latin1_swedish_ci
|
|
create function db() returns varchar(64)
|
|
begin
|
|
declare v varchar(64);
|
|
select u into v from t1 limit 1;
|
|
return v;
|
|
end|
|
|
show function status like 'db';
|
|
Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation
|
|
db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER latin1 latin1_swedish_ci latin1_swedish_ci
|
|
call stamp(1);
|
|
select * from t1;
|
|
u i
|
|
test 0
|
|
root@localhost 1
|
|
select db();
|
|
db()
|
|
test
|
|
grant execute on procedure db1_secret.stamp to user1@'%';
|
|
grant execute on function db1_secret.db to user1@'%';
|
|
grant execute on procedure db1_secret.stamp to ''@'%';
|
|
grant execute on function db1_secret.db to ''@'%';
|
|
call db1_secret.stamp(2);
|
|
select db1_secret.db();
|
|
db1_secret.db()
|
|
test
|
|
select * from db1_secret.t1;
|
|
ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1'
|
|
create procedure db1_secret.dummy() begin end;
|
|
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
|
|
drop procedure db1_secret.dummy;
|
|
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
|
|
drop procedure db1_secret.stamp;
|
|
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db1_secret.stamp'
|
|
drop function db1_secret.db;
|
|
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db1_secret.db'
|
|
call db1_secret.stamp(3);
|
|
select db1_secret.db();
|
|
db1_secret.db()
|
|
test
|
|
select * from db1_secret.t1;
|
|
ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1'
|
|
create procedure db1_secret.dummy() begin end;
|
|
ERROR 42000: Access denied for user ''@'%' to database 'db1_secret'
|
|
drop procedure db1_secret.dummy;
|
|
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
|
|
drop procedure db1_secret.stamp;
|
|
ERROR 42000: alter routine command denied to user ''@'%' for routine 'db1_secret.stamp'
|
|
drop function db1_secret.db;
|
|
ERROR 42000: alter routine command denied to user ''@'%' for routine 'db1_secret.db'
|
|
select * from t1;
|
|
u i
|
|
test 0
|
|
root@localhost 1
|
|
user1@localhost 2
|
|
anon@localhost 3
|
|
alter procedure stamp sql security invoker;
|
|
show procedure status like 'stamp';
|
|
Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation
|
|
db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 INVOKER latin1 latin1_swedish_ci latin1_swedish_ci
|
|
alter function db sql security invoker;
|
|
show function status like 'db';
|
|
Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation
|
|
db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 INVOKER latin1 latin1_swedish_ci latin1_swedish_ci
|
|
call stamp(4);
|
|
select * from t1;
|
|
u i
|
|
test 0
|
|
root@localhost 1
|
|
user1@localhost 2
|
|
anon@localhost 3
|
|
root@localhost 4
|
|
select db();
|
|
db()
|
|
test
|
|
call db1_secret.stamp(5);
|
|
ERROR 42000: INSERT command denied to user 'user1'@'localhost' for table 't1'
|
|
select db1_secret.db();
|
|
ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1'
|
|
call db1_secret.stamp(6);
|
|
ERROR 42000: INSERT command denied to user ''@'localhost' for table 't1'
|
|
select db1_secret.db();
|
|
ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1'
|
|
drop database if exists db2;
|
|
create database db2;
|
|
use db2;
|
|
create table t2 (s1 int);
|
|
insert into t2 values (0);
|
|
grant usage on db2.* to user1@localhost;
|
|
grant select on db2.* to user1@localhost;
|
|
grant usage on db2.* to user2@localhost;
|
|
grant select,insert,update,delete,create routine on db2.* to user2@localhost;
|
|
grant create routine on db2.* to user1@localhost;
|
|
flush privileges;
|
|
use db2;
|
|
create procedure p () insert into t2 values (1);
|
|
call p();
|
|
ERROR 42000: INSERT command denied to user 'user1'@'localhost' for table 't2'
|
|
use db2;
|
|
call p();
|
|
ERROR 42000: execute command denied to user 'user2'@'localhost' for routine 'db2.p'
|
|
select * from t2;
|
|
s1
|
|
0
|
|
create procedure q () insert into t2 values (2);
|
|
call q();
|
|
select * from t2;
|
|
s1
|
|
0
|
|
2
|
|
grant usage on procedure db2.q to user2@localhost with grant option;
|
|
grant execute on procedure db2.q to user1@localhost;
|
|
use db2;
|
|
call q();
|
|
select * from t2;
|
|
s1
|
|
0
|
|
2
|
|
2
|
|
alter procedure p modifies sql data;
|
|
drop procedure p;
|
|
alter procedure q modifies sql data;
|
|
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q'
|
|
drop procedure q;
|
|
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q'
|
|
use db2;
|
|
alter procedure q modifies sql data;
|
|
drop procedure q;
|
|
use test;
|
|
select type,db,name from mysql.proc;
|
|
type db name
|
|
FUNCTION db1_secret db
|
|
PROCEDURE db1_secret stamp
|
|
drop database db1_secret;
|
|
drop database db2;
|
|
select type,db,name from mysql.proc;
|
|
type db name
|
|
delete from mysql.user where user='user1' or user='user2';
|
|
delete from mysql.user where user='' and host='%';
|
|
delete from mysql.procs_priv where user='user1' or user='user2';
|
|
delete from mysql.procs_priv where user='' and host='%';
|
|
delete from mysql.db where user='user2';
|
|
flush privileges;
|
|
grant usage on *.* to usera@localhost;
|
|
grant usage on *.* to userb@localhost;
|
|
grant usage on *.* to userc@localhost;
|
|
create database sptest;
|
|
create table t1 ( u varchar(64), i int );
|
|
create procedure sptest.p1(i int) insert into test.t1 values (user(), i);
|
|
grant insert on t1 to usera@localhost;
|
|
grant execute on procedure sptest.p1 to usera@localhost;
|
|
show grants for usera@localhost;
|
|
Grants for usera@localhost
|
|
GRANT USAGE ON *.* TO 'usera'@'localhost'
|
|
GRANT INSERT ON `test`.`t1` TO 'usera'@'localhost'
|
|
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'usera'@'localhost'
|
|
grant execute on procedure sptest.p1 to userc@localhost with grant option;
|
|
show grants for userc@localhost;
|
|
Grants for userc@localhost
|
|
GRANT USAGE ON *.* TO 'userc'@'localhost'
|
|
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
|
|
call sptest.p1(1);
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
|
ERROR 42000: grant command denied to user 'usera'@'localhost' for routine 'sptest.p1'
|
|
drop procedure sptest.p1;
|
|
ERROR 42000: alter routine command denied to user 'usera'@'localhost' for routine 'sptest.p1'
|
|
call sptest.p1(2);
|
|
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
|
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
|
drop procedure sptest.p1;
|
|
ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
|
call sptest.p1(3);
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
|
drop procedure sptest.p1;
|
|
ERROR 42000: alter routine command denied to user 'userc'@'localhost' for routine 'sptest.p1'
|
|
call sptest.p1(4);
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
|
ERROR 42000: grant command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
|
drop procedure sptest.p1;
|
|
ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
|
select * from t1;
|
|
u i
|
|
usera@localhost 1
|
|
userc@localhost 3
|
|
userb@localhost 4
|
|
grant all privileges on procedure sptest.p1 to userc@localhost;
|
|
show grants for userc@localhost;
|
|
Grants for userc@localhost
|
|
GRANT USAGE ON *.* TO 'userc'@'localhost'
|
|
GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
|
|
show grants for userb@localhost;
|
|
Grants for userb@localhost
|
|
GRANT USAGE ON *.* TO 'userb'@'localhost'
|
|
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userb'@'localhost'
|
|
revoke all privileges on procedure sptest.p1 from userb@localhost;
|
|
show grants for userb@localhost;
|
|
Grants for userb@localhost
|
|
GRANT USAGE ON *.* TO 'userb'@'localhost'
|
|
use test;
|
|
drop database sptest;
|
|
delete from mysql.user where user='usera' or user='userb' or user='userc';
|
|
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
|
|
delete from mysql.tables_priv where user='usera';
|
|
flush privileges;
|
|
drop table t1;
|
|
drop function if exists bug_9503;
|
|
create database mysqltest//
|
|
use mysqltest//
|
|
create table t1 (s1 int)//
|
|
grant select on t1 to user1@localhost//
|
|
create function bug_9503 () returns int sql security invoker begin declare v int;
|
|
select min(s1) into v from t1; return v; end//
|
|
use mysqltest;
|
|
select bug_9503();
|
|
ERROR 42000: execute command denied to user 'user1'@'localhost' for routine 'mysqltest.bug_9503'
|
|
grant execute on function bug_9503 to user1@localhost;
|
|
do 1;
|
|
use test;
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
|
|
drop function bug_9503;
|
|
use test;
|
|
drop database mysqltest;
|
|
use test;
|
|
select current_user();
|
|
current_user()
|
|
root@localhost
|
|
select user();
|
|
user()
|
|
root@localhost
|
|
create procedure bug7291_0 () sql security invoker select current_user(), user();
|
|
create procedure bug7291_1 () sql security definer call bug7291_0();
|
|
create procedure bug7291_2 () sql security invoker call bug7291_0();
|
|
grant execute on procedure bug7291_0 to user1@localhost;
|
|
grant execute on procedure bug7291_1 to user1@localhost;
|
|
grant execute on procedure bug7291_2 to user1@localhost;
|
|
call bug7291_2();
|
|
current_user() user()
|
|
user1@localhost user1@localhost
|
|
call bug7291_1();
|
|
current_user() user()
|
|
root@localhost user1@localhost
|
|
drop procedure bug7291_1;
|
|
drop procedure bug7291_2;
|
|
drop procedure bug7291_0;
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
|
|
drop user user1@localhost;
|
|
drop database if exists mysqltest_1;
|
|
create database mysqltest_1;
|
|
create procedure mysqltest_1.p1()
|
|
begin
|
|
select 1 from dual;
|
|
end//
|
|
grant usage on *.* to mysqltest_1@localhost;
|
|
call mysqltest_1.p1();
|
|
ERROR 42000: execute command denied to user 'mysqltest_1'@'localhost' for routine 'mysqltest_1.p1'
|
|
call mysqltest_1.p1();
|
|
ERROR 42000: execute command denied to user 'mysqltest_1'@'localhost' for routine 'mysqltest_1.p1'
|
|
drop procedure mysqltest_1.p1;
|
|
drop database mysqltest_1;
|
|
revoke usage on *.* from mysqltest_1@localhost;
|
|
drop user mysqltest_1@localhost;
|
|
drop function if exists bug12812|
|
|
create function bug12812() returns char(2)
|
|
begin
|
|
return 'ok';
|
|
end;
|
|
create user user_bug12812@localhost IDENTIFIED BY 'ABC'|
|
|
SELECT test.bug12812()|
|
|
ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine 'test.bug12812'
|
|
CREATE VIEW v1 AS SELECT test.bug12812()|
|
|
ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine 'test.bug12812'
|
|
DROP USER user_bug12812@localhost|
|
|
drop function bug12812|
|
|
create database db_bug14834;
|
|
create user user1_bug14834@localhost identified by '';
|
|
grant all on `db\_bug14834`.* to user1_bug14834@localhost;
|
|
create user user2_bug14834@localhost identified by '';
|
|
grant all on `db\_bug14834`.* to user2_bug14834@localhost;
|
|
create user user3_bug14834@localhost identified by '';
|
|
grant all on `db__ug14834`.* to user3_bug14834@localhost;
|
|
create procedure p_bug14834() select user(), current_user();
|
|
call p_bug14834();
|
|
user() current_user()
|
|
user1_bug14834@localhost user1_bug14834@localhost
|
|
call p_bug14834();
|
|
user() current_user()
|
|
user2_bug14834@localhost user1_bug14834@localhost
|
|
call p_bug14834();
|
|
user() current_user()
|
|
user3_bug14834@localhost user1_bug14834@localhost
|
|
drop user user1_bug14834@localhost;
|
|
drop user user2_bug14834@localhost;
|
|
drop user user3_bug14834@localhost;
|
|
drop database db_bug14834;
|
|
create database db_bug14533;
|
|
use db_bug14533;
|
|
create table t1 (id int);
|
|
create user user_bug14533@localhost identified by '';
|
|
create procedure bug14533_1()
|
|
sql security definer
|
|
desc db_bug14533.t1;
|
|
create procedure bug14533_2()
|
|
sql security definer
|
|
select * from db_bug14533.t1;
|
|
grant execute on procedure db_bug14533.bug14533_1 to user_bug14533@localhost;
|
|
grant execute on procedure db_bug14533.bug14533_2 to user_bug14533@localhost;
|
|
call db_bug14533.bug14533_1();
|
|
Field Type Null Key Default Extra
|
|
id int(11) YES NULL
|
|
call db_bug14533.bug14533_2();
|
|
id
|
|
desc db_bug14533.t1;
|
|
ERROR 42000: SELECT command denied to user 'user_bug14533'@'localhost' for table 't1'
|
|
select * from db_bug14533.t1;
|
|
ERROR 42000: SELECT command denied to user 'user_bug14533'@'localhost' for table 't1'
|
|
drop user user_bug14533@localhost;
|
|
drop database db_bug14533;
|
|
|
|
---> connection: root
|
|
DROP DATABASE IF EXISTS mysqltest;
|
|
CREATE DATABASE mysqltest;
|
|
CREATE USER mysqltest_1@localhost;
|
|
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_1@localhost;
|
|
CREATE USER mysqltest_2@localhost;
|
|
GRANT SUPER ON *.* TO mysqltest_2@localhost;
|
|
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_2@localhost;
|
|
|
|
---> connection: mysqltest_2_con
|
|
use mysqltest;
|
|
CREATE PROCEDURE wl2897_p1() SELECT 1;
|
|
CREATE FUNCTION wl2897_f1() RETURNS INT RETURN 1;
|
|
|
|
---> connection: mysqltest_1_con
|
|
use mysqltest;
|
|
CREATE DEFINER=root@localhost PROCEDURE wl2897_p2() SELECT 2;
|
|
ERROR 42000: Access denied; you need the SUPER privilege for this operation
|
|
CREATE DEFINER=root@localhost FUNCTION wl2897_f2() RETURNS INT RETURN 2;
|
|
ERROR 42000: Access denied; you need the SUPER privilege for this operation
|
|
|
|
---> connection: mysqltest_2_con
|
|
use mysqltest;
|
|
CREATE DEFINER='a @ b @ c'@localhost PROCEDURE wl2897_p3() SELECT 3;
|
|
Warnings:
|
|
Note 1449 There is no 'a @ b @ c'@'localhost' registered
|
|
CREATE DEFINER='a @ b @ c'@localhost FUNCTION wl2897_f3() RETURNS INT RETURN 3;
|
|
Warnings:
|
|
Note 1449 There is no 'a @ b @ c'@'localhost' registered
|
|
|
|
---> connection: con1root
|
|
use mysqltest;
|
|
SHOW CREATE PROCEDURE wl2897_p1;
|
|
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
|
|
wl2897_p1 CREATE DEFINER=`mysqltest_2`@`localhost` PROCEDURE `wl2897_p1`()
|
|
SELECT 1 latin1 latin1_swedish_ci latin1_swedish_ci
|
|
SHOW CREATE PROCEDURE wl2897_p3;
|
|
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
|
|
wl2897_p3 CREATE DEFINER=`a @ b @ c`@`localhost` PROCEDURE `wl2897_p3`()
|
|
SELECT 3 latin1 latin1_swedish_ci latin1_swedish_ci
|
|
SHOW CREATE FUNCTION wl2897_f1;
|
|
Function sql_mode Create Function character_set_client collation_connection Database Collation
|
|
wl2897_f1 CREATE DEFINER=`mysqltest_2`@`localhost` FUNCTION `wl2897_f1`() RETURNS int(11)
|
|
RETURN 1 latin1 latin1_swedish_ci latin1_swedish_ci
|
|
SHOW CREATE FUNCTION wl2897_f3;
|
|
Function sql_mode Create Function character_set_client collation_connection Database Collation
|
|
wl2897_f3 CREATE DEFINER=`a @ b @ c`@`localhost` FUNCTION `wl2897_f3`() RETURNS int(11)
|
|
RETURN 3 latin1 latin1_swedish_ci latin1_swedish_ci
|
|
DROP USER mysqltest_1@localhost;
|
|
DROP USER mysqltest_2@localhost;
|
|
DROP DATABASE mysqltest;
|
|
|
|
---> connection: root
|
|
DROP DATABASE IF EXISTS mysqltest;
|
|
CREATE DATABASE mysqltest;
|
|
CREATE USER mysqltest_1@localhost;
|
|
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_1@localhost;
|
|
CREATE USER mysqltest_2@localhost;
|
|
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_2@localhost;
|
|
|
|
---> connection: mysqltest_1_con
|
|
use mysqltest;
|
|
CREATE PROCEDURE bug13198_p1()
|
|
SELECT 1;
|
|
CREATE FUNCTION bug13198_f1() RETURNS INT
|
|
RETURN 1;
|
|
CALL bug13198_p1();
|
|
1
|
|
1
|
|
SELECT bug13198_f1();
|
|
bug13198_f1()
|
|
1
|
|
|
|
---> connection: mysqltest_2_con
|
|
use mysqltest;
|
|
CALL bug13198_p1();
|
|
1
|
|
1
|
|
SELECT bug13198_f1();
|
|
bug13198_f1()
|
|
1
|
|
|
|
---> connection: root
|
|
DROP USER mysqltest_1@localhost;
|
|
|
|
---> connection: mysqltest_2_con
|
|
use mysqltest;
|
|
CALL bug13198_p1();
|
|
ERROR HY000: There is no 'mysqltest_1'@'localhost' registered
|
|
SELECT bug13198_f1();
|
|
ERROR HY000: There is no 'mysqltest_1'@'localhost' registered
|
|
|
|
---> connection: root
|
|
DROP USER mysqltest_2@localhost;
|
|
DROP DATABASE mysqltest;
|
|
GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
|
|
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
|
|
user19857@localhost;
|
|
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
|
|
Host User Password
|
|
localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C
|
|
|
|
---> connection: mysqltest_2_con
|
|
use test;
|
|
CREATE PROCEDURE sp19857() DETERMINISTIC
|
|
BEGIN
|
|
DECLARE a INT;
|
|
SET a=1;
|
|
SELECT a;
|
|
END //
|
|
SHOW CREATE PROCEDURE test.sp19857;
|
|
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
|
|
sp19857 CREATE DEFINER=`user19857`@`localhost` PROCEDURE `sp19857`()
|
|
DETERMINISTIC
|
|
BEGIN
|
|
DECLARE a INT;
|
|
SET a=1;
|
|
SELECT a;
|
|
END latin1 latin1_swedish_ci latin1_swedish_ci
|
|
DROP PROCEDURE IF EXISTS test.sp19857;
|
|
|
|
---> connection: root
|
|
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
|
|
Host User Password
|
|
localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C
|
|
DROP USER user19857@localhost;
|
|
use test;
|
|
DROP TABLE IF EXISTS t1;
|
|
DROP VIEW IF EXISTS v1;
|
|
DROP FUNCTION IF EXISTS f_suid;
|
|
DROP PROCEDURE IF EXISTS p_suid;
|
|
DROP FUNCTION IF EXISTS f_evil;
|
|
DELETE FROM mysql.user WHERE user LIKE 'mysqltest\_%';
|
|
DELETE FROM mysql.db WHERE user LIKE 'mysqltest\_%';
|
|
DELETE FROM mysql.tables_priv WHERE user LIKE 'mysqltest\_%';
|
|
DELETE FROM mysql.columns_priv WHERE user LIKE 'mysqltest\_%';
|
|
FLUSH PRIVILEGES;
|
|
CREATE TABLE t1 (i INT);
|
|
CREATE FUNCTION f_suid(i INT) RETURNS INT SQL SECURITY DEFINER RETURN 0;
|
|
CREATE PROCEDURE p_suid(IN i INT) SQL SECURITY DEFINER SET @c:= 0;
|
|
CREATE USER mysqltest_u1@localhost;
|
|
GRANT EXECUTE ON test.* TO mysqltest_u1@localhost;
|
|
CREATE DEFINER=mysqltest_u1@localhost FUNCTION f_evil () RETURNS INT
|
|
SQL SECURITY INVOKER
|
|
BEGIN
|
|
SET @a:= CURRENT_USER();
|
|
SET @b:= (SELECT COUNT(*) FROM t1);
|
|
RETURN @b;
|
|
END|
|
|
CREATE SQL SECURITY INVOKER VIEW v1 AS SELECT f_evil();
|
|
SELECT COUNT(*) FROM t1;
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
|
|
SELECT f_evil();
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
|
|
SELECT @a, @b;
|
|
@a @b
|
|
mysqltest_u1@localhost NULL
|
|
SELECT f_suid(f_evil());
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
|
|
SELECT @a, @b;
|
|
@a @b
|
|
mysqltest_u1@localhost NULL
|
|
CALL p_suid(f_evil());
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
|
|
SELECT @a, @b;
|
|
@a @b
|
|
mysqltest_u1@localhost NULL
|
|
SELECT * FROM v1;
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'v1'
|
|
SELECT @a, @b;
|
|
@a @b
|
|
mysqltest_u1@localhost NULL
|
|
DROP VIEW v1;
|
|
DROP FUNCTION f_evil;
|
|
DROP USER mysqltest_u1@localhost;
|
|
DROP PROCEDURE p_suid;
|
|
DROP FUNCTION f_suid;
|
|
DROP TABLE t1;
|
|
End of 5.0 tests.
|