mirror of
https://github.com/MariaDB/server.git
synced 2025-01-27 09:14:17 +01:00
22491e627a
Reset of acl_public was made too early (before saving it to restore in case of error).
134 lines
3.6 KiB
Text
134 lines
3.6 KiB
Text
--source include/not_embedded.inc
|
|
--echo #
|
|
--echo # MDEV-5215 Granted to PUBLIC
|
|
--echo #
|
|
|
|
SHOW GRANTS FOR PUBLIC;
|
|
|
|
--echo # it is not PUBLIC but an user
|
|
--echo # (this should work as it allowed for roles for example)
|
|
create user PUBLIC;
|
|
create user PUBLIC@localhost;
|
|
GRANT SELECT on test.* to PUBLIC@localhost;
|
|
drop user PUBLIC@localhost;
|
|
drop user PUBLIC;
|
|
|
|
select * from mysql.global_priv where user="PUBLIC" ;
|
|
GRANT SELECT on test.* to PUBLIC;
|
|
GRANT SELECT on mysql.db to PUBLIC;
|
|
--replace_regex /"version_id"\:[0-9]+/"version_id":VERSION/
|
|
select * from mysql.global_priv where user="PUBLIC" ;
|
|
|
|
SHOW GRANTS FOR PUBLIC;
|
|
|
|
GRANT UPDATE on test.* to PUBLIC;
|
|
grant update on mysql.db to public;
|
|
|
|
show grants for public;
|
|
|
|
revoke select on test.* from public;
|
|
REVOKE SELECT on mysql.db from PUBLIC;
|
|
|
|
SHOW GRANTS FOR PUBLIC;
|
|
|
|
REVOKE UPDATE on test.* from PUBLIC;
|
|
REVOKE UPDATE on mysql.db from PUBLIC;
|
|
|
|
SHOW GRANTS FOR PUBLIC;
|
|
|
|
--error ER_INVALID_ROLE
|
|
GRANT XXXXXX TO CURRENT_USER;
|
|
--echo # following should fail with the same error as above
|
|
--error ER_INVALID_ROLE
|
|
GRANT PUBLIC TO CURRENT_USER;
|
|
|
|
--error ER_INVALID_ROLE
|
|
revoke xxxxxx from current_user;
|
|
--echo # following should fail with the same error as above
|
|
--error ER_INVALID_ROLE
|
|
revoke public from current_user;
|
|
|
|
--error ER_CANNOT_USER
|
|
drop role XXXXXX;
|
|
--echo # following should fail with the same error as above
|
|
--error ER_CANNOT_USER
|
|
drop role public;
|
|
|
|
--error ER_INVALID_ROLE
|
|
SET ROLE XXXXXX;
|
|
--echo # following should fail with the same error as above
|
|
--error ER_INVALID_ROLE
|
|
SET ROLE PUBLIC;
|
|
|
|
--error ER_INVALID_ROLE
|
|
SET DEFAULT ROLE XXXXXX;
|
|
--echo # following should fail with the same error as above
|
|
--error ER_INVALID_ROLE
|
|
SET DEFAULT ROLE PUBLIC;
|
|
--error ER_INVALID_ROLE
|
|
set default role public;
|
|
|
|
--echo #
|
|
--echo # check prohibition of change security context to PUBLIC
|
|
--echo #
|
|
--echo # be sure that we have PUBLIC
|
|
GRANT SELECT on test.* to PUBLIC;
|
|
--echo # try with a view
|
|
create table t1( a int);
|
|
--error ER_INVALID_ROLE
|
|
create definer = PUBLIC view v1 as select * from t1;
|
|
drop table t1;
|
|
--echo # try with a stored procedure
|
|
--error ER_INVALID_ROLE
|
|
create definer='PUBLIC' PROCEDURE p1() SELECT 1;
|
|
--echo # this test cleanup
|
|
revoke select on test.* from public;
|
|
|
|
--echo #
|
|
--echo # check autocreation of PUBLIC on GRANT role TO PUBLIC
|
|
--echo #
|
|
--echo # make sure that the privilege will be added automatically
|
|
delete from mysql.global_priv where user="PUBLIC";
|
|
flush privileges;
|
|
create role roletest;
|
|
grant roletest to public;
|
|
drop role roletest;
|
|
|
|
delete from mysql.global_priv where user="PUBLIC";
|
|
flush privileges;
|
|
grant select on mysql.global_priv to public;
|
|
revoke select on mysql.global_priv from public;
|
|
|
|
delete from mysql.global_priv where user="PUBLIC";
|
|
flush privileges;
|
|
grant select (user) on mysql.global_priv to public;
|
|
revoke select (user) on mysql.global_priv from public;
|
|
|
|
delete from mysql.global_priv where user="PUBLIC";
|
|
flush privileges;
|
|
grant execute on procedure mtr.add_suppression to public;
|
|
revoke execute on procedure mtr.add_suppression from public;
|
|
|
|
--echo #
|
|
--echo # MDEV-30154: Assertion `strcasecmp(rolename, public_name.str) ||
|
|
--echo # acl_public == role' failed in acl_update_role on GRANT ... TO PUBLIC
|
|
--echo #
|
|
call mtr.add_suppression("Can't open and lock privilege tables");
|
|
USE test;
|
|
GRANT SELECT ON *.* TO PUBLIC;
|
|
LOCK TABLES mysql.time_zone WRITE,mysql.proc WRITE;
|
|
--error 1100
|
|
FLUSH PRIVILEGES;
|
|
--error 1146
|
|
LOCK TABLE nonexisting WRITE;
|
|
GRANT SELECT ON *.* TO PUBLIC;
|
|
|
|
REVOKE SELECT ON *.* FROM PUBLIC;
|
|
|
|
--echo #
|
|
--echo # End of 10.11 test
|
|
--echo #
|
|
|
|
-- echo # clean up
|
|
delete from mysql.global_priv where user="PUBLIC";
|
|
flush privileges;
|