mirror of
https://github.com/MariaDB/server.git
synced 2025-01-18 04:53:01 +01:00
882535423d
grants are reapplied. After renaming a user and trying to re-apply grants results in additional grants. This is because we use username as part of the key for GRANT_TABLE structure. When the user is renamed, we only change the username stored and the hash key still contains the old user name and this results in the extra privileges Fixed by rebuilding the hash key and updating the column_priv_hash structure when the user is renamed mysql-test/r/grant3.result: Bug #41597 - After rename of user, there are additional grants when grants are reapplied. Testcase for BUG#41597 mysql-test/t/grant3.test: Bug #41597 - After rename of user, there are additional grants when grants are reapplied. Testcase for BUG#41597 sql/sql_acl.cc: Bug #41597 - After rename of user, there are additional grants when grants are reapplied. Fixed handle_grant_struct() to update the hash key when the user is renamed. Added to set_user_details() method to GRANT_NAME class
195 lines
7.1 KiB
Text
195 lines
7.1 KiB
Text
SET NAMES binary;
|
|
drop table if exists t1;
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
create user mysqltest_1@localhost;
|
|
grant create user on *.* to mysqltest_1@localhost;
|
|
grant select on `my\_1`.* to mysqltest_1@localhost with grant option;
|
|
grant select on `my\_1`.* to mysqltest_2@localhost;
|
|
ERROR 42000: You are not allowed to create a user with GRANT
|
|
create user mysqltest_2@localhost;
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
grant select on test.* to CUser@localhost;
|
|
grant select on test.* to CUser@LOCALHOST;
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
user host
|
|
CUser LOCALHOST
|
|
CUser localhost
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
|
|
user host db select_priv
|
|
CUser LOCALHOST test Y
|
|
CUser localhost test Y
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
user host
|
|
CUser LOCALHOST
|
|
CUser localhost
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
|
|
user host db select_priv
|
|
CUser localhost test Y
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
user host
|
|
CUser LOCALHOST
|
|
CUser localhost
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
|
|
user host db select_priv
|
|
DROP USER CUser@localhost;
|
|
DROP USER CUser@LOCALHOST;
|
|
create table t1 (a int);
|
|
grant select on test.t1 to CUser@localhost;
|
|
grant select on test.t1 to CUser@LOCALHOST;
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
user host
|
|
CUser LOCALHOST
|
|
CUser localhost
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
user host db Table_name Table_priv Column_priv
|
|
CUser LOCALHOST test t1 Select
|
|
CUser localhost test t1 Select
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
user host
|
|
CUser LOCALHOST
|
|
CUser localhost
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
user host db Table_name Table_priv Column_priv
|
|
CUser localhost test t1 Select
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
user host
|
|
CUser LOCALHOST
|
|
CUser localhost
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
user host db Table_name Table_priv Column_priv
|
|
DROP USER CUser@localhost;
|
|
DROP USER CUser@LOCALHOST;
|
|
grant select(a) on test.t1 to CUser@localhost;
|
|
grant select(a) on test.t1 to CUser@LOCALHOST;
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
user host
|
|
CUser LOCALHOST
|
|
CUser localhost
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
user host db Table_name Table_priv Column_priv
|
|
CUser LOCALHOST test t1 Select
|
|
CUser localhost test t1 Select
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
user host
|
|
CUser LOCALHOST
|
|
CUser localhost
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
user host db Table_name Table_priv Column_priv
|
|
CUser localhost test t1 Select
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
|
|
user host
|
|
CUser LOCALHOST
|
|
CUser localhost
|
|
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
|
|
user host db Table_name Table_priv Column_priv
|
|
DROP USER CUser@localhost;
|
|
DROP USER CUser@LOCALHOST;
|
|
drop table t1;
|
|
grant select on test.* to CUser2@localhost;
|
|
grant select on test.* to CUser2@LOCALHOST;
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
|
|
user host
|
|
CUser2 LOCALHOST
|
|
CUser2 localhost
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
|
|
user host db select_priv
|
|
CUser2 LOCALHOST test Y
|
|
CUser2 localhost test Y
|
|
REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST';
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
|
|
user host
|
|
CUser2 LOCALHOST
|
|
CUser2 localhost
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
|
|
user host db select_priv
|
|
CUser2 localhost test Y
|
|
REVOKE SELECT ON test.* FROM 'CUser2'@'localhost';
|
|
flush privileges;
|
|
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
|
|
user host
|
|
CUser2 LOCALHOST
|
|
CUser2 localhost
|
|
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
|
|
user host db select_priv
|
|
DROP USER CUser2@localhost;
|
|
DROP USER CUser2@LOCALHOST;
|
|
CREATE DATABASE mysqltest_1;
|
|
CREATE TABLE mysqltest_1.t1 (a INT);
|
|
CREATE USER 'mysqltest1'@'%';
|
|
GRANT SELECT, UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%';
|
|
REVOKE SELECT ON `mysqltest_1`.* FROM 'mysqltest1'@'%';
|
|
GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%';
|
|
FLUSH PRIVILEGES;
|
|
SHOW GRANTS;
|
|
Grants for mysqltest1@%
|
|
GRANT USAGE ON *.* TO 'mysqltest1'@'%'
|
|
GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%'
|
|
GRANT UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%'
|
|
SELECT * FROM mysqltest_1.t1;
|
|
a
|
|
DROP USER 'mysqltest1'@'%';
|
|
DROP DATABASE mysqltest_1;
|
|
#
|
|
# Bug#41597 - After rename of user, there are additional grants
|
|
# when grants are reapplied.
|
|
#
|
|
CREATE DATABASE temp;
|
|
CREATE TABLE temp.t1(a INT, b VARCHAR(10));
|
|
INSERT INTO temp.t1 VALUES(1, 'name1');
|
|
INSERT INTO temp.t1 VALUES(2, 'name2');
|
|
INSERT INTO temp.t1 VALUES(3, 'name3');
|
|
CREATE USER 'user1'@'%';
|
|
RENAME USER 'user1'@'%' TO 'user2'@'%';
|
|
# Show privileges after rename and BEFORE grant
|
|
SHOW GRANTS FOR 'user2'@'%';
|
|
Grants for user2@%
|
|
GRANT USAGE ON *.* TO 'user2'@'%'
|
|
GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%';
|
|
# Show privileges after rename and grant
|
|
SHOW GRANTS FOR 'user2'@'%';
|
|
Grants for user2@%
|
|
GRANT USAGE ON *.* TO 'user2'@'%'
|
|
GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%'
|
|
# Connect as the renamed user
|
|
SHOW GRANTS;
|
|
Grants for user2@%
|
|
GRANT USAGE ON *.* TO 'user2'@'%'
|
|
GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%'
|
|
SELECT a FROM temp.t1;
|
|
a
|
|
1
|
|
2
|
|
3
|
|
# Check for additional privileges by accessing a
|
|
# non privileged column. We shouldn't be able to
|
|
# access this column.
|
|
SELECT b FROM temp.t1;
|
|
ERROR 42000: SELECT command denied to user 'user2'@'localhost' for column 'b' in table 't1'
|
|
DROP USER 'user2'@'%';
|
|
DROP DATABASE temp;
|
|
End of 5.0 tests
|