diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 18:00:34 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 18:00:34 +0000 |
commit | 3f619478f796eddbba6e39502fe941b285dd97b1 (patch) | |
tree | e2c7b5777f728320e5b5542b6213fd3591ba51e2 /mysql-test/main/grant3.test | |
parent | Initial commit. (diff) | |
download | mariadb-upstream.tar.xz mariadb-upstream.zip |
Adding upstream version 1:10.11.6.upstream/1%10.11.6upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'mysql-test/main/grant3.test')
-rw-r--r-- | mysql-test/main/grant3.test | 242 |
1 files changed, 242 insertions, 0 deletions
diff --git a/mysql-test/main/grant3.test b/mysql-test/main/grant3.test new file mode 100644 index 00000000..7842233d --- /dev/null +++ b/mysql-test/main/grant3.test @@ -0,0 +1,242 @@ +# Can't run with embedded server because we use GRANT +-- source include/not_embedded.inc + +# Save the initial number of concurrent sessions +--source include/count_sessions.inc + +set global sql_mode=""; +set local sql_mode=""; + +# Test of GRANT commands + +SET NAMES binary; +connect (master,localhost,root,,); +connection master; + +# Cleanup +--disable_warnings +drop table if exists t1; +--enable_warnings + +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +delete from mysql.tables_priv where user like 'mysqltest\_%'; +delete from mysql.columns_priv where user like 'mysqltest\_%'; +flush privileges; + +create user mysqltest_1@localhost; +grant create user on *.* to mysqltest_1@localhost; +grant select on `my\_1`.* to mysqltest_1@localhost with grant option; +connect (user_a,localhost,mysqltest_1,,); +connection user_a; +--error ER_CANT_CREATE_USER_WITH_GRANT +grant select on `my\_1`.* to mysqltest_2@localhost; +create user mysqltest_2@localhost; +disconnect user_a; +disconnect master; +connection default; + +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +delete from mysql.tables_priv where user like 'mysqltest\_%'; +delete from mysql.columns_priv where user like 'mysqltest\_%'; +flush privileges; + +# +# Bug#19828 Case sensitivity in Grant/Revoke +# + +grant select on test.* to CUser@localhost; +grant select on test.* to CUser@LOCALHOST; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; + +DROP USER CUser@localhost; +--error ER_CANNOT_USER +DROP USER CUser@LOCALHOST; + +#### table grants +create table t1 (a int); +grant select on test.t1 to CUser@localhost; +grant select on test.t1 to CUser@LOCALHOST; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +DROP USER CUser@localhost; +--error ER_CANNOT_USER +DROP USER CUser@LOCALHOST; + +### column grants + +grant select(a) on test.t1 to CUser@localhost; +grant select(a) on test.t1 to CUser@LOCALHOST; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +DROP USER CUser@localhost; +--error ER_CANNOT_USER +DROP USER CUser@LOCALHOST; + +drop table t1; + +# revoke on a specific DB only + +grant select on test.* to CUser2@localhost; +grant select on test.* to CUser2@LOCALHOST; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; + +REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; + +--error ER_NONEXISTING_GRANT +REVOKE SELECT ON test.* FROM 'CUser2'@'localhost'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; + +DROP USER CUser2@localhost; +--error ER_CANNOT_USER +DROP USER CUser2@LOCALHOST; + + +# +# Bug#31194 Privilege ordering does not order properly for wildcard values +# + +CREATE DATABASE mysqltest_1; +CREATE TABLE mysqltest_1.t1 (a INT); +CREATE USER 'mysqltest1'@'%'; +GRANT SELECT, UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%'; +REVOKE SELECT ON `mysqltest_1`.* FROM 'mysqltest1'@'%'; +GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%'; +FLUSH PRIVILEGES; + +connect (conn1,localhost,mysqltest1,,); +connection conn1; +SHOW GRANTS; +SELECT * FROM mysqltest_1.t1; +disconnect conn1; + +connection default; +DROP USER 'mysqltest1'@'%'; +DROP DATABASE mysqltest_1; + +--echo # +--echo # Bug#41597 - After rename of user, there are additional grants +--echo # when grants are reapplied. +--echo # + +CREATE DATABASE temp; +CREATE TABLE temp.t1(a INT, b VARCHAR(10)); +INSERT INTO temp.t1 VALUES(1, 'name1'); +INSERT INTO temp.t1 VALUES(2, 'name2'); +INSERT INTO temp.t1 VALUES(3, 'name3'); + + +CREATE USER 'user1'@'%'; +RENAME USER 'user1'@'%' TO 'user2'@'%'; +--echo # Show privileges after rename and BEFORE grant +SHOW GRANTS FOR 'user2'@'%'; +GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%'; +--echo # Show privileges after rename and grant +SHOW GRANTS FOR 'user2'@'%'; + +--echo # Connect as the renamed user +connect (conn1, localhost, user2,,); +connection conn1; +SHOW GRANTS; +SELECT a FROM temp.t1; +--echo # Check for additional privileges by accessing a +--echo # non privileged column. We shouldn't be able to +--echo # access this column. +--error ER_COLUMNACCESS_DENIED_ERROR +SELECT b FROM temp.t1; +disconnect conn1; + +connection default; +DROP USER 'user2'@'%'; +DROP DATABASE temp; + +set global sql_mode=default; +--echo # +--echo # End of 5.0 tests +--echo # + +create database db1; +create user foo@localhost; +grant create on db1.* to foo@localhost; +grant all privileges on test.* to foo@localhost; +connect foo,localhost,foo; +create temporary table t as values (1),(2),(3); +use db1; +--error ER_TABLEACCESS_DENIED_ERROR +create table t1 as select * from test.t; +--error ER_TABLEACCESS_DENIED_ERROR +create table t1 as values (1),(2),(3); +create table t1 (a int); +disconnect foo; +connection default; + +revoke create on db1.* from foo@localhost; +grant insert on db1.* to foo@localhost; +connect foo,localhost,foo; +use db1; +--error ER_TABLEACCESS_DENIED_ERROR +create table t2 as values (1),(2),(3); +disconnect foo; + +connection default; +drop user foo@localhost; +drop database db1; + +# Wait till we reached the initial number of concurrent sessions +--source include/wait_until_count_sessions.inc |