diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:24:36 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:24:36 +0000 |
commit | 06eaf7232e9a920468c0f8d74dcf2fe8b555501c (patch) | |
tree | e2c7b5777f728320e5b5542b6213fd3591ba51e2 /mysql-test/main/grant2.test | |
parent | Initial commit. (diff) | |
download | mariadb-06eaf7232e9a920468c0f8d74dcf2fe8b555501c.tar.xz mariadb-06eaf7232e9a920468c0f8d74dcf2fe8b555501c.zip |
Adding upstream version 1:10.11.6.upstream/1%10.11.6
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'mysql-test/main/grant2.test')
-rw-r--r-- | mysql-test/main/grant2.test | 1029 |
1 files changed, 1029 insertions, 0 deletions
diff --git a/mysql-test/main/grant2.test b/mysql-test/main/grant2.test new file mode 100644 index 00000000..8f1402c2 --- /dev/null +++ b/mysql-test/main/grant2.test @@ -0,0 +1,1029 @@ +# Grant tests not performed with embedded server +-- source include/not_embedded.inc + +# Save the initial number of concurrent sessions +--source include/count_sessions.inc + +select priv into @root_priv from mysql.global_priv where user='root' and host='localhost'; +set GLOBAL sql_mode=""; +set LOCAL sql_mode=""; +SET NAMES binary; + +# +# GRANT tests that require several connections +# (usually it's GRANT, reconnect as another user, try something) +# + + +# prepare playground before tests +--disable_warnings +drop database if exists mysqltest; +drop database if exists mysqltest_1; +--enable_warnings +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +delete from mysql.tables_priv where user like 'mysqltest\_%'; +delete from mysql.columns_priv where user like 'mysqltest\_%'; +flush privileges; + + +grant all privileges on `my\_1`.* to mysqltest_1@localhost with grant option; +grant create user on *.* to mysqltest_1@localhost; +create user mysqltest_2@localhost; +connect (user_a,localhost,mysqltest_1,,"*NO-ONE*"); +connection user_a; +grant select on `my\_1`.* to mysqltest_2@localhost; +--error ER_DBACCESS_DENIED_ERROR +grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass'; +disconnect user_a; +connection default; +grant update on mysql.* to mysqltest_1@localhost; +connect (user_b,localhost,mysqltest_1,,"*NO-ONE*"); +connection user_b; +grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass'; +grant select on `my\_1`.* to mysqltest_3@localhost; +disconnect user_b; +connection default; +grant insert on mysql.* to mysqltest_1@localhost; +connect (user_c,localhost,mysqltest_1,,"*NO-ONE*"); +connection user_c; +grant select on `my\_1`.* to mysqltest_3@localhost; +grant select on `my\_1`.* to mysqltest_4@localhost identified by 'pass'; +disconnect user_c; +connection default; +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +delete from mysql.tables_priv where user like 'mysqltest\_%'; +delete from mysql.columns_priv where user like 'mysqltest\_%'; +flush privileges; + +# +# wild_compare fun +# + +grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option; +grant create user on *.* to mysqltest_1@localhost; +connect (user1,localhost,mysqltest_1,,"*NO-ONE*"); +connection user1; +select current_user(); +grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option; +--error ER_DBACCESS_DENIED_ERROR +grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option; + +# +# NO_AUTO_CREATE_USER mode +# +set @@sql_mode='NO_AUTO_CREATE_USER'; +select @@sql_mode; +# +# GRANT without IDENTIFIED BY does not create new users +# +--error ER_PASSWORD_NO_MATCH +grant select on `my\_1`.* to mysqltest_4@localhost with grant option; +grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass' +with grant option; +disconnect user1; +connection default; +show grants for mysqltest_1@localhost; +show grants for mysqltest_2@localhost; +--error ER_NONEXISTING_GRANT +show grants for mysqltest_3@localhost; +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +flush privileges; + +# +# wild_compare part two - acl_cache +# +create database mysqltest_1; +grant all privileges on `mysqltest\_1`.* to mysqltest_1@localhost with grant option; +connect (user2,localhost,mysqltest_1,,"*NO-ONE*"); +connection user2; +select current_user(); +show databases; +--error ER_DBACCESS_DENIED_ERROR +grant all privileges on `mysqltest_1`.* to mysqltest_1@localhost with grant option; +disconnect user2; +connection default; +show grants for mysqltest_1@localhost; +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +drop database mysqltest_1; +flush privileges; + +# +# Bug#6173 One can circumvent missing UPDATE privilege if he has SELECT and +# INSERT privilege for table with primary key +# +create database mysqltest; +grant INSERT, SELECT on mysqltest.* to mysqltest_1@localhost; +flush privileges; +use mysqltest; +create table t1 (id int primary key, data varchar(255)); + +connect (mrbad, localhost, mysqltest_1,,mysqltest); +connection mrbad; +show grants for current_user(); +insert into t1 values (1, 'I can''t change it!'); +--error ER_TABLEACCESS_DENIED_ERROR +update t1 set data='I can change it!' where id = 1; +# This should not be allowed since it too require UPDATE privilege. +--error ER_TABLEACCESS_DENIED_ERROR +insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!'; +select * from t1; +disconnect mrbad; + +connection default; +drop table t1; +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +flush privileges; +# +# +create table t1 (a int, b int); +grant select (a) on t1 to mysqltest_1@localhost with grant option; +connect (mrugly, localhost, mysqltest_1,,mysqltest); +connection mrugly; +--error ER_COLUMNACCESS_DENIED_ERROR +grant select (a,b) on t1 to mysqltest_2@localhost; +--error ER_TABLEACCESS_DENIED_ERROR +grant select on t1 to mysqltest_3@localhost; +disconnect mrugly; + +connection default; +drop table t1; +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +delete from mysql.tables_priv where user like 'mysqltest\_%'; +delete from mysql.columns_priv where user like 'mysqltest\_%'; +flush privileges; + +drop database mysqltest; +use test; + + +# +# Bug#15775 "drop user" command does not refresh acl_check_hosts +# + +# Create some test users +create user mysqltest_1@host1; +create user mysqltest_2@host2; +create user mysqltest_3@host3; +create user mysqltest_4@host4; +create user mysqltest_5@host5; +create user mysqltest_6@host6; +create user mysqltest_7@host7; +flush privileges; + +# Drop one user +drop user mysqltest_3@host3; + +# This connect failed before fix since the acl_check_hosts list was corrupted by the "drop user" +connect (con8,127.0.0.1,root,,test,$MASTER_MYPORT,); +disconnect con8; +connection default; + +# Clean up - Drop all of the remaining users at once +drop user mysqltest_1@host1, mysqltest_2@host2, mysqltest_4@host4, + mysqltest_5@host5, mysqltest_6@host6, mysqltest_7@host7; + +# Check that it's still possible to connect +connect (con9,127.0.0.1,root,,test,$MASTER_MYPORT,); +disconnect con9; +connection default; + +# +# Bug#16180 Setting SQL_LOG_OFF without SUPER privilege is silently ignored +# +create database mysqltest_1; +grant select, insert, update on `mysqltest\_1`.* to mysqltest_1@localhost; +connect (con10,localhost,mysqltest_1,,"*NO-ONE*"); +connection con10; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +set sql_log_off = 1; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +set sql_log_bin = 0; +disconnect con10; +connection default; +delete from mysql.user where user like 'mysqltest\_1'; +delete from mysql.db where user like 'mysqltest\_1'; +drop database mysqltest_1; +flush privileges; + +# End of 4.1 tests +# Create and drop user +# +set sql_mode='maxdb'; +--disable_warnings +drop table if exists t1, t2; +--enable_warnings +create table t1(c1 int); +create table t2(c1 int, c2 int); +# +# Three forms of CREATE USER +create user 'mysqltest_1'; +--error ER_CANNOT_USER +create user 'mysqltest_1'; +create user 'mysqltest_2' identified by 'Mysqltest-2'; +create user 'mysqltest_3' identified by password 'fffffffffffffffffffffffffffffffffffffffff'; +grant select on *.* to 'mysqltest_2'; +grant insert on test.* to 'mysqltest_2'; +grant update on test.t1 to 'mysqltest_2'; +grant update (c2) on test.t2 to 'mysqltest_2'; +--sorted_result +select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%'; +--sorted_result +select host,db,user from mysql.db where user like 'mysqltest_%'; +--sorted_result +select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%'; +--sorted_result +select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%'; +show grants for 'mysqltest_1'; +show grants for 'mysqltest_2'; +# +# Drop +drop user 'mysqltest_1'; +--sorted_result +select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%'; +--sorted_result +select host,db,user from mysql.db where user like 'mysqltest_%'; +--sorted_result +select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%'; +--sorted_result +select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%'; +--error ER_NONEXISTING_GRANT +show grants for 'mysqltest_1'; +# +# Rename +rename user 'mysqltest_2' to 'mysqltest_1'; +--sorted_result +select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ; +--sorted_result +select host,db,user from mysql.db where user like 'mysqltest_%' ; +--sorted_result +select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' ; +--sorted_result +select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' ; +show grants for 'mysqltest_1'; +drop user 'mysqltest_1', 'mysqltest_3'; +--error ER_CANNOT_USER +drop user 'mysqltest_1'; +# +# Cleanup +drop table t1, t2; +# +# Add a stray record +insert into mysql.db set user='mysqltest_1', db='%', host='%'; +flush privileges; +--error ER_NONEXISTING_GRANT +show grants for 'mysqltest_1'; +--error ER_REVOKE_GRANTS +revoke all privileges, grant option from 'mysqltest_1'; +drop user 'mysqltest_1'; +--sorted_result +select host,db,user from mysql.db where user = 'mysqltest_1' ; +# +# Add a stray record +insert into mysql.tables_priv set host='%', db='test', user='mysqltest_1', table_name='t1'; +flush privileges; +--error ER_NONEXISTING_GRANT +show grants for 'mysqltest_1'; +drop user 'mysqltest_1'; +--sorted_result +select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' ; +# +# Add a stray record +insert into mysql.columns_priv set host='%', db='test', user='mysqltest_1', table_name='t1', column_name='c1'; +flush privileges; +--error ER_NONEXISTING_GRANT +show grants for 'mysqltest_1'; +drop user 'mysqltest_1'; +--sorted_result +select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' ; +# +# Handle multi user lists +create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3'; +drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3'; +create user 'mysqltest_1', 'mysqltest_2' identified by 'Mysqltest-2', 'mysqltest_3' identified by password 'fffffffffffffffffffffffffffffffffffffffff'; +rename user 'mysqltest_1' to 'mysqltest_1a', 'mysqltest_2' TO 'mysqltest_2a', 'mysqltest_3' TO 'mysqltest_3a'; +--error ER_CANNOT_USER +drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3'; +drop user 'mysqltest_1a', 'mysqltest_2a', 'mysqltest_3a'; +# +# Let one of multiple users fail +create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3'; +--error ER_CANNOT_USER +create user 'mysqltest_1a', 'mysqltest_2', 'mysqltest_3a'; +--error ER_CANNOT_USER +rename user 'mysqltest_1a' to 'mysqltest_1b', 'mysqltest_2a' TO 'mysqltest_2b', 'mysqltest_3a' TO 'mysqltest_3b'; +drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3'; +--error ER_CANNOT_USER +drop user 'mysqltest_1b', 'mysqltest_2b', 'mysqltest_3b'; +# +# Obsolete syntax has been dropped +create user 'mysqltest_2' identified by 'Mysqltest-2'; +--error ER_PARSE_ERROR +drop user 'mysqltest_2' identified by 'Mysqltest-2'; +drop user 'mysqltest_2'; +# +# Strange user names +create user '%@b'@'b'; +show grants for '%@b'@'b'; +grant select on mysql.* to '%@b'@'b'; +show grants for '%@b'@'b'; +rename user '%@b'@'b' to '%@a'@'a'; +--error ER_NONEXISTING_GRANT +show grants for '%@b'@'b'; +show grants for '%@a'@'a'; +drop user '%@a'@'a'; +# +# CREATE USER privilege is enough +# +create user mysqltest_2@localhost; +grant create user on *.* to mysqltest_2@localhost; +connect (user3,localhost,mysqltest_2,,"*NO-ONE*"); +connection user3; +--error ER_TABLEACCESS_DENIED_ERROR +select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ; +create user mysqltest_A@'%'; +rename user mysqltest_A@'%' to mysqltest_B@'%'; +drop user mysqltest_B@'%'; +disconnect user3; +connection default; +drop user mysqltest_2@localhost; +# +# INSERT/UPDATE/DELETE is ok too +create user mysqltest_3@localhost; +grant INSERT,DELETE,UPDATE on mysql.* to mysqltest_3@localhost; +connect (user4,localhost,mysqltest_3,,"*NO-ONE*"); +connection user4; +show grants; +--error ER_TABLEACCESS_DENIED_ERROR +select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ; +insert into mysql.global_priv set host='%', user='mysqltest_B'; +create user mysqltest_A@'%'; +rename user mysqltest_B@'%' to mysqltest_C@'%'; +drop user mysqltest_C@'%'; +drop user mysqltest_A@'%'; +disconnect user4; +connection default; +drop user mysqltest_3@localhost; +# +# Bug#3309 Test IP addresses with netmask +set @@sql_mode=''; +create database mysqltest_1; +create table mysqltest_1.t1 (i int); +insert into mysqltest_1.t1 values (1),(2),(3); +GRANT ALL ON mysqltest_1.t1 TO mysqltest_1@'127.0.0.0/255.0.0.0'; +connect (n1,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,$MASTER_MYSOCK); +connection n1; +show grants for current_user(); +select * from t1; +disconnect n1; +connection default; +REVOKE ALL ON mysqltest_1.t1 FROM mysqltest_1@'127.0.0.0/255.0.0.0'; +delete from mysql.user where user like 'mysqltest\_1'; +flush privileges; +drop table mysqltest_1.t1; + +# +# Bug#12302 Hostname resolution preventing password changes +# 'SET PASSWORD = ...' didn't work if connecting hostname != +# hostname the current user is authenticated as. Note that a test for this +# was also added to the test above. +# +grant all on mysqltest_1.* to mysqltest_1@'127.0.0.1'; +connect (b12302,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,); +connection b12302; +select current_user(); +set password = password('changed'); +disconnect b12302; +connection default; +select host, length(authentication_string) from mysql.user where user like 'mysqltest\_1'; +revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.1'; +delete from mysql.user where user like 'mysqltest\_1'; +flush privileges; +grant all on mysqltest_1.* to mysqltest_1@'127.0.0.0/255.0.0.0'; +connect (b12302_2,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,); +connection b12302_2; +select current_user(); +set password = password('changed'); +disconnect b12302_2; +connection default; +select host, length(authentication_string) from mysql.user where user like 'mysqltest\_1'; +revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.0/255.0.0.0'; +delete from mysql.user where user like 'mysqltest\_1'; +flush privileges; +drop database mysqltest_1; + +--source include/add_anonymous_users.inc + +# But anonymous users can't change their password +connect (n5,localhost,test,,"*NO-ONE*",$MASTER_MYPORT,$MASTER_MYSOCK); +connection n5; +--error ER_PASSWORD_ANONYMOUS_USER +set password = password("changed"); +disconnect n5; +connection default; + +--source include/delete_anonymous_users.inc + + +# Bug#12423 "Deadlock when doing FLUSH PRIVILEGES and GRANT in +# multi-threaded environment". We should be able to execute FLUSH +# PRIVILEGES and SET PASSWORD simultaneously with other account +# management commands (such as GRANT and REVOKE) without causing +# deadlocks. To achieve this we should ensure that all account +# management commands take table and internal locks in the same order. +connect (con2root,localhost,root,,); +connect (con3root,localhost,root,,); +# Check that we can execute FLUSH PRIVILEGES and GRANT simultaneously +# This will check that locks are taken in proper order during both +# user/db-level and table/column-level privileges reloading. +connection default; +lock table mysql.user write; +connection con2root; +send flush privileges; +connection con3root; +send grant all on *.* to 'mysqltest_1'@'localhost'; +connection default; +unlock tables; +connection con2root; +reap; +connection con3root; +reap; +# Check for simultaneous SET PASSWORD and REVOKE. +connection default; +lock table mysql.user write; +connection con2root; +send set password for 'mysqltest_1'@'localhost' = password(''); +connection con3root; +send revoke all on *.* from 'mysqltest_1'@'localhost'; +connection default; +unlock tables; +connection con2root; +reap; +connection con3root; +reap; +connection default; +# Clean-up +drop user 'mysqltest_1'@'localhost'; +disconnect con2root; +disconnect con3root; + +# End of 4.1 tests + +# +# Bug#17279 user with no global privs and with create +# priv in db can create databases +# + +create database TESTDB; +create table t2(a int); +create temporary table t1 as select * from mysql.global_priv; +delete from mysql.global_priv where host='localhost'; +INSERT INTO mysql.global_priv (host, user, priv) VALUES +('%','mysqltest_1',json_object('authentication_string', password('password'))); +INSERT INTO mysql.db (host, db, user, select_priv) VALUES +('%','TESTDB','mysqltest_1','Y'); +FLUSH PRIVILEGES; + +connect (con1,localhost,mysqltest_1,password,TESTDB); + +# The user mysqltest_1 should only be allowed access to +# database TESTDB, not TEStdb +# On system with "lowercase names" we get error "ER_DB_CREATE_EXISTS: Can't create db..." +--error ER_DBACCESS_DENIED_ERROR, ER_DB_CREATE_EXISTS +create database TEStdb; + +# Clean-up +connection default; +disconnect con1; +delete from mysql.global_priv; +delete from mysql.db where host='%' and user='mysqltest_1' and db='TESTDB'; +insert into mysql.global_priv select * from t1; +drop table t1, t2; +drop database TESTDB; +flush privileges; + +# +# Bug#13310 incorrect user parsing by SP +# + +SET @old_log_bin_trust_function_creators= @@global.log_bin_trust_function_creators; +SET GLOBAL log_bin_trust_function_creators = 1; + +GRANT ALL PRIVILEGES ON test.* TO `a@`@localhost; +GRANT EXECUTE ON * TO `a@`@localhost; +connect (bug13310,localhost,'a@',,test); +connection bug13310; +CREATE TABLE t2 (s1 INT); +INSERT INTO t2 VALUES (1); +--disable_warnings +DROP FUNCTION IF EXISTS f2; +--enable_warnings +delimiter //; +--enable_prepare_warnings +CREATE FUNCTION f2 () RETURNS INT +BEGIN DECLARE v INT; SELECT s1 FROM t2 INTO v; RETURN v; END// +--disable_prepare_warnings +delimiter ;// +SELECT f2(); + +DROP FUNCTION f2; +DROP TABLE t2; +disconnect bug13310; +connection default; +REVOKE ALL PRIVILEGES, GRANT OPTION FROM `a@`@localhost; +DROP USER `a@`@localhost; + +SET @@global.log_bin_trust_function_creators= @old_log_bin_trust_function_creators; + + +# +# Bug#25578 CREATE TABLE LIKE does not require any privileges on source table +# +--disable_warnings +drop database if exists mysqltest_1; +drop database if exists mysqltest_2; +--enable_warnings +--error 0,ER_CANNOT_USER +drop user mysqltest_u1@localhost; + +create database mysqltest_1; +create database mysqltest_2; +grant all on mysqltest_1.* to mysqltest_u1@localhost; +use mysqltest_2; +create table t1 (i int); + +# Connect as user with all rights on mysqltest_1 but with no rights on mysqltest_2. +connect (user1,localhost,mysqltest_u1,,mysqltest_1); +connection user1; +# As expected error is emitted +--error ER_TABLEACCESS_DENIED_ERROR +show create table mysqltest_2.t1; +# This should emit error as well +--error ER_TABLEACCESS_DENIED_ERROR +create table t1 like mysqltest_2.t1; + +# Now let us check that SELECT privilege on the source is enough +connection default; +grant select on mysqltest_2.t1 to mysqltest_u1@localhost; +connection user1; +show create table mysqltest_2.t1; +create table t1 like mysqltest_2.t1; + +# Clean-up +connection default; +disconnect user1; +use test; +drop database mysqltest_1; +drop database mysqltest_2; +drop user mysqltest_u1@localhost; + + +# +# Bug#18660 Can't grant any privileges on single table in database +# with underscore char +# +grant all on `mysqltest\_%`.* to mysqltest_1@localhost with grant option; +grant usage on *.* to mysqltest_2@localhost; +connect (con18600_1,localhost,mysqltest_1,,"*NO-ONE*"); + +create database mysqltest_1; +use mysqltest_1; +create table t1 (f1 int); + +grant create on `mysqltest\_1`.* to mysqltest_2@localhost; +grant select on mysqltest_1.t1 to mysqltest_2@localhost; +connect (con3,localhost,mysqltest_2,,"*NO-ONE*"); +connection con3; +--error ER_DBACCESS_DENIED_ERROR +create database mysqltest_3; +use mysqltest_1; +create table t2(f1 int); +select * from t1; +connection default; +drop database mysqltest_1; + +connection default; +disconnect con3; +disconnect con18600_1; +revoke all privileges, grant option from mysqltest_1@localhost; +revoke all privileges, grant option from mysqltest_2@localhost; +drop user mysqltest_1@localhost; +drop user mysqltest_2@localhost; + + +# +# Bug#30468 column level privileges not respected when joining tables +# +CREATE DATABASE db1; + +USE db1; +CREATE TABLE t1 (a INT, b INT); +INSERT INTO t1 VALUES (1,1),(2,2); + +CREATE TABLE t2 (b INT, c INT); +INSERT INTO t2 VALUES (1,100),(2,200); + +GRANT SELECT ON t1 TO mysqltest1@localhost; +GRANT SELECT (b) ON t2 TO mysqltest1@localhost; + +connect (conn1,localhost,mysqltest1,,"*NO-ONE*"); +connection conn1; +USE db1; +--error ER_COLUMNACCESS_DENIED_ERROR +SELECT c FROM t2; +--error ER_TABLEACCESS_DENIED_ERROR +SELECT * FROM t2; +--error ER_COLUMNACCESS_DENIED_ERROR +SELECT * FROM t1 JOIN t2 USING (b); + +connection default; +disconnect conn1; +USE test; +DROP TABLE db1.t1, db1.t2; +DROP USER mysqltest1@localhost; +DROP DATABASE db1; + + +--echo End of 5.0 tests + +# +# Bug #48319: Server crashes on "GRANT/REVOKE ... TO CURRENT_USER" +# + +# work out who we are. +USE mysql; +SELECT LEFT(CURRENT_USER(),INSTR(CURRENT_USER(),'@')-1) INTO @u; +SELECT MID(CURRENT_USER(),INSTR(CURRENT_USER(),'@')+1) INTO @h; + +# show current privs. +SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h; + +# show that GRANT ... TO CURRENT_USER() no longer crashes +GRANT INSERT ON *.* TO CURRENT_USER(); +SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h; + +# show that GRANT ... TO CURRENT_USER() IDENTIFIED BY ... works now +GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'keksdose'; +SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h; + +UPDATE global_priv SET priv=@root_priv where user='root' and host='localhost'; +FLUSH PRIVILEGES; + +USE test; + +--echo End of 5.1 tests + + +--echo +--echo # -- +--echo # -- Bug#11746602: 27480 - Extend CREATE TEMPORARY TABLES privilege to +--echo # -- allow temp table operations +--echo # -- +--echo # -- Bug#12771903: User with create temporary tables priv only has full +--echo # -- access to a regular table +--echo # -- +--echo + +--echo ############################################################################ +--echo # Setup environment. +--echo ########################################################################### + +--disable_warnings +DROP DATABASE IF EXISTS mysqltest_db1; +DROP DATABASE IF EXISTS mysqltest_db2; +--enable_warnings + +CREATE DATABASE mysqltest_db1; +CREATE DATABASE mysqltest_db2; + +--echo # mysqltest_u1@localhost has CREATE_TMP_ACL, FILE_ACL and EXECUTE_ACL only +--echo # (EXECUTE_ACL is needed to call p0, and FILE_ACL is needed for SELECT +--echo # OUTFILE/LOAD DATA INFILE). +GRANT FILE ON *.* TO mysqltest_u1@localhost; +GRANT CREATE TEMPORARY TABLES, EXECUTE ON mysqltest_db1.* TO mysqltest_u1@localhost; + +--echo # mysqltest_u2@localhost has all privileges but CREATE_TMP_ACL. +GRANT ALL PRIVILEGES ON mysqltest_db1.* TO mysqltest_u2@localhost; +REVOKE CREATE TEMPORARY TABLES ON mysqltest_db1.* FROM mysqltest_u2@localhost; + +--echo # mysqltest_u3@localhost has CREATE_TMP_ACL & EXECUTE_ACL. +--echo # This user is required to check SUID-stored-routines. +GRANT CREATE TEMPORARY TABLES ON mysqltest_db1.* TO mysqltest_u3@localhost; +GRANT EXECUTE ON mysqltest_db1.* TO mysqltest_u3@localhost; + +--echo # mysqltest_u4@localhost has only EXECUTE_ACL. +--echo # We need this user to check that once created temporary tables +--echo # are accessible by anyone. +GRANT EXECUTE ON mysqltest_db1.* TO mysqltest_u4@localhost; + +--echo # mysqltest_u5@localhost has CREATE_TMP_ACL and SELECT_ACL, UPDATE_ACL, +--echo # DELETE_ACL on mysqltest_db1; and only CREATE_TMP_ACL on mysqltest_db2. +--echo # By means of this user we check privileges required for merge tables. +GRANT CREATE TEMPORARY TABLES ON mysqltest_db1.* TO mysqltest_u5@localhost; +GRANT CREATE TEMPORARY TABLES ON mysqltest_db2.* TO mysqltest_u5@localhost; +GRANT SELECT, UPDATE, DELETE ON mysqltest_db1.* TO mysqltest_u5@localhost; + +--echo # Create stored routine to test how privilege checking is done for its +--echo # arguments. +CREATE PROCEDURE mysqltest_db1.p0(i INT) SELECT i; + +--echo # Create SUID-stored-routines. +CREATE DEFINER = mysqltest_u3@localhost PROCEDURE mysqltest_db1.p1() + CREATE TEMPORARY TABLE t4(x INT); + +CREATE DEFINER = mysqltest_u3@localhost PROCEDURE mysqltest_db1.p2() + INSERT INTO t4 VALUES (1), (2), (3); + +CREATE DEFINER = mysqltest_u3@localhost PROCEDURE mysqltest_db1.p3() + SELECT * FROM t4 ORDER BY x; + +--echo # We need separate key cache to test CACHE INDEX and LOAD INDEX. +SET GLOBAL keycache1.key_buffer_size = 128 * 1024; + +CREATE TABLE mysqltest_db2.t2_1(a INT); + +--echo ########################################################################### +--echo # Check that CREATE_TMP_ACL is enough to issue almost any supported +--echo # SQL-statement against temporary tables (loosely follow order in +--echo # sql_command enum). +--echo ########################################################################### + +--connect (con1,localhost,mysqltest_u1,,mysqltest_db1) + +--echo # +--echo # Variants of CREATE TABLE. +--echo # +CREATE TEMPORARY TABLE t1(a INT); +CREATE TEMPORARY TABLE t2 LIKE t1; +CREATE TEMPORARY TABLE t3(a INT, b INT, PRIMARY KEY (a)); +CREATE TEMPORARY TABLE t4 SELECT * FROM t1; +--echo # Check that we do *not* allow creation of MERGE table with underlying +--echo # temporary table without additional privileges. +CREATE TEMPORARY TABLE t5(a INT) ENGINE = MyISAM; +--error ER_TABLEACCESS_DENIED_ERROR +CREATE TEMPORARY TABLE t6(a INT) ENGINE = MERGE UNION = (t5); +--echo # Check that we allow creation of MERGE table with no underlying table +--echo # without additional privileges. +CREATE TEMPORARY TABLE t6(a INT) ENGINE = MERGE UNION = (); + +--echo # +--echo # SELECT. +--echo # +INSERT INTO t1 VALUES (1), (2), (3); +SELECT * FROM t1 ORDER BY a; + +--echo # +--echo # CREATE/DROP INDEX. +--echo # +CREATE INDEX idx1 ON t3(b); +DROP INDEX idx1 ON t3; + +--echo # +--echo # ALTER TABLE. +--echo # +ALTER TABLE t4 ADD COLUMN b INT; +--echo # Check that we allow altering of MERGE table with no underlying +--echo # without additional privileges. +ALTER TABLE t6 UNION = (); +--echo # Check that we do *not* allow altering of MERGE table with underlying +--echo # temporary table without additional privileges. +--error ER_TABLEACCESS_DENIED_ERROR +ALTER TABLE t6 UNION = (t5); + +--echo # +--echo # Simple INSERT and INSERT ... SELECT. +--echo # +INSERT INTO t1 VALUES (4); +INSERT INTO t2 SELECT a FROM t1; +SELECT * FROM t1 ORDER BY a; +SELECT * FROM t2 ORDER BY a; + +--echo # +--echo # UPDATE and multi-UPDATE. +--echo # +UPDATE t1 SET a = a * 10; +UPDATE t1 SET a = 100 WHERE a = 10; +UPDATE t1, t2 SET t1.a = 200 WHERE t1.a = t2.a * 10 AND t1.a = 20; +SELECT * FROM t1 ORDER BY a; + +--echo # +--echo # DELETE and multi-DELETE. +--echo # +DELETE FROM t1 WHERE a = 100; +DELETE t1 FROM t1, t2 WHERE t1.a = t2.a * 100 AND t1.a = 200; +SELECT * FROM t1 ORDER BY a; + +--echo # +--echo # TRUNCATE TABLE. +--echo # +TRUNCATE TABLE t1; +SELECT * FROM t1 ORDER BY a; + +--echo # +--echo # SHOW COLUMNS/DESCRIBE and SHOW KEYS. +--echo # +SHOW COLUMNS FROM t1; +SHOW KEYS FROM t3; + +--echo # +--echo # SHOW CREATE TABLE. +--echo # +SHOW CREATE TABLE t1; + +--echo # +--echo # LOAD DATA INFILE (also SELECT INTO OUTFILE). +--echo # +INSERT INTO t1 VALUES (1), (2), (3); +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--disable_ps2_protocol +--eval SELECT a INTO OUTFILE '$MYSQLTEST_VARDIR/tmp/bug27480.txt' FROM t1 +--enable_ps2_protocol +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--eval LOAD DATA INFILE '$MYSQLTEST_VARDIR/tmp/bug27480.txt' INTO TABLE t1 +--remove_file $MYSQLTEST_VARDIR/tmp/bug27480.txt +SELECT * FROM t1 ORDER BY a; + +--echo # +--echo # SET. +--echo # +SET @a := (SELECT COUNT(*) FROM t1); +SELECT @a; + +--echo # +--echo # LOCK TABLES. +--echo # +LOCK TABLES t1 READ; +UNLOCK TABLES; + +--echo # +--echo # CHECK/REPAIR/ANALYZE/OPTIMIZE and CHECKSUM. +--echo # +ANALYZE TABLE t1; +CHECK TABLE t1; +OPTIMIZE TABLE t1; +REPAIR TABLE t1; + +--echo # +--echo # REPLACE and REPLACE ... SELECT. +--echo # +INSERT INTO t3 VALUES (1, 111), (2, 222), (3, 333); +REPLACE INTO t3 VALUES (1, 1111), (4, 444), (0, 001); +REPLACE INTO t2 SELECT b FROM t3; +SELECT * FROM t2 ORDER BY a; +SELECT * FROM t3 ORDER BY a; + +--echo # +--echo # CACHE and LOAD INDEX. +--echo # +CACHE INDEX t3 IN keycache1; +LOAD INDEX INTO CACHE t3; + +--echo # +--echo # RENAME should work for temporary tables +--echo # +RENAME TABLE t3 TO t3_1; + +--echo # +--echo # HANDLER OPEN/READ/CLOSE. +--echo # +HANDLER t1 OPEN; +HANDLER t1 READ NEXT; +HANDLER t1 CLOSE; + +--echo # +--echo # DO. +--echo # +DO (SELECT COUNT(*) FROM t1); + +--echo # +--echo # CHECKSUM TABLE. +--echo # +DELETE FROM t1; +CHECKSUM TABLE t1; + +--echo # +--echo # CALL. +--echo # +CALL p0((SELECT COUNT(*) FROM t1)); + +--echo # +--echo # PREPARE, EXECUTE and DEALLOCATE. +--echo # +PREPARE stmt1 FROM 'SELECT * FROM t1 ORDER BY a'; +PREPARE stmt2 FROM 'SELECT * FROM t2 ORDER BY a'; +EXECUTE stmt1; +EXECUTE stmt2; +DEALLOCATE PREPARE stmt1; +DEALLOCATE PREPARE stmt2; + +--echo # +--echo # DROP TABLE and DROP TEMPORARY TABLE. +--echo # +DROP TABLE t1; + +CREATE TEMPORARY TABLE t1(a INT); +DROP TEMPORARY TABLE t1; + + +--echo ########################################################################### +--echo # - Check that even having all privileges but CREATE_TMP_ACL is not enough +--echo # to create temporary tables. +--echo # - Check that creation/working with temporary tables is possible via +--echo # SUID-stored-routines. +--echo # - Check that even outside of SUID context we can access temporary +--echo # table once it is created. +--echo ########################################################################### + +--connect (con2,localhost,mysqltest_u2,,mysqltest_db1) + +--error ER_DBACCESS_DENIED_ERROR +CREATE TEMPORARY TABLE t2(a INT); + +CALL p1(); + +CALL p2(); + +CALL p3(); + +--echo # Check that once table is created it can be accessed even +--echo # outside of such a SUID context. +INSERT INTO t4 VALUES (4); +UPDATE t4 SET x = 10 WHERE x = 1; +DELETE FROM t4 WHERE x < 3; +SELECT * FROM t4 ORDER BY x; +DROP TEMPORARY TABLE t4; + +--echo ########################################################################### +--echo # - Check that once table is created it can be accessed from within any +--echo # context, even by user without any privileges on tables. +--echo ########################################################################### + +--connect (con3,localhost,mysqltest_u4,,mysqltest_db1) + +CALL p1(); +INSERT INTO t4 VALUES (4); +UPDATE t4 SET x = 10 WHERE x = 1; +DELETE FROM t4 WHERE x < 3; +SELECT * FROM t4 ORDER BY x; +DROP TEMPORARY TABLE t4; + +--echo ########################################################################### +--echo # Check special case for MERGE-tables: +--echo # - CREATE_TMP_ACL is required to create a temporary merge table; +--echo # - SELECT_ACL, UPDATE_ACL and DELETE_ACL are required to include +--echo # a temporary table into the underlying-table-list. +--echo ########################################################################### + +--connect (con4,localhost,mysqltest_u5,,mysqltest_db1) + +CREATE TEMPORARY TABLE t7(a INT); +CREATE TEMPORARY TABLE t8(a INT); +CREATE TEMPORARY TABLE t9(a INT); +CREATE TEMPORARY TABLE t10(a INT) ENGINE = MERGE UNION = (t7, t8); + +ALTER TABLE t10 UNION = (t9); +--error ER_TABLEACCESS_DENIED_ERROR +ALTER TABLE t10 UNION = (mysqltest_db2.t2_1); + +CREATE TEMPORARY TABLE mysqltest_db2.t2_2(a INT) ENGINE = MERGE UNION = (t7, t8); + +ALTER TABLE mysqltest_db2.t2_2 UNION = (t9); +ALTER TABLE mysqltest_db2.t2_2 UNION = (); + +DROP TEMPORARY TABLE mysqltest_db2.t2_2; +DROP TEMPORARY TABLE t10; + +DROP TEMPORARY TABLE t7; +DROP TEMPORARY TABLE t8; +DROP TEMPORARY TABLE t9; + +--echo ########################################################################### +--echo # That's all. Cleanup. +--echo ########################################################################### + +--connection default + +--echo # All remaining temporary tables are automatically dropped. +--disconnect con1 +--disconnect con2 +--disconnect con3 +--disconnect con4 + +SET GLOBAL keycache1.key_buffer_size = 0; +DROP DATABASE mysqltest_db1; +DROP DATABASE mysqltest_db2; +DROP USER mysqltest_u1@localhost; +DROP USER mysqltest_u2@localhost; +DROP USER mysqltest_u3@localhost; +DROP USER mysqltest_u4@localhost; +DROP USER mysqltest_u5@localhost; + + +set GLOBAL sql_mode=default; +# Wait till we reached the initial number of concurrent sessions +--source include/wait_until_count_sessions.inc |