diff options
Diffstat (limited to 'mysql-test/suite/roles')
6 files changed, 168 insertions, 5 deletions
diff --git a/mysql-test/suite/roles/set_default_role_for.result b/mysql-test/suite/roles/set_default_role_for.result index 57a14711..1b133b1b 100644 --- a/mysql-test/suite/roles/set_default_role_for.result +++ b/mysql-test/suite/roles/set_default_role_for.result @@ -14,7 +14,7 @@ set default role role_a for user_a@localhost; set default role invalid_role for user_a@localhost; ERROR OP000: Invalid role specification `invalid_role` set default role role_b for user_a@localhost; -ERROR OP000: User `root`@`localhost` has not been granted role `role_b` +ERROR OP000: User `user_a`@`localhost` has not been granted role `role_b` set default role role_b for user_b@localhost; show grants; Grants for user_a@localhost diff --git a/mysql-test/suite/roles/set_default_role_invalid.result b/mysql-test/suite/roles/set_default_role_invalid.result index 12e2c035..2cd84cf2 100644 --- a/mysql-test/suite/roles/set_default_role_invalid.result +++ b/mysql-test/suite/roles/set_default_role_invalid.result @@ -48,7 +48,7 @@ CREATE USER b; CREATE ROLE r1; CREATE ROLE r2; SET DEFAULT ROLE r1 FOR a; -ERROR OP000: User `root`@`localhost` has not been granted role `r1` +ERROR OP000: User `a`@`%` has not been granted role `r1` GRANT r1 TO b; GRANT r2 TO b; SET DEFAULT ROLE r1 FOR b; @@ -100,7 +100,7 @@ GRANT USAGE ON *.* TO `b`@`%` GRANT SELECT, UPDATE ON `mysql`.* TO `b`@`%` SET DEFAULT ROLE `r2` FOR `b`@`%` SET DEFAULT ROLE r1 FOR a; -ERROR OP000: User `b`@`%` has not been granted role `r1` +ERROR OP000: User `a`@`%` has not been granted role `r1` SET DEFAULT ROLE invalid_role; ERROR OP000: Invalid role specification `invalid_role` SET DEFAULT ROLE invalid_role FOR a; @@ -117,7 +117,7 @@ SET DEFAULT ROLE None; # Change user b (session 3: role granted to user a) SET DEFAULT ROLE r1 FOR a; SET DEFAULT ROLE r2 FOR a; -ERROR OP000: User `b`@`%` has not been granted role `r2` +ERROR OP000: User `a`@`%` has not been granted role `r2` SET DEFAULT ROLE invalid_role; ERROR OP000: Invalid role specification `invalid_role` SET DEFAULT ROLE invalid_role FOR a; diff --git a/mysql-test/suite/roles/set_default_role_invalid.test b/mysql-test/suite/roles/set_default_role_invalid.test index 02fca110..d2ef01b8 100644 --- a/mysql-test/suite/roles/set_default_role_invalid.test +++ b/mysql-test/suite/roles/set_default_role_invalid.test @@ -70,7 +70,6 @@ CREATE USER a; CREATE USER b; CREATE ROLE r1; CREATE ROLE r2; -# Role has not been granted to user a, but the role is visible to current_user --error ER_INVALID_ROLE SET DEFAULT ROLE r1 FOR a; # Granting roles to user b diff --git a/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve-master.opt b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve-master.opt new file mode 100644 index 00000000..ec008a81 --- /dev/null +++ b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve-master.opt @@ -0,0 +1 @@ +--skip-name-resolve
\ No newline at end of file diff --git a/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.result b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.result new file mode 100644 index 00000000..a267e114 --- /dev/null +++ b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.result @@ -0,0 +1,85 @@ +# +# MDEV-26875: Wrong user in SET DEFAULT ROLE error +# +create user test_user; +create role test_role; +show grants for test_user; +Grants for test_user@% +GRANT USAGE ON *.* TO `test_user`@`%` +set default role test_role for test_user; +ERROR OP000: User `test_user`@`%` has not been granted role `test_role` +grant test_role to test_user; +set default role test_role for test_user; +show grants for test_user; +Grants for test_user@% +GRANT `test_role` TO `test_user`@`%` +GRANT USAGE ON *.* TO `test_user`@`%` +SET DEFAULT ROLE `test_role` FOR `test_user`@`%` +set default role none for test_user; +# +# Try to set default role to role(`test_role`). +-------------------------------------------------------------- +show grants for test_role; +Grants for test_role +GRANT USAGE ON *.* TO `test_role` +create role new_role; +grant new_role to test_role; +show grants for test_role; +Grants for test_role +GRANT `new_role` TO `test_role` +GRANT USAGE ON *.* TO `test_role` +GRANT USAGE ON *.* TO `new_role` +set default role new_role for test_role; +ERROR OP000: User `test_role`@`%` has not been granted role `new_role` +# +# Test of errors, where hostname cannot be resolved `test_user` +-------------------------------------------------------------- +grant test_role to test_user@'%'; +set default role test_role for test_user@'%'; +connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT; +show grants; +Grants for test_user@% +GRANT `test_role` TO `test_user`@`%` +GRANT USAGE ON *.* TO `test_user`@`%` +GRANT `new_role` TO `test_role` +GRANT USAGE ON *.* TO `test_role` +GRANT USAGE ON *.* TO `new_role` +SET DEFAULT ROLE `test_role` FOR `test_user`@`%` +select current_role; +current_role +test_role +set role `new_role`; +ERROR OP000: User `test_user`@`%` has not been granted role `new_role` +connection default; +set default role none for test_user; +disconnect con_test_user; +connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT; +select current_role; +current_role +NULL +set role `new_role`; +ERROR OP000: User `test_user`@`%` has not been granted role `new_role` +connection default; +disconnect con_test_user; +# +# Test of anonymous user connection +-------------------------------------------------------------- +grant test_role to ''@localhost; +connect con1,localhost,'',,,$MASTER_MYPORT; +SELECT CURRENT_ROLE; +CURRENT_ROLE +NULL +SET role test_role; +SELECT CURRENT_ROLE; +CURRENT_ROLE +test_role +SET role new_role; +ERROR OP000: User ``@`localhost` has not been granted role `new_role` +set default role test_role for ''@localhost; +ERROR 42000: You are using MariaDB as an anonymous user and anonymous users are not allowed to modify user settings +connection default; +disconnect con1; +REVOKE all privileges, grant option from ''@localhost; +drop role new_role; +drop role test_role; +drop user test_user; diff --git a/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.test b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.test new file mode 100644 index 00000000..5b4b14d3 --- /dev/null +++ b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.test @@ -0,0 +1,78 @@ +source include/not_embedded.inc; + +--echo # +--echo # MDEV-26875: Wrong user in SET DEFAULT ROLE error +--echo # +create user test_user; +create role test_role; +show grants for test_user; +--error ER_INVALID_ROLE +set default role test_role for test_user; +grant test_role to test_user; +set default role test_role for test_user; +show grants for test_user; +set default role none for test_user; + +--echo # +--echo # Try to set default role to role(`test_role`). +--echo -------------------------------------------------------------- +show grants for test_role; +create role new_role; +grant new_role to test_role; +show grants for test_role; +# One can not set role to a role +--error ER_INVALID_ROLE +set default role new_role for test_role; + +--echo # +--echo # Test of errors, where hostname cannot be resolved `test_user` +--echo -------------------------------------------------------------- +# `new_role` is granted to `test_role` +grant test_role to test_user@'%'; +set default role test_role for test_user@'%'; + +connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT; +show grants; +select current_role; +# `test_user` indirectly granted `new_role` +--error ER_INVALID_ROLE +set role `new_role`; + +connection default; +set default role none for test_user; +disconnect con_test_user; + +connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT; +select current_role; +--error ER_INVALID_ROLE +set role `new_role`; + +connection default; +disconnect con_test_user; + +--echo # +--echo # Test of anonymous user connection +--echo -------------------------------------------------------------- +--source include/add_anonymous_users.inc +# Skip windows, since it uses current user `Administrator` in buildbot. +--source include/not_windows.inc +grant test_role to ''@localhost; + +connect(con1,localhost,'',,,$MASTER_MYPORT); +SELECT CURRENT_ROLE; +SET role test_role; +SELECT CURRENT_ROLE; +# user cannot set subset role, since it is not granted explicitly +--error ER_INVALID_ROLE +SET role new_role; +--error ER_PASSWORD_ANONYMOUS_USER +set default role test_role for ''@localhost; + +connection default; +disconnect con1; +REVOKE all privileges, grant option from ''@localhost; +--source include/delete_anonymous_users.inc + +drop role new_role; +drop role test_role; +drop user test_user; |