summaryrefslogtreecommitdiffstats
path: root/mysql-test/suite/roles
diff options
context:
space:
mode:
Diffstat (limited to 'mysql-test/suite/roles')
-rw-r--r--mysql-test/suite/roles/set_default_role_for.result2
-rw-r--r--mysql-test/suite/roles/set_default_role_invalid.result6
-rw-r--r--mysql-test/suite/roles/set_default_role_invalid.test1
-rw-r--r--mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve-master.opt1
-rw-r--r--mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.result85
-rw-r--r--mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.test78
6 files changed, 168 insertions, 5 deletions
diff --git a/mysql-test/suite/roles/set_default_role_for.result b/mysql-test/suite/roles/set_default_role_for.result
index 57a14711..1b133b1b 100644
--- a/mysql-test/suite/roles/set_default_role_for.result
+++ b/mysql-test/suite/roles/set_default_role_for.result
@@ -14,7 +14,7 @@ set default role role_a for user_a@localhost;
set default role invalid_role for user_a@localhost;
ERROR OP000: Invalid role specification `invalid_role`
set default role role_b for user_a@localhost;
-ERROR OP000: User `root`@`localhost` has not been granted role `role_b`
+ERROR OP000: User `user_a`@`localhost` has not been granted role `role_b`
set default role role_b for user_b@localhost;
show grants;
Grants for user_a@localhost
diff --git a/mysql-test/suite/roles/set_default_role_invalid.result b/mysql-test/suite/roles/set_default_role_invalid.result
index 12e2c035..2cd84cf2 100644
--- a/mysql-test/suite/roles/set_default_role_invalid.result
+++ b/mysql-test/suite/roles/set_default_role_invalid.result
@@ -48,7 +48,7 @@ CREATE USER b;
CREATE ROLE r1;
CREATE ROLE r2;
SET DEFAULT ROLE r1 FOR a;
-ERROR OP000: User `root`@`localhost` has not been granted role `r1`
+ERROR OP000: User `a`@`%` has not been granted role `r1`
GRANT r1 TO b;
GRANT r2 TO b;
SET DEFAULT ROLE r1 FOR b;
@@ -100,7 +100,7 @@ GRANT USAGE ON *.* TO `b`@`%`
GRANT SELECT, UPDATE ON `mysql`.* TO `b`@`%`
SET DEFAULT ROLE `r2` FOR `b`@`%`
SET DEFAULT ROLE r1 FOR a;
-ERROR OP000: User `b`@`%` has not been granted role `r1`
+ERROR OP000: User `a`@`%` has not been granted role `r1`
SET DEFAULT ROLE invalid_role;
ERROR OP000: Invalid role specification `invalid_role`
SET DEFAULT ROLE invalid_role FOR a;
@@ -117,7 +117,7 @@ SET DEFAULT ROLE None;
# Change user b (session 3: role granted to user a)
SET DEFAULT ROLE r1 FOR a;
SET DEFAULT ROLE r2 FOR a;
-ERROR OP000: User `b`@`%` has not been granted role `r2`
+ERROR OP000: User `a`@`%` has not been granted role `r2`
SET DEFAULT ROLE invalid_role;
ERROR OP000: Invalid role specification `invalid_role`
SET DEFAULT ROLE invalid_role FOR a;
diff --git a/mysql-test/suite/roles/set_default_role_invalid.test b/mysql-test/suite/roles/set_default_role_invalid.test
index 02fca110..d2ef01b8 100644
--- a/mysql-test/suite/roles/set_default_role_invalid.test
+++ b/mysql-test/suite/roles/set_default_role_invalid.test
@@ -70,7 +70,6 @@ CREATE USER a;
CREATE USER b;
CREATE ROLE r1;
CREATE ROLE r2;
-# Role has not been granted to user a, but the role is visible to current_user
--error ER_INVALID_ROLE
SET DEFAULT ROLE r1 FOR a;
# Granting roles to user b
diff --git a/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve-master.opt b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve-master.opt
new file mode 100644
index 00000000..ec008a81
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve-master.opt
@@ -0,0 +1 @@
+--skip-name-resolve \ No newline at end of file
diff --git a/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.result b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.result
new file mode 100644
index 00000000..a267e114
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.result
@@ -0,0 +1,85 @@
+#
+# MDEV-26875: Wrong user in SET DEFAULT ROLE error
+#
+create user test_user;
+create role test_role;
+show grants for test_user;
+Grants for test_user@%
+GRANT USAGE ON *.* TO `test_user`@`%`
+set default role test_role for test_user;
+ERROR OP000: User `test_user`@`%` has not been granted role `test_role`
+grant test_role to test_user;
+set default role test_role for test_user;
+show grants for test_user;
+Grants for test_user@%
+GRANT `test_role` TO `test_user`@`%`
+GRANT USAGE ON *.* TO `test_user`@`%`
+SET DEFAULT ROLE `test_role` FOR `test_user`@`%`
+set default role none for test_user;
+#
+# Try to set default role to role(`test_role`).
+--------------------------------------------------------------
+show grants for test_role;
+Grants for test_role
+GRANT USAGE ON *.* TO `test_role`
+create role new_role;
+grant new_role to test_role;
+show grants for test_role;
+Grants for test_role
+GRANT `new_role` TO `test_role`
+GRANT USAGE ON *.* TO `test_role`
+GRANT USAGE ON *.* TO `new_role`
+set default role new_role for test_role;
+ERROR OP000: User `test_role`@`%` has not been granted role `new_role`
+#
+# Test of errors, where hostname cannot be resolved `test_user`
+--------------------------------------------------------------
+grant test_role to test_user@'%';
+set default role test_role for test_user@'%';
+connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT;
+show grants;
+Grants for test_user@%
+GRANT `test_role` TO `test_user`@`%`
+GRANT USAGE ON *.* TO `test_user`@`%`
+GRANT `new_role` TO `test_role`
+GRANT USAGE ON *.* TO `test_role`
+GRANT USAGE ON *.* TO `new_role`
+SET DEFAULT ROLE `test_role` FOR `test_user`@`%`
+select current_role;
+current_role
+test_role
+set role `new_role`;
+ERROR OP000: User `test_user`@`%` has not been granted role `new_role`
+connection default;
+set default role none for test_user;
+disconnect con_test_user;
+connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT;
+select current_role;
+current_role
+NULL
+set role `new_role`;
+ERROR OP000: User `test_user`@`%` has not been granted role `new_role`
+connection default;
+disconnect con_test_user;
+#
+# Test of anonymous user connection
+--------------------------------------------------------------
+grant test_role to ''@localhost;
+connect con1,localhost,'',,,$MASTER_MYPORT;
+SELECT CURRENT_ROLE;
+CURRENT_ROLE
+NULL
+SET role test_role;
+SELECT CURRENT_ROLE;
+CURRENT_ROLE
+test_role
+SET role new_role;
+ERROR OP000: User ``@`localhost` has not been granted role `new_role`
+set default role test_role for ''@localhost;
+ERROR 42000: You are using MariaDB as an anonymous user and anonymous users are not allowed to modify user settings
+connection default;
+disconnect con1;
+REVOKE all privileges, grant option from ''@localhost;
+drop role new_role;
+drop role test_role;
+drop user test_user;
diff --git a/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.test b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.test
new file mode 100644
index 00000000..5b4b14d3
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.test
@@ -0,0 +1,78 @@
+source include/not_embedded.inc;
+
+--echo #
+--echo # MDEV-26875: Wrong user in SET DEFAULT ROLE error
+--echo #
+create user test_user;
+create role test_role;
+show grants for test_user;
+--error ER_INVALID_ROLE
+set default role test_role for test_user;
+grant test_role to test_user;
+set default role test_role for test_user;
+show grants for test_user;
+set default role none for test_user;
+
+--echo #
+--echo # Try to set default role to role(`test_role`).
+--echo --------------------------------------------------------------
+show grants for test_role;
+create role new_role;
+grant new_role to test_role;
+show grants for test_role;
+# One can not set role to a role
+--error ER_INVALID_ROLE
+set default role new_role for test_role;
+
+--echo #
+--echo # Test of errors, where hostname cannot be resolved `test_user`
+--echo --------------------------------------------------------------
+# `new_role` is granted to `test_role`
+grant test_role to test_user@'%';
+set default role test_role for test_user@'%';
+
+connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT;
+show grants;
+select current_role;
+# `test_user` indirectly granted `new_role`
+--error ER_INVALID_ROLE
+set role `new_role`;
+
+connection default;
+set default role none for test_user;
+disconnect con_test_user;
+
+connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT;
+select current_role;
+--error ER_INVALID_ROLE
+set role `new_role`;
+
+connection default;
+disconnect con_test_user;
+
+--echo #
+--echo # Test of anonymous user connection
+--echo --------------------------------------------------------------
+--source include/add_anonymous_users.inc
+# Skip windows, since it uses current user `Administrator` in buildbot.
+--source include/not_windows.inc
+grant test_role to ''@localhost;
+
+connect(con1,localhost,'',,,$MASTER_MYPORT);
+SELECT CURRENT_ROLE;
+SET role test_role;
+SELECT CURRENT_ROLE;
+# user cannot set subset role, since it is not granted explicitly
+--error ER_INVALID_ROLE
+SET role new_role;
+--error ER_PASSWORD_ANONYMOUS_USER
+set default role test_role for ''@localhost;
+
+connection default;
+disconnect con1;
+REVOKE all privileges, grant option from ''@localhost;
+--source include/delete_anonymous_users.inc
+
+drop role new_role;
+drop role test_role;
+drop user test_user;