blob: 380e07a7b7e33512e187f68fc924589902bf84ae (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#
# MDEV-5215 Granted to PUBLIC
#
SHOW GRANTS FOR PUBLIC;
Grants for PUBLIC
# it is not PUBLIC but an user
# (this should work as it allowed for roles for example)
create user PUBLIC;
create user PUBLIC@localhost;
GRANT SELECT on test.* to PUBLIC@localhost;
drop user PUBLIC@localhost;
drop user PUBLIC;
select * from mysql.global_priv where user="PUBLIC" ;
Host User Priv
GRANT SELECT on test.* to PUBLIC;
GRANT SELECT on mysql.db to PUBLIC;
select * from mysql.global_priv where user="PUBLIC" ;
Host User Priv
PUBLIC {"access":0,"version_id":VERSION,"is_role":true}
SHOW GRANTS FOR PUBLIC;
Grants for PUBLIC
GRANT SELECT ON `test`.* TO PUBLIC
GRANT SELECT ON `mysql`.`db` TO PUBLIC
GRANT UPDATE on test.* to PUBLIC;
grant update on mysql.db to public;
show grants for public;
Grants for PUBLIC
GRANT SELECT, UPDATE ON `test`.* TO PUBLIC
GRANT SELECT, UPDATE ON `mysql`.`db` TO PUBLIC
revoke select on test.* from public;
REVOKE SELECT on mysql.db from PUBLIC;
SHOW GRANTS FOR PUBLIC;
Grants for PUBLIC
GRANT UPDATE ON `test`.* TO PUBLIC
GRANT UPDATE ON `mysql`.`db` TO PUBLIC
REVOKE UPDATE on test.* from PUBLIC;
REVOKE UPDATE on mysql.db from PUBLIC;
SHOW GRANTS FOR PUBLIC;
Grants for PUBLIC
GRANT XXXXXX TO CURRENT_USER;
ERROR OP000: Invalid role specification `XXXXXX`
# following should fail with the same error as above
GRANT PUBLIC TO CURRENT_USER;
ERROR OP000: Invalid role specification `PUBLIC`
revoke xxxxxx from current_user;
ERROR OP000: Invalid role specification `xxxxxx`
# following should fail with the same error as above
revoke public from current_user;
ERROR OP000: Invalid role specification `PUBLIC`
drop role XXXXXX;
ERROR HY000: Operation DROP ROLE failed for 'XXXXXX'
# following should fail with the same error as above
drop role public;
ERROR HY000: Operation DROP ROLE failed for PUBLIC
SET ROLE XXXXXX;
ERROR OP000: Invalid role specification `XXXXXX`
# following should fail with the same error as above
SET ROLE PUBLIC;
ERROR OP000: Invalid role specification `PUBLIC`
SET DEFAULT ROLE XXXXXX;
ERROR OP000: Invalid role specification `XXXXXX`
# following should fail with the same error as above
SET DEFAULT ROLE PUBLIC;
ERROR OP000: Invalid role specification `PUBLIC`
set default role public;
ERROR OP000: Invalid role specification `PUBLIC`
#
# check prohibition of change security context to PUBLIC
#
# be sure that we have PUBLIC
GRANT SELECT on test.* to PUBLIC;
# try with a view
create table t1( a int);
create definer = PUBLIC view v1 as select * from t1;
ERROR OP000: Invalid role specification `PUBLIC`
drop table t1;
# try with a stored procedure
create definer='PUBLIC' PROCEDURE p1() SELECT 1;
ERROR OP000: Invalid role specification `PUBLIC`
# this test cleanup
revoke select on test.* from public;
#
# check autocreation of PUBLIC on GRANT role TO PUBLIC
#
# make sure that the privilege will be added automatically
delete from mysql.global_priv where user="PUBLIC";
flush privileges;
create role roletest;
grant roletest to public;
drop role roletest;
delete from mysql.global_priv where user="PUBLIC";
flush privileges;
grant select on mysql.global_priv to public;
revoke select on mysql.global_priv from public;
delete from mysql.global_priv where user="PUBLIC";
flush privileges;
grant select (user) on mysql.global_priv to public;
revoke select (user) on mysql.global_priv from public;
delete from mysql.global_priv where user="PUBLIC";
flush privileges;
grant execute on procedure mtr.add_suppression to public;
revoke execute on procedure mtr.add_suppression from public;
#
# MDEV-30154: Assertion `strcasecmp(rolename, public_name.str) ||
# acl_public == role' failed in acl_update_role on GRANT ... TO PUBLIC
#
call mtr.add_suppression("Can't open and lock privilege tables");
USE test;
GRANT SELECT ON *.* TO PUBLIC;
LOCK TABLES mysql.time_zone WRITE,mysql.proc WRITE;
FLUSH PRIVILEGES;
ERROR HY000: Table 'db' was not locked with LOCK TABLES
LOCK TABLE nonexisting WRITE;
ERROR 42S02: Table 'test.nonexisting' doesn't exist
GRANT SELECT ON *.* TO PUBLIC;
REVOKE SELECT ON *.* FROM PUBLIC;
#
# End of 10.11 test
#
# clean up
delete from mysql.global_priv where user="PUBLIC";
flush privileges;
|
