diff options
author | Sergei Golubchik <serg@mariadb.org> | 2019-06-10 12:13:39 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2019-06-17 12:26:25 +0200 |
commit | 0a43df4fbc78db89aef3fad525ba28cd2a010d50 (patch) | |
tree | 9662473b06faf6725c9ae41809139d41cbf82711 /mysql-test/main/grant5.test | |
parent | fd00c449e33a5e4dda23832a16512d3af5939818 (diff) | |
download | mariadb-git-0a43df4fbc78db89aef3fad525ba28cd2a010d50.tar.gz |
MDEV-14735 better matching order for grants
fixes
MDEV-14732 mysql.db privileges evaluated on order of grants rather than hierarchically
MDEV-8269 Correct fix for Bug #20181776 :- ACCESS CONTROL DOESN'T MATCH MOST SPECIFIC HOST WHEN IT CONTAINS WILDCARD
reimplement the old ad hoc get_sort() function to use a wildcard
pattern ordering logic that works correctly in may be all practical cases.
get_sort() is renamed to catch merge errors at compilation time.
moved to a separate included file, because of a long comment.
Diffstat (limited to 'mysql-test/main/grant5.test')
-rw-r--r-- | mysql-test/main/grant5.test | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/mysql-test/main/grant5.test b/mysql-test/main/grant5.test index cc673754461..4db262c25c1 100644 --- a/mysql-test/main/grant5.test +++ b/mysql-test/main/grant5.test @@ -86,3 +86,41 @@ select user,select_priv,plugin,authentication_string from mysql.user where user # but they still can be dropped drop user u1@h, u2@h, u3@h, u4@h, u5@h, u6@h, u7@h, u8@h; + +# +# MDEV-14735 better matching order for grants +# MDEV-14732 mysql.db privileges evaluated on order of grants rather than hierarchically +# MDEV-8269 Correct fix for Bug #20181776 :- ACCESS CONTROL DOESN'T MATCH MOST SPECIFIC HOST WHEN IT CONTAINS WILDCARD +# +create database mysqltest_1; +create user twg@'%' identified by 'test'; +create table mysqltest_1.t1(id int); + +# MDEV-14732 test case +grant create, drop on `mysqltest_1%`.* to twg@'%'; +grant all privileges on `mysqltest_1`.* to twg@'%'; +connect conn1,localhost,twg,test,mysqltest_1; +insert into t1 values(1); +disconnect conn1; +connection default; + +# prefix%suffix +revoke all privileges, grant option from twg@'%'; +grant create, drop on `mysqlt%`.* to twg@'%'; +grant all privileges on `mysqlt%1`.* to twg@'%'; +connect conn1,localhost,twg,test,mysqltest_1; +insert into t1 values(1); +disconnect conn1; +connection default; + +# more specific can even have a shorter prefix +revoke all privileges, grant option from twg@'%'; +grant create, drop on `mysqlt%`.* to twg@'%'; +grant all privileges on `%mysqltest_1`.* to twg@'%'; +connect conn1,localhost,twg,test,mysqltest_1; +insert into t1 values(1); +disconnect conn1; +connection default; + +drop database mysqltest_1; +drop user twg@'%'; |