diff options
| author | Vicentiu Ciorbaru <cvicentiu@gmail.com> | 2013-12-18 15:39:09 +0200 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2013-12-18 15:39:09 +0200 |
| commit | ad5ddaff120a26f69abb07f762baa04fcfa74f31 (patch) | |
| tree | e2cfb582366b1552f21bd36352cf90343b9a3336 /mysql-test/suite/roles | |
| parent | 1df23d6f0fc74bbc96d78821d19863f32355a35f (diff) | |
| download | mariadb-git-ad5ddaff120a26f69abb07f762baa04fcfa74f31.tar.gz | |
Fix for:
MDEV-5221: User auto-creation does not work upon GRANT <role>
Diffstat (limited to 'mysql-test/suite/roles')
| -rw-r--r-- | mysql-test/suite/roles/grant_role_auto_create_user.result | 64 | ||||
| -rw-r--r-- | mysql-test/suite/roles/grant_role_auto_create_user.test | 119 |
2 files changed, 183 insertions, 0 deletions
diff --git a/mysql-test/suite/roles/grant_role_auto_create_user.result b/mysql-test/suite/roles/grant_role_auto_create_user.result new file mode 100644 index 00000000000..f60d1f80a3b --- /dev/null +++ b/mysql-test/suite/roles/grant_role_auto_create_user.result @@ -0,0 +1,64 @@ +create database db; +create role auto_create; +grant all on db.* to auto_create; +drop user foo@localhost, bar@localhost; +grant auto_create to foo@localhost; +grant auto_create to bar@localhost identified by 'baz'; +set role 'auto_create'; +use db; +create table t1 (i int); +set role auto_create; +use db; +insert into t1 values (1); +drop user foo@localhost, bar@localhost; +set sql_mode = 'no_auto_create_user'; +grant auto_create to foo@localhost; +ERROR 28000: Can't find any matching row in the user table +grant auto_create to bar@localhost identified by 'baz'; +select user, host from mysql.user where user = 'bar'; +user host +bar localhost +set sql_mode = ''; +set role auto_create; +use db; +drop table t1; +create user foo@localhost; +set sql_mode = ''; +grant auto_create to bar2@localhost; +ERROR 28000: Access denied for user 'foo'@'localhost' +grant auto_create to foo2@localhost; +ERROR 28000: Access denied for user 'foo'@'localhost' +set sql_mode = 'no_auto_create_user'; +grant auto_create to bar2@localhost; +ERROR 28000: Access denied for user 'foo'@'localhost' +grant auto_create to foo2@localhost identified by 'pass'; +ERROR 28000: Access denied for user 'foo'@'localhost' +grant auto_create to foo@localhost; +set sql_mode = ''; +grant auto_create to bar@localhost; +ERROR 28000: Access denied for user 'foo'@'localhost' +grant auto_create to bar2@localhost; +ERROR 28000: Access denied for user 'foo'@'localhost' +grant auto_create to foo2@localhost identified by 'pass'; +ERROR 28000: Access denied for user 'foo'@'localhost' +set sql_mode = 'no_auto_create_user'; +grant auto_create to bar2@localhost; +ERROR 28000: Access denied for user 'foo'@'localhost' +grant auto_create to foo2@localhost identified by 'pass'; +ERROR 28000: Access denied for user 'foo'@'localhost' +grant auto_create to foo@localhost with admin option; +set sql_mode = ''; +grant auto_create to bar@localhost; +grant auto_create to bar2@localhost; +ERROR 42000: You are not allowed to create a user with GRANT +grant auto_create to foo2@localhost identified by 'pass'; +ERROR 42000: You are not allowed to create a user with GRANT +set sql_mode = 'no_auto_create_user'; +grant auto_create to bar2@localhost; +ERROR 28000: Can't find any matching row in the user table +grant auto_create to foo2@localhost identified by 'pass'; +ERROR 42000: You are not allowed to create a user with GRANT +drop user foo@localhost; +drop user bar@localhost; +drop role auto_create; +drop database db; diff --git a/mysql-test/suite/roles/grant_role_auto_create_user.test b/mysql-test/suite/roles/grant_role_auto_create_user.test new file mode 100644 index 00000000000..7275a0eb195 --- /dev/null +++ b/mysql-test/suite/roles/grant_role_auto_create_user.test @@ -0,0 +1,119 @@ +create database db; +create role auto_create; +grant all on db.* to auto_create; + +--error 0,ER_CANNOT_USER +drop user foo@localhost, bar@localhost; + +grant auto_create to foo@localhost; +grant auto_create to bar@localhost identified by 'baz'; + +# Test if the users have been created and the role has been granted to them +--connect (con1,localhost,foo,,) +set role 'auto_create'; +use db; +create table t1 (i int); +--disconnect con1 + +--connect (con1,localhost,bar,baz,) +set role auto_create; +use db; +insert into t1 values (1); +--disconnect con1 + +--connection default +drop user foo@localhost, bar@localhost; + +set sql_mode = 'no_auto_create_user'; +--error ER_PASSWORD_NO_MATCH +grant auto_create to foo@localhost; +grant auto_create to bar@localhost identified by 'baz'; +select user, host from mysql.user where user = 'bar'; +set sql_mode = ''; + +--connect (con1,localhost,bar,baz,) +set role auto_create; +use db; +drop table t1; +--disconnect con1 + +--connection default + +create user foo@localhost; + +# test all possible cases with a user who has no rights to grant the role +--connect (con1, localhost, foo,,) + +set sql_mode = ''; +#try and grant roles, no rights however +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR +grant auto_create to bar2@localhost; +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR +grant auto_create to foo2@localhost; + +set sql_mode = 'no_auto_create_user'; +#try and grant roles, no rights however +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR +grant auto_create to bar2@localhost; +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR +grant auto_create to foo2@localhost identified by 'pass'; +--disconnect con1 +--connection default +grant auto_create to foo@localhost; + +--connect (con1, localhost, foo,,) + +#we now have the role granted to us, but we don't have insert privileges, +#we should not be able to create a new user + +set sql_mode = ''; +#also test that we can not grant a role without admin option +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR +grant auto_create to bar@localhost; + +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR +grant auto_create to bar2@localhost; +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR +grant auto_create to foo2@localhost identified by 'pass'; + +set sql_mode = 'no_auto_create_user'; +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR +grant auto_create to bar2@localhost; +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR +grant auto_create to foo2@localhost identified by 'pass'; + +#test that we can grant a role with admin option to an existing user, but not +#create one + +--connection default +grant auto_create to foo@localhost with admin option; + +--disconnect con1 +--connect (con1, localhost, foo,,) + +#we now have the role granted to us, but we don't have insert privileges, +#we should not be able to create a new user + +set sql_mode = ''; +#also test that we can grant a role with admin option +grant auto_create to bar@localhost; + +#test that we don't create users if we don't have insert privileges +--error ER_CANT_CREATE_USER_WITH_GRANT +grant auto_create to bar2@localhost; +--error ER_CANT_CREATE_USER_WITH_GRANT +grant auto_create to foo2@localhost identified by 'pass'; + +set sql_mode = 'no_auto_create_user'; +--error ER_PASSWORD_NO_MATCH +grant auto_create to bar2@localhost; +--error ER_CANT_CREATE_USER_WITH_GRANT +grant auto_create to foo2@localhost identified by 'pass'; + + +--connection default +drop user foo@localhost; +drop user bar@localhost; +drop role auto_create; +drop database db; + |