Merge remote-tracking branch '10.0' into 10.1

author: Vicențiu Ciorbaru <vicentiu@mariadb.org> 2017-06-21 16:19:43 +0300
committer: Vicențiu Ciorbaru <vicentiu@mariadb.org> 2017-06-21 16:19:43 +0300
commit: 2e335a471ced0d86716f8c657f4d67f510712a30 (patch)
tree: 6fa56f9d9083007e874449b9c2b27579f718ed94 /mysql-test/suite/roles
parent: 472c2d9b2fbb262665bdd08338ea902e8398010d (diff)
parent: 8baf9b0c469e2845d15cc1181bc6b101cdfba087 (diff)
download: mariadb-git-2e335a471ced0d86716f8c657f4d67f510712a30.tar.gz
4 files changed, 325 insertions, 0 deletions
diff --git a/mysql-test/suite/roles/current_role_view-12666.result b/mysql-test/suite/roles/current_role_view-12666.result
new file mode 100644
index 00000000000..1d14593be4b
--- /dev/null
+++ b/mysql-test/suite/roles/current_role_view-12666.result
@@ -0,0 +1,103 @@
+CREATE USER has_role@'localhost';
+GRANT ALL PRIVILEGES ON *.* TO has_role@'localhost';
+CREATE ROLE test_role;
+GRANT test_role TO has_role@'localhost';
+CREATE USER no_role@'localhost';
+GRANT ALL PRIVILEGES ON *.* TO no_role@'localhost';
+CREATE TABLE view_role_test (
+id int primary key,
+role_name varchar(50)
+);
+INSERT INTO view_role_test VALUES (1, 'test_role');
+#
+# Use the same logic for stored procedures.
+#
+PREPARE prepared_no_current_role FROM "SELECT * from view_role_test WHERE role_name = CURRENT_ROLE()";
+#
+# Creating a view with no CURRENT_ROLE() set and one with CURRENT_ROLE()
+# set. Both should produce the same SHOW CREATE VIEW output.
+#
+CREATE
+DEFINER = no_role@localhost
+SQL SECURITY INVOKER
+VIEW v_view_role_test_no_current_role
+AS
+SELECT * FROM view_role_test WHERE role_name = CURRENT_ROLE();
+SHOW CREATE VIEW v_view_role_test_no_current_role;
+View	Create View	character_set_client	collation_connection
+v_view_role_test_no_current_role	CREATE ALGORITHM=UNDEFINED DEFINER=`no_role`@`localhost` SQL SECURITY INVOKER VIEW `v_view_role_test_no_current_role` AS select `view_role_test`.`id` AS `id`,`view_role_test`.`role_name` AS `role_name` from `view_role_test` where (`view_role_test`.`role_name` = current_role())	latin1	latin1_swedish_ci
+#
+# No values should be returned
+#
+EXECUTE prepared_no_current_role;
+id	role_name
+SELECT * FROM view_role_test WHERE role_name = CURRENT_ROLE();
+id	role_name
+SELECT * FROM v_view_role_test_no_current_role;
+id	role_name
+#
+# Now let's set the role. Create identical views as before. See if
+# their behaviour is different. It should not be.
+#
+SET ROLE test_role;
+SELECT CURRENT_USER();
+CURRENT_USER()
+root@localhost
+SELECT CURRENT_ROLE();
+CURRENT_ROLE()
+test_role
+#
+# Create the VIEW and prepared Statement with a CURRENT_ROLE() set.
+#
+CREATE
+DEFINER = no_role@localhost
+SQL SECURITY INVOKER
+VIEW v_view_role_test_with_current_role
+AS
+SELECT * FROM view_role_test WHERE role_name = CURRENT_ROLE();
+PREPARE prepared_with_current_role FROM "SELECT * from view_role_test WHERE role_name = CURRENT_ROLE()";
+SHOW CREATE VIEW v_view_role_test_with_current_role;
+View	Create View	character_set_client	collation_connection
+v_view_role_test_with_current_role	CREATE ALGORITHM=UNDEFINED DEFINER=`no_role`@`localhost` SQL SECURITY INVOKER VIEW `v_view_role_test_with_current_role` AS select `view_role_test`.`id` AS `id`,`view_role_test`.`role_name` AS `role_name` from `view_role_test` where (`view_role_test`.`role_name` = current_role())	latin1	latin1_swedish_ci
+#
+# Values should be returned for all select statements as we do have
+# a CURRENT_ROLE() active;
+#
+EXECUTE prepared_no_current_role;
+id	role_name
+1	test_role
+EXECUTE prepared_with_current_role;
+id	role_name
+1	test_role
+SELECT * FROM view_role_test WHERE role_name = CURRENT_ROLE();
+id	role_name
+1	test_role
+SELECT * FROM v_view_role_test_no_current_role;
+id	role_name
+1	test_role
+SELECT * FROM v_view_role_test_with_current_role;
+id	role_name
+1	test_role
+SET ROLE NONE;
+#
+# No values should be returned for all select statements as we do not have
+# a CURRENT_ROLE() active;
+#
+EXECUTE prepared_no_current_role;
+id	role_name
+EXECUTE prepared_with_current_role;
+id	role_name
+SELECT * FROM view_role_test WHERE role_name = CURRENT_ROLE();
+id	role_name
+SELECT * FROM v_view_role_test_no_current_role;
+id	role_name
+SELECT * FROM v_view_role_test_with_current_role;
+id	role_name
+DROP USER has_role@'localhost';
+DROP USER no_role@'localhost';
+DROP ROLE test_role;
+DROP table view_role_test;
+DROP VIEW v_view_role_test_no_current_role;
+DROP VIEW v_view_role_test_with_current_role;
+DROP PREPARE prepared_no_current_role;
+DROP PREPARE prepared_with_current_role;
diff --git a/mysql-test/suite/roles/current_role_view-12666.test b/mysql-test/suite/roles/current_role_view-12666.test
new file mode 100644
index 00000000000..32039ffef07
--- /dev/null
+++ b/mysql-test/suite/roles/current_role_view-12666.test
@@ -0,0 +1,102 @@
+#
+# MDEV-12666 CURRENT_ROLE() does not work in a view
+#
+--source include/not_embedded.inc
+
+CREATE USER has_role@'localhost';
+GRANT ALL PRIVILEGES ON *.* TO has_role@'localhost';
+
+CREATE ROLE test_role;
+GRANT test_role TO has_role@'localhost';
+
+CREATE USER no_role@'localhost';
+GRANT ALL PRIVILEGES ON *.* TO no_role@'localhost';
+
+CREATE TABLE view_role_test (
+        id int primary key,
+        role_name varchar(50)
+        );
+
+INSERT INTO view_role_test VALUES (1, 'test_role');
+
+--echo #
+--echo # Use the same logic for stored procedures.
+--echo #
+PREPARE prepared_no_current_role FROM "SELECT * from view_role_test WHERE role_name = CURRENT_ROLE()";
+
+--echo #
+--echo # Creating a view with no CURRENT_ROLE() set and one with CURRENT_ROLE()
+--echo # set. Both should produce the same SHOW CREATE VIEW output.
+--echo #
+CREATE
+DEFINER = no_role@localhost
+SQL SECURITY INVOKER
+VIEW v_view_role_test_no_current_role
+AS
+SELECT * FROM view_role_test WHERE role_name = CURRENT_ROLE();
+
+SHOW CREATE VIEW v_view_role_test_no_current_role;
+
+
+--echo #
+--echo # No values should be returned
+--echo #
+EXECUTE prepared_no_current_role;
+SELECT * FROM view_role_test WHERE role_name = CURRENT_ROLE();
+SELECT * FROM v_view_role_test_no_current_role;
+
+--echo #
+--echo # Now let's set the role. Create identical views as before. See if
+--echo # their behaviour is different. It should not be.
+--echo #
+SET ROLE test_role;
+
+SELECT CURRENT_USER();
+SELECT CURRENT_ROLE();
+
+--echo #
+--echo # Create the VIEW and prepared Statement with a CURRENT_ROLE() set.
+--echo #
+CREATE
+DEFINER = no_role@localhost
+SQL SECURITY INVOKER
+VIEW v_view_role_test_with_current_role
+AS
+SELECT * FROM view_role_test WHERE role_name = CURRENT_ROLE();
+
+PREPARE prepared_with_current_role FROM "SELECT * from view_role_test WHERE role_name = CURRENT_ROLE()";
+
+SHOW CREATE VIEW v_view_role_test_with_current_role;
+
+
+--echo #
+--echo # Values should be returned for all select statements as we do have
+--echo # a CURRENT_ROLE() active;
+--echo #
+EXECUTE prepared_no_current_role;
+EXECUTE prepared_with_current_role;
+SELECT * FROM view_role_test WHERE role_name = CURRENT_ROLE();
+SELECT * FROM v_view_role_test_no_current_role;
+SELECT * FROM v_view_role_test_with_current_role;
+
+SET ROLE NONE;
+--echo #
+--echo # No values should be returned for all select statements as we do not have
+--echo # a CURRENT_ROLE() active;
+--echo #
+EXECUTE prepared_no_current_role;
+EXECUTE prepared_with_current_role;
+SELECT * FROM view_role_test WHERE role_name = CURRENT_ROLE();
+SELECT * FROM v_view_role_test_no_current_role;
+SELECT * FROM v_view_role_test_with_current_role;
+
+
+DROP USER has_role@'localhost';
+DROP USER no_role@'localhost';
+DROP ROLE test_role;
+
+DROP table view_role_test;
+DROP VIEW v_view_role_test_no_current_role;
+DROP VIEW v_view_role_test_with_current_role;
+DROP PREPARE prepared_no_current_role;
+DROP PREPARE prepared_with_current_role;
diff --git a/mysql-test/suite/roles/show_create_database-10463.result b/mysql-test/suite/roles/show_create_database-10463.result
new file mode 100644
index 00000000000..1bf14933966
--- /dev/null
+++ b/mysql-test/suite/roles/show_create_database-10463.result
@@ -0,0 +1,65 @@
+drop database if exists db;
+Warnings:
+Note	1008	Can't drop database 'db'; database doesn't exist
+create role r1;
+create user beep@'%';
+create database db;
+create table db.t1 (i int);
+create table db.t2 (b int);
+grant select on db.* to r1;
+grant r1 to beep@'%';
+show databases;
+Database
+information_schema
+test
+show create database db;
+ERROR 42000: Access denied for user 'beep'@'localhost' to database 'db'
+select table_schema, table_name from information_schema.tables
+where table_schema = 'db';
+table_schema	table_name
+set role r1;
+show databases;
+Database
+db
+information_schema
+test
+show create database db;
+Database	Create Database
+db	CREATE DATABASE `db` /*!40100 DEFAULT CHARACTER SET latin1 */
+select table_schema, table_name from information_schema.tables
+where table_schema = 'db';
+table_schema	table_name
+db	t1
+db	t2
+create role r2;
+create user beep2@'%';
+grant update on db.* to r2;
+grant r2 to beep2;
+show databases;
+Database
+information_schema
+test
+show create database db;
+ERROR 42000: Access denied for user 'beep2'@'localhost' to database 'db'
+select table_schema, table_name from information_schema.tables
+where table_schema = 'db';
+table_schema	table_name
+set role r2;
+show databases;
+Database
+db
+information_schema
+test
+show create database db;
+Database	Create Database
+db	CREATE DATABASE `db` /*!40100 DEFAULT CHARACTER SET latin1 */
+select table_schema, table_name from information_schema.tables
+where table_schema = 'db';
+table_schema	table_name
+db	t1
+db	t2
+drop database db;
+drop role r1;
+drop user beep;
+drop role r2;
+drop user beep2;
diff --git a/mysql-test/suite/roles/show_create_database-10463.test b/mysql-test/suite/roles/show_create_database-10463.test
new file mode 100644
index 00000000000..2d921629c10
--- /dev/null
+++ b/mysql-test/suite/roles/show_create_database-10463.test
@@ -0,0 +1,55 @@
+source include/not_embedded.inc;
+
+drop database if exists db;
+
+create role r1;
+create user beep@'%';
+
+create database db;
+create table db.t1 (i int);
+create table db.t2 (b int);
+grant select on db.* to r1;
+grant r1 to beep@'%';
+
+--connect (con1,localhost,beep,,)
+show databases;
+--error ER_DBACCESS_DENIED_ERROR
+show create database db;
+select table_schema, table_name from information_schema.tables
+where table_schema = 'db';
+
+set role r1;
+show databases;
+show create database db;
+select table_schema, table_name from information_schema.tables
+where table_schema = 'db';
+
+
+connection default;
+create role r2;
+create user beep2@'%';
+
+grant update on db.* to r2;
+grant r2 to beep2;
+--connect (con2,localhost,beep2,,)
+show databases;
+--error ER_DBACCESS_DENIED_ERROR
+show create database db;
+select table_schema, table_name from information_schema.tables
+where table_schema = 'db';
+
+set role r2;
+show databases;
+
+show create database db;
+select table_schema, table_name from information_schema.tables
+where table_schema = 'db';
+
+
+connection default;
+
+drop database db;
+drop role r1;
+drop user beep;
+drop role r2;
+drop user beep2;
author	Vicențiu Ciorbaru <vicentiu@mariadb.org>	2017-06-21 16:19:43 +0300
committer	Vicențiu Ciorbaru <vicentiu@mariadb.org>	2017-06-21 16:19:43 +0300
commit	2e335a471ced0d86716f8c657f4d67f510712a30 (patch)
tree	6fa56f9d9083007e874449b9c2b27579f718ed94 /mysql-test/suite/roles
parent	472c2d9b2fbb262665bdd08338ea902e8398010d (diff)
parent	8baf9b0c469e2845d15cc1181bc6b101cdfba087 (diff)
download	mariadb-git-2e335a471ced0d86716f8c657f4d67f510712a30.tar.gz