diff options
author | Igor Pashev <pashev.igor@gmail.com> | 2016-05-30 21:42:36 +0300 |
---|---|---|
committer | Vicențiu Ciorbaru <vicentiu@mariadb.org> | 2016-06-22 16:41:38 +0300 |
commit | 5fd80875909c88e624a79a528eaaf9418089a211 (patch) | |
tree | afd33a7875e89093c3e0dda75d16c04c310b87c5 /mysql-test/suite | |
parent | f9b5acfb0cdf175e3f2ab555cf082b1ef4b920a9 (diff) | |
download | mariadb-git-5fd80875909c88e624a79a528eaaf9418089a211.tar.gz |
[MDEV-9614] Roles and Users longer than 6 characters
The bug is apparent when the username is longer than the rolename.
It is caused by a simple typo that caused a memcmp call to compare a
different number of bytes than necessary.
The fix was proposed by Igor Pashev. I have reviewed it and it is the
correct approach. Test case introduced by me, using the details provided
in the MDEV.
Signed-off-by: Vicențiu Ciorbaru <vicentiu@mariadb.org>
Diffstat (limited to 'mysql-test/suite')
-rw-r--r-- | mysql-test/suite/roles/set_role-9614.result | 99 | ||||
-rw-r--r-- | mysql-test/suite/roles/set_role-9614.test | 79 |
2 files changed, 178 insertions, 0 deletions
diff --git a/mysql-test/suite/roles/set_role-9614.result b/mysql-test/suite/roles/set_role-9614.result new file mode 100644 index 00000000000..37f6db070c0 --- /dev/null +++ b/mysql-test/suite/roles/set_role-9614.result @@ -0,0 +1,99 @@ +# +# MDEV-9614 Roles and Users Longer than 6 characters +# +# This test case checks the edge case presented in the MDEV. The +# real issue is actually apparent when the username is longer than the +# rolename. +# +# We need a separate database not including test or test_% names. Due to +# default privileges given on these databases. +# +DROP DATABASE IF EXISTS `bug_db`; +Warnings: +Note 1008 Can't drop database 'bug_db'; database doesn't exist +# +# The first user did not show the bug as john's length is smaller +# than client. The bug is apparent most of the time for usertestjohn. +# +CREATE USER `john`@`%`; +CREATE USER `usertestjohn`@`%`; +CREATE ROLE `client`; +# +# Setup the required tables. +# +CREATE DATABASE `bug_db`; +CREATE TABLE `bug_db`.`t0`(`c0` INT); +# +# Setup select privileges only on the role. Setting the role should give +# select access to bug_db.t0. +# +GRANT SELECT ON `bug_db`.`t0` TO `client`; +GRANT `client` TO `john`@`%`; +GRANT `client` TO `usertestjohn`@`%`; +# +# Check to see grants are set. +# +SHOW GRANTS FOR `john`@`%`; +Grants for john@% +GRANT client TO 'john'@'%' +GRANT USAGE ON *.* TO 'john'@'%' +SHOW GRANTS FOR `usertestjohn`@`%`; +Grants for usertestjohn@% +GRANT client TO 'usertestjohn'@'%' +GRANT USAGE ON *.* TO 'usertestjohn'@'%' +SHOW GRANTS FOR `client`; +Grants for client +GRANT USAGE ON *.* TO 'client' +GRANT SELECT ON `bug_db`.`t0` TO 'client' +show databases; +Database +bug_db +information_schema +mtr +mysql +performance_schema +test +# +# Try using the database as john. +# +connect john, localhost, john,,information_schema; +show databases; +Database +information_schema +test +set role client; +show databases; +Database +bug_db +information_schema +test +use bug_db; +# +# Try using the database as usertestjohn. +# +connect usertestjohn, localhost, usertestjohn,,information_schema; +show databases; +Database +information_schema +test +set role client; +show databases; +Database +bug_db +information_schema +test +show grants; +Grants for usertestjohn@% +GRANT client TO 'usertestjohn'@'%' +GRANT USAGE ON *.* TO 'usertestjohn'@'%' +GRANT USAGE ON *.* TO 'client' +GRANT SELECT ON `bug_db`.`t0` TO 'client' +use bug_db; +# +# Cleanup +# +connection default; +drop user john; +drop user usertestjohn; +drop role client; +drop database bug_db; diff --git a/mysql-test/suite/roles/set_role-9614.test b/mysql-test/suite/roles/set_role-9614.test new file mode 100644 index 00000000000..5e9f7dacf19 --- /dev/null +++ b/mysql-test/suite/roles/set_role-9614.test @@ -0,0 +1,79 @@ +--source include/not_embedded.inc + +--echo # +--echo # MDEV-9614 Roles and Users Longer than 6 characters +--echo # +--echo # This test case checks the edge case presented in the MDEV. The +--echo # real issue is actually apparent when the username is longer than the +--echo # rolename. + +--enable_connect_log +--echo # +--echo # We need a separate database not including test or test_% names. Due to +--echo # default privileges given on these databases. +--echo # +DROP DATABASE IF EXISTS `bug_db`; + +--echo # +--echo # The first user did not show the bug as john's length is smaller +--echo # than client. The bug is apparent most of the time for usertestjohn. +--echo # +CREATE USER `john`@`%`; +CREATE USER `usertestjohn`@`%`; +CREATE ROLE `client`; + +--echo # +--echo # Setup the required tables. +--echo # +CREATE DATABASE `bug_db`; +CREATE TABLE `bug_db`.`t0`(`c0` INT); + +--echo # +--echo # Setup select privileges only on the role. Setting the role should give +--echo # select access to bug_db.t0. +--echo # +GRANT SELECT ON `bug_db`.`t0` TO `client`; +GRANT `client` TO `john`@`%`; +GRANT `client` TO `usertestjohn`@`%`; + +--echo # +--echo # Check to see grants are set. +--echo # +SHOW GRANTS FOR `john`@`%`; +SHOW GRANTS FOR `usertestjohn`@`%`; +SHOW GRANTS FOR `client`; + +show databases; + +--echo # +--echo # Try using the database as john. +--echo # +connect (john, localhost, john,,information_schema); + +show databases; +set role client; +show databases; +use bug_db; + +--echo # +--echo # Try using the database as usertestjohn. +--echo # +connect (usertestjohn, localhost, usertestjohn,,information_schema); + +show databases; +set role client; +show databases; + +show grants; +use bug_db; + + +--echo # +--echo # Cleanup +--echo # +connection default; +drop user john; +drop user usertestjohn; +drop role client; +drop database bug_db; +--disable_connect_log |