diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2013-01-29 15:10:47 +0100 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2013-01-29 15:10:47 +0100 |
| commit | 0af4b6c6ee2b8a61823478c0a56ebdfa52cae3cc (patch) | |
| tree | 7b24eb150b9cca718c88edaabbfc6c8bb16fd015 /mysql-test/t/plugin_auth.test | |
| parent | cf20de000bdff07a34a373079991d24837423896 (diff) | |
| parent | 52fbe44fbbe60ecaba6453884ec1ad32755d7a04 (diff) | |
| download | mariadb-git-0af4b6c6ee2b8a61823478c0a56ebdfa52cae3cc.tar.gz | |
5.5 merge
Diffstat (limited to 'mysql-test/t/plugin_auth.test')
| -rw-r--r-- | mysql-test/t/plugin_auth.test | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/mysql-test/t/plugin_auth.test b/mysql-test/t/plugin_auth.test index e1de1cc8153..4a3187a33eb 100644 --- a/mysql-test/t/plugin_auth.test +++ b/mysql-test/t/plugin_auth.test @@ -174,21 +174,35 @@ GRANT PROXY ON ''@'' TO grant_plug; --error ER_ACCESS_DENIED_NO_PASSWORD_ERROR GRANT PROXY ON grant_plug TO grant_plug_dest; ---echo this should fail : same user, but on a different host ---error ER_ACCESS_DENIED_NO_PASSWORD_ERROR +# Security context in THD contains two pairs of (user,host) +# 1. (user,host) pair referring to inbound connection +# 2. (priv_user,priv_host) pair obtained from mysql.user table after doing +# authnetication of incoming connection. +# Granting/revoking proxy privileges, privileges should be checked wrt +# (priv_user, priv_host) tuple that is obtained from mysql.user table +# Following is a valid grant because effective user of connection is +# grant_plug_dest@% and statement is trying to grant proxy on the same +# user. +--echo This is a valid grant GRANT PROXY ON grant_plug_dest TO grant_plug; +REVOKE PROXY ON grant_plug_dest FROM grant_plug; --echo this should work : same user -GRANT PROXY ON grant_plug_dest@localhost TO grant_plug_dest2; -REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug_dest2; +GRANT PROXY ON grant_plug_dest TO grant_plug_dest2; +REVOKE PROXY ON grant_plug_dest FROM grant_plug_dest2; ---echo this should work : same user +# grant_plug_dest@localhost is not the same as grant_plug_dest@% +# so following grant/revoke should fail +--echo this should fail : not the same user +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR GRANT PROXY ON grant_plug_dest@localhost TO grant_plug WITH GRANT OPTION; +--echo this should fail : not the same user +--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug; --echo this should fail : can't create users --error ER_CANT_CREATE_USER_WITH_GRANT -GRANT PROXY ON grant_plug_dest@localhost TO grant_plug@localhost; +GRANT PROXY ON grant_plug_dest TO grant_plug@localhost; connection default; --echo in default connection |