diff options
| author | unknown <pem@mysql.com> | 2005-12-15 15:23:16 +0100 |
|---|---|---|
| committer | unknown <pem@mysql.com> | 2005-12-15 15:23:16 +0100 |
| commit | 718128db908c921b3ad8b45342be33d66660bae4 (patch) | |
| tree | d67ffa067273b66c4bd4f39cf188bedab71154de /mysql-test/t/sp-security.test | |
| parent | 4e971ef7a6ee5de5a2a709a5eb316717e8473219 (diff) | |
| download | mariadb-git-718128db908c921b3ad8b45342be33d66660bae4.tar.gz | |
Fixed BUG#14834: Server denies to execute Stored Procedure
The problem was that databases with '_' in the name did not match a
correct ACL with a literal '_' (i.e. '\_') in the db name, only identical
strings matched. The fix makes this work, and also ACLs with wildcards in
the db name work.
mysql-test/r/sp-security.result:
New test case for BUG#14834
mysql-test/t/sp-security.test:
New test case for BUG#14834
sql/sql_acl.cc:
Match wild db:s in ACL in acl_getroot_no_password() (used for "suid" security
context switching when invoking stored routines)
Diffstat (limited to 'mysql-test/t/sp-security.test')
| -rw-r--r-- | mysql-test/t/sp-security.test | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/mysql-test/t/sp-security.test b/mysql-test/t/sp-security.test index 8d4f99abd71..0b24881a056 100644 --- a/mysql-test/t/sp-security.test +++ b/mysql-test/t/sp-security.test @@ -437,4 +437,48 @@ disconnect test_user_12812| DROP USER user_bug12812@localhost| drop function bug12812| delimiter ;| + + +# +# BUG#14834: Server denies to execute Stored Procedure +# +# The problem here was with '_' in the database name. +# +create database db_bug14834; + +create user user1_bug14834@localhost identified by ''; +# The exact name of the database (no wildcard) +grant all on `db\_bug14834`.* to user1_bug14834@localhost; + +create user user2_bug14834@localhost identified by ''; +# The exact name of the database (no wildcard) +grant all on `db\_bug14834`.* to user2_bug14834@localhost; + +create user user3_bug14834@localhost identified by ''; +# Wildcards in the database name +grant all on `db__ug14834`.* to user3_bug14834@localhost; + +connect (user1_bug14834,localhost,user1_bug14834,,db_bug14834); +# Create the procedure and check that we can call it +create procedure p_bug14834() select user(), current_user(); +call p_bug14834(); + +connect (user2_bug14834,localhost,user2_bug14834,,db_bug14834); +# This didn't work before +call p_bug14834(); + +connect (user3_bug14834,localhost,user3_bug14834,,db_bug14834); +# Should also work +call p_bug14834(); + +# Cleanup +connection default; +disconnect user1_bug14834; +disconnect user2_bug14834; +disconnect user3_bug14834; +drop user user1_bug14834@localhost; +drop user user2_bug14834@localhost; +drop user user3_bug14834@localhost; +drop database db_bug14834; + # End of 5.0 bugs. |