diff options
author | Dmitry Lenev <Dmitry.Lenev@oracle.com> | 2011-02-07 15:06:22 +0300 |
---|---|---|
committer | Dmitry Lenev <Dmitry.Lenev@oracle.com> | 2011-02-07 15:06:22 +0300 |
commit | f74fd118cff0d1d0f45600ef6f25271484b69259 (patch) | |
tree | 3b79267544dc53e2eb6d0b412ec829d0d141bbeb /mysql-test | |
parent | bcd988b2d38657ed6119011d4a22bdde3fbec551 (diff) | |
parent | b169b8d8530208f7655782841fdbe92a1b61f56d (diff) | |
download | mariadb-git-f74fd118cff0d1d0f45600ef6f25271484b69259.tar.gz |
Merged fix for bug #36544 "DROP USER does not remove stored
function privileges" into 5.5 tree. Did after-merge fixes.
Diffstat (limited to 'mysql-test')
-rw-r--r-- | mysql-test/r/grant.result | 197 | ||||
-rw-r--r-- | mysql-test/suite/funcs_1/r/innodb_storedproc_06.result | 2 | ||||
-rw-r--r-- | mysql-test/suite/funcs_1/r/memory_storedproc_06.result | 2 | ||||
-rw-r--r-- | mysql-test/suite/funcs_1/r/myisam_storedproc_06.result | 2 | ||||
-rw-r--r-- | mysql-test/suite/funcs_1/storedproc/storedproc_06.inc | 4 | ||||
-rw-r--r-- | mysql-test/t/grant.test | 177 |
6 files changed, 370 insertions, 14 deletions
diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index aade98d49b6..3462dccd073 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -1326,6 +1326,199 @@ DROP DATABASE mysqltest2; DROP USER testuser@localhost; use test; +# +# Test for bug #36544 "DROP USER does not remove stored function +# privileges". +# +create database mysqltest1; +create function mysqltest1.f1() returns int return 0; +create procedure mysqltest1.p1() begin end; +# +# 1) Check that DROP USER properly removes privileges on both +# stored procedures and functions. +# +create user mysqluser1@localhost; +grant execute on function mysqltest1.f1 to mysqluser1@localhost; +grant execute on procedure mysqltest1.p1 to mysqluser1@localhost; +# Quick test that granted privileges are properly reflected +# in privilege tables and in in-memory structures. +show grants for mysqluser1@localhost; +Grants for mysqluser1@localhost +GRANT USAGE ON *.* TO 'mysqluser1'@'localhost' +GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO 'mysqluser1'@'localhost' +GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO 'mysqluser1'@'localhost' +select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; +db routine_name routine_type proc_priv +mysqltest1 f1 FUNCTION Execute +mysqltest1 p1 PROCEDURE Execute +# +# Create connection 'bug_36544_con1' as 'mysqluser1@localhost'. +call mysqltest1.p1(); +select mysqltest1.f1(); +mysqltest1.f1() +0 +# +# Switch to connection 'default'. +drop user mysqluser1@localhost; +# +# Test that dropping of user is properly reflected in +# both privilege tables and in in-memory structures. +# +# Switch to connection 'bug36544_con1'. +# The connection cold be alive but should not be able to +# access to any of the stored routines. +call mysqltest1.p1(); +ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1' +select mysqltest1.f1(); +ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1' +# +# Switch to connection 'default'. +# +# Now create user with the same name and check that he +# has not inherited privileges. +create user mysqluser1@localhost; +show grants for mysqluser1@localhost; +Grants for mysqluser1@localhost +GRANT USAGE ON *.* TO 'mysqluser1'@'localhost' +select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; +db routine_name routine_type proc_priv +# +# Create connection 'bug_36544_con2' as 'mysqluser1@localhost'. +# Newly created user should not be able to access any of the routines. +call mysqltest1.p1(); +ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1' +select mysqltest1.f1(); +ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1' +# +# Switch to connection 'default'. +# +# 2) Check that RENAME USER properly updates privileges on both +# stored procedures and functions. +# +grant execute on function mysqltest1.f1 to mysqluser1@localhost; +grant execute on procedure mysqltest1.p1 to mysqluser1@localhost; +# +# Create one more user to make in-memory hashes non-trivial. +# User names 'mysqluser11' and 'mysqluser10' were selected +# to trigger bug discovered during code inspection. +create user mysqluser11@localhost; +grant execute on function mysqltest1.f1 to mysqluser11@localhost; +grant execute on procedure mysqltest1.p1 to mysqluser11@localhost; +# Also create a couple of tables to test for another bug +# discovered during code inspection (again table names were +# chosen especially to trigger the bug). +create table mysqltest1.t11 (i int); +create table mysqltest1.t22 (i int); +grant select on mysqltest1.t22 to mysqluser1@localhost; +grant select on mysqltest1.t11 to mysqluser1@localhost; +# Quick test that granted privileges are properly reflected +# in privilege tables and in in-memory structures. +show grants for mysqluser1@localhost; +Grants for mysqluser1@localhost +GRANT USAGE ON *.* TO 'mysqluser1'@'localhost' +GRANT SELECT ON `mysqltest1`.`t11` TO 'mysqluser1'@'localhost' +GRANT SELECT ON `mysqltest1`.`t22` TO 'mysqluser1'@'localhost' +GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO 'mysqluser1'@'localhost' +GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO 'mysqluser1'@'localhost' +select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; +db routine_name routine_type proc_priv +mysqltest1 f1 FUNCTION Execute +mysqltest1 p1 PROCEDURE Execute +select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost'; +db table_name table_priv +mysqltest1 t11 Select +mysqltest1 t22 Select +# +# Switch to connection 'bug36544_con2'. +call mysqltest1.p1(); +select mysqltest1.f1(); +mysqltest1.f1() +0 +select * from mysqltest1.t11; +i +select * from mysqltest1.t22; +i +# +# Switch to connection 'default'. +rename user mysqluser1@localhost to mysqluser10@localhost; +# +# Test that there are no privileges left for mysqluser1. +# +# Switch to connection 'bug36544_con2'. +# The connection cold be alive but should not be able to +# access to any of the stored routines or tables. +call mysqltest1.p1(); +ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1' +select mysqltest1.f1(); +ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1' +select * from mysqltest1.t11; +ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't11' +select * from mysqltest1.t22; +ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't22' +# +# Switch to connection 'default'. +# +# Now create user with the old name and check that he +# has not inherited privileges. +create user mysqluser1@localhost; +show grants for mysqluser1@localhost; +Grants for mysqluser1@localhost +GRANT USAGE ON *.* TO 'mysqluser1'@'localhost' +select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; +db routine_name routine_type proc_priv +select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost'; +db table_name table_priv +# +# Create connection 'bug_36544_con3' as 'mysqluser1@localhost'. +# Newly created user should not be able to access to any of the +# stored routines or tables. +call mysqltest1.p1(); +ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1' +select mysqltest1.f1(); +ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1' +select * from mysqltest1.t11; +ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't11' +select * from mysqltest1.t22; +ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't22' +# +# Switch to connection 'default'. +# +# Now check that privileges became associated with a new user +# name - mysqluser10. +# +show grants for mysqluser10@localhost; +Grants for mysqluser10@localhost +GRANT USAGE ON *.* TO 'mysqluser10'@'localhost' +GRANT SELECT ON `mysqltest1`.`t22` TO 'mysqluser10'@'localhost' +GRANT SELECT ON `mysqltest1`.`t11` TO 'mysqluser10'@'localhost' +GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO 'mysqluser10'@'localhost' +GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO 'mysqluser10'@'localhost' +select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser10' and host='localhost'; +db routine_name routine_type proc_priv +mysqltest1 f1 FUNCTION Execute +mysqltest1 p1 PROCEDURE Execute +select db, table_name, table_priv from mysql.tables_priv where user='mysqluser10' and host='localhost'; +db table_name table_priv +mysqltest1 t11 Select +mysqltest1 t22 Select +# +# Create connection 'bug_36544_con4' as 'mysqluser10@localhost'. +call mysqltest1.p1(); +select mysqltest1.f1(); +mysqltest1.f1() +0 +select * from mysqltest1.t11; +i +select * from mysqltest1.t22; +i +# +# Switch to connection 'default'. +# +# Clean-up. +drop user mysqluser1@localhost; +drop user mysqluser10@localhost; +drop user mysqluser11@localhost; +drop database mysqltest1; End of 5.0 tests set names utf8; grant select on test.* to юзер_юзер@localhost; @@ -1422,11 +1615,7 @@ fn2() 2 DROP USER 'userbug33464'@'localhost'; DROP FUNCTION fn1; -Warnings: -Warning 1403 There is no such grant defined for user 'userbug33464' on host 'localhost' on routine 'fn1' DROP FUNCTION fn2; -Warnings: -Warning 1403 There is no such grant defined for user 'userbug33464' on host 'localhost' on routine 'fn2' DROP PROCEDURE sp3; DROP USER 'userbug33464'@'localhost'; USE test; diff --git a/mysql-test/suite/funcs_1/r/innodb_storedproc_06.result b/mysql-test/suite/funcs_1/r/innodb_storedproc_06.result index ee1548fe012..5219f057593 100644 --- a/mysql-test/suite/funcs_1/r/innodb_storedproc_06.result +++ b/mysql-test/suite/funcs_1/r/innodb_storedproc_06.result @@ -128,8 +128,6 @@ root@localhost db_storedproc_1 drop user 'user_1'@'localhost'; DROP PROCEDURE sp3; DROP FUNCTION fn1; -Warnings: -Warning 1403 There is no such grant defined for user 'user_1' on host 'localhost' on routine 'fn1' Testcase 3.1.6.4: ----------------- diff --git a/mysql-test/suite/funcs_1/r/memory_storedproc_06.result b/mysql-test/suite/funcs_1/r/memory_storedproc_06.result index 096cbd1261e..ac66f0bb230 100644 --- a/mysql-test/suite/funcs_1/r/memory_storedproc_06.result +++ b/mysql-test/suite/funcs_1/r/memory_storedproc_06.result @@ -129,8 +129,6 @@ root@localhost db_storedproc_1 drop user 'user_1'@'localhost'; DROP PROCEDURE sp3; DROP FUNCTION fn1; -Warnings: -Warning 1403 There is no such grant defined for user 'user_1' on host 'localhost' on routine 'fn1' Testcase 3.1.6.4: ----------------- diff --git a/mysql-test/suite/funcs_1/r/myisam_storedproc_06.result b/mysql-test/suite/funcs_1/r/myisam_storedproc_06.result index 096cbd1261e..ac66f0bb230 100644 --- a/mysql-test/suite/funcs_1/r/myisam_storedproc_06.result +++ b/mysql-test/suite/funcs_1/r/myisam_storedproc_06.result @@ -129,8 +129,6 @@ root@localhost db_storedproc_1 drop user 'user_1'@'localhost'; DROP PROCEDURE sp3; DROP FUNCTION fn1; -Warnings: -Warning 1403 There is no such grant defined for user 'user_1' on host 'localhost' on routine 'fn1' Testcase 3.1.6.4: ----------------- diff --git a/mysql-test/suite/funcs_1/storedproc/storedproc_06.inc b/mysql-test/suite/funcs_1/storedproc/storedproc_06.inc index 4ecca63351d..656b9a52e85 100644 --- a/mysql-test/suite/funcs_1/storedproc/storedproc_06.inc +++ b/mysql-test/suite/funcs_1/storedproc/storedproc_06.inc @@ -149,10 +149,6 @@ USE db_storedproc_1; drop user 'user_1'@'localhost'; DROP PROCEDURE sp3; -# This drop function shouldn't generated a warning as the -# privileges should have been removed when the user was -# dropped. Reported as Bug#36544 DROP USER does not remove -# stored function privileges DROP FUNCTION fn1; diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test index 0762ceda0ac..03a6ceafb36 100644 --- a/mysql-test/t/grant.test +++ b/mysql-test/t/grant.test @@ -1396,6 +1396,183 @@ DROP USER testuser@localhost; use test; --echo + +--echo # +--echo # Test for bug #36544 "DROP USER does not remove stored function +--echo # privileges". +--echo # +create database mysqltest1; +create function mysqltest1.f1() returns int return 0; +create procedure mysqltest1.p1() begin end; +--echo # +--echo # 1) Check that DROP USER properly removes privileges on both +--echo # stored procedures and functions. +--echo # +create user mysqluser1@localhost; +grant execute on function mysqltest1.f1 to mysqluser1@localhost; +grant execute on procedure mysqltest1.p1 to mysqluser1@localhost; + +--echo # Quick test that granted privileges are properly reflected +--echo # in privilege tables and in in-memory structures. +show grants for mysqluser1@localhost; +select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; +--echo # +--echo # Create connection 'bug_36544_con1' as 'mysqluser1@localhost'. +--connect (bug36544_con1,localhost,mysqluser1,,) +call mysqltest1.p1(); +select mysqltest1.f1(); + +--echo # +--echo # Switch to connection 'default'. +--connection default +drop user mysqluser1@localhost; + +--echo # +--echo # Test that dropping of user is properly reflected in +--echo # both privilege tables and in in-memory structures. +--echo # +--echo # Switch to connection 'bug36544_con1'. +--connection bug36544_con1 +--echo # The connection cold be alive but should not be able to +--echo # access to any of the stored routines. +--error ER_PROCACCESS_DENIED_ERROR +call mysqltest1.p1(); +--error ER_PROCACCESS_DENIED_ERROR +select mysqltest1.f1(); +--disconnect bug36544_con1 + +--echo # +--echo # Switch to connection 'default'. +--connection default +--echo # +--echo # Now create user with the same name and check that he +--echo # has not inherited privileges. +create user mysqluser1@localhost; +show grants for mysqluser1@localhost; +select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; +--echo # +--echo # Create connection 'bug_36544_con2' as 'mysqluser1@localhost'. +--connect (bug36544_con2,localhost,mysqluser1,,) +--echo # Newly created user should not be able to access any of the routines. +--error ER_PROCACCESS_DENIED_ERROR +call mysqltest1.p1(); +--error ER_PROCACCESS_DENIED_ERROR +select mysqltest1.f1(); +--echo # +--echo # Switch to connection 'default'. +--connection default + +--echo # +--echo # 2) Check that RENAME USER properly updates privileges on both +--echo # stored procedures and functions. +--echo # +grant execute on function mysqltest1.f1 to mysqluser1@localhost; +grant execute on procedure mysqltest1.p1 to mysqluser1@localhost; +--echo # +--echo # Create one more user to make in-memory hashes non-trivial. +--echo # User names 'mysqluser11' and 'mysqluser10' were selected +--echo # to trigger bug discovered during code inspection. +create user mysqluser11@localhost; +grant execute on function mysqltest1.f1 to mysqluser11@localhost; +grant execute on procedure mysqltest1.p1 to mysqluser11@localhost; +--echo # Also create a couple of tables to test for another bug +--echo # discovered during code inspection (again table names were +--echo # chosen especially to trigger the bug). +create table mysqltest1.t11 (i int); +create table mysqltest1.t22 (i int); +grant select on mysqltest1.t22 to mysqluser1@localhost; +grant select on mysqltest1.t11 to mysqluser1@localhost; + +--echo # Quick test that granted privileges are properly reflected +--echo # in privilege tables and in in-memory structures. +show grants for mysqluser1@localhost; +select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; +select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost'; +--echo # +--echo # Switch to connection 'bug36544_con2'. +--connection bug36544_con2 +call mysqltest1.p1(); +select mysqltest1.f1(); +select * from mysqltest1.t11; +select * from mysqltest1.t22; + +--echo # +--echo # Switch to connection 'default'. +--connection default +rename user mysqluser1@localhost to mysqluser10@localhost; + +--echo # +--echo # Test that there are no privileges left for mysqluser1. +--echo # +--echo # Switch to connection 'bug36544_con2'. +--connection bug36544_con2 +--echo # The connection cold be alive but should not be able to +--echo # access to any of the stored routines or tables. +--error ER_PROCACCESS_DENIED_ERROR +call mysqltest1.p1(); +--error ER_PROCACCESS_DENIED_ERROR +select mysqltest1.f1(); +--error ER_TABLEACCESS_DENIED_ERROR +select * from mysqltest1.t11; +--error ER_TABLEACCESS_DENIED_ERROR +select * from mysqltest1.t22; +--disconnect bug36544_con2 + +--echo # +--echo # Switch to connection 'default'. +--connection default +--echo # +--echo # Now create user with the old name and check that he +--echo # has not inherited privileges. +create user mysqluser1@localhost; +show grants for mysqluser1@localhost; +select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; +select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost'; +--echo # +--echo # Create connection 'bug_36544_con3' as 'mysqluser1@localhost'. +--connect (bug36544_con3,localhost,mysqluser1,,) +--echo # Newly created user should not be able to access to any of the +--echo # stored routines or tables. +--error ER_PROCACCESS_DENIED_ERROR +call mysqltest1.p1(); +--error ER_PROCACCESS_DENIED_ERROR +select mysqltest1.f1(); +--error ER_TABLEACCESS_DENIED_ERROR +select * from mysqltest1.t11; +--error ER_TABLEACCESS_DENIED_ERROR +select * from mysqltest1.t22; +--disconnect bug36544_con3 + +--echo # +--echo # Switch to connection 'default'. +--connection default +--echo # +--echo # Now check that privileges became associated with a new user +--echo # name - mysqluser10. +--echo # +show grants for mysqluser10@localhost; +select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser10' and host='localhost'; +select db, table_name, table_priv from mysql.tables_priv where user='mysqluser10' and host='localhost'; +--echo # +--echo # Create connection 'bug_36544_con4' as 'mysqluser10@localhost'. +--connect (bug36544_con4,localhost,mysqluser10,,) +call mysqltest1.p1(); +select mysqltest1.f1(); +select * from mysqltest1.t11; +select * from mysqltest1.t22; +--disconnect bug36544_con4 + +--echo # +--echo # Switch to connection 'default'. +--connection default +--echo # +--echo # Clean-up. +drop user mysqluser1@localhost; +drop user mysqluser10@localhost; +drop user mysqluser11@localhost; +drop database mysqltest1; + + --echo End of 5.0 tests # |