diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2013-10-18 15:52:26 -0700 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2013-10-18 15:52:26 -0700 |
| commit | f74b9eca6ebe83367fd742f6f537814dcdd6cc2f (patch) | |
| tree | 0f411f14c6e73ca4720966e73e94e9d22a460d70 /mysql-test | |
| parent | 4ec26a7c2dbb2a49fbedf14f0ca7d126703916ae (diff) | |
| download | mariadb-git-f74b9eca6ebe83367fd742f6f537814dcdd6cc2f.tar.gz | |
remove ER_RESERVED_ROLE.
Only allow NONE instead of a role name in SET ROLE.
Don't allow PUBLIC as a role name anywhere (to be fixed later)
Fix db_access calculations on SET ROLE
Reduce the size of role_grants and parent_grantee per-user/role arrays.
Fix the wording and specify the correct sqlstate for ER_INVALID_ROLE
Diffstat (limited to 'mysql-test')
| -rw-r--r-- | mysql-test/r/acl_roles_none_public.result | 56 | ||||
| -rw-r--r-- | mysql-test/r/acl_roles_set_role-recursive.result | 2 | ||||
| -rw-r--r-- | mysql-test/t/acl_roles_none_public.test | 55 |
3 files changed, 112 insertions, 1 deletions
diff --git a/mysql-test/r/acl_roles_none_public.result b/mysql-test/r/acl_roles_none_public.result new file mode 100644 index 00000000000..a0c7a0db707 --- /dev/null +++ b/mysql-test/r/acl_roles_none_public.result @@ -0,0 +1,56 @@ +create role role1; +create role none; +ERROR OP000: Invalid role specification `none`. +create role public; +ERROR OP000: Invalid role specification `public`. +drop role none; +ERROR HY000: Operation DROP ROLE failed for 'none' +grant none to role1; +ERROR OP000: Invalid role specification `none`. +grant role1 to none; +ERROR OP000: Invalid role specification `none`. +grant select on *.* to none; +ERROR OP000: Invalid role specification `none`. +grant public to role1; +ERROR OP000: Invalid role specification `public`. +grant role1 to public; +ERROR OP000: Invalid role specification `public`. +grant select on *.* to public; +ERROR OP000: Invalid role specification `public`. +grant role1 to current_role; +ERROR OP000: Invalid role specification `NONE`. +revoke none from role1; +ERROR OP000: Invalid role specification `none`. +revoke role1 from none; +ERROR OP000: Invalid role specification `none`. +revoke select on *.* from none; +ERROR OP000: Invalid role specification `none`. +revoke public from role1; +ERROR OP000: Invalid role specification `public`. +revoke role1 from public; +ERROR OP000: Invalid role specification `public`. +revoke select on *.* from public; +ERROR OP000: Invalid role specification `public`. +show grants for none; +ERROR OP000: Invalid role specification `none`. +show grants for public; +ERROR OP000: Invalid role specification `public`. +create definer=none view test.v1 as select 1; +ERROR OP000: Invalid role specification `none`. +create definer=public view test.v1 as select 1; +ERROR OP000: Invalid role specification `public`. +drop role role1; +optimize table mysql.user; +Table Op Msg_type Msg_text +mysql.user optimize status OK +insert mysql.user (user, is_role) values ('none', 'Y'), ('public', 'Y'); +Warnings: +Warning 1364 Field 'ssl_cipher' doesn't have a default value +Warning 1364 Field 'x509_issuer' doesn't have a default value +Warning 1364 Field 'x509_subject' doesn't have a default value +Warning 1364 Field 'authentication_string' doesn't have a default value +flush privileges; +Warnings: +Error 1958 Invalid role specification `none`. +Error 1958 Invalid role specification `public`. +delete from mysql.user where is_role='Y'; diff --git a/mysql-test/r/acl_roles_set_role-recursive.result b/mysql-test/r/acl_roles_set_role-recursive.result index 54965157612..a4442d8caa3 100644 --- a/mysql-test/r/acl_roles_set_role-recursive.result +++ b/mysql-test/r/acl_roles_set_role-recursive.result @@ -66,7 +66,7 @@ Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' set role test_role2; -ERROR HY000: The role 'test_role2' has not been granted or is invalid. +ERROR OP000: Invalid role specification `test_role2`. select current_user(), current_role(); current_user() current_role() test_user@localhost NULL diff --git a/mysql-test/t/acl_roles_none_public.test b/mysql-test/t/acl_roles_none_public.test new file mode 100644 index 00000000000..af3d6bf3f68 --- /dev/null +++ b/mysql-test/t/acl_roles_none_public.test @@ -0,0 +1,55 @@ +create role role1; + +--error ER_INVALID_ROLE +create role none; +--error ER_INVALID_ROLE +create role public; +--error ER_CANNOT_USER +drop role none; + +--error ER_INVALID_ROLE +grant none to role1; +--error ER_INVALID_ROLE +grant role1 to none; +--error ER_INVALID_ROLE +grant select on *.* to none; +--error ER_INVALID_ROLE +grant public to role1; +--error ER_INVALID_ROLE +grant role1 to public; +--error ER_INVALID_ROLE +grant select on *.* to public; + +--error ER_INVALID_ROLE +grant role1 to current_role; + +--error ER_INVALID_ROLE +revoke none from role1; +--error ER_INVALID_ROLE +revoke role1 from none; +--error ER_INVALID_ROLE +revoke select on *.* from none; +--error ER_INVALID_ROLE +revoke public from role1; +--error ER_INVALID_ROLE +revoke role1 from public; +--error ER_INVALID_ROLE +revoke select on *.* from public; + +--error ER_INVALID_ROLE +show grants for none; +--error ER_INVALID_ROLE +show grants for public; + +--error ER_INVALID_ROLE +create definer=none view test.v1 as select 1; +--error ER_INVALID_ROLE +create definer=public view test.v1 as select 1; + +drop role role1; + +optimize table mysql.user; # to remove deleted rows and have stable row order +insert mysql.user (user, is_role) values ('none', 'Y'), ('public', 'Y'); +flush privileges; +delete from mysql.user where is_role='Y'; + |