diff options
Diffstat (limited to 'mysql-test/suite/roles')
| -rw-r--r-- | mysql-test/suite/roles/definer.result | 21 | ||||
| -rw-r--r-- | mysql-test/suite/roles/definer.test | 2 | ||||
| -rw-r--r-- | mysql-test/suite/roles/rpl_grant_revoke_current_role-8638.result | 8 | ||||
| -rw-r--r-- | mysql-test/suite/roles/rpl_grant_revoke_current_role-8638.test | 12 | ||||
| -rw-r--r-- | mysql-test/suite/roles/set_role-9614.result | 99 | ||||
| -rw-r--r-- | mysql-test/suite/roles/set_role-9614.test | 79 | ||||
| -rw-r--r-- | mysql-test/suite/roles/set_role-simple.result | 11 | ||||
| -rw-r--r-- | mysql-test/suite/roles/set_role-simple.test | 15 |
8 files changed, 236 insertions, 11 deletions
diff --git a/mysql-test/suite/roles/definer.result b/mysql-test/suite/roles/definer.result index 293e5e539bc..4810e597763 100644 --- a/mysql-test/suite/roles/definer.result +++ b/mysql-test/suite/roles/definer.result @@ -22,10 +22,10 @@ show create view test.v1; View Create View character_set_client collation_connection v1 CREATE ALGORITHM=UNDEFINED DEFINER=`role1` SQL SECURITY DEFINER VIEW `test`.`v1` AS select (`mysqltest1`.`t1`.`a` + `mysqltest1`.`t1`.`b`) AS `a+b`,`mysqltest1`.`t1`.`c` AS `c` from `mysqltest1`.`t1` latin1 latin1_swedish_ci set role none; -create definer=role2 view test.v2 as select a+b,c from t1; +create definer=role2 view test.v2 as select a+b,c,current_role() from t1; show create view test.v2; View Create View character_set_client collation_connection -v2 CREATE ALGORITHM=UNDEFINED DEFINER=`role2` SQL SECURITY DEFINER VIEW `test`.`v2` AS select (`mysqltest1`.`t1`.`a` + `mysqltest1`.`t1`.`b`) AS `a+b`,`mysqltest1`.`t1`.`c` AS `c` from `mysqltest1`.`t1` latin1 latin1_swedish_ci +v2 CREATE ALGORITHM=UNDEFINED DEFINER=`role2` SQL SECURITY DEFINER VIEW `test`.`v2` AS select (`mysqltest1`.`t1`.`a` + `mysqltest1`.`t1`.`b`) AS `a+b`,`mysqltest1`.`t1`.`c` AS `c`,current_role() AS `current_role()` from `mysqltest1`.`t1` latin1 latin1_swedish_ci create definer=role3 view test.v3 as select a+b,c from t1; Warnings: Note 1449 The user specified as a definer ('role3'@'%') does not exist @@ -44,9 +44,9 @@ GRANT CREATE VIEW ON `mysqltest1`.* TO 'foo'@'localhost' select * from test.v1; ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them select * from test.v2; -a+b c -11 100 -22 200 +a+b c current_role() +11 100 role2 +22 200 role2 select * from test.v3; ERROR 28000: Access denied for user 'foo'@'localhost' (using password: NO) create definer=role4 view test.v4 as select a+b,c from t1; @@ -113,7 +113,7 @@ tr1 NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`role1` trigger tr insert t1 values (111, 222, 333) latin1 latin1_swedish_ci latin1_swedish_ci set role none; insert t2 values (11,22,33); -ERROR 42000: INSERT command denied to user 'role1'@'' for table 't1' +ERROR 42000: INSERT command denied to user ''@'' for table 't1' select * from t1; a b c 1 10 100 @@ -179,7 +179,7 @@ pr1 NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`role1` PROCEDURE insert t1 values (111, 222, 333) latin1 latin1_swedish_ci latin1_swedish_ci set role none; call pr1(); -ERROR 42000: INSERT command denied to user 'role1'@'' for table 't1' +ERROR 42000: INSERT command denied to user ''@'' for table 't1' select * from t1; a b c 1 10 100 @@ -222,7 +222,7 @@ fn1 NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`role1` FUNCTION ` return (select sum(a+b) from t1) latin1 latin1_swedish_ci latin1_swedish_ci set role none; select fn1(); -ERROR 42000: SELECT command denied to user 'role1'@'' for column 'b' in table 't1' +ERROR 42000: SELECT command denied to user ''@'' for column 'b' in table 't1' select * from t1; a b c 1 10 100 @@ -289,7 +289,8 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8; /*!50001 CREATE TABLE `v2` ( `a+b` tinyint NOT NULL, - `c` tinyint NOT NULL + `c` tinyint NOT NULL, + `current_role()` tinyint NOT NULL ) ENGINE=MyISAM */; SET character_set_client = @saved_cs_client; SET @saved_cs_client = @@character_set_client; @@ -553,7 +554,7 @@ USE `test`; /*!50001 SET character_set_client = latin1 */; /*!50001 SET character_set_results = latin1 */; /*!50001 SET collation_connection = latin1_swedish_ci */; -/*!50001 CREATE ALGORITHM=UNDEFINED DEFINER=`role2` SQL SECURITY DEFINER VIEW `v2` AS select (`mysqltest1`.`t1`.`a` + `mysqltest1`.`t1`.`b`) AS `a+b`,`mysqltest1`.`t1`.`c` AS `c` from `mysqltest1`.`t1` */; +/*!50001 CREATE ALGORITHM=UNDEFINED DEFINER=`role2` SQL SECURITY DEFINER VIEW `v2` AS select (`mysqltest1`.`t1`.`a` + `mysqltest1`.`t1`.`b`) AS `a+b`,`mysqltest1`.`t1`.`c` AS `c`,current_role() AS `current_role()` from `mysqltest1`.`t1` */; /*!50001 SET character_set_client = @saved_cs_client */; /*!50001 SET character_set_results = @saved_cs_results */; /*!50001 SET collation_connection = @saved_col_connection */; diff --git a/mysql-test/suite/roles/definer.test b/mysql-test/suite/roles/definer.test index 3de4a6922c2..090c60917c9 100644 --- a/mysql-test/suite/roles/definer.test +++ b/mysql-test/suite/roles/definer.test @@ -47,7 +47,7 @@ show create view test.v1; set role none; # definer=role_name, privileges ok -create definer=role2 view test.v2 as select a+b,c from t1; +create definer=role2 view test.v2 as select a+b,c,current_role() from t1; show create view test.v2; # definer=non_existent_role diff --git a/mysql-test/suite/roles/rpl_grant_revoke_current_role-8638.result b/mysql-test/suite/roles/rpl_grant_revoke_current_role-8638.result new file mode 100644 index 00000000000..ef2b9648778 --- /dev/null +++ b/mysql-test/suite/roles/rpl_grant_revoke_current_role-8638.result @@ -0,0 +1,8 @@ +include/master-slave.inc +[connection master] +create role r1; +set role r1; +grant select on db.* to current_role; +revoke all privileges, grant option from current_role; +drop role r1; +include/rpl_end.inc diff --git a/mysql-test/suite/roles/rpl_grant_revoke_current_role-8638.test b/mysql-test/suite/roles/rpl_grant_revoke_current_role-8638.test new file mode 100644 index 00000000000..6a6c4f2a756 --- /dev/null +++ b/mysql-test/suite/roles/rpl_grant_revoke_current_role-8638.test @@ -0,0 +1,12 @@ +--source include/master-slave.inc +--source include/have_binlog_format_mixed.inc + +--enable_connect_log + +create role r1; +set role r1; +grant select on db.* to current_role; +revoke all privileges, grant option from current_role; +drop role r1; + +--source include/rpl_end.inc diff --git a/mysql-test/suite/roles/set_role-9614.result b/mysql-test/suite/roles/set_role-9614.result new file mode 100644 index 00000000000..37f6db070c0 --- /dev/null +++ b/mysql-test/suite/roles/set_role-9614.result @@ -0,0 +1,99 @@ +# +# MDEV-9614 Roles and Users Longer than 6 characters +# +# This test case checks the edge case presented in the MDEV. The +# real issue is actually apparent when the username is longer than the +# rolename. +# +# We need a separate database not including test or test_% names. Due to +# default privileges given on these databases. +# +DROP DATABASE IF EXISTS `bug_db`; +Warnings: +Note 1008 Can't drop database 'bug_db'; database doesn't exist +# +# The first user did not show the bug as john's length is smaller +# than client. The bug is apparent most of the time for usertestjohn. +# +CREATE USER `john`@`%`; +CREATE USER `usertestjohn`@`%`; +CREATE ROLE `client`; +# +# Setup the required tables. +# +CREATE DATABASE `bug_db`; +CREATE TABLE `bug_db`.`t0`(`c0` INT); +# +# Setup select privileges only on the role. Setting the role should give +# select access to bug_db.t0. +# +GRANT SELECT ON `bug_db`.`t0` TO `client`; +GRANT `client` TO `john`@`%`; +GRANT `client` TO `usertestjohn`@`%`; +# +# Check to see grants are set. +# +SHOW GRANTS FOR `john`@`%`; +Grants for john@% +GRANT client TO 'john'@'%' +GRANT USAGE ON *.* TO 'john'@'%' +SHOW GRANTS FOR `usertestjohn`@`%`; +Grants for usertestjohn@% +GRANT client TO 'usertestjohn'@'%' +GRANT USAGE ON *.* TO 'usertestjohn'@'%' +SHOW GRANTS FOR `client`; +Grants for client +GRANT USAGE ON *.* TO 'client' +GRANT SELECT ON `bug_db`.`t0` TO 'client' +show databases; +Database +bug_db +information_schema +mtr +mysql +performance_schema +test +# +# Try using the database as john. +# +connect john, localhost, john,,information_schema; +show databases; +Database +information_schema +test +set role client; +show databases; +Database +bug_db +information_schema +test +use bug_db; +# +# Try using the database as usertestjohn. +# +connect usertestjohn, localhost, usertestjohn,,information_schema; +show databases; +Database +information_schema +test +set role client; +show databases; +Database +bug_db +information_schema +test +show grants; +Grants for usertestjohn@% +GRANT client TO 'usertestjohn'@'%' +GRANT USAGE ON *.* TO 'usertestjohn'@'%' +GRANT USAGE ON *.* TO 'client' +GRANT SELECT ON `bug_db`.`t0` TO 'client' +use bug_db; +# +# Cleanup +# +connection default; +drop user john; +drop user usertestjohn; +drop role client; +drop database bug_db; diff --git a/mysql-test/suite/roles/set_role-9614.test b/mysql-test/suite/roles/set_role-9614.test new file mode 100644 index 00000000000..5e9f7dacf19 --- /dev/null +++ b/mysql-test/suite/roles/set_role-9614.test @@ -0,0 +1,79 @@ +--source include/not_embedded.inc + +--echo # +--echo # MDEV-9614 Roles and Users Longer than 6 characters +--echo # +--echo # This test case checks the edge case presented in the MDEV. The +--echo # real issue is actually apparent when the username is longer than the +--echo # rolename. + +--enable_connect_log +--echo # +--echo # We need a separate database not including test or test_% names. Due to +--echo # default privileges given on these databases. +--echo # +DROP DATABASE IF EXISTS `bug_db`; + +--echo # +--echo # The first user did not show the bug as john's length is smaller +--echo # than client. The bug is apparent most of the time for usertestjohn. +--echo # +CREATE USER `john`@`%`; +CREATE USER `usertestjohn`@`%`; +CREATE ROLE `client`; + +--echo # +--echo # Setup the required tables. +--echo # +CREATE DATABASE `bug_db`; +CREATE TABLE `bug_db`.`t0`(`c0` INT); + +--echo # +--echo # Setup select privileges only on the role. Setting the role should give +--echo # select access to bug_db.t0. +--echo # +GRANT SELECT ON `bug_db`.`t0` TO `client`; +GRANT `client` TO `john`@`%`; +GRANT `client` TO `usertestjohn`@`%`; + +--echo # +--echo # Check to see grants are set. +--echo # +SHOW GRANTS FOR `john`@`%`; +SHOW GRANTS FOR `usertestjohn`@`%`; +SHOW GRANTS FOR `client`; + +show databases; + +--echo # +--echo # Try using the database as john. +--echo # +connect (john, localhost, john,,information_schema); + +show databases; +set role client; +show databases; +use bug_db; + +--echo # +--echo # Try using the database as usertestjohn. +--echo # +connect (usertestjohn, localhost, usertestjohn,,information_schema); + +show databases; +set role client; +show databases; + +show grants; +use bug_db; + + +--echo # +--echo # Cleanup +--echo # +connection default; +drop user john; +drop user usertestjohn; +drop role client; +drop database bug_db; +--disable_connect_log diff --git a/mysql-test/suite/roles/set_role-simple.result b/mysql-test/suite/roles/set_role-simple.result index 3ce6d5c054b..29b176776e7 100644 --- a/mysql-test/suite/roles/set_role-simple.result +++ b/mysql-test/suite/roles/set_role-simple.result @@ -45,3 +45,14 @@ delete from mysql.user where user='test_role1'; delete from mysql.roles_mapping where Role='test_role1'; flush privileges; drop user 'test_user'@'localhost'; +create user user1; +connect con1,localhost,user1,,; +select current_user; +current_user +user1@% +show grants; +Grants for user1@% +GRANT USAGE ON *.* TO 'user1'@'%' +set role none; +connection default; +drop user user1; diff --git a/mysql-test/suite/roles/set_role-simple.test b/mysql-test/suite/roles/set_role-simple.test index 152a1d0eb25..ed884fa2407 100644 --- a/mysql-test/suite/roles/set_role-simple.test +++ b/mysql-test/suite/roles/set_role-simple.test @@ -37,3 +37,18 @@ delete from mysql.user where user='test_role1'; delete from mysql.roles_mapping where Role='test_role1'; flush privileges; drop user 'test_user'@'localhost'; + +# +# MDEV-9898 SET ROLE NONE can crash mysqld. +# + +create user user1; + +--connect (con1,localhost,user1,,) +select current_user; +show grants; +set role none; + +connection default; +drop user user1; + |