path: root/mysql-test/t/grant.test

# Test of GRANT commands

# Grant tests not performed with embedded server
-- source include/not_embedded.inc

# Cleanup
--disable_warnings
drop table if exists t1;
drop database if exists mysqltest;
--enable_warnings

connect (master,localhost,root,,);
connection master;
SET NAMES binary;

#
# Test that SSL options works properly
#

delete from mysql.user where user='mysqltest_1';
delete from mysql.db where user='mysqltest_1';
flush privileges;
grant select on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
show grants for mysqltest_1@localhost;
grant delete on mysqltest.* to mysqltest_1@localhost;
select * from mysql.user where user="mysqltest_1";
show grants for mysqltest_1@localhost;
revoke delete on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
grant select on mysqltest.* to mysqltest_1@localhost require NONE;
show grants for mysqltest_1@localhost;
grant USAGE on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "testsubject" ISSUER "MySQL AB";
show grants for mysqltest_1@localhost;
revoke all privileges on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
flush privileges;

#
# Test of GRANTS specifying user limits
#
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;
select * from mysql.user where user="mysqltest_1";
show grants for mysqltest_1@localhost;
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;
select * from mysql.user where user="mysqltest_1";
show grants for mysqltest_1@localhost;
# This is just to double check that one won't ignore results of selects
flush privileges;
show grants for mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
flush privileges;

#
# Test that the new db privileges are stored/retrieved correctly
#

grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
flush privileges;
show grants for mysqltest_1@localhost;
revoke CREATE TEMPORARY TABLES on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
grant ALL PRIVILEGES on mysqltest.* to mysqltest_1@localhost with GRANT OPTION;
flush privileges;
show grants for mysqltest_1@localhost;
revoke LOCK TABLES, ALTER on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
revoke all privileges on mysqltest.* from mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant usage on test.* to mysqltest_1@localhost with grant option;
show grants for mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
delete from mysql.db where user='mysqltest_1';
delete from mysql.tables_priv where user='mysqltest_1';
delete from mysql.columns_priv where user='mysqltest_1';
flush privileges;
--error 1141
show grants for mysqltest_1@localhost;

#
# Test what happens when you have same table and colum level grants
#

create table t1 (a int);
GRANT select,update,insert on t1 to mysqltest_1@localhost;
GRANT select (a), update (a),insert(a), references(a) on t1 to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1";
REVOKE select (a), update on t1 from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
REVOKE select,update,insert,insert (a) on t1 from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
GRANT select,references on t1 to mysqltest_1@localhost;
select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1";
grant all on test.* to mysqltest_3@localhost with grant option;
revoke all on test.* from mysqltest_3@localhost;
show grants for mysqltest_3@localhost;
revoke grant option on test.* from mysqltest_3@localhost;
show grants for mysqltest_3@localhost;
grant all on test.t1 to mysqltest_2@localhost with grant option;
revoke all on test.t1 from mysqltest_2@localhost;
show grants for mysqltest_2@localhost;
revoke grant option on test.t1 from mysqltest_2@localhost;
show grants for mysqltest_2@localhost;
delete from mysql.user where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
delete from mysql.db where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
delete from mysql.tables_priv where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
delete from mysql.columns_priv where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
flush privileges;
drop table t1;

#
# Test some error conditions
#
--error  1221
GRANT FILE on mysqltest.*  to mysqltest_1@localhost;
select 1;	-- To test that the previous command didn't cause problems

#
# Bug #4898: User privileges depending on ORDER BY Settings of table db
#
insert into mysql.user (host, user) values ('localhost', 'test11');
insert into mysql.db (host, db, user, select_priv) values 
('localhost', 'a%', 'test11', 'Y'), ('localhost', 'ab%', 'test11', 'Y');
alter table mysql.db order by db asc;
flush privileges;
show grants for test11@localhost;
alter table mysql.db order by db desc;
flush privileges;
show grants for test11@localhost;
delete from mysql.user where user='test11';
delete from mysql.db where user='test11';

#
# Bug#6123: GRANT USAGE inserts useless Db row
#
create database mysqltest1;
grant usage on mysqltest1.* to test6123 identified by 'magic123';
select host,db,user,select_priv,insert_priv from mysql.db where db="mysqltest1";
delete from mysql.user where user='test6123';
drop database mysqltest1;

#
# Test for 'drop user', 'revoke privileges, grant' 
#

create table t1 (a int);
grant ALL PRIVILEGES on *.* to drop_user2@localhost with GRANT OPTION;
show grants for drop_user2@localhost;
revoke all privileges, grant option from drop_user2@localhost;
drop user drop_user2@localhost;

grant ALL PRIVILEGES on *.* to drop_user@localhost with GRANT OPTION;
grant ALL PRIVILEGES on test.* to drop_user@localhost with GRANT OPTION;
grant select(a) on test.t1 to drop_user@localhost;
show grants for drop_user@localhost;

#
# Bug3086
#
set sql_mode=ansi_quotes;
show grants for drop_user@localhost;
set sql_mode=default;

set sql_quote_show_create=0;
show grants for drop_user@localhost;
set sql_mode="ansi_quotes";
show grants for drop_user@localhost;
set sql_quote_show_create=1;
show grants for drop_user@localhost;
set sql_mode="";
show grants for drop_user@localhost;

revoke all privileges, grant option from drop_user@localhost;
show grants for drop_user@localhost;
drop user drop_user@localhost;
--error 1269
revoke all privileges, grant option from drop_user@localhost;

grant select(a) on test.t1 to drop_user1@localhost;
grant select on test.t1 to drop_user2@localhost;
grant select on test.* to drop_user3@localhost;
grant select on *.* to drop_user4@localhost;
# Drop user now implicitly revokes all privileges.
drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost,
drop_user4@localhost;
--error 1269
revoke all privileges, grant option from drop_user1@localhost, drop_user2@localhost,
drop_user3@localhost, drop_user4@localhost;
--error 1396
drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost,
drop_user4@localhost;
drop table t1;
grant usage on *.* to mysqltest_1@localhost identified by "password";
grant select, update, insert on test.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
drop user mysqltest_1@localhost;

#
# Bug #3403 Wrong encodin in SHOW GRANTS output
#
SET NAMES koi8r;
CREATE DATABASE ÂÄ;
USE ÂÄ;
CREATE TABLE ÔÁÂ (ËÏÌ int);

GRANT SELECT ON ÂÄ.* TO ÀÚÅÒ@localhost;
SHOW GRANTS FOR ÀÚÅÒ@localhost;
REVOKE SELECT ON ÂÄ.* FROM ÀÚÅÒ@localhost;

GRANT SELECT ON ÂÄ.ÔÁÂ TO ÀÚÅÒ@localhost;
SHOW GRANTS FOR ÀÚÅÒ@localhost;
REVOKE SELECT ON ÂÄ.ÔÁÂ FROM ÀÚÅÒ@localhost;

GRANT SELECT (ËÏÌ) ON ÂÄ.ÔÁÂ TO ÀÚÅÒ@localhost;
SHOW GRANTS FOR ÀÚÅÒ@localhost;
REVOKE SELECT (ËÏÌ) ON ÂÄ.ÔÁÂ FROM ÀÚÅÒ@localhost;

# Revoke does not drop user. Leave a clean user table for the next tests.
DROP USER ÀÚÅÒ@localhost;

DROP DATABASE ÂÄ;
SET NAMES latin1;

#
# Bug #5831: REVOKE ALL PRIVILEGES, GRANT OPTION does not revoke everything
#
USE test;
CREATE TABLE t1 (a int );
CREATE TABLE t2 LIKE t1;
CREATE TABLE t3 LIKE t1;
CREATE TABLE t4 LIKE t1;
CREATE TABLE t5 LIKE t1;
CREATE TABLE t6 LIKE t1;
CREATE TABLE t7 LIKE t1;
CREATE TABLE t8 LIKE t1;
CREATE TABLE t9 LIKE t1;
CREATE TABLE t10 LIKE t1;
CREATE DATABASE testdb1;
CREATE DATABASE testdb2;
CREATE DATABASE testdb3;
CREATE DATABASE testdb4;
CREATE DATABASE testdb5;
CREATE DATABASE testdb6;
CREATE DATABASE testdb7;
CREATE DATABASE testdb8;
CREATE DATABASE testdb9;
CREATE DATABASE testdb10;
GRANT ALL ON testdb1.* TO testuser@localhost;
GRANT ALL ON testdb2.* TO testuser@localhost;
GRANT ALL ON testdb3.* TO testuser@localhost;
GRANT ALL ON testdb4.* TO testuser@localhost;
GRANT ALL ON testdb5.* TO testuser@localhost;
GRANT ALL ON testdb6.* TO testuser@localhost;
GRANT ALL ON testdb7.* TO testuser@localhost;
GRANT ALL ON testdb8.* TO testuser@localhost;
GRANT ALL ON testdb9.* TO testuser@localhost;
GRANT ALL ON testdb10.* TO testuser@localhost;
GRANT SELECT ON test.t1 TO testuser@localhost;
GRANT SELECT ON test.t2 TO testuser@localhost;
GRANT SELECT ON test.t3 TO testuser@localhost;
GRANT SELECT ON test.t4 TO testuser@localhost;
GRANT SELECT ON test.t5 TO testuser@localhost;
GRANT SELECT ON test.t6 TO testuser@localhost;
GRANT SELECT ON test.t7 TO testuser@localhost;
GRANT SELECT ON test.t8 TO testuser@localhost;
GRANT SELECT ON test.t9 TO testuser@localhost;
GRANT SELECT ON test.t10 TO testuser@localhost;
GRANT SELECT (a) ON test.t1 TO testuser@localhost;
GRANT SELECT (a) ON test.t2 TO testuser@localhost;
GRANT SELECT (a) ON test.t3 TO testuser@localhost;
GRANT SELECT (a) ON test.t4 TO testuser@localhost;
GRANT SELECT (a) ON test.t5 TO testuser@localhost;
GRANT SELECT (a) ON test.t6 TO testuser@localhost;
GRANT SELECT (a) ON test.t7 TO testuser@localhost;
GRANT SELECT (a) ON test.t8 TO testuser@localhost;
GRANT SELECT (a) ON test.t9 TO testuser@localhost;
GRANT SELECT (a) ON test.t10 TO testuser@localhost;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM testuser@localhost;
SHOW GRANTS FOR testuser@localhost;
DROP USER testuser@localhost;
DROP TABLE t1,t2,t3,t4,t5,t6,t7,t8,t9,t10;
DROP DATABASE testdb1;
DROP DATABASE testdb2;
DROP DATABASE testdb3;
DROP DATABASE testdb4;
DROP DATABASE testdb5;
DROP DATABASE testdb6;
DROP DATABASE testdb7;
DROP DATABASE testdb8;
DROP DATABASE testdb9;
DROP DATABASE testdb10;

#
# Bug #6932: a problem with 'revoke ALL PRIVILEGES'
#

create table t1(a int, b int, c int, d int);
grant insert(b), insert(c), insert(d), insert(a) on t1 to grant_user@localhost;
show grants for grant_user@localhost;
select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv order by Column_name;
revoke ALL PRIVILEGES on t1 from grant_user@localhost;
show grants for grant_user@localhost;
select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv;
drop user grant_user@localhost;
drop table t1;

#
# Bug#7391: Cross-database multi-table UPDATE security problem
#
create database mysqltest_1;
create database mysqltest_2;
create table mysqltest_1.t1 select 1 a, 2 q;
create table mysqltest_1.t2 select 1 b, 2 r;
create table mysqltest_2.t1 select 1 c, 2 s;
create table mysqltest_2.t2 select 1 d, 2 t;

#test the column privileges
grant update (a) on mysqltest_1.t1 to mysqltest_3@localhost;
grant select (b) on mysqltest_1.t2 to mysqltest_3@localhost;
grant select (c) on mysqltest_2.t1 to mysqltest_3@localhost;
grant update (d) on mysqltest_2.t2 to mysqltest_3@localhost;
connect (conn1,localhost,mysqltest_3,,);
connection conn1;
SELECT * FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES 
 WHERE GRANTEE = '''mysqltest_3''@''localhost''' 
 ORDER BY TABLE_NAME,COLUMN_NAME,PRIVILEGE_TYPE;
SELECT * FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
 WHERE GRANTEE = '''mysqltest_3''@''localhost''' 
 ORDER BY TABLE_NAME,PRIVILEGE_TYPE;
SELECT * from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES
 WHERE GRANTEE = '''mysqltest_3''@''localhost''' 
 ORDER BY TABLE_SCHEMA,PRIVILEGE_TYPE;
SELECT * from INFORMATION_SCHEMA.USER_PRIVILEGES
 WHERE GRANTEE = '''mysqltest_3''@''localhost'''
 ORDER BY TABLE_CATALOG,PRIVILEGE_TYPE;
--error 1143
update mysqltest_1.t1, mysqltest_1.t2 set q=10 where b=1;
--error 1143
update mysqltest_1.t2, mysqltest_2.t2 set d=20 where d=1;
--error 1142
update mysqltest_1.t1, mysqltest_2.t2 set d=20 where d=1;
--error 1142
update mysqltest_2.t1, mysqltest_1.t2 set c=20 where b=1;
--error 1143
update mysqltest_2.t1, mysqltest_2.t2 set d=10 where s=2;
#the following two should work
update mysqltest_1.t1, mysqltest_2.t2 set a=10,d=10;
update mysqltest_1.t1, mysqltest_2.t1 set a=20 where c=20;
connection master;
select t1.*,t2.* from mysqltest_1.t1,mysqltest_1.t2;
select t1.*,t2.* from mysqltest_2.t1,mysqltest_2.t2;
revoke all on mysqltest_1.t1 from mysqltest_3@localhost;
revoke all on mysqltest_1.t2 from mysqltest_3@localhost;
revoke all on mysqltest_2.t1 from mysqltest_3@localhost;
revoke all on mysqltest_2.t2 from mysqltest_3@localhost;

#test the db/table level privileges
grant all on mysqltest_2.* to mysqltest_3@localhost;
grant select on *.* to mysqltest_3@localhost;
# Next grant is needed to trigger bug#7391. Do not optimize!
grant select on mysqltest_2.t1 to mysqltest_3@localhost;
flush privileges;
disconnect conn1;
connect (conn2,localhost,mysqltest_3,,);
connection conn2;
use mysqltest_1;
update mysqltest_2.t1, mysqltest_2.t2 set c=500,d=600;
# the following failed before, should fail now.
--error 1142
update mysqltest_1.t1, mysqltest_1.t2 set a=100,b=200;
use mysqltest_2;
#the following used to succeed, it must fail now.
--error 1142
update mysqltest_1.t1, mysqltest_1.t2 set a=100,b=200;
--error 1142
update mysqltest_2.t1, mysqltest_1.t2 set c=100,b=200;
--error 1142
update mysqltest_1.t1, mysqltest_2.t2 set a=100,d=200;
#lets see the result
connection master;
select t1.*,t2.* from mysqltest_1.t1,mysqltest_1.t2;
select t1.*,t2.* from mysqltest_2.t1,mysqltest_2.t2;

delete from mysql.user where user='mysqltest_3';
delete from mysql.db where user="mysqltest_3";
delete from mysql.tables_priv where user="mysqltest_3";
delete from mysql.columns_priv where user="mysqltest_3";
flush privileges;
drop database mysqltest_1;
drop database mysqltest_2;

#
# just SHOW PRIVILEGES test
#
SHOW PRIVILEGES;

#
# Rights for renaming test (Bug #3270)
#
connect (root,localhost,root,,test,$MASTER_MYPORT,$MASTER_MYSOCK);
connection root;
--disable_warnings
create database mysqltest;
--enable_warnings
create table mysqltest.t1 (a int,b int,c int);
grant all on mysqltest.t1 to mysqltest_1@localhost;
connect (user1,localhost,mysqltest_1,,mysqltest,$MASTER_MYPORT,$MASTER_MYSOCK);
connection user1;
-- error 1142
alter table t1 rename t2;
connection root;
revoke all privileges on mysqltest.t1 from mysqltest_1@localhost;
delete from mysql.user where user=_binary'mysqltest_1';
drop database mysqltest;

#
# check all new table priveleges
#
CREATE USER dummy@localhost;
CREATE DATABASE mysqltest;
CREATE TABLE mysqltest.dummytable (dummyfield INT);
CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
GRANT ALL PRIVILEGES ON mysqltest.dummytable TO dummy@localhost;
GRANT ALL PRIVILEGES ON mysqltest.dummyview TO dummy@localhost;
SHOW GRANTS FOR dummy@localhost;
use INFORMATION_SCHEMA;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
FLUSH PRIVILEGES;
SHOW GRANTS FOR dummy@localhost;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
SHOW FIELDS FROM mysql.tables_priv;
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;
DROP USER dummy@localhost;
DROP DATABASE mysqltest;
# check view only privileges
CREATE USER dummy@localhost;
CREATE DATABASE mysqltest;
CREATE TABLE mysqltest.dummytable (dummyfield INT);
CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
GRANT CREATE VIEW ON mysqltest.dummytable TO dummy@localhost;
GRANT CREATE VIEW ON mysqltest.dummyview TO dummy@localhost;
SHOW GRANTS FOR dummy@localhost;
use INFORMATION_SCHEMA;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
FLUSH PRIVILEGES;
SHOW GRANTS FOR dummy@localhost;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;
DROP USER dummy@localhost;
DROP DATABASE mysqltest;
CREATE USER dummy@localhost;
CREATE DATABASE mysqltest;
CREATE TABLE mysqltest.dummytable (dummyfield INT);
CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
GRANT SHOW VIEW ON mysqltest.dummytable TO dummy@localhost;
GRANT SHOW VIEW ON mysqltest.dummyview TO dummy@localhost;
SHOW GRANTS FOR dummy@localhost;
use INFORMATION_SCHEMA;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
FLUSH PRIVILEGES;
SHOW GRANTS FOR dummy@localhost;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;
DROP USER dummy@localhost;
DROP DATABASE mysqltest;
#
# Bug #11330: Entry in tables_priv with host = '' causes crash
#
connection default;
use mysql;
insert into tables_priv values ('','test_db','mysqltest_1','test_table','test_grantor',CURRENT_TIMESTAMP,'Select','Select');
flush privileges;
delete from tables_priv where host = '' and user = 'mysqltest_1';
flush privileges;
use test;

#
# Bug #10892 user variables not auto cast for comparisons
# Check that we don't get illegal mix of collations
#
set @user123="non-existent";
select * from mysql.db where user=@user123;

set names koi8r;
create database ÂÄ;
grant select on ÂÄ.* to root@localhost;
select hex(Db) from mysql.db where Db='ÂÄ';
show grants for root@localhost;
flush privileges;
show grants for root@localhost;
drop database ÂÄ;
revoke all privileges on ÂÄ.* from root@localhost;
show grants for root@localhost;
set names latin1;

#
# Bug #15598 Server crashes in specific case during setting new password
# - Caused by a user with host ''
#
create user mysqltest_7@;
set password for mysqltest_7@ = password('systpass');
show grants for mysqltest_7@;
drop user mysqltest_7@;
--error 1141
show grants for mysqltest_7@;

#
# Bug#14385: GRANT and mapping to correct user account problems
#
create database mysqltest;
use mysqltest;
create table t1(f1 int);
GRANT DELETE ON mysqltest.t1 TO mysqltest1@'%';
GRANT SELECT ON mysqltest.t1 TO mysqltest1@'192.%';
show grants for mysqltest1@'192.%';
show grants for mysqltest1@'%';
delete from mysql.user where user='mysqltest1';
delete from mysql.db where user='mysqltest1';
delete from mysql.tables_priv where user='mysqltest1';
flush privileges;
drop database mysqltest;

# End of 4.1 tests

#
# Bug #16297 In memory grant tables not flushed when users's hostname is ""
#
use test;
create table t1 (a int);

# Backup anonymous users and remove them. (They get in the way of
# the one we test with here otherwise.)
create table t2 as select * from mysql.user where user='';
delete from mysql.user where user='';
flush privileges;

# Create some users with different hostnames
create user mysqltest_8@'';
create user mysqltest_8;
create user mysqltest_8@host8;

# Try to create them again
--error 1396
create user mysqltest_8@'';
--error 1396
create user mysqltest_8;
--error 1396
create user mysqltest_8@host8;

select user, QUOTE(host) from mysql.user where user="mysqltest_8";

--echo Schema privileges
grant select on mysqltest.* to mysqltest_8@'';
show grants for mysqltest_8@'';
grant select on mysqltest.* to mysqltest_8@;
show grants for mysqltest_8@;
grant select on mysqltest.* to mysqltest_8;
show grants for mysqltest_8;
select * from  information_schema.schema_privileges
where grantee like "'mysqltest_8'%";
connect (conn3,localhost,mysqltest_8,,);
select * from t1;
disconnect conn3;
connection master;
revoke select on mysqltest.* from mysqltest_8@'';
revoke select on mysqltest.* from mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from  information_schema.schema_privileges
where grantee like "'mysqltest_8'%";
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8@;
grant select on mysqltest.* to mysqltest_8@'';
flush privileges;
show grants for mysqltest_8@;
revoke select on mysqltest.* from mysqltest_8@'';
flush privileges;

--echo Column privileges
grant update (a) on t1 to mysqltest_8@'';
grant update (a) on t1 to mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from  information_schema.column_privileges;
connect (conn4,localhost,mysqltest_8,,);
select * from t1;
disconnect conn4;
connection master;
revoke update (a) on t1 from mysqltest_8@'';
revoke update (a) on t1 from mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from  information_schema.column_privileges;
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8;

--echo Table privileges
grant update on t1 to mysqltest_8@'';
grant update on t1 to mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from  information_schema.table_privileges;
connect (conn5,localhost,mysqltest_8,,);
select * from t1;
disconnect conn5;
connection master;
revoke update on t1 from mysqltest_8@'';
revoke update on t1 from mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from  information_schema.table_privileges;
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8;

--echo "DROP USER" should clear privileges
grant all privileges on mysqltest.* to mysqltest_8@'';
grant select on mysqltest.* to mysqltest_8@'';
grant update on t1 to mysqltest_8@'';
grant update (a) on t1 to mysqltest_8@'';
grant all privileges on mysqltest.* to mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from  information_schema.user_privileges
where grantee like "'mysqltest_8'%";
connect (conn5,localhost,mysqltest_8,,);
select * from t1;
disconnect conn5;
connection master;
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
drop user mysqltest_8@'';
--error 1141
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from  information_schema.user_privileges
where grantee like "'mysqltest_8'%";
drop user mysqltest_8;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error 1045
connect (conn6,localhost,mysqltest_8,,);
connection master;
--error 1141
show grants for mysqltest_8;
drop user mysqltest_8@host8;
--error 1141
show grants for mysqltest_8@host8;

# Restore the anonymous users.
insert into mysql.user select * from t2;
flush privileges;
drop table t2;

drop table t1;

#
# Bug#20214: Incorrect error when user calls SHOW CREATE VIEW on non
#            privileged view
#

connection master;

CREATE DATABASE mysqltest3;
use mysqltest3;

CREATE TABLE t_nn (c1 INT);
CREATE VIEW  v_nn AS SELECT * FROM t_nn;

CREATE DATABASE mysqltest2;
use mysqltest2;

CREATE TABLE t_nn (c1 INT);
CREATE VIEW  v_nn AS SELECT * FROM t_nn;
CREATE VIEW  v_yn AS SELECT * FROM t_nn;
CREATE VIEW  v_gy AS SELECT * FROM t_nn;
CREATE VIEW  v_ny AS SELECT * FROM t_nn;
CREATE VIEW  v_yy AS SELECT * FROM t_nn WHERE c1=55;

GRANT SHOW VIEW        ON mysqltest2.v_ny TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
GRANT SELECT           ON mysqltest2.v_yn TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
GRANT SELECT           ON mysqltest2.*    TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
GRANT SHOW VIEW,SELECT ON mysqltest2.v_yy TO 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';

connect (mysqltest_1, localhost, mysqltest_1, mysqltest_1,);

# fail because of missing SHOW VIEW (have generic SELECT)
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE VIEW  mysqltest2.v_nn;
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE TABLE mysqltest2.v_nn;



# fail because of missing SHOW VIEW
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE VIEW  mysqltest2.v_yn;
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE TABLE mysqltest2.v_yn;



# succeed (despite of missing SELECT, having SHOW VIEW bails us out)
SHOW CREATE TABLE mysqltest2.v_ny;

# succeed (despite of missing SELECT, having SHOW VIEW bails us out)
SHOW CREATE VIEW  mysqltest2.v_ny;



# fail because of missing (specific or generic) SELECT
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE TABLE mysqltest3.t_nn;

# fail because of missing (specific or generic) SELECT (not because it's not a view!)
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE VIEW  mysqltest3.t_nn;



# fail because of missing missing (specific or generic) SELECT (and SHOW VIEW)
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE VIEW  mysqltest3.v_nn;
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE TABLE mysqltest3.v_nn;



# succeed thanks to generic SELECT
SHOW CREATE TABLE mysqltest2.t_nn;

# fail because it's not a view!  (have generic SELECT though)
--error ER_WRONG_OBJECT
SHOW CREATE VIEW  mysqltest2.t_nn;



# succeed, have SELECT and SHOW VIEW
SHOW CREATE VIEW mysqltest2.v_yy;

# succeed, have SELECT and SHOW VIEW
SHOW CREATE TABLE mysqltest2.v_yy;



#clean-up
connection master;

# succeed, we're root
SHOW CREATE TABLE mysqltest2.v_nn;
SHOW CREATE VIEW  mysqltest2.v_nn;

SHOW CREATE TABLE mysqltest2.t_nn;

# fail because it's not a view!
--error ER_WRONG_OBJECT
SHOW CREATE VIEW mysqltest2.t_nn;



DROP VIEW  mysqltest2.v_nn;
DROP VIEW  mysqltest2.v_yn;
DROP VIEW  mysqltest2.v_ny;
DROP VIEW  mysqltest2.v_yy;

DROP TABLE mysqltest2.t_nn;

DROP DATABASE mysqltest2;



DROP VIEW  mysqltest3.v_nn;
DROP TABLE mysqltest3.t_nn;

DROP DATABASE mysqltest3;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'mysqltest_1'@'localhost';
DROP USER 'mysqltest_1'@'localhost';

# restore the original database
use test;

#
# Bug #10668: CREATE USER does not enforce username length limit
#
--error ER_WRONG_STRING_LENGTH
create user mysqltest1_thisisreallytoolong;

#
# Test for BUG#16899: Possible buffer overflow in handling of DEFINER-clause.
#
# These checks are intended to ensure that appropriate errors are risen when
# illegal user name or hostname is specified in user-clause of GRANT/REVOKE
# statements.
#

# Working with database-level privileges.

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON mysqltest.* TO 1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON mysqltest.* TO some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON mysqltest.* FROM 1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON mysqltest.* FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY;

# Working with table-level privileges.

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON t1 TO 1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON t1 TO some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON t1 FROM 1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON t1 FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY;

# Working with routine-level privileges.

--error ER_WRONG_STRING_LENGTH
GRANT EXECUTE ON PROCEDURE p1 TO 1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT EXECUTE ON PROCEDURE p1 TO some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY;

--error ER_WRONG_STRING_LENGTH
REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY;
--echo End of 5.0 tests