From 212fad1b7e26f80c65299179ed320b766570d251 Mon Sep 17 00:00:00 2001 From: Fariha Shaikh Date: Mon, 21 Apr 2025 21:26:19 +0000 Subject: [PATCH] MDEV-36397 Record change_user command in MTR output MTR .result files currently do not contain output to indicate if a change_user command has been executed in the corresponding .test files. Record change_user command in the following format in MTR output only if disable_query_log is set to false: change_user ,,; All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc. --- client/mysqltest.cc | 18 ++++ libmysqld/lib_sql.cc | 14 ++- mysql-test/main/backup_priv.result | 1 + mysql-test/main/change_user.result | 19 +++- mysql-test/main/change_user.test | 5 - .../main/change_user_notembedded.result | 7 ++ mysql-test/main/cte_nonrecursive.result | 1 + mysql-test/main/failed_auth_3909.result | 3 + mysql-test/main/failed_auth_unixsocket.result | 1 + mysql-test/main/lock_user.result | 1 + mysql-test/main/max_password_errors.result | 3 + mysql-test/main/mysql_upgrade.result | 2 + mysql-test/main/mysqltest.result | 4 + mysql-test/main/opt_trace_security.result | 13 +++ mysql-test/main/plugin_vars.result | 100 ++++++++++++++++++ mysql-test/main/read_only.result | 2 + mysql-test/main/user_var.result | 1 + .../suite/perfschema/r/connect_attrs.result | 2 + .../roles/create_and_drop_current.result | 2 + .../suite/roles/set_default_role_clear.result | 6 ++ .../suite/roles/set_default_role_for.result | 6 ++ .../roles/set_default_role_invalid.result | 15 +++ .../roles/set_role-database-recursive.result | 6 ++ .../roles/set_role-database-simple.result | 2 + .../suite/roles/set_role-multiple-role.result | 2 + .../suite/roles/set_role-recursive.result | 2 + .../roles/set_role-routine-simple.result | 2 + mysql-test/suite/roles/set_role-simple.result | 2 + .../roles/set_role-table-column-priv.result | 2 + .../suite/roles/set_role-table-simple.result | 2 + mysql-test/suite/roles/show_grants.result | 2 + mysql-test/suite/versioning/r/insert.result | 4 + 32 files changed, 241 insertions(+), 11 deletions(-) diff --git a/client/mysqltest.cc b/client/mysqltest.cc index 637f48c559e..e4b49fb3f3a 100644 --- a/client/mysqltest.cc +++ b/client/mysqltest.cc @@ -4663,6 +4663,24 @@ void do_change_user(struct st_command *command) dynstr_set(&ds_db, mysql->db); } + /* Connection logging if enabled */ + if (!disable_query_log) + { + DYNAMIC_STRING *ds= &ds_res; + + dynstr_append_mem(ds, STRING_WITH_LEN("change_user ")); + replace_dynstr_append(ds, ds_user.str); + dynstr_append_mem(ds, STRING_WITH_LEN(",")); + + if (ds_passwd.length) + replace_dynstr_append(ds, ds_passwd.str); + dynstr_append_mem(ds, STRING_WITH_LEN(",")); + + if (ds_db.length) + replace_dynstr_append(ds, ds_db.str); + dynstr_append_mem(ds, STRING_WITH_LEN(";\n")); + } + DBUG_PRINT("info",("connection: '%s' user: '%s' password: '%s' database: '%s'", cur_con->name, ds_user.str, ds_passwd.str, ds_db.str)); diff --git a/libmysqld/lib_sql.cc b/libmysqld/lib_sql.cc index cf958c4e9a0..35baed20bef 100644 --- a/libmysqld/lib_sql.cc +++ b/libmysqld/lib_sql.cc @@ -789,9 +789,21 @@ int check_embedded_connection(MYSQL *mysql, const char *db) sctx->proxy_user[0]= 0; sctx->master_access= GLOBAL_ACLS; // Full rights emb_transfer_connect_attrs(mysql); + /* Change database if necessary */ - if (!(result= (db && db[0] && mysql_change_db(thd, &db_str, FALSE)))) + result = 0; + if (db && db[0]) + { + result = mysql_change_db(thd, &db_str, FALSE); + if (!result) + { + my_free(mysql->db); + mysql->db = my_strdup(PSI_NOT_INSTRUMENTED, db, MYF(0)); + } + } + if (!result) my_ok(thd); + thd->protocol->end_statement(); emb_read_query_result(mysql); return result; diff --git a/mysql-test/main/backup_priv.result b/mysql-test/main/backup_priv.result index 4169f58f40f..cd7f2c1dd32 100644 --- a/mysql-test/main/backup_priv.result +++ b/mysql-test/main/backup_priv.result @@ -13,6 +13,7 @@ BACKUP STAGE FLUSH; SELECT lock_mode FROM information_schema.metadata_lock_info WHERE lock_type='Backup lock'; lock_mode MDL_BACKUP_FLUSH +change_user user2,,; SELECT lock_mode FROM information_schema.metadata_lock_info WHERE lock_type='Backup lock'; lock_mode disconnect con1; diff --git a/mysql-test/main/change_user.result b/mysql-test/main/change_user.result index d9bbb34b6c2..a0b4222eb36 100644 --- a/mysql-test/main/change_user.result +++ b/mysql-test/main/change_user.result @@ -11,27 +11,35 @@ grant select on test.* to test_newpw; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() test +change_user test_nopw,,; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() NULL +change_user test_oldpw,oldpw,; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() NULL +change_user test_newpw,newpw,; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() NULL +change_user root,,; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() NULL +change_user test_nopw,,test; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() test +change_user test_oldpw,oldpw,test; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() test +change_user test_newpw,newpw,test; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() test +change_user root,,test; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() test @@ -45,7 +53,7 @@ SELECT @@session.sql_big_selects; SELECT @@global.max_join_size; @@global.max_join_size HA_POS_ERROR -change_user +change_user root,,test; SELECT @@session.sql_big_selects; @@session.sql_big_selects 1 @@ -54,13 +62,13 @@ SELECT @@global.max_join_size; HA_POS_ERROR SET @@global.max_join_size = 10000; SET @@session.max_join_size = default; -change_user +change_user root,,test; SELECT @@session.sql_big_selects; @@session.sql_big_selects 0 SET @@global.max_join_size = 18446744073709551615; SET @@session.max_join_size = default; -change_user +change_user root,,test; SELECT @@session.sql_big_selects; @@session.sql_big_selects 1 @@ -83,7 +91,7 @@ GET_LOCK('bug31418', 1) SELECT IS_USED_LOCK('bug31418') = CONNECTION_ID(); IS_USED_LOCK('bug31418') = CONNECTION_ID() 1 -change_user +change_user root,,test; SELECT IS_FREE_LOCK('bug31418'); IS_FREE_LOCK('bug31418') 1 @@ -91,6 +99,7 @@ SELECT IS_USED_LOCK('bug31418'); IS_USED_LOCK('bug31418') NULL FLUSH STATUS; +change_user root,,test; Value of com_select did not change set global secure_auth=default; Warnings: @@ -102,7 +111,7 @@ now() select year(now()) > 2011; year(now()) > 2011 0 -change_user +change_user root,,test; select year(now()) > 2011; year(now()) > 2011 1 diff --git a/mysql-test/main/change_user.test b/mysql-test/main/change_user.test index 5f7d5a21915..49a89a846a9 100644 --- a/mysql-test/main/change_user.test +++ b/mysql-test/main/change_user.test @@ -74,7 +74,6 @@ SELECT @@session.sql_big_selects; # The exact value depends on the server build flags --replace_result 18446744073709551615 HA_POS_ERROR 4294967295 HA_POS_ERROR SELECT @@global.max_join_size; ---echo change_user --change_user SELECT @@session.sql_big_selects; # The exact value depends on the server build flags @@ -82,7 +81,6 @@ SELECT @@session.sql_big_selects; SELECT @@global.max_join_size; SET @@global.max_join_size = 10000; SET @@session.max_join_size = default; ---echo change_user --change_user SELECT @@session.sql_big_selects; # On some machines the following will result into a warning @@ -90,7 +88,6 @@ SELECT @@session.sql_big_selects; SET @@global.max_join_size = 18446744073709551615; --enable_warnings SET @@session.max_join_size = default; ---echo change_user --change_user SELECT @@session.sql_big_selects; --replace_result 4294967295 18446744073709551615 @@ -107,7 +104,6 @@ SELECT IS_FREE_LOCK('bug31418'); SELECT IS_USED_LOCK('bug31418'); SELECT GET_LOCK('bug31418', 1); SELECT IS_USED_LOCK('bug31418') = CONNECTION_ID(); ---echo change_user --change_user SELECT IS_FREE_LOCK('bug31418'); SELECT IS_USED_LOCK('bug31418'); @@ -151,7 +147,6 @@ set global secure_auth=default; set timestamp=unix_timestamp('2010-10-10 10:10:10'); select now(); select year(now()) > 2011; ---echo change_user --change_user select year(now()) > 2011; --enable_service_connection diff --git a/mysql-test/main/change_user_notembedded.result b/mysql-test/main/change_user_notembedded.result index fbdd15377c7..61fdf2b1f6c 100644 --- a/mysql-test/main/change_user_notembedded.result +++ b/mysql-test/main/change_user_notembedded.result @@ -1,9 +1,15 @@ connect test,localhost,root,,; connection test; +change_user foo,bar,; ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES) +change_user foo,,; ERROR 28000: Access denied for user 'foo'@'localhost' (using password: NO) +change_user root,,test; +change_user foo,bar,; ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES) +change_user foo,bar,; ERROR 08S01: Unknown command +change_user root,,test; ERROR 08S01: Unknown command disconnect test; connection default; @@ -12,6 +18,7 @@ connection default; # MDEV-36405 Session tracking does not report changes from COM_CHANGE_USER # change_user +change_user root,,test; -- Tracker : SESSION_TRACK_SYSTEM_VARIABLES -- autocommit: ON -- character_set_client: latin1 diff --git a/mysql-test/main/cte_nonrecursive.result b/mysql-test/main/cte_nonrecursive.result index 3ac342fb560..992c218a10e 100644 --- a/mysql-test/main/cte_nonrecursive.result +++ b/mysql-test/main/cte_nonrecursive.result @@ -1676,6 +1676,7 @@ use test; # THD::create_tmp_table_def_key # connect con1,localhost,root,,; +change_user root,,; CREATE TEMPORARY TABLE test.t (a INT); WITH cte AS (SELECT 1) SELECT * FROM cte; 1 diff --git a/mysql-test/main/failed_auth_3909.result b/mysql-test/main/failed_auth_3909.result index 55869974301..c0daf628f01 100644 --- a/mysql-test/main/failed_auth_3909.result +++ b/mysql-test/main/failed_auth_3909.result @@ -10,8 +10,11 @@ ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has connect(localhost,uu2,password,test,MASTER_PORT,MASTER_SOCKET); connect fail,localhost,uu2,password; ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has a password in the old format; please change the password to the new format +change_user u1,,; ERROR 28000: Access denied for user 'u1'@'localhost' (using password: NO) +change_user uu2,,; ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has a password in the old format; please change the password to the new format +change_user uu2,password,; ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has a password in the old format; please change the password to the new format delete from mysql.user where plugin = 'mysql_old_password'; flush privileges; diff --git a/mysql-test/main/failed_auth_unixsocket.result b/mysql-test/main/failed_auth_unixsocket.result index 084eb2fab64..73231f86c00 100644 --- a/mysql-test/main/failed_auth_unixsocket.result +++ b/mysql-test/main/failed_auth_unixsocket.result @@ -4,6 +4,7 @@ delete from mysql.global_priv where user != 'root'; flush privileges; connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET); ERROR 28000: Access denied for user 'USER'@'localhost' +change_user buildbot,,; ERROR 28000: Access denied for user 'USER'@'localhost' replace mysql.global_priv select * from global_priv_backup; flush privileges; diff --git a/mysql-test/main/lock_user.result b/mysql-test/main/lock_user.result index 24fff2105ab..fdde0beb3ff 100644 --- a/mysql-test/main/lock_user.result +++ b/mysql-test/main/lock_user.result @@ -129,6 +129,7 @@ connection default; # account is locked # alter user user1@localhost account lock; +change_user user1,,; ERROR HY000: Access denied, this account is locked # # MDEV-24098 SHOW CREATE USER invalid for both PASSWORD EXPIRE and diff --git a/mysql-test/main/max_password_errors.result b/mysql-test/main/max_password_errors.result index 9ee7d0d448d..ba74a88503a 100644 --- a/mysql-test/main/max_password_errors.result +++ b/mysql-test/main/max_password_errors.result @@ -25,8 +25,11 @@ connect(localhost,u,bad_pass,test,MASTER_PORT,MASTER_SOCKET); connect con1, localhost, u, bad_pass; ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES) connect con1, localhost, u, good_pass; +change_user u,bad_pass,; ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES) +change_user u,bad_pass,; ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES) +change_user u,good_pass,; ERROR HY000: User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES' disconnect con1; connection default; diff --git a/mysql-test/main/mysql_upgrade.result b/mysql-test/main/mysql_upgrade.result index 9b20a5b8713..96cec4ab986 100644 --- a/mysql-test/main/mysql_upgrade.result +++ b/mysql-test/main/mysql_upgrade.result @@ -1159,11 +1159,13 @@ connection default; GRANT SELECT ON mysql.* TO very_long_user_name_number_1; GRANT SELECT ON mysql.* TO very_long_user_name_number_2; GRANT ALL ON *.* TO even_longer_user_name_number_3_to_test_the_grantor_and_definer_field_length@localhost WITH GRANT OPTION; +change_user even_longer_user_name_number_3_to_test_the_grantor_and_definer_field_length,,; GRANT INSERT ON mysql.user TO very_long_user_name_number_1; GRANT INSERT ON mysql.user TO very_long_user_name_number_2; GRANT UPDATE (User) ON mysql.db TO very_long_user_name_number_1; GRANT UPDATE (User) ON mysql.db TO very_long_user_name_number_2; CREATE PROCEDURE test.pr() BEGIN END; +change_user root,,; Phase 1/8: Checking and upgrading mysql database Processing databases mysql diff --git a/mysql-test/main/mysqltest.result b/mysql-test/main/mysqltest.result index 7121c4135c1..2e5a89763a2 100644 --- a/mysql-test/main/mysqltest.result +++ b/mysql-test/main/mysqltest.result @@ -949,6 +949,10 @@ drop table t1; mysqltest: At line 1: query 'change_user root,,inexistent' failed: ER_BAD_DB_ERROR (1049): Unknown database 'inexistent' mysqltest: At line 1: query 'change_user inexistent,,test' failed: ER_ACCESS_DENIED_ERROR (1045): Access denied for user 'inexistent'@'localhost' (using password: NO) mysqltest: At line 1: query 'change_user root,inexistent,test' failed: ER_ACCESS_DENIED_ERROR (1045): Access denied for user 'root'@'localhost' (using password: YES) +change_user root,,test; +change_user root,,; +change_user root,,; +change_user root,,test; REPLACED_FILE1.txt file1.txt file2.txt diff --git a/mysql-test/main/opt_trace_security.result b/mysql-test/main/opt_trace_security.result index 780f59764e1..798704b281d 100644 --- a/mysql-test/main/opt_trace_security.result +++ b/mysql-test/main/opt_trace_security.result @@ -11,6 +11,7 @@ BEGIN insert into t2 select * from t1; return a+1; END| +change_user foo,,; set optimizer_trace="enabled=on"; select * from db1.t1; ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table `db1`.`t1` @@ -18,7 +19,9 @@ select * from information_schema.OPTIMIZER_TRACE; QUERY TRACE MISSING_BYTES_BEYOND_MAX_MEM_SIZE INSUFFICIENT_PRIVILEGES 0 1 set optimizer_trace="enabled=off"; +change_user root,,; grant select(a) on db1.t1 to 'foo'@'%'; +change_user foo,,; set optimizer_trace="enabled=on"; select * from db1.t1; a @@ -32,10 +35,12 @@ select * from information_schema.OPTIMIZER_TRACE; QUERY TRACE MISSING_BYTES_BEYOND_MAX_MEM_SIZE INSUFFICIENT_PRIVILEGES 0 1 set optimizer_trace="enabled=off"; +change_user root,,; select * from information_schema.OPTIMIZER_TRACE; QUERY TRACE MISSING_BYTES_BEYOND_MAX_MEM_SIZE INSUFFICIENT_PRIVILEGES grant select on db1.t1 to 'foo'@'%'; grant select on db1.t2 to 'foo'@'%'; +change_user foo,,; set optimizer_trace="enabled=on"; # # SELECT privilege on the table db1.t1 @@ -152,10 +157,12 @@ select * from db1.t1 { ] } 0 0 set optimizer_trace="enabled=off"; +change_user root,,; grant select on db1.v1 to 'foo'@'%'; grant show view on db1.v1 to 'foo'@'%'; grant select on db1.v1 to 'bar'@'%'; grant show view on db1.v1 to 'bar'@'%'; +change_user foo,,; select current_user(); current_user() foo@% @@ -288,6 +295,7 @@ select * from db1.v1 { ] } 0 0 set optimizer_trace="enabled=off"; +change_user bar,,; select current_user(); current_user() bar@% @@ -307,10 +315,12 @@ select * from information_schema.OPTIMIZER_TRACE; QUERY TRACE MISSING_BYTES_BEYOND_MAX_MEM_SIZE INSUFFICIENT_PRIVILEGES 0 1 set optimizer_trace="enabled=off"; +change_user root,,; grant execute on function db1.f1 to 'foo'@'%'; grant execute on function db1.f1 to 'bar'@'%'; grant select on db1.t1 to 'bar'@'%'; grant insert on db1.t2 to 'foo'@'%'; +change_user foo,,; select current_user(); current_user() foo@% @@ -324,6 +334,7 @@ select INSUFFICIENT_PRIVILEGES from information_schema.OPTIMIZER_TRACE; INSUFFICIENT_PRIVILEGES 0 set optimizer_trace="enabled=off"; +change_user bar,,; select current_user(); current_user() bar@% @@ -342,10 +353,12 @@ select * from information_schema.OPTIMIZER_TRACE; QUERY TRACE MISSING_BYTES_BEYOND_MAX_MEM_SIZE INSUFFICIENT_PRIVILEGES 0 1 set optimizer_trace="enabled=off"; +change_user root,,; select current_user(); current_user() root@localhost REVOKE ALL PRIVILEGES, GRANT OPTION FROM foo; +change_user root,,; drop user if exists foo; drop user if exists bar; drop table db1.t1, db1.t2; diff --git a/mysql-test/main/plugin_vars.result b/mysql-test/main/plugin_vars.result index 3fadd5e74fd..2c60aaeedeb 100644 --- a/mysql-test/main/plugin_vars.result +++ b/mysql-test/main/plugin_vars.result @@ -22,6 +22,106 @@ CALL p_install(100); connection con2; CALL p_show_vars(100); connection default; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; connection con1; connection con2; connection default; diff --git a/mysql-test/main/read_only.result b/mysql-test/main/read_only.result index d48edd0340e..6a5793325e1 100644 --- a/mysql-test/main/read_only.result +++ b/mysql-test/main/read_only.result @@ -178,8 +178,10 @@ CREATE USER user1@localhost; GRANT ALTER ON test1.* TO user1@localhost; CREATE DATABASE test1; SET GLOBAL read_only=1; +change_user user1,,; ALTER DATABASE test1 CHARACTER SET utf8; ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement +change_user root,,; SET GLOBAL read_only=0; DROP DATABASE test1; DROP USER user1@localhost; diff --git a/mysql-test/main/user_var.result b/mysql-test/main/user_var.result index c8d82380012..7c4e8416c91 100644 --- a/mysql-test/main/user_var.result +++ b/mysql-test/main/user_var.result @@ -430,6 +430,7 @@ End of 5.0 tests CREATE TABLE t1 (i INT); CREATE TRIGGER t_after_insert AFTER INSERT ON t1 FOR EACH ROW SET @bug42188 = 10; INSERT INTO t1 VALUES (1); +change_user root,,test; INSERT INTO t1 VALUES (1); DROP TABLE t1; CREATE TABLE t1(a INT); diff --git a/mysql-test/suite/perfschema/r/connect_attrs.result b/mysql-test/suite/perfschema/r/connect_attrs.result index 6db8f3585d0..2601268002f 100644 --- a/mysql-test/suite/perfschema/r/connect_attrs.result +++ b/mysql-test/suite/perfschema/r/connect_attrs.result @@ -49,6 +49,7 @@ ERROR 42000: SELECT command denied to user 'wl5924'@'localhost' for table `perfo connection default; disconnect non_privileged_user; grant select on performance_schema.* to wl5924@localhost; +change_user wl5924,,; SELECT SUM(ISNULL(ATTR_VALUE)), COUNT(*) FROM performance_schema.session_account_connect_attrs WHERE ATTR_NAME IN ('_os', '_client_name', '_pid', @@ -56,4 +57,5 @@ WHERE ATTR_NAME IN ('_os', '_client_name', '_pid', AND PROCESSLIST_ID = CONNECTION_ID(); SUM(ISNULL(ATTR_VALUE)) COUNT(*) 0 6 +change_user root,,test; DROP USER wl5924@localhost; diff --git a/mysql-test/suite/roles/create_and_drop_current.result b/mysql-test/suite/roles/create_and_drop_current.result index fcf20ef2005..02b784e6dff 100644 --- a/mysql-test/suite/roles/create_and_drop_current.result +++ b/mysql-test/suite/roles/create_and_drop_current.result @@ -1,5 +1,6 @@ create user foo@localhost; grant create user on *.* to foo@localhost; +change_user foo,,; create user current_user; ERROR HY000: Operation CREATE USER failed for CURRENT_USER create user current_role; @@ -19,6 +20,7 @@ show warnings; Level Code Message Error 1959 Invalid role specification `NONE` Error 1396 Operation DROP ROLE failed for CURRENT_ROLE +change_user root,,; create role r1; grant r1 to current_user; set role r1; diff --git a/mysql-test/suite/roles/set_default_role_clear.result b/mysql-test/suite/roles/set_default_role_clear.result index 8a3ae908435..abc7978a5ae 100644 --- a/mysql-test/suite/roles/set_default_role_clear.result +++ b/mysql-test/suite/roles/set_default_role_clear.result @@ -2,6 +2,7 @@ create user test_user@localhost; create role test_role; grant select on *.* to test_role; grant test_role to test_user@localhost; +change_user test_user,,; show grants; Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` @@ -9,9 +10,11 @@ GRANT USAGE ON *.* TO `test_user`@`localhost` set default role test_role; select user, host, default_role from mysql.user; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`user` +change_user root,,; select user, host, default_role from mysql.user where user='test_user'; User Host default_role test_user localhost test_role +change_user test_user,,; show grants; Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` @@ -27,10 +30,13 @@ User Host default_role test_user localhost set default role invalid_role; ERROR OP000: Invalid role specification `invalid_role` +change_user root,,; select user, host, default_role from mysql.user where user='test_user'; User Host default_role test_user localhost +change_user test_user,,; select user, host, default_role from mysql.user; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`user` +change_user root,,; drop role test_role; drop user test_user@localhost; diff --git a/mysql-test/suite/roles/set_default_role_for.result b/mysql-test/suite/roles/set_default_role_for.result index 1b133b1baae..e375d3c1ef5 100644 --- a/mysql-test/suite/roles/set_default_role_for.result +++ b/mysql-test/suite/roles/set_default_role_for.result @@ -8,14 +8,17 @@ grant role_a to user_a@localhost; grant select on *.* to role_a; grant role_b to user_b@localhost; grant insert, update on *.* to role_b; +change_user user_a,,; set default role role_a for user_b@localhost; ERROR 42000: Access denied for user 'user_a'@'localhost' to database 'mysql' set default role role_a for user_a@localhost; +change_user root,,; set default role invalid_role for user_a@localhost; ERROR OP000: Invalid role specification `invalid_role` set default role role_b for user_a@localhost; ERROR OP000: User `user_a`@`localhost` has not been granted role `role_b` set default role role_b for user_b@localhost; +change_user user_a,,; show grants; Grants for user_a@localhost GRANT `role_a` TO `user_a`@`localhost` @@ -38,6 +41,7 @@ user_a localhost role_a user_b localhost role_b set default role role_b for current_user; ERROR OP000: User `user_a`@`localhost` has not been granted role `role_b` +change_user user_b,,; show grants; Grants for user_b@localhost GRANT `role_b` TO `user_b`@`localhost` @@ -47,6 +51,7 @@ SET DEFAULT ROLE `role_b` FOR `user_b`@`localhost` select user, host, default_role from mysql.user where user like 'user_%'; ERROR 42000: SELECT command denied to user 'user_b'@'localhost' for table `mysql`.`user` set default role NONE for user_a@localhost; +change_user user_a,,; show grants; Grants for user_a@localhost GRANT `role_a` TO `user_a`@`localhost` @@ -54,6 +59,7 @@ GRANT USAGE ON *.* TO `user_a`@`localhost` GRANT INSERT, UPDATE ON *.* TO `role_b` select user, host, default_role from mysql.user where user like 'user_%'; ERROR 42000: SELECT command denied to user 'user_a'@'localhost' for table `mysql`.`user` +change_user root,,; drop role role_a; drop role role_b; drop user user_a@localhost; diff --git a/mysql-test/suite/roles/set_default_role_invalid.result b/mysql-test/suite/roles/set_default_role_invalid.result index 2cd84cf2ff0..124697a0974 100644 --- a/mysql-test/suite/roles/set_default_role_invalid.result +++ b/mysql-test/suite/roles/set_default_role_invalid.result @@ -3,6 +3,7 @@ create role test_role; create role not_granted_role; grant select on *.* to test_role; grant test_role to test_user@localhost; +change_user test_user,,; show grants; Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` @@ -16,9 +17,11 @@ ERROR OP000: Invalid role specification `not_granted_role` set default role test_role; select user, host, default_role from mysql.user; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`user` +change_user root,,; select user, host, default_role from mysql.user where user='test_user'; User Host default_role test_user localhost test_role +change_user test_user,,; show grants; Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` @@ -33,9 +36,12 @@ ERROR OP000: Invalid role specification `invalid_role` select user, host, default_role from mysql.user where user='test_user'; User Host default_role test_user localhost test_role +change_user root,,; revoke test_role from test_user@localhost; +change_user test_user,,; select user, host, default_role from mysql.user where user='test_user'; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`user` +change_user root,,; drop role test_role; drop role not_granted_role; drop user test_user@localhost; @@ -53,6 +59,7 @@ GRANT r1 TO b; GRANT r2 TO b; SET DEFAULT ROLE r1 FOR b; # Change user b +change_user b,,; SELECT CURRENT_ROLE; CURRENT_ROLE r1 @@ -64,8 +71,10 @@ SET DEFAULT ROLE r1 FOR a; ERROR 42000: Access denied for user 'b'@'%' to database 'mysql' SET DEFAULT ROLE r2; # Change user root (session 1: select_priv to b) +change_user root,,; GRANT SELECT ON mysql.* TO b; # Change user b (session 1: select_priv) +change_user b,,; SHOW GRANTS FOR b; Grants for b@% GRANT `r1` TO `b`@`%` @@ -90,8 +99,10 @@ ERROR 42000: Access denied for user 'b'@'%' to database 'mysql' SET DEFAULT ROLE none FOR a; ERROR 42000: Access denied for user 'b'@'%' to database 'mysql' # Change user root (session 2: adding update_priv to user b) +change_user root,,; GRANT UPDATE ON mysql.* TO b; # Change user b +change_user b,,; SHOW GRANTS FOR b; Grants for b@% GRANT `r1` TO `b`@`%` @@ -107,14 +118,17 @@ SET DEFAULT ROLE invalid_role FOR a; ERROR OP000: Invalid role specification `invalid_role` SET DEFAULT ROLE none FOR a; # Change user root (session 3: Grant role to user a) +change_user root,,; GRANT r1 TO a; SET DEFAULT ROLE r1 FOR a; # Change user a (verify session 3) +change_user a,,; SELECT CURRENT_ROLE; CURRENT_ROLE r1 SET DEFAULT ROLE None; # Change user b (session 3: role granted to user a) +change_user b,,; SET DEFAULT ROLE r1 FOR a; SET DEFAULT ROLE r2 FOR a; ERROR OP000: User `a`@`%` has not been granted role `r2` @@ -122,6 +136,7 @@ SET DEFAULT ROLE invalid_role; ERROR OP000: Invalid role specification `invalid_role` SET DEFAULT ROLE invalid_role FOR a; ERROR OP000: Invalid role specification `invalid_role` +change_user root,,; SELECT user, host, default_role FROM mysql.user where user='a' or user='b'; User Host default_role a % r1 diff --git a/mysql-test/suite/roles/set_role-database-recursive.result b/mysql-test/suite/roles/set_role-database-recursive.result index 594ea059988..ad2a247605d 100644 --- a/mysql-test/suite/roles/set_role-database-recursive.result +++ b/mysql-test/suite/roles/set_role-database-recursive.result @@ -21,6 +21,7 @@ select user, host from mysql.db; user host grant select on mysql.* to test_role2; flush privileges; +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` select current_user(), current_role(); @@ -54,14 +55,18 @@ localhost root test_role1 Y localhost root test_role2 Y localhost test_user test_role1 N localhost test_user test_role2 N +change_user root,,; create role test_role3; grant test_role3 to test_role2; create role test_role4; grant test_role4 to test_role3; +change_user test_user,,; set role test_role1; delete from mysql.user where user='no such user'; ERROR 42000: DELETE command denied to user 'test_user'@'localhost' for table `mysql`.`user` +change_user root,,; grant delete on mysql.* to test_role4; +change_user test_user,,; set role test_role1; delete from mysql.user where user='no such user'; show grants; @@ -78,5 +83,6 @@ GRANT `test_role2` TO `test_role1` GRANT `test_role2` TO `test_user`@`localhost` GRANT `test_role3` TO `test_role2` GRANT `test_role4` TO `test_role3` +change_user root,,; drop user test_user@localhost; drop role test_role1, test_role2, test_role3, test_role4; diff --git a/mysql-test/suite/roles/set_role-database-simple.result b/mysql-test/suite/roles/set_role-database-simple.result index 969a7ab10fa..e7e5436abf5 100644 --- a/mysql-test/suite/roles/set_role-database-simple.result +++ b/mysql-test/suite/roles/set_role-database-simple.result @@ -13,6 +13,7 @@ localhost test_user test_role1 N grant select on mysql.* to test_role1; grant insert, delete on mysql.roles_mapping to test_role1; grant reload on *.* to test_role1; +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` select current_user(), current_role(); @@ -45,6 +46,7 @@ insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2', ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` delete from mysql.roles_mapping where Role='test_role2'; ERROR 42000: DELETE command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` +change_user root,,; drop user 'test_user'@'localhost'; revoke select on mysql.* from test_role1; revoke insert, delete on mysql.roles_mapping from test_role1; diff --git a/mysql-test/suite/roles/set_role-multiple-role.result b/mysql-test/suite/roles/set_role-multiple-role.result index e4cb3b8542c..21fd8b2df6c 100644 --- a/mysql-test/suite/roles/set_role-multiple-role.result +++ b/mysql-test/suite/roles/set_role-multiple-role.result @@ -21,6 +21,7 @@ grant r_crt to test_user@localhost; grant r_drp to test_user@localhost; grant r_rld to test_user@localhost; flush privileges; +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; @@ -141,6 +142,7 @@ test_user@localhost r_sel insert into mysql.random_test_table values (1); ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table `mysql`.`random_test_table` drop table mysql.random_test_table; +change_user root,,; delete from mysql.user where user like 'r\_%'; delete from mysql.roles_mapping where Role like 'r\_%'; flush privileges; diff --git a/mysql-test/suite/roles/set_role-recursive.result b/mysql-test/suite/roles/set_role-recursive.result index f93a731bedb..57b63d11112 100644 --- a/mysql-test/suite/roles/set_role-recursive.result +++ b/mysql-test/suite/roles/set_role-recursive.result @@ -22,6 +22,7 @@ Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv D select * from mysql.user where user like 'test_role2'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time test_role2 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N Y 0.000000 +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; @@ -112,6 +113,7 @@ GRANT USAGE ON *.* TO `test_user`@`localhost` GRANT `test_role1` TO `test_user`@`localhost` select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` +change_user root,,; delete from mysql.user where user='test_role1'; delete from mysql.user where user='test_role2'; delete from mysql.roles_mapping; diff --git a/mysql-test/suite/roles/set_role-routine-simple.result b/mysql-test/suite/roles/set_role-routine-simple.result index eaa630f4b6a..e39973d409e 100644 --- a/mysql-test/suite/roles/set_role-routine-simple.result +++ b/mysql-test/suite/roles/set_role-routine-simple.result @@ -30,6 +30,7 @@ end| grant execute on function mysql.test_func to test_role2; grant execute on procedure mysql.test_proc to test_role2; grant execute on mysql.* to test_role3; +change_user test_user,,; show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO `test_user`@`localhost` @@ -93,6 +94,7 @@ SELECT @a; SELECT test_func('AABBCCDD'); test_func('AABBCCDD') Test string: AABBCCDD +change_user root,,; drop user 'test_user'@'localhost'; revoke execute on function mysql.test_func from test_role2; revoke execute on procedure mysql.test_proc from test_role2; diff --git a/mysql-test/suite/roles/set_role-simple.result b/mysql-test/suite/roles/set_role-simple.result index c603f727fd1..bf3d338d6b0 100644 --- a/mysql-test/suite/roles/set_role-simple.result +++ b/mysql-test/suite/roles/set_role-simple.result @@ -14,6 +14,7 @@ grant select on *.* to test_role1; select * from mysql.user where user='test_role1'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time test_role1 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N Y 0.000000 +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; @@ -42,6 +43,7 @@ current_user() current_role() test_user@localhost NULL select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` +change_user root,,; delete from mysql.user where user='test_role1'; delete from mysql.roles_mapping where Role='test_role1'; flush privileges; diff --git a/mysql-test/suite/roles/set_role-table-column-priv.result b/mysql-test/suite/roles/set_role-table-column-priv.result index a680e3ff8c4..4fc97288ebf 100644 --- a/mysql-test/suite/roles/set_role-table-column-priv.result +++ b/mysql-test/suite/roles/set_role-table-column-priv.result @@ -16,6 +16,7 @@ localhost root test_role1 Y localhost root test_role2 Y localhost test_user test_role1 N grant select (Role) on mysql.roles_mapping to test_role2; +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; @@ -60,6 +61,7 @@ current_user() current_role() test_user@localhost NULL select Role from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` +change_user root,,; drop user 'test_user'@'localhost'; select * from mysql.tables_priv; Host Db User Table_name Grantor Timestamp Table_priv Column_priv diff --git a/mysql-test/suite/roles/set_role-table-simple.result b/mysql-test/suite/roles/set_role-table-simple.result index 3f1a68eeaa0..81520bedcac 100644 --- a/mysql-test/suite/roles/set_role-table-simple.result +++ b/mysql-test/suite/roles/set_role-table-simple.result @@ -16,6 +16,7 @@ localhost root test_role1 Y localhost root test_role2 Y localhost test_user test_role1 N grant select on mysql.roles_mapping to test_role2; +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; @@ -58,6 +59,7 @@ current_user() current_role() test_user@localhost NULL select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` +change_user root,,; drop user 'test_user'@'localhost'; select * from mysql.tables_priv; Host Db User Table_name Grantor Timestamp Table_priv Column_priv diff --git a/mysql-test/suite/roles/show_grants.result b/mysql-test/suite/roles/show_grants.result index 21c5a74efe4..243bfd43a2f 100644 --- a/mysql-test/suite/roles/show_grants.result +++ b/mysql-test/suite/roles/show_grants.result @@ -26,6 +26,7 @@ GRANTEE ROLE_NAME IS_GRANTABLE IS_DEFAULT root@localhost test_role1 YES NO root@localhost test_role2 YES NO test_role1 test_role2 NO NULL +change_user test_user,,; select * from information_schema.applicable_roles; GRANTEE ROLE_NAME IS_GRANTABLE IS_DEFAULT test_role1 test_role2 NO NULL @@ -138,6 +139,7 @@ show grants for CURRENT_ROLE(); Grants for test_role2 GRANT SELECT ON `mysql`.* TO `test_role2` GRANT USAGE ON *.* TO `test_role2` +change_user root,,; drop user 'test_user'@'localhost'; revoke select on mysql.* from test_role2; drop role test_role1; diff --git a/mysql-test/suite/versioning/r/insert.result b/mysql-test/suite/versioning/r/insert.result index 3b4f43dd54e..77fc698c6a7 100644 --- a/mysql-test/suite/versioning/r/insert.result +++ b/mysql-test/suite/versioning/r/insert.result @@ -277,19 +277,23 @@ ERROR HY000: The MariaDB server is running with the --secure-timestamp=YES optio # restart: --secure-timestamp=REPLICATION create user nobody; grant all privileges on test.* to nobody; +change_user nobody,,; set @@system_versioning_insert_history= 1; insert into test.t3(z, row_start, row_end) values (9, '1980-01-01 00:00:00', '1980-01-01 00:00:01'); ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation insert into test.t3 values (9, '1980-01-01 00:00:00', '1980-01-01 00:00:01'); ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation +change_user root,,; # restart: --secure-timestamp=SUPER set @@system_versioning_insert_history= 1; insert into test.t3(z, row_start, row_end) values (10, '1980-01-01 00:00:00', '1980-01-01 00:00:01'); +change_user nobody,,; set @@system_versioning_insert_history= 1; insert into test.t3(z, row_start, row_end) values (7, '1980-01-01 00:00:00', '1980-01-01 00:00:01'); ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation insert into test.t3 values (7, '1980-01-01 00:00:00', '1980-01-01 00:00:01'); ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +change_user root,,; use test; # restart: --secure-timestamp=NO drop tables t1, t2, t3;