diff --git a/mysql-test/main/brackets.result b/mysql-test/main/brackets.result index 0403ce81d1d..1f1922416a1 100644 --- a/mysql-test/main/brackets.result +++ b/mysql-test/main/brackets.result @@ -512,7 +512,7 @@ drop table t1; # MDEV-18689: parenthesis around table names and derived tables # select * from ( mysql.db ); -Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Delete_history_priv +Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Delete_history_priv Show_create_routine_priv create table t1 (a int); insert into t1 values (7), (2), (7); select * from (t1); diff --git a/mysql-test/main/connect.result b/mysql-test/main/connect.result index 74387168d98..1c5045ebe0e 100644 --- a/mysql-test/main/connect.result +++ b/mysql-test/main/connect.result @@ -104,12 +104,12 @@ update mysql.user set plugin="", authentication_string="", password=old_password flush privileges; show grants for test@localhost; Grants for test@localhost -GRANT ALL PRIVILEGES ON *.* TO `test`@`localhost` IDENTIFIED BY PASSWORD '2f27438961437573' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test`@`localhost` IDENTIFIED BY PASSWORD '2f27438961437573' update mysql.user set plugin='mysql_old_password' where user='test'; flush privileges; show grants for test@localhost; Grants for test@localhost -GRANT ALL PRIVILEGES ON *.* TO `test`@`localhost` IDENTIFIED BY PASSWORD '2f27438961437573' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test`@`localhost` IDENTIFIED BY PASSWORD '2f27438961437573' connect con10,localhost,test,gambling2,; connect con5,localhost,test,gambling2,mysql; set password=""; diff --git a/mysql-test/main/grant.result b/mysql-test/main/grant.result index 9d95f2fa478..cedaf10b3f6 100644 --- a/mysql-test/main/grant.result +++ b/mysql-test/main/grant.result @@ -225,7 +225,7 @@ revoke LOCK TABLES, ALTER on mysqltest.* from mysqltest_1@localhost; show grants for mysqltest_1@localhost; Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO `mysqltest_1`@`localhost` -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, CREATE TEMPORARY TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY ON `mysqltest`.* TO `mysqltest_1`@`localhost` WITH GRANT OPTION +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, CREATE TEMPORARY TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `mysqltest`.* TO `mysqltest_1`@`localhost` WITH GRANT OPTION revoke all privileges on mysqltest.* from mysqltest_1@localhost; delete from mysql.user where user='mysqltest_1'; flush privileges; @@ -639,6 +639,7 @@ Federated admin Server To execute the CREATE SERVER, ALTER SERVER, DROP SERVER s Connection admin Server To bypass connection limits and kill other users' connections Read_only admin Server To perform write operations even if @@read_only=ON Usage Server Admin No privileges - allow connect only +Show Create Routine Databases,Functions,Procedures To allow SHOW CREATE PROCEDURE/FUNCTION/PACKAGE connect root,localhost,root,,test,$MASTER_MYPORT,$MASTER_MYSOCK; connection root; create database mysqltest; @@ -776,7 +777,7 @@ flush privileges; use test; set @user123="non-existent"; select * from mysql.db where user=@user123; -Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Delete_history_priv +Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Delete_history_priv Show_create_routine_priv set names koi8r; create database ÂÄ; grant select on ÂÄ.* to root@localhost; @@ -2841,11 +2842,11 @@ CREATE USER ten2; GRANT ALL ON *.* TO ten2; SHOW GRANTS FOR ten2; Grants for ten2@% -GRANT ALL PRIVILEGES ON *.* TO `ten2`@`%` +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `ten2`@`%` FLUSH PRIVILEGES; SHOW GRANTS FOR ten2; Grants for ten2@% -GRANT ALL PRIVILEGES ON *.* TO `ten2`@`%` +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `ten2`@`%` DROP USER ten2; # switching back from mysql.user to mysql.global_priv # diff --git a/mysql-test/main/grant_slave_monitor.result b/mysql-test/main/grant_slave_monitor.result index 78f6b23b1ff..8dd90f1183e 100644 --- a/mysql-test/main/grant_slave_monitor.result +++ b/mysql-test/main/grant_slave_monitor.result @@ -6,7 +6,7 @@ connect con1,localhost,user1,,; connection con1; SHOW GRANTS; Grants for user1@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user1`@`localhost` +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SHOW CREATE ROUTINE ON *.* TO `user1`@`localhost` # # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW SLAVE STATUS # Expected error: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation @@ -46,13 +46,13 @@ insert mysql.global_priv values ('bar', 'foo7', '{"access":274877906943,"version flush privileges; show grants for foo7@bar; Grants for foo7@bar -GRANT ALL PRIVILEGES ON *.* TO `foo7`@`bar` WITH GRANT OPTION +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `foo7`@`bar` WITH GRANT OPTION show grants for foo8@bar; Grants for foo8@bar -GRANT ALL PRIVILEGES ON *.* TO `foo8`@`bar` WITH GRANT OPTION +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `foo8`@`bar` WITH GRANT OPTION show grants for foo9@bar; Grants for foo9@bar -GRANT ALL PRIVILEGES ON *.* TO `foo9`@`bar` WITH GRANT OPTION +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `foo9`@`bar` WITH GRANT OPTION drop user foo7@bar, foo8@bar, foo9@bar; # # End of 10.5 tests diff --git a/mysql-test/main/information_schema.result b/mysql-test/main/information_schema.result index a00b8790ee0..154f60ae35c 100644 --- a/mysql-test/main/information_schema.result +++ b/mysql-test/main/information_schema.result @@ -389,21 +389,32 @@ connect user2,localhost,mysqltest_1,,; connection user2; select ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES WHERE ROUTINE_SCHEMA <> 'sys'; ROUTINE_NAME ROUTINE_DEFINITION -sel2 NULL -sub1 NULL +sel2 begin +select * from t1; +select * from t2; +end +sub1 return i+1 create function sub2(i int) returns int return i+1; select ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES WHERE ROUTINE_SCHEMA <> 'sys'; ROUTINE_NAME ROUTINE_DEFINITION -sel2 NULL -sub1 NULL +sel2 begin +select * from t1; +select * from t2; +end +sub1 return i+1 sub2 return i+1 show create procedure sel2; Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation -sel2 NULL latin1 latin1_swedish_ci latin1_swedish_ci +sel2 CREATE DEFINER=`root`@`localhost` PROCEDURE `sel2`() +begin +select * from t1; +select * from t2; +end latin1 latin1_swedish_ci latin1_swedish_ci show create function sub1; Function sql_mode Create Function character_set_client collation_connection Database Collation -sub1 NULL latin1 latin1_swedish_ci latin1_swedish_ci +sub1 CREATE DEFINER=`root`@`localhost` FUNCTION `sub1`(i int) RETURNS int(11) +return i+1 latin1 latin1_swedish_ci latin1_swedish_ci show create function sub2; Function sql_mode Create Function character_set_client collation_connection Database Collation sub2 CREATE DEFINER=`mysqltest_1`@`localhost` FUNCTION `sub2`(i int) RETURNS int(11) @@ -501,6 +512,7 @@ GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_1'@'localhost' def test EVENT YES 'mysqltest_1'@'localhost' def test TRIGGER YES 'mysqltest_1'@'localhost' def test DELETE HISTORY YES +'mysqltest_1'@'localhost' def test SHOW CREATE ROUTINE YES select * from information_schema.TABLE_PRIVILEGES where grantee like '%mysqltest_1%'; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_1'@'localhost' def test t1 SELECT NO diff --git a/mysql-test/main/lowercase_table_grant.result b/mysql-test/main/lowercase_table_grant.result index 45b6ab0410f..0d84eb15ee8 100644 --- a/mysql-test/main/lowercase_table_grant.result +++ b/mysql-test/main/lowercase_table_grant.result @@ -7,8 +7,8 @@ Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO `mysqltest_1`@`localhost` GRANT ALL PRIVILEGES ON `mysqltest`.* TO `mysqltest_1`@`localhost` select * from db where user = 'mysqltest_1'; -Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Delete_history_priv -localhost mysqltest mysqltest_1 Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y Y +Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Delete_history_priv Show_create_routine_priv +localhost mysqltest mysqltest_1 Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y Y Y update db set db = 'MYSQLtest' where db = 'mysqltest' and user = 'mysqltest_1' and host = 'localhost'; flush privileges; show grants for mysqltest_1@localhost; @@ -16,8 +16,8 @@ Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO `mysqltest_1`@`localhost` GRANT ALL PRIVILEGES ON `mysqltest`.* TO `mysqltest_1`@`localhost` select * from db where user = 'mysqltest_1'; -Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Delete_history_priv -localhost MYSQLtest mysqltest_1 Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y Y +Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Delete_history_priv Show_create_routine_priv +localhost MYSQLtest mysqltest_1 Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y Y Y delete from db where db = 'MYSQLtest' and user = 'mysqltest_1' and host = 'localhost'; flush privileges; drop user mysqltest_1@localhost; diff --git a/mysql-test/main/mysql_upgrade.result b/mysql-test/main/mysql_upgrade.result index fe08d4135de..80fcb35865d 100644 --- a/mysql-test/main/mysql_upgrade.result +++ b/mysql-test/main/mysql_upgrade.result @@ -1895,7 +1895,7 @@ SET DEFAULT ROLE aRole; SHOW GRANTS; Grants for root@localhost GRANT `aRole` TO `root`@`localhost` WITH ADMIN OPTION -GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `root`@`localhost` WITH GRANT OPTION GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION GRANT USAGE ON *.* TO `aRole` SET DEFAULT ROLE `aRole` FOR `root`@`localhost` @@ -1903,7 +1903,7 @@ SET DEFAULT ROLE NONE; SHOW GRANTS; Grants for root@localhost GRANT `aRole` TO `root`@`localhost` WITH ADMIN OPTION -GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `root`@`localhost` WITH GRANT OPTION GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION GRANT USAGE ON *.* TO `aRole` DROP ROLE `aRole`; diff --git a/mysql-test/main/mysql_upgrade_to_100502.result b/mysql-test/main/mysql_upgrade_to_100502.result index 54f4d273c5e..8634b9b632a 100644 --- a/mysql-test/main/mysql_upgrade_to_100502.result +++ b/mysql-test/main/mysql_upgrade_to_100502.result @@ -8,7 +8,7 @@ CREATE USER user_all@localhost; GRANT ALL PRIVILEGES ON *.* TO user_all@localhost WITH GRANT OPTION; SHOW GRANTS FOR user_all@localhost; Grants for user_all@localhost -GRANT ALL PRIVILEGES ON *.* TO `user_all`@`localhost` WITH GRANT OPTION +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_all`@`localhost` WITH GRANT OPTION CREATE USER user_super@localhost; GRANT SUPER ON *.* TO user_super@localhost; SHOW GRANTS FOR user_super@localhost; @@ -56,7 +56,7 @@ FLUSH PRIVILEGES; # SHOW GRANTS FOR user_all@localhost; Grants for user_all@localhost -GRANT ALL PRIVILEGES ON *.* TO `user_all`@`localhost` WITH GRANT OPTION +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_all`@`localhost` WITH GRANT OPTION # # Should automatically get all new 10.5.2 priveleges that were splitted from SUPER # diff --git a/mysql-test/main/mysqldump-system.result b/mysql-test/main/mysqldump-system.result index 5186fbe7a08..7281031b0fa 100644 --- a/mysql-test/main/mysqldump-system.result +++ b/mysql-test/main/mysqldump-system.result @@ -1890,7 +1890,7 @@ Host User Priv localhost mariadb.sys {"access":0,"version_id":VERSION,"plugin":"mysql_native_password","authentication_string":"","password_last_changed":NOW,"password_lifetime":-1,"default_role":""} role_1 {"access":16384,"version_id":VERSION,"is_role":true} role_2 {"access":0,"version_id":VERSION,"is_role":true} -localhost root {"access":549755813887,"version_id":VERSION,"plugin":"mysql_native_password","authentication_string":"","password_last_changed":NOW,"default_role":""} +localhost root {"access":1099511627775,"version_id":VERSION,"plugin":"mysql_native_password","authentication_string":"","password_last_changed":NOW,"default_role":""} CHECKSUM TABLE mysql.roles_mapping, mysql.time_zone_transition, mysql.plugin, mysql.servers, mysql.func, mysql.innodb_table_stats, mysql.table_stats; Table Checksum diff --git a/mysql-test/main/mysqldump.result b/mysql-test/main/mysqldump.result index 59b9875507d..47fc7fa159c 100644 --- a/mysql-test/main/mysqldump.result +++ b/mysql-test/main/mysqldump.result @@ -3941,6 +3941,8 @@ use test; create database mysqldump_test_db; grant all privileges on mysqldump_test_db.* to user1; grant all privileges on mysqldump_test_db.* to user2; +revoke SHOW CREATE ROUTINE on mysqldump_test_db.* from user1; +revoke SHOW CREATE ROUTINE on mysqldump_test_db.* from user2; connect user27293,localhost,user1,,mysqldump_test_db,$MASTER_MYPORT,$MASTER_MYSOCK; connection user27293; create procedure mysqldump_test_db.sp1() select 'hello'; @@ -5179,6 +5181,7 @@ END # Test to check 'Insufficient privileges' error. GRANT ALL PRIVILEGES ON BUG52792.* TO user1; +REVOKE SHOW CREATE ROUTINE ON BUG52792.* FROM user1; connect conn_1, localhost, user1, , BUG52792, $MASTER_MYPORT, $MASTER_MYSOCK; connection conn_1; # Running 'replace_regex on timestamp' diff --git a/mysql-test/main/mysqldump.test b/mysql-test/main/mysqldump.test index 1d479dde723..707f12b2083 100644 --- a/mysql-test/main/mysqldump.test +++ b/mysql-test/main/mysqldump.test @@ -1602,6 +1602,8 @@ create database mysqldump_test_db; grant all privileges on mysqldump_test_db.* to user1; grant all privileges on mysqldump_test_db.* to user2; +revoke SHOW CREATE ROUTINE on mysqldump_test_db.* from user1; +revoke SHOW CREATE ROUTINE on mysqldump_test_db.* from user2; connect (user27293,localhost,user1,,mysqldump_test_db,$MASTER_MYPORT,$MASTER_MYSOCK); connection user27293; @@ -2334,6 +2336,7 @@ CREATE VIEW v2 AS SELECT * FROM t2; --echo GRANT ALL PRIVILEGES ON BUG52792.* TO user1; +REVOKE SHOW CREATE ROUTINE ON BUG52792.* FROM user1; connect (conn_1, localhost, user1, , BUG52792, $MASTER_MYPORT, $MASTER_MYSOCK); connection conn_1; diff --git a/mysql-test/main/sp-security-debug.result b/mysql-test/main/sp-security-debug.result new file mode 100644 index 00000000000..6ee7f496566 --- /dev/null +++ b/mysql-test/main/sp-security-debug.result @@ -0,0 +1,294 @@ +set @@global.character_set_server=@@session.character_set_server; +# +# MDEV-29167: new db-level SHOW CREATE ROUTINE privilege +# +### +### SHOW-Like commad test +### +SET @save_sql_mode=@@sql_mode; +# +### Prepare functions for the test and SHOW-like by owner +# +create database test_db; +use test_db; +create procedure test_db.sp() select 1; +show procedure code test_db.sp; +Pos Instruction +0 stmt 0 "select 1" +CREATE FUNCTION test_db.fn() RETURNS INT RETURN 1; +show function code test_db.fn; +Pos Instruction +0 freturn int 1 +SET sql_mode=ORACLE; +CREATE PACKAGE test_db.pk AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END; +$$ +CREATE PACKAGE BODY test_db.pk AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END; +$$ +SET sql_mode=@save_sql_mode; +show package code test_db.pk; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'code test_db.pk' at line 1 +show package body code test_db.pk; +Pos Instruction +0 set pkv@0 1 +1 set pkv@0 2 +use test; +### +### Pre-"SHOW-CREATE-ROUTINE" behaviour tests +### +# +### Rights on mysql.proc +# +create user user@localhost; +grant all privileges on mysql.* to user@localhost; +grant all privileges on test.* to user@localhost; +connect conn1, localhost, user, , test; +show procedure code test_db.sp; +Pos Instruction +0 stmt 0 "select 1" +show function code test_db.fn; +Pos Instruction +0 freturn int 1 +show package body code test_db.pk; +Pos Instruction +0 set pkv@0 1 +1 set pkv@0 2 +connection default; +disconnect conn1; +revoke all privileges on mysql.* from user@localhost; +# +### No privileges +# +connect conn1, localhost, user, , test; +show procedure code test_db.sp; +ERROR 42000: PROCEDURE sp does not exist +show function code test_db.fn; +ERROR 42000: FUNCTION fn does not exist +show package body code test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +connection default; +disconnect conn1; +# +### Execute provilege PROCEDURE/FUNCTION +# +grant execute on procedure test_db.sp to user@localhost; +grant execute on function test_db.fn to user@localhost; +connect conn1, localhost, user, , test; +show procedure code test_db.sp; +ERROR 42000: PROCEDURE sp does not exist +show function code test_db.fn; +ERROR 42000: FUNCTION fn does not exist +connection default; +disconnect conn1; +revoke execute on procedure test_db.sp from user@localhost; +revoke execute on function test_db.fn from user@localhost; +# +### Execute provilege PACKAGE+ PACKAGE BODY- +# +SET sql_mode=ORACLE; +grant execute on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show package body code test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke execute on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +# +### Execute provilege PACKAGE- PACKAGE BODY+ +# +SET sql_mode=ORACLE; +grant execute on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show package body code test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke execute on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +# +### Alter routine provilege PROCEDURE/FUNCTION +# +grant alter routine on procedure test_db.sp to user@localhost; +grant alter routine on function test_db.fn to user@localhost; +connect conn1, localhost, user, , test; +show procedure code test_db.sp; +ERROR 42000: PROCEDURE sp does not exist +show function code test_db.fn; +ERROR 42000: FUNCTION fn does not exist +connection default; +disconnect conn1; +revoke alter routine on procedure test_db.sp from user@localhost; +revoke alter routine on function test_db.fn from user@localhost; +# +### Alter routine provilege PACKAGE+ PACKAGE BODY- +# +SET sql_mode=ORACLE; +grant alter routine on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show package body code test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke alter routine on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +# +### Alter routine provilege PACKAGE+ PACKAGE BODY- +# +SET sql_mode=ORACLE; +grant alter routine on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show package body code test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke alter routine on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +### +### SHOW CREATE PROCEDURE tests +### +# +### Global "show create routine" test +# +grant show create routine on *.* to user@localhost; +show grants for user@localhost; +Grants for user@localhost +GRANT SHOW CREATE ROUTINE ON *.* TO `user`@`localhost` +GRANT ALL PRIVILEGES ON `test`.* TO `user`@`localhost` +connect conn1, localhost, user, , test; +show procedure code test_db.sp; +Pos Instruction +0 stmt 0 "select 1" +show function code test_db.fn; +Pos Instruction +0 freturn int 1 +show package body code test_db.pk; +Pos Instruction +0 set pkv@0 1 +1 set pkv@0 2 +connection default; +disconnect conn1; +revoke show create routine on *.* from user@localhost; +# +### DB-level "show create routine" but other DB test +# +grant show create routine on db_test.* to user@localhost; +show grants for user@localhost; +Grants for user@localhost +GRANT USAGE ON *.* TO `user`@`localhost` +GRANT ALL PRIVILEGES ON `test`.* TO `user`@`localhost` +GRANT SHOW CREATE ROUTINE ON `db_test`.* TO `user`@`localhost` +connect conn1, localhost, user, , test; +show procedure code test_db.sp; +ERROR 42000: PROCEDURE sp does not exist +show function code test_db.fn; +ERROR 42000: FUNCTION fn does not exist +show package body code test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +connection default; +disconnect conn1; +revoke show create routine on db_test.* from user@localhost; +# +### DB-level "show create routine" test +# +grant show create routine on test_db.* to user@localhost; +show grants for user@localhost; +Grants for user@localhost +GRANT USAGE ON *.* TO `user`@`localhost` +GRANT ALL PRIVILEGES ON `test`.* TO `user`@`localhost` +GRANT SHOW CREATE ROUTINE ON `test_db`.* TO `user`@`localhost` +connect conn1, localhost, user, , test; +show procedure code test_db.sp; +Pos Instruction +0 stmt 0 "select 1" +show function code test_db.fn; +Pos Instruction +0 freturn int 1 +show package body code test_db.pk; +Pos Instruction +0 set pkv@0 1 +1 set pkv@0 2 +connection default; +disconnect conn1; +revoke show create routine on test_db.* from user@localhost; +# +### Routine-level "show create routine" PROCEDURE and FUNCTION +# +grant show create routine on procedure test_db.sp to user@localhost; +grant show create routine on function test_db.fn to user@localhost; +connect conn1, localhost, user, , test; +show procedure code test_db.sp; +Pos Instruction +0 stmt 0 "select 1" +show function code test_db.fn; +Pos Instruction +0 freturn int 1 +connection default; +disconnect conn1; +revoke show create routine on procedure test_db.sp from user@localhost; +revoke show create routine on function test_db.fn from user@localhost; +# +### Routine-level "show create routine" PACKAGE+ PACKAGE BODY- +# +SET sql_mode=ORACLE; +grant show create routine on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show package body code test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke show create routine on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +# +### Routine-level "show create routine" PACKAGE- PACKAGE BODY+ +# +SET sql_mode=ORACLE; +grant show create routine on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show package body code test_db.pk; +Pos Instruction +0 set pkv@0 1 +1 set pkv@0 2 +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke show create routine on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +drop database test_db; +drop user user@localhost; +# +# End of 11.3 tests +# diff --git a/mysql-test/main/sp-security-debug.test b/mysql-test/main/sp-security-debug.test new file mode 100644 index 00000000000..58d37a67f74 --- /dev/null +++ b/mysql-test/main/sp-security-debug.test @@ -0,0 +1,368 @@ +# +# Testing SQL SECURITY of stored procedures (DEBUGG binaries) +# + +--source include/have_debug.inc +# Can't test with embedded server that doesn't support grants +--source include/not_embedded.inc +--source include/default_charset.inc +set @@global.character_set_server=@@session.character_set_server; + + +--echo # +--echo # MDEV-29167: new db-level SHOW CREATE ROUTINE privilege +--echo # + +--echo ### +--echo ### SHOW-Like commad test +--echo ### + +SET @save_sql_mode=@@sql_mode; + +--echo # +--echo ### Prepare functions for the test and SHOW-like by owner +--echo # + +create database test_db; +use test_db; +create procedure test_db.sp() select 1; +show procedure code test_db.sp; +CREATE FUNCTION test_db.fn() RETURNS INT RETURN 1; +show function code test_db.fn; + +SET sql_mode=ORACLE; +DELIMITER $$; +CREATE PACKAGE test_db.pk AS + FUNCTION pkf() RETURN INT; + PROCEDURE pkp(); +END; +$$ +CREATE PACKAGE BODY test_db.pk AS + pkv INT:=1; + + PROCEDURE pkhp() AS + BEGIN + SELECT pkv FROM DUAL; + END; + + FUNCTION pkhf() RETURN INT AS + BEGIN + RETURN pkv; + END; + + PROCEDURE pkp() AS + BEGIN + CALL pkhp(); + END; + FUNCTION pkf() RETURN INT AS + BEGIN + RETURN pkhf(); + END; + +BEGIN + pkv:=2; +END; +$$ +DELIMITER ;$$ + +SET sql_mode=@save_sql_mode; +--error ER_PARSE_ERROR +show package code test_db.pk; +show package body code test_db.pk; + +use test; + + +--echo ### +--echo ### Pre-"SHOW-CREATE-ROUTINE" behaviour tests +--echo ### + + +--echo # +--echo ### Rights on mysql.proc +--echo # + +create user user@localhost; +grant all privileges on mysql.* to user@localhost; +grant all privileges on test.* to user@localhost; + +connect conn1, localhost, user, , test; + +show procedure code test_db.sp; +show function code test_db.fn; +show package body code test_db.pk; + +connection default; +disconnect conn1; + +revoke all privileges on mysql.* from user@localhost; + + +--echo # +--echo ### No privileges +--echo # + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show procedure code test_db.sp; +--error ER_SP_DOES_NOT_EXIST +show function code test_db.fn; +--error ER_SP_DOES_NOT_EXIST +show package body code test_db.pk; + +connection default; +disconnect conn1; + +--echo # +--echo ### Execute provilege PROCEDURE/FUNCTION +--echo # + +grant execute on procedure test_db.sp to user@localhost; +grant execute on function test_db.fn to user@localhost; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show procedure code test_db.sp; +--error ER_SP_DOES_NOT_EXIST +show function code test_db.fn; + +connection default; +disconnect conn1; + +revoke execute on procedure test_db.sp from user@localhost; +revoke execute on function test_db.fn from user@localhost; + +--echo # +--echo ### Execute provilege PACKAGE+ PACKAGE BODY- +--echo # + +SET sql_mode=ORACLE; +grant execute on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show package body code test_db.pk; + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke execute on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + + +--echo # +--echo ### Execute provilege PACKAGE- PACKAGE BODY+ +--echo # + +SET sql_mode=ORACLE; +grant execute on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show package body code test_db.pk; + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke execute on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + +--echo # +--echo ### Alter routine provilege PROCEDURE/FUNCTION +--echo # + +grant alter routine on procedure test_db.sp to user@localhost; +grant alter routine on function test_db.fn to user@localhost; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show procedure code test_db.sp; +--error ER_SP_DOES_NOT_EXIST +show function code test_db.fn; + +connection default; +disconnect conn1; + + +revoke alter routine on procedure test_db.sp from user@localhost; +revoke alter routine on function test_db.fn from user@localhost; + +--echo # +--echo ### Alter routine provilege PACKAGE+ PACKAGE BODY- +--echo # + +SET sql_mode=ORACLE; +grant alter routine on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show package body code test_db.pk; + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke alter routine on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + + +--echo # +--echo ### Alter routine provilege PACKAGE+ PACKAGE BODY- +--echo # + +SET sql_mode=ORACLE; +grant alter routine on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show package body code test_db.pk; +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke alter routine on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + + +--echo ### +--echo ### SHOW CREATE PROCEDURE tests +--echo ### + + +--echo # +--echo ### Global "show create routine" test +--echo # + +grant show create routine on *.* to user@localhost; +show grants for user@localhost; + +connect conn1, localhost, user, , test; + +show procedure code test_db.sp; +show function code test_db.fn; +show package body code test_db.pk; + +connection default; +disconnect conn1; + +revoke show create routine on *.* from user@localhost; + +--echo # +--echo ### DB-level "show create routine" but other DB test +--echo # + +grant show create routine on db_test.* to user@localhost; +show grants for user@localhost; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show procedure code test_db.sp; +--error ER_SP_DOES_NOT_EXIST +show function code test_db.fn; +--error ER_SP_DOES_NOT_EXIST +show package body code test_db.pk; + +connection default; +disconnect conn1; + +revoke show create routine on db_test.* from user@localhost; + +--echo # +--echo ### DB-level "show create routine" test +--echo # + +grant show create routine on test_db.* to user@localhost; +show grants for user@localhost; + +connect conn1, localhost, user, , test; + +show procedure code test_db.sp; +show function code test_db.fn; +show package body code test_db.pk; + +connection default; +disconnect conn1; + +revoke show create routine on test_db.* from user@localhost; + + +--echo # +--echo ### Routine-level "show create routine" PROCEDURE and FUNCTION +--echo # + +grant show create routine on procedure test_db.sp to user@localhost; +grant show create routine on function test_db.fn to user@localhost; + +connect conn1, localhost, user, , test; + +show procedure code test_db.sp; +show function code test_db.fn; + +connection default; +disconnect conn1; + +revoke show create routine on procedure test_db.sp from user@localhost; +revoke show create routine on function test_db.fn from user@localhost; + + +--echo # +--echo ### Routine-level "show create routine" PACKAGE+ PACKAGE BODY- +--echo # + +SET sql_mode=ORACLE; +grant show create routine on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show package body code test_db.pk; + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke show create routine on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + + +--echo # +--echo ### Routine-level "show create routine" PACKAGE- PACKAGE BODY+ +--echo # + +SET sql_mode=ORACLE; +grant show create routine on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + + +connect conn1, localhost, user, , test; + +show package body code test_db.pk; + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke show create routine on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + +drop database test_db; +drop user user@localhost; + +--echo # +--echo # End of 11.3 tests +--echo # diff --git a/mysql-test/main/sp-security.result b/mysql-test/main/sp-security.result index f25bff8a920..93e05c522c0 100644 --- a/mysql-test/main/sp-security.result +++ b/mysql-test/main/sp-security.result @@ -240,7 +240,7 @@ grant all privileges on procedure sptest.p1 to userc@localhost; show grants for userc@localhost; Grants for userc@localhost GRANT USAGE ON *.* TO `userc`@`localhost` -GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `sptest`.`p1` TO `userc`@`localhost` WITH GRANT OPTION +GRANT EXECUTE, ALTER ROUTINE, SHOW CREATE ROUTINE ON PROCEDURE `sptest`.`p1` TO `userc`@`localhost` WITH GRANT OPTION show grants for userb@localhost; Grants for userb@localhost GRANT USAGE ON *.* TO `userb`@`localhost` @@ -843,3 +843,890 @@ drop function f; # # End of 10.6 tests # +# +# MDEV-29167: new db-level SHOW CREATE ROUTINE privilege +# +### +### SHOW-Like commad test +### +SET @save_sql_mode=@@sql_mode; +# +### Prepare functions for the test and SHOW-like by root +# +create database test_db; +use test_db; +create procedure test_db.sp() select 1; +show create procedure test_db.sp; +Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation +sp STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`root`@`localhost` PROCEDURE `sp`() +select 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PROCEDURE STATUS WHERE name="sp"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db sp PROCEDURE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="sp"; +ROUTINE_NAME ROUTINE_DEFINITION +sp select 1 +CREATE FUNCTION test_db.fn() RETURNS INT RETURN 1; +show create function test_db.fn; +Function sql_mode Create Function character_set_client collation_connection Database Collation +fn STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`root`@`localhost` FUNCTION `fn`() RETURNS int(11) +RETURN 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW FUNCTION STATUS WHERE name="fn"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db fn FUNCTION root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="fn"; +ROUTINE_NAME ROUTINE_DEFINITION +fn RETURN 1 +SET sql_mode=ORACLE; +CREATE PACKAGE test_db.pk AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END; +$$ +CREATE PACKAGE BODY test_db.pk AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END; +$$ +SET sql_mode=@save_sql_mode; +show create package test_db.pk; +Package sql_mode Create Package character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="root"@"localhost" PACKAGE "pk" AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END latin1 latin1_swedish_ci latin1_swedish_ci +show create package body test_db.pk; +Package body sql_mode Create Package Body character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="root"@"localhost" PACKAGE BODY "pk" AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db pk PACKAGE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END +pk PACKAGE BODY AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END +use test; +### +### Pre-"SHOW-CREATE-ROUTINE" behaviour tests +### +# +### Rights on mysql.proc +# +create user user@localhost; +grant all privileges on mysql.* to user@localhost; +grant all privileges on test.* to user@localhost; +connect conn1, localhost, user, , test; +show create procedure test_db.sp; +Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation +sp STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`root`@`localhost` PROCEDURE `sp`() +select 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PROCEDURE STATUS WHERE name="sp"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db sp PROCEDURE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME from information_schema.ROUTINES where ROUTINE_NAME="sp"; +ROUTINE_NAME +sp +show create function test_db.fn; +Function sql_mode Create Function character_set_client collation_connection Database Collation +fn STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`root`@`localhost` FUNCTION `fn`() RETURNS int(11) +RETURN 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW FUNCTION STATUS WHERE name="fn"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db fn FUNCTION root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +ROUTINE_NAME ROUTINE_DEFINITION +fn RETURN 1 +show create package test_db.pk; +Package sql_mode Create Package character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="root"@"localhost" PACKAGE "pk" AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END latin1 latin1_swedish_ci latin1_swedish_ci +show create package body test_db.pk; +Package body sql_mode Create Package Body character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="root"@"localhost" PACKAGE BODY "pk" AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db pk PACKAGE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END +pk PACKAGE BODY AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END +connection default; +disconnect conn1; +revoke all privileges on mysql.* from user@localhost; +# +### No privileges +# +connect conn1, localhost, user, , test; +show create procedure test_db.sp; +ERROR 42000: PROCEDURE sp does not exist +SHOW PROCEDURE STATUS WHERE name="sp"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +SELECT ROUTINE_NAME from information_schema.ROUTINES where ROUTINE_NAME="sp"; +ROUTINE_NAME +show create function test_db.fn; +ERROR 42000: FUNCTION fn does not exist +SHOW FUNCTION STATUS WHERE name="fn"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +ROUTINE_NAME ROUTINE_DEFINITION +show create package test_db.pk; +ERROR 42000: PACKAGE pk does not exist +show create package body test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +connection default; +disconnect conn1; +# +### Execute provilege PROCEDURE/FUNCTION +# +grant execute on procedure test_db.sp to user@localhost; +grant execute on function test_db.fn to user@localhost; +connect conn1, localhost, user, , test; +show create procedure test_db.sp; +Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation +sp STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION NULL latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PROCEDURE STATUS WHERE name="sp"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db sp PROCEDURE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME from information_schema.ROUTINES where ROUTINE_NAME="sp"; +ROUTINE_NAME +sp +call test_db.sp(); +1 +1 +show create function test_db.fn; +Function sql_mode Create Function character_set_client collation_connection Database Collation +fn STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION NULL latin1 latin1_swedish_ci latin1_swedish_ci +SHOW FUNCTION STATUS WHERE name="fn"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db fn FUNCTION root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +ROUTINE_NAME ROUTINE_DEFINITION +fn NULL +select test_db.fn(); +test_db.fn() +1 +connection default; +disconnect conn1; +revoke execute on procedure test_db.sp from user@localhost; +revoke execute on function test_db.fn from user@localhost; +# +### Execute provilege PACKAGE+ PACKAGE BODY- +# +SET sql_mode=ORACLE; +grant execute on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show create package test_db.pk; +Package sql_mode Create Package character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT NULL latin1 latin1_swedish_ci latin1_swedish_ci +show create package body test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db pk PACKAGE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE NULL +call test_db.pk.pkp(); +ERROR 42000: execute command denied to user 'user'@'localhost' for routine 'test_db.pk' +select test_db.pk.pkf(); +ERROR 42000: execute command denied to user 'user'@'localhost' for routine 'test_db.pk' +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke execute on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +# +### Execute provilege PACKAGE- PACKAGE BODY+ +# +SET sql_mode=ORACLE; +grant execute on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show create package test_db.pk; +ERROR 42000: PACKAGE pk does not exist +show create package body test_db.pk; +Package body sql_mode Create Package Body character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT NULL latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE BODY NULL +call test_db.pk.pkp(); +pkv +2 +select test_db.pk.pkf(); +test_db.pk.pkf() +2 +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke execute on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +# +### Alter routine provilege PROCEDURE/FUNCTION +# +grant alter routine on procedure test_db.sp to user@localhost; +grant alter routine on function test_db.fn to user@localhost; +connect conn1, localhost, user, , test; +show create procedure test_db.sp; +Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation +sp STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION NULL latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PROCEDURE STATUS WHERE name="sp"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db sp PROCEDURE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME from information_schema.ROUTINES where ROUTINE_NAME="sp"; +ROUTINE_NAME +sp +show create function test_db.fn; +Function sql_mode Create Function character_set_client collation_connection Database Collation +fn STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION NULL latin1 latin1_swedish_ci latin1_swedish_ci +SHOW FUNCTION STATUS WHERE name="fn"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db fn FUNCTION root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +ROUTINE_NAME ROUTINE_DEFINITION +fn NULL +connection default; +disconnect conn1; +revoke alter routine on procedure test_db.sp from user@localhost; +revoke alter routine on function test_db.fn from user@localhost; +# +### Alter routine provilege PACKAGE+ PACKAGE BODY- +# +SET sql_mode=ORACLE; +grant alter routine on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show create package test_db.pk; +Package sql_mode Create Package character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT NULL latin1 latin1_swedish_ci latin1_swedish_ci +show create package body test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db pk PACKAGE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE NULL +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke alter routine on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +# +### Alter routine provilege PACKAGE+ PACKAGE BODY- +# +SET sql_mode=ORACLE; +grant alter routine on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show create package test_db.pk; +ERROR 42000: PACKAGE pk does not exist +show create package body test_db.pk; +Package body sql_mode Create Package Body character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT NULL latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE BODY NULL +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke alter routine on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +### +### SHOW CREATE PROCEDURE tests +### +# +### Global "show create routine" test +# +grant show create routine on *.* to user@localhost; +show grants for user@localhost; +Grants for user@localhost +GRANT SHOW CREATE ROUTINE ON *.* TO `user`@`localhost` +GRANT ALL PRIVILEGES ON `test`.* TO `user`@`localhost` +connect conn1, localhost, user, , test; +show create procedure test_db.sp; +Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation +sp STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`root`@`localhost` PROCEDURE `sp`() +select 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PROCEDURE STATUS WHERE name="sp"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db sp PROCEDURE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="sp"; +ROUTINE_NAME ROUTINE_DEFINITION +sp select 1 +show create function test_db.fn; +Function sql_mode Create Function character_set_client collation_connection Database Collation +fn STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`root`@`localhost` FUNCTION `fn`() RETURNS int(11) +RETURN 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW FUNCTION STATUS WHERE name="fn"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db fn FUNCTION root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="fn"; +ROUTINE_NAME ROUTINE_DEFINITION +fn RETURN 1 +show create package test_db.pk; +Package sql_mode Create Package character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="root"@"localhost" PACKAGE "pk" AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END latin1 latin1_swedish_ci latin1_swedish_ci +show create package body test_db.pk; +Package body sql_mode Create Package Body character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="root"@"localhost" PACKAGE BODY "pk" AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db pk PACKAGE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END +pk PACKAGE BODY AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END +connection default; +disconnect conn1; +revoke show create routine on *.* from user@localhost; +# +### DB-level "show create routine" but other DB test +# +grant show create routine on db_test.* to user@localhost; +show grants for user@localhost; +Grants for user@localhost +GRANT USAGE ON *.* TO `user`@`localhost` +GRANT ALL PRIVILEGES ON `test`.* TO `user`@`localhost` +GRANT SHOW CREATE ROUTINE ON `db_test`.* TO `user`@`localhost` +connect conn1, localhost, user, , test; +show create procedure test_db.sp; +ERROR 42000: PROCEDURE sp does not exist +SHOW PROCEDURE STATUS WHERE name="sp"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="sp"; +ROUTINE_NAME ROUTINE_DEFINITION +show create function test_db.fn; +ERROR 42000: FUNCTION fn does not exist +SHOW FUNCTION STATUS WHERE name="fn"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="fn"; +ROUTINE_NAME ROUTINE_DEFINITION +show create package test_db.pk; +ERROR 42000: PACKAGE pk does not exist +show create package body test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +connection default; +disconnect conn1; +revoke show create routine on db_test.* from user@localhost; +# +### DB-level "show create routine" test +# +grant show create routine on test_db.* to user@localhost; +show grants for user@localhost; +Grants for user@localhost +GRANT USAGE ON *.* TO `user`@`localhost` +GRANT ALL PRIVILEGES ON `test`.* TO `user`@`localhost` +GRANT SHOW CREATE ROUTINE ON `test_db`.* TO `user`@`localhost` +connect conn1, localhost, user, , test; +show create procedure test_db.sp; +Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation +sp STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`root`@`localhost` PROCEDURE `sp`() +select 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PROCEDURE STATUS WHERE name="sp"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db sp PROCEDURE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="sp"; +ROUTINE_NAME ROUTINE_DEFINITION +sp select 1 +show create function test_db.fn; +Function sql_mode Create Function character_set_client collation_connection Database Collation +fn STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`root`@`localhost` FUNCTION `fn`() RETURNS int(11) +RETURN 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW FUNCTION STATUS WHERE name="fn"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db fn FUNCTION root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="fn"; +ROUTINE_NAME ROUTINE_DEFINITION +fn RETURN 1 +show create package test_db.pk; +Package sql_mode Create Package character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="root"@"localhost" PACKAGE "pk" AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END latin1 latin1_swedish_ci latin1_swedish_ci +show create package body test_db.pk; +Package body sql_mode Create Package Body character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="root"@"localhost" PACKAGE BODY "pk" AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db pk PACKAGE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END +pk PACKAGE BODY AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END +connection default; +disconnect conn1; +revoke show create routine on test_db.* from user@localhost; +# +### Routine-level "show create routine" PROCEDURE and FUNCTION +# +grant show create routine on procedure test_db.sp to user@localhost; +grant show create routine on function test_db.fn to user@localhost; +connect conn1, localhost, user, , test; +show create procedure test_db.sp; +Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation +sp STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`root`@`localhost` PROCEDURE `sp`() +select 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PROCEDURE STATUS WHERE name="sp"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db sp PROCEDURE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="sp"; +ROUTINE_NAME ROUTINE_DEFINITION +sp select 1 +call test_db.sp(); +ERROR 42000: execute command denied to user 'user'@'localhost' for routine 'test_db.sp' +show create function test_db.fn; +Function sql_mode Create Function character_set_client collation_connection Database Collation +fn STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`root`@`localhost` FUNCTION `fn`() RETURNS int(11) +RETURN 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW FUNCTION STATUS WHERE name="fn"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db fn FUNCTION root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +ROUTINE_NAME ROUTINE_DEFINITION +fn RETURN 1 +select test_db.fn(); +ERROR 42000: execute command denied to user 'user'@'localhost' for routine 'test_db.fn' +connection default; +disconnect conn1; +revoke show create routine on procedure test_db.sp from user@localhost; +revoke show create routine on function test_db.fn from user@localhost; +# +### Routine-level "show create routine" PACKAGE+ PACKAGE BODY- +# +SET sql_mode=ORACLE; +grant show create routine on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show create package test_db.pk; +Package sql_mode Create Package character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="root"@"localhost" PACKAGE "pk" AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END latin1 latin1_swedish_ci latin1_swedish_ci +show create package body test_db.pk; +ERROR 42000: PACKAGE BODY pk does not exist +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db pk PACKAGE root@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END +call test_db.pk.pkp(); +ERROR 42000: execute command denied to user 'user'@'localhost' for routine 'test_db.pk' +select test_db.pk.pkf(); +ERROR 42000: execute command denied to user 'user'@'localhost' for routine 'test_db.pk' +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke show create routine on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +# +### Routine-level "show create routine" PACKAGE- PACKAGE BODY+ +# +SET sql_mode=ORACLE; +grant show create routine on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; +connect conn1, localhost, user, , test; +show create package test_db.pk; +ERROR 42000: PACKAGE pk does not exist +show create package body test_db.pk; +Package body sql_mode Create Package Body character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="root"@"localhost" PACKAGE BODY "pk" AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE BODY AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END +call test_db.pk.pkp(); +ERROR 42000: execute command denied to user 'user'@'localhost' for routine 'test_db.pk' +select test_db.pk.pkf(); +ERROR 42000: execute command denied to user 'user'@'localhost' for routine 'test_db.pk' +connection default; +disconnect conn1; +SET sql_mode=ORACLE; +revoke show create routine on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; +drop user user@localhost; +drop database test_db; +# +### Check owner only rights +# +create user user@localhost; +create database test_db; +use test_db; +create definer=user@localhost procedure test_db.sp() select 1; +CREATE definer=user@localhost FUNCTION test_db.fn() RETURNS INT RETURN 1; +SET sql_mode=ORACLE; +CREATE definer=user@localhost PACKAGE test_db.pk AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END; +$$ +CREATE definer=user@localhost PACKAGE BODY test_db.pk AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END; +$$ +use test; +connect conn1, localhost, user, , "*NO-ONE*"; +show create procedure test_db.sp; +Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation +sp STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`user`@`localhost` PROCEDURE `sp`() +select 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PROCEDURE STATUS WHERE name="sp"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db sp PROCEDURE user@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME from information_schema.ROUTINES where ROUTINE_NAME="sp"; +ROUTINE_NAME +sp +show create function test_db.fn; +Function sql_mode Create Function character_set_client collation_connection Database Collation +fn STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`user`@`localhost` FUNCTION `fn`() RETURNS int(11) +RETURN 1 latin1 latin1_swedish_ci latin1_swedish_ci +SHOW FUNCTION STATUS WHERE name="fn"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db fn FUNCTION user@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +ROUTINE_NAME ROUTINE_DEFINITION +fn RETURN 1 +show create package test_db.pk; +Package sql_mode Create Package character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="user"@"localhost" PACKAGE "pk" AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END latin1 latin1_swedish_ci latin1_swedish_ci +show create package body test_db.pk; +Package body sql_mode Create Package Body character_set_client collation_connection Database Collation +pk PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,ORACLE,NO_KEY_OPTIONS,NO_TABLE_OPTIONS,NO_FIELD_OPTIONS,NO_AUTO_CREATE_USER,SIMULTANEOUS_ASSIGNMENT CREATE DEFINER="user"@"localhost" PACKAGE BODY "pk" AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END latin1 latin1_swedish_ci latin1_swedish_ci +SHOW PACKAGE STATUS WHERE name="pk"; +Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation +test_db pk PACKAGE user@localhost # # DEFINER latin1 latin1_swedish_ci latin1_swedish_ci +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +ROUTINE_NAME ROUTINE_TYPE ROUTINE_DEFINITION +pk PACKAGE AS +FUNCTION pkf() RETURN INT; +PROCEDURE pkp(); +END +pk PACKAGE BODY AS +pkv INT:=1; +PROCEDURE pkhp() AS +BEGIN +SELECT pkv FROM DUAL; +END; +FUNCTION pkhf() RETURN INT AS +BEGIN +RETURN pkv; +END; +PROCEDURE pkp() AS +BEGIN +CALL pkhp(); +END; +FUNCTION pkf() RETURN INT AS +BEGIN +RETURN pkhf(); +END; +BEGIN +pkv:=2; +END +connection default; +disconnect conn1; +drop user user@localhost; +drop database test_db; +# +# End of 11.3 tests +# diff --git a/mysql-test/main/sp-security.test b/mysql-test/main/sp-security.test index 85f21835c92..af9ba61d614 100644 --- a/mysql-test/main/sp-security.test +++ b/mysql-test/main/sp-security.test @@ -1123,3 +1123,557 @@ drop function f; --echo # --echo # End of 10.6 tests --echo # + +--echo # +--echo # MDEV-29167: new db-level SHOW CREATE ROUTINE privilege +--echo # + +--echo ### +--echo ### SHOW-Like commad test +--echo ### + +SET @save_sql_mode=@@sql_mode; + +--echo # +--echo ### Prepare functions for the test and SHOW-like by root +--echo # + +create database test_db; +use test_db; +create procedure test_db.sp() select 1; +show create procedure test_db.sp; +--replace_column 5 # 6 # +SHOW PROCEDURE STATUS WHERE name="sp"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="sp"; +CREATE FUNCTION test_db.fn() RETURNS INT RETURN 1; +show create function test_db.fn; +--replace_column 5 # 6 # +SHOW FUNCTION STATUS WHERE name="fn"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="fn"; + +SET sql_mode=ORACLE; +DELIMITER $$; +CREATE PACKAGE test_db.pk AS + FUNCTION pkf() RETURN INT; + PROCEDURE pkp(); +END; +$$ +CREATE PACKAGE BODY test_db.pk AS + pkv INT:=1; + + PROCEDURE pkhp() AS + BEGIN + SELECT pkv FROM DUAL; + END; + + FUNCTION pkhf() RETURN INT AS + BEGIN + RETURN pkv; + END; + + PROCEDURE pkp() AS + BEGIN + CALL pkhp(); + END; + FUNCTION pkf() RETURN INT AS + BEGIN + RETURN pkhf(); + END; + +BEGIN + pkv:=2; +END; +$$ +DELIMITER ;$$ + +SET sql_mode=@save_sql_mode; +show create package test_db.pk; +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; + + +use test; + + +--echo ### +--echo ### Pre-"SHOW-CREATE-ROUTINE" behaviour tests +--echo ### + + +--echo # +--echo ### Rights on mysql.proc +--echo # + +create user user@localhost; +grant all privileges on mysql.* to user@localhost; +grant all privileges on test.* to user@localhost; + +connect conn1, localhost, user, , test; + +show create procedure test_db.sp; +--replace_column 5 # 6 # +SHOW PROCEDURE STATUS WHERE name="sp"; +SELECT ROUTINE_NAME from information_schema.ROUTINES where ROUTINE_NAME="sp"; +show create function test_db.fn; +--replace_column 5 # 6 # +SHOW FUNCTION STATUS WHERE name="fn"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +show create package test_db.pk; +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; + +connection default; +disconnect conn1; + +revoke all privileges on mysql.* from user@localhost; + + +--echo # +--echo ### No privileges +--echo # + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show create procedure test_db.sp; +--replace_column 5 # 6 # +SHOW PROCEDURE STATUS WHERE name="sp"; +SELECT ROUTINE_NAME from information_schema.ROUTINES where ROUTINE_NAME="sp"; +--error ER_SP_DOES_NOT_EXIST +show create function test_db.fn; +--replace_column 5 # 6 # +SHOW FUNCTION STATUS WHERE name="fn"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +--error ER_SP_DOES_NOT_EXIST +show create package test_db.pk; +--error ER_SP_DOES_NOT_EXIST +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; + +connection default; +disconnect conn1; + +--echo # +--echo ### Execute provilege PROCEDURE/FUNCTION +--echo # + +grant execute on procedure test_db.sp to user@localhost; +grant execute on function test_db.fn to user@localhost; + +connect conn1, localhost, user, , test; + +show create procedure test_db.sp; +--replace_column 5 # 6 # +SHOW PROCEDURE STATUS WHERE name="sp"; +SELECT ROUTINE_NAME from information_schema.ROUTINES where ROUTINE_NAME="sp"; +call test_db.sp(); +show create function test_db.fn; +--replace_column 5 # 6 # +SHOW FUNCTION STATUS WHERE name="fn"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +select test_db.fn(); + +connection default; +disconnect conn1; + +revoke execute on procedure test_db.sp from user@localhost; +revoke execute on function test_db.fn from user@localhost; + +--echo # +--echo ### Execute provilege PACKAGE+ PACKAGE BODY- +--echo # + +SET sql_mode=ORACLE; +grant execute on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + +connect conn1, localhost, user, , test; + +show create package test_db.pk; +--error ER_SP_DOES_NOT_EXIST +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +--error ER_PROCACCESS_DENIED_ERROR +call test_db.pk.pkp(); +--error ER_PROCACCESS_DENIED_ERROR +select test_db.pk.pkf(); + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke execute on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + + +--echo # +--echo ### Execute provilege PACKAGE- PACKAGE BODY+ +--echo # + +SET sql_mode=ORACLE; +grant execute on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show create package test_db.pk; +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +call test_db.pk.pkp(); +select test_db.pk.pkf(); + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke execute on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + +--echo # +--echo ### Alter routine provilege PROCEDURE/FUNCTION +--echo # + +grant alter routine on procedure test_db.sp to user@localhost; +grant alter routine on function test_db.fn to user@localhost; + +connect conn1, localhost, user, , test; + +show create procedure test_db.sp; +--replace_column 5 # 6 # +SHOW PROCEDURE STATUS WHERE name="sp"; +SELECT ROUTINE_NAME from information_schema.ROUTINES where ROUTINE_NAME="sp"; +show create function test_db.fn; +--replace_column 5 # 6 # +SHOW FUNCTION STATUS WHERE name="fn"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; + +connection default; +disconnect conn1; + + +revoke alter routine on procedure test_db.sp from user@localhost; +revoke alter routine on function test_db.fn from user@localhost; + +--echo # +--echo ### Alter routine provilege PACKAGE+ PACKAGE BODY- +--echo # + +SET sql_mode=ORACLE; +grant alter routine on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + +connect conn1, localhost, user, , test; + +show create package test_db.pk; +--error ER_SP_DOES_NOT_EXIST +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke alter routine on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + + +--echo # +--echo ### Alter routine provilege PACKAGE+ PACKAGE BODY- +--echo # + +SET sql_mode=ORACLE; +grant alter routine on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show create package test_db.pk; +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke alter routine on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + + +--echo ### +--echo ### SHOW CREATE PROCEDURE tests +--echo ### + + +--echo # +--echo ### Global "show create routine" test +--echo # + +grant show create routine on *.* to user@localhost; +show grants for user@localhost; + +connect conn1, localhost, user, , test; + +show create procedure test_db.sp; +--replace_column 5 # 6 # +SHOW PROCEDURE STATUS WHERE name="sp"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="sp"; +show create function test_db.fn; +--replace_column 5 # 6 # +SHOW FUNCTION STATUS WHERE name="fn"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="fn"; +show create package test_db.pk; +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; + +connection default; +disconnect conn1; + +revoke show create routine on *.* from user@localhost; + +--echo # +--echo ### DB-level "show create routine" but other DB test +--echo # + +grant show create routine on db_test.* to user@localhost; +show grants for user@localhost; + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show create procedure test_db.sp; +--replace_column 5 # 6 # +SHOW PROCEDURE STATUS WHERE name="sp"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="sp"; +--error ER_SP_DOES_NOT_EXIST +show create function test_db.fn; +--replace_column 5 # 6 # +SHOW FUNCTION STATUS WHERE name="fn"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="fn"; +--error ER_SP_DOES_NOT_EXIST +show create package test_db.pk; +--error ER_SP_DOES_NOT_EXIST +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; + +connection default; +disconnect conn1; + +revoke show create routine on db_test.* from user@localhost; + +--echo # +--echo ### DB-level "show create routine" test +--echo # + +grant show create routine on test_db.* to user@localhost; +show grants for user@localhost; + +connect conn1, localhost, user, , test; + +show create procedure test_db.sp; +--replace_column 5 # 6 # +SHOW PROCEDURE STATUS WHERE name="sp"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="sp"; +show create function test_db.fn; +--replace_column 5 # 6 # +SHOW FUNCTION STATUS WHERE name="fn"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="fn"; +show create package test_db.pk; +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; + +connection default; +disconnect conn1; + +revoke show create routine on test_db.* from user@localhost; + + +--echo # +--echo ### Routine-level "show create routine" PROCEDURE and FUNCTION +--echo # + +grant show create routine on procedure test_db.sp to user@localhost; +grant show create routine on function test_db.fn to user@localhost; + +connect conn1, localhost, user, , test; + +show create procedure test_db.sp; +--replace_column 5 # 6 # +SHOW PROCEDURE STATUS WHERE name="sp"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="sp"; +-- error ER_PROCACCESS_DENIED_ERROR +call test_db.sp(); +show create function test_db.fn; +--replace_column 5 # 6 # +SHOW FUNCTION STATUS WHERE name="fn"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +-- error ER_PROCACCESS_DENIED_ERROR +select test_db.fn(); + +connection default; +disconnect conn1; + +revoke show create routine on procedure test_db.sp from user@localhost; +revoke show create routine on function test_db.fn from user@localhost; + + +--echo # +--echo ### Routine-level "show create routine" PACKAGE+ PACKAGE BODY- +--echo # + +SET sql_mode=ORACLE; +grant show create routine on package test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + +connect conn1, localhost, user, , test; + +show create package test_db.pk; +--error ER_SP_DOES_NOT_EXIST +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +--error ER_PROCACCESS_DENIED_ERROR +call test_db.pk.pkp(); +--error ER_PROCACCESS_DENIED_ERROR +select test_db.pk.pkf(); + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke show create routine on package test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + + +--echo # +--echo ### Routine-level "show create routine" PACKAGE- PACKAGE BODY+ +--echo # + +SET sql_mode=ORACLE; +grant show create routine on package body test_db.pk to user@localhost; +SET sql_mode=@save_sql_mode; + + +connect conn1, localhost, user, , test; + +--error ER_SP_DOES_NOT_EXIST +show create package test_db.pk; +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; +--error ER_PROCACCESS_DENIED_ERROR +call test_db.pk.pkp(); +--error ER_PROCACCESS_DENIED_ERROR +select test_db.pk.pkf(); + +connection default; +disconnect conn1; + +SET sql_mode=ORACLE; +revoke show create routine on package body test_db.pk from user@localhost; +SET sql_mode=@save_sql_mode; + +drop user user@localhost; +drop database test_db; + +--echo # +--echo ### Check owner only rights +--echo # + +create user user@localhost; +create database test_db; +use test_db; +create definer=user@localhost procedure test_db.sp() select 1; +CREATE definer=user@localhost FUNCTION test_db.fn() RETURNS INT RETURN 1; +SET sql_mode=ORACLE; +DELIMITER $$; +CREATE definer=user@localhost PACKAGE test_db.pk AS + FUNCTION pkf() RETURN INT; + PROCEDURE pkp(); +END; +$$ +CREATE definer=user@localhost PACKAGE BODY test_db.pk AS + pkv INT:=1; + + PROCEDURE pkhp() AS + BEGIN + SELECT pkv FROM DUAL; + END; + + FUNCTION pkhf() RETURN INT AS + BEGIN + RETURN pkv; + END; + + PROCEDURE pkp() AS + BEGIN + CALL pkhp(); + END; + FUNCTION pkf() RETURN INT AS + BEGIN + RETURN pkhf(); + END; + +BEGIN + pkv:=2; +END; +$$ +DELIMITER ;$$ + +use test; + + +connect conn1, localhost, user, , "*NO-ONE*"; + +show create procedure test_db.sp; +--replace_column 5 # 6 # +SHOW PROCEDURE STATUS WHERE name="sp"; +SELECT ROUTINE_NAME from information_schema.ROUTINES where ROUTINE_NAME="sp"; +show create function test_db.fn; +--replace_column 5 # 6 # +SHOW FUNCTION STATUS WHERE name="fn"; +SELECT ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES where +ROUTINE_NAME="fn"; +show create package test_db.pk; +show create package body test_db.pk; +--replace_column 5 # 6 # +SHOW PACKAGE STATUS WHERE name="pk"; +SELECT ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_DEFINITION from information_schema.ROUTINES where ROUTINE_NAME="pk"; + +connection default; +disconnect conn1; + +drop user user@localhost; +drop database test_db; + +--echo # +--echo # End of 11.3 tests +--echo # diff --git a/mysql-test/main/sql_mode.result b/mysql-test/main/sql_mode.result index 31308cd6a2f..449534da25e 100644 --- a/mysql-test/main/sql_mode.result +++ b/mysql-test/main/sql_mode.result @@ -535,7 +535,7 @@ SET SESSION SQL_MODE = @OLD_SQL_MODE; DROP USER 'user_no_PCTFL'@'localhost'; FLUSH PRIVILEGES; SELECT * FROM mysql.db WHERE Host = 'localhost' AND User LIKE 'user_%PCTFL'; -Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Delete_history_priv +Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Delete_history_priv Show_create_routine_priv SELECT * FROM mysql.tables_priv WHERE Host = 'localhost' AND User LIKE 'user_%PCTFL'; Host Db User Table_name Grantor Timestamp Table_priv Column_priv SELECT * FROM mysql.columns_priv WHERE Host = 'localhost' AND User LIKE 'user_%PCTFL'; diff --git a/mysql-test/main/system_mysql_db.result b/mysql-test/main/system_mysql_db.result index b89381da5c3..4ff6b311aef 100644 --- a/mysql-test/main/system_mysql_db.result +++ b/mysql-test/main/system_mysql_db.result @@ -57,6 +57,7 @@ db CREATE TABLE `db` ( `Event_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', `Trigger_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', `Delete_history_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', + `Show_create_routine_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', PRIMARY KEY (`Host`,`Db`,`User`), KEY `User` (`User`) ) ENGINE=Aria DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='Database privileges' @@ -115,7 +116,7 @@ procs_priv CREATE TABLE `procs_priv` ( `Routine_name` char(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', `Routine_type` enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') NOT NULL, `Grantor` varchar(384) NOT NULL DEFAULT '', - `Proc_priv` set('Execute','Alter Routine','Grant') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', + `Proc_priv` set('Execute','Alter Routine','Grant','Show Create Routine') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', `Timestamp` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(), PRIMARY KEY (`Host`,`Db`,`User`,`Routine_name`,`Routine_type`), KEY `Grantor` (`Grantor`) diff --git a/mysql-test/main/system_mysql_db_error_log.result b/mysql-test/main/system_mysql_db_error_log.result index c2129b7df31..8a15dad9ce0 100644 --- a/mysql-test/main/system_mysql_db_error_log.result +++ b/mysql-test/main/system_mysql_db_error_log.result @@ -15,7 +15,7 @@ SET @all_known_privileges_current=(SELECT CAST(json_value(Priv, '$.access') AS U DROP USER user1@localhost; SELECT HEX(@all_known_privileges_current); HEX(@all_known_privileges_current) -7FFFFFFFFF +FFFFFFFFFF CREATE USER bad_access1@localhost; UPDATE mysql.global_priv @@ -90,11 +90,11 @@ host='localhost' and user='good_version_id_100400'; FLUSH PRIVILEGES; SHOW GRANTS FOR good_version_id_100400@localhost; Grants for good_version_id_100400@localhost -GRANT ALL PRIVILEGES ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION GRANT REPLICATION MASTER ADMIN ON *.* TO good_version_id_100400@localhost; SHOW GRANTS FOR good_version_id_100400@localhost; Grants for good_version_id_100400@localhost -GRANT ALL PRIVILEGES ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION DROP USER good_version_id_100400@localhost; CREATE USER good_version_id_100500@localhost; GRANT SUPER ON *.* to good_version_id_100500@localhost; diff --git a/mysql-test/main/system_mysql_db_fix40123.result b/mysql-test/main/system_mysql_db_fix40123.result index 2ed1e8ae618..adbab63da8c 100644 --- a/mysql-test/main/system_mysql_db_fix40123.result +++ b/mysql-test/main/system_mysql_db_fix40123.result @@ -95,6 +95,7 @@ db CREATE TABLE `db` ( `Event_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', `Trigger_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', `Delete_history_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', + `Show_create_routine_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', PRIMARY KEY (`Host`,`Db`,`User`), KEY `User` (`User`) ) ENGINE=Aria DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='Database privileges' @@ -153,7 +154,7 @@ procs_priv CREATE TABLE `procs_priv` ( `Routine_name` char(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', `Routine_type` enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') NOT NULL, `Grantor` varchar(384) NOT NULL DEFAULT '', - `Proc_priv` set('Execute','Alter Routine','Grant') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', + `Proc_priv` set('Execute','Alter Routine','Grant','Show Create Routine') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', `Timestamp` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(), PRIMARY KEY (`Host`,`Db`,`User`,`Routine_name`,`Routine_type`), KEY `Grantor` (`Grantor`) diff --git a/mysql-test/main/system_mysql_db_fix50030.result b/mysql-test/main/system_mysql_db_fix50030.result index a257c16b865..181cf42690c 100644 --- a/mysql-test/main/system_mysql_db_fix50030.result +++ b/mysql-test/main/system_mysql_db_fix50030.result @@ -99,6 +99,7 @@ db CREATE TABLE `db` ( `Event_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', `Trigger_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', `Delete_history_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', + `Show_create_routine_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', PRIMARY KEY (`Host`,`Db`,`User`), KEY `User` (`User`) ) ENGINE=Aria DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='Database privileges' @@ -157,7 +158,7 @@ procs_priv CREATE TABLE `procs_priv` ( `Routine_name` char(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', `Routine_type` enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') NOT NULL, `Grantor` varchar(384) NOT NULL DEFAULT '', - `Proc_priv` set('Execute','Alter Routine','Grant') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', + `Proc_priv` set('Execute','Alter Routine','Grant','Show Create Routine') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', `Timestamp` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(), PRIMARY KEY (`Host`,`Db`,`User`,`Routine_name`,`Routine_type`), KEY `Grantor` (`Grantor`) diff --git a/mysql-test/main/system_mysql_db_fix50117.result b/mysql-test/main/system_mysql_db_fix50117.result index fde130839d4..14daabbf9b7 100644 --- a/mysql-test/main/system_mysql_db_fix50117.result +++ b/mysql-test/main/system_mysql_db_fix50117.result @@ -79,6 +79,7 @@ db CREATE TABLE `db` ( `Event_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', `Trigger_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', `Delete_history_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', + `Show_create_routine_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', PRIMARY KEY (`Host`,`Db`,`User`), KEY `User` (`User`) ) ENGINE=Aria DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='Database privileges' @@ -137,7 +138,7 @@ procs_priv CREATE TABLE `procs_priv` ( `Routine_name` char(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', `Routine_type` enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') NOT NULL, `Grantor` varchar(384) NOT NULL DEFAULT '', - `Proc_priv` set('Execute','Alter Routine','Grant') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', + `Proc_priv` set('Execute','Alter Routine','Grant','Show Create Routine') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', `Timestamp` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(), PRIMARY KEY (`Host`,`Db`,`User`,`Routine_name`,`Routine_type`), KEY `Grantor` (`Grantor`) diff --git a/mysql-test/main/system_mysql_db_fix50568.result b/mysql-test/main/system_mysql_db_fix50568.result index 763fcb866d0..9f892764a52 100644 --- a/mysql-test/main/system_mysql_db_fix50568.result +++ b/mysql-test/main/system_mysql_db_fix50568.result @@ -100,6 +100,7 @@ db CREATE TABLE `db` ( `Event_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', `Trigger_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', `Delete_history_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', + `Show_create_routine_priv` enum('N','Y') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N', PRIMARY KEY (`Host`,`Db`,`User`), KEY `User` (`User`) ) ENGINE=Aria DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='Database privileges' @@ -158,7 +159,7 @@ procs_priv CREATE TABLE `procs_priv` ( `Routine_name` char(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', `Routine_type` enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') NOT NULL, `Grantor` varchar(384) NOT NULL DEFAULT '', - `Proc_priv` set('Execute','Alter Routine','Grant') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', + `Proc_priv` set('Execute','Alter Routine','Grant','Show Create Routine') CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL DEFAULT '', `Timestamp` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(), PRIMARY KEY (`Host`,`Db`,`User`,`Routine_name`,`Routine_type`), KEY `Grantor` (`Grantor`) diff --git a/mysql-test/suite/events/events_grant.result b/mysql-test/suite/events/events_grant.result index 5952097a8d2..6441d7b3f58 100644 --- a/mysql-test/suite/events/events_grant.result +++ b/mysql-test/suite/events/events_grant.result @@ -27,7 +27,7 @@ Grants for ev_test@localhost GRANT USAGE ON *.* TO `ev_test`@`localhost` GRANT ALL PRIVILEGES ON `test`.* TO `ev_test`@`localhost` GRANT ALL PRIVILEGES ON `events_test`.* TO `ev_test`@`localhost` -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER, DELETE HISTORY ON `events_test2`.* TO `ev_test`@`localhost` +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `events_test2`.* TO `ev_test`@`localhost` "Here comes an error:"; SHOW EVENTS; ERROR 42000: Access denied for user 'ev_test'@'localhost' to database 'events_test2' diff --git a/mysql-test/suite/funcs_1/r/innodb_trig_03.result b/mysql-test/suite/funcs_1/r/innodb_trig_03.result index f0f1777bcbd..808744a8f55 100644 --- a/mysql-test/suite/funcs_1/r/innodb_trig_03.result +++ b/mysql-test/suite/funcs_1/r/innodb_trig_03.result @@ -78,7 +78,7 @@ grant ALL on *.* to test_noprivs@localhost; revoke TRIGGER on *.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER on *.* to test_yesprivs@localhost; grant SELECT on priv_db.t1 to test_yesprivs@localhost; @@ -168,7 +168,7 @@ grant ALL on *.* to test_noprivs@localhost; revoke UPDATE on *.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost -GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER, UPDATE on *.* to test_yesprivs@localhost; show grants for test_yesprivs@localhost; @@ -183,7 +183,7 @@ test_noprivs@localhost use priv_db; show grants; Grants for test_noprivs@localhost -GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' select f1 from t1 order by f1; f1 insert 3.5.3.2-no @@ -248,7 +248,7 @@ connection no_privs_424b; show grants; Grants for test_noprivs@localhost GRANT USAGE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT SELECT, INSERT, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY ON `priv_db`.* TO `test_noprivs`@`localhost` +GRANT SELECT, INSERT, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv_db`.* TO `test_noprivs`@`localhost` use priv_db; create trigger trg4b_1 before UPDATE on t1 for each row set new.f1 = 'trig 3.5.3.7-1b'; @@ -441,7 +441,7 @@ grant ALL on *.* to test_noprivs@localhost; revoke SELECT on *.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER, SELECT on *.* to test_yesprivs@localhost; show grants for test_yesprivs@localhost; @@ -457,7 +457,7 @@ test_noprivs@localhost use priv_db; show grants; Grants for test_noprivs@localhost -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' create trigger trg5a_1 before INSERT on t1 for each row set @test_var = new.f1; connection default; @@ -503,7 +503,7 @@ revoke SELECT on priv_db.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost GRANT TRIGGER ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY ON `priv_db`.* TO `test_noprivs`@`localhost` +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv_db`.* TO `test_noprivs`@`localhost` revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER on *.* to test_yesprivs@localhost; grant SELECT on priv_db.* to test_yesprivs@localhost; @@ -518,7 +518,7 @@ connection no_privs_425b; show grants; Grants for test_noprivs@localhost GRANT TRIGGER ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY ON `priv_db`.* TO `test_noprivs`@`localhost` +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv_db`.* TO `test_noprivs`@`localhost` use priv_db; create trigger trg5b_1 before UPDATE on t1 for each row set @test_var= new.f1; diff --git a/mysql-test/suite/funcs_1/r/innodb_trig_03e.result b/mysql-test/suite/funcs_1/r/innodb_trig_03e.result index c9e9b1c5ae7..1cfb45fd2b8 100644 --- a/mysql-test/suite/funcs_1/r/innodb_trig_03e.result +++ b/mysql-test/suite/funcs_1/r/innodb_trig_03e.result @@ -606,7 +606,7 @@ trig 1_1-yes revoke TRIGGER on *.* from test_yesprivs@localhost; show grants for test_yesprivs@localhost; Grants for test_yesprivs@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' disconnect yes_privs; connect yes_privs,localhost,test_yesprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK; select current_user; @@ -659,7 +659,7 @@ root@localhost grant TRIGGER on priv_db.* to test_yesprivs@localhost; show grants for test_yesprivs@localhost; Grants for test_yesprivs@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' GRANT TRIGGER ON `priv_db`.* TO `test_yesprivs`@`localhost` trigger privilege on db level for create: @@ -930,7 +930,7 @@ grant TRIGGER on priv1_db.t1 to test_yesprivs@localhost; show grants for test_yesprivs@localhost; Grants for test_yesprivs@localhost GRANT USAGE ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, DELETE HISTORY ON `priv1_db`.* TO `test_yesprivs`@`localhost` +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv1_db`.* TO `test_yesprivs`@`localhost` GRANT SELECT, UPDATE ON `priv2_db`.* TO `test_yesprivs`@`localhost` GRANT TRIGGER ON `priv1_db`.`t1` TO `test_yesprivs`@`localhost` diff --git a/mysql-test/suite/funcs_1/r/is_column_privileges.result b/mysql-test/suite/funcs_1/r/is_column_privileges.result index 3e64f217c74..6c001ee2dcc 100644 --- a/mysql-test/suite/funcs_1/r/is_column_privileges.result +++ b/mysql-test/suite/funcs_1/r/is_column_privileges.result @@ -149,6 +149,7 @@ GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE 'testuser3'@'localhost' def db_datadict LOCK TABLES NO 'testuser3'@'localhost' def db_datadict REFERENCES NO 'testuser3'@'localhost' def db_datadict SELECT NO +'testuser3'@'localhost' def db_datadict SHOW CREATE ROUTINE NO 'testuser3'@'localhost' def db_datadict SHOW VIEW NO 'testuser3'@'localhost' def db_datadict TRIGGER NO 'testuser3'@'localhost' def db_datadict UPDATE NO diff --git a/mysql-test/suite/funcs_1/r/is_columns_mysql.result b/mysql-test/suite/funcs_1/r/is_columns_mysql.result index dbcead827ee..ae4a24cbfd1 100644 --- a/mysql-test/suite/funcs_1/r/is_columns_mysql.result +++ b/mysql-test/suite/funcs_1/r/is_columns_mysql.result @@ -39,6 +39,7 @@ def mysql db Insert_priv 5 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_genera def mysql db Lock_tables_priv 15 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') select,insert,update,references NEVER NULL def mysql db References_priv 11 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') select,insert,update,references NEVER NULL def mysql db Select_priv 4 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') select,insert,update,references NEVER NULL +def mysql db Show_create_routine_priv 24 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') select,insert,update,references NEVER NULL def mysql db Show_view_priv 17 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') select,insert,update,references NEVER NULL def mysql db Trigger_priv 22 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') select,insert,update,references NEVER NULL def mysql db Update_priv 6 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') select,insert,update,references NEVER NULL @@ -141,7 +142,7 @@ def mysql proc type 3 NULL NO enum 12 36 NULL NULL NULL utf8mb3 utf8mb3_general_ def mysql procs_priv Db 2 '' NO char 64 192 NULL NULL NULL utf8mb3 utf8mb3_bin char(64) PRI select,insert,update,references NEVER NULL def mysql procs_priv Grantor 6 '' NO varchar 384 1152 NULL NULL NULL utf8mb3 utf8mb3_bin varchar(384) MUL select,insert,update,references NEVER NULL def mysql procs_priv Host 1 '' NO char 255 765 NULL NULL NULL utf8mb3 utf8mb3_bin char(255) PRI select,insert,update,references NEVER NULL -def mysql procs_priv Proc_priv 7 '' NO set 27 81 NULL NULL NULL utf8mb3 utf8mb3_general_ci set('Execute','Alter Routine','Grant') select,insert,update,references NEVER NULL +def mysql procs_priv Proc_priv 7 '' NO set 47 141 NULL NULL NULL utf8mb3 utf8mb3_general_ci set('Execute','Alter Routine','Grant','Show Create Routine') select,insert,update,references NEVER NULL def mysql procs_priv Routine_name 4 '' NO char 64 192 NULL NULL NULL utf8mb3 utf8mb3_general_ci char(64) PRI select,insert,update,references NEVER NULL def mysql procs_priv Routine_type 5 NULL NO enum 12 36 NULL NULL NULL utf8mb3 utf8mb3_bin enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') PRI select,insert,update,references NEVER NULL def mysql procs_priv Timestamp 8 current_timestamp() NO timestamp NULL NULL NULL NULL 0 NULL NULL timestamp on update current_timestamp() select,insert,update,references NEVER NULL @@ -370,6 +371,7 @@ NULL mysql column_stats hist_size tinyint NULL NULL NULL NULL tinyint(3) unsigne 3.0000 mysql db Event_priv enum 1 3 utf8mb3 utf8mb3_general_ci enum('N','Y') 3.0000 mysql db Trigger_priv enum 1 3 utf8mb3 utf8mb3_general_ci enum('N','Y') 3.0000 mysql db Delete_history_priv enum 1 3 utf8mb3 utf8mb3_general_ci enum('N','Y') +3.0000 mysql db Show_create_routine_priv enum 1 3 utf8mb3 utf8mb3_general_ci enum('N','Y') 3.0000 mysql event db char 64 192 utf8mb3 utf8mb3_bin char(64) 3.0000 mysql event name char 64 192 utf8mb3 utf8mb3_general_ci char(64) 1.0000 mysql event body longblob 4294967295 4294967295 NULL NULL longblob @@ -471,7 +473,7 @@ NULL mysql proc modified timestamp NULL NULL NULL NULL timestamp 3.0000 mysql procs_priv Routine_name char 64 192 utf8mb3 utf8mb3_general_ci char(64) 3.0000 mysql procs_priv Routine_type enum 12 36 utf8mb3 utf8mb3_bin enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') 3.0000 mysql procs_priv Grantor varchar 384 1152 utf8mb3 utf8mb3_bin varchar(384) -3.0000 mysql procs_priv Proc_priv set 27 81 utf8mb3 utf8mb3_general_ci set('Execute','Alter Routine','Grant') +3.0000 mysql procs_priv Proc_priv set 47 141 utf8mb3 utf8mb3_general_ci set('Execute','Alter Routine','Grant','Show Create Routine') NULL mysql procs_priv Timestamp timestamp NULL NULL NULL NULL timestamp 3.0000 mysql proxies_priv Host char 255 765 utf8mb3 utf8mb3_bin char(255) 3.0000 mysql proxies_priv User char 128 384 utf8mb3 utf8mb3_bin char(128) diff --git a/mysql-test/suite/funcs_1/r/is_columns_mysql_embedded.result b/mysql-test/suite/funcs_1/r/is_columns_mysql_embedded.result index d609a2f4b73..909b1974c97 100644 --- a/mysql-test/suite/funcs_1/r/is_columns_mysql_embedded.result +++ b/mysql-test/suite/funcs_1/r/is_columns_mysql_embedded.result @@ -39,6 +39,7 @@ def mysql db Insert_priv 5 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_genera def mysql db Lock_tables_priv 15 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') NEVER NULL def mysql db References_priv 11 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') NEVER NULL def mysql db Select_priv 4 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') NEVER NULL +def mysql db Show_create_routine_priv 24 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') NEVER NULL def mysql db Show_view_priv 17 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') NEVER NULL def mysql db Trigger_priv 22 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') NEVER NULL def mysql db Update_priv 6 'N' NO enum 1 3 NULL NULL NULL utf8mb3 utf8mb3_general_ci enum('N','Y') NEVER NULL @@ -127,7 +128,7 @@ def mysql proc type 3 NULL NO enum 12 36 NULL NULL NULL utf8mb3 utf8mb3_general_ def mysql procs_priv Db 2 '' NO char 64 192 NULL NULL NULL utf8mb3 utf8mb3_bin char(64) PRI NEVER NULL def mysql procs_priv Grantor 6 '' NO varchar 384 1152 NULL NULL NULL utf8mb3 utf8mb3_bin varchar(384) MUL NEVER NULL def mysql procs_priv Host 1 '' NO char 255 765 NULL NULL NULL utf8mb3 utf8mb3_bin char(255) PRI NEVER NULL -def mysql procs_priv Proc_priv 7 '' NO set 27 81 NULL NULL NULL utf8mb3 utf8mb3_general_ci set('Execute','Alter Routine','Grant') NEVER NULL +def mysql procs_priv Proc_priv 7 '' NO set 47 141 NULL NULL NULL utf8mb3 utf8mb3_general_ci set('Execute','Alter Routine','Grant','Show Create Routine') NEVER NULL def mysql procs_priv Routine_name 4 '' NO char 64 192 NULL NULL NULL utf8mb3 utf8mb3_general_ci char(64) PRI NEVER NULL def mysql procs_priv Routine_type 5 NULL NO enum 12 36 NULL NULL NULL utf8mb3 utf8mb3_bin enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') PRI NEVER NULL def mysql procs_priv Timestamp 8 current_timestamp() NO timestamp NULL NULL NULL NULL 0 NULL NULL timestamp on update current_timestamp() NEVER NULL @@ -367,6 +368,7 @@ NULL mysql column_stats hist_size tinyint NULL NULL NULL NULL tinyint(3) unsigne 3.0000 mysql db Event_priv enum 1 3 utf8mb3 utf8mb3_general_ci enum('N','Y') 3.0000 mysql db Trigger_priv enum 1 3 utf8mb3 utf8mb3_general_ci enum('N','Y') 3.0000 mysql db Delete_history_priv enum 1 3 utf8mb3 utf8mb3_general_ci enum('N','Y') +3.0000 mysql db Show_create_routine_priv enum 1 3 utf8mb3 utf8mb3_general_ci enum('N','Y') 3.0000 mysql event db char 64 192 utf8mb3 utf8mb3_bin char(64) 3.0000 mysql event name char 64 192 utf8mb3 utf8mb3_general_ci char(64) 1.0000 mysql event body longblob 4294967295 4294967295 NULL NULL longblob @@ -454,7 +456,7 @@ NULL mysql proc modified timestamp NULL NULL NULL NULL timestamp 3.0000 mysql procs_priv Routine_name char 64 192 utf8mb3 utf8mb3_general_ci char(64) 3.0000 mysql procs_priv Routine_type enum 12 36 utf8mb3 utf8mb3_bin enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') 3.0000 mysql procs_priv Grantor varchar 384 1152 utf8mb3 utf8mb3_bin varchar(384) -3.0000 mysql procs_priv Proc_priv set 27 81 utf8mb3 utf8mb3_general_ci set('Execute','Alter Routine','Grant') +3.0000 mysql procs_priv Proc_priv set 47 141 utf8mb3 utf8mb3_general_ci set('Execute','Alter Routine','Grant','Show Create Routine') NULL mysql procs_priv Timestamp timestamp NULL NULL NULL NULL timestamp 3.0000 mysql proxies_priv Host char 255 765 utf8mb3 utf8mb3_bin char(255) 3.0000 mysql proxies_priv User char 128 384 utf8mb3 utf8mb3_bin char(128) diff --git a/mysql-test/suite/funcs_1/r/memory_trig_03.result b/mysql-test/suite/funcs_1/r/memory_trig_03.result index c1c1c6f8f40..91ed0b69b13 100644 --- a/mysql-test/suite/funcs_1/r/memory_trig_03.result +++ b/mysql-test/suite/funcs_1/r/memory_trig_03.result @@ -78,7 +78,7 @@ grant ALL on *.* to test_noprivs@localhost; revoke TRIGGER on *.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER on *.* to test_yesprivs@localhost; grant SELECT on priv_db.t1 to test_yesprivs@localhost; @@ -168,7 +168,7 @@ grant ALL on *.* to test_noprivs@localhost; revoke UPDATE on *.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost -GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER, UPDATE on *.* to test_yesprivs@localhost; show grants for test_yesprivs@localhost; @@ -183,7 +183,7 @@ test_noprivs@localhost use priv_db; show grants; Grants for test_noprivs@localhost -GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' select f1 from t1 order by f1; f1 insert 3.5.3.2-no @@ -248,7 +248,7 @@ connection no_privs_424b; show grants; Grants for test_noprivs@localhost GRANT USAGE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT SELECT, INSERT, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY ON `priv_db`.* TO `test_noprivs`@`localhost` +GRANT SELECT, INSERT, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv_db`.* TO `test_noprivs`@`localhost` use priv_db; create trigger trg4b_1 before UPDATE on t1 for each row set new.f1 = 'trig 3.5.3.7-1b'; @@ -441,7 +441,7 @@ grant ALL on *.* to test_noprivs@localhost; revoke SELECT on *.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER, SELECT on *.* to test_yesprivs@localhost; show grants for test_yesprivs@localhost; @@ -457,7 +457,7 @@ test_noprivs@localhost use priv_db; show grants; Grants for test_noprivs@localhost -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' create trigger trg5a_1 before INSERT on t1 for each row set @test_var = new.f1; connection default; @@ -503,7 +503,7 @@ revoke SELECT on priv_db.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost GRANT TRIGGER ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY ON `priv_db`.* TO `test_noprivs`@`localhost` +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv_db`.* TO `test_noprivs`@`localhost` revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER on *.* to test_yesprivs@localhost; grant SELECT on priv_db.* to test_yesprivs@localhost; @@ -518,7 +518,7 @@ connection no_privs_425b; show grants; Grants for test_noprivs@localhost GRANT TRIGGER ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY ON `priv_db`.* TO `test_noprivs`@`localhost` +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv_db`.* TO `test_noprivs`@`localhost` use priv_db; create trigger trg5b_1 before UPDATE on t1 for each row set @test_var= new.f1; diff --git a/mysql-test/suite/funcs_1/r/memory_trig_03e.result b/mysql-test/suite/funcs_1/r/memory_trig_03e.result index a4a429755b5..14963305a62 100644 --- a/mysql-test/suite/funcs_1/r/memory_trig_03e.result +++ b/mysql-test/suite/funcs_1/r/memory_trig_03e.result @@ -607,7 +607,7 @@ trig 1_1-yes revoke TRIGGER on *.* from test_yesprivs@localhost; show grants for test_yesprivs@localhost; Grants for test_yesprivs@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' disconnect yes_privs; connect yes_privs,localhost,test_yesprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK; select current_user; @@ -660,7 +660,7 @@ root@localhost grant TRIGGER on priv_db.* to test_yesprivs@localhost; show grants for test_yesprivs@localhost; Grants for test_yesprivs@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' GRANT TRIGGER ON `priv_db`.* TO `test_yesprivs`@`localhost` trigger privilege on db level for create: @@ -931,7 +931,7 @@ grant TRIGGER on priv1_db.t1 to test_yesprivs@localhost; show grants for test_yesprivs@localhost; Grants for test_yesprivs@localhost GRANT USAGE ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, DELETE HISTORY ON `priv1_db`.* TO `test_yesprivs`@`localhost` +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv1_db`.* TO `test_yesprivs`@`localhost` GRANT SELECT, UPDATE ON `priv2_db`.* TO `test_yesprivs`@`localhost` GRANT TRIGGER ON `priv1_db`.`t1` TO `test_yesprivs`@`localhost` diff --git a/mysql-test/suite/funcs_1/r/myisam_trig_03.result b/mysql-test/suite/funcs_1/r/myisam_trig_03.result index c1c1c6f8f40..91ed0b69b13 100644 --- a/mysql-test/suite/funcs_1/r/myisam_trig_03.result +++ b/mysql-test/suite/funcs_1/r/myisam_trig_03.result @@ -78,7 +78,7 @@ grant ALL on *.* to test_noprivs@localhost; revoke TRIGGER on *.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER on *.* to test_yesprivs@localhost; grant SELECT on priv_db.t1 to test_yesprivs@localhost; @@ -168,7 +168,7 @@ grant ALL on *.* to test_noprivs@localhost; revoke UPDATE on *.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost -GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER, UPDATE on *.* to test_yesprivs@localhost; show grants for test_yesprivs@localhost; @@ -183,7 +183,7 @@ test_noprivs@localhost use priv_db; show grants; Grants for test_noprivs@localhost -GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' select f1 from t1 order by f1; f1 insert 3.5.3.2-no @@ -248,7 +248,7 @@ connection no_privs_424b; show grants; Grants for test_noprivs@localhost GRANT USAGE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT SELECT, INSERT, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY ON `priv_db`.* TO `test_noprivs`@`localhost` +GRANT SELECT, INSERT, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv_db`.* TO `test_noprivs`@`localhost` use priv_db; create trigger trg4b_1 before UPDATE on t1 for each row set new.f1 = 'trig 3.5.3.7-1b'; @@ -441,7 +441,7 @@ grant ALL on *.* to test_noprivs@localhost; revoke SELECT on *.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER, SELECT on *.* to test_yesprivs@localhost; show grants for test_yesprivs@localhost; @@ -457,7 +457,7 @@ test_noprivs@localhost use priv_db; show grants; Grants for test_noprivs@localhost -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' create trigger trg5a_1 before INSERT on t1 for each row set @test_var = new.f1; connection default; @@ -503,7 +503,7 @@ revoke SELECT on priv_db.* from test_noprivs@localhost; show grants for test_noprivs@localhost; Grants for test_noprivs@localhost GRANT TRIGGER ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY ON `priv_db`.* TO `test_noprivs`@`localhost` +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv_db`.* TO `test_noprivs`@`localhost` revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost; grant TRIGGER on *.* to test_yesprivs@localhost; grant SELECT on priv_db.* to test_yesprivs@localhost; @@ -518,7 +518,7 @@ connection no_privs_425b; show grants; Grants for test_noprivs@localhost GRANT TRIGGER ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY ON `priv_db`.* TO `test_noprivs`@`localhost` +GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv_db`.* TO `test_noprivs`@`localhost` use priv_db; create trigger trg5b_1 before UPDATE on t1 for each row set @test_var= new.f1; diff --git a/mysql-test/suite/funcs_1/r/myisam_trig_03e.result b/mysql-test/suite/funcs_1/r/myisam_trig_03e.result index eb70366b789..68cdb58c852 100644 --- a/mysql-test/suite/funcs_1/r/myisam_trig_03e.result +++ b/mysql-test/suite/funcs_1/r/myisam_trig_03e.result @@ -607,7 +607,7 @@ trig 1_1-yes revoke TRIGGER on *.* from test_yesprivs@localhost; show grants for test_yesprivs@localhost; Grants for test_yesprivs@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' disconnect yes_privs; connect yes_privs,localhost,test_yesprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK; select current_user; @@ -660,7 +660,7 @@ root@localhost grant TRIGGER on priv_db.* to test_yesprivs@localhost; show grants for test_yesprivs@localhost; Grants for test_yesprivs@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR, SHOW CREATE ROUTINE ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' GRANT TRIGGER ON `priv_db`.* TO `test_yesprivs`@`localhost` trigger privilege on db level for create: @@ -931,7 +931,7 @@ grant TRIGGER on priv1_db.t1 to test_yesprivs@localhost; show grants for test_yesprivs@localhost; Grants for test_yesprivs@localhost GRANT USAGE ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576' -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, DELETE HISTORY ON `priv1_db`.* TO `test_yesprivs`@`localhost` +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, DELETE HISTORY, SHOW CREATE ROUTINE ON `priv1_db`.* TO `test_yesprivs`@`localhost` GRANT SELECT, UPDATE ON `priv2_db`.* TO `test_yesprivs`@`localhost` GRANT TRIGGER ON `priv1_db`.`t1` TO `test_yesprivs`@`localhost` diff --git a/scripts/mariadb_system_tables.sql b/scripts/mariadb_system_tables.sql index 5d2f83b9f3c..8eb14a0cf38 100644 --- a/scripts/mariadb_system_tables.sql +++ b/scripts/mariadb_system_tables.sql @@ -28,7 +28,7 @@ set system_versioning_alter_history=keep; set @have_innodb= (select count(engine) from information_schema.engines where engine='INNODB' and support != 'NO'); SET @innodb_or_aria=IF(@have_innodb <> 0, 'InnoDB', 'Aria'); -CREATE TABLE IF NOT EXISTS db ( Host char(255) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(128) binary DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Event_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Delete_history_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, PRIMARY KEY /*Host */(Host,Db,User), KEY User (User) ) engine=Aria transactional=1 CHARACTER SET utf8mb3 COLLATE utf8mb3_bin comment='Database privileges'; +CREATE TABLE IF NOT EXISTS db ( Host char(255) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(128) binary DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Event_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Delete_history_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, Show_create_routine_priv enum('N','Y') COLLATE utf8mb3_general_ci DEFAULT 'N' NOT NULL, PRIMARY KEY /*Host */(Host,Db,User), KEY User (User) ) engine=Aria transactional=1 CHARACTER SET utf8mb3 COLLATE utf8mb3_bin comment='Database privileges'; -- Remember for later if db table already existed set @had_db_table= @@warning_count != 0; @@ -148,7 +148,7 @@ CREATE TABLE IF NOT EXISTS time_zone_leap_second ( Transition_time bigint sign CREATE TABLE IF NOT EXISTS proc (db char(64) collate utf8mb3_bin DEFAULT '' NOT NULL, name char(64) DEFAULT '' NOT NULL, type enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') NOT NULL, specific_name char(64) DEFAULT '' NOT NULL, language enum('SQL') DEFAULT 'SQL' NOT NULL, sql_data_access enum( 'CONTAINS_SQL', 'NO_SQL', 'READS_SQL_DATA', 'MODIFIES_SQL_DATA') DEFAULT 'CONTAINS_SQL' NOT NULL, is_deterministic enum('YES','NO') DEFAULT 'NO' NOT NULL, security_type enum('INVOKER','DEFINER') DEFAULT 'DEFINER' NOT NULL, param_list blob NOT NULL, returns longblob NOT NULL, body longblob NOT NULL, definer varchar(384) collate utf8mb3_bin DEFAULT '' NOT NULL, created timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, modified timestamp NOT NULL DEFAULT '0000-00-00 00:00:00', sql_mode set( 'REAL_AS_FLOAT', 'PIPES_AS_CONCAT', 'ANSI_QUOTES', 'IGNORE_SPACE', 'IGNORE_BAD_TABLE_OPTIONS', 'ONLY_FULL_GROUP_BY', 'NO_UNSIGNED_SUBTRACTION', 'NO_DIR_IN_CREATE', 'POSTGRESQL', 'ORACLE', 'MSSQL', 'DB2', 'MAXDB', 'NO_KEY_OPTIONS', 'NO_TABLE_OPTIONS', 'NO_FIELD_OPTIONS', 'MYSQL323', 'MYSQL40', 'ANSI', 'NO_AUTO_VALUE_ON_ZERO', 'NO_BACKSLASH_ESCAPES', 'STRICT_TRANS_TABLES', 'STRICT_ALL_TABLES', 'NO_ZERO_IN_DATE', 'NO_ZERO_DATE', 'INVALID_DATES', 'ERROR_FOR_DIVISION_BY_ZERO', 'TRADITIONAL', 'NO_AUTO_CREATE_USER', 'HIGH_NOT_PRECEDENCE', 'NO_ENGINE_SUBSTITUTION', 'PAD_CHAR_TO_FULL_LENGTH', 'EMPTY_STRING_IS_NULL', 'SIMULTANEOUS_ASSIGNMENT', 'TIME_ROUND_FRACTIONAL') DEFAULT '' NOT NULL, comment text collate utf8mb3_bin NOT NULL, character_set_client char(32) collate utf8mb3_bin, collation_connection char(64) collate utf8mb3_bin, db_collation char(64) collate utf8mb3_bin, body_utf8 longblob, aggregate enum('NONE', 'GROUP') DEFAULT 'NONE' NOT NULL, PRIMARY KEY (db,name,type)) engine=Aria transactional=1 character set utf8mb3 comment='Stored Procedures'; -CREATE TABLE IF NOT EXISTS procs_priv ( Host char(255) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(128) binary DEFAULT '' NOT NULL, Routine_name char(64) COLLATE utf8mb3_general_ci DEFAULT '' NOT NULL, Routine_type enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') NOT NULL, Grantor varchar(384) DEFAULT '' NOT NULL, Proc_priv set('Execute','Alter Routine','Grant') COLLATE utf8mb3_general_ci DEFAULT '' NOT NULL, Timestamp timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (Host,Db,User,Routine_name,Routine_type), KEY Grantor (Grantor) ) engine=Aria transactional=1 CHARACTER SET utf8mb3 COLLATE utf8mb3_bin comment='Procedure privileges'; +CREATE TABLE IF NOT EXISTS procs_priv ( Host char(255) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(128) binary DEFAULT '' NOT NULL, Routine_name char(64) COLLATE utf8mb3_general_ci DEFAULT '' NOT NULL, Routine_type enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') NOT NULL, Grantor varchar(384) DEFAULT '' NOT NULL, Proc_priv set('Execute','Alter Routine','Grant','Show Create Routine') COLLATE utf8mb3_general_ci DEFAULT '' NOT NULL, Timestamp timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (Host,Db,User,Routine_name,Routine_type), KEY Grantor (Grantor) ) engine=Aria transactional=1 CHARACTER SET utf8mb3 COLLATE utf8mb3_bin comment='Procedure privileges'; -- Create general_log if CSV is enabled. diff --git a/scripts/mariadb_system_tables_fix.sql b/scripts/mariadb_system_tables_fix.sql index dcc89e10059..0d703ea9ee2 100644 --- a/scripts/mariadb_system_tables_fix.sql +++ b/scripts/mariadb_system_tables_fix.sql @@ -414,7 +414,7 @@ ALTER TABLE procs_priv CONVERT TO CHARACTER SET utf8mb3 COLLATE utf8mb3_bin; ALTER TABLE procs_priv - MODIFY Proc_priv set('Execute','Alter Routine','Grant') + MODIFY Proc_priv set('Execute','Alter Routine','Grant','Show Create Routine') COLLATE utf8mb3_general_ci DEFAULT '' NOT NULL; ALTER IGNORE TABLE procs_priv @@ -706,6 +706,9 @@ ALTER TABLE db modify Delete_history_priv enum('N','Y') COLLATE utf8mb3_general_ UPDATE user SET Delete_history_priv = Super_priv WHERE @had_user_delete_history_priv = 0; +ALTER TABLE db ADD Show_create_routine_priv enum('N','Y') COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N' AFTER Delete_history_priv; +ALTER TABLE db MODIFY Show_create_routine_priv enum('N','Y') COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N'; + ALTER TABLE user ADD plugin char(64) CHARACTER SET latin1 DEFAULT '' NOT NULL AFTER max_user_connections, ADD authentication_string TEXT NOT NULL AFTER plugin; ALTER TABLE user CHANGE auth_string authentication_string TEXT NOT NULL; diff --git a/scripts/mariadb_test_db.sql b/scripts/mariadb_test_db.sql index c83f2c44a4f..bbdc4e828e5 100644 --- a/scripts/mariadb_test_db.sql +++ b/scripts/mariadb_test_db.sql @@ -19,8 +19,8 @@ CREATE DATABASE IF NOT EXISTS test CHARACTER SET latin1 COLLATE latin1_swedish_c --- access database 'test' and 'test_%' if "db" table didn't exist INSERT INTO mysql.global_priv VALUES ('', 'PUBLIC', '{"access":0,"is_role":true}'); CREATE TEMPORARY TABLE tmp_db LIKE db; -INSERT INTO tmp_db VALUES ('','test','PUBLIC','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y','Y'); -INSERT INTO tmp_db VALUES ('','test\_%','PUBLIC','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y','Y'); +INSERT INTO tmp_db VALUES ('','test', 'PUBLIC','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y','Y','Y'); +INSERT INTO tmp_db VALUES ('','test\_%','PUBLIC','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y','Y','Y'); INSERT INTO db SELECT * FROM tmp_db WHERE @had_db_table=0; DROP TABLE tmp_db; diff --git a/sql/privilege.h b/sql/privilege.h index 058f3be67c2..d32c28b9e94 100644 --- a/sql/privilege.h +++ b/sql/privilege.h @@ -67,14 +67,15 @@ enum privilege_t: unsigned long long REPL_MASTER_ADMIN_ACL = (1ULL << 35), // Added in 10.5.2 BINLOG_ADMIN_ACL = (1ULL << 36), // Added in 10.5.2 BINLOG_REPLAY_ACL = (1ULL << 37), // Added in 10.5.2 - SLAVE_MONITOR_ACL = (1ULL << 38) // Added in 10.5.8 + SLAVE_MONITOR_ACL = (1ULL << 38), // Added in 10.5.8 + SHOW_CREATE_ROUTINE_ACL = (1ULL << 39) // added in 11.3.0 /* When adding new privilege bits, don't forget to update: In this file: - Add a new LAST_version_ACL - Add a new ALL_KNOWN_ACL_version - Change ALL_KNOWN_ACL to ALL_KNOWN_ACL_version - - Change GLOBAL_ACLS if needed + - Change GLOBAL_ACLS, DB_ACLS, TABLE_ACLS, PROC_ACLS if needed - Change SUPER_ADDED_SINCE_USER_TABLE_ACL if needed In other files: @@ -103,9 +104,10 @@ constexpr static inline privilege_t ALL_KNOWN_BITS(privilege_t x) constexpr privilege_t LAST_100304_ACL= DELETE_HISTORY_ACL; constexpr privilege_t LAST_100502_ACL= BINLOG_REPLAY_ACL; constexpr privilege_t LAST_100508_ACL= SLAVE_MONITOR_ACL; +constexpr privilege_t LAST_110300_ACL= SHOW_CREATE_ROUTINE_ACL; // Current version markers -constexpr privilege_t LAST_CURRENT_ACL= LAST_100508_ACL; +constexpr privilege_t LAST_CURRENT_ACL= LAST_110300_ACL; constexpr uint PRIVILEGE_T_MAX_BIT= my_bit_log2_uint64((ulonglong) LAST_CURRENT_ACL); @@ -125,6 +127,9 @@ constexpr privilege_t ALL_KNOWN_ACL_100508= ALL_KNOWN_BITS(LAST_100508_ACL); // let's stay compatible with that branch too. constexpr privilege_t ALL_KNOWN_ACL_100509= ALL_KNOWN_ACL_100508; +// A combination of all bits defined in 11.3.0 +constexpr privilege_t ALL_KNOWN_ACL_110300= ALL_KNOWN_BITS(LAST_110300_ACL);; + // A combination of all bits defined as of the current version constexpr privilege_t ALL_KNOWN_ACL= ALL_KNOWN_BITS(LAST_CURRENT_ACL); @@ -261,7 +266,7 @@ constexpr privilege_t COL_ACLS= constexpr privilege_t PROC_DDL_ACLS= CREATE_PROC_ACL | ALTER_PROC_ACL; -constexpr privilege_t SHOW_PROC_ACLS= +constexpr privilege_t SHOW_PROC_WITHOUT_DEFINITION_ACLS= PROC_DDL_ACLS | EXECUTE_ACL; constexpr privilege_t TABLE_ACLS= @@ -271,10 +276,10 @@ constexpr privilege_t TABLE_ACLS= constexpr privilege_t DB_ACLS= TABLE_ACLS | PROC_DDL_ACLS | EXECUTE_ACL | - CREATE_TMP_ACL | LOCK_TABLES_ACL | EVENT_ACL; + CREATE_TMP_ACL | LOCK_TABLES_ACL | EVENT_ACL | SHOW_CREATE_ROUTINE_ACL; constexpr privilege_t PROC_ACLS= - ALTER_PROC_ACL | EXECUTE_ACL | GRANT_ACL; + ALTER_PROC_ACL | EXECUTE_ACL | GRANT_ACL | SHOW_CREATE_ROUTINE_ACL; constexpr privilege_t GLOBAL_ACLS= DB_ACLS | SHOW_DB_ACL | CREATE_USER_ACL | CREATE_TABLESPACE_ACL | @@ -660,6 +665,7 @@ constexpr privilege_t DB_CHUNK3 (VIEW_ACLS | PROC_DDL_ACLS); constexpr privilege_t DB_CHUNK4 (EXECUTE_ACL); constexpr privilege_t DB_CHUNK5 (EVENT_ACL | TRIGGER_ACL); constexpr privilege_t DB_CHUNK6 (DELETE_HISTORY_ACL); +constexpr privilege_t DB_CHUNK7 (SHOW_CREATE_ROUTINE_ACL); static inline privilege_t fix_rights_for_db(privilege_t access) @@ -672,7 +678,8 @@ static inline privilege_t fix_rights_for_db(privilege_t access) ((A << 9) & DB_CHUNK3) | ((A << 2) & DB_CHUNK4) | ((A << 9) & DB_CHUNK5) | - ((A << 10) & DB_CHUNK6)); + ((A << 10) & DB_CHUNK6) | + ((A << 19) & DB_CHUNK7)); } static inline privilege_t get_rights_for_db(privilege_t access) @@ -685,7 +692,8 @@ static inline privilege_t get_rights_for_db(privilege_t access) ((A & DB_CHUNK3) >> 9) | ((A & DB_CHUNK4) >> 2) | ((A & DB_CHUNK5) >> 9) | - ((A & DB_CHUNK6) >> 10)); + ((A & DB_CHUNK6) >> 10) | + ((A & DB_CHUNK7) >> 19)); } @@ -739,9 +747,10 @@ static inline privilege_t fix_rights_for_procedure(privilege_t access) { ulonglong A(access); return static_cast - (((A << 18) & EXECUTE_ACL) | - ((A << 23) & ALTER_PROC_ACL) | - ((A << 8) & GRANT_ACL)); + (((A << 35) & SHOW_CREATE_ROUTINE_ACL) | + ((A << 18) & EXECUTE_ACL) | + ((A << 23) & ALTER_PROC_ACL) | + ((A << 8) & GRANT_ACL)); } @@ -749,9 +758,10 @@ static inline privilege_t get_rights_for_procedure(privilege_t access) { ulonglong A(access); return static_cast - (((A & EXECUTE_ACL) >> 18) | - ((A & ALTER_PROC_ACL) >> 23) | - ((A & GRANT_ACL) >> 8)); + (((A & SHOW_CREATE_ROUTINE_ACL) >> 35) | + ((A & EXECUTE_ACL) >> 18) | + ((A & ALTER_PROC_ACL) >> 23) | + ((A & GRANT_ACL) >> 8)); } diff --git a/sql/sp_head.cc b/sql/sp_head.cc index 1a0e31db104..5cd7207ca60 100644 --- a/sql/sp_head.cc +++ b/sql/sp_head.cc @@ -2825,6 +2825,36 @@ sp_head::restore_thd_mem_root(THD *thd) DBUG_VOID_RETURN; } +/** + Check Global-DB-procedure access + + @param thd Thread handler + @param privilege requested privilege + @param sp SP to check + @param no_errors FALSE/TRUE - report/don't report error to + the client (using my_error() call). + + @retval + 0 OK + @retval + 1 access denied, error is sent to client +*/ + +bool check_db_routine_access(THD *thd, privilege_t privilege, + const char *db, const char *name, + const Sp_handler *sph, + bool no_errors) +{ + privilege_t db_priv; + if (check_access(thd, privilege, db, + &db_priv, NULL, 0, no_errors)) + return 1; + if ((db_priv & privilege) == privilege) + return 0; + + return check_routine_level_acl(thd, (privilege & ~db_priv), + db, name, sph); +} /** Check if a user has access right to a routine. @@ -2847,7 +2877,10 @@ bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access) tables.table_name= MYSQL_PROC_NAME; tables.alias= MYSQL_PROC_NAME; - *full_access= ((!check_table_access(thd, SELECT_ACL, &tables, FALSE, + *full_access= (!check_db_routine_access(thd, SHOW_CREATE_ROUTINE_ACL, + sp->m_db.str, sp->m_name.str, + sp->m_handler, TRUE) || + (!check_table_access(thd, SELECT_ACL, &tables, FALSE, 1, TRUE) && (tables.grant.privilege & SELECT_ACL) != NO_ACL) || /* Check if user owns the routine. */ diff --git a/sql/sp_head.h b/sql/sp_head.h index 3738a02466b..ce690744210 100644 --- a/sql/sp_head.h +++ b/sql/sp_head.h @@ -1109,6 +1109,10 @@ public: bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access); +bool check_db_routine_access(THD *thd, privilege_t privilege, + const char *db, const char *name, + const Sp_handler *sph, + bool no_errors); #ifndef NO_EMBEDDED_ACCESS_CHECKS bool diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 4e8bb2f3174..7fd2cc3e081 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1555,7 +1555,11 @@ class User_table_json: public User_table if (access & SUPER_ACL) access|= ALLOWED_BY_SUPER_BEFORE_101100; } - if (version_id >= 100509) + if (version_id >= 110300) + { + mask= ALL_KNOWN_ACL_110300; + } + else if (version_id >= 100509) { mask= ALL_KNOWN_ACL_100509; } @@ -8984,7 +8988,8 @@ err: 1 error */ -bool check_routine_level_acl(THD *thd, const char *db, const char *name, +bool check_routine_level_acl(THD *thd, privilege_t acl, + const char *db, const char *name, const Sp_handler *sph) { bool no_routine_acl= 1; @@ -8995,7 +9000,7 @@ bool check_routine_level_acl(THD *thd, const char *db, const char *name, sctx->ip, db, sctx->priv_user, name, sph, 0))) - no_routine_acl= !(grant_proc->privs & SHOW_PROC_ACLS); + no_routine_acl= !(grant_proc->privs & acl); if (no_routine_acl && sctx->priv_role[0]) /* current set role check */ { @@ -9003,7 +9008,7 @@ bool check_routine_level_acl(THD *thd, const char *db, const char *name, NULL, db, sctx->priv_role, name, sph, 0))) - no_routine_acl= !(grant_proc->privs & SHOW_PROC_ACLS); + no_routine_acl= !(grant_proc->privs & SHOW_PROC_WITHOUT_DEFINITION_ACLS); } mysql_rwlock_unlock(&LOCK_grant); return no_routine_acl; @@ -9237,7 +9242,7 @@ static const char *command_array[]= "CREATE USER", "EVENT", "TRIGGER", "CREATE TABLESPACE", "DELETE HISTORY", "SET USER", "FEDERATED ADMIN", "CONNECTION ADMIN", "READ_ONLY ADMIN", "REPLICATION SLAVE ADMIN", "REPLICATION MASTER ADMIN", "BINLOG ADMIN", - "BINLOG REPLAY", "SLAVE MONITOR" + "BINLOG REPLAY", "SLAVE MONITOR", "SHOW CREATE ROUTINE" }; static uint command_lengths[]= @@ -9250,7 +9255,7 @@ static uint command_lengths[]= 11, 5, 7, 17, 14, 8, 15, 16, 15, 23, 24, 12, - 13, 13 + 13, 13, 19 }; @@ -12966,7 +12971,8 @@ void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant, Dummy wrappers when we don't have any access checks ****************************************************************************/ -bool check_routine_level_acl(THD *thd, const char *db, const char *name, +bool check_routine_level_acl(THD *thd, privilege_t acl, + const char *db, const char *name, const Sp_handler *sph) { return FALSE; diff --git a/sql/sql_acl.h b/sql/sql_acl.h index 2452927cc00..f99190a61b6 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -140,7 +140,8 @@ bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name, const Sp_handler *sph); bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, const Sp_handler *sph); -bool check_routine_level_acl(THD *thd, const char *db, const char *name, +bool check_routine_level_acl(THD *thd, privilege_t acl, + const char *db, const char *name, const Sp_handler *sph); bool is_acl_user(const char *host, const char *user); int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond); diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 1bc6beb4b0d..1b48a519c06 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -6956,14 +6956,16 @@ bool check_some_routine_access(THD *thd, const char *db, const char *name, that are implemented for the INFORMATION_SCHEMA and PERFORMANCE_SCHEMA, which are located in check_access(). Since the I_S and P_S do not contain routines, this bypass is ok, - as it only opens SHOW_PROC_ACLS. + as it only opens SHOW_PROC_WITHOUT_DEFINITION_ACLS. */ - if (thd->security_ctx->master_access & SHOW_PROC_ACLS) + if (thd->security_ctx->master_access & SHOW_PROC_WITHOUT_DEFINITION_ACLS) return FALSE; - if (!check_access(thd, SHOW_PROC_ACLS, db, &save_priv, NULL, 0, 1) || - (save_priv & SHOW_PROC_ACLS)) + if (!check_access(thd, SHOW_PROC_WITHOUT_DEFINITION_ACLS, + db, &save_priv, NULL, 0, 1) || + (save_priv & SHOW_PROC_WITHOUT_DEFINITION_ACLS)) return FALSE; - return check_routine_level_acl(thd, db, name, sph); + return check_routine_level_acl(thd, SHOW_PROC_WITHOUT_DEFINITION_ACLS, + db, name, sph); } diff --git a/sql/sql_show.cc b/sql/sql_show.cc index d742bc6c1c3..fcc1d24169a 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -541,6 +541,7 @@ static struct show_privileges_st sys_privileges[]= {"Connection admin", "Server", "To bypass connection limits and kill other users' connections"}, {"Read_only admin", "Server", "To perform write operations even if @@read_only=ON"}, {"Usage","Server Admin","No privileges - allow connect only"}, + {"Show Create Routine","Databases,Functions,Procedures","To allow SHOW CREATE PROCEDURE/FUNCTION/PACKAGE"}, {NullS, NullS, NullS} }; @@ -6681,7 +6682,9 @@ int store_schema_params(THD *thd, TABLE *table, TABLE *proc_table, DBUG_RETURN(0); if (!full_access) - full_access= !strcmp(sp_user, definer.str); + full_access= !strcmp(sp_user, definer.str) || + !check_db_routine_access(thd, SHOW_CREATE_ROUTINE_ACL, + db.str, name.str, sph, TRUE); if (!full_access && check_some_routine_access(thd, db.str, name.str, sph)) DBUG_RETURN(0); @@ -6800,7 +6803,9 @@ int store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table, return 0; if (!full_access) - full_access= !strcmp(sp_user, definer.str); + full_access= !strcmp(sp_user, definer.str) || + !check_db_routine_access(thd, SHOW_CREATE_ROUTINE_ACL, + db.str, name.str, sph, TRUE); if (!full_access && check_some_routine_access(thd, db.str, name.str, sph)) return 0; @@ -6920,7 +6925,8 @@ int fill_schema_proc(THD *thd, TABLE_LIST *tables, COND *cond) proc_tables.alias= MYSQL_PROC_NAME; proc_tables.lock_type= TL_READ; full_access= !check_table_access(thd, SELECT_ACL, &proc_tables, FALSE, - 1, TRUE); + 1, TRUE) || + !check_global_access(thd, SHOW_CREATE_ROUTINE_ACL, TRUE); LOOKUP_FIELD_VALUES lookup; if (get_lookup_field_values(thd, cond, false, tables, &lookup)) diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 143526c17fe..1adfd37a046 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -17513,6 +17513,7 @@ object_privilege: | REPLICATION MASTER_SYM ADMIN_SYM { $$= REPL_MASTER_ADMIN_ACL; } | REPLICATION SLAVE ADMIN_SYM { $$= REPL_SLAVE_ADMIN_ACL; } | SLAVE MONITOR_SYM { $$= SLAVE_MONITOR_ACL; } + | SHOW CREATE ROUTINE_SYM { $$= SHOW_CREATE_ROUTINE_ACL; } ; opt_and: