database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

SET ROLE now works recursively for routines.

Browse Source 
The warnings present in the set_role_routine-simple testcase will
be removed when reworking the grant privilege to call.
This commit is contained in:
Vicențiu Ciorbaru
2013-10-18 06:49:38 -07:00
committed by Sergei Golubchik
parent bbc2771d24
commit 95ef78e432
3 changed files with 242 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
mysql-test/r/acl_roles_set_role-routine-simple.result Normal file
View File

@ -0,0 +1,100 @@
create user 'test_user'@'localhost';
create role test_role1;
create role test_role2;
create role test_role3;
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
'test_user',
'test_role1');
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
'test_user',
'test_role3');
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
'test_role1',
'test_role2');
select user, host from mysql.user where user not like 'root';
user host
test_role1
test_role2
test_role3
test_user localhost
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
test_role1 test_role2
localhost test_user test_role1
localhost test_user test_role3
create function mysql.test_func (s CHAR(20))
returns CHAR(50) DETERMINISTIC
return concat('Test string: ',s);
create procedure mysql.test_proc (OUT param1 INT)
begin
select COUNT(*) into param1 from mysql.roles_mapping;
end|
grant execute on function mysql.test_func to test_role2@'';
grant execute on procedure mysql.test_proc to test_role2@'';
grant execute on mysql.* to test_role3@'';
flush privileges;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role3 TO 'test_user'@'localhost'
use mysql;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
set role test_role1;
use mysql;
call test_proc(@a);
SELECT @a;
@a
3
SELECT test_func('AABBCCDD');
test_func('AABBCCDD')
Test string: AABBCCDD
show grants;
Grants for test_user@localhost
GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO 'test_role2'
GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
GRANT test_role3 TO 'test_user'@'localhost'
set role none;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role3 TO 'test_user'@'localhost'
call test_proc(@a);
ERROR 42000: execute command denied to user 'test_user'@'localhost' for routine 'mysql.test_proc'
SELECT test_func('AABBCCDD');
ERROR 42000: execute command denied to user 'test_user'@'localhost' for routine 'mysql.test_func'
set role test_role3;
show grants;
Grants for test_user@localhost
GRANT EXECUTE ON `mysql`.* TO 'test_role3'
GRANT USAGE ON *.* TO 'test_role3'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role3 TO 'test_user'@'localhost'
call test_proc(@a);
SELECT @a;
@a
3
SELECT test_func('AABBCCDD');
test_func('AABBCCDD')
Test string: AABBCCDD
drop user 'test_user'@'localhost';
revoke execute on function mysql.test_func from test_role2@'';
revoke execute on procedure mysql.test_proc from test_role2@'';
revoke execute on mysql.* from test_role3@'';
delete from mysql.user where user like'test_%';
delete from mysql.roles_mapping where RoleFk like 'test%';
drop function mysql.test_func;
Warnings:
Warning 1403 There is no such grant defined for user 'test_role1' on host '' on routine 'test_func'
drop procedure mysql.test_proc;
Warnings:
Warning 1403 There is no such grant defined for user 'test_role1' on host '' on routine 'test_proc'
Warning 1403 There is no such grant defined for user 'test_role1' on host '' on routine 'test_proc'
flush privileges;

84
mysql-test/t/acl_roles_set_role-routine-simple.test Normal file
View File

@ -0,0 +1,84 @@
create user 'test_user'@'localhost';
create role test_role1;
create role test_role2;
create role test_role3;
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
'test_user',
'test_role1');
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
'test_user',
'test_role3');
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
'test_role1',
'test_role2');
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping;
create function mysql.test_func (s CHAR(20))
returns CHAR(50) DETERMINISTIC
return concat('Test string: ',s);
delimiter |;
create procedure mysql.test_proc (OUT param1 INT)
begin
select COUNT(*) into param1 from mysql.roles_mapping;
end|
delimiter ;|
grant execute on function mysql.test_func to test_role2@'';
grant execute on procedure mysql.test_proc to test_role2@'';
grant execute on mysql.* to test_role3@'';
flush privileges;
change_user 'test_user';
--sorted_result
show grants;
--error ER_DBACCESS_DENIED_ERROR
use mysql;
set role test_role1;
use mysql;
call test_proc(@a);
SELECT @a;
SELECT test_func('AABBCCDD');
--sorted_result
show grants;
set role none;
--sorted_result
show grants;
--error ER_PROCACCESS_DENIED_ERROR
call test_proc(@a);
--error ER_PROCACCESS_DENIED_ERROR
SELECT test_func('AABBCCDD');
set role test_role3;
--sorted_result
show grants;
call test_proc(@a);
SELECT @a;
SELECT test_func('AABBCCDD');
change_user 'root';
drop user 'test_user'@'localhost';
revoke execute on function mysql.test_func from test_role2@'';
revoke execute on procedure mysql.test_proc from test_role2@'';
revoke execute on mysql.* from test_role3@'';
delete from mysql.user where user like'test_%';
delete from mysql.roles_mapping where RoleFk like 'test%';
drop function mysql.test_func;
drop procedure mysql.test_proc;
flush privileges;