MDEV-21743 Split up SUPER privilege to smaller privileges

2025-07-30 16:24:05 +03:00 · 2020-02-28 21:59:01 +04:00
parent 91ba789aaf
commit a1e330de5a
82 changed files with 1511 additions and 236 deletions
--- a/mysql-test/main/grant_kill.test
+++ b/mysql-test/main/grant_kill.test
@ -0,0 +1,88 @@
+-- source include/not_embedded.inc
+
+--echo #
+--echo # Start of 10.5 tests
+--echo #
+
+--echo #
+--echo # MDEV-21743 Split up SUPER privilege to smaller privileges 
+--echo #
+
+--echo #
+--echo # Test that KILL is not allowed without CONNECTION ADMIN or SUPER
+--echo #
+
+CREATE USER foo@localhost;
+GRANT SELECT ON *.* TO foo@localhost;
+CREATE USER bar@localhost;
+GRANT ALL PRIVILEGES ON *.* TO bar@localhost;
+REVOKE CONNECTION ADMIN, SUPER ON *.* FROM bar@localhost;
+--connect (foo,localhost,foo,,)
+let $id=`(SELECT id FROM INFORMATION_SCHEMA.PROCESSLIST WHERE user='foo')`;
+--connect (bar,localhost,bar,,)
+--connection bar
+SELECT user FROM information_schema.processlist ORDER BY user;
+--replace_result $id ID
+--error ER_KILL_DENIED_ERROR
+--eval KILL $id
+--disconnect foo
+--disconnect bar
+--connection default
+DROP USER foo@localhost;
+DROP USER bar@localhost;
+
+--echo #
+--echo # Test that KILL is allowed with CONNECTION ADMIN
+--echo #
+
+CREATE USER foo@localhost;
+GRANT SELECT ON *.* TO foo@localhost;
+CREATE USER bar@localhost;
+GRANT PROCESS, CONNECTION ADMIN ON *.* TO bar@localhost;
+--connect (foo,localhost,foo,,)
+let $id=`(SELECT id FROM INFORMATION_SCHEMA.PROCESSLIST WHERE user='foo')`;
+--connect (bar,localhost,bar,,)
+--connection bar
+SELECT user FROM information_schema.processlist ORDER BY user;
+--replace_result $id ID
+--eval KILL $id
+--connection default
+let $wait_condition=
+    select count(*) = 0 from information_schema.processlist
+    where user = "foo";
+--source include/wait_condition.inc
+--disconnect foo
+--disconnect bar
+--connection default
+DROP USER foo@localhost;
+DROP USER bar@localhost;
+
+--echo #
+--echo # Test that KILL is allowed with SUPER
+--echo #
+
+CREATE USER foo@localhost;
+GRANT SELECT ON *.* TO foo@localhost;
+CREATE USER bar@localhost;
+GRANT PROCESS, SUPER ON *.* TO bar@localhost;
+--connect (foo,localhost,foo,,)
+let $id=`(SELECT id FROM INFORMATION_SCHEMA.PROCESSLIST WHERE user='foo')`;
+--connect (bar,localhost,bar,,)
+--connection bar
+SELECT user FROM information_schema.processlist ORDER BY user;
+--replace_result $id ID
+--eval KILL $id
+--connection default
+let $wait_condition=
+    select count(*) = 0 from information_schema.processlist
+    where user = "foo";
+--source include/wait_condition.inc
+--disconnect foo
+--disconnect bar
+--connection default
+DROP USER foo@localhost;
+DROP USER bar@localhost;
+
+--echo #
+--echo # End of 10.5 tests
+--echo #