MDEV-5215 Granted to PUBLIC

2025-07-27 18:02:13 +03:00 · 2021-12-13 16:15:21 +01:00
parent 594bed9b42
commit b0325bd6d6
14 changed files with 1326 additions and 205 deletions
--- a/mysql-test/main/public_basic.result
+++ b/mysql-test/main/public_basic.result
@ -0,0 +1,138 @@
+SHOW GRANTS FOR PUBLIC;
+Grants for PUBLIC
+# it is not PUBLIC but an user
+# (this should work as it allowed for roles for example)
+create user PUBLIC;
+create user PUBLIC@localhost;
+GRANT SELECT on test.* to PUBLIC@localhost;
+drop user PUBLIC@localhost;
+drop user PUBLIC;
+# preinstalled PUBLIC
+GRANT SELECT on test.* to PUBLIC;
+GRANT SELECT on mysql.db to PUBLIC;
+select * from mysql.global_priv where user="PUBLIC" ;
+Host	User	Priv
+	PUBLIC	{"access":0,"version_id":VERSION,"is_role":true}
+SHOW GRANTS FOR PUBLIC;
+Grants for PUBLIC
+GRANT SELECT ON `test`.* TO `PUBLIC`
+GRANT SELECT ON `mysql`.`db` TO `PUBLIC`
+GRANT UPDATE on test.* to PUBLIC;
+GRANT UPDATE on mysql.db to PUBLIC;
+SHOW GRANTS FOR PUBLIC;
+Grants for PUBLIC
+GRANT SELECT, UPDATE ON `test`.* TO `PUBLIC`
+GRANT SELECT, UPDATE ON `mysql`.`db` TO `PUBLIC`
+REVOKE SELECT on test.* from PUBLIC;
+REVOKE SELECT on mysql.db from PUBLIC;
+SHOW GRANTS FOR PUBLIC;
+Grants for PUBLIC
+GRANT UPDATE ON `test`.* TO `PUBLIC`
+GRANT UPDATE ON `mysql`.`db` TO `PUBLIC`
+REVOKE UPDATE on test.* from PUBLIC;
+REVOKE UPDATE on mysql.db from PUBLIC;
+REVOKE UPDATE on test.* from PUBLIC;
+ERROR 42000: There is no such grant defined for user 'PUBLIC' on host ''
+REVOKE UPDATE on mysql.db from PUBLIC;
+ERROR 42000: There is no such grant defined for user 'PUBLIC' on host '' on table 'db'
+SHOW GRANTS FOR PUBLIC;
+Grants for PUBLIC
+# automaticly added PUBLIC
+delete from mysql.global_priv where user="PUBLIC";
+flush privileges;
+select * from mysql.global_priv where user="PUBLIC" ;
+Host	User	Priv
+GRANT SELECT on test.* to PUBLIC;
+GRANT SELECT on mysql.db to PUBLIC;
+select * from mysql.global_priv where user="PUBLIC" ;
+Host	User	Priv
+	PUBLIC	{"access":0,"version_id":VERSION,"is_role":true}
+SHOW GRANTS FOR PUBLIC;
+Grants for PUBLIC
+GRANT SELECT ON `test`.* TO `PUBLIC`
+GRANT SELECT ON `mysql`.`db` TO `PUBLIC`
+GRANT UPDATE on test.* to PUBLIC;
+GRANT UPDATE on mysql.db to PUBLIC;
+SHOW GRANTS FOR PUBLIC;
+Grants for PUBLIC
+GRANT SELECT, UPDATE ON `test`.* TO `PUBLIC`
+GRANT SELECT, UPDATE ON `mysql`.`db` TO `PUBLIC`
+REVOKE SELECT on test.* from PUBLIC;
+REVOKE SELECT on mysql.db from PUBLIC;
+SHOW GRANTS FOR PUBLIC;
+Grants for PUBLIC
+GRANT UPDATE ON `test`.* TO `PUBLIC`
+GRANT UPDATE ON `mysql`.`db` TO `PUBLIC`
+REVOKE UPDATE on test.* from PUBLIC;
+REVOKE UPDATE on mysql.db from PUBLIC;
+SHOW GRANTS FOR PUBLIC;
+Grants for PUBLIC
+GRANT XXXXXX TO CURRENT_USER;
+ERROR OP000: Invalid role specification `XXXXXX`
+# following should fail with the same error as above
+GRANT PUBLIC TO CURRENT_USER;
+ERROR OP000: Invalid role specification `PUBLIC`
+REVOKE XXXXXX FROM CURRENT_USER;
+ERROR OP000: Invalid role specification `XXXXXX`
+# following should fail with the same error as above
+REVOKE PUBLIC FROM CURRENT_USER;
+ERROR OP000: Invalid role specification `PUBLIC`
+drop role XXXXXX;
+ERROR HY000: Operation DROP ROLE failed for 'XXXXXX'
+# following should fail with the same error as above
+drop role PUBLIC;
+ERROR HY000: Operation DROP ROLE failed for PUBLIC
+SET ROLE XXXXXX;
+ERROR OP000: Invalid role specification `XXXXXX`
+# following should fail with the same error as above
+SET ROLE PUBLIC;
+ERROR OP000: Invalid role specification `PUBLIC`
+SET DEFAULT ROLE XXXXXX;
+ERROR OP000: Invalid role specification `XXXXXX`
+# following should fail with the same error as above
+SET DEFAULT ROLE PUBLIC;
+ERROR OP000: Invalid role specification `PUBLIC`
+#
+# check prohibition of change security context to PUBLIC
+#
+# be sure that we have PUBLIC
+GRANT SELECT on test.* to PUBLIC;
+# try with a view
+create table t1( a int);
+create definer = PUBLIC view v1 as select * from t1;
+Warnings:
+Note	1449	The user specified as a definer ('PUBLIC'@'') does not exist
+show create view v1;
+View	Create View	character_set_client	collation_connection
+v1	CREATE ALGORITHM=UNDEFINED DEFINER=`PUBLIC` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`a` AS `a` from `t1`	latin1	latin1_swedish_ci
+Warnings:
+Note	1449	The user specified as a definer ('PUBLIC'@'') does not exist
+select * from v1;
+ERROR HY000: The user specified as a definer ('PUBLIC'@'') does not exist
+drop view v1;
+drop table t1;
+# try with a view
+create definer='PUBLIC' PROCEDURE p1() SELECT 1;
+Warnings:
+Note	1449	The user specified as a definer ('PUBLIC'@'') does not exist
+show create procedure p1;
+Procedure	sql_mode	Create Procedure	character_set_client	collation_connection	Database Collation
+p1	STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION	CREATE DEFINER=`PUBLIC` PROCEDURE `p1`()
+SELECT 1	latin1	latin1_swedish_ci	latin1_swedish_ci
+call p1();
+ERROR HY000: The user specified as a definer ('PUBLIC'@'') does not exist
+drop procedure p1;
+# this test cleanup
+REVOKE SELECT on test.* from PUBLIC;
+#
+# check autocreation of PUBLIC on GRAND role TO PUBLIC
+#
+# make sure that the privilege will be added automatically
+delete from mysql.global_priv where user="PUBLIC";
+flush privileges;
+create role roletest;
+GRANT roletest TO PUBLIC;
+drop role roletest;
+# clean up
+delete from mysql.global_priv where user="PUBLIC";
+flush privileges;