mirror of
https://github.com/MariaDB/server.git
synced 2025-07-30 16:24:05 +03:00
MDEV-5215 post-review fixes
* "public" should work in any letter case * PUBLIC is not a valid definer * granting to public should auto-create an entry in mysql.global_priv * SHOW GRANTS should show privileges obtained via PUBLIC * LEX_USER::is_public was often uninitialized * comments, whitespaces, typos, etc
This commit is contained in:
Sergei Golubchik
@ -1,4 +1,7 @@
|
||||
#
|
||||
# MDEV-5215 Granted to PUBLIC
|
||||
#
|
||||
#
|
||||
# Test DB/TABLE/COLUMN privileges in queries
|
||||
#
|
||||
SHOW GRANTS FOR PUBLIC;
|
||||
@ -15,7 +18,6 @@ insert into t2 values (1,2);
|
||||
create table t3 (a int, b int);
|
||||
insert into t3 values (1,2);
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
select * from testdb1.t1;
|
||||
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table `testdb1`.`t1`
|
||||
select * from testdb2.t2;
|
||||
@ -28,8 +30,6 @@ connection default;
|
||||
GRANT SELECT ON testdb1.* to PUBLIC;
|
||||
GRANT SELECT ON testdb2.t2 to PUBLIC;
|
||||
GRANT SELECT (b) ON testdb2.t3 to PUBLIC;
|
||||
disconnect testuser;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
select * from testdb1.t1;
|
||||
a b
|
||||
@ -42,12 +42,20 @@ b
|
||||
2
|
||||
select a from testdb2.t3;
|
||||
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'a' in table 't3'
|
||||
show grants;
|
||||
Grants for testuser@%
|
||||
GRANT USAGE ON *.* TO `testuser`@`%`
|
||||
GRANT SELECT ON `testdb1`.* TO `PUBLIC`
|
||||
GRANT SELECT ON `testdb2`.`t2` TO `PUBLIC`
|
||||
GRANT SELECT (b) ON `testdb2`.`t3` TO `PUBLIC`
|
||||
show grants for testuser@'%';
|
||||
Grants for testuser@%
|
||||
GRANT USAGE ON *.* TO `testuser`@`%`
|
||||
connection default;
|
||||
disconnect testuser;
|
||||
# check that the privilegas correctly read by acl_load
|
||||
# check that the privileges are correctly read by acl_load
|
||||
flush privileges;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
select * from testdb1.t1;
|
||||
a b
|
||||
1 2
|
||||
@ -76,10 +84,8 @@ create database testdb;
|
||||
use testdb;
|
||||
create procedure p1 () select 1;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
SHOW PROCESSLIST;
|
||||
Id User Host db Command Time State Info Progress
|
||||
# testuser # NULL Query # # SHOW PROCESSLIST 0.000
|
||||
select user,db from information_schema.processlist where user='root';
|
||||
user db
|
||||
call testdb.p1();
|
||||
ERROR 42000: execute command denied to user 'testuser'@'%' for routine 'testdb.p1'
|
||||
connection default;
|
||||
@ -87,33 +93,24 @@ GRANT PROCESS ON *.* to PUBLIC;
|
||||
GRANT EXECUTE ON testdb.* to PUBLIC;
|
||||
disconnect testuser;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
SHOW PROCESSLIST;
|
||||
Id User Host db Command Time State Info Progress
|
||||
# root # testdb Sleep # # NULL 0.000
|
||||
# testuser # NULL Query # # SHOW PROCESSLIST 0.000
|
||||
select user,db from information_schema.processlist where user='root';
|
||||
user db
|
||||
root testdb
|
||||
call testdb.p1();
|
||||
1
|
||||
1
|
||||
connection default;
|
||||
disconnect testuser;
|
||||
# check that the privilegas correctly read by acl_load
|
||||
# check that the privileges are correctly read by acl_load
|
||||
flush privileges;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
SHOW PROCESSLIST;
|
||||
Id User Host db Command Time State Info Progress
|
||||
# root # testdb Sleep # # NULL 0.000
|
||||
# testuser # NULL Query # # SHOW PROCESSLIST 0.000
|
||||
select user,db from information_schema.processlist where user='root';
|
||||
user db
|
||||
root testdb
|
||||
call testdb.p1();
|
||||
1
|
||||
1
|
||||
connection default;
|
||||
SHOW PROCESSLIST;
|
||||
Id User Host db Command Time State Info Progress
|
||||
# root # testdb Query # # SHOW PROCESSLIST 0.000
|
||||
# testuser # NULL Sleep # # NULL 0.000
|
||||
connection default;
|
||||
use test;
|
||||
disconnect testuser;
|
||||
REVOKE PROCESS ON *.* from PUBLIC;
|
||||
@ -126,21 +123,17 @@ drop database testdb;
|
||||
create user testuser;
|
||||
create database testdb;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
use testdb;
|
||||
ERROR 42000: Access denied for user 'testuser'@'%' to database 'testdb'
|
||||
connection default;
|
||||
GRANT LOCK TABLES ON testdb.* to PUBLIC;
|
||||
disconnect testuser;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
use testdb;
|
||||
connection default;
|
||||
disconnect testuser;
|
||||
# check that the privilegas correctly read by acl_load
|
||||
# check that the privileges are correctly read by acl_load
|
||||
flush privileges;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
use testdb;
|
||||
connection default;
|
||||
use test;
|
||||
@ -159,14 +152,11 @@ create table t1 (a int);
|
||||
insert into t1 values (1);
|
||||
GRANT LOCK TABLES ON testdb.* to PUBLIC;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
use testdb;
|
||||
update t1 set a=a+1;
|
||||
ERROR 42000: UPDATE command denied to user 'testuser'@'localhost' for table `testdb`.`t1`
|
||||
connection default;
|
||||
GRANT UPDATE,SELECT ON testdb.* to PUBLIC;
|
||||
disconnect testuser;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
use testdb;
|
||||
update t1 set a=a+1;
|
||||
@ -193,7 +183,6 @@ create table t2 (a int, b int);
|
||||
insert into t2 values (1,2);
|
||||
GRANT LOCK TABLES ON testdb.* to PUBLIC;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
use testdb;
|
||||
delete from t1;
|
||||
ERROR 42000: DELETE command denied to user 'testuser'@'localhost' for table `testdb`.`t1`
|
||||
@ -204,8 +193,6 @@ ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table `tes
|
||||
connection default;
|
||||
GRANT DELETE ON testdb.t1 to PUBLIC;
|
||||
GRANT SELECT (a) ON testdb.t2 to PUBLIC;
|
||||
disconnect testuser;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
use testdb;
|
||||
delete from t1;
|
||||
@ -219,10 +206,9 @@ select * from testdb.t1;
|
||||
a
|
||||
insert into t1 values (1);
|
||||
disconnect testuser;
|
||||
# check that the privilegas correctly read by acl_load
|
||||
# check that the privileges are correctly read by acl_load
|
||||
flush privileges;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
use testdb;
|
||||
delete from t1;
|
||||
select a from t2;
|
||||
@ -248,25 +234,21 @@ create database testdb;
|
||||
use testdb;
|
||||
create function f1() returns int return 2;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
alter function testdb.f1 comment "A stupid function";
|
||||
ERROR 42000: alter routine command denied to user 'testuser'@'%' for routine 'testdb.f1'
|
||||
select testdb.f1();
|
||||
ERROR 42000: execute command denied to user 'testuser'@'%' for routine 'testdb.f1'
|
||||
connection default;
|
||||
GRANT ALTER ROUTINE ON testdb.* to PUBLIC;
|
||||
disconnect testuser;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
alter function testdb.f1 comment "A stupid function";
|
||||
select testdb.f1();
|
||||
ERROR 42000: execute command denied to user 'testuser'@'%' for routine 'testdb.f1'
|
||||
connection default;
|
||||
disconnect testuser;
|
||||
# check that the privilegas correctly read by acl_load
|
||||
# check that the privileges are correctly read by acl_load
|
||||
flush privileges;
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
alter function testdb.f1 comment "A stupid function";
|
||||
select testdb.f1();
|
||||
ERROR 42000: execute command denied to user 'testuser'@'%' for routine 'testdb.f1'
|
||||
@ -291,7 +273,6 @@ use testdb1;
|
||||
create table t1 (a int, b int);
|
||||
insert into t1 values (1,2);
|
||||
connect testuser,localhost,testuser,,;
|
||||
connection testuser;
|
||||
select * from testdb1.t1;
|
||||
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table `testdb1`.`t1`
|
||||
connection default;
|
||||
@ -307,33 +288,27 @@ use testdb1;
|
||||
create table t1 (a int, b int);
|
||||
# check that user do not have rights
|
||||
connect testuser,localhost,testuser,,*NO-ONE*;
|
||||
connection testuser;
|
||||
select * from testdb1.t1;
|
||||
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table `testdb1`.`t1`
|
||||
connection default;
|
||||
disconnect testuser;
|
||||
give rights to everyone via assigning the role to public
|
||||
create role roletest;
|
||||
GRANT SELECT ON testdb1.* TO roletest;
|
||||
GRANT roletest TO PUBLIC;
|
||||
connect testuser,localhost,testuser,,*NO-ONE*;
|
||||
connection testuser;
|
||||
select * from testdb1.t1;
|
||||
a b
|
||||
connection default;
|
||||
disconnect testuser;
|
||||
# check that the privilegas correctly read by acl_load
|
||||
# check that the privileges are correctly read by acl_load
|
||||
flush privileges;
|
||||
connect testuser,localhost,testuser,,*NO-ONE*;
|
||||
connection testuser;
|
||||
select * from testdb1.t1;
|
||||
a b
|
||||
connection default;
|
||||
disconnect testuser;
|
||||
# drop role...
|
||||
drop role roletest;
|
||||
# ... and check that user do not have rights again
|
||||
connect testuser,localhost,testuser,,*NO-ONE*;
|
||||
# ... and check that user does not have rights again
|
||||
connection testuser;
|
||||
select * from testdb1.t1;
|
||||
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table `testdb1`.`t1`
|
||||
|
||||
Reference in New Issue
Block a user