database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-5215 post-review fixes

Browse Source 
* "public" should work in any letter case
* PUBLIC is not a valid definer
* granting to public should auto-create an entry in mysql.global_priv
* SHOW GRANTS should show privileges obtained via PUBLIC
* LEX_USER::is_public was often uninitialized
* comments, whitespaces, typos, etc
This commit is contained in:
Sergei Golubchik
2022-11-01 21:52:23 +01:00
parent b0325bd6d6
commit b4e7803a6f
11 changed files with 238 additions and 288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
mysql-test/main/public_privileges.test
View File

@ -1,3 +1,8 @@
--source include/not_embedded.inc
--echo #
--echo # MDEV-5215 Granted to PUBLIC
--echo #
--echo #
--echo # Test DB/TABLE/COLUMN privileges in queries
--echo #
@ -17,7 +22,6 @@ create table t3 (a int, b int);
insert into t3 values (1,2);
connect (testuser,localhost,testuser,,);
connection testuser;
--error ER_TABLEACCESS_DENIED_ERROR
select * from testdb1.t1;
--error ER_TABLEACCESS_DENIED_ERROR
@ -33,8 +37,6 @@ GRANT SELECT ON testdb1.* to PUBLIC;
GRANT SELECT ON testdb2.t2 to PUBLIC;
GRANT SELECT (b) ON testdb2.t3 to PUBLIC;
disconnect testuser;
connect (testuser,localhost,testuser,,);
connection testuser;
select * from testdb1.t1;
select * from testdb2.t2;
@ -42,14 +44,16 @@ select b from testdb2.t3;
--error ER_COLUMNACCESS_DENIED_ERROR
select a from testdb2.t3;
show grants;
show grants for testuser@'%';
connection default;
disconnect testuser;
--echo # check that the privilegas correctly read by acl_load
--echo # check that the privileges are correctly read by acl_load
flush privileges;
connect (testuser,localhost,testuser,,);
connection testuser;
select * from testdb1.t1;
select * from testdb2.t2;
select b from testdb2.t3;
@ -76,10 +80,8 @@ use testdb;
create procedure p1 () select 1;
connect (testuser,localhost,testuser,,);
connection testuser;
--replace_column 1 # 3 # 6 # 7 #
SHOW PROCESSLIST;
select user,db from information_schema.processlist where user='root';
--error ER_PROCACCESS_DENIED_ERROR
call testdb.p1();
@ -88,34 +90,25 @@ connection default;
GRANT PROCESS ON *.* to PUBLIC;
GRANT EXECUTE ON testdb.* to PUBLIC;
# need to reconnect because of PROCESS
disconnect testuser;
connect (testuser,localhost,testuser,,);
connection testuser;
--replace_column 1 # 3 # 6 # 7 #
SHOW PROCESSLIST;
select user,db from information_schema.processlist where user='root';
call testdb.p1();
connection default;
disconnect testuser;
--echo # check that the privilegas correctly read by acl_load
--echo # check that the privileges are correctly read by acl_load
flush privileges;
connect (testuser,localhost,testuser,,);
connection testuser;
--replace_column 1 # 3 # 6 # 7 #
SHOW PROCESSLIST;
select user,db from information_schema.processlist where user='root';
call testdb.p1();
connection default;
--replace_column 1 # 3 # 6 # 7 #
SHOW PROCESSLIST;
connection default;
use test;
disconnect testuser;
REVOKE PROCESS ON *.* from PUBLIC;
@ -131,7 +124,6 @@ create user testuser;
create database testdb;
connect (testuser,localhost,testuser,,);
connection testuser;
--error ER_DBACCESS_DENIED_ERROR
use testdb;
@ -140,8 +132,6 @@ connection default;
GRANT LOCK TABLES ON testdb.* to PUBLIC;
disconnect testuser;
connect (testuser,localhost,testuser,,);
connection testuser;
use testdb;
@ -149,11 +139,10 @@ use testdb;
connection default;
disconnect testuser;
--echo # check that the privilegas correctly read by acl_load
--echo # check that the privileges are correctly read by acl_load
flush privileges;
connect (testuser,localhost,testuser,,);
connection testuser;
use testdb;
@ -179,7 +168,6 @@ insert into t1 values (1);
GRANT LOCK TABLES ON testdb.* to PUBLIC;
connect (testuser,localhost,testuser,,);
connection testuser;
use testdb;
--error ER_TABLEACCESS_DENIED_ERROR
@ -189,8 +177,6 @@ connection default;
GRANT UPDATE,SELECT ON testdb.* to PUBLIC;
disconnect testuser;
connect (testuser,localhost,testuser,,);
connection testuser;
use testdb;
@ -222,7 +208,6 @@ insert into t2 values (1,2);
GRANT LOCK TABLES ON testdb.* to PUBLIC;
connect (testuser,localhost,testuser,,);
connection testuser;
use testdb;
--error ER_TABLEACCESS_DENIED_ERROR
@ -237,8 +222,6 @@ connection default;
GRANT DELETE ON testdb.t1 to PUBLIC;
GRANT SELECT (a) ON testdb.t2 to PUBLIC;
disconnect testuser;
connect (testuser,localhost,testuser,,);
connection testuser;
use testdb;
@ -252,11 +235,10 @@ select * from testdb.t1;
insert into t1 values (1);
disconnect testuser;
--echo # check that the privilegas correctly read by acl_load
--echo # check that the privileges are correctly read by acl_load
flush privileges;
connect (testuser,localhost,testuser,,);
connection testuser;
use testdb;
delete from t1;
@ -286,7 +268,6 @@ use testdb;
create function f1() returns int return 2;
connect (testuser,localhost,testuser,,);
connection testuser;
--error ER_PROCACCESS_DENIED_ERROR
alter function testdb.f1 comment "A stupid function";
@ -297,8 +278,6 @@ connection default;
GRANT ALTER ROUTINE ON testdb.* to PUBLIC;
disconnect testuser;
connect (testuser,localhost,testuser,,);
connection testuser;
alter function testdb.f1 comment "A stupid function";
@ -308,11 +287,10 @@ select testdb.f1();
connection default;
disconnect testuser;
--echo # check that the privilegas correctly read by acl_load
--echo # check that the privileges are correctly read by acl_load
flush privileges;
connect (testuser,localhost,testuser,,);
connection testuser;
alter function testdb.f1 comment "A stupid function";
--error ER_PROCACCESS_DENIED_ERROR
@ -345,7 +323,6 @@ create table t1 (a int, b int);
insert into t1 values (1,2);
connect (testuser,localhost,testuser,,);
connection testuser;
--error ER_TABLEACCESS_DENIED_ERROR
select * from testdb1.t1;
@ -365,38 +342,32 @@ create table t1 (a int, b int);
--echo # check that user do not have rights
connect (testuser,localhost,testuser,,*NO-ONE*);
connection testuser;
--error ER_TABLEACCESS_DENIED_ERROR
select * from testdb1.t1;
connection default;
disconnect testuser;
--echo give rights to everyone via assigning the role to public
create role roletest;
GRANT SELECT ON testdb1.* TO roletest;
GRANT roletest TO PUBLIC;
connect (testuser,localhost,testuser,,*NO-ONE*);
connection testuser;
select * from testdb1.t1;
connection default;
disconnect testuser;
--echo # check that the privilegas correctly read by acl_load
--echo # check that the privileges are correctly read by acl_load
flush privileges;
connect (testuser,localhost,testuser,,*NO-ONE*);
connection testuser;
select * from testdb1.t1;
connection default;
disconnect testuser;
--echo # drop role...
drop role roletest;
--echo # ... and check that user do not have rights again
connect (testuser,localhost,testuser,,*NO-ONE*);
--echo # ... and check that user does not have rights again
connection testuser;
--error ER_TABLEACCESS_DENIED_ERROR
select * from testdb1.t1;