From dcf76e6514aeaff5f12d62ac0b25e8617f4f94e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= Date: Thu, 17 Oct 2013 20:52:29 -0700 Subject: [PATCH] Added a more complicated test for recursive role grants. --- .../r/acl_roles_set_role-multiple-role.result | 132 ++++++++++++++++++ .../t/acl_roles_set_role-multiple-role.test | 119 ++++++++++++++++ 2 files changed, 251 insertions(+) create mode 100644 mysql-test/r/acl_roles_set_role-multiple-role.result create mode 100644 mysql-test/t/acl_roles_set_role-multiple-role.test diff --git a/mysql-test/r/acl_roles_set_role-multiple-role.result b/mysql-test/r/acl_roles_set_role-multiple-role.result new file mode 100644 index 00000000000..9aeb5288ce8 --- /dev/null +++ b/mysql-test/r/acl_roles_set_role-multiple-role.result @@ -0,0 +1,132 @@ +create user 'test_user'@'localhost'; +create user 'r_sel'@''; +create user 'r_ins'@''; +create user 'r_upd'@''; +create user 'r_del'@''; +create user 'r_crt'@''; +create user 'r_drp'@''; +create user 'r_rld'@''; +update mysql.user set Select_priv='Y' where user like 'r_sel'; +update mysql.user set Insert_priv='Y' where user like 'r_ins'; +update mysql.user set Update_priv='Y' where user like 'r_upd'; +update mysql.user set Delete_priv='Y' where user like 'r_del'; +update mysql.user set Create_priv='Y' where user like 'r_crt'; +update mysql.user set Drop_priv ='Y' where user like 'r_drp'; +update mysql.user set Reload_priv='Y' where user like 'r_rld'; +update mysql.user set is_role='Y' where user like 'r\_%'; +select * from mysql.user where user='r_sel'; +Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role + r_sel Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +select * from mysql.user where user='r_ins'; +Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role + r_ins N Y N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +select * from mysql.user where user='r_upd'; +Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role + r_upd N N Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +select * from mysql.user where user='r_del'; +Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role + r_del N N N Y N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +select * from mysql.user where user='r_crt'; +Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role + r_crt N N N N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +select * from mysql.user where user='r_drp'; +Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role + r_drp N N N N N Y N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +select * from mysql.user where user='r_rld'; +Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role + r_rld N N N N N N Y N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', +'test_user', +'r_sel'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', +'test_user', +'r_ins'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', +'test_user', +'r_upd'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', +'test_user', +'r_del'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', +'test_user', +'r_crt'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', +'test_user', +'r_drp'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', +'test_user', +'r_rld'); +flush privileges; +select * from mysql.roles_mapping; +ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' +show grants; +Grants for test_user@localhost +GRANT USAGE ON *.* TO 'test_user'@'localhost' +set role r_sel; +show grants; +Grants for test_user@localhost +GRANT USAGE ON *.* TO 'test_user'@'localhost' +select * from mysql.roles_mapping; +HostFk UserFk RoleFk +localhost test_user r_sel +localhost test_user r_ins +localhost test_user r_upd +localhost test_user r_del +localhost test_user r_crt +localhost test_user r_drp +localhost test_user r_rld +set role r_ins; +show grants; +Grants for test_user@localhost +GRANT USAGE ON *.* TO 'test_user'@'localhost' +select * from mysql.roles_mapping; +ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', +'r_sel', +'r_rld'); +flush privileges; +ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation +set role r_rld; +flush privileges; +set role r_sel; +flush privileges; +set role none; +flush privileges; +ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation +set role r_ins; +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', +'r_sel', +'r_upd'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', +'r_sel', +'r_del'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', +'r_sel', +'r_crt'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', +'r_sel', +'r_drp'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', +'r_del', +'r_ins'); +set role r_rld; +flush privileges; +set role r_sel; +update mysql.roles_mapping set RoleFk='r_ins' where RoleFk='r_ins_wrong'; +flush privileges; +set role r_sel; +create table mysql.random_test_table (id INT); +insert into mysql.random_test_table values (1); +select * from mysql.random_test_table; +id +1 +delete from mysql.roles_mapping where RoleFk='r_ins'; +flush privileges; +set role r_sel; +insert into mysql.random_test_table values (1); +ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 'random_test_table' +drop table mysql.random_test_table; +delete from mysql.user where user like 'r\_%'; +delete from mysql.roles_mapping where RoleFk like 'r\_%'; +flush privileges; +drop user 'test_user'@'localhost'; diff --git a/mysql-test/t/acl_roles_set_role-multiple-role.test b/mysql-test/t/acl_roles_set_role-multiple-role.test new file mode 100644 index 00000000000..a046b13bb3f --- /dev/null +++ b/mysql-test/t/acl_roles_set_role-multiple-role.test @@ -0,0 +1,119 @@ +#create a user with no privileges +create user 'test_user'@'localhost'; + +create user 'r_sel'@''; +create user 'r_ins'@''; +create user 'r_upd'@''; +create user 'r_del'@''; +create user 'r_crt'@''; +create user 'r_drp'@''; +create user 'r_rld'@''; +update mysql.user set Select_priv='Y' where user like 'r_sel'; +update mysql.user set Insert_priv='Y' where user like 'r_ins'; +update mysql.user set Update_priv='Y' where user like 'r_upd'; +update mysql.user set Delete_priv='Y' where user like 'r_del'; +update mysql.user set Create_priv='Y' where user like 'r_crt'; +update mysql.user set Drop_priv ='Y' where user like 'r_drp'; +update mysql.user set Reload_priv='Y' where user like 'r_rld'; + +update mysql.user set is_role='Y' where user like 'r\_%'; + +select * from mysql.user where user='r_sel'; +select * from mysql.user where user='r_ins'; +select * from mysql.user where user='r_upd'; +select * from mysql.user where user='r_del'; +select * from mysql.user where user='r_crt'; +select * from mysql.user where user='r_drp'; +select * from mysql.user where user='r_rld'; + +##################################### +#set up roles mapping +##################################### +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', + 'test_user', + 'r_sel'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', + 'test_user', + 'r_ins'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', + 'test_user', + 'r_upd'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', + 'test_user', + 'r_del'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', + 'test_user', + 'r_crt'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', + 'test_user', + 'r_drp'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', + 'test_user', + 'r_rld'); +flush privileges; + +change_user 'test_user'; + +--error ER_TABLEACCESS_DENIED_ERROR +select * from mysql.roles_mapping; + +show grants; +set role r_sel; +show grants; +select * from mysql.roles_mapping; + +set role r_ins; +show grants; +--error ER_TABLEACCESS_DENIED_ERROR +select * from mysql.roles_mapping; +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', + 'r_sel', + 'r_rld'); +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +flush privileges; +set role r_rld; +flush privileges; +set role r_sel; +flush privileges; +set role none; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +flush privileges; + +set role r_ins; +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', + 'r_sel', + 'r_upd'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', + 'r_sel', + 'r_del'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', + 'r_sel', + 'r_crt'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', + 'r_sel', + 'r_drp'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', + 'r_del', + 'r_ins'); +set role r_rld; +flush privileges; +set role r_sel; +update mysql.roles_mapping set RoleFk='r_ins' where RoleFk='r_ins_wrong'; +flush privileges; +set role r_sel; + +create table mysql.random_test_table (id INT); +insert into mysql.random_test_table values (1); +select * from mysql.random_test_table; +delete from mysql.roles_mapping where RoleFk='r_ins'; +flush privileges; +set role r_sel; +--error ER_TABLEACCESS_DENIED_ERROR +insert into mysql.random_test_table values (1); +drop table mysql.random_test_table; + +change_user 'root'; +delete from mysql.user where user like 'r\_%'; +delete from mysql.roles_mapping where RoleFk like 'r\_%'; +flush privileges; +drop user 'test_user'@'localhost';