database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-07 00:04:31 +03:00
Code Activity

MDEV-13732 User with SELECT privilege can ALTER sequence

Browse Source 
Bug in privilege checking of sequences. Test case added.
This commit is contained in:
Monty
2017-09-04 19:13:53 +03:00
parent c3399d799f
commit ef2ecf0370
4 changed files with 84 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
mysql-test/suite/sql_sequence/alter.result
View File

@@ -238,3 +238,41 @@ select next value for t1;
next value for t1
90
drop sequence t1;
GRANT
create database s_db;
create sequence s_db.s1;
grant select on s_db.s1 to normal_1@'%' identified by 'pass';
connect m_normal_1, localhost, normal_1, pass, s_db;
select * from s1;
next_not_cached_value minimum_value maximum_value start_value increment cache_size cycle_option cycle_count
1 1 9223372036854775806 1 1 1000 0 0
select nextval(s1);
ERROR 42000: INSERT command denied to user 'normal_1'@'localhost' for table 's1'
show create sequence s1;
Table Create Table
s1 CREATE SEQUENCE `s1` start with 1 minvalue 1 maxvalue 9223372036854775806 increment by 1 cache 1000 nocycle ENGINE=MyISAM
alter sequence s1 restart 50;
ERROR 42000: ALTER command denied to user 'normal_1'@'localhost' for table 's1'
connection default;
grant insert on s_db.s1 to normal_1@'%';
connection m_normal_1;
select nextval(s1);
nextval(s1)
1
alter sequence s1 restart 50;
ERROR 42000: ALTER command denied to user 'normal_1'@'localhost' for table 's1'
connection default;
grant alter on s_db.s1 to normal_1@'%';
connection m_normal_1;
alter sequence s1 restart 50;
select nextval(s1);
nextval(s1)
50
drop sequence s1;
ERROR 42000: DROP command denied to user 'normal_1'@'localhost' for table 's1'
connection default;
disconnect m_normal_1;
drop database s_db;
drop user normal_1@'%';

34
mysql-test/suite/sql_sequence/alter.test
View File

@@ -139,3 +139,37 @@ select next value for t1;
alter sequence t1 restart with 90;
select next value for t1;
drop sequence t1;
--echo
--echo GRANT
--echo
create database s_db;
create sequence s_db.s1;
grant select on s_db.s1 to normal_1@'%' identified by 'pass';
connect(m_normal_1, localhost, normal_1, pass, s_db);
select * from s1;
--error ER_TABLEACCESS_DENIED_ERROR
select nextval(s1);
show create sequence s1;
--error ER_TABLEACCESS_DENIED_ERROR
alter sequence s1 restart 50;
connection default;
grant insert on s_db.s1 to normal_1@'%';
connection m_normal_1;
select nextval(s1);
--error ER_TABLEACCESS_DENIED_ERROR
alter sequence s1 restart 50;
connection default;
grant alter on s_db.s1 to normal_1@'%';
connection m_normal_1;
alter sequence s1 restart 50;
select nextval(s1);
--error ER_TABLEACCESS_DENIED_ERROR
drop sequence s1;
connection default;
disconnect m_normal_1;
drop database s_db;
drop user normal_1@'%';