mirror of
https://github.com/MariaDB/server.git
synced 2025-05-20 13:13:59 +03:00
33efc9677d
Fixed (together with Guilhem) bugs in mysqlbinlog regarding --offset Prefix addresses with 0x for easier comparisons of debug logs Fixed problem where MySQL choosed index-read even if there would be a much better range on the same index This fix changed some 'index' queries to 'range' queries in the test suite Don't create 'dummy' WHERE clause for trivial WHERE clauses where we can remove the WHERE clause. This fix removed of a lot of 'Using where' notes in the test suite. Give NOTE instead of WARNING if table/function doesn't exists when using DROP IF EXISTS Give NOTE instead of WARNING for safe field-type conversions Makefile.am: Don't automaticly update files from bk client/mysqlbinlog.cc: Merge with 4.1 (+ apply bug fixes for --offset and --start-position) include/my_sys.h: Faster clear_alloc_root() mysql-test/r/bdb.result: Updated results after merge mysql-test/r/create.result: Updated results after merge mysql-test/r/func_group.result: Updated results after merge mysql-test/r/func_if.result: Updated results after merge mysql-test/r/heap_btree.result: Updated results after merge mysql-test/r/index_merge.result: Updated results after merge mysql-test/r/index_merge_ror.result: Updated results after merge mysql-test/r/innodb.result: Updated results after merge mysql-test/r/join_outer.result: Updated results after merge mysql-test/r/mysqlbinlog2.result: Updated results after merge mysql-test/r/negation_elimination.result: Updated results after merge mysql-test/r/null.result: Updated results after merge Added more tests mysql-test/r/null_key.result: Updated results after merge Added more tests mysql-test/r/order_by.result: Updated results after merge mysql-test/r/range.result: Updated results after merge Added more tests mysql-test/r/rpl_charset.result: Updated results after merge mysql-test/r/sp-error.result: Updated results after merge mysql-test/r/sp.result: Updated results after merge Added delete of some stored procedures in an attempt to be able to re-run test even if it aborts in the middle mysql-test/r/type_blob.result: Updated results after merge (Some warnings are now notes) mysql-test/r/user_var.result: Updated results after merge Added more tests mysql-test/r/variables.result: Updated results after merge mysql-test/r/view.result: Updated results after merge mysql-test/t/mysqlbinlog2.test: Updated tests to use new positions mysql-test/t/null.test: More tests mysql-test/t/null_key.test: More tests mysql-test/t/range.test: More tests mysql-test/t/rpl_charset.test: Avoid big diffs in the future if tests changes mysql-test/t/sp-error.test: Updated error numbers mysql-test/t/sp-security.test: Updated error numbers mysql-test/t/sp.test: Updated results after merge Added delete of some stored procedures in an attempt to be able to re-run test even if it aborts in the middle mysql-test/t/user_var.test: More tests mysql-test/t/view.test: Updated error numbers mysys/my_alloc.c: Write into debug log the address of the allocated area sql/ha_isam.cc: Prefix addresses with 0x for easier comparisons of debug logs sql/ha_myisam.cc: Prefix addresses with 0x for easier comparisons of debug logs sql/ha_ndbcluster.cc: Add missing enum to switch sql/handler.cc: remove compiler warning sql/item.cc: More debugging Simple cleanup sql/item.h: Move Item::cleanup() to item.cc sql/item_cmpfunc.cc: Fix arena code sql/item_subselect.cc: After merge fixes sql/item_subselect.h: After merge fixes sql/item_sum.cc: Updated comment sql/log_event.cc: Remove wrong test sql/mysql_priv.h: Indentation fixes sql/mysqld.cc: After merge fixes Added 0x to pointers in debug log sql/opt_range.cc: Fixed problem where MySQL choosed index-read even if there would be a much better range on the same index This fix changed some 'index' queries to 'range' queries in the test suite sql/set_var.cc: Indentation fixes sql/sp_head.cc: Set state to INITIALIZED to make SP work with new arena code sql/sql_base.cc: After merge fixes sql/sql_class.cc: More debugging Use clear_alloc_root() instead of init_alloc_root() as the former is faster sql/sql_class.h: New method 'only_prepare()' sql/sql_lex.cc: After merge fixes sql/sql_lex.h: After merge fixes sql/sql_parse.cc: Fix for timezone tables. (The old way to add timezone tables to global list in 'create_total_list' doesn't work anymore) Give NOTE instead of WARNING if table/function doesn't exists when using DROP IF EXISTS sql/sql_prepare.cc: After merge fixes sql/sql_select.cc: Don't create 'dummy' WHERE clause for trivial WHERE clauses where we can remove the WHERE clause. This fix removed of a lot of 'Using where' notes in the test suite sql/sql_table.cc: Give NOTE instead of WARNING if table/function doesn't exists when using DROP IF EXISTS sql/sql_union.cc: After merge fix sql/sql_view.cc: After merge fix sql/table.cc: After merge fix sql/tztime.cc: Update timezone table handling to use new table lists structure sql/tztime.h: Update timezone table handling to use new table lists structure sql/unireg.cc: Use 0x before pointers
193 lines
3.5 KiB
Plaintext
193 lines
3.5 KiB
Plaintext
#
|
|
# Testing SQL SECURITY of stored procedures
|
|
#
|
|
|
|
connect (con1root,localhost,root,,);
|
|
|
|
connection con1root;
|
|
use test;
|
|
|
|
# Create user user1 with no particular access rights
|
|
grant usage on *.* to user1@localhost;
|
|
flush privileges;
|
|
|
|
--disable_warnings
|
|
drop database if exists db1_secret;
|
|
--enable_warnings
|
|
# Create our secret database
|
|
create database db1_secret;
|
|
|
|
# Can create a procedure in other db
|
|
create procedure db1_secret.dummy() begin end;
|
|
drop procedure db1_secret.dummy;
|
|
|
|
use db1_secret;
|
|
|
|
create table t1 ( u varchar(64), i int );
|
|
|
|
# A test procedure and function
|
|
create procedure stamp(i int)
|
|
insert into db1_secret.t1 values (user(), i);
|
|
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
|
|
show procedure status like 'stamp';
|
|
|
|
create function db() returns varchar(64) return database();
|
|
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
|
|
show function status like 'db';
|
|
|
|
# root can, of course
|
|
call stamp(1);
|
|
select * from t1;
|
|
select db();
|
|
|
|
connect (con2user1,localhost,user1,,);
|
|
connect (con3anon,localhost,anon,,);
|
|
|
|
|
|
#
|
|
# User1 can
|
|
#
|
|
connection con2user1;
|
|
|
|
# This should work...
|
|
call db1_secret.stamp(2);
|
|
select db1_secret.db();
|
|
|
|
# ...but not this
|
|
--error 1044
|
|
select * from db1_secret.t1;
|
|
|
|
# ...and not this
|
|
--error 1049
|
|
create procedure db1_secret.dummy() begin end;
|
|
--error 1305
|
|
drop procedure db1_secret.dummy;
|
|
|
|
|
|
#
|
|
# Anonymous can
|
|
#
|
|
connection con3anon;
|
|
|
|
# This should work...
|
|
call db1_secret.stamp(3);
|
|
select db1_secret.db();
|
|
|
|
# ...but not this
|
|
--error 1044
|
|
select * from db1_secret.t1;
|
|
|
|
# ...and not this
|
|
--error 1049
|
|
create procedure db1_secret.dummy() begin end;
|
|
--error 1305
|
|
drop procedure db1_secret.dummy;
|
|
|
|
|
|
#
|
|
# Check it out
|
|
#
|
|
connection con1root;
|
|
select * from t1;
|
|
|
|
#
|
|
# Change to invoker's rights
|
|
#
|
|
alter procedure stamp sql security invoker;
|
|
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
|
|
show procedure status like 'stamp';
|
|
|
|
alter function db sql security invoker;
|
|
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
|
|
show function status like 'db';
|
|
|
|
# root still can
|
|
call stamp(4);
|
|
select * from t1;
|
|
select db();
|
|
|
|
#
|
|
# User1 cannot
|
|
#
|
|
connection con2user1;
|
|
|
|
# This should not work
|
|
--error 1044
|
|
call db1_secret.stamp(5);
|
|
--error 1044
|
|
select db1_secret.db();
|
|
|
|
#
|
|
# Anonymous cannot
|
|
#
|
|
connection con3anon;
|
|
|
|
# This should not work
|
|
--error 1044
|
|
call db1_secret.stamp(6);
|
|
--error 1044
|
|
select db1_secret.db();
|
|
|
|
#
|
|
# BUG#2777
|
|
#
|
|
|
|
connection con1root;
|
|
--disable_warnings
|
|
drop database if exists db2;
|
|
--enable_warnings
|
|
create database db2;
|
|
|
|
use db2;
|
|
|
|
create table t2 (s1 int);
|
|
insert into t2 values (0);
|
|
|
|
grant usage on db2.* to user1@localhost;
|
|
grant select on db2.* to user1@localhost;
|
|
grant usage on db2.* to user2@localhost;
|
|
grant select,insert,update,delete on db2.* to user2@localhost;
|
|
flush privileges;
|
|
|
|
connection con2user1;
|
|
use db2;
|
|
|
|
create procedure p () insert into t2 values (1);
|
|
|
|
# Check that this doesn't work.
|
|
--error 1044
|
|
call p();
|
|
|
|
connect (con4user2,localhost,user2,,);
|
|
|
|
connection con4user2;
|
|
use db2;
|
|
|
|
# This should not work, since p is executed with definer's (user1's) rights.
|
|
--error 1044
|
|
call p();
|
|
select * from t2;
|
|
|
|
create procedure q () insert into t2 values (2);
|
|
|
|
call q();
|
|
select * from t2;
|
|
|
|
connection con2user1;
|
|
use db2;
|
|
|
|
# This should work
|
|
call q();
|
|
select * from t2;
|
|
|
|
# Clean up
|
|
connection con1root;
|
|
use test;
|
|
select type,db,name from mysql.proc;
|
|
drop database db1_secret;
|
|
drop database db2;
|
|
# Make sure the routines are gone
|
|
select type,db,name from mysql.proc;
|
|
# Get rid of the users
|
|
delete from mysql.user where user='user1' or user='user2';
|