mirror of
https://github.com/MariaDB/server.git
synced 2025-08-26 01:44:06 +03:00
28f9704737
Bug#37167 funcs_1: Many tests fail if the embedded server is used.
Bug#37164 funcs_1: Some tests fail if an optional character set is missing.
+ some cleanup within the testsuite related to the fixes above
+ some adjustments to open bugs on Mac OS X
Details:
- Remove the initial loading of data from tests if these data
are not somewhere retrieved
- Remove any use of columns with attribute unicode
(-> UCS2 is no more needed) from tests where unicode
properties are not checked or somehow required
- Create a separate branch of the Character maximum length test
(CML). If UCS2 is available than this test gets applied to
every available type of string column with attribute unicode
This prevents any loss of coverage by the points above.
- Disable the execution of is_tables_ndb which gives wrong
results because of a bug. Correct the exepected results of
this test.
- In case of tests failing when applied to the embedded server
1) Create a variant of this test for the embedded server
or
2) Skip the test in case of embedded server
depending on purpose and complexity of test.
- Skip the tests which could suffer from
Bug 28309 First insert violates unique constraint - was "memory" table empty ?
Bug 37380 Test funcs_1.is_columns_myisam_embedded fails on OS X
(both bugs Mac OS X, embedded server, MySQL 5.0 only)
- Minor improvements like remove typos
470 lines
14 KiB
PHP
470 lines
14 KiB
PHP
#### suite/funcs_1/storedproc/storedproc_06.inc
|
|
|
|
# This test cannot be used for the embedded server because we check here
|
|
# privileges.
|
|
--source include/not_embedded.inc
|
|
|
|
--source suite/funcs_1/storedproc/load_sp_tb.inc
|
|
|
|
# ==============================================================================
|
|
# (numbering from requirement document TP v1.0, Last updated: 25 Jan 2005 01:00)
|
|
#
|
|
# 3.1.6 Privilege checks:
|
|
#
|
|
# 1. Ensure that no user may create a stored procedure without the
|
|
# GRANT CREATE ROUTINE privilege.
|
|
# 2. Ensure that root always has the GRANT CREATE ROUTINE privilege.
|
|
# 3. Ensure that a user with the GRANT CREATE ROUTINE privilege can always
|
|
# create both a procedure and a function, on any appropriate database.
|
|
# 4. Ensure that the default security provision of a stored procedure is
|
|
# SQL SECURITY DEFINER.
|
|
# 5. Ensure that a stored procedure defined with SQL SECURITY DEFINER can be
|
|
# called/executed by any user, using only the privileges (including
|
|
# database access privileges) associated with the user who created
|
|
# the stored procedure.
|
|
# 6. Ensure that a stored procedure defined with SQL SECURITY INVOKER can be
|
|
# called/executed by any user, using only the privileges (including
|
|
# database access privileges) associated with the user executing
|
|
# the stored procedure.
|
|
#
|
|
# ==============================================================================
|
|
let $message= Section 3.1.6 - Privilege Checks:;
|
|
--source include/show_msg80.inc
|
|
|
|
|
|
connection default;
|
|
USE db_storedproc_1;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
# ------------------------------------------------------------------------------
|
|
let $message= Testcase 3.1.6.1:
|
|
-----------------
|
|
Ensure that no user may create a stored procedure without the GRANT CREATE
|
|
ROUTINE privilege.;
|
|
--source include/show_msg80.inc
|
|
|
|
create user 'user_1'@'localhost';
|
|
|
|
grant all on db_storedproc_1.* to 'user_1'@'localhost';
|
|
revoke create routine on db_storedproc_1.* from 'user_1'@'localhost';
|
|
flush privileges;
|
|
|
|
--disable_warnings
|
|
DROP PROCEDURE IF EXISTS sp1;
|
|
--enable_warnings
|
|
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user1a, localhost, user_1, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
USE db_storedproc_1;
|
|
|
|
delimiter //;
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
CREATE PROCEDURE sp1(v1 char(20))
|
|
BEGIN
|
|
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';
|
|
END//
|
|
delimiter ;//
|
|
|
|
disconnect user1a;
|
|
|
|
# add privilege again and check
|
|
connection default;
|
|
USE db_storedproc_1;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
GRANT CREATE ROUTINE ON db_storedproc_1.* TO 'user_1'@'localhost';
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user1b, localhost, user_1, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
USE db_storedproc_1;
|
|
|
|
delimiter //;
|
|
CREATE PROCEDURE sp1(v1 char(20))
|
|
BEGIN
|
|
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';
|
|
END//
|
|
delimiter ;//
|
|
disconnect user1b;
|
|
|
|
# cleanup
|
|
connection default;
|
|
USE db_storedproc_1;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
DROP USER 'user_1'@'localhost';
|
|
DROP PROCEDURE sp1;
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
let $message= Testcase 3.1.6.2:
|
|
-----------------
|
|
Ensure that root always has the GRANT CREATE ROUTINE privilege.
|
|
(checked by other testscases);
|
|
--source include/show_msg80.inc
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
let $message= Testcase 3.1.6.3:
|
|
-----------------
|
|
Ensure that a user with the GRANT CREATE ROUTINE privilege can always create
|
|
both a procedure and a function, on any appropriate database.
|
|
--source include/show_msg80.inc
|
|
|
|
|
|
create user 'user_1'@'localhost';
|
|
|
|
grant create routine on db_storedproc_1.* to 'user_1'@'localhost';
|
|
flush privileges;
|
|
|
|
# disconnect default;
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user2, localhost, user_1, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
--disable_warnings
|
|
DROP PROCEDURE IF EXISTS sp3;
|
|
DROP FUNCTION IF EXISTS fn1;
|
|
--enable_warnings
|
|
|
|
delimiter //;
|
|
CREATE PROCEDURE sp3(v1 char(20))
|
|
BEGIN
|
|
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';
|
|
END//
|
|
delimiter ;//
|
|
|
|
delimiter //;
|
|
CREATE FUNCTION fn1(v1 int) returns int
|
|
BEGIN
|
|
return v1;
|
|
END//
|
|
delimiter ;//
|
|
|
|
disconnect user2;
|
|
|
|
# cleanup
|
|
connection default;
|
|
USE db_storedproc_1;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
drop user 'user_1'@'localhost';
|
|
DROP PROCEDURE sp3;
|
|
DROP FUNCTION fn1;
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
let $message= Testcase 3.1.6.4:
|
|
-----------------
|
|
Ensure that the default security provision of a stored procedure is SQL SECURITY
|
|
DEFINER.;
|
|
--source include/show_msg80.inc
|
|
|
|
CREATE USER 'user_1'@'localhost';
|
|
|
|
grant update on db_storedproc_1.t6 to 'user_1'@'localhost';
|
|
grant execute on db_storedproc_1.* to 'user_1'@'localhost';
|
|
flush privileges;
|
|
|
|
USE db_storedproc_1;
|
|
|
|
--disable_warnings
|
|
DROP PROCEDURE IF EXISTS sp4;
|
|
--enable_warnings
|
|
|
|
delimiter //;
|
|
CREATE PROCEDURE sp4(v1 char(20))
|
|
BEGIN
|
|
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';
|
|
END//
|
|
delimiter ;//
|
|
|
|
#disconnect default;
|
|
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user3, localhost, user_1, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
USE db_storedproc_1;
|
|
CALL sp4('a');
|
|
|
|
--vertical_results
|
|
SELECT SPECIFIC_NAME, ROUTINE_SCHEMA, ROUTINE_NAME, ROUTINE_TYPE,
|
|
ROUTINE_BODY, ROUTINE_DEFINITION, IS_DETERMINISTIC,
|
|
SQL_DATA_ACCESS, SECURITY_TYPE, SQL_MODE, ROUTINE_COMMENT
|
|
FROM information_schema.routines
|
|
WHERE routine_schema LIKE 'db_sto%';
|
|
--horizontal_results
|
|
|
|
disconnect user3;
|
|
|
|
# cleanup
|
|
connection default;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
DROP PROCEDURE sp4;
|
|
DROP USER 'user_1'@'localhost';
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
let $message= Testcase 3.1.6.5:
|
|
-----------------
|
|
Ensure that a stored procedure defined with SQL SECURITY DEFINER can be
|
|
called/executed by any user, using only the privileges (including database
|
|
access privileges) associated with the user who created the stored procedure.;
|
|
--source include/show_msg80.inc
|
|
|
|
USE db_storedproc_1;
|
|
CREATE TABLE t3165 ( c1 char(20), c2 char(20), c3 date);
|
|
INSERT INTO t3165 VALUES ('inserted', 'outside of SP', NULL);
|
|
|
|
# creates procedures
|
|
create user 'user_1'@'localhost';
|
|
|
|
#executes procedure
|
|
create user 'user_2'@'localhost';
|
|
|
|
grant create routine on db_storedproc_1.* to 'user_1'@'localhost';
|
|
grant SELECT on db_storedproc_1.* to 'user_2'@'localhost';
|
|
grant execute on db_storedproc_1.* to 'user_2'@'localhost';
|
|
flush privileges;
|
|
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user5_1, localhost, user_1, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
delimiter //;
|
|
CREATE PROCEDURE sp5_s_i () sql security definer
|
|
BEGIN
|
|
SELECT * from db_storedproc_1.t3165;
|
|
insert into db_storedproc_1.t3165 values ('inserted', 'from sp5_s_i', 1000);
|
|
END//
|
|
|
|
CREATE PROCEDURE sp5_sel () sql security definer
|
|
BEGIN
|
|
SELECT * from db_storedproc_1.t3165;
|
|
END//
|
|
|
|
CREATE PROCEDURE sp5_ins () sql security definer
|
|
BEGIN
|
|
insert into db_storedproc_1.t3165 values ('inserted', 'from sp5_ins', 1000);
|
|
END//
|
|
delimiter ;//
|
|
|
|
disconnect user5_1;
|
|
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user5_2, localhost, user_2, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_s_i();
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_ins();
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_sel();
|
|
|
|
# now 'add' INSERT to DEFINER
|
|
connection default;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_sel();
|
|
grant insert on db_storedproc_1.* to 'user_1'@'localhost';
|
|
flush privileges;
|
|
|
|
connection user5_2;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_s_i();
|
|
CALL sp5_ins();
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_sel();
|
|
|
|
# now 'add' SELECT to DEFINER
|
|
connection default;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_sel();
|
|
grant SELECT on db_storedproc_1.* to 'user_1'@'localhost';
|
|
#grant execute on db_storedproc_1.* to 'user_2'@'localhost';
|
|
flush privileges;
|
|
|
|
connection user5_2;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
CALL sp5_s_i();
|
|
CALL sp5_ins();
|
|
CALL sp5_sel();
|
|
|
|
# now revoke INSERT FROM DEFINER
|
|
connection default;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
REVOKE INSERT on db_storedproc_1.* from 'user_1'@'localhost';
|
|
flush privileges;
|
|
|
|
connection user5_2;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_s_i();
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_ins();
|
|
CALL sp5_sel();
|
|
|
|
# now revoke SELECT FROM DEFINER
|
|
connection default;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
REVOKE SELECT on db_storedproc_1.* from 'user_1'@'localhost';
|
|
flush privileges;
|
|
|
|
connection user5_2;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_s_i();
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_ins();
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp5_sel();
|
|
|
|
# cleanup
|
|
disconnect user5_2;
|
|
connection default;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
DROP PROCEDURE sp5_s_i;
|
|
DROP PROCEDURE sp5_sel;
|
|
DROP PROCEDURE sp5_ins;
|
|
DROP TABLE t3165;
|
|
DROP USER 'user_1'@'localhost';
|
|
DROP USER 'user_2'@'localhost';
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
let $message= Testcase 3.1.6.6:
|
|
-----------------
|
|
Ensure that a stored procedure defined with SQL SECURITY INVOKER can be
|
|
called/executed by any user, using only the privileges (including database
|
|
access privileges) associated with the user executing the stored procedure.;
|
|
--source include/show_msg80.inc
|
|
|
|
USE db_storedproc_1;
|
|
CREATE TABLE t3166 ( c1 char(30) );
|
|
INSERT INTO db_storedproc_1.t3166 VALUES ('inserted outside SP');
|
|
|
|
# DEFINER
|
|
create user 'user_1'@'localhost';
|
|
|
|
# INVOKER
|
|
create user 'user_2'@'localhost';
|
|
|
|
GRANT CREATE ROUTINE ON db_storedproc_1.* TO 'user_1'@'localhost';
|
|
GRANT SELECT ON db_storedproc_1.* TO 'user_2'@'localhost';
|
|
GRANT EXECUTE ON db_storedproc_1.* TO 'user_2'@'localhost';
|
|
FLUSH PRIVILEGES;
|
|
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user6_1, localhost, user_1, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
delimiter //;
|
|
CREATE PROCEDURE sp3166_s_i () SQL SECURITY INVOKER
|
|
BEGIN
|
|
SELECT * from db_storedproc_1.t3166;
|
|
insert into db_storedproc_1.t3166 values ('inserted from sp3166_s_i');
|
|
END//
|
|
|
|
CREATE PROCEDURE sp3166_sel () SQL SECURITY INVOKER
|
|
BEGIN
|
|
SELECT * from db_storedproc_1.t3166;
|
|
END//
|
|
|
|
CREATE PROCEDURE sp3166_ins () SQL SECURITY INVOKER
|
|
BEGIN
|
|
insert into db_storedproc_1.t3166 values ('inserted from sp3166_ins');
|
|
END//
|
|
delimiter ;//
|
|
|
|
disconnect user6_1;
|
|
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user6_2, localhost, user_2, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp3166_s_i();
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp3166_ins();
|
|
CALL sp3166_sel();
|
|
|
|
# now 'add' INSERT to INVOKER
|
|
connection default;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
CALL sp3166_sel();
|
|
GRANT INSERT ON db_storedproc_1.* TO 'user_2'@'localhost';
|
|
FLUSH PRIVILEGES;
|
|
disconnect user6_2;
|
|
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user6_3, localhost, user_2, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
CALL sp3166_s_i();
|
|
CALL sp3166_ins();
|
|
CALL sp3166_sel();
|
|
disconnect user6_3;
|
|
|
|
# now 'remove' SELECT from INVOKER
|
|
connection default;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
CALL sp3166_sel();
|
|
REVOKE SELECT ON db_storedproc_1.* FROM 'user_2'@'localhost';
|
|
FLUSH PRIVILEGES;
|
|
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user6_4, localhost, user_2, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp3166_s_i();
|
|
CALL sp3166_ins();
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
CALL sp3166_sel();
|
|
disconnect user6_4;
|
|
|
|
# now 'remove' EXECUTE FROM INVOKER
|
|
connection default;
|
|
CALL sp3166_s_i();
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
REVOKE EXECUTE on db_storedproc_1.* FROM 'user_2'@'localhost';
|
|
FLUSH PRIVILEGES;
|
|
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
connect (user6_5, localhost, user_2, , db_storedproc_1);
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
--error ER_PROCACCESS_DENIED_ERROR
|
|
CALL sp3166_s_i();
|
|
--error ER_PROCACCESS_DENIED_ERROR
|
|
CALL sp3166_ins();
|
|
--error ER_PROCACCESS_DENIED_ERROR
|
|
CALL sp3166_sel();
|
|
disconnect user6_5;
|
|
|
|
# cleanup
|
|
connection default;
|
|
--source suite/funcs_1/include/show_connection.inc
|
|
|
|
DROP PROCEDURE sp3166_s_i;
|
|
DROP PROCEDURE sp3166_sel;
|
|
DROP PROCEDURE sp3166_ins;
|
|
DROP TABLE t3166;
|
|
DROP USER 'user_1'@'localhost';
|
|
DROP USER 'user_2'@'localhost';
|
|
|
|
|
|
# ==============================================================================
|
|
# USE the same .inc to cleanup before and after the test
|
|
--source suite/funcs_1/storedproc/cleanup_sp_tb.inc
|
|
|
|
# ==============================================================================
|
|
--echo
|
|
--echo . +++ END OF SCRIPT +++
|
|
--echo --------------------------------------------------------------------------------
|
|
# ==============================================================================
|