1
0
mirror of https://github.com/MariaDB/server.git synced 2025-10-24 07:13:33 +03:00
Files
mariadb/mysql-test
Dmitry Lenev eaae675279 Fix for bug#57061 "User without privilege on routine can
discover its existence".

The problem was that user without any privileges on 
routine was able to find out whether it existed or not.
DROP FUNCTION and DROP PROCEDURE statements were 
checking if routine being dropped existed and reported 
ER_SP_DOES_NOT_EXIST error/warning before checking 
if user had enough privileges to drop it.

This patch solves this problem by changing code not to 
check if routine exists before checking if user has enough 
privileges to drop it. Moreover we no longer perform this 
check using a separate call instead we rely on 
sp_drop_routine() returning SP_KEY_NOT_FOUND if routine 
doesn't exist.

This change also simplifies one of upcoming patches
refactoring global read lock implementation.

mysql-test/r/grant.result:
  Updated test case after fixing bug#57061 "User without
  privilege on routine can discover its existence". Removed
  DROP PROCEDURE/FUNCTION statements which have started to
  fail after this fix (correctly). There is no need in
  dropping routines in freshly created database anyway.
mysql-test/r/sp-security.result:
  Added new test case for bug#57061 "User without privilege
  on routine can discover its existence". Updated existing
  tests according to new behaviour.
mysql-test/suite/funcs_1/r/innodb_storedproc_06.result:
  Updated test case after fixing bug#57061 "User without
  privilege on routine can discover its existence".
  Now we drop routines under user which has enough
  privileges to do so.
mysql-test/suite/funcs_1/r/memory_storedproc_06.result:
  Updated test case after fixing bug#57061 "User without
  privilege on routine can discover its existence".
  Now we drop routines under user which has enough
  privileges to do so.
mysql-test/suite/funcs_1/r/myisam_storedproc_06.result:
  Updated test case after fixing bug#57061 "User without
  privilege on routine can discover its existence".
  Now we drop routines under user which has enough
  privileges to do so.
mysql-test/suite/funcs_1/storedproc/storedproc_06.inc:
  Updated test case after fixing bug#57061 "User without
  privilege on routine can discover its existence".
  Now we drop routines under user which has enough
  privileges to do so.
mysql-test/t/grant.test:
  Updated test case after fixing bug#57061 "User without
  privilege on routine can discover its existence". Removed
  DROP PROCEDURE/FUNCTION statements which have started to
  fail after this fix (correctly). There is no need in
  dropping routines in freshly created database anyway.
mysql-test/t/sp-security.test:
  Added new test case for bug#57061 "User without privilege
  on routine can discover its existence". Updated existing
  tests according to new behaviour.
sql/sp.cc:
  Removed sp_routine_exists_in_table() which is no longer
  used.
sql/sp.h:
  Removed sp_routine_exists_in_table() which is no longer
  used.
sql/sql_parse.cc:
  When dropping routine we no longer check if routine exists 
  before checking if user has enough privileges to do so. 
  Moreover we no longer perform this check using a separate 
  call instead we rely on sp_drop_routine() returning 
  SP_KEY_NOT_FOUND if routine doesn't exist.
2010-10-07 20:01:17 +04:00
..
2010-10-05 14:33:54 +03:00
2010-10-01 15:32:03 +02:00
2010-09-03 00:17:08 +02:00
2010-09-27 18:23:54 -06:00

This directory contains a test suite for the MySQL daemon. To run
the currently existing test cases, simply execute ./mysql-test-run in
this directory. It will fire up the newly built mysqld and test it.

Note that you do not have to have to do "make install", and you could
actually have a co-existing MySQL installation. The tests will not
conflict with it.

All tests must pass. If one or more of them fail on your system, please
read the following manual section for instructions on how to report the
problem:

http://dev.mysql.com/doc/mysql/en/mysql-test-suite.html

If you want to use an already running MySQL server for specific tests,
use the --extern option to mysql-test-run. Please note that in this mode,
the test suite expects you to provide the names of the tests to run.
For example, here is the command to run the "alias" and "analyze" tests
with an external server:

mysql-test-run --extern alias analyze

To match your setup, you might also need to provide --socket, --user, and
other relevant options.

With no test cases named on the command line, mysql-test-run falls back
to the normal "non-extern" behavior. The reason for this is that some
tests cannot run with an external server.


You can create your own test cases. To create a test case, create a new
file in the t subdirectory using a text editor. The file should have a .test
extension. For example:

 xemacs t/test_case_name.test

 In the file, put a set of SQL statements that create some tables,
 load test data, and run some queries to manipulate it.

 We would appreciate it if you name your test tables t1, t2, t3 ... (to not
 conflict too much with existing tables).

 Your test should begin by dropping the tables you are going to create and
 end by dropping them again.  This ensures that you can run the test over
 and over again.
 
 If you are using mysqltest commands (like result file names) in your
 test case, you should create the result file as follows:

 mysql-test-run --record test_case_name

 or

 mysqltest --record < t/test_case_name.test

 If you only have a simple test cases consisting of SQL statements and
 comments, you can create the test case in one of the following ways:

 mysql-test-run --record test_case_name

 mysql test < t/test_case_name.test > r/test_case_name.result

 mysqltest --record --record-file=r/test_case_name.result < t/test_case_name.test

 When this is done, take a look at r/test_case_name.result
 - If the result is incorrect, you have found a bug. In this case, you should
   edit the test result to the correct results so that we can verify
   that the bug is corrected in future releases.

To submit your test case, put your .test file and .result file(s) into
a tar.gz archive, add a README that explains the problem, ftp the 
archive to ftp://support.mysql.com/pub/mysql/secret/ and send a mail
to bugs@lists.mysql.com