# Store the time of password_last_changed column from mysql.user table # to restore it back later for the different users. let $date_to_restore_root=`SELECT password_last_changed from mysql.user where user='root'`; let $date_to_restore_sys=`SELECT password_last_changed from mysql.user where user='mysql.sys'`; let $date_to_restore_session_user=`SELECT password_last_changed from mysql.user where user='mysql.session'`; let $date_to_restore_inf_schema_user=`SELECT password_last_changed from mysql.user where user='mysql.infoschema'`; # Test of GRANT commands # Save the initial number of concurrent sessions --source include/count_sessions.inc SET @old_log_bin_trust_function_creators= @@global.log_bin_trust_function_creators; SET GLOBAL log_bin_trust_function_creators = 1; set @orig_sql_mode_session= @@SESSION.sql_mode; set @orig_sql_mode_global= @@GLOBAL.sql_mode; # Cleanup --disable_warnings drop table if exists t1; drop database if exists mysqltest; --enable_warnings connect (master,localhost,root,,); connection master; SET NAMES binary; # # Test that the new db privileges are stored/retrieved correctly # create user mysqltest_1@localhost; grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost; show grants for mysqltest_1@localhost; flush privileges; show grants for mysqltest_1@localhost; revoke CREATE TEMPORARY TABLES on mysqltest.* from mysqltest_1@localhost; show grants for mysqltest_1@localhost; grant ALL PRIVILEGES on mysqltest.* to mysqltest_1@localhost with GRANT OPTION; flush privileges; show grants for mysqltest_1@localhost; revoke LOCK TABLES, ALTER on mysqltest.* from mysqltest_1@localhost; show grants for mysqltest_1@localhost; revoke all privileges on mysqltest.* from mysqltest_1@localhost; drop user mysqltest_1@localhost; flush privileges; create user mysqltest_1@localhost; grant usage on test.* to mysqltest_1@localhost with grant option; show grants for mysqltest_1@localhost; delete from mysql.user where user='mysqltest_1'; delete from mysql.db where user='mysqltest_1'; delete from mysql.tables_priv where user='mysqltest_1'; delete from mysql.columns_priv where user='mysqltest_1'; flush privileges; --error ER_NONEXISTING_GRANT show grants for mysqltest_1@localhost; # # Test what happens when you have same table and colum level grants # create user mysqltest_1@localhost; create table t1 (a int); GRANT select,update,insert on t1 to mysqltest_1@localhost; GRANT select (a), update (a),insert(a), references(a) on t1 to mysqltest_1@localhost; show grants for mysqltest_1@localhost; select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1"; REVOKE select (a), update on t1 from mysqltest_1@localhost; show grants for mysqltest_1@localhost; REVOKE select,update,insert,insert (a) on t1 from mysqltest_1@localhost; show grants for mysqltest_1@localhost; GRANT select,references on t1 to mysqltest_1@localhost; select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1"; create user mysqltest_2@localhost, mysqltest_3@localhost; grant all on test.* to mysqltest_3@localhost with grant option; revoke all on test.* from mysqltest_3@localhost; show grants for mysqltest_3@localhost; revoke grant option on test.* from mysqltest_3@localhost; show grants for mysqltest_3@localhost; grant all on test.t1 to mysqltest_2@localhost with grant option; revoke all on test.t1 from mysqltest_2@localhost; show grants for mysqltest_2@localhost; revoke grant option on test.t1 from mysqltest_2@localhost; show grants for mysqltest_2@localhost; delete from mysql.user where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3"; delete from mysql.db where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3"; delete from mysql.tables_priv where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3"; delete from mysql.columns_priv where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3"; flush privileges; drop table t1; # # Test grants on long column names (causes std::string to allocate memory) # create user mysqltest_1@localhost; create table t1 (abcdefghijklmnopqrstuvwxyz int); GRANT select (abcdefghijklmnopqrstuvwxyz) on t1 to mysqltest_1@localhost; show grants for mysqltest_1@localhost; select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1"; drop table t1; # # Test some error conditions # --error ER_WRONG_USAGE GRANT FILE on mysqltest.* to mysqltest_1@localhost; select 1; # To test that the previous command didn't cause problems drop user mysqltest_1@localhost; # # Bug#4898 User privileges depending on ORDER BY Settings of table db # insert ignore into mysql.user (host, user) values ('localhost', 'test11'); insert into mysql.db (host, db, user, select_priv) values ('localhost', 'a%', 'test11', 'Y'), ('localhost', 'ab%', 'test11', 'Y'); alter table mysql.db order by db asc; flush privileges; show grants for test11@localhost; alter table mysql.db order by db desc; flush privileges; show grants for test11@localhost; delete from mysql.user where user='test11'; delete from mysql.db where user='test11'; # # Bug#6123 GRANT USAGE inserts useless Db row # create user test6123 identified by 'magic123'; create database mysqltest1; grant usage on mysqltest1.* to test6123; select host,db,user,select_priv,insert_priv from mysql.db where db="mysqltest1"; delete from mysql.user where user='test6123'; drop database mysqltest1; flush privileges; # # Test for 'drop user', 'revoke privileges, grant' # create user drop_user@localhost, drop_user2@localhost; create table t1 (a int); grant ALL PRIVILEGES on *.* to drop_user2@localhost with GRANT OPTION; show grants for drop_user2@localhost; revoke all privileges, grant option from drop_user2@localhost; grant ALL PRIVILEGES on *.* to drop_user@localhost with GRANT OPTION; grant ALL PRIVILEGES on test.* to drop_user@localhost with GRANT OPTION; grant select(a) on test.t1 to drop_user@localhost; show grants for drop_user@localhost; # # Bug#3086 SHOW GRANTS doesn't follow ANSI_QUOTES # set sql_mode=ansi_quotes; show grants for drop_user@localhost; set sql_mode=default; set sql_quote_show_create=0; show grants for drop_user@localhost; set sql_mode="ansi_quotes"; show grants for drop_user@localhost; set sql_quote_show_create=1; show grants for drop_user@localhost; set sql_mode=""; show grants for drop_user@localhost; revoke all privileges, grant option from drop_user@localhost; show grants for drop_user@localhost; drop user drop_user@localhost; --error ER_REVOKE_GRANTS revoke all privileges, grant option from drop_user@localhost; create user drop_user1@localhost, drop_user3@localhost, drop_user4@localhost; grant select(a) on test.t1 to drop_user1@localhost; grant select on test.t1 to drop_user2@localhost; grant select on test.* to drop_user3@localhost; grant select on *.* to drop_user4@localhost; # Drop user now implicitly revokes all privileges. drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost, drop_user4@localhost; --error ER_REVOKE_GRANTS revoke all privileges, grant option from drop_user1@localhost, drop_user2@localhost, drop_user3@localhost, drop_user4@localhost; --error ER_CANNOT_USER drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost, drop_user4@localhost; drop table t1; create user mysqltest_1@localhost identified by "password"; grant select, update, insert on test.* to mysqltest_1@localhost; show grants for mysqltest_1@localhost; drop user mysqltest_1@localhost; # # Bug#3403 Wrong encoding in SHOW GRANTS output # SET NAMES koi8r; --character_set koi8r CREATE DATABASE ÂÄ; USE ÂÄ; CREATE TABLE ÔÁ (ËÏÌ INT); CREATE USER ÀÚÅÒ@localhost; GRANT SELECT ON ÂÄ.* TO ÀÚÅÒ@localhost; SHOW GRANTS FOR ÀÚÅÒ@localhost; REVOKE SELECT ON ÂÄ.* FROM ÀÚÅÒ@localhost; GRANT SELECT ON ÂÄ.ÔÁ TO ÀÚÅÒ@localhost; SHOW GRANTS FOR ÀÚÅÒ@localhost; REVOKE SELECT ON ÂÄ.ÔÁ FROM ÀÚÅÒ@localhost; GRANT SELECT (ËÏÌ) ON ÂÄ.ÔÁ TO ÀÚÅÒ@localhost; SHOW GRANTS FOR ÀÚÅÒ@localhost; REVOKE SELECT (ËÏÌ) ON ÂÄ.ÔÁ FROM ÀÚÅÒ@localhost; # Revoke does not drop user. Leave a clean user table for the next tests. DROP USER ÀÚÅÒ@localhost; DROP DATABASE ÂÄ; --character_set utf8mb4 SET NAMES latin1; # # Bug#5831 REVOKE ALL PRIVILEGES, GRANT OPTION does not revoke everything # USE test; create user testuser@localhost; CREATE TABLE t1 (a int ); CREATE TABLE t2 LIKE t1; CREATE TABLE t3 LIKE t1; CREATE TABLE t4 LIKE t1; CREATE TABLE t5 LIKE t1; CREATE TABLE t6 LIKE t1; CREATE TABLE t7 LIKE t1; CREATE TABLE t8 LIKE t1; CREATE TABLE t9 LIKE t1; CREATE TABLE t10 LIKE t1; CREATE DATABASE testdb1; CREATE DATABASE testdb2; CREATE DATABASE testdb3; CREATE DATABASE testdb4; CREATE DATABASE testdb5; CREATE DATABASE testdb6; CREATE DATABASE testdb7; CREATE DATABASE testdb8; CREATE DATABASE testdb9; CREATE DATABASE testdb10; GRANT ALL ON testdb1.* TO testuser@localhost; GRANT ALL ON testdb2.* TO testuser@localhost; GRANT ALL ON testdb3.* TO testuser@localhost; GRANT ALL ON testdb4.* TO testuser@localhost; GRANT ALL ON testdb5.* TO testuser@localhost; GRANT ALL ON testdb6.* TO testuser@localhost; GRANT ALL ON testdb7.* TO testuser@localhost; GRANT ALL ON testdb8.* TO testuser@localhost; GRANT ALL ON testdb9.* TO testuser@localhost; GRANT ALL ON testdb10.* TO testuser@localhost; GRANT SELECT ON test.t1 TO testuser@localhost; GRANT SELECT ON test.t2 TO testuser@localhost; GRANT SELECT ON test.t3 TO testuser@localhost; GRANT SELECT ON test.t4 TO testuser@localhost; GRANT SELECT ON test.t5 TO testuser@localhost; GRANT SELECT ON test.t6 TO testuser@localhost; GRANT SELECT ON test.t7 TO testuser@localhost; GRANT SELECT ON test.t8 TO testuser@localhost; GRANT SELECT ON test.t9 TO testuser@localhost; GRANT SELECT ON test.t10 TO testuser@localhost; GRANT SELECT (a) ON test.t1 TO testuser@localhost; GRANT SELECT (a) ON test.t2 TO testuser@localhost; GRANT SELECT (a) ON test.t3 TO testuser@localhost; GRANT SELECT (a) ON test.t4 TO testuser@localhost; GRANT SELECT (a) ON test.t5 TO testuser@localhost; GRANT SELECT (a) ON test.t6 TO testuser@localhost; GRANT SELECT (a) ON test.t7 TO testuser@localhost; GRANT SELECT (a) ON test.t8 TO testuser@localhost; GRANT SELECT (a) ON test.t9 TO testuser@localhost; GRANT SELECT (a) ON test.t10 TO testuser@localhost; REVOKE ALL PRIVILEGES, GRANT OPTION FROM testuser@localhost; SHOW GRANTS FOR testuser@localhost; DROP USER testuser@localhost; DROP TABLE t1,t2,t3,t4,t5,t6,t7,t8,t9,t10; DROP DATABASE testdb1; DROP DATABASE testdb2; DROP DATABASE testdb3; DROP DATABASE testdb4; DROP DATABASE testdb5; DROP DATABASE testdb6; DROP DATABASE testdb7; DROP DATABASE testdb8; DROP DATABASE testdb9; DROP DATABASE testdb10; # # Bug#6932 a problem with 'revoke ALL PRIVILEGES' # create table t1(a int, b int, c int, d int); create user grant_user@localhost; grant insert(b), insert(c), insert(d), insert(a) on t1 to grant_user@localhost; show grants for grant_user@localhost; select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv order by Column_name; revoke ALL PRIVILEGES on t1 from grant_user@localhost; show grants for grant_user@localhost; select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv; drop user grant_user@localhost; drop table t1; # # Bug#7391 Cross-database multi-table UPDATE security problem # create database mysqltest_1; create database mysqltest_2; create table mysqltest_1.t1 select 1 a, 2 q; create table mysqltest_1.t2 select 1 b, 2 r; create table mysqltest_2.t1 select 1 c, 2 s; create table mysqltest_2.t2 select 1 d, 2 t; # test the column privileges create user mysqltest_3@localhost; grant update (a) on mysqltest_1.t1 to mysqltest_3@localhost; grant select (b) on mysqltest_1.t2 to mysqltest_3@localhost; grant select (c) on mysqltest_2.t1 to mysqltest_3@localhost; grant update (d) on mysqltest_2.t2 to mysqltest_3@localhost; connect (conn1,localhost,mysqltest_3,,); connection conn1; SELECT * FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_NAME,COLUMN_NAME,PRIVILEGE_TYPE; SELECT * FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_NAME,PRIVILEGE_TYPE; SELECT * from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_SCHEMA,PRIVILEGE_TYPE; SELECT * from INFORMATION_SCHEMA.USER_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_CATALOG,PRIVILEGE_TYPE; --error ER_COLUMNACCESS_DENIED_ERROR update mysqltest_1.t1, mysqltest_1.t2 set q=10 where b=1; --error ER_COLUMNACCESS_DENIED_ERROR update mysqltest_1.t2, mysqltest_2.t2 set d=20 where d=1; --error ER_COLUMNACCESS_DENIED_ERROR update mysqltest_1.t1, mysqltest_2.t2 set d=20 where d=1; --error ER_COLUMNACCESS_DENIED_ERROR update mysqltest_2.t1, mysqltest_1.t2 set c=20 where b=1; --error ER_COLUMNACCESS_DENIED_ERROR update mysqltest_2.t1, mysqltest_2.t2 set d=10 where s=2; # the following two should work update mysqltest_1.t1, mysqltest_2.t2 set a=10,d=10; update mysqltest_1.t1, mysqltest_2.t1 set a=20 where c=20; connection master; select t1.*,t2.* from mysqltest_1.t1,mysqltest_1.t2; select t1.*,t2.* from mysqltest_2.t1,mysqltest_2.t2; revoke all on mysqltest_1.t1 from mysqltest_3@localhost; revoke all on mysqltest_1.t2 from mysqltest_3@localhost; revoke all on mysqltest_2.t1 from mysqltest_3@localhost; revoke all on mysqltest_2.t2 from mysqltest_3@localhost; # test the db/table level privileges grant all on mysqltest_2.* to mysqltest_3@localhost; grant select on *.* to mysqltest_3@localhost; # Next grant is needed to trigger bug#7391. Do not optimize! grant select on mysqltest_2.t1 to mysqltest_3@localhost; flush privileges; disconnect conn1; connect (conn2,localhost,mysqltest_3,,); connection conn2; use mysqltest_1; update mysqltest_2.t1, mysqltest_2.t2 set c=500,d=600; # the following failed before, should fail now. --error ER_COLUMNACCESS_DENIED_ERROR update mysqltest_1.t1, mysqltest_1.t2 set a=100,b=200; use mysqltest_2; # the following used to succeed, it must fail now. --error ER_COLUMNACCESS_DENIED_ERROR update mysqltest_1.t1, mysqltest_1.t2 set a=100,b=200; --error ER_COLUMNACCESS_DENIED_ERROR update mysqltest_2.t1, mysqltest_1.t2 set c=100,b=200; --error ER_COLUMNACCESS_DENIED_ERROR update mysqltest_1.t1, mysqltest_2.t2 set a=100,d=200; # lets see the result connection master; select t1.*,t2.* from mysqltest_1.t1,mysqltest_1.t2; select t1.*,t2.* from mysqltest_2.t1,mysqltest_2.t2; delete from mysql.user where user='mysqltest_3'; delete from mysql.db where user="mysqltest_3"; delete from mysql.tables_priv where user="mysqltest_3"; delete from mysql.columns_priv where user="mysqltest_3"; delete from mysql.global_grants where user="mysqltest_3"; flush privileges; drop database mysqltest_1; drop database mysqltest_2; disconnect conn2; # # just SHOW PRIVILEGES test # --sorted_result SHOW PRIVILEGES; # # Rights for renaming test (Bug#3270) # connect (root,localhost,root,,test,$MASTER_MYPORT,$MASTER_MYSOCK); connection root; --disable_warnings create database mysqltest; --enable_warnings create table mysqltest.t1 (a int,b int,c int); create user mysqltest_1@localhost; grant all on mysqltest.t1 to mysqltest_1@localhost; connect (user1,localhost,mysqltest_1,,mysqltest,$MASTER_MYPORT,$MASTER_MYSOCK); connection user1; -- error ER_TABLEACCESS_DENIED_ERROR alter table t1 rename t2; disconnect user1; connection root; revoke all privileges on mysqltest.t1 from mysqltest_1@localhost; delete from mysql.user where user=_binary'mysqltest_1'; drop database mysqltest; connection default; disconnect root; # # check all new table privileges # CREATE USER dummy@localhost; CREATE DATABASE mysqltest; CREATE TABLE mysqltest.dummytable (dummyfield INT); CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable; GRANT ALL PRIVILEGES ON mysqltest.dummytable TO dummy@localhost; GRANT ALL PRIVILEGES ON mysqltest.dummyview TO dummy@localhost; --sorted_result SHOW GRANTS FOR dummy@localhost; use INFORMATION_SCHEMA; SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME; FLUSH PRIVILEGES; --sorted_result SHOW GRANTS FOR dummy@localhost; SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME; SHOW FIELDS FROM mysql.tables_priv; use test; REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost; DROP USER dummy@localhost; DROP DATABASE mysqltest; # check view only privileges CREATE USER dummy@localhost; CREATE DATABASE mysqltest; CREATE TABLE mysqltest.dummytable (dummyfield INT); CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable; GRANT CREATE VIEW ON mysqltest.dummytable TO dummy@localhost; GRANT CREATE VIEW ON mysqltest.dummyview TO dummy@localhost; --sorted_result SHOW GRANTS FOR dummy@localhost; use INFORMATION_SCHEMA; SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME; FLUSH PRIVILEGES; --sorted_result SHOW GRANTS FOR dummy@localhost; SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME; use test; REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost; DROP USER dummy@localhost; DROP DATABASE mysqltest; CREATE USER dummy@localhost; CREATE DATABASE mysqltest; CREATE TABLE mysqltest.dummytable (dummyfield INT); CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable; GRANT SHOW VIEW ON mysqltest.dummytable TO dummy@localhost; GRANT SHOW VIEW ON mysqltest.dummyview TO dummy@localhost; --sorted_result SHOW GRANTS FOR dummy@localhost; use INFORMATION_SCHEMA; SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME; FLUSH PRIVILEGES; --sorted_result SHOW GRANTS FOR dummy@localhost; SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME; use test; REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost; DROP USER dummy@localhost; DROP DATABASE mysqltest; # # Bug#11330 Entry in tables_priv with host = '' causes crash # connection default; use mysql; insert into tables_priv values ('','test_db','mysqltest_1','test_table','test_grantor',CURRENT_TIMESTAMP,'Select','Select'); flush privileges; delete from tables_priv where host = '' and user = 'mysqltest_1'; flush privileges; use test; # # Bug#10892 user variables not auto cast for comparisons # Check that we don't get illegal mix of collations # set @user123="non-existent"; select * from mysql.db where user=@user123; set names koi8r; create database ÂÄ; grant select on ÂÄ.* to root@localhost; select hex(Db) from mysql.db where Db='ÂÄ'; show grants for root@localhost; flush privileges; show grants for root@localhost; drop database ÂÄ; revoke select on ÂÄ.* from root@localhost; show grants for root@localhost; set names latin1; # # Bug#15598 Server crashes in specific case during setting new password # - Caused by a user with host '' # create user mysqltest_7@; alter user mysqltest_7@ identified by 'systpass'; show grants for mysqltest_7@; drop user mysqltest_7@; --error ER_NONEXISTING_GRANT show grants for mysqltest_7@; # # Bug#14385 GRANT and mapping to correct user account problems # create database mysqltest; use mysqltest; create table t1(f1 int); CREATE USER mysqltest1@'%', mysqltest1@'192.%'; GRANT DELETE ON mysqltest.t1 TO mysqltest1@'%'; GRANT SELECT ON mysqltest.t1 TO mysqltest1@'192.%'; show grants for mysqltest1@'192.%'; show grants for mysqltest1@'%'; delete from mysql.user where user='mysqltest1'; delete from mysql.db where user='mysqltest1'; delete from mysql.tables_priv where user='mysqltest1'; flush privileges; drop database mysqltest; # # Bug#27515 DROP previlege is not required for RENAME TABLE # connection master; create database db27515; use db27515; create table t1 (a int); create user user27515@localhost; grant alter on db27515.t1 to user27515@localhost; grant insert, create on db27515.t2 to user27515@localhost; connect (conn27515, localhost, user27515, , db27515); connection conn27515; --error ER_TABLEACCESS_DENIED_ERROR rename table t1 to t2; disconnect conn27515; connection master; revoke all privileges, grant option from user27515@localhost; drop user user27515@localhost; drop database db27515; --echo End of 4.1 tests # # Bug#16297 In memory grant tables not flushed when users's hostname is "" # use test; create table t1 (a int); # Backup anonymous users and remove them. (They get in the way of # the one we test with here otherwise.) create table t2 as select * from mysql.user where user=''; delete from mysql.user where user=''; flush privileges; # Create some users with different hostnames create user mysqltest_8@''; create user mysqltest_8; create user mysqltest_8@host8; # Try to create them again --error ER_CANNOT_USER create user mysqltest_8@''; --error ER_CANNOT_USER create user mysqltest_8; --error ER_CANNOT_USER create user mysqltest_8@host8; select user, QUOTE(host) from mysql.user where user="mysqltest_8"; --echo Schema privileges grant select on mysqltest.* to mysqltest_8@''; show grants for mysqltest_8@''; grant select on mysqltest.* to mysqltest_8@; show grants for mysqltest_8@; grant select on mysqltest.* to mysqltest_8; show grants for mysqltest_8; --sorted_result select * from information_schema.schema_privileges where grantee like "'mysqltest_8'%"; connect (conn3,localhost,mysqltest_8,,); select * from t1; disconnect conn3; connection master; revoke select on mysqltest.* from mysqltest_8@''; revoke select on mysqltest.* from mysqltest_8; show grants for mysqltest_8@''; show grants for mysqltest_8; --sorted_result select * from information_schema.schema_privileges where grantee like "'mysqltest_8'%"; flush privileges; show grants for mysqltest_8@''; show grants for mysqltest_8@; grant select on mysqltest.* to mysqltest_8@''; flush privileges; show grants for mysqltest_8@; revoke select on mysqltest.* from mysqltest_8@''; flush privileges; --echo Column privileges grant update (a) on t1 to mysqltest_8@''; grant update (a) on t1 to mysqltest_8; show grants for mysqltest_8@''; show grants for mysqltest_8; flush privileges; show grants for mysqltest_8@''; show grants for mysqltest_8; --sorted_result select * from information_schema.column_privileges; connect (conn4,localhost,mysqltest_8,,); select * from t1; disconnect conn4; connection master; revoke update (a) on t1 from mysqltest_8@''; revoke update (a) on t1 from mysqltest_8; show grants for mysqltest_8@''; show grants for mysqltest_8; --sorted_result select * from information_schema.column_privileges; flush privileges; show grants for mysqltest_8@''; show grants for mysqltest_8; --echo Table privileges grant update on t1 to mysqltest_8@''; grant update on t1 to mysqltest_8; show grants for mysqltest_8@''; show grants for mysqltest_8; flush privileges; show grants for mysqltest_8@''; show grants for mysqltest_8; --sorted_result select * from information_schema.table_privileges where table_schema NOT IN ('sys','mysql'); connect (conn5,localhost,mysqltest_8,,); select * from t1; disconnect conn5; connection master; revoke update on t1 from mysqltest_8@''; revoke update on t1 from mysqltest_8; show grants for mysqltest_8@''; show grants for mysqltest_8; --sorted_result select * from information_schema.table_privileges where table_schema NOT IN ('sys','mysql'); flush privileges; show grants for mysqltest_8@''; show grants for mysqltest_8; --echo "DROP USER" should clear privileges grant all privileges on mysqltest.* to mysqltest_8@''; grant select on mysqltest.* to mysqltest_8@''; grant update on t1 to mysqltest_8@''; grant update (a) on t1 to mysqltest_8@''; grant all privileges on mysqltest.* to mysqltest_8; show grants for mysqltest_8@''; show grants for mysqltest_8; --sorted_result select * from information_schema.user_privileges where grantee like "'mysqltest_8'%"; connect (conn5,localhost,mysqltest_8,,); select * from t1; disconnect conn5; connection master; flush privileges; show grants for mysqltest_8@''; show grants for mysqltest_8; drop user mysqltest_8@''; --error ER_NONEXISTING_GRANT show grants for mysqltest_8@''; show grants for mysqltest_8; --sorted_result select * from information_schema.user_privileges where grantee like "'mysqltest_8'%"; drop user mysqltest_8; --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR connect (conn6,localhost,mysqltest_8,,); connection master; --error ER_NONEXISTING_GRANT show grants for mysqltest_8; drop user mysqltest_8@host8; --error ER_NONEXISTING_GRANT show grants for mysqltest_8@host8; # Restore the anonymous users. insert into mysql.user select * from t2; flush privileges; drop table t2; drop table t1; # # Bug#20214 Incorrect error when user calls SHOW CREATE VIEW on non # privileged view # connection master; CREATE DATABASE mysqltest3; USE mysqltest3; CREATE TABLE t_nn (c1 INT); CREATE VIEW v_nn AS SELECT * FROM t_nn; CREATE DATABASE mysqltest2; USE mysqltest2; CREATE TABLE t_nn (c1 INT); CREATE VIEW v_nn AS SELECT * FROM t_nn; CREATE VIEW v_yn AS SELECT * FROM t_nn; CREATE VIEW v_gy AS SELECT * FROM t_nn; CREATE VIEW v_ny AS SELECT * FROM t_nn; CREATE VIEW v_yy AS SELECT * FROM t_nn WHERE c1=55; CREATE USER 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1'; GRANT SHOW VIEW ON mysqltest2.v_ny TO 'mysqltest_1'@'localhost'; GRANT SELECT ON mysqltest2.v_yn TO 'mysqltest_1'@'localhost'; GRANT SELECT ON mysqltest2.* TO 'mysqltest_1'@'localhost'; GRANT SHOW VIEW,SELECT ON mysqltest2.v_yy TO 'mysqltest_1'@'localhost'; connect (mysqltest_1, localhost, mysqltest_1, mysqltest_1,); # fail because of missing SHOW VIEW (have generic SELECT) --error ER_TABLEACCESS_DENIED_ERROR SHOW CREATE VIEW mysqltest2.v_nn; --error ER_TABLEACCESS_DENIED_ERROR SHOW CREATE TABLE mysqltest2.v_nn; # fail because of missing SHOW VIEW --error ER_TABLEACCESS_DENIED_ERROR SHOW CREATE VIEW mysqltest2.v_yn; --error ER_TABLEACCESS_DENIED_ERROR SHOW CREATE TABLE mysqltest2.v_yn; # succeed (despite of missing SELECT, having SHOW VIEW bails us out) SHOW CREATE TABLE mysqltest2.v_ny; # succeed (despite of missing SELECT, having SHOW VIEW bails us out) SHOW CREATE VIEW mysqltest2.v_ny; # fail because of missing (specific or generic) SELECT --error ER_TABLEACCESS_DENIED_ERROR SHOW CREATE TABLE mysqltest3.t_nn; # fail because of missing (specific or generic) SELECT (not because it's not a view!) --error ER_TABLEACCESS_DENIED_ERROR SHOW CREATE VIEW mysqltest3.t_nn; # fail because of missing missing (specific or generic) SELECT (and SHOW VIEW) --error ER_TABLEACCESS_DENIED_ERROR SHOW CREATE VIEW mysqltest3.v_nn; --error ER_TABLEACCESS_DENIED_ERROR SHOW CREATE TABLE mysqltest3.v_nn; # succeed thanks to generic SELECT SHOW CREATE TABLE mysqltest2.t_nn; # fail because it's not a view! (have generic SELECT though) --error ER_WRONG_OBJECT SHOW CREATE VIEW mysqltest2.t_nn; # succeed, have SELECT and SHOW VIEW SHOW CREATE VIEW mysqltest2.v_yy; # succeed, have SELECT and SHOW VIEW SHOW CREATE TABLE mysqltest2.v_yy; # clean-up connection master; # succeed, we're root SHOW CREATE TABLE mysqltest2.v_nn; SHOW CREATE VIEW mysqltest2.v_nn; SHOW CREATE TABLE mysqltest2.t_nn; # fail because it's not a view! --error ER_WRONG_OBJECT SHOW CREATE VIEW mysqltest2.t_nn; DROP VIEW mysqltest2.v_nn; DROP VIEW mysqltest2.v_yn; DROP VIEW mysqltest2.v_ny; DROP VIEW mysqltest2.v_yy; DROP TABLE mysqltest2.t_nn; DROP DATABASE mysqltest2; DROP VIEW mysqltest3.v_nn; DROP TABLE mysqltest3.t_nn; DROP DATABASE mysqltest3; disconnect mysqltest_1; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'mysqltest_1'@'localhost'; DROP USER 'mysqltest_1'@'localhost'; # restore the original database USE test; connection default; disconnect master; # # Bug#10668 CREATE USER does not enforce username length limit # --error ER_WRONG_STRING_LENGTH create user mysqltest1_thisisreallyreallyreallyreallyreallyireallyreallytoolong; # # Test for Bug#16899 Possible buffer overflow in handling of DEFINER-clause. # # These checks are intended to ensure that appropriate errors are risen when # illegal user name or hostname is specified in user-clause of GRANT/REVOKE # statements. # # # Bug#22369 Alter table rename combined with other alterations causes lost tables # CREATE DATABASE mysqltest1; CREATE TABLE mysqltest1.t1 ( int_field INTEGER UNSIGNED NOT NULL, char_field CHAR(10), INDEX(`int_field`) ); CREATE TABLE mysqltest1.t2 (int_field INT); --echo "Now check that we require equivalent grants for " --echo "RENAME TABLE and ALTER TABLE" CREATE USER mysqltest_1@localhost; GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost; connect (conn42,localhost,mysqltest_1,,mysqltest1); SELECT USER(); SHOW GRANTS; --error ER_TABLEACCESS_DENIED_ERROR RENAME TABLE t1 TO t2; --error ER_TABLEACCESS_DENIED_ERROR ALTER TABLE t1 RENAME TO t2; --disconnect conn42 --connection default GRANT DROP ON mysqltest1.t1 TO mysqltest_1@localhost; connect (conn42,localhost,mysqltest_1,,mysqltest1); --error ER_TABLEACCESS_DENIED_ERROR RENAME TABLE t1 TO t2; --error ER_TABLEACCESS_DENIED_ERROR ALTER TABLE t1 RENAME TO t2; --disconnect conn42 --connection default GRANT ALTER ON mysqltest1.t1 TO mysqltest_1@localhost; connect (conn42,localhost,mysqltest_1,,mysqltest1); SHOW GRANTS; --error ER_TABLEACCESS_DENIED_ERROR RENAME TABLE t1 TO t2; --error ER_TABLEACCESS_DENIED_ERROR ALTER TABLE t1 RENAME TO t2; --disconnect conn42 --connection default GRANT INSERT, CREATE ON mysqltest1.t1 TO mysqltest_1@localhost; connect (conn42,localhost,mysqltest_1,,mysqltest1); SHOW GRANTS; --error ER_TABLEACCESS_DENIED_ERROR --disconnect conn42 --connection default GRANT INSERT, SELECT, CREATE, ALTER, DROP ON mysqltest1.t2 TO mysqltest_1@localhost; DROP TABLE mysqltest1.t2; connect (conn42,localhost,mysqltest_1,,mysqltest1); SHOW GRANTS; RENAME TABLE t1 TO t2; RENAME TABLE t2 TO t1; ALTER TABLE t1 RENAME TO t2; ALTER TABLE t2 RENAME TO t1; --disconnect conn42 --connection default REVOKE DROP, INSERT ON mysqltest1.t1 FROM mysqltest_1@localhost; REVOKE DROP, INSERT ON mysqltest1.t2 FROM mysqltest_1@localhost; connect (conn42,localhost,mysqltest_1,,mysqltest1); SHOW GRANTS; --error ER_TABLEACCESS_DENIED_ERROR RENAME TABLE t1 TO t2; --error ER_TABLEACCESS_DENIED_ERROR ALTER TABLE t1 RENAME TO t2; --disconnect conn42 --connection default DROP USER mysqltest_1@localhost; DROP DATABASE mysqltest1; USE test; # Working with database-level privileges. --error ER_WRONG_STRING_LENGTH GRANT CREATE ON mysqltest.* TO 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost; --error ER_WRONG_STRING_LENGTH GRANT CREATE ON mysqltest.* TO some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X; --error ER_WRONG_STRING_LENGTH REVOKE CREATE ON mysqltest.* FROM 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost; --error ER_WRONG_STRING_LENGTH REVOKE CREATE ON mysqltest.* FROM some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X; # Working with table-level privileges. --error ER_WRONG_STRING_LENGTH GRANT CREATE ON t1 TO 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost; --error ER_WRONG_STRING_LENGTH GRANT CREATE ON t1 TO some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X; --error ER_WRONG_STRING_LENGTH REVOKE CREATE ON t1 FROM 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost; --error ER_WRONG_STRING_LENGTH REVOKE CREATE ON t1 FROM some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X; # Working with routine-level privileges. --error ER_WRONG_STRING_LENGTH GRANT EXECUTE ON PROCEDURE p1 TO 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost; --error ER_WRONG_STRING_LENGTH GRANT EXECUTE ON PROCEDURE p1 TO some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X; --error ER_WRONG_STRING_LENGTH REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost; --error ER_WRONG_STRING_LENGTH REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X; # # Bug#23556 TRUNCATE TABLE still maps to DELETE # CREATE USER bug23556@localhost; CREATE DATABASE bug23556; GRANT SELECT ON bug23556.* TO bug23556@localhost; connect (bug23556,localhost,bug23556,,bug23556); connection default; USE bug23556; CREATE TABLE t1 (a INT PRIMARY KEY); INSERT INTO t1 VALUES (1),(2),(3),(4),(5); GRANT DELETE ON t1 TO bug23556@localhost; connection bug23556; USE bug23556; --error ER_TABLEACCESS_DENIED_ERROR TRUNCATE t1; connection default; USE bug23556; REVOKE DELETE ON t1 FROM bug23556@localhost; GRANT DROP ON t1 TO bug23556@localhost; connection bug23556; USE bug23556; TRUNCATE t1; connection default; USE bug23556; DROP TABLE t1; USE test; DROP DATABASE bug23556; DROP USER bug23556@localhost; connection default; disconnect bug23556; # # Bug#6774 Replication fails with Wrong usage of DB GRANT and GLOBAL PRIVILEGES # # Check if GRANT ... ON * ... fails when no database is selected connect (con1, localhost, root,,*NO-ONE*); connection con1; --error ER_NO_DB_ERROR GRANT PROCESS ON * TO user@localhost; disconnect con1; connection default; # # Bug#9504 Stored procedures: execute privilege doesn't make 'use database' # okay. # # Prepare. --disable_warnings DROP DATABASE IF EXISTS mysqltest1; DROP DATABASE IF EXISTS mysqltest2; DROP DATABASE IF EXISTS mysqltest3; DROP DATABASE IF EXISTS mysqltest4; --enable_warnings CREATE DATABASE mysqltest1; CREATE DATABASE mysqltest2; CREATE DATABASE mysqltest3; CREATE DATABASE mysqltest4; CREATE PROCEDURE mysqltest1.p_def() SQL SECURITY DEFINER SELECT 1; CREATE PROCEDURE mysqltest2.p_inv() SQL SECURITY INVOKER SELECT 1; CREATE FUNCTION mysqltest3.f_def() RETURNS INT SQL SECURITY DEFINER RETURN 1; CREATE FUNCTION mysqltest4.f_inv() RETURNS INT SQL SECURITY INVOKER RETURN 1; CREATE USER mysqltest_1@localhost; GRANT EXECUTE ON PROCEDURE mysqltest1.p_def TO mysqltest_1@localhost; GRANT EXECUTE ON PROCEDURE mysqltest2.p_inv TO mysqltest_1@localhost; GRANT EXECUTE ON FUNCTION mysqltest3.f_def TO mysqltest_1@localhost; GRANT EXECUTE ON FUNCTION mysqltest4.f_inv TO mysqltest_1@localhost; GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost; # Test. --connect (bug9504_con1,localhost,mysqltest_1,,) --echo --echo ---> connection: bug9504_con1 # - Check that we can switch to the db; use mysqltest1; use mysqltest2; use mysqltest3; use mysqltest4; # - Check that we can call stored routines; use test; CALL mysqltest1.p_def(); CALL mysqltest2.p_inv(); SELECT mysqltest3.f_def(); SELECT mysqltest4.f_inv(); # Cleanup. --connection default --echo --echo ---> connection: default --disconnect bug9504_con1 DROP DATABASE mysqltest1; DROP DATABASE mysqltest2; DROP DATABASE mysqltest3; DROP DATABASE mysqltest4; DROP USER mysqltest_1@localhost; # # Bug#27337 Privileges are not restored properly. # # Actually, the patch for this bugs fixes two problems. So, here are two test # cases. # Test case 1: privileges are not restored properly after calling a stored # routine defined with SQL SECURITY INVOKER clause. # Prepare. --disable_warnings DROP DATABASE IF EXISTS mysqltest1; DROP DATABASE IF EXISTS mysqltest2; --enable_warnings CREATE DATABASE mysqltest1; CREATE DATABASE mysqltest2; CREATE USER mysqltest_1@localhost; GRANT ALL PRIVILEGES ON mysqltest1.* TO mysqltest_1@localhost; GRANT SELECT ON mysqltest2.* TO mysqltest_1@localhost; CREATE PROCEDURE mysqltest1.p1() SQL SECURITY INVOKER SELECT 1; # Test. --connect (bug27337_con1,localhost,mysqltest_1,,mysqltest2) --echo --echo ---> connection: bug27337_con1 --error ER_TABLEACCESS_DENIED_ERROR CREATE TABLE t1(c INT); CALL mysqltest1.p1(); --error ER_TABLEACCESS_DENIED_ERROR CREATE TABLE t1(c INT); --disconnect bug27337_con1 --connect (bug27337_con2,localhost,mysqltest_1,,mysqltest2) --echo --echo ---> connection: bug27337_con2 --error ER_TABLEACCESS_DENIED_ERROR CREATE TABLE t1(c INT); SHOW TABLES; # Cleanup. --connection default --echo --echo ---> connection: default --disconnect bug27337_con2 DROP DATABASE mysqltest1; DROP DATABASE mysqltest2; DROP USER mysqltest_1@localhost; # Test case 2: privileges are not checked properly for prepared statements. # Prepare. --disable_warnings DROP DATABASE IF EXISTS mysqltest1; DROP DATABASE IF EXISTS mysqltest2; --enable_warnings CREATE DATABASE mysqltest1; CREATE DATABASE mysqltest2; CREATE TABLE mysqltest1.t1(c INT); CREATE TABLE mysqltest2.t2(c INT); CREATE USER mysqltest_1@localhost, mysqltest_2@localhost; GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost; GRANT SELECT ON mysqltest2.t2 TO mysqltest_2@localhost; # Test. --connect (bug27337_con1,localhost,mysqltest_1,,mysqltest1) --echo --echo ---> connection: bug27337_con1 SHOW TABLES FROM mysqltest1; PREPARE stmt1 FROM 'SHOW TABLES FROM mysqltest1'; EXECUTE stmt1; --connect (bug27337_con2,localhost,mysqltest_2,,mysqltest2) --echo --echo ---> connection: bug27337_con2 SHOW COLUMNS FROM mysqltest2.t2; PREPARE stmt2 FROM 'SHOW COLUMNS FROM mysqltest2.t2'; EXECUTE stmt2; --connection default --echo --echo ---> connection: default REVOKE SELECT ON mysqltest1.t1 FROM mysqltest_1@localhost; REVOKE SELECT ON mysqltest2.t2 FROM mysqltest_2@localhost; --connection bug27337_con1 --echo --echo ---> connection: bug27337_con1 --error ER_DBACCESS_DENIED_ERROR SHOW TABLES FROM mysqltest1; --error ER_DBACCESS_DENIED_ERROR EXECUTE stmt1; --connection bug27337_con2 --echo --echo ---> connection: bug27337_con2 --error ER_TABLEACCESS_DENIED_ERROR SHOW COLUMNS FROM mysqltest2.t2; --error ER_TABLEACCESS_DENIED_ERROR EXECUTE stmt2; # Cleanup. --connection default --echo --echo ---> connection: default --disconnect bug27337_con1 --disconnect bug27337_con2 DROP DATABASE mysqltest1; DROP DATABASE mysqltest2; DROP USER mysqltest_1@localhost; DROP USER mysqltest_2@localhost; # # Bug#27878 Unchecked privileges on a view referring to a table from another # database. # USE test; CREATE TABLE t1 (f1 int, f2 int); INSERT INTO t1 VALUES(1,1), (2,2); CREATE DATABASE db27878; CREATE USER 'mysqltest_1'@'localhost'; GRANT UPDATE(f1) ON t1 TO 'mysqltest_1'@'localhost'; GRANT SELECT ON `test`.* TO 'mysqltest_1'@'localhost'; GRANT ALL ON db27878.* TO 'mysqltest_1'@'localhost'; USE db27878; CREATE SQL SECURITY INVOKER VIEW db27878.v1 AS SELECT * FROM test.t1; connect (user1,localhost,mysqltest_1,,test); connection user1; USE db27878; SET sql_mode = 'NO_ENGINE_SUBSTITUTION'; --error 1356 UPDATE v1 SET f2 = 4; SET sql_mode = default; SELECT * FROM test.t1; disconnect user1; connection default; REVOKE UPDATE (f1) ON `test`.`t1` FROM 'mysqltest_1'@'localhost'; REVOKE SELECT ON `test`.* FROM 'mysqltest_1'@'localhost'; REVOKE ALL ON db27878.* FROM 'mysqltest_1'@'localhost'; DROP USER mysqltest_1@localhost; DROP DATABASE db27878; USE test; DROP TABLE t1; --echo # --echo # Bug#33275 Server crash when creating temporary table mysql.user --echo # CREATE TEMPORARY TABLE mysql.user (id INT); FLUSH PRIVILEGES; DROP TABLE mysql.user; # # Bug#33201 Crash occurs when granting update privilege on one column of a view # drop table if exists test; drop function if exists test_function; drop view if exists v1; create table test (col1 varchar(30)); delimiter |; create function test_function() returns varchar(30) begin declare tmp varchar(30); select col1 from test limit 1 into tmp; return '1'; end| delimiter ;| create view v1 as select test.* from test where test.col1=test_function(); create user 'greg'@'localhost'; grant update (col1) on v1 to 'greg'@'localhost'; drop user 'greg'@'localhost'; drop view v1; drop table test; drop function test_function; # # Bug#41456 SET PASSWORD hates CURRENT_USER() # SELECT CURRENT_USER(); SET PASSWORD FOR CURRENT_USER() = "admin"; SET PASSWORD FOR CURRENT_USER() = ""; # # Bug#57952: privilege change is not taken into account by EXECUTE. # --echo --echo # Bug#57952 --echo --disable_warnings DROP DATABASE IF EXISTS mysqltest1; DROP DATABASE IF EXISTS mysqltest2; --enable_warnings CREATE DATABASE mysqltest1; CREATE DATABASE mysqltest2; use mysqltest1; CREATE TABLE t1(a INT, b INT); INSERT INTO t1 VALUES (1, 1); CREATE TABLE t2(a INT); INSERT INTO t2 VALUES (2); CREATE TABLE mysqltest2.t3(a INT); INSERT INTO mysqltest2.t3 VALUES (4); CREATE USER testuser@localhost; GRANT CREATE ROUTINE, EXECUTE ON mysqltest1.* TO testuser@localhost; GRANT SELECT(b) ON t1 TO testuser@localhost; GRANT SELECT ON t2 TO testuser@localhost; GRANT SELECT ON mysqltest2.* TO testuser@localhost; --echo --echo # Connection: bug57952_con1 (testuser@localhost, db: mysqltest1) --connect (bug57952_con1,localhost,testuser,,mysqltest1) PREPARE s1 FROM 'SELECT b FROM t1'; PREPARE s2 FROM 'SELECT a FROM t2'; PREPARE s3 FROM 'SHOW TABLES FROM mysqltest2'; CREATE PROCEDURE p1() SELECT b FROM t1; CREATE PROCEDURE p2() SELECT a FROM t2; CREATE PROCEDURE p3() SHOW TABLES FROM mysqltest2; CALL p1; CALL p2; CALL p3; --echo --echo # Connection: default --connection default REVOKE SELECT ON t1 FROM testuser@localhost; GRANT SELECT(a) ON t1 TO testuser@localhost; REVOKE SELECT ON t2 FROM testuser@localhost; REVOKE SELECT ON mysqltest2.* FROM testuser@localhost; --echo --echo # Connection: bug57952_con1 (testuser@localhost, db: mysqltest1) --connection bug57952_con1 --echo # - Check column-level privileges... --error ER_COLUMNACCESS_DENIED_ERROR EXECUTE s1; --error ER_COLUMNACCESS_DENIED_ERROR SELECT b FROM t1; --error ER_COLUMNACCESS_DENIED_ERROR SELECT SUM(b) OVER () FROM t1; --error ER_COLUMNACCESS_DENIED_ERROR EXECUTE s1; --error ER_COLUMNACCESS_DENIED_ERROR CALL p1; --echo # - Check table-level privileges... --error ER_TABLEACCESS_DENIED_ERROR SELECT a FROM t2; --error ER_TABLEACCESS_DENIED_ERROR EXECUTE s2; --error ER_TABLEACCESS_DENIED_ERROR CALL p2; --echo # - Check database-level privileges... --error ER_DBACCESS_DENIED_ERROR SHOW TABLES FROM mysqltest2; --error ER_DBACCESS_DENIED_ERROR EXECUTE s3; --error ER_DBACCESS_DENIED_ERROR CALL p3; --echo --echo # Connection: default --connection default --disconnect bug57952_con1 DROP DATABASE mysqltest1; DROP DATABASE mysqltest2; DROP USER testuser@localhost; use test; --echo --echo # --echo # Test for bug #36544 "DROP USER does not remove stored function --echo # privileges". --echo # create database mysqltest1; create function mysqltest1.f1() returns int return 0; create procedure mysqltest1.p1() begin end; --echo # --echo # 1) Check that DROP USER properly removes privileges on both --echo # stored procedures and functions. --echo # create user mysqluser1@localhost; grant execute on function mysqltest1.f1 to mysqluser1@localhost; grant execute on procedure mysqltest1.p1 to mysqluser1@localhost; --echo # Quick test that granted privileges are properly reflected --echo # in privilege tables and in in-memory structures. show grants for mysqluser1@localhost; select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; --echo # --echo # Create connection 'bug_36544_con1' as 'mysqluser1@localhost'. --connect (bug36544_con1,localhost,mysqluser1,,) call mysqltest1.p1(); select mysqltest1.f1(); --echo # --echo # Switch to connection 'default'. --connection default drop user mysqluser1@localhost; --echo # --echo # Test that dropping of user is properly reflected in --echo # both privilege tables and in in-memory structures. --echo # --echo # Switch to connection 'bug36544_con1'. --connection bug36544_con1 --echo # The connection cold be alive but should not be able to --echo # access to any of the stored routines. --error ER_PROCACCESS_DENIED_ERROR call mysqltest1.p1(); --error ER_PROCACCESS_DENIED_ERROR select mysqltest1.f1(); --disconnect bug36544_con1 --echo # --echo # Switch to connection 'default'. --connection default --echo # --echo # Now create user with the same name and check that he --echo # has not inherited privileges. create user mysqluser1@localhost; show grants for mysqluser1@localhost; select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; --echo # --echo # Create connection 'bug_36544_con2' as 'mysqluser1@localhost'. --connect (bug36544_con2,localhost,mysqluser1,,) --echo # Newly created user should not be able to access any of the routines. --error ER_PROCACCESS_DENIED_ERROR call mysqltest1.p1(); --error ER_PROCACCESS_DENIED_ERROR select mysqltest1.f1(); --echo # --echo # Switch to connection 'default'. --connection default --echo # --echo # 2) Check that RENAME USER properly updates privileges on both --echo # stored procedures and functions. --echo # grant execute on function mysqltest1.f1 to mysqluser1@localhost; grant execute on procedure mysqltest1.p1 to mysqluser1@localhost; --echo # --echo # Create one more user to make in-memory hashes non-trivial. --echo # User names 'mysqluser11' and 'mysqluser10' were selected --echo # to trigger bug discovered during code inspection. create user mysqluser11@localhost; grant execute on function mysqltest1.f1 to mysqluser11@localhost; grant execute on procedure mysqltest1.p1 to mysqluser11@localhost; --echo # Also create a couple of tables to test for another bug --echo # discovered during code inspection (again table names were --echo # chosen especially to trigger the bug). create table mysqltest1.t11 (i int); create table mysqltest1.t22 (i int); grant select on mysqltest1.t22 to mysqluser1@localhost; grant select on mysqltest1.t11 to mysqluser1@localhost; --echo # Quick test that granted privileges are properly reflected --echo # in privilege tables and in in-memory structures. show grants for mysqluser1@localhost; select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost'; --echo # --echo # Switch to connection 'bug36544_con2'. --connection bug36544_con2 call mysqltest1.p1(); select mysqltest1.f1(); select * from mysqltest1.t11; select * from mysqltest1.t22; --echo # --echo # Switch to connection 'default'. --connection default rename user mysqluser1@localhost to mysqluser10@localhost; --echo # --echo # Test that there are no privileges left for mysqluser1. --echo # --echo # Switch to connection 'bug36544_con2'. --connection bug36544_con2 --echo # The connection cold be alive but should not be able to --echo # access to any of the stored routines or tables. --error ER_PROCACCESS_DENIED_ERROR call mysqltest1.p1(); --error ER_PROCACCESS_DENIED_ERROR select mysqltest1.f1(); --error ER_TABLEACCESS_DENIED_ERROR select * from mysqltest1.t11; --error ER_TABLEACCESS_DENIED_ERROR select * from mysqltest1.t22; --disconnect bug36544_con2 --echo # --echo # Switch to connection 'default'. --connection default --echo # --echo # Now create user with the old name and check that he --echo # has not inherited privileges. create user mysqluser1@localhost; show grants for mysqluser1@localhost; select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost'; select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost'; --echo # --echo # Create connection 'bug_36544_con3' as 'mysqluser1@localhost'. --connect (bug36544_con3,localhost,mysqluser1,,) --echo # Newly created user should not be able to access to any of the --echo # stored routines or tables. --error ER_PROCACCESS_DENIED_ERROR call mysqltest1.p1(); --error ER_PROCACCESS_DENIED_ERROR select mysqltest1.f1(); --error ER_TABLEACCESS_DENIED_ERROR select * from mysqltest1.t11; --error ER_TABLEACCESS_DENIED_ERROR select * from mysqltest1.t22; --disconnect bug36544_con3 --echo # --echo # Switch to connection 'default'. --connection default --echo # --echo # Now check that privileges became associated with a new user --echo # name - mysqluser10. --echo # show grants for mysqluser10@localhost; select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser10' and host='localhost'; select db, table_name, table_priv from mysql.tables_priv where user='mysqluser10' and host='localhost'; --echo # --echo # Create connection 'bug_36544_con4' as 'mysqluser10@localhost'. --connect (bug36544_con4,localhost,mysqluser10,,) call mysqltest1.p1(); select mysqltest1.f1(); select * from mysqltest1.t11; select * from mysqltest1.t22; --disconnect bug36544_con4 --echo # --echo # Switch to connection 'default'. --connection default --echo # --echo # Clean-up. drop user mysqluser1@localhost; drop user mysqluser10@localhost; drop user mysqluser11@localhost; drop database mysqltest1; --echo End of 5.0 tests # # Bug#21432 Database/Table name limited to 64 bytes, not chars, problems with multi-byte # --character_set utf8 set names utf8; create user юзер_юзер@localhost; grant select on test.* to юзер_юзер@localhost; --execw $MYSQL --default-character-set=utf8 --user=юзер_юзер -e "select user()" revoke all on test.* from юзер_юзер@localhost; drop user юзер_юзер@localhost; --error ER_WRONG_STRING_LENGTH grant select on test.* to очень_длинный_юзер_very_long_user@localhost; set names default; # # Bug#20901 CREATE privilege is enough to insert into a table # create database mysqltest; use mysqltest; create user mysqltest@localhost; grant create on mysqltest.* to mysqltest@localhost; create table t1 (i INT); connect (user1,localhost,mysqltest,,mysqltest); connection user1; # show we don't have INSERT --error ER_TABLEACCESS_DENIED_ERROR insert into t1 values (1); # show we have CREATE create table t2 (i INT); create table t4 (i INT); connection default; grant select, insert on mysqltest.t2 to mysqltest@localhost; grant insert on mysqltest.t4 to mysqltest@localhost; # to specify ACLs for non-existent objects, must explictly |CREATE grant create, insert on mysqltest.t5 to mysqltest@localhost; grant create, insert on mysqltest.t6 to mysqltest@localhost; flush privileges; connection user1; insert into t2 values (1); # CREATE IF NOT EXISTS...SELECT, t1 exists, no INSERT, must fail --error ER_TABLEACCESS_DENIED_ERROR create table if not exists t1 select * from t2; # CREATE IF NOT EXISTS...SELECT, no t3 yet, no INSERT, must fail --error ER_TABLEACCESS_DENIED_ERROR create table if not exists t3 select * from t2; # CREATE IF NOT EXISTS...SELECT, t4 exists, have INSERT, must succeed create table if not exists t4 select * from t2; # CREATE IF NOT EXISTS...SELECT, no t5 yet, have INSERT, must succeed create table if not exists t5 select * from t2; # CREATE...SELECT, no t6 yet, have INSERT, must succeed create table t6 select * from t2; # CREATE...SELECT, no t7 yet, no INSERT, must fail --error ER_TABLEACCESS_DENIED_ERROR create table t7 select * from t2; # CREATE...SELECT, t4 exists, have INSERT, must still fail (exists) --error 1050 create table t4 select * from t2; # CREATE...SELECT, t1 exists, no INSERT, must fail --error ER_TABLEACCESS_DENIED_ERROR create table t1 select * from t2; connection default; drop table t1,t2,t4,t5,t6; revoke create on mysqltest.* from mysqltest@localhost; revoke select, insert on mysqltest.t2 from mysqltest@localhost; revoke insert on mysqltest.t4 from mysqltest@localhost; revoke create, insert on mysqltest.t5 from mysqltest@localhost; revoke create, insert on mysqltest.t6 from mysqltest@localhost; drop user mysqltest@localhost; disconnect user1; drop database mysqltest; use test; # # Bug#16470 crash on grant if old grant tables # call mtr.add_suppression("Can't open and lock privilege tables"); --echo FLUSH PRIVILEGES without procs_priv table. RENAME TABLE mysql.procs_priv TO mysql.procs_gone; --error ER_NO_SUCH_TABLE FLUSH PRIVILEGES; --echo Assigning privileges without procs_priv table. CREATE DATABASE mysqltest1; CREATE PROCEDURE mysqltest1.test() SQL SECURITY DEFINER SELECT 1; CREATE FUNCTION mysqltest1.test() RETURNS INT RETURN 1; --error ER_NO_SUCH_TABLE GRANT EXECUTE ON FUNCTION mysqltest1.test TO mysqltest_1@localhost; --error ER_NO_SUCH_TABLE GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost; CALL mysqltest1.test(); DROP DATABASE mysqltest1; RENAME TABLE mysql.procs_gone TO mysql.procs_priv; FLUSH PRIVILEGES; # # Bug#33464 DROP FUNCTION caused a crash. # CREATE DATABASE dbbug33464; CREATE USER 'userbug33464'@'localhost'; GRANT CREATE ROUTINE ON dbbug33464.* TO 'userbug33464'@'localhost'; --replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK connect (connbug33464, localhost, userbug33464, , dbbug33464); --source suite/funcs_1/include/show_connection.inc delimiter //; CREATE PROCEDURE sp3(v1 char(20)) BEGIN SELECT * from dbbug33464.t6 where t6.f2= 'xyz'; END// delimiter ;// delimiter //; CREATE FUNCTION fn1() returns char(50) SQL SECURITY INVOKER BEGIN return 1; END// delimiter ;// delimiter //; CREATE FUNCTION fn2() returns char(50) SQL SECURITY DEFINER BEGIN return 2; END// delimiter ;// disconnect connbug33464; # cleanup connection default; USE dbbug33464; --source suite/funcs_1/include/show_connection.inc SELECT fn1(); SELECT fn2(); --error 0, ER_CANNOT_USER DROP USER 'userbug33464'@'localhost'; DROP FUNCTION fn1; DROP FUNCTION fn2; DROP PROCEDURE sp3; --error 0, ER_CANNOT_USER DROP USER 'userbug33464'@'localhost'; USE test; DROP DATABASE dbbug33464; SET @@global.log_bin_trust_function_creators= @old_log_bin_trust_function_creators; # # Bug#44658 Create procedure makes server crash when user does not have ALL privilege # CREATE USER user1@localhost; CREATE USER user2; GRANT CREATE ON db1.* TO 'user1'@'localhost'; GRANT CREATE ROUTINE ON db1.* TO 'user1'@'localhost'; GRANT CREATE ON db1.* TO 'user2'@'%'; GRANT CREATE ROUTINE ON db1.* TO 'user2'@'%'; FLUSH PRIVILEGES; SHOW GRANTS FOR 'user1'@'localhost'; connect (con1,localhost,user1,,); --echo ** Connect as user1 and create a procedure. --echo ** The creation will imply implicitly assigned --echo ** EXECUTE and ALTER ROUTINE privileges to --echo ** the current user user1@localhost. SELECT @@GLOBAL.sql_mode; SELECT @@SESSION.sql_mode; CREATE DATABASE db1; DELIMITER ||; CREATE PROCEDURE db1.proc1(p1 INT) BEGIN SET @x = 0; REPEAT SET @x = @x + 1; UNTIL @x > p1 END REPEAT; END ;|| DELIMITER ;|| connect (con2,localhost,user2,,); --echo ** Connect as user2 and create a procedure. --echo ** Implicitly assignment of privileges will --echo ** fail because the user2@localhost is an --echo ** unknown user. DELIMITER ||; CREATE PROCEDURE db1.proc2(p1 INT) BEGIN SET @x = 0; REPEAT SET @x = @x + 1; UNTIL @x > p1 END REPEAT; END ;|| DELIMITER ;|| connection default; SHOW GRANTS FOR 'user1'@'localhost'; SHOW GRANTS FOR 'user2'; disconnect con1; disconnect con2; DROP PROCEDURE db1.proc1; DROP PROCEDURE db1.proc2; REVOKE ALL ON db1.* FROM 'user1'@'localhost'; REVOKE ALL ON db1.* FROM 'user2'@'%'; DROP USER 'user1'@'localhost'; DROP USER 'user2'; DROP DATABASE db1; --echo # --echo # Bug #25863 No database selected error, but documentation --echo # says * for global allowed --echo # connect(conn1,localhost,root,,*NO-ONE*); --error ER_NO_DB_ERROR GRANT ALL ON * TO mysqltest_1; CREATE USER mysqltest_1; GRANT ALL ON *.* TO mysqltest_1; SHOW GRANTS FOR mysqltest_1; DROP USER mysqltest_1; USE test; CREATE USER mysqltest_1; GRANT ALL ON * TO mysqltest_1; SHOW GRANTS FOR mysqltest_1; DROP USER mysqltest_1; CREATE USER mysqltest_1; GRANT ALL ON *.* TO mysqltest_1; SHOW GRANTS FOR mysqltest_1; DROP USER mysqltest_1; connection default; disconnect conn1; # # Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. # CREATE DATABASE db1; CREATE DATABASE db2; CREATE USER 'testbug'@localhost; GRANT SELECT ON db1.* to 'testbug'@localhost; USE db2; CREATE TABLE t1 (a INT); USE test; connect (con1,localhost,testbug,,db1); --error ER_NO_SUCH_TABLE SELECT * FROM `../db2/tb2`; --error ER_TABLEACCESS_DENIED_ERROR SELECT * FROM `../db2`.tb2; --error ER_NO_SUCH_TABLE SELECT * FROM `#mysql50#/../db2/tb2`; connection default; disconnect con1; DROP USER 'testbug'@localhost; DROP TABLE db2.t1; DROP DATABASE db1; DROP DATABASE db2; --echo # --echo # Bug #36742 --echo # create user myuser@Localhost identified by 'foo'; grant usage on Foo.* to myuser@Localhost; grant select on Foo.* to myuser@localhost; select host,user from mysql.user where User='myuser'; revoke select on Foo.* from myuser@localhost; delete from mysql.user where User='myuser'; flush privileges; --echo ######################################################################### --echo # --echo # Bug#38347: ALTER ROUTINE privilege allows SHOW CREATE TABLE. --echo # --echo ######################################################################### --echo --echo # -- --echo # -- Prepare the environment. --echo # -- DELETE FROM mysql.user WHERE User LIKE 'mysqltest_%'; DELETE FROM mysql.db WHERE User LIKE 'mysqltest_%'; DELETE FROM mysql.tables_priv WHERE User LIKE 'mysqltest_%'; DELETE FROM mysql.columns_priv WHERE User LIKE 'mysqltest_%'; FLUSH PRIVILEGES; --disable_warnings DROP DATABASE IF EXISTS mysqltest_db1; --enable_warnings CREATE DATABASE mysqltest_db1; CREATE TABLE mysqltest_db1.t1(a INT); --echo --echo # -- --echo # -- Check that following privileges don't allow SHOW CREATE TABLE. --echo # -- CREATE USER mysqltest_u1@localhost; GRANT EVENT ON mysqltest_db1.* TO mysqltest_u1@localhost; GRANT CREATE TEMPORARY TABLES ON mysqltest_db1.* TO mysqltest_u1@localhost; GRANT LOCK TABLES ON mysqltest_db1.* TO mysqltest_u1@localhost; GRANT ALTER ROUTINE ON mysqltest_db1.* TO mysqltest_u1@localhost; GRANT CREATE ROUTINE ON mysqltest_db1.* TO mysqltest_u1@localhost; GRANT EXECUTE ON mysqltest_db1.* TO mysqltest_u1@localhost; GRANT GRANT OPTION ON mysqltest_db1.* TO mysqltest_u1@localhost; GRANT GRANT OPTION ON mysqltest_db1.t1 TO mysqltest_u1@localhost; GRANT FILE ON *.* TO mysqltest_u1@localhost; GRANT CREATE USER ON *.* TO mysqltest_u1@localhost; GRANT PROCESS ON *.* TO mysqltest_u1@localhost; GRANT RELOAD ON *.* TO mysqltest_u1@localhost; GRANT REPLICATION CLIENT ON *.* TO mysqltest_u1@localhost; GRANT REPLICATION SLAVE ON *.* TO mysqltest_u1@localhost; GRANT SHOW DATABASES ON *.* TO mysqltest_u1@localhost; GRANT SHUTDOWN ON *.* TO mysqltest_u1@localhost; GRANT USAGE ON *.* TO mysqltest_u1@localhost; --echo SHOW GRANTS FOR mysqltest_u1@localhost; --echo --echo # connection: con1 (mysqltest_u1@mysqltest_db1) --connect (con1,localhost,mysqltest_u1,,mysqltest_db1) --connection con1 --echo --error ER_TABLEACCESS_DENIED_ERROR SHOW CREATE TABLE t1; --echo --echo # connection: default --connection default --disconnect con1 --echo REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost; SHOW GRANTS FOR mysqltest_u1@localhost; --echo --echo # -- --echo # -- Check that DB-level SELECT allows SHOW CREATE TABLE. --echo # -- --echo GRANT SELECT ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that DB-level INSERT allows SHOW CREATE TABLE. --echo # -- --echo GRANT INSERT ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that DB-level UPDATE allows SHOW CREATE TABLE. --echo # -- --echo GRANT UPDATE ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that DB-level DELETE allows SHOW CREATE TABLE. --echo # -- --echo GRANT DELETE ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that DB-level CREATE allows SHOW CREATE TABLE. --echo # -- --echo GRANT CREATE ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that DB-level DROP allows SHOW CREATE TABLE. --echo # -- --echo GRANT DROP ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that DB-level ALTER allows SHOW CREATE TABLE. --echo # -- --echo GRANT ALTER ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that DB-level INDEX allows SHOW CREATE TABLE. --echo # -- --echo GRANT INDEX ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that DB-level REFERENCES allows SHOW CREATE TABLE. --echo # -- --echo GRANT REFERENCES ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that DB-level CREATE VIEW allows SHOW CREATE TABLE. --echo # -- --echo GRANT CREATE VIEW ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that DB-level SHOW VIEW allows SHOW CREATE TABLE. --echo # -- --echo GRANT SHOW VIEW ON mysqltest_db1.* TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level SELECT allows SHOW CREATE TABLE. --echo # -- --echo GRANT SELECT ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level INSERT allows SHOW CREATE TABLE. --echo # -- --echo GRANT INSERT ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level UPDATE allows SHOW CREATE TABLE. --echo # -- --echo GRANT UPDATE ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level DELETE allows SHOW CREATE TABLE. --echo # -- --echo GRANT DELETE ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level CREATE allows SHOW CREATE TABLE. --echo # -- --echo GRANT CREATE ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level DROP allows SHOW CREATE TABLE. --echo # -- --echo GRANT DROP ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level ALTER allows SHOW CREATE TABLE. --echo # -- --echo GRANT ALTER ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level INDEX allows SHOW CREATE TABLE. --echo # -- --echo GRANT INDEX ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level REFERENCES allows SHOW CREATE TABLE. --echo # -- --echo GRANT REFERENCES ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level CREATE VIEW allows SHOW CREATE TABLE. --echo # -- --echo GRANT CREATE VIEW ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Check that table-level SHOW VIEW allows SHOW CREATE TABLE. --echo # -- --echo GRANT SHOW VIEW ON mysqltest_db1.t1 TO mysqltest_u1@localhost; --source include/bug38347.inc --echo --echo # -- --echo # -- Cleanup. --echo # -- --echo DROP DATABASE mysqltest_db1; DROP USER mysqltest_u1@localhost; --echo --echo # End of Bug#38347. --echo --echo # --echo # BUG#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES --echo # DIFFERENTLY'. --echo # --disable_warnings drop database if exists mysqltest_db1; --enable_warnings create database mysqltest_db1; create user mysqltest_u1; --echo # Both GRANT statements below should fail with the same error. --error ER_SP_DOES_NOT_EXIST grant execute on function mysqltest_db1.f1 to mysqltest_u1; --error ER_SP_DOES_NOT_EXIST grant execute on procedure mysqltest_db1.p1 to mysqltest_u1; --echo # Let us show that GRANT behaviour for routines is consistent --echo # with GRANT behaviour for tables. Attempt to grant privilege --echo # on non-existent table also results in an error. --error ER_NO_SUCH_TABLE grant select on mysqltest_db1.t1 to mysqltest_u1; show grants for mysqltest_u1; drop database mysqltest_db1; drop user mysqltest_u1; --echo # --echo # Bug#11756966 - 48958: STORED PROCEDURES CAN BE LEVERAGED TO BYPASS --echo # DATABASE SECURITY --echo # --disable_warnings DROP DATABASE IF EXISTS secret; DROP DATABASE IF EXISTS no_such_db; --enable_warnings CREATE DATABASE secret; CREATE USER 'untrusted'@localhost; GRANT USAGE ON *.* TO 'untrusted'@localhost; --echo # Connection con1 connect (con1, localhost, untrusted); SHOW GRANTS; SHOW DATABASES; --echo # Both statements below should fail with the same error. --echo # They used to give different errors, thereby --echo # hinting that the secret database exists. --error ER_DBACCESS_DENIED_ERROR CREATE PROCEDURE no_such_db.foo() BEGIN END; --error ER_DBACCESS_DENIED_ERROR CREATE PROCEDURE secret.peek_at_secret() BEGIN END; --echo # Connection default --connection default disconnect con1; DROP USER 'untrusted'@localhost; DROP DATABASE secret; --echo # --echo # Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY - --echo # REQUIRES FLUSH PRIVILEGES --echo # CREATE USER foo@'127.0.0.1'; GRANT ALL ON *.* TO foo@'127.0.0.1'; --echo # First attempt, should connect successfully connect (conn1, '127.0.0.1', foo,,test); SELECT user(), current_user(); --echo # Rename the user RENAME USER foo@'127.0.0.1' to foo@'127.0.0.0/255.0.0.0'; --echo # Second attempt, should connect successfully as its valid mask --echo # This was failing without fix connect (conn2, '127.0.0.1', foo,,test); SELECT user(), current_user(); --echo # Rename the user back to original RENAME USER foo@'127.0.0.0/255.0.0.0' to foo@'127.0.0.1'; --echo # Third attempt, should connect successfully connect (conn3, '127.0.0.1', foo,,test); SELECT user(), current_user(); --echo # Clean-up connection default; disconnect conn1; disconnect conn2; disconnect conn3; DROP USER foo@'127.0.0.1'; --echo # End of Bug#12766319 --echo # --echo # WL#7131: Add timestamp in mysql.user on the last time the --echo # password was changed and implement password rotation. --echo # SET @saved_value = @@global.default_password_lifetime; SET GLOBAL default_password_lifetime = 2; SHOW VARIABLES LIKE 'default_password_lifetime'; CREATE USER 'wl7131' IDENTIFIED BY 'wl7131'; --echo # This should report 1. # The difference should be but less than a threshold (2 seconds). SELECT (SELECT now()-(SELECT password_last_changed from mysql.user where user='wl7131')) <= 2; # Update password_last_changed manually so that user # is forced to use SET PASSWORD. UPDATE mysql.user SET password_last_changed = (now() - INTERVAL 3 DAY) where user='wl7131'; FLUSH PRIVILEGES; --echo # Attempt to execute query should fail --error 1 --exec $MYSQL -uwl7131 -pwl7131 -e "EXIT" 2>&1 connect(con1,localhost,wl7131,wl7131,,); --echo # Doing something should fail --error 1820 SELECT 1; --echo # Setting password should work --disable_ps_protocol ALTER USER wl7131 IDENTIFIED BY 'new_wl7131'; --enable_ps_protocol --echo # Doing something should pass SELECT 1; disconnect con1; --echo # Reconnecting with same user should pass now connect(con1,localhost,wl7131,new_wl7131,,); SELECT 1; disconnect con1; connection default; DROP USER 'wl7131'; CREATE USER 'wl7131' IDENTIFIED BY 'wl7131'; --echo # Issue alter user and check the value of --echo # password_lifetime column ALTER USER 'wl7131' PASSWORD EXPIRE NEVER; --echo # This should report 0 SELECT password_lifetime FROM mysql.user where user='wl7131'; UPDATE mysql.user SET password_last_changed = (now() - INTERVAL 5 DAY) where user='wl7131'; FLUSH PRIVILEGES; --echo # This should pass as password is never expired. --exec $MYSQL -uwl7131 -pwl7131 -e "EXIT" 2>&1 ALTER USER 'wl7131' PASSWORD EXPIRE DEFAULT; --echo # This should report NULL SELECT password_lifetime FROM mysql.user where user='wl7131'; --echo # This should not pass as default_password_lifetime --echo # (which is 2 now) is being used. --error 1 --exec $MYSQL -uwl7131 -pwl7131 -e "EXIT" 2>&1 SET GLOBAL default_password_lifetime = 0; ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 4 DAY; --echo # Should report 4 SELECT password_lifetime FROM mysql.user where user='wl7131'; --echo # This should not pass. --error 1 --exec $MYSQL -uwl7131 -pwl7131 -e "EXIT" 2>&1 SET GLOBAL default_password_lifetime = @saved_value; ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 6 DAY; --echo # Should report 6 select password_lifetime from mysql.user where user='wl7131'; --echo # This should pass. --exec $MYSQL -uwl7131 -pwl7131 -e "EXIT" 2>&1 DROP USER 'wl7131'; CREATE USER 'wl7131'; let $password_change_time_1=`SELECT password_last_changed FROM mysql.user where user='wl7131'`; --echo # This should not report NULL --replace_regex /[0-9]*-[0-9]*-[0-9]* [0-9]*:[0-9]*:[0-9]*/DTVALUE/ --disable_query_log ONCE --eval SELECT '$password_change_time_1' IS NOT NULL --sleep 1 ALTER USER 'wl7131' REQUIRE SSL; let $password_change_time_2=`SELECT password_last_changed FROM mysql.user where user='wl7131'`; --echo # This should report 0 as it must have the same value as above --replace_regex /[0-9]*-[0-9]*-[0-9]* [0-9]*:[0-9]*:[0-9]*/DTVALUE/ --disable_query_log ONCE --eval SELECT TIMESTAMPDIFF(SECOND,'$password_change_time_1','$password_change_time_2') <> 0 --echo # Should report errors --error 1064 ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL -2 DAY; --error 1525 ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 0 DAY; --error 1525 ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 65536 DAY; --echo # Setting an empty password. It should update the timestamp column. ALTER USER 'wl7131' IDENTIFIED BY ''; --echo # This should report 1. # The difference should be but less than a threshold (2 seconds). SELECT (SELECT now()-(SELECT password_last_changed from mysql.user where user='wl7131')) <= 2; DROP USER 'wl7131'; CREATE USER 'wl7131'@'localhost' IDENTIFIED BY 'wl7131'; --echo # Must report 1 SELECT (SELECT password_last_changed FROM mysql.user where user='wl7131') IS NOT NULL; DROP USER 'wl7131'@'localhost'; --disable_query_log --eval UPDATE mysql.user SET password_last_changed= '$date_to_restore_root' --eval UPDATE mysql.user SET password_last_changed= '$date_to_restore_sys' WHERE USER= 'mysql.sys' --eval UPDATE mysql.user SET password_last_changed= '$date_to_restore_session_user' WHERE USER= 'mysql.session' --eval UPDATE mysql.user SET password_last_changed= '$date_to_restore_inf_schema_user' WHERE USER= 'mysql.infoschema' --enable_query_log --echo # mysql.user table restored to original values. set GLOBAL sql_mode= @orig_sql_mode_global; set SESSION sql_mode= @orig_sql_mode_session; # Wait till we reached the initial number of concurrent sessions --source include/wait_until_count_sessions.inc --echo # --echo # WL#2284: Increase the length of a user name --echo # CREATE TABLE t1 ( int_field INTEGER UNSIGNED NOT NULL, char_field CHAR(10), INDEX(`int_field`) ); CREATE PROCEDURE p1() SELECT b FROM t1; CREATE USER user_name_len_16@localhost; CREATE USER user_name_len_22_01234@localhost; CREATE USER user_name_len_32_012345678901234@localhost; --error ER_WRONG_STRING_LENGTH CREATE USER user_name_len_33_0123456789012345@localhost; --error ER_WRONG_STRING_LENGTH CREATE USER user_name_len_40_01234567890123456789012@localhost; # Working with database-level privileges. GRANT CREATE ON mysqltest.* TO user_name_len_16@localhost; GRANT CREATE ON mysqltest.* TO user_name_len_22_01234@localhost; GRANT CREATE ON mysqltest.* TO user_name_len_32_012345678901234@localhost; --error ER_WRONG_STRING_LENGTH GRANT CREATE ON mysqltest.* TO user_name_len_33_0123456789012345@localhost; --error ER_WRONG_STRING_LENGTH GRANT CREATE ON mysqltest.* TO user_name_len_40_01234567890123456789012@localhost; REVOKE CREATE ON mysqltest.* FROM user_name_len_16@localhost; REVOKE CREATE ON mysqltest.* FROM user_name_len_22_01234@localhost; REVOKE CREATE ON mysqltest.* FROM user_name_len_32_012345678901234@localhost; --error ER_WRONG_STRING_LENGTH REVOKE CREATE ON mysqltest.* FROM user_name_len_33_0123456789012345@localhost; --error ER_WRONG_STRING_LENGTH REVOKE CREATE ON mysqltest.* FROM user_name_len_40_01234567890123456789012@localhost; # Working with table-level privileges. GRANT CREATE ON t1 TO user_name_len_16@localhost; GRANT CREATE ON t1 TO user_name_len_22_01234@localhost; GRANT CREATE ON t1 TO user_name_len_32_012345678901234@localhost; --error ER_WRONG_STRING_LENGTH GRANT CREATE ON t1 TO user_name_len_33_0123456789012345@localhost; --error ER_WRONG_STRING_LENGTH GRANT CREATE ON t1 TO user_name_len_40_01234567890123456789012@localhost; REVOKE CREATE ON t1 FROM user_name_len_16@localhost; REVOKE CREATE ON t1 FROM user_name_len_22_01234@localhost; REVOKE CREATE ON t1 FROM user_name_len_32_012345678901234@localhost; --error ER_WRONG_STRING_LENGTH REVOKE CREATE ON t1 FROM user_name_len_33_0123456789012345@localhost; --error ER_WRONG_STRING_LENGTH REVOKE CREATE ON t1 FROM user_name_len_40_01234567890123456789012@localhost; GRANT SELECT ON t1 TO user_name_len_16@localhost; GRANT SELECT ON t1 TO user_name_len_22_01234@localhost; GRANT SELECT ON t1 TO user_name_len_32_012345678901234@localhost; --error ER_WRONG_STRING_LENGTH GRANT SELECT ON t1 TO user_name_len_33_0123456789012345@localhost; --error ER_WRONG_STRING_LENGTH GRANT SELECT ON t1 TO user_name_len_40_01234567890123456789012@localhost; REVOKE SELECT ON t1 FROM user_name_len_16@localhost; REVOKE SELECT ON t1 FROM user_name_len_22_01234@localhost; REVOKE SELECT ON t1 FROM user_name_len_32_012345678901234@localhost; --error ER_WRONG_STRING_LENGTH REVOKE SELECT ON t1 FROM user_name_len_33_0123456789012345@localhost; --error ER_WRONG_STRING_LENGTH REVOKE SELECT ON t1 FROM user_name_len_40_01234567890123456789012@localhost; # Working with routine-level privileges. GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_16@localhost; GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_22_01234@localhost; GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_32_012345678901234@localhost; --error ER_WRONG_STRING_LENGTH GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_33_0123456789012345@localhost; --error ER_WRONG_STRING_LENGTH GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_40_01234567890123456789012@localhost; REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_16@localhost; REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_22_01234@localhost; REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_32_012345678901234@localhost; --error ER_WRONG_STRING_LENGTH REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_33_0123456789012345@localhost; --error ER_WRONG_STRING_LENGTH REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_40_01234567890123456789012@localhost; --error ER_WRONG_STRING_LENGTH DROP USER user_name_len_40_01234567890123456789012@localhost; --character_set utf8 set names utf8; # 16 characters user name CREATE USER очень_длинный_юз@localhost; # 24 characters user name CREATE USER очень_очень_длинный_юзер@localhost; # 32 characters user name CREATE USER очень_очень_очень_длинный_юзер__@localhost; # 36 characters user name --error ER_WRONG_STRING_LENGTH CREATE USER очень_очень_очень_очень_длинный_юзер@localhost; GRANT CREATE ON mysqltest.* TO очень_длинный_юз@localhost; GRANT CREATE ON mysqltest.* TO очень_очень_длинный_юзер@localhost; GRANT CREATE ON mysqltest.* TO очень_очень_очень_длинный_юзер__@localhost; --error ER_WRONG_STRING_LENGTH GRANT CREATE ON mysqltest.* TO очень_очень_очень_очень_длинный_юзер@localhost; REVOKE CREATE ON mysqltest.* FROM очень_длинный_юз@localhost; REVOKE CREATE ON mysqltest.* FROM очень_очень_длинный_юзер@localhost; REVOKE CREATE ON mysqltest.* FROM очень_очень_очень_длинный_юзер__@localhost; --error ER_WRONG_STRING_LENGTH REVOKE CREATE ON mysqltest.* FROM очень_очень_очень_очень_длинный_юзер@localhost; GRANT CREATE ON t1 TO очень_длинный_юз@localhost; GRANT CREATE ON t1 TO очень_очень_длинный_юзер@localhost; GRANT CREATE ON t1 TO очень_очень_очень_длинный_юзер__@localhost; --error ER_WRONG_STRING_LENGTH GRANT CREATE ON t1 TO очень_очень_очень_очень_длинный_юзер@localhost; REVOKE CREATE ON t1 FROM очень_длинный_юз@localhost; REVOKE CREATE ON t1 FROM очень_очень_длинный_юзер@localhost; REVOKE CREATE ON t1 FROM очень_очень_очень_длинный_юзер__@localhost; --error ER_WRONG_STRING_LENGTH REVOKE CREATE ON t1 FROM очень_очень_очень_очень_длинный_юзер@localhost; GRANT SELECT ON t1 TO очень_длинный_юз@localhost; GRANT SELECT ON t1 TO очень_очень_длинный_юзер@localhost; GRANT SELECT ON t1 TO очень_очень_очень_длинный_юзер__@localhost; --error ER_WRONG_STRING_LENGTH GRANT SELECT ON t1 TO очень_очень_очень_очень_длинный_юзер@localhost; REVOKE SELECT ON t1 FROM очень_длинный_юз@localhost; REVOKE SELECT ON t1 FROM очень_очень_длинный_юзер@localhost; REVOKE SELECT ON t1 FROM очень_очень_очень_длинный_юзер__@localhost; --error ER_WRONG_STRING_LENGTH REVOKE SELECT ON t1 FROM очень_очень_очень_очень_длинный_юзер@localhost; GRANT EXECUTE ON PROCEDURE p1 TO очень_длинный_юз@localhost; GRANT EXECUTE ON PROCEDURE p1 TO очень_очень_длинный_юзер@localhost; GRANT EXECUTE ON PROCEDURE p1 TO очень_очень_очень_длинный_юзер__@localhost; --error ER_WRONG_STRING_LENGTH GRANT EXECUTE ON PROCEDURE p1 TO очень_очень_очень_очень_длинный_юзер@localhost; REVOKE EXECUTE ON PROCEDURE p1 FROM очень_длинный_юз@localhost; REVOKE EXECUTE ON PROCEDURE p1 FROM очень_очень_длинный_юзер@localhost; REVOKE EXECUTE ON PROCEDURE p1 FROM очень_очень_очень_длинный_юзер__@localhost; --error ER_WRONG_STRING_LENGTH REVOKE EXECUTE ON PROCEDURE p1 FROM очень_очень_очень_очень_длинный_юзер@localhost; --echo # Create a user, assign privileges, try to connect and use the granted --echo # privileges. Trying out different connections (socket/TCP/SSL). CREATE USER user_name_len_25_01234567@localhost; GRANT CREATE ON * . * TO user_name_len_25_01234567@localhost; --echo # Connecting via socket connect (con_grant,localhost,user_name_len_25_01234567,,); CREATE DATABASE db_1; CREATE TABLE db_1.test_table (name varchar(15) not null, surname varchar(20) not null, email varchar(50) null, street varchar(50) null, city varchar(50) null, is_active int default 1 ); connection con_grant; --error ER_TABLEACCESS_DENIED_ERROR INSERT INTO db_1.test_table values('rob', 'g', 'robg@oracle.com', 'couldbeworse_street', 'couldbeworse_city', 1); connection default; GRANT INSERT ON db_1.test_table TO user_name_len_25_01234567@localhost; disconnect con_grant; --echo # Connecting via TCP/IP connect (con_grant,127.0.0.1,user_name_len_25_01234567,,db_1,$MASTER_MYPORT); INSERT INTO db_1.test_table values('rob', 'g', 'robg@oracle.com', 'couldbeworse_street', 'couldbeworse_city', 1); INSERT INTO db_1.test_table values('kam', 'g', 'kamg@oracle.com', 'couldbeworse_street', 'couldbeworse_city', 1); --error ER_TABLEACCESS_DENIED_ERROR SELECT * FROM db_1.test_table; connection default; GRANT SELECT ON db_1.test_table TO user_name_len_25_01234567@localhost; disconnect con_grant; --echo # Connecting via socket/SSL connect (con_grant,localhost,user_name_len_25_01234567,,,,,SSL); SELECT * FROM db_1.test_table; --error ER_TABLEACCESS_DENIED_ERROR UPDATE db_1.test_table SET street='couldbemuchworse_street' WHERE name='rob'; connection default; GRANT UPDATE ON db_1.test_table TO user_name_len_25_01234567@localhost; connection con_grant; UPDATE db_1.test_table SET street='couldbemuchworse_street' WHERE name='rob'; --error ER_TABLEACCESS_DENIED_ERROR DELETE FROM db_1.test_table WHERE name='rob'; connection default; GRANT DELETE ON db_1.test_table TO user_name_len_25_01234567@localhost; connection con_grant; DELETE FROM db_1.test_table WHERE name='rob'; --error ER_TABLEACCESS_DENIED_ERROR DROP TABLE db_1.test_table; connection default; GRANT DROP ON db_1.* TO user_name_len_25_01234567@localhost; disconnect con_grant; --echo # Connecting via TCP/IP/SSL connect (con_grant,127.0.0.1,user_name_len_25_01234567,,db_1,$MASTER_MYPORT,,SSL); DROP TABLE db_1.test_table; DROP DATABASE db_1; connection default; disconnect con_grant; # cleanup DROP USER очень_длинный_юз@localhost; DROP USER очень_очень_длинный_юзер@localhost; DROP USER очень_очень_очень_длинный_юзер__@localhost; --error ER_WRONG_STRING_LENGTH DROP USER очень_очень_очень_очень_длинный_юзер@localhost; set names default; DROP USER user_name_len_16@localhost; DROP USER user_name_len_22_01234@localhost; DROP USER user_name_len_32_012345678901234@localhost; DROP USER user_name_len_25_01234567@localhost; DROP TABLE t1; DROP PROCEDURE p1; # # Bug#21762656 AFTER RUNNING MYSQL_UPGRADE PROXIES_PRIV USER COLUMNS ARE NOT UPDATED TO 32 # CREATE USER user_name_len_22_01234@localhost; GRANT ALL PRIVILEGES ON *.* TO user_name_len_22_01234@localhost WITH GRANT OPTION; GRANT PROXY ON ''@'' TO user_name_len_22_01234@localhost WITH GRANT OPTION; CONNECT (conn_su,localhost,user_name_len_22_01234,,); CREATE USER user_name_len_32_012345678901234@localhost; GRANT SELECT ON *.* TO user_name_len_32_012345678901234@localhost; --echo ** Creating new proxy user ** CREATE USER proxy_native_0123456789@localhost IDENTIFIED WITH mysql_native_password; GRANT PROXY ON user_name_len_32_012345678901234@localhost TO proxy_native_0123456789@localhost; SELECT USER, PROXIED_USER, GRANTOR FROM mysql.proxies_priv WHERE Proxied_host='localhost'; connection default; disconnect conn_su; DROP USER user_name_len_22_01234@localhost; DROP USER user_name_len_32_012345678901234@localhost; DROP USER proxy_native_0123456789@localhost; --echo # --echo # Regression test added in WL#8657 --echo # CREATE DATABASE db8657; CREATE TABLE db8657.t1 (i INT); CREATE USER 'untrusted8657'@'localhost'; --echo # Connection con1 connect (con1, localhost, untrusted8657); --error ER_TABLEACCESS_DENIED_ERROR CREATE INDEX idx1 ON db8657.t1 (i); --error ER_TABLEACCESS_DENIED_ERROR PREPARE stmt FROM 'CREATE TABLE db8657.t2 (i INT)'; disconnect con1; connection default; SHOW CREATE TABLE db8657.t1; DROP USER 'untrusted8657'@localhost; DROP DATABASE db8657; --echo # --echo # Regression test added in WL#8063 --echo # CREATE DATABASE db8063; CREATE TABLE db8063.t1(a VARCHAR(20)); CREATE USER 'untrusted8063'@'localhost'; --echo # Connection con1 connect (con1, localhost, untrusted8063); --error ER_ACCESS_DENIED_ERROR LOAD DATA INFILE '../../std_data/loaddata_utf8.dat' INTO TABLE db8063.t1; disconnect con1; connection default; SHOW CREATE TABLE db8063.t1; DROP USER 'untrusted8063'@localhost; DROP DATABASE db8063; # Wait till we reached the initial number of concurrent sessions --source include/wait_until_count_sessions.inc