You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
322 lines
14 KiB
322 lines
14 KiB
#
|
|
# Bug #23210850: VERSION_TOKEN better protected
|
|
#
|
|
# Define a UDF before installing the plugin
|
|
create function version_tokens_show returns string soname 'version_token.so';
|
|
SELECT version_tokens_show();
|
|
ERROR HY000: Can't initialize function 'version_tokens_show'; version_token plugin is not installed.
|
|
# Testing installing the plugin twice while there's a UDF defined
|
|
INSTALL PLUGIN version_tokens SONAME 'version_token.so';
|
|
UNINSTALL PLUGIN version_tokens;
|
|
Warnings:
|
|
Warning 1620 Plugin is busy and will be uninstalled on shutdown
|
|
INSTALL PLUGIN version_tokens SONAME 'version_token.so';
|
|
UNINSTALL PLUGIN version_tokens;
|
|
Warnings:
|
|
Warning 1620 Plugin is busy and will be uninstalled on shutdown
|
|
# Should not crash when unloading the so through removing the UDF
|
|
drop function version_tokens_show;
|
|
INSTALL PLUGIN version_tokens SONAME 'version_token.so';
|
|
create function version_tokens_set returns string soname 'version_token.so';
|
|
create function version_tokens_show returns string soname 'version_token.so';
|
|
create function version_tokens_edit returns string soname 'version_token.so';
|
|
create function version_tokens_delete returns string soname 'version_token.so';
|
|
create function version_tokens_lock_shared returns int soname 'version_token.so';
|
|
create function version_tokens_lock_exclusive returns int soname 'version_token.so';
|
|
create function version_tokens_unlock returns int soname 'version_token.so';
|
|
|
|
# Error checks for UDFs
|
|
select version_tokens_set("token1 = abc;token2= def",123);
|
|
ERROR HY000: Can't initialize function 'version_tokens_set'; Wrong arguments provided for the function.
|
|
select version_tokens_edit("token1= 123; token3 = asdf",123);
|
|
ERROR HY000: Can't initialize function 'version_tokens_edit'; Wrong arguments provided for the function.
|
|
select version_tokens_delete("token1;token3",123);
|
|
ERROR HY000: Can't initialize function 'version_tokens_delete'; Wrong arguments provided for the function.
|
|
select version_tokens_show("123");
|
|
ERROR HY000: Can't initialize function 'version_tokens_show'; This function does not take any arguments.
|
|
select version_tokens_set(123);
|
|
ERROR HY000: Can't initialize function 'version_tokens_set'; Wrong arguments provided for the function.
|
|
select version_tokens_edit(123);
|
|
ERROR HY000: Can't initialize function 'version_tokens_edit'; Wrong arguments provided for the function.
|
|
select version_tokens_delete(123);
|
|
ERROR HY000: Can't initialize function 'version_tokens_delete'; Wrong arguments provided for the function.
|
|
select version_tokens_lock_shared("Less arguments");
|
|
ERROR HY000: Can't initialize function 'version_tokens_lock_shared'; Requires at least two arguments: (lock(...),timeout).
|
|
select version_tokens_lock_shared(1,"Wrong argument type");
|
|
ERROR HY000: Can't initialize function 'version_tokens_lock_shared'; Wrong argument type - expected integer.
|
|
select version_tokens_lock_exclusive("Less arguments");
|
|
ERROR HY000: Can't initialize function 'version_tokens_lock_exclusive'; Requires at least two arguments: (lock(...),timeout).
|
|
select version_tokens_lock_exclusive(1,"Wrong argument type");
|
|
ERROR HY000: Can't initialize function 'version_tokens_lock_exclusive'; Wrong argument type - expected integer.
|
|
select version_tokens_unlock("Takes no arguments");
|
|
ERROR HY000: Can't initialize function 'version_tokens_unlock'; Requires no arguments.
|
|
select version_tokens_lock_shared("gizmo", -1);
|
|
ERROR 22003: timeout value is out of range in 'version_tokens_lock_shared'
|
|
select version_tokens_lock_exclusive("gizmo", -1);
|
|
ERROR 22003: timeout value is out of range in 'version_tokens_lock_exclusive'
|
|
|
|
CREATE USER vbhagi@localhost;
|
|
|
|
select version_tokens_set("token1 = abc;token2= def");
|
|
version_tokens_set("token1 = abc;token2= def")
|
|
2 version tokens set.
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token1=abc;token2=def;
|
|
|
|
select version_tokens_set("");
|
|
version_tokens_set("")
|
|
Version tokens list cleared.
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
NULL
|
|
|
|
select version_tokens_set("token1 = abc;token2= def");
|
|
version_tokens_set("token1 = abc;token2= def")
|
|
2 version tokens set.
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token1=abc;token2=def;
|
|
|
|
select version_tokens_edit("token1= 123; token3 = asdf");
|
|
version_tokens_edit("token1= 123; token3 = asdf")
|
|
2 version tokens updated.
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token1=123;token2=def;token3=asdf;
|
|
|
|
do version_tokens_set("token1 = def;;;; ;invalid_token; token2= abc;;");
|
|
Warnings:
|
|
Warning 42000 Invalid version token pair encountered. The list provided is only partially updated.
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token1=def;
|
|
|
|
do version_tokens_set("token1 = def;; token111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111=123;; ;invalid_token; token2= abc;;");
|
|
Warnings:
|
|
Warning 42000 Lengthy version token name encountered. Maximum length allowed for a token name is 64 characters. The list provided is only partially updated.
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token1=def;
|
|
|
|
do version_tokens_set("token1 = none;;;; ;invalid_token; token2= 123;;");
|
|
Warnings:
|
|
Warning 42000 Invalid version token pair encountered. The list provided is only partially updated.
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token1=none;
|
|
|
|
do version_tokens_set("token1=def;token2= abc; ;token3=ghi");
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token1=def;token2=abc;token3=ghi;
|
|
|
|
select version_tokens_delete("invalid=token");
|
|
version_tokens_delete("invalid=token")
|
|
0 version tokens deleted.
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token1=def;token2=abc;token3=ghi;
|
|
|
|
select version_tokens_delete("token1;token3");
|
|
version_tokens_delete("token1;token3")
|
|
2 version tokens deleted.
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token2=abc;
|
|
|
|
select version_tokens_delete("*");
|
|
version_tokens_delete("*")
|
|
0 version tokens deleted.
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token2=abc;
|
|
|
|
do version_tokens_set("token1=def;token2= abc;token3=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111112");
|
|
select version_tokens_show();
|
|
version_tokens_show()
|
|
token1=def;token2=abc;token3=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111112;
|
|
|
|
# Connection: con1
|
|
|
|
# The UDFs fail due to lack of privileges.
|
|
select version_tokens_set("token1 = abc;token2= def");
|
|
ERROR HY000: Can't initialize function 'version_tokens_set'; The user is not privileged to use this function.
|
|
select version_tokens_edit("token1= 123; token3 = asdf");
|
|
ERROR HY000: Can't initialize function 'version_tokens_edit'; The user is not privileged to use this function.
|
|
select version_tokens_delete("token1;token3");
|
|
ERROR HY000: Can't initialize function 'version_tokens_delete'; The user is not privileged to use this function.
|
|
select version_tokens_show();
|
|
ERROR HY000: Can't initialize function 'version_tokens_show'; The user is not privileged to use this function.
|
|
set @@version_tokens_session= "token1=def";
|
|
|
|
select 1;
|
|
1
|
|
1
|
|
select 1;
|
|
1
|
|
1
|
|
|
|
set @@version_tokens_session= "token3=abc";
|
|
|
|
select 1;
|
|
ERROR 42000: Version token mismatch for token3. Correct value 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111112
|
|
|
|
# Connection: con1 refreshed
|
|
|
|
# Next statement goes through as the connection is refreshed.
|
|
select @@version_tokens_session;
|
|
@@version_tokens_session
|
|
NULL
|
|
|
|
set @@version_tokens_session= "token111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111=abc;;";
|
|
|
|
# Connection: con1 refreshed
|
|
|
|
# Next statement goes through as the connection is refreshed.
|
|
select @@version_tokens_session;
|
|
@@version_tokens_session
|
|
NULL
|
|
|
|
set @@version_tokens_session= ";;";
|
|
set @@version_tokens_session= NULL;
|
|
set @@version_tokens_session= "token1=def;;;;;;;;";
|
|
set @@version_tokens_session= "token1=def;;; token2 = abc ; = ;;;;";
|
|
|
|
# Connection: con1 refreshed
|
|
|
|
set @@version_tokens_session= "token1=def;;; token2 = abc ; sdf = ;;;;";
|
|
|
|
# Connection: con1 refreshed
|
|
|
|
set @@version_tokens_session= "token1=def;; ; token2 = abc ;;;;;";
|
|
# Next queries get through as the session tokens are valid
|
|
use test;
|
|
create table t1 (c1 int);
|
|
drop table t1;
|
|
set @@version_tokens_session= "token1=def;;; token2 = abc ; = sdf ;;;;";
|
|
# This query fails as " = sdf" is not a valid token.
|
|
create table t1 (c1 int);
|
|
ERROR 42000: Empty version token name/value encountered
|
|
|
|
# Connection: con1 refreshed
|
|
|
|
set @@version_tokens_session= "token100=def;;; token2 = abc ;;;;;";
|
|
create table t1 (c1 int);
|
|
ERROR 42000: Version token token100 not found.
|
|
|
|
# Connection: default
|
|
# Next statement goes through as it is from a different connection.
|
|
select 1;
|
|
1
|
|
1
|
|
|
|
# Testing VERSION_TOKEN_ADMIN
|
|
|
|
CREATE USER u1@localhost IDENTIFIED BY 'foo';
|
|
GRANT VERSION_TOKEN_ADMIN ON *.* TO u1@localhost;
|
|
# Tests related to locking
|
|
# Connection: vtcon1
|
|
SELECT version_tokens_set("a=aa;b=bb;c=cc");
|
|
version_tokens_set("a=aa;b=bb;c=cc")
|
|
3 version tokens set.
|
|
set @@version_tokens_session= "a=aa";
|
|
SELECT sleep(6); # sleep for 6 seconds in background.;
|
|
# Connection: vtcon2
|
|
SELECT version_tokens_lock_exclusive("b",20);
|
|
version_tokens_lock_exclusive("b",20)
|
|
1
|
|
# Connection: vtcon3
|
|
SELECT version_tokens_lock_exclusive("a",20);
|
|
version_tokens_lock_exclusive("a",20)
|
|
1
|
|
SELECT version_tokens_unlock();
|
|
version_tokens_unlock()
|
|
1
|
|
# Connection: vtcon1
|
|
sleep(6)
|
|
0
|
|
|
|
UNINSTALL PLUGIN version_tokens;
|
|
Warnings:
|
|
Warning 1620 Plugin is busy and will be uninstalled on shutdown
|
|
|
|
# The UDFs fail as the plugin is uninstalled.
|
|
select version_tokens_set("token1 = abc;token2= def");
|
|
ERROR HY000: Can't initialize function 'version_tokens_set'; version_token plugin is not installed.
|
|
select version_tokens_edit("token1= 123; token3 = asdf");
|
|
ERROR HY000: Can't initialize function 'version_tokens_edit'; version_token plugin is not installed.
|
|
select version_tokens_delete("token1;token3");
|
|
ERROR HY000: Can't initialize function 'version_tokens_delete'; version_token plugin is not installed.
|
|
select version_tokens_show();
|
|
ERROR HY000: Can't initialize function 'version_tokens_show'; version_token plugin is not installed.
|
|
|
|
# VERSION_TOKEN_ADMIN shouldn't be visible in SHOW PRIVILEGES
|
|
SHOW PRIVILEGES;
|
|
Privilege Context Comment
|
|
APPLICATION_PASSWORD_ADMIN Server Admin
|
|
AUDIT_ADMIN Server Admin
|
|
Alter Tables To alter the table
|
|
Alter routine Functions,Procedures To alter or drop stored functions/procedures
|
|
BACKUP_ADMIN Server Admin
|
|
BINLOG_ADMIN Server Admin
|
|
BINLOG_ENCRYPTION_ADMIN Server Admin
|
|
CLONE_ADMIN Server Admin
|
|
CONNECTION_ADMIN Server Admin
|
|
Create Databases,Tables,Indexes To create new databases and tables
|
|
Create role Server Admin To create new roles
|
|
Create routine Databases To use CREATE FUNCTION/PROCEDURE
|
|
Create tablespace Server Admin To create/alter/drop tablespaces
|
|
Create temporary tables Databases To use CREATE TEMPORARY TABLE
|
|
Create user Server Admin To create new users
|
|
Create view Tables To create new views
|
|
Delete Tables To delete existing rows
|
|
Drop Databases,Tables To drop databases, tables, and views
|
|
Drop role Server Admin To drop roles
|
|
ENCRYPTION_KEY_ADMIN Server Admin
|
|
Event Server Admin To create, alter, drop and execute events
|
|
Execute Functions,Procedures To execute stored routines
|
|
File File access on server To read and write files on the server
|
|
GROUP_REPLICATION_ADMIN Server Admin
|
|
Grant option Databases,Tables,Functions,Procedures To give to other users those privileges you possess
|
|
INNODB_REDO_LOG_ARCHIVE Server Admin
|
|
Index Tables To create or drop indexes
|
|
Insert Tables To insert data into tables
|
|
Lock tables Databases To use LOCK TABLES (together with SELECT privilege)
|
|
PERSIST_RO_VARIABLES_ADMIN Server Admin
|
|
Process Server Admin To view the plain text of currently executing queries
|
|
Proxy Server Admin To make proxy user possible
|
|
REPLICATION_APPLIER Server Admin
|
|
REPLICATION_SLAVE_ADMIN Server Admin
|
|
RESOURCE_GROUP_ADMIN Server Admin
|
|
RESOURCE_GROUP_USER Server Admin
|
|
ROLE_ADMIN Server Admin
|
|
References Databases,Tables To have references on tables
|
|
Reload Server Admin To reload or refresh tables, logs and privileges
|
|
Replication client Server Admin To ask where the slave or master servers are
|
|
Replication slave Server Admin To read binary log events from the master
|
|
SERVICE_CONNECTION_ADMIN Server Admin
|
|
SESSION_VARIABLES_ADMIN Server Admin
|
|
SET_USER_ID Server Admin
|
|
SYSTEM_USER Server Admin
|
|
SYSTEM_VARIABLES_ADMIN Server Admin
|
|
Select Tables To retrieve rows from table
|
|
Show databases Server Admin To see all databases with SHOW DATABASES
|
|
Show view Tables To see views with SHOW CREATE VIEW
|
|
Shutdown Server Admin To shut down the server
|
|
Super Server Admin To use KILL thread, SET GLOBAL, CHANGE MASTER, etc.
|
|
TABLE_ENCRYPTION_ADMIN Server Admin
|
|
Trigger Tables To use triggers
|
|
Update Tables To update existing rows
|
|
Usage Server Admin No privileges - allow connect only
|
|
XA_RECOVER_ADMIN Server Admin
|
|
|
|
drop function version_tokens_set;
|
|
drop function version_tokens_show;
|
|
drop function version_tokens_edit;
|
|
drop function version_tokens_delete;
|
|
drop function version_tokens_lock_shared;
|
|
drop function version_tokens_lock_exclusive;
|
|
drop function version_tokens_unlock;
|
|
drop user vbhagi@localhost;
|
|
drop user u1@localhost;
|
|
|