595 lines
20 KiB
Plaintext
595 lines
20 KiB
Plaintext
|
use test;
|
||
|
|
grant usage on *.* to user1@localhost;
|
||
|
|
flush privileges;
|
||
|
|
drop table if exists t1;
|
||
|
|
drop database if exists db1_secret;
|
||
|
|
create database db1_secret;
|
||
|
|
create procedure db1_secret.dummy() begin end;
|
||
|
|
drop procedure db1_secret.dummy;
|
||
|
|
use db1_secret;
|
||
|
|
create table t1 ( u varchar(64), i int );
|
||
|
|
insert into t1 values('test', 0);
|
||
|
|
create procedure stamp(i int)
|
||
|
|
insert into db1_secret.t1 values (user(), i);
|
||
|
|
show procedure status like 'stamp';
|
||
|
|
Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation
|
||
|
|
db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER latin1 latin1_swedish_ci latin1_swedish_ci
|
||
|
|
create function db() returns varchar(64)
|
||
|
|
begin
|
||
|
|
declare v varchar(64);
|
||
|
|
select u into v from t1 limit 1;
|
||
|
|
return v;
|
||
|
|
end|
|
||
|
|
show function status like 'db';
|
||
|
|
Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation
|
||
|
|
db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER latin1 latin1_swedish_ci latin1_swedish_ci
|
||
|
|
call stamp(1);
|
||
|
|
select * from t1;
|
||
|
|
u i
|
||
|
|
test 0
|
||
|
|
root@localhost 1
|
||
|
|
select db();
|
||
|
|
db()
|
||
|
|
test
|
||
|
|
grant execute on procedure db1_secret.stamp to user1@'%';
|
||
|
|
grant execute on function db1_secret.db to user1@'%';
|
||
|
|
grant execute on procedure db1_secret.stamp to ''@'%';
|
||
|
|
grant execute on function db1_secret.db to ''@'%';
|
||
|
|
call db1_secret.stamp(2);
|
||
|
|
select db1_secret.db();
|
||
|
|
db1_secret.db()
|
||
|
|
test
|
||
|
|
select * from db1_secret.t1;
|
||
|
|
ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1'
|
||
|
|
create procedure db1_secret.dummy() begin end;
|
||
|
|
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
|
||
|
|
drop procedure db1_secret.dummy;
|
||
|
|
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
|
||
|
|
drop procedure db1_secret.stamp;
|
||
|
|
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db1_secret.stamp'
|
||
|
|
drop function db1_secret.db;
|
||
|
|
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db1_secret.db'
|
||
|
|
call db1_secret.stamp(3);
|
||
|
|
select db1_secret.db();
|
||
|
|
db1_secret.db()
|
||
|
|
test
|
||
|
|
select * from db1_secret.t1;
|
||
|
|
ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1'
|
||
|
|
create procedure db1_secret.dummy() begin end;
|
||
|
|
ERROR 42000: Access denied for user ''@'%' to database 'db1_secret'
|
||
|
|
drop procedure db1_secret.dummy;
|
||
|
|
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
|
||
|
|
drop procedure db1_secret.stamp;
|
||
|
|
ERROR 42000: alter routine command denied to user ''@'%' for routine 'db1_secret.stamp'
|
||
|
|
drop function db1_secret.db;
|
||
|
|
ERROR 42000: alter routine command denied to user ''@'%' for routine 'db1_secret.db'
|
||
|
|
select * from t1;
|
||
|
|
u i
|
||
|
|
test 0
|
||
|
|
root@localhost 1
|
||
|
|
user1@localhost 2
|
||
|
|
anon@localhost 3
|
||
|
|
alter procedure stamp sql security invoker;
|
||
|
|
show procedure status like 'stamp';
|
||
|
|
Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation
|
||
|
|
db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 INVOKER latin1 latin1_swedish_ci latin1_swedish_ci
|
||
|
|
alter function db sql security invoker;
|
||
|
|
show function status like 'db';
|
||
|
|
Db Name Type Definer Modified Created Security_type Comment character_set_client collation_connection Database Collation
|
||
|
|
db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 INVOKER latin1 latin1_swedish_ci latin1_swedish_ci
|
||
|
|
call stamp(4);
|
||
|
|
select * from t1;
|
||
|
|
u i
|
||
|
|
test 0
|
||
|
|
root@localhost 1
|
||
|
|
user1@localhost 2
|
||
|
|
anon@localhost 3
|
||
|
|
root@localhost 4
|
||
|
|
select db();
|
||
|
|
db()
|
||
|
|
test
|
||
|
|
call db1_secret.stamp(5);
|
||
|
|
ERROR 42000: INSERT command denied to user 'user1'@'localhost' for table 't1'
|
||
|
|
select db1_secret.db();
|
||
|
|
ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1'
|
||
|
|
call db1_secret.stamp(6);
|
||
|
|
ERROR 42000: INSERT command denied to user ''@'localhost' for table 't1'
|
||
|
|
select db1_secret.db();
|
||
|
|
ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1'
|
||
|
|
drop database if exists db2;
|
||
|
|
create database db2;
|
||
|
|
use db2;
|
||
|
|
create table t2 (s1 int);
|
||
|
|
insert into t2 values (0);
|
||
|
|
grant usage on db2.* to user1@localhost;
|
||
|
|
grant select on db2.* to user1@localhost;
|
||
|
|
grant usage on db2.* to user2@localhost;
|
||
|
|
grant select,insert,update,delete,create routine on db2.* to user2@localhost;
|
||
|
|
grant create routine on db2.* to user1@localhost;
|
||
|
|
flush privileges;
|
||
|
|
use db2;
|
||
|
|
create procedure p () insert into t2 values (1);
|
||
|
|
call p();
|
||
|
|
ERROR 42000: INSERT command denied to user 'user1'@'localhost' for table 't2'
|
||
|
|
use db2;
|
||
|
|
call p();
|
||
|
|
ERROR 42000: execute command denied to user 'user2'@'localhost' for routine 'db2.p'
|
||
|
|
select * from t2;
|
||
|
|
s1
|
||
|
|
0
|
||
|
|
create procedure q () insert into t2 values (2);
|
||
|
|
call q();
|
||
|
|
select * from t2;
|
||
|
|
s1
|
||
|
|
0
|
||
|
|
2
|
||
|
|
grant usage on procedure db2.q to user2@localhost with grant option;
|
||
|
|
grant execute on procedure db2.q to user1@localhost;
|
||
|
|
use db2;
|
||
|
|
call q();
|
||
|
|
select * from t2;
|
||
|
|
s1
|
||
|
|
0
|
||
|
|
2
|
||
|
|
2
|
||
|
|
alter procedure p modifies sql data;
|
||
|
|
drop procedure p;
|
||
|
|
alter procedure q modifies sql data;
|
||
|
|
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q'
|
||
|
|
drop procedure q;
|
||
|
|
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q'
|
||
|
|
use db2;
|
||
|
|
alter procedure q modifies sql data;
|
||
|
|
drop procedure q;
|
||
|
|
use test;
|
||
|
|
select type,db,name from mysql.proc where db like 'db%';
|
||
|
|
type db name
|
||
|
|
FUNCTION db1_secret db
|
||
|
|
PROCEDURE db1_secret stamp
|
||
|
|
drop database db1_secret;
|
||
|
|
drop database db2;
|
||
|
|
select type,db,name from mysql.proc where db like 'db%';
|
||
|
|
type db name
|
||
|
|
delete from mysql.user where user='user1' or user='user2';
|
||
|
|
delete from mysql.user where user='' and host='%';
|
||
|
|
delete from mysql.procs_priv where user='user1' or user='user2';
|
||
|
|
delete from mysql.procs_priv where user='' and host='%';
|
||
|
|
delete from mysql.db where user='user2';
|
||
|
|
flush privileges;
|
||
|
|
grant usage on *.* to usera@localhost;
|
||
|
|
grant usage on *.* to userb@localhost;
|
||
|
|
grant usage on *.* to userc@localhost;
|
||
|
|
create database sptest;
|
||
|
|
create table t1 ( u varchar(64), i int );
|
||
|
|
create procedure sptest.p1(i int) insert into test.t1 values (user(), i);
|
||
|
|
grant insert on t1 to usera@localhost;
|
||
|
|
grant execute on procedure sptest.p1 to usera@localhost;
|
||
|
|
show grants for usera@localhost;
|
||
|
|
Grants for usera@localhost
|
||
|
|
GRANT USAGE ON *.* TO 'usera'@'localhost'
|
||
|
|
GRANT INSERT ON `test`.`t1` TO 'usera'@'localhost'
|
||
|
|
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'usera'@'localhost'
|
||
|
|
grant execute on procedure sptest.p1 to userc@localhost with grant option;
|
||
|
|
show grants for userc@localhost;
|
||
|
|
Grants for userc@localhost
|
||
|
|
GRANT USAGE ON *.* TO 'userc'@'localhost'
|
||
|
|
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
|
||
|
|
call sptest.p1(1);
|
||
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
||
|
|
ERROR 42000: grant command denied to user 'usera'@'localhost' for routine 'sptest.p1'
|
||
|
|
drop procedure sptest.p1;
|
||
|
|
ERROR 42000: alter routine command denied to user 'usera'@'localhost' for routine 'sptest.p1'
|
||
|
|
call sptest.p1(2);
|
||
|
|
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
||
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
||
|
|
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
||
|
|
drop procedure sptest.p1;
|
||
|
|
ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
||
|
|
call sptest.p1(3);
|
||
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
||
|
|
drop procedure sptest.p1;
|
||
|
|
ERROR 42000: alter routine command denied to user 'userc'@'localhost' for routine 'sptest.p1'
|
||
|
|
call sptest.p1(4);
|
||
|
|
grant execute on procedure sptest.p1 to userb@localhost;
|
||
|
|
ERROR 42000: grant command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
||
|
|
drop procedure sptest.p1;
|
||
|
|
ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1'
|
||
|
|
select * from t1;
|
||
|
|
u i
|
||
|
|
usera@localhost 1
|
||
|
|
userc@localhost 3
|
||
|
|
userb@localhost 4
|
||
|
|
grant all privileges on procedure sptest.p1 to userc@localhost;
|
||
|
|
show grants for userc@localhost;
|
||
|
|
Grants for userc@localhost
|
||
|
|
GRANT USAGE ON *.* TO 'userc'@'localhost'
|
||
|
|
GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
|
||
|
|
show grants for userb@localhost;
|
||
|
|
Grants for userb@localhost
|
||
|
|
GRANT USAGE ON *.* TO 'userb'@'localhost'
|
||
|
|
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userb'@'localhost'
|
||
|
|
revoke all privileges on procedure sptest.p1 from userb@localhost;
|
||
|
|
show grants for userb@localhost;
|
||
|
|
Grants for userb@localhost
|
||
|
|
GRANT USAGE ON *.* TO 'userb'@'localhost'
|
||
|
|
use test;
|
||
|
|
drop database sptest;
|
||
|
|
delete from mysql.user where user='usera' or user='userb' or user='userc';
|
||
|
|
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
|
||
|
|
delete from mysql.tables_priv where user='usera';
|
||
|
|
flush privileges;
|
||
|
|
drop table t1;
|
||
|
|
drop function if exists bug_9503;
|
||
|
|
create database mysqltest//
|
||
|
|
use mysqltest//
|
||
|
|
create table t1 (s1 int)//
|
||
|
|
grant select on t1 to user1@localhost//
|
||
|
|
create function bug_9503 () returns int sql security invoker begin declare v int;
|
||
|
|
select min(s1) into v from t1; return v; end//
|
||
|
|
use mysqltest;
|
||
|
|
select bug_9503();
|
||
|
|
ERROR 42000: execute command denied to user 'user1'@'localhost' for routine 'mysqltest.bug_9503'
|
||
|
|
grant execute on function bug_9503 to user1@localhost;
|
||
|
|
do 1;
|
||
|
|
use test;
|
||
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
|
||
|
|
drop function bug_9503;
|
||
|
|
use test;
|
||
|
|
drop database mysqltest;
|
||
|
|
use test;
|
||
|
|
select current_user();
|
||
|
|
current_user()
|
||
|
|
root@localhost
|
||
|
|
select user();
|
||
|
|
user()
|
||
|
|
root@localhost
|
||
|
|
create procedure bug7291_0 () sql security invoker select current_user(), user();
|
||
|
|
create procedure bug7291_1 () sql security definer call bug7291_0();
|
||
|
|
create procedure bug7291_2 () sql security invoker call bug7291_0();
|
||
|
|
grant execute on procedure bug7291_0 to user1@localhost;
|
||
|
|
grant execute on procedure bug7291_1 to user1@localhost;
|
||
|
|
grant execute on procedure bug7291_2 to user1@localhost;
|
||
|
|
call bug7291_2();
|
||
|
|
current_user() user()
|
||
|
|
user1@localhost user1@localhost
|
||
|
|
call bug7291_1();
|
||
|
|
current_user() user()
|
||
|
|
root@localhost user1@localhost
|
||
|
|
drop procedure bug7291_1;
|
||
|
|
drop procedure bug7291_2;
|
||
|
|
drop procedure bug7291_0;
|
||
|
|
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
|
||
|
|
drop user user1@localhost;
|
||
|
|
drop database if exists mysqltest_1;
|
||
|
|
create database mysqltest_1;
|
||
|
|
create procedure mysqltest_1.p1()
|
||
|
|
begin
|
||
|
|
select 1 from dual;
|
||
|
|
end//
|
||
|
|
grant usage on *.* to mysqltest_1@localhost;
|
||
|
|
call mysqltest_1.p1();
|
||
|
|
ERROR 42000: execute command denied to user 'mysqltest_1'@'localhost' for routine 'mysqltest_1.p1'
|
||
|
|
call mysqltest_1.p1();
|
||
|
|
ERROR 42000: execute command denied to user 'mysqltest_1'@'localhost' for routine 'mysqltest_1.p1'
|
||
|
|
drop procedure mysqltest_1.p1;
|
||
|
|
drop database mysqltest_1;
|
||
|
|
revoke usage on *.* from mysqltest_1@localhost;
|
||
|
|
drop user mysqltest_1@localhost;
|
||
|
|
drop function if exists bug12812|
|
||
|
|
create function bug12812() returns char(2)
|
||
|
|
begin
|
||
|
|
return 'ok';
|
||
|
|
end;
|
||
|
|
create user user_bug12812@localhost IDENTIFIED BY 'ABC'|
|
||
|
|
SELECT test.bug12812()|
|
||
|
|
ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine 'test.bug12812'
|
||
|
|
CREATE VIEW v1 AS SELECT test.bug12812()|
|
||
|
|
ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine 'test.bug12812'
|
||
|
|
DROP USER user_bug12812@localhost|
|
||
|
|
drop function bug12812|
|
||
|
|
create database db_bug14834;
|
||
|
|
create user user1_bug14834@localhost identified by '';
|
||
|
|
grant all on `db\_bug14834`.* to user1_bug14834@localhost;
|
||
|
|
create user user2_bug14834@localhost identified by '';
|
||
|
|
grant all on `db\_bug14834`.* to user2_bug14834@localhost;
|
||
|
|
create user user3_bug14834@localhost identified by '';
|
||
|
|
grant all on `db__ug14834`.* to user3_bug14834@localhost;
|
||
|
|
create procedure p_bug14834() select user(), current_user();
|
||
|
|
call p_bug14834();
|
||
|
|
user() current_user()
|
||
|
|
user1_bug14834@localhost user1_bug14834@localhost
|
||
|
|
call p_bug14834();
|
||
|
|
user() current_user()
|
||
|
|
user2_bug14834@localhost user1_bug14834@localhost
|
||
|
|
call p_bug14834();
|
||
|
|
user() current_user()
|
||
|
|
user3_bug14834@localhost user1_bug14834@localhost
|
||
|
|
drop user user1_bug14834@localhost;
|
||
|
|
drop user user2_bug14834@localhost;
|
||
|
|
drop user user3_bug14834@localhost;
|
||
|
|
drop database db_bug14834;
|
||
|
|
create database db_bug14533;
|
||
|
|
use db_bug14533;
|
||
|
|
create table t1 (id int);
|
||
|
|
create user user_bug14533@localhost identified by '';
|
||
|
|
create procedure bug14533_1()
|
||
|
|
sql security definer
|
||
|
|
desc db_bug14533.t1;
|
||
|
|
create procedure bug14533_2()
|
||
|
|
sql security definer
|
||
|
|
select * from db_bug14533.t1;
|
||
|
|
grant execute on procedure db_bug14533.bug14533_1 to user_bug14533@localhost;
|
||
|
|
grant execute on procedure db_bug14533.bug14533_2 to user_bug14533@localhost;
|
||
|
|
call db_bug14533.bug14533_1();
|
||
|
|
Field Type Null Key Default Extra
|
||
|
|
id int(11) YES NULL
|
||
|
|
call db_bug14533.bug14533_2();
|
||
|
|
id
|
||
|
|
desc db_bug14533.t1;
|
||
|
|
ERROR 42000: SELECT command denied to user 'user_bug14533'@'localhost' for table 't1'
|
||
|
|
select * from db_bug14533.t1;
|
||
|
|
ERROR 42000: SELECT command denied to user 'user_bug14533'@'localhost' for table 't1'
|
||
|
|
drop user user_bug14533@localhost;
|
||
|
|
drop database db_bug14533;
|
||
|
|
|
||
|
|
---> connection: root
|
||
|
|
DROP DATABASE IF EXISTS mysqltest;
|
||
|
|
CREATE DATABASE mysqltest;
|
||
|
|
CREATE USER mysqltest_1@localhost;
|
||
|
|
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_1@localhost;
|
||
|
|
CREATE USER mysqltest_2@localhost;
|
||
|
|
GRANT SUPER ON *.* TO mysqltest_2@localhost;
|
||
|
|
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_2@localhost;
|
||
|
|
|
||
|
|
---> connection: mysqltest_2_con
|
||
|
|
USE mysqltest;
|
||
|
|
CREATE PROCEDURE wl2897_p1() SELECT 1;
|
||
|
|
CREATE FUNCTION wl2897_f1() RETURNS INT RETURN 1;
|
||
|
|
|
||
|
|
---> connection: mysqltest_1_con
|
||
|
|
USE mysqltest;
|
||
|
|
CREATE DEFINER=root@localhost PROCEDURE wl2897_p2() SELECT 2;
|
||
|
|
ERROR 42000: Access denied; you need the SUPER privilege for this operation
|
||
|
|
CREATE DEFINER=root@localhost FUNCTION wl2897_f2() RETURNS INT RETURN 2;
|
||
|
|
ERROR 42000: Access denied; you need the SUPER privilege for this operation
|
||
|
|
|
||
|
|
---> connection: mysqltest_2_con
|
||
|
|
use mysqltest;
|
||
|
|
CREATE DEFINER='a @ b @ c'@localhost PROCEDURE wl2897_p3() SELECT 3;
|
||
|
|
Warnings:
|
||
|
|
Note 1449 The user specified as a definer ('a @ b @ c'@'localhost') does not exist
|
||
|
|
CREATE DEFINER='a @ b @ c'@localhost FUNCTION wl2897_f3() RETURNS INT RETURN 3;
|
||
|
|
Warnings:
|
||
|
|
Note 1449 The user specified as a definer ('a @ b @ c'@'localhost') does not exist
|
||
|
|
|
||
|
|
---> connection: con1root
|
||
|
|
USE mysqltest;
|
||
|
|
SHOW CREATE PROCEDURE wl2897_p1;
|
||
|
|
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
|
||
|
|
wl2897_p1 CREATE DEFINER=`mysqltest_2`@`localhost` PROCEDURE `wl2897_p1`()
|
||
|
|
SELECT 1 latin1 latin1_swedish_ci latin1_swedish_ci
|
||
|
|
SHOW CREATE PROCEDURE wl2897_p3;
|
||
|
|
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
|
||
|
|
wl2897_p3 CREATE DEFINER=`a @ b @ c`@`localhost` PROCEDURE `wl2897_p3`()
|
||
|
|
SELECT 3 latin1 latin1_swedish_ci latin1_swedish_ci
|
||
|
|
SHOW CREATE FUNCTION wl2897_f1;
|
||
|
|
Function sql_mode Create Function character_set_client collation_connection Database Collation
|
||
|
|
wl2897_f1 CREATE DEFINER=`mysqltest_2`@`localhost` FUNCTION `wl2897_f1`() RETURNS int(11)
|
||
|
|
RETURN 1 latin1 latin1_swedish_ci latin1_swedish_ci
|
||
|
|
SHOW CREATE FUNCTION wl2897_f3;
|
||
|
|
Function sql_mode Create Function character_set_client collation_connection Database Collation
|
||
|
|
wl2897_f3 CREATE DEFINER=`a @ b @ c`@`localhost` FUNCTION `wl2897_f3`() RETURNS int(11)
|
||
|
|
RETURN 3 latin1 latin1_swedish_ci latin1_swedish_ci
|
||
|
|
DROP USER mysqltest_1@localhost;
|
||
|
|
DROP USER mysqltest_2@localhost;
|
||
|
|
DROP DATABASE mysqltest;
|
||
|
|
|
||
|
|
---> connection: root
|
||
|
|
DROP DATABASE IF EXISTS mysqltest;
|
||
|
|
CREATE DATABASE mysqltest;
|
||
|
|
CREATE USER mysqltest_1@localhost;
|
||
|
|
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_1@localhost;
|
||
|
|
CREATE USER mysqltest_2@localhost;
|
||
|
|
GRANT ALL PRIVILEGES ON mysqltest.* TO mysqltest_2@localhost;
|
||
|
|
|
||
|
|
---> connection: mysqltest_1_con
|
||
|
|
USE mysqltest;
|
||
|
|
CREATE PROCEDURE bug13198_p1()
|
||
|
|
SELECT 1;
|
||
|
|
CREATE FUNCTION bug13198_f1() RETURNS INT
|
||
|
|
RETURN 1;
|
||
|
|
CALL bug13198_p1();
|
||
|
|
1
|
||
|
|
1
|
||
|
|
SELECT bug13198_f1();
|
||
|
|
bug13198_f1()
|
||
|
|
1
|
||
|
|
|
||
|
|
---> connection: mysqltest_2_con
|
||
|
|
USE mysqltest;
|
||
|
|
CALL bug13198_p1();
|
||
|
|
1
|
||
|
|
1
|
||
|
|
SELECT bug13198_f1();
|
||
|
|
bug13198_f1()
|
||
|
|
1
|
||
|
|
|
||
|
|
---> connection: root
|
||
|
|
DROP USER mysqltest_1@localhost;
|
||
|
|
|
||
|
|
---> connection: mysqltest_2_con
|
||
|
|
USE mysqltest;
|
||
|
|
CALL bug13198_p1();
|
||
|
|
ERROR HY000: The user specified as a definer ('mysqltest_1'@'localhost') does not exist
|
||
|
|
SELECT bug13198_f1();
|
||
|
|
ERROR HY000: The user specified as a definer ('mysqltest_1'@'localhost') does not exist
|
||
|
|
|
||
|
|
---> connection: root
|
||
|
|
DROP USER mysqltest_2@localhost;
|
||
|
|
DROP DATABASE mysqltest;
|
||
|
|
GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
|
||
|
|
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
|
||
|
|
user19857@localhost;
|
||
|
|
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
|
||
|
|
Host User Password
|
||
|
|
localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C
|
||
|
|
|
||
|
|
---> connection: mysqltest_2_con
|
||
|
|
USE test;
|
||
|
|
CREATE PROCEDURE sp19857() DETERMINISTIC
|
||
|
|
BEGIN
|
||
|
|
DECLARE a INT;
|
||
|
|
SET a=1;
|
||
|
|
SELECT a;
|
||
|
|
END //
|
||
|
|
SHOW CREATE PROCEDURE test.sp19857;
|
||
|
|
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
|
||
|
|
sp19857 CREATE DEFINER=`user19857`@`localhost` PROCEDURE `sp19857`()
|
||
|
|
DETERMINISTIC
|
||
|
|
BEGIN
|
||
|
|
DECLARE a INT;
|
||
|
|
SET a=1;
|
||
|
|
SELECT a;
|
||
|
|
END latin1 latin1_swedish_ci latin1_swedish_ci
|
||
|
|
DROP PROCEDURE IF EXISTS test.sp19857;
|
||
|
|
|
||
|
|
---> connection: root
|
||
|
|
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
|
||
|
|
Host User Password
|
||
|
|
localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C
|
||
|
|
DROP USER user19857@localhost;
|
||
|
|
use test;
|
||
|
|
DROP TABLE IF EXISTS t1;
|
||
|
|
DROP VIEW IF EXISTS v1;
|
||
|
|
DROP FUNCTION IF EXISTS f_suid;
|
||
|
|
DROP PROCEDURE IF EXISTS p_suid;
|
||
|
|
DROP FUNCTION IF EXISTS f_evil;
|
||
|
|
DELETE FROM mysql.user WHERE user LIKE 'mysqltest\_%';
|
||
|
|
DELETE FROM mysql.db WHERE user LIKE 'mysqltest\_%';
|
||
|
|
DELETE FROM mysql.tables_priv WHERE user LIKE 'mysqltest\_%';
|
||
|
|
DELETE FROM mysql.columns_priv WHERE user LIKE 'mysqltest\_%';
|
||
|
|
FLUSH PRIVILEGES;
|
||
|
|
CREATE TABLE t1 (i INT);
|
||
|
|
CREATE FUNCTION f_suid(i INT) RETURNS INT SQL SECURITY DEFINER RETURN 0;
|
||
|
|
CREATE PROCEDURE p_suid(IN i INT) SQL SECURITY DEFINER SET @c:= 0;
|
||
|
|
CREATE USER mysqltest_u1@localhost;
|
||
|
|
GRANT EXECUTE ON test.* TO mysqltest_u1@localhost;
|
||
|
|
CREATE DEFINER=mysqltest_u1@localhost FUNCTION f_evil () RETURNS INT
|
||
|
|
SQL SECURITY INVOKER
|
||
|
|
BEGIN
|
||
|
|
SET @a:= CURRENT_USER();
|
||
|
|
SET @b:= (SELECT COUNT(*) FROM t1);
|
||
|
|
RETURN @b;
|
||
|
|
END|
|
||
|
|
CREATE SQL SECURITY INVOKER VIEW v1 AS SELECT f_evil();
|
||
|
|
SELECT COUNT(*) FROM t1;
|
||
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
|
||
|
|
SELECT f_evil();
|
||
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
|
||
|
|
SELECT @a, @b;
|
||
|
|
@a @b
|
||
|
|
mysqltest_u1@localhost NULL
|
||
|
|
SELECT f_suid(f_evil());
|
||
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
|
||
|
|
SELECT @a, @b;
|
||
|
|
@a @b
|
||
|
|
mysqltest_u1@localhost NULL
|
||
|
|
CALL p_suid(f_evil());
|
||
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
|
||
|
|
SELECT @a, @b;
|
||
|
|
@a @b
|
||
|
|
mysqltest_u1@localhost NULL
|
||
|
|
SELECT * FROM v1;
|
||
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'v1'
|
||
|
|
SELECT @a, @b;
|
||
|
|
@a @b
|
||
|
|
mysqltest_u1@localhost NULL
|
||
|
|
DROP VIEW v1;
|
||
|
|
DROP FUNCTION f_evil;
|
||
|
|
DROP USER mysqltest_u1@localhost;
|
||
|
|
DROP PROCEDURE p_suid;
|
||
|
|
DROP FUNCTION f_suid;
|
||
|
|
DROP TABLE t1;
|
||
|
|
#
|
||
|
|
# Bug #48872 : Privileges for stored functions ignored if function name
|
||
|
|
# is mixed case
|
||
|
|
#
|
||
|
|
CREATE DATABASE B48872;
|
||
|
|
USE B48872;
|
||
|
|
CREATE TABLE `TestTab` (id INT);
|
||
|
|
INSERT INTO `TestTab` VALUES (1),(2);
|
||
|
|
CREATE FUNCTION `f_Test`() RETURNS INT RETURN 123;
|
||
|
|
CREATE FUNCTION `f_Test_denied`() RETURNS INT RETURN 123;
|
||
|
|
CREATE USER 'tester';
|
||
|
|
CREATE USER 'Tester';
|
||
|
|
GRANT SELECT ON TABLE `TestTab` TO 'tester';
|
||
|
|
GRANT EXECUTE ON FUNCTION `f_Test` TO 'tester';
|
||
|
|
GRANT EXECUTE ON FUNCTION `f_Test_denied` TO 'Tester';
|
||
|
|
SELECT f_Test();
|
||
|
|
f_Test()
|
||
|
|
123
|
||
|
|
SELECT * FROM TestTab;
|
||
|
|
id
|
||
|
|
1
|
||
|
|
2
|
||
|
|
SELECT * FROM TestTab;
|
||
|
|
id
|
||
|
|
1
|
||
|
|
2
|
||
|
|
SELECT `f_Test`();
|
||
|
|
`f_Test`()
|
||
|
|
123
|
||
|
|
SELECT `F_TEST`();
|
||
|
|
`F_TEST`()
|
||
|
|
123
|
||
|
|
SELECT f_Test();
|
||
|
|
f_Test()
|
||
|
|
123
|
||
|
|
SELECT F_TEST();
|
||
|
|
F_TEST()
|
||
|
|
123
|
||
|
|
SELECT * FROM TestTab;
|
||
|
|
SELECT `f_Test`();
|
||
|
|
SELECT `F_TEST`();
|
||
|
|
SELECT f_Test();
|
||
|
|
SELECT F_TEST();
|
||
|
|
SELECT `f_Test_denied`();
|
||
|
|
`f_Test_denied`()
|
||
|
|
123
|
||
|
|
SELECT `F_TEST_DENIED`();
|
||
|
|
`F_TEST_DENIED`()
|
||
|
|
123
|
||
|
|
DROP TABLE `TestTab`;
|
||
|
|
DROP FUNCTION `f_Test`;
|
||
|
|
DROP FUNCTION `f_Test_denied`;
|
||
|
|
USE test;
|
||
|
|
DROP USER 'tester';
|
||
|
|
DROP USER 'Tester';
|
||
|
|
DROP DATABASE B48872;
|
||
|
|
End of 5.0 tests.
|
||
|
|
#
|
||
|
|
# Bug#11882603 SELECT_ACL ON ANY COLUMN IN MYSQL.PROC ALLOWS TO SEE
|
||
|
|
# DEFINITION OF ANY ROUTINE.
|
||
|
|
#
|
||
|
|
DROP DATABASE IF EXISTS db1;
|
||
|
|
CREATE DATABASE db1;
|
||
|
|
CREATE PROCEDURE db1.p1() SELECT 1;
|
||
|
|
CREATE USER user2@localhost IDENTIFIED BY '';
|
||
|
|
GRANT SELECT(db) ON mysql.proc TO user2@localhost;
|
||
|
|
# Connection con2 as user2
|
||
|
|
# The statement below before disclosed info from body_utf8 column.
|
||
|
|
SHOW CREATE PROCEDURE db1.p1;
|
||
|
|
ERROR 42000: PROCEDURE p1 does not exist
|
||
|
|
# Check that SHOW works with SELECT grant on whole table
|
||
|
|
# Connection default
|
||
|
|
GRANT SELECT ON mysql.proc TO user2@localhost;
|
||
|
|
# Connection con2
|
||
|
|
# This should work
|
||
|
|
SHOW CREATE PROCEDURE db1.p1;
|
||
|
|
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
|
||
|
|
p1 CREATE DEFINER=`root`@`localhost` PROCEDURE `p1`()
|
||
|
|
SELECT 1 latin1 latin1_swedish_ci latin1_swedish_ci
|
||
|
|
# Connection default
|
||
|
|
DROP USER user2@localhost;
|
||
|
|
DROP DATABASE db1;
|