Merge branch '10.5' into 10.6

Author: sanja-byelkin

mysql-test/main/sp-no-valgrind.test

@@ -1,5 +1,5 @@
 --source include/not_msan.inc
---source include/not_valgrind_build.inc
+--source include/not_valgrind.inc
 
 --echo # MDEV-20699 do not cache SP in SHOW CREATE
 --echo # Warmup round, this might allocate some memory for session variable

mysql-test/main/view_grant.result

@@ -1985,6 +1985,52 @@ connection default;
 DROP VIEW v1;
 DROP USER foo;
 DROP USER FOO;
+#
+# MDEV-36380: User has unauthorized access to a sequence through
+# a view with security invoker
+#
+create database db;
+use db;
+create sequence s;
+create sql security invoker view vin as select nextval(s);
+create sql security definer view vdn as select nextval(s);
+create sql security invoker view vil as select lastval(s);
+create sql security definer view vdl as select lastval(s);
+create sql security invoker view vis as select setval(s,20);
+create sql security definer view vds as select setval(s,30);
+create user u@localhost;
+grant select on db.vin to u@localhost;
+grant select on db.vdn to u@localhost;
+grant select on db.vil to u@localhost;
+grant select on db.vdl to u@localhost;
+grant select on db.vis to u@localhost;
+grant select on db.vds to u@localhost;
+connect  con1,localhost,u,,db;
+select nextval(s);
+ERROR 42000: SELECT, INSERT command denied to user 'u'@'localhost' for table `db`.`s`
+select * from vin;
+ERROR HY000: View 'db.vin' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from vdn;
+nextval(s)
+1
+select lastval(s);
+ERROR 42000: SELECT command denied to user 'u'@'localhost' for table `db`.`s`
+select * from vil;
+ERROR HY000: View 'db.vil' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from vdl;
+lastval(s)
+1
+select setval(s,10);
+ERROR 42000: INSERT command denied to user 'u'@'localhost' for table `db`.`s`
+select * from vis;
+ERROR HY000: View 'db.vis' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+select * from vds;
+setval(s,30)
+30
+disconnect con1;
+connection default;
+drop database db;
+drop user u@localhost;
 # End of 10.5 tests
 # Check that a user without access to the schema 'foo' cannot query
 # a JSON_TABLE view in that schema.

mysql-test/main/view_grant.test

@@ -2240,6 +2240,53 @@ DROP VIEW v1;
 DROP USER foo;
 DROP USER FOO;
 
+--echo #
+--echo # MDEV-36380: User has unauthorized access to a sequence through
+--echo # a view with security invoker
+--echo #
+create database db;
+use db;
+create sequence s;
+create sql security invoker view vin as select nextval(s);
+create sql security definer view vdn as select nextval(s);
+create sql security invoker view vil as select lastval(s);
+create sql security definer view vdl as select lastval(s);
+create sql security invoker view vis as select setval(s,20);
+create sql security definer view vds as select setval(s,30);
+create user u@localhost;
+grant select on db.vin to u@localhost;
+grant select on db.vdn to u@localhost;
+grant select on db.vil to u@localhost;
+grant select on db.vdl to u@localhost;
+grant select on db.vis to u@localhost;
+grant select on db.vds to u@localhost;
+
+--connect (con1,localhost,u,,db)
+--error ER_TABLEACCESS_DENIED_ERROR
+select nextval(s);
+--error ER_VIEW_INVALID
+select * from vin;
+--disable_ps2_protocol
+select * from vdn;
+--enable_ps2_protocol
+
+--error ER_TABLEACCESS_DENIED_ERROR
+select lastval(s);
+--error ER_VIEW_INVALID
+select * from vil;
+select * from vdl;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+select setval(s,10);
+--error ER_VIEW_INVALID
+select * from vis;
+select * from vds;
+
+--disconnect con1
+--connection default
+drop database db;
+drop user u@localhost;
+
 --echo # End of 10.5 tests
 
 --echo # Check that a user without access to the schema 'foo' cannot query

mysql-test/suite/gcol/r/innodb_virtual_basic.result

@@ -86,6 +86,8 @@ delete from t where a =13;
 DROP INDEX idx1 ON t;
 DROP INDEX idx2 ON t;
 DROP TABLE t;
+# restart
+set default_storage_engine=innodb;
 /* Test large BLOB data */
 CREATE TABLE `t` (
 `a` BLOB,

mysql-test/suite/gcol/t/innodb_virtual_basic.test

@@ -1,6 +1,6 @@
 --source include/have_innodb.inc
 --source include/have_partition.inc
---source include/big_test.inc
+--source include/not_embedded.inc
 
 call mtr.add_suppression("\\[Warning\\] InnoDB: Compute virtual");
 
@@ -66,6 +66,41 @@ DROP INDEX idx1 ON t;
 DROP INDEX idx2 ON t;
 DROP TABLE t;
 
+let MYSQLD_DATADIR=`select @@datadir`;
+let PAGE_SIZE=`select @@innodb_page_size`;
+--source include/shutdown_mysqld.inc
+perl;
+do "$ENV{MTR_SUITE_DIR}/../innodb/include/crc32.pl";
+my $file = "$ENV{MYSQLD_DATADIR}/ibdata1";
+open(FILE, "+<$file") || die "Unable to open $file";
+binmode FILE;
+my $ps= $ENV{PAGE_SIZE};
+my $page;
+die "Unable to read $file" unless sysread(FILE, $page, $ps) == $ps;
+my $full_crc32 = unpack("N",substr($page,54,4)) & 0x10; # FIL_SPACE_FLAGS
+sysseek(FILE, 7*$ps, 0) || die "Unable to seek $file\n";
+die "Unable to read $file" unless sysread(FILE, $page, $ps) == $ps;
+substr($page,54,4)=pack("N",0xc001cafe); # 32 MSB of 64-bit DICT_HDR_INDEX_ID
+my $polynomial = 0x82f63b78; # CRC-32C
+if ($full_crc32)
+{
+    my $ck = mycrc32(substr($page, 0, $ps-4), 0, $polynomial);
+    substr($page, $ps-4, 4) = pack("N", $ck);
+}
+else
+{
+    my $ck= pack("N",mycrc32(substr($page, 4, 22), 0, $polynomial) ^
+		 mycrc32(substr($page, 38, $ps - 38 - 8), 0, $polynomial));
+    substr($page,0,4)=$ck;
+    substr($page,$ps-8,4)=$ck;
+}
+sysseek(FILE, 7*$ps, 0) || die "Unable to rewind $file\n";
+syswrite(FILE, $page, $ps)==$ps || die "Unable to write $file\n";
+close(FILE) || die "Unable to close $file";
+EOF
+--source include/start_mysqld.inc
+set default_storage_engine=innodb;
+
 /* Test large BLOB data */
 CREATE TABLE `t` (
   `a` BLOB,

mysql-test/suite/plugins/r/server_audit.result

@@ -20,6 +20,9 @@ set global server_audit_file_path=null;
 set global server_audit_incl_users=null;
 set global server_audit_file_path='server_audit.log';
 set global server_audit_output_type=file;
+set global server_audit_file_path=REPEAT(REPEAT('new_file_name', 50), 50);
+Warnings:
+Warning	1	server_audit_file_path can't exceed FN_LEN characters.
 set global server_audit_logging=on;
 set global server_audit_incl_users= repeat("'root',", 10000);
 ERROR 42000: Variable 'server_audit_incl_users' can't be set to the value of ''root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','...'

mysql-test/suite/plugins/t/server_audit.test

@@ -20,6 +20,10 @@ set global server_audit_file_path=null;
 set global server_audit_incl_users=null;
 set global server_audit_file_path='server_audit.log';
 set global server_audit_output_type=file;
+
+--replace_regex /[1-9][0-9][0-9]+/FN_LEN/
+set global server_audit_file_path=REPEAT(REPEAT('new_file_name', 50), 50);
+
 set global server_audit_logging=on;
 
 --error ER_WRONG_VALUE_FOR_VAR

mysql-test/suite/sql_sequence/grant.result

@@ -47,14 +47,57 @@ next_not_cached_value	minimum_value	maximum_value	start_value	increment	cache_si
 11	1	9223372036854775806	1	1	1000	0	0
 connection only_alter;
 select next value for s1;
-ERROR 42000: INSERT command denied to user 'only_alter'@'localhost' for table `mysqltest_1`.`s1`
+ERROR 42000: SELECT, INSERT command denied to user 'only_alter'@'localhost' for table `mysqltest_1`.`s1`
 alter sequence s1 restart= 11;
 select * from s1;
 ERROR 42000: SELECT command denied to user 'only_alter'@'localhost' for table `mysqltest_1`.`s1`
 connection default;
-drop database mysqltest_1;
 drop user 'normal'@'%';
 drop user 'read_only'@'%';
 drop user 'read_write'@'%';
 drop user 'alter'@'%';
 drop user 'only_alter'@'%';
+drop sequence s1;
+#
+# MDEV-36413  User without any privileges to a sequence can read from
+# it and modify it via column default
+#
+create sequence s1;
+create sequence s2;
+select * from s2;
+next_not_cached_value	minimum_value	maximum_value	start_value	increment	cache_size	cycle_option	cycle_count
+1	1	9223372036854775806	1	1	1000	0	0
+create table t2 (a int not null default(nextval(s1)));
+insert into t2 values();
+create user u;
+grant create, insert, select, drop on mysqltest_1.t1 to u;
+grant insert, select on mysqltest_1.s1 to u;
+grant select on mysqltest_1.t2 to u;
+connect con1,localhost,u,,mysqltest_1;
+select nextval(s2);
+ERROR 42000: SELECT, INSERT command denied to user 'u'@'localhost' for table `mysqltest_1`.`s2`
+show create sequence s2;
+ERROR 42000: SHOW command denied to user 'u'@'localhost' for table `mysqltest_1`.`s2`
+create table t1 (a int not null default(nextval(s1)));
+drop table t1;
+create table t1 (a int not null default(nextval(s1))) select a from t2;
+insert into t1 values();
+select * from t1;
+a
+1
+2
+drop table t1;
+create table t1 (a int not null default(nextval(s1))) select a from (select t2.a from t2,t2 as t3 where t2.a=t3.a) as t4;
+drop table t1;
+create table t1 (a int not null default(nextval(s2)));
+ERROR 42000: SELECT, INSERT command denied to user 'u'@'localhost' for table `mysqltest_1`.`s2`
+create table t1 (a int not null default(nextval(s1)),
+b int not null default(nextval(s2)));
+ERROR 42000: SELECT, INSERT command denied to user 'u'@'localhost' for table `mysqltest_1`.`s2`
+disconnect con1;
+connection default;
+drop user u;
+drop database mysqltest_1;
+#
+# End of 10.11 tests
+#

mysql-test/suite/sql_sequence/grant.test

@@ -60,10 +60,58 @@ select * from s1;
 #
 
 connection default;
-drop database mysqltest_1;
 drop user 'normal'@'%';
 drop user 'read_only'@'%';
 drop user 'read_write'@'%';
 drop user 'alter'@'%';
 drop user 'only_alter'@'%';
+drop sequence s1;
+
+--echo #
+--echo # MDEV-36413  User without any privileges to a sequence can read from
+--echo # it and modify it via column default
+--echo #
+
+create sequence s1;
+create sequence s2;
+select * from s2;
+create table t2 (a int not null default(nextval(s1)));
+insert into t2 values();
+
+create user u;
+grant create, insert, select, drop on mysqltest_1.t1 to u;
+grant insert, select on mysqltest_1.s1 to u;
+grant select on mysqltest_1.t2 to u;
+
+--connect(con1,localhost,u,,mysqltest_1)
+--error ER_TABLEACCESS_DENIED_ERROR
+select nextval(s2);
+--error ER_TABLEACCESS_DENIED_ERROR
+show create sequence s2;
+
+create table t1 (a int not null default(nextval(s1)));
+drop table t1;
+create table t1 (a int not null default(nextval(s1))) select a from t2;
+insert into t1 values();
+select * from t1;
+drop table t1;
+create table t1 (a int not null default(nextval(s1))) select a from (select t2.a from t2,t2 as t3 where t2.a=t3.a) as t4;
+drop table t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+create table t1 (a int not null default(nextval(s2)));
+--error ER_TABLEACCESS_DENIED_ERROR
+create table t1 (a int not null default(nextval(s1)),
+                 b int not null default(nextval(s2)));
+--disconnect con1
+--connection default
+drop user u;
+
+#
+# Cleanup
+#
+
+drop database mysqltest_1;
 
+--echo #
+--echo # End of 10.11 tests
+--echo #

mysql-test/suite/sql_sequence/gtid.result

@@ -174,7 +174,7 @@ create sequence s_db.s2;
 drop sequence s_db.s2;
 connection m_normal_2;
 select next value for s_db.s1;
-ERROR 42000: INSERT command denied to user 'normal_2'@'localhost' for table `s_db`.`s1`
+ERROR 42000: SELECT, INSERT command denied to user 'normal_2'@'localhost' for table `s_db`.`s1`
 create sequence s_db.s2;
 ERROR 42000: CREATE command denied to user 'normal_2'@'localhost' for table `s_db`.`s2`
 connection m_normal_1;