Skip to content

Commit a135551

Browse files
committed
Merge branch '10.5' into 10.6
2 parents 236dec6 + 952ffb5 commit a135551

29 files changed

+317
-51
lines changed

mysql-test/main/sp-no-valgrind.test

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
--source include/not_msan.inc
2-
--source include/not_valgrind_build.inc
2+
--source include/not_valgrind.inc
33

44
--echo # MDEV-20699 do not cache SP in SHOW CREATE
55
--echo # Warmup round, this might allocate some memory for session variable

mysql-test/main/view_grant.result

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1985,6 +1985,52 @@ connection default;
19851985
DROP VIEW v1;
19861986
DROP USER foo;
19871987
DROP USER FOO;
1988+
#
1989+
# MDEV-36380: User has unauthorized access to a sequence through
1990+
# a view with security invoker
1991+
#
1992+
create database db;
1993+
use db;
1994+
create sequence s;
1995+
create sql security invoker view vin as select nextval(s);
1996+
create sql security definer view vdn as select nextval(s);
1997+
create sql security invoker view vil as select lastval(s);
1998+
create sql security definer view vdl as select lastval(s);
1999+
create sql security invoker view vis as select setval(s,20);
2000+
create sql security definer view vds as select setval(s,30);
2001+
create user u@localhost;
2002+
grant select on db.vin to u@localhost;
2003+
grant select on db.vdn to u@localhost;
2004+
grant select on db.vil to u@localhost;
2005+
grant select on db.vdl to u@localhost;
2006+
grant select on db.vis to u@localhost;
2007+
grant select on db.vds to u@localhost;
2008+
connect con1,localhost,u,,db;
2009+
select nextval(s);
2010+
ERROR 42000: SELECT, INSERT command denied to user 'u'@'localhost' for table `db`.`s`
2011+
select * from vin;
2012+
ERROR HY000: View 'db.vin' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
2013+
select * from vdn;
2014+
nextval(s)
2015+
1
2016+
select lastval(s);
2017+
ERROR 42000: SELECT command denied to user 'u'@'localhost' for table `db`.`s`
2018+
select * from vil;
2019+
ERROR HY000: View 'db.vil' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
2020+
select * from vdl;
2021+
lastval(s)
2022+
1
2023+
select setval(s,10);
2024+
ERROR 42000: INSERT command denied to user 'u'@'localhost' for table `db`.`s`
2025+
select * from vis;
2026+
ERROR HY000: View 'db.vis' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
2027+
select * from vds;
2028+
setval(s,30)
2029+
30
2030+
disconnect con1;
2031+
connection default;
2032+
drop database db;
2033+
drop user u@localhost;
19882034
# End of 10.5 tests
19892035
# Check that a user without access to the schema 'foo' cannot query
19902036
# a JSON_TABLE view in that schema.

mysql-test/main/view_grant.test

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2240,6 +2240,53 @@ DROP VIEW v1;
22402240
DROP USER foo;
22412241
DROP USER FOO;
22422242

2243+
--echo #
2244+
--echo # MDEV-36380: User has unauthorized access to a sequence through
2245+
--echo # a view with security invoker
2246+
--echo #
2247+
create database db;
2248+
use db;
2249+
create sequence s;
2250+
create sql security invoker view vin as select nextval(s);
2251+
create sql security definer view vdn as select nextval(s);
2252+
create sql security invoker view vil as select lastval(s);
2253+
create sql security definer view vdl as select lastval(s);
2254+
create sql security invoker view vis as select setval(s,20);
2255+
create sql security definer view vds as select setval(s,30);
2256+
create user u@localhost;
2257+
grant select on db.vin to u@localhost;
2258+
grant select on db.vdn to u@localhost;
2259+
grant select on db.vil to u@localhost;
2260+
grant select on db.vdl to u@localhost;
2261+
grant select on db.vis to u@localhost;
2262+
grant select on db.vds to u@localhost;
2263+
2264+
--connect (con1,localhost,u,,db)
2265+
--error ER_TABLEACCESS_DENIED_ERROR
2266+
select nextval(s);
2267+
--error ER_VIEW_INVALID
2268+
select * from vin;
2269+
--disable_ps2_protocol
2270+
select * from vdn;
2271+
--enable_ps2_protocol
2272+
2273+
--error ER_TABLEACCESS_DENIED_ERROR
2274+
select lastval(s);
2275+
--error ER_VIEW_INVALID
2276+
select * from vil;
2277+
select * from vdl;
2278+
2279+
--error ER_TABLEACCESS_DENIED_ERROR
2280+
select setval(s,10);
2281+
--error ER_VIEW_INVALID
2282+
select * from vis;
2283+
select * from vds;
2284+
2285+
--disconnect con1
2286+
--connection default
2287+
drop database db;
2288+
drop user u@localhost;
2289+
22432290
--echo # End of 10.5 tests
22442291

22452292
--echo # Check that a user without access to the schema 'foo' cannot query

mysql-test/suite/gcol/r/innodb_virtual_basic.result

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,8 @@ delete from t where a =13;
8686
DROP INDEX idx1 ON t;
8787
DROP INDEX idx2 ON t;
8888
DROP TABLE t;
89+
# restart
90+
set default_storage_engine=innodb;
8991
/* Test large BLOB data */
9092
CREATE TABLE `t` (
9193
`a` BLOB,

mysql-test/suite/gcol/t/innodb_virtual_basic.test

Lines changed: 36 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
--source include/have_innodb.inc
22
--source include/have_partition.inc
3-
--source include/big_test.inc
3+
--source include/not_embedded.inc
44

55
call mtr.add_suppression("\\[Warning\\] InnoDB: Compute virtual");
66

@@ -66,6 +66,41 @@ DROP INDEX idx1 ON t;
6666
DROP INDEX idx2 ON t;
6767
DROP TABLE t;
6868

69+
let MYSQLD_DATADIR=`select @@datadir`;
70+
let PAGE_SIZE=`select @@innodb_page_size`;
71+
--source include/shutdown_mysqld.inc
72+
perl;
73+
do "$ENV{MTR_SUITE_DIR}/../innodb/include/crc32.pl";
74+
my $file = "$ENV{MYSQLD_DATADIR}/ibdata1";
75+
open(FILE, "+<$file") || die "Unable to open $file";
76+
binmode FILE;
77+
my $ps= $ENV{PAGE_SIZE};
78+
my $page;
79+
die "Unable to read $file" unless sysread(FILE, $page, $ps) == $ps;
80+
my $full_crc32 = unpack("N",substr($page,54,4)) & 0x10; # FIL_SPACE_FLAGS
81+
sysseek(FILE, 7*$ps, 0) || die "Unable to seek $file\n";
82+
die "Unable to read $file" unless sysread(FILE, $page, $ps) == $ps;
83+
substr($page,54,4)=pack("N",0xc001cafe); # 32 MSB of 64-bit DICT_HDR_INDEX_ID
84+
my $polynomial = 0x82f63b78; # CRC-32C
85+
if ($full_crc32)
86+
{
87+
my $ck = mycrc32(substr($page, 0, $ps-4), 0, $polynomial);
88+
substr($page, $ps-4, 4) = pack("N", $ck);
89+
}
90+
else
91+
{
92+
my $ck= pack("N",mycrc32(substr($page, 4, 22), 0, $polynomial) ^
93+
mycrc32(substr($page, 38, $ps - 38 - 8), 0, $polynomial));
94+
substr($page,0,4)=$ck;
95+
substr($page,$ps-8,4)=$ck;
96+
}
97+
sysseek(FILE, 7*$ps, 0) || die "Unable to rewind $file\n";
98+
syswrite(FILE, $page, $ps)==$ps || die "Unable to write $file\n";
99+
close(FILE) || die "Unable to close $file";
100+
EOF
101+
--source include/start_mysqld.inc
102+
set default_storage_engine=innodb;
103+
69104
/* Test large BLOB data */
70105
CREATE TABLE `t` (
71106
`a` BLOB,

mysql-test/suite/plugins/r/server_audit.result

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,9 @@ set global server_audit_file_path=null;
2020
set global server_audit_incl_users=null;
2121
set global server_audit_file_path='server_audit.log';
2222
set global server_audit_output_type=file;
23+
set global server_audit_file_path=REPEAT(REPEAT('new_file_name', 50), 50);
24+
Warnings:
25+
Warning 1 server_audit_file_path can't exceed FN_LEN characters.
2326
set global server_audit_logging=on;
2427
set global server_audit_incl_users= repeat("'root',", 10000);
2528
ERROR 42000: Variable 'server_audit_incl_users' can't be set to the value of ''root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','...'

mysql-test/suite/plugins/t/server_audit.test

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,10 @@ set global server_audit_file_path=null;
2020
set global server_audit_incl_users=null;
2121
set global server_audit_file_path='server_audit.log';
2222
set global server_audit_output_type=file;
23+
24+
--replace_regex /[1-9][0-9][0-9]+/FN_LEN/
25+
set global server_audit_file_path=REPEAT(REPEAT('new_file_name', 50), 50);
26+
2327
set global server_audit_logging=on;
2428

2529
--error ER_WRONG_VALUE_FOR_VAR

mysql-test/suite/sql_sequence/grant.result

Lines changed: 45 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,14 +47,57 @@ next_not_cached_value minimum_value maximum_value start_value increment cache_si
4747
11 1 9223372036854775806 1 1 1000 0 0
4848
connection only_alter;
4949
select next value for s1;
50-
ERROR 42000: INSERT command denied to user 'only_alter'@'localhost' for table `mysqltest_1`.`s1`
50+
ERROR 42000: SELECT, INSERT command denied to user 'only_alter'@'localhost' for table `mysqltest_1`.`s1`
5151
alter sequence s1 restart= 11;
5252
select * from s1;
5353
ERROR 42000: SELECT command denied to user 'only_alter'@'localhost' for table `mysqltest_1`.`s1`
5454
connection default;
55-
drop database mysqltest_1;
5655
drop user 'normal'@'%';
5756
drop user 'read_only'@'%';
5857
drop user 'read_write'@'%';
5958
drop user 'alter'@'%';
6059
drop user 'only_alter'@'%';
60+
drop sequence s1;
61+
#
62+
# MDEV-36413 User without any privileges to a sequence can read from
63+
# it and modify it via column default
64+
#
65+
create sequence s1;
66+
create sequence s2;
67+
select * from s2;
68+
next_not_cached_value minimum_value maximum_value start_value increment cache_size cycle_option cycle_count
69+
1 1 9223372036854775806 1 1 1000 0 0
70+
create table t2 (a int not null default(nextval(s1)));
71+
insert into t2 values();
72+
create user u;
73+
grant create, insert, select, drop on mysqltest_1.t1 to u;
74+
grant insert, select on mysqltest_1.s1 to u;
75+
grant select on mysqltest_1.t2 to u;
76+
connect con1,localhost,u,,mysqltest_1;
77+
select nextval(s2);
78+
ERROR 42000: SELECT, INSERT command denied to user 'u'@'localhost' for table `mysqltest_1`.`s2`
79+
show create sequence s2;
80+
ERROR 42000: SHOW command denied to user 'u'@'localhost' for table `mysqltest_1`.`s2`
81+
create table t1 (a int not null default(nextval(s1)));
82+
drop table t1;
83+
create table t1 (a int not null default(nextval(s1))) select a from t2;
84+
insert into t1 values();
85+
select * from t1;
86+
a
87+
1
88+
2
89+
drop table t1;
90+
create table t1 (a int not null default(nextval(s1))) select a from (select t2.a from t2,t2 as t3 where t2.a=t3.a) as t4;
91+
drop table t1;
92+
create table t1 (a int not null default(nextval(s2)));
93+
ERROR 42000: SELECT, INSERT command denied to user 'u'@'localhost' for table `mysqltest_1`.`s2`
94+
create table t1 (a int not null default(nextval(s1)),
95+
b int not null default(nextval(s2)));
96+
ERROR 42000: SELECT, INSERT command denied to user 'u'@'localhost' for table `mysqltest_1`.`s2`
97+
disconnect con1;
98+
connection default;
99+
drop user u;
100+
drop database mysqltest_1;
101+
#
102+
# End of 10.11 tests
103+
#

mysql-test/suite/sql_sequence/grant.test

Lines changed: 49 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,10 +60,58 @@ select * from s1;
6060
#
6161

6262
connection default;
63-
drop database mysqltest_1;
6463
drop user 'normal'@'%';
6564
drop user 'read_only'@'%';
6665
drop user 'read_write'@'%';
6766
drop user 'alter'@'%';
6867
drop user 'only_alter'@'%';
68+
drop sequence s1;
69+
70+
--echo #
71+
--echo # MDEV-36413 User without any privileges to a sequence can read from
72+
--echo # it and modify it via column default
73+
--echo #
74+
75+
create sequence s1;
76+
create sequence s2;
77+
select * from s2;
78+
create table t2 (a int not null default(nextval(s1)));
79+
insert into t2 values();
80+
81+
create user u;
82+
grant create, insert, select, drop on mysqltest_1.t1 to u;
83+
grant insert, select on mysqltest_1.s1 to u;
84+
grant select on mysqltest_1.t2 to u;
85+
86+
--connect(con1,localhost,u,,mysqltest_1)
87+
--error ER_TABLEACCESS_DENIED_ERROR
88+
select nextval(s2);
89+
--error ER_TABLEACCESS_DENIED_ERROR
90+
show create sequence s2;
91+
92+
create table t1 (a int not null default(nextval(s1)));
93+
drop table t1;
94+
create table t1 (a int not null default(nextval(s1))) select a from t2;
95+
insert into t1 values();
96+
select * from t1;
97+
drop table t1;
98+
create table t1 (a int not null default(nextval(s1))) select a from (select t2.a from t2,t2 as t3 where t2.a=t3.a) as t4;
99+
drop table t1;
100+
--error ER_TABLEACCESS_DENIED_ERROR
101+
create table t1 (a int not null default(nextval(s2)));
102+
--error ER_TABLEACCESS_DENIED_ERROR
103+
create table t1 (a int not null default(nextval(s1)),
104+
b int not null default(nextval(s2)));
105+
--disconnect con1
106+
--connection default
107+
drop user u;
108+
109+
#
110+
# Cleanup
111+
#
112+
113+
drop database mysqltest_1;
69114

115+
--echo #
116+
--echo # End of 10.11 tests
117+
--echo #

mysql-test/suite/sql_sequence/gtid.result

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ create sequence s_db.s2;
174174
drop sequence s_db.s2;
175175
connection m_normal_2;
176176
select next value for s_db.s1;
177-
ERROR 42000: INSERT command denied to user 'normal_2'@'localhost' for table `s_db`.`s1`
177+
ERROR 42000: SELECT, INSERT command denied to user 'normal_2'@'localhost' for table `s_db`.`s1`
178178
create sequence s_db.s2;
179179
ERROR 42000: CREATE command denied to user 'normal_2'@'localhost' for table `s_db`.`s2`
180180
connection m_normal_1;

0 commit comments

Comments
 (0)