Skip to content

Commit b0325bd

Browse files
sanja-byelkinvuvova
sanja-byelkin
authored and
vuvova
committed
MDEV-5215 Granted to PUBLIC
1 parent 594bed9 commit b0325bd

14 files changed

+1325
-204
lines changed

mysql-test/main/public_basic.result

Lines changed: 138 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,138 @@
1+
SHOW GRANTS FOR PUBLIC;
2+
Grants for PUBLIC
3+
# it is not PUBLIC but an user
4+
# (this should work as it allowed for roles for example)
5+
create user PUBLIC;
6+
create user PUBLIC@localhost;
7+
GRANT SELECT on test.* to PUBLIC@localhost;
8+
drop user PUBLIC@localhost;
9+
drop user PUBLIC;
10+
# preinstalled PUBLIC
11+
GRANT SELECT on test.* to PUBLIC;
12+
GRANT SELECT on mysql.db to PUBLIC;
13+
select * from mysql.global_priv where user="PUBLIC" ;
14+
Host User Priv
15+
PUBLIC {"access":0,"version_id":VERSION,"is_role":true}
16+
SHOW GRANTS FOR PUBLIC;
17+
Grants for PUBLIC
18+
GRANT SELECT ON `test`.* TO `PUBLIC`
19+
GRANT SELECT ON `mysql`.`db` TO `PUBLIC`
20+
GRANT UPDATE on test.* to PUBLIC;
21+
GRANT UPDATE on mysql.db to PUBLIC;
22+
SHOW GRANTS FOR PUBLIC;
23+
Grants for PUBLIC
24+
GRANT SELECT, UPDATE ON `test`.* TO `PUBLIC`
25+
GRANT SELECT, UPDATE ON `mysql`.`db` TO `PUBLIC`
26+
REVOKE SELECT on test.* from PUBLIC;
27+
REVOKE SELECT on mysql.db from PUBLIC;
28+
SHOW GRANTS FOR PUBLIC;
29+
Grants for PUBLIC
30+
GRANT UPDATE ON `test`.* TO `PUBLIC`
31+
GRANT UPDATE ON `mysql`.`db` TO `PUBLIC`
32+
REVOKE UPDATE on test.* from PUBLIC;
33+
REVOKE UPDATE on mysql.db from PUBLIC;
34+
REVOKE UPDATE on test.* from PUBLIC;
35+
ERROR 42000: There is no such grant defined for user 'PUBLIC' on host ''
36+
REVOKE UPDATE on mysql.db from PUBLIC;
37+
ERROR 42000: There is no such grant defined for user 'PUBLIC' on host '' on table 'db'
38+
SHOW GRANTS FOR PUBLIC;
39+
Grants for PUBLIC
40+
# automaticly added PUBLIC
41+
delete from mysql.global_priv where user="PUBLIC";
42+
flush privileges;
43+
select * from mysql.global_priv where user="PUBLIC" ;
44+
Host User Priv
45+
GRANT SELECT on test.* to PUBLIC;
46+
GRANT SELECT on mysql.db to PUBLIC;
47+
select * from mysql.global_priv where user="PUBLIC" ;
48+
Host User Priv
49+
PUBLIC {"access":0,"version_id":VERSION,"is_role":true}
50+
SHOW GRANTS FOR PUBLIC;
51+
Grants for PUBLIC
52+
GRANT SELECT ON `test`.* TO `PUBLIC`
53+
GRANT SELECT ON `mysql`.`db` TO `PUBLIC`
54+
GRANT UPDATE on test.* to PUBLIC;
55+
GRANT UPDATE on mysql.db to PUBLIC;
56+
SHOW GRANTS FOR PUBLIC;
57+
Grants for PUBLIC
58+
GRANT SELECT, UPDATE ON `test`.* TO `PUBLIC`
59+
GRANT SELECT, UPDATE ON `mysql`.`db` TO `PUBLIC`
60+
REVOKE SELECT on test.* from PUBLIC;
61+
REVOKE SELECT on mysql.db from PUBLIC;
62+
SHOW GRANTS FOR PUBLIC;
63+
Grants for PUBLIC
64+
GRANT UPDATE ON `test`.* TO `PUBLIC`
65+
GRANT UPDATE ON `mysql`.`db` TO `PUBLIC`
66+
REVOKE UPDATE on test.* from PUBLIC;
67+
REVOKE UPDATE on mysql.db from PUBLIC;
68+
SHOW GRANTS FOR PUBLIC;
69+
Grants for PUBLIC
70+
GRANT XXXXXX TO CURRENT_USER;
71+
ERROR OP000: Invalid role specification `XXXXXX`
72+
# following should fail with the same error as above
73+
GRANT PUBLIC TO CURRENT_USER;
74+
ERROR OP000: Invalid role specification `PUBLIC`
75+
REVOKE XXXXXX FROM CURRENT_USER;
76+
ERROR OP000: Invalid role specification `XXXXXX`
77+
# following should fail with the same error as above
78+
REVOKE PUBLIC FROM CURRENT_USER;
79+
ERROR OP000: Invalid role specification `PUBLIC`
80+
drop role XXXXXX;
81+
ERROR HY000: Operation DROP ROLE failed for 'XXXXXX'
82+
# following should fail with the same error as above
83+
drop role PUBLIC;
84+
ERROR HY000: Operation DROP ROLE failed for PUBLIC
85+
SET ROLE XXXXXX;
86+
ERROR OP000: Invalid role specification `XXXXXX`
87+
# following should fail with the same error as above
88+
SET ROLE PUBLIC;
89+
ERROR OP000: Invalid role specification `PUBLIC`
90+
SET DEFAULT ROLE XXXXXX;
91+
ERROR OP000: Invalid role specification `XXXXXX`
92+
# following should fail with the same error as above
93+
SET DEFAULT ROLE PUBLIC;
94+
ERROR OP000: Invalid role specification `PUBLIC`
95+
#
96+
# check prohibition of change security context to PUBLIC
97+
#
98+
# be sure that we have PUBLIC
99+
GRANT SELECT on test.* to PUBLIC;
100+
# try with a view
101+
create table t1( a int);
102+
create definer = PUBLIC view v1 as select * from t1;
103+
Warnings:
104+
Note 1449 The user specified as a definer ('PUBLIC'@'') does not exist
105+
show create view v1;
106+
View Create View character_set_client collation_connection
107+
v1 CREATE ALGORITHM=UNDEFINED DEFINER=`PUBLIC` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`a` AS `a` from `t1` latin1 latin1_swedish_ci
108+
Warnings:
109+
Note 1449 The user specified as a definer ('PUBLIC'@'') does not exist
110+
select * from v1;
111+
ERROR HY000: The user specified as a definer ('PUBLIC'@'') does not exist
112+
drop view v1;
113+
drop table t1;
114+
# try with a view
115+
create definer='PUBLIC' PROCEDURE p1() SELECT 1;
116+
Warnings:
117+
Note 1449 The user specified as a definer ('PUBLIC'@'') does not exist
118+
show create procedure p1;
119+
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
120+
p1 STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION CREATE DEFINER=`PUBLIC` PROCEDURE `p1`()
121+
SELECT 1 latin1 latin1_swedish_ci latin1_swedish_ci
122+
call p1();
123+
ERROR HY000: The user specified as a definer ('PUBLIC'@'') does not exist
124+
drop procedure p1;
125+
# this test cleanup
126+
REVOKE SELECT on test.* from PUBLIC;
127+
#
128+
# check autocreation of PUBLIC on GRAND role TO PUBLIC
129+
#
130+
# make sure that the privilege will be added automatically
131+
delete from mysql.global_priv where user="PUBLIC";
132+
flush privileges;
133+
create role roletest;
134+
GRANT roletest TO PUBLIC;
135+
drop role roletest;
136+
# clean up
137+
delete from mysql.global_priv where user="PUBLIC";
138+
flush privileges;

mysql-test/main/public_basic.test

Lines changed: 130 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,130 @@
1+
SHOW GRANTS FOR PUBLIC;
2+
3+
--echo # it is not PUBLIC but an user
4+
--echo # (this should work as it allowed for roles for example)
5+
create user PUBLIC;
6+
create user PUBLIC@localhost;
7+
GRANT SELECT on test.* to PUBLIC@localhost;
8+
drop user PUBLIC@localhost;
9+
drop user PUBLIC;
10+
11+
--echo # preinstalled PUBLIC
12+
GRANT SELECT on test.* to PUBLIC;
13+
GRANT SELECT on mysql.db to PUBLIC;
14+
--replace_regex /"version_id"\:[0-9]+/"version_id":VERSION/
15+
select * from mysql.global_priv where user="PUBLIC" ;
16+
17+
SHOW GRANTS FOR PUBLIC;
18+
19+
GRANT UPDATE on test.* to PUBLIC;
20+
GRANT UPDATE on mysql.db to PUBLIC;
21+
22+
SHOW GRANTS FOR PUBLIC;
23+
24+
REVOKE SELECT on test.* from PUBLIC;
25+
REVOKE SELECT on mysql.db from PUBLIC;
26+
27+
SHOW GRANTS FOR PUBLIC;
28+
29+
REVOKE UPDATE on test.* from PUBLIC;
30+
REVOKE UPDATE on mysql.db from PUBLIC;
31+
32+
--error ER_NONEXISTING_GRANT
33+
REVOKE UPDATE on test.* from PUBLIC;
34+
--error ER_NONEXISTING_TABLE_GRANT
35+
REVOKE UPDATE on mysql.db from PUBLIC;
36+
37+
SHOW GRANTS FOR PUBLIC;
38+
39+
--echo # automaticly added PUBLIC
40+
delete from mysql.global_priv where user="PUBLIC";
41+
flush privileges;
42+
select * from mysql.global_priv where user="PUBLIC" ;
43+
GRANT SELECT on test.* to PUBLIC;
44+
GRANT SELECT on mysql.db to PUBLIC;
45+
--replace_regex /"version_id"\:[0-9]+/"version_id":VERSION/
46+
select * from mysql.global_priv where user="PUBLIC" ;
47+
48+
SHOW GRANTS FOR PUBLIC;
49+
50+
GRANT UPDATE on test.* to PUBLIC;
51+
GRANT UPDATE on mysql.db to PUBLIC;
52+
53+
SHOW GRANTS FOR PUBLIC;
54+
55+
REVOKE SELECT on test.* from PUBLIC;
56+
REVOKE SELECT on mysql.db from PUBLIC;
57+
58+
SHOW GRANTS FOR PUBLIC;
59+
60+
REVOKE UPDATE on test.* from PUBLIC;
61+
REVOKE UPDATE on mysql.db from PUBLIC;
62+
63+
SHOW GRANTS FOR PUBLIC;
64+
65+
--error ER_INVALID_ROLE
66+
GRANT XXXXXX TO CURRENT_USER;
67+
--echo # following should fail with the same error as above
68+
--error ER_INVALID_ROLE
69+
GRANT PUBLIC TO CURRENT_USER;
70+
71+
--error ER_INVALID_ROLE
72+
REVOKE XXXXXX FROM CURRENT_USER;
73+
--echo # following should fail with the same error as above
74+
--error ER_INVALID_ROLE
75+
REVOKE PUBLIC FROM CURRENT_USER;
76+
--error ER_CANNOT_USER
77+
78+
drop role XXXXXX;
79+
--echo # following should fail with the same error as above
80+
--error ER_CANNOT_USER
81+
drop role PUBLIC;
82+
83+
--error ER_INVALID_ROLE
84+
SET ROLE XXXXXX;
85+
--echo # following should fail with the same error as above
86+
--error ER_INVALID_ROLE
87+
SET ROLE PUBLIC;
88+
89+
--error ER_INVALID_ROLE
90+
SET DEFAULT ROLE XXXXXX;
91+
--echo # following should fail with the same error as above
92+
--error ER_INVALID_ROLE
93+
SET DEFAULT ROLE PUBLIC;
94+
95+
--echo #
96+
--echo # check prohibition of change security context to PUBLIC
97+
--echo #
98+
--echo # be sure that we have PUBLIC
99+
GRANT SELECT on test.* to PUBLIC;
100+
--echo # try with a view
101+
create table t1( a int);
102+
create definer = PUBLIC view v1 as select * from t1;
103+
show create view v1;
104+
--error ER_NO_SUCH_USER
105+
select * from v1;
106+
drop view v1;
107+
drop table t1;
108+
--echo # try with a view
109+
create definer='PUBLIC' PROCEDURE p1() SELECT 1;
110+
show create procedure p1;
111+
--error ER_NO_SUCH_USER
112+
call p1();
113+
drop procedure p1;
114+
--echo # this test cleanup
115+
REVOKE SELECT on test.* from PUBLIC;
116+
117+
--echo #
118+
--echo # check autocreation of PUBLIC on GRAND role TO PUBLIC
119+
--echo #
120+
--echo # make sure that the privilege will be added automatically
121+
delete from mysql.global_priv where user="PUBLIC";
122+
flush privileges;
123+
create role roletest;
124+
GRANT roletest TO PUBLIC;
125+
drop role roletest;
126+
127+
128+
-- echo # clean up
129+
delete from mysql.global_priv where user="PUBLIC";
130+
flush privileges;

0 commit comments

Comments
 (0)