-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MDEV-26875: Wrong user in SET DEFAULT ROLE error
- Regression introduced in 957cb7b - Patch 4abb821 change `mysql.user` to `mysql.global_priv` for `add_anonymous.inc`, update `delete_anonymous.inc`. - Added test case with `--skip-name-resolve` - Add test case with anonymous user - Disable this test for windows, assignes current user to anonymous user. Reviewed by: <serg@mariadb.com>
- Loading branch information
Showing
8 changed files
with
181 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
# Remove anonymous users added by add_anonymous_users.inc | ||
disable_warnings; | ||
disable_query_log; | ||
DELETE FROM mysql.user where host='localhost' and user=''; | ||
DELETE FROM mysql.global_priv where host='localhost' and user=''; | ||
FLUSH PRIVILEGES; | ||
enable_query_log; | ||
enable_warnings; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve-master.opt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
--skip-name-resolve |
85 changes: 85 additions & 0 deletions
85
mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.result
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
# | ||
# MDEV-26875: Wrong user in SET DEFAULT ROLE error | ||
# | ||
create user test_user; | ||
create role test_role; | ||
show grants for test_user; | ||
Grants for test_user@% | ||
GRANT USAGE ON *.* TO `test_user`@`%` | ||
set default role test_role for test_user; | ||
ERROR OP000: User `test_user`@`%` has not been granted role `test_role` | ||
grant test_role to test_user; | ||
set default role test_role for test_user; | ||
show grants for test_user; | ||
Grants for test_user@% | ||
GRANT `test_role` TO `test_user`@`%` | ||
GRANT USAGE ON *.* TO `test_user`@`%` | ||
SET DEFAULT ROLE `test_role` FOR `test_user`@`%` | ||
set default role none for test_user; | ||
# | ||
# Try to set default role to role(`test_role`). | ||
-------------------------------------------------------------- | ||
show grants for test_role; | ||
Grants for test_role | ||
GRANT USAGE ON *.* TO `test_role` | ||
create role new_role; | ||
grant new_role to test_role; | ||
show grants for test_role; | ||
Grants for test_role | ||
GRANT `new_role` TO `test_role` | ||
GRANT USAGE ON *.* TO `test_role` | ||
GRANT USAGE ON *.* TO `new_role` | ||
set default role new_role for test_role; | ||
ERROR OP000: User `test_role`@`%` has not been granted role `new_role` | ||
# | ||
# Test of errors, where hostname cannot be resolved `test_user` | ||
-------------------------------------------------------------- | ||
grant test_role to test_user@'%'; | ||
set default role test_role for test_user@'%'; | ||
connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT; | ||
show grants; | ||
Grants for test_user@% | ||
GRANT `test_role` TO `test_user`@`%` | ||
GRANT USAGE ON *.* TO `test_user`@`%` | ||
GRANT `new_role` TO `test_role` | ||
GRANT USAGE ON *.* TO `test_role` | ||
GRANT USAGE ON *.* TO `new_role` | ||
SET DEFAULT ROLE `test_role` FOR `test_user`@`%` | ||
select current_role; | ||
current_role | ||
test_role | ||
set role `new_role`; | ||
ERROR OP000: User `test_user`@`%` has not been granted role `new_role` | ||
connection default; | ||
set default role none for test_user; | ||
disconnect con_test_user; | ||
connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT; | ||
select current_role; | ||
current_role | ||
NULL | ||
set role `new_role`; | ||
ERROR OP000: User `test_user`@`%` has not been granted role `new_role` | ||
connection default; | ||
disconnect con_test_user; | ||
# | ||
# Test of anonymous user connection | ||
-------------------------------------------------------------- | ||
grant test_role to ''@localhost; | ||
connect con1,localhost,'',,,$MASTER_MYPORT; | ||
SELECT CURRENT_ROLE; | ||
CURRENT_ROLE | ||
NULL | ||
SET role test_role; | ||
SELECT CURRENT_ROLE; | ||
CURRENT_ROLE | ||
test_role | ||
SET role new_role; | ||
ERROR OP000: User ``@`localhost` has not been granted role `new_role` | ||
set default role test_role for ''@localhost; | ||
ERROR 42000: You are using MariaDB as an anonymous user and anonymous users are not allowed to modify user settings | ||
connection default; | ||
disconnect con1; | ||
REVOKE all privileges, grant option from ''@localhost; | ||
drop role new_role; | ||
drop role test_role; | ||
drop user test_user; |
78 changes: 78 additions & 0 deletions
78
mysql-test/suite/roles/set_default_role_invalid_skip_name_resolve.test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
source include/not_embedded.inc; | ||
|
||
--echo # | ||
--echo # MDEV-26875: Wrong user in SET DEFAULT ROLE error | ||
--echo # | ||
create user test_user; | ||
create role test_role; | ||
show grants for test_user; | ||
--error ER_INVALID_ROLE | ||
set default role test_role for test_user; | ||
grant test_role to test_user; | ||
set default role test_role for test_user; | ||
show grants for test_user; | ||
set default role none for test_user; | ||
|
||
--echo # | ||
--echo # Try to set default role to role(`test_role`). | ||
--echo -------------------------------------------------------------- | ||
show grants for test_role; | ||
create role new_role; | ||
grant new_role to test_role; | ||
show grants for test_role; | ||
# One can not set role to a role | ||
--error ER_INVALID_ROLE | ||
set default role new_role for test_role; | ||
|
||
--echo # | ||
--echo # Test of errors, where hostname cannot be resolved `test_user` | ||
--echo -------------------------------------------------------------- | ||
# `new_role` is granted to `test_role` | ||
grant test_role to test_user@'%'; | ||
set default role test_role for test_user@'%'; | ||
|
||
connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT; | ||
show grants; | ||
select current_role; | ||
# `test_user` indirectly granted `new_role` | ||
--error ER_INVALID_ROLE | ||
set role `new_role`; | ||
|
||
connection default; | ||
set default role none for test_user; | ||
disconnect con_test_user; | ||
|
||
connect con_test_user,127.0.0.1,test_user,,,$MASTER_MYPORT; | ||
select current_role; | ||
--error ER_INVALID_ROLE | ||
set role `new_role`; | ||
|
||
connection default; | ||
disconnect con_test_user; | ||
|
||
--echo # | ||
--echo # Test of anonymous user connection | ||
--echo -------------------------------------------------------------- | ||
--source include/add_anonymous_users.inc | ||
# Skip windows, since it uses current user `Administrator` in buildbot. | ||
--source include/not_windows.inc | ||
grant test_role to ''@localhost; | ||
|
||
connect(con1,localhost,'',,,$MASTER_MYPORT); | ||
SELECT CURRENT_ROLE; | ||
SET role test_role; | ||
SELECT CURRENT_ROLE; | ||
# user cannot set subset role, since it is not granted explicitly | ||
--error ER_INVALID_ROLE | ||
SET role new_role; | ||
--error ER_PASSWORD_ANONYMOUS_USER | ||
set default role test_role for ''@localhost; | ||
|
||
connection default; | ||
disconnect con1; | ||
REVOKE all privileges, grant option from ''@localhost; | ||
--source include/delete_anonymous_users.inc | ||
|
||
drop role new_role; | ||
drop role test_role; | ||
drop user test_user; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters