--source include/no_valgrind_without_big.inc --source include/have_debug_sync.inc CALL mtr.add_suppression("Storage engine '.*' does not support system tables. \\[mysql.*\\]"); CALL mtr.add_suppression("Column count of mysql.* is wrong. " "Expected .*, found .*. " "The table is probably corrupted"); CALL mtr.add_suppression("Cannot load from mysql.*. The table is probably corrupted"); --echo # --echo # WL7158: Move privilege system tables from MyISAM to InnoDB --echo # SET autocommit= 0; SET innodb_lock_wait_timeout= 1; # Check that the users we're going to use in this test don't exist. SELECT user, host FROM mysql.user WHERE host = 'h'; # Create an auxiliary connection. --echo --echo # Connection: con1 --connect (con1, localhost, root,,) SET autocommit= 0; SET innodb_lock_wait_timeout= 1; let $con1_id= `SELECT CONNECTION_ID()`; --echo --echo # Connection: default --connection default # Test plan: # A. Check that ACL statements are not vulnerable to the lock-wait-timeout. # NOTE: In case of getting rid of the table-level MDL-locks for the ACL # statements, the deadlock error should also be checked. # B. Check that SET PASSWORD commits a transaction. # C. Check the ACL statement behavior in case when multiple user accounts are # given. # D. Check the ACL statement behavior in case of SE failures. # E. Check it's not possible to change the privilege table storage engine # via ALTER TABLE. Also check that harmless ALTER TABLE (change SE to InnoDB # when it's already InnoDB) is allowed. # F. Upgrade/downgrade tests. --echo --echo ######################################################################## --echo # A.1. Checking lock-wait-timeout with CREATE USER. --echo ######################################################################## # Start a transaction and insert a new row into mysql.user. START TRANSACTION; INSERT INTO mysql.user(user, host, ssl_cipher, x509_issuer, x509_subject) VALUES ('u2', 'h', '', '', ''); --echo --echo # Connection: con1 --connection con1 # CREATE USER with existing user in the middle. # CREATE USER is expected to wait for the transaction in the other connection # to finish. --send CREATE USER u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # CREATE USER --echo --echo # Connection: default --connection default # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; # Drop the created users (cleanup). DROP USER u1@h, u2@h, u3@h; --echo --echo ######################################################################## --echo # A.2. Checking lock-wait-timeout with ALTER USER. --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host, password_lifetime FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # ALTER USER, the row corresponding to the second user is locked. # ALTER USER is expected to wait for the transaction in the other connection # to finish. send ALTER USER u1@h, u2@h, u3@h PASSWORD EXPIRE INTERVAL 250 DAY; --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # ALTER USER --echo --echo # Connection: default --connection default # Check the ALTER USER was successful. SELECT user, host, password_lifetime FROM mysql.user WHERE host = 'h'; # Drop the created users (cleanup). DROP USER u1@h, u2@h, u3@h; --echo --echo ######################################################################## --echo # A.3. Checking lock-wait-timeout with RENAME USER. --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # RENAME USER, the row corresponding to the second user is locked. # RENAME USER is expected to wait for the transaction in the other connection # to finish. --send RENAME USER u1@h TO u1a@h, u2@h TO u2a@h, u3@h TO u3a@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # RENAME USER --echo --echo # Connection: default --connection default # Check the ALTER USER was successful. SELECT user, host FROM mysql.user WHERE host = 'h'; # Drop the created users (cleanup). DROP USER u1a@h, u2a@h, u3a@h; --echo --echo ######################################################################## --echo # A.4. Checking lock-wait-timeout with SET PASSWORD. --echo ######################################################################## CREATE USER u1@h IDENTIFIED WITH 'mysql_native_password'; # Check that the user has been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u1' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # SET PASSWORD, the row corresponding to the user is locked. # SET PASSWORD is expected to wait for the transaction in the other connection # to finish. --send SET PASSWORD FOR u1@h = 'xxx' --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # SET PASSWORD --echo --echo # Connection: default --connection default # Check the SET PASSWORD was successful. SELECT user, host, authentication_string = '*3D56A309CD04FA2EEF181462E59011F075C89548' FROM mysql.user WHERE host = 'h'; # Drop the created users (cleanup). DROP USER u1@h; --echo --echo ######################################################################## --echo # A.5. Checking lock-wait-timeout with DROP USER. --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # DROP USER, the row corresponding to the second user is locked. # DROP USER is expected to wait for the transaction in the other connection # to finish. --send DROP USER u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # DROP USER --echo --echo # Connection: default --connection default # Check the DROP USER was successful. SELECT user, host FROM mysql.user WHERE host = 'h'; --echo --echo ######################################################################## --echo # A.6.1. Checking lock-wait-timeout with GRANT (global level). --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # GRANT, the row corresponding to the second user is locked. # GRANT is expected to wait for the transaction in the other connection # to finish. --send GRANT SELECT ON *.* TO u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # GRANT --echo --echo # Connection: default --connection default # Check that the GRANT was successful. SELECT user, select_priv FROM mysql.user WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; --echo --echo ######################################################################## --echo # A.6.2. Checking lock-wait-timeout with GRANT (database level). --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # GRANT, the row corresponding to the second user is locked. # GRANT is expected to wait for the transaction in the other connection # to finish. --send GRANT SELECT ON test.* TO u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # GRANT --echo --echo # Connection: default --connection default # Check that the GRANT was successful. SELECT * FROM mysql.db WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; --echo --echo ######################################################################## --echo # A.6.3. Checking lock-wait-timeout with GRANT (table level). --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; CREATE TABLE t1(a INT); # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # GRANT, the row corresponding to the second user is locked. # GRANT is expected to wait for the transaction in the other connection # to finish. --send GRANT SELECT ON t1 TO u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # GRANT --echo --echo # Connection: default --connection default # Check that the GRANT was successful. SELECT user, table_name, table_priv FROM mysql.tables_priv WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; DROP TABLE t1; --echo --echo ######################################################################## --echo # A.6.4. Checking lock-wait-timeout with GRANT (column level). --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; CREATE TABLE t1(a INT); # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # GRANT, the row corresponding to the second user is locked. # GRANT is expected to wait for the transaction in the other connection # to finish. --send GRANT SELECT(a) ON t1 TO u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # GRANT --echo --echo # Connection: default --connection default # Check that the GRANT was successful. SELECT user, column_name, column_priv FROM mysql.columns_priv WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; DROP TABLE t1; --echo --echo ######################################################################## --echo # A.6.5. Checking lock-wait-timeout with GRANT (stored routine level). --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; CREATE PROCEDURE p1() SELECT 1; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # GRANT, the row corresponding to the second user is locked. # GRANT is expected to wait for the transaction in the other connection # to finish. --send GRANT EXECUTE ON PROCEDURE p1 TO u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # GRANT --echo --echo # Connection: default --connection default # Check that the GRANT was successful. SELECT user, routine_name, proc_priv FROM mysql.procs_priv WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; DROP PROCEDURE p1; --echo --echo ######################################################################## --echo # A.7.1. Checking lock-wait-timeout with REVOKE (global level). --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; GRANT SELECT ON *.* TO u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # REVOKE, the row corresponding to the second user is locked. # REVOKE is expected to wait for the transaction in the other connection # to finish. --send REVOKE SELECT ON *.* FROM u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # REVOKE --echo --echo # Connection: default --connection default # Check that the REVOKE was successful. SELECT user, select_priv FROM mysql.user WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; --echo --echo ######################################################################## --echo # A.7.2. Checking lock-wait-timeout with REVOKE (database level). --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; GRANT SELECT ON test.* TO u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # REVOKE, the row corresponding to the second user is locked. # REVOKE is expected to wait for the transaction in the other connection # to finish. --send REVOKE SELECT ON test.* FROM u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # REVOKE --echo --echo # Connection: default --connection default # Check that the REVOKE was successful. SELECT user FROM mysql.user WHERE host = 'h'; SELECT * FROM mysql.db WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; --echo --echo ######################################################################## --echo # A.7.3. Checking lock-wait-timeout with REVOKE (table level). --echo ######################################################################## CREATE TABLE t1(a INT); CREATE USER u1@h, u2@h, u3@h; GRANT SELECT ON t1 TO u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # REVOKE, the row corresponding to the second user is locked. # REVOKE is expected to wait for the transaction in the other connection # to finish. --send REVOKE SELECT ON t1 FROM u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # REVOKE --echo --echo # Connection: default --connection default # Check that the REVOKE was successful. SELECT user FROM mysql.user WHERE host = 'h'; SELECT user, table_name, table_priv FROM mysql.tables_priv WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; DROP TABLE t1; --echo --echo ######################################################################## --echo # A.7.4. Checking lock-wait-timeout with REVOKE (column level). --echo ######################################################################## CREATE TABLE t1(a INT); CREATE USER u1@h, u2@h, u3@h; GRANT SELECT(a) ON t1 TO u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # REVOKE, the row corresponding to the second user is locked. # REVOKE is expected to wait for the transaction in the other connection # to finish. --send REVOKE SELECT(a) ON t1 FROM u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # REVOKE --echo --echo # Connection: default --connection default # Check that the REVOKE was successful. SELECT user FROM mysql.user WHERE host = 'h'; SELECT user, column_name, column_priv FROM mysql.columns_priv WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; DROP TABLE t1; --echo --echo ######################################################################## --echo # A.7.5. Checking lock-wait-timeout with REVOKE (stored routine level). --echo ######################################################################## CREATE PROCEDURE p1() SELECT 1; CREATE USER u1@h, u2@h, u3@h; GRANT EXECUTE ON PROCEDURE p1 TO u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # REVOKE, the row corresponding to the second user is locked. # REVOKE is expected to wait for the transaction in the other connection # to finish. --send REVOKE EXECUTE ON PROCEDURE p1 FROM u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # REVOKE --echo --echo # Connection: default --connection default # Check that the REVOKE was successful. SELECT user FROM mysql.user WHERE host = 'h'; SELECT user, routine_name, proc_priv FROM mysql.procs_priv WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; DROP PROCEDURE p1; --echo --echo ######################################################################## --echo # A.8.1. Checking lock-wait-timeout with REVOKE ALL (global level). --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; GRANT SELECT ON *.* TO u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # REVOKE, the row corresponding to the second user is locked. # REVOKE is expected to wait for the transaction in the other connection # to finish. --send REVOKE ALL PRIVILEGES, GRANT OPTION FROM u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # REVOKE --echo --echo # Connection: default --connection default # Check that the REVOKE was successful. SELECT user, select_priv FROM mysql.user WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; --echo --echo ######################################################################## --echo # A.8.2. Checking lock-wait-timeout with REVOKE ALL (database level). --echo ######################################################################## CREATE USER u1@h, u2@h, u3@h; GRANT SELECT ON test.* TO u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # REVOKE, the row corresponding to the second user is locked. # REVOKE is expected to wait for the transaction in the other connection # to finish. --send REVOKE ALL PRIVILEGES, GRANT OPTION FROM u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # REVOKE --echo --echo # Connection: default --connection default # Check that the REVOKE was successful. SELECT user FROM mysql.user WHERE host = 'h'; SELECT * FROM mysql.db WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; --echo --echo ######################################################################## --echo # A.8.3. Checking lock-wait-timeout with REVOKE ALL (table level). --echo ######################################################################## CREATE TABLE t1(a INT); CREATE USER u1@h, u2@h, u3@h; GRANT SELECT ON t1 TO u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # REVOKE, the row corresponding to the second user is locked. # REVOKE is expected to wait for the transaction in the other connection # to finish. --send REVOKE ALL PRIVILEGES, GRANT OPTION FROM u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # REVOKE --echo --echo # Connection: default --connection default # Check that the REVOKE was successful. SELECT user FROM mysql.user WHERE host = 'h'; SELECT user, table_name, table_priv FROM mysql.tables_priv WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; DROP TABLE t1; --echo --echo ######################################################################## --echo # A.8.4. Checking lock-wait-timeout with REVOKE ALL (column level). --echo ######################################################################## CREATE TABLE t1(a INT); CREATE USER u1@h, u2@h, u3@h; GRANT SELECT(a) ON t1 TO u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # REVOKE, the row corresponding to the second user is locked. # REVOKE is expected to wait for the transaction in the other connection # to finish. --send REVOKE ALL PRIVILEGES, GRANT OPTION FROM u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # REVOKE --echo --echo # Connection: default --connection default # Check that the REVOKE was successful. SELECT user FROM mysql.user WHERE host = 'h'; SELECT user, column_name, column_priv FROM mysql.columns_priv WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; DROP TABLE t1; --echo --echo ######################################################################## --echo # A.8.5. Checking lock-wait-timeout with REVOKE ALL (stored routine level). --echo ######################################################################## CREATE PROCEDURE p1() SELECT 1; CREATE USER u1@h, u2@h, u3@h; GRANT EXECUTE ON PROCEDURE p1 TO u1@h, u2@h, u3@h; # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; START TRANSACTION; # Lock a row. SELECT user, host FROM mysql.user WHERE user = 'u2' AND host = 'h' FOR UPDATE; --echo --echo # Connection: con1 --connection con1 # REVOKE, the row corresponding to the second user is locked. # REVOKE is expected to wait for the transaction in the other connection # to finish. --send REVOKE ALL PRIVILEGES, GRANT OPTION FROM u1@h, u2@h, u3@h --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc ROLLBACK; --echo --echo # Connection: con1 --connection con1 --reap # REVOKE --echo --echo # Connection: default --connection default # Check that the REVOKE was successful. SELECT user FROM mysql.user WHERE host = 'h'; SELECT user, routine_name, proc_priv FROM mysql.procs_priv WHERE host = 'h'; # Cleanup. DROP USER u1@h, u2@h, u3@h; DROP PROCEDURE p1; --echo --echo ######################################################################## --echo # A.9. Checking lock-wait-timeout with FLUSH PRIVILEGES. --echo ######################################################################## # Start a transaction and insert a new row into mysql.user. START TRANSACTION; INSERT INTO mysql.user(user, host, ssl_cipher, x509_issuer, x509_subject) VALUES ('u2', 'h', '', '', ''); --echo --echo # Connection: con1 --connection con1 # FLUSH PRIVILEGES is expected to wait for the transaction in the other # connection to finish. --send FLUSH PRIVILEGES; --echo --echo # Connection: default --connection default let $wait_condition= SELECT count(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = "Waiting for table metadata lock" AND id = $con1_id; --source include/wait_condition.inc COMMIT; --echo --echo # Connection: con1 --connection con1 --reap # FLUSH PRIVILEGES --echo --echo # Connection: default --connection default # Check that all three users have been created. SELECT user, host FROM mysql.user WHERE host = 'h'; # Drop the created user (cleanup). DROP USER u2@h; --echo --echo ######################################################################## --echo # B.1 Check that SET PASSWORD commits a transaction. --echo ######################################################################## CREATE TABLE t1(a INT); CREATE USER u1@h; START TRANSACTION; INSERT INTO t1 VALUES (1), (2), (3); --echo --echo # Connection: con1 --connection con1 SELECT * FROM t1; ROLLBACK; --echo --echo # Connection: default --connection default SET PASSWORD FOR u1@h = ''; --echo --echo # Connection: con1 --connection con1 SELECT * FROM t1; ROLLBACK; --echo --echo # Connection: default --connection default DROP TABLE t1; --echo --echo ######################################################################## --echo # B.2 Check that SET PASSWORD can't be called from a stored function --echo # directly or indirectly.. --echo ######################################################################## CREATE PROCEDURE p1() SET PASSWORD FOR u1@h = '12345'; delimiter $; --error ER_SP_CANT_SET_AUTOCOMMIT CREATE FUNCTION f1() RETURNS INT BEGIN SET PASSWORD FOR u1@h = '12345'; RETURN 0; END; $ CREATE FUNCTION f2() RETURNS INT BEGIN CALL p1(); RETURN 0; END; $ delimiter ;$ --error ER_SP_CANT_SET_AUTOCOMMIT SELECT f2(); DROP FUNCTION f2; DROP PROCEDURE p1; DROP USER u1@h; --echo --echo #################################################################### --echo # C.1. Tests for 'DROP USER' statement --echo #################################################################### # 1. Positive Test cases SELECT user, host FROM mysql.user where user like 'user%'; CREATE USER user2@localhost; SELECT user, host FROM mysql.user where user like 'user%'; DROP USER user2@localhost; SELECT user, host FROM mysql.user where user like 'user%'; # 2. Negative Test cases --error ER_CANNOT_USER DROP USER no_user@localhost; SHOW WARNINGS; # 3. Mixed test cases # For DROP USER statement, the current behavior is to ignore the failed # component and continue the statement execution. In the end, the statement # will report a list of failed components. CREATE USER user2@localhost, user3@localhost; --error ER_CANNOT_USER DROP USER no_user@localhost, user3@localhost, no_user1@localhost, user2@localhost, no_user2@localhost; DROP USER user2@localhost, user3@localhost; SELECT user, host FROM mysql.user where user like 'user%'; --echo --echo #################################################################### --echo # C.2. Tests for 'RENAME USER' statement --echo #################################################################### # 1. Positive Test cases SELECT user, host FROM mysql.user where user like 'user%'; CREATE USER user2@localhost; SELECT user, host FROM mysql.user where user like 'user%'; RENAME USER user2@localhost TO user3@localhost; SELECT user, host FROM mysql.user where user like 'user%'; # 2. Negative Test cases --error ER_CANNOT_USER RENAME USER no_user@localhost to user6@localhost; SHOW WARNINGS; # 3. Mixed test cases # For RENAME USER statement, the current behavior is to ignore the failed # component and continue the statement execution. In the end, the statement # will report a list of failed components. --error ER_CANNOT_USER RENAME USER user3@localhost TO user6@localhost, no_user@localhost TO user3@localhost; SHOW WARNINGS; SELECT user, host FROM mysql.user where user like 'user%'; CREATE user user7@localhost; --error ER_CANNOT_USER RENAME USER user6@localhost TO temp_user@localhost, user7@localhost TO user4@localhost, no_user@localhost TO no_user1@localhost, temp_user@localhost to user7@localhost; SHOW WARNINGS; SELECT user, host FROM mysql.user where user like 'user%'; --error ER_CANNOT_USER RENAME USER no_user@localhost TO user7@localhost, user7@localhost TO user8@localhost, no_user1@localhost TO user11@localhost, user4@localhost TO user7@localhost, no_user2@localhost TO user12@localhost; SHOW WARNINGS; SELECT user, host FROM mysql.user where user like 'user%'; SET debug="+d,wl7158_handle_grant_table_1"; --error ER_ACL_OPERATION_FAILED RENAME USER user7@localhost TO user7_1@localhost; SET debug="-d,wl7158_handle_grant_table_1"; DROP USER user7@localhost; --echo --echo #################################################################### --echo # C.3. Tests for 'CREATE USER' statement --echo #################################################################### # 1. Positive Test cases CREATE USER user2@localhost; # 2. Negative Test cases # Trying to CREATE DUPLICATE USER --error ER_CANNOT_USER CREATE USER user2@localhost; # 3. Mixed test cases --error ER_CANNOT_USER CREATE USER user3@localhost, user2@localhost, user4@localhost; SHOW WARNINGS; SELECT user, host FROM mysql.user where user like 'user%'; DROP USER user2@localhost, user3@localhost; --echo --echo #################################################################### --echo # C.4. Tests for 'ALTER USER' statement --echo #################################################################### # 1. Positive Test cases CREATE USER u2@l; ALTER USER u2@l PASSWORD EXPIRE INTERVAL 5 day; SELECT user, password_lifetime FROM mysql.user where USER like 'u_'; # 2. Negative Test cases # Trying to ALTER non existing user. --error ER_CANNOT_USER ALTER USER u3@l PASSWORD EXPIRE INTERVAL 5 DAY; # 3. Mixed test cases # For ALTER USER statement, the current behavior is to ignore the failed # component and continue the statement execution. In the end, the statement # will report a list of failed components. --error ER_CANNOT_USER ALTER USER u3@l, u2@l, u4@l PASSWORD EXPIRE INTERVAL 7 DAY; SHOW WARNINGS; SELECT user, password_lifetime FROM mysql.user WHERE user LIKE 'u_'; DROP USER u2@l; --echo --echo #################################################################### --echo # C.5. Tests for 'GRANT' and 'REVOKE' statement --echo #################################################################### # Suppress server log like "Did not write failed 'GRANT SELECT ON ...' into # binary log while granting/revoking privileges in databases. call mtr.add_suppression("Did not write failed .*"); call mtr.add_suppression("REVOKE/GRANT failed .* An incident event has been written to the binary log which will stop the slaves."); # It is not possible to execute a GRANT statement only for some users # (unlike 'DROP USER' which drops only existing users from the lists). # It is possible however, to make the GRANT statement fail by specifying # non-existing table or column. # # This is no the case for the REVOKE statement -- it will report an error for # every non-existing user from the list and skip it. # # There are plenty of test cases for GRANT and REVOKE already in grant.test. # This test file contains cases where statement is partially executed with # error. CREATE TABLE t1(a INT, b INT); CREATE USER u1@h, u3@h; GRANT SELECT(a) ON t1 TO u1@h, u3@h; SELECT user, column_name, column_priv FROM mysql.columns_priv; --echo --echo # GRANT on non existing column for non existing user --echo # (the whole statement fails, no change will be made). --error ER_BAD_FIELD_ERROR GRANT SELECT(b), SELECT(c), INSERT(b) ON t1 TO u1@h, u2@h, u3@h; SHOW WARNINGS; SELECT user, column_name, column_priv FROM mysql.columns_priv; --echo --echo # GRANT for non existing user. --echo # (only non-existing user components fail). --error ER_CANT_CREATE_USER_WITH_GRANT GRANT SELECT(b) ON t1 TO u1@h, u2@h, u3@h; SHOW WARNINGS; SELECT user, column_name, column_priv FROM mysql.columns_priv; --echo --echo # GRANT on non existing column for u1@h; --error ER_BAD_FIELD_ERROR GRANT SELECT(b), SELECT(c), INSERT(b) ON t1 TO u1@h; SELECT user, column_name, column_priv FROM mysql.columns_priv; --echo --echo # REVOKE with existing and non existing user (REVOKE removed privileges --echo # for existing accounts despite an error). --error ER_NONEXISTING_TABLE_GRANT REVOKE SELECT(a) ON t1 FROM u0@h, u1@h, u2@h, u3@h; SELECT user, column_name, column_priv FROM mysql.columns_priv; --echo GRANT SELECT(a) ON t1 TO u1@h; SELECT user, column_name, column_priv FROM mysql.columns_priv; --echo --echo # REVOKE with existing and non existing column --error ER_NONEXISTING_TABLE_GRANT REVOKE SELECT(a), SELECT(b) ON t1 FROM u1@h; SELECT user, column_name, column_priv FROM mysql.columns_priv; --echo GRANT SELECT(a) ON t1 TO u1@h; SELECT user, column_name, column_priv FROM mysql.columns_priv; --echo --echo # REVOKE with existing, non existing column / user. --error ER_NONEXISTING_TABLE_GRANT REVOKE SELECT(a),SELECT(c) ON t1 FROM u1@h; SELECT user, column_name, column_priv FROM mysql.columns_priv; --echo DROP USER u1@h, u3@h; DROP TABLE t1; --echo --echo # Check that the statement REVOKE handles correctly in the case --echo # when some of a user in the list for REVOKE is deleted manually --echo # before REVOKE has been run --echo CREATE USER u1@h; CREATE USER u2@h; CREATE SCHEMA test1; CREATE TABLE test1.t1 (a INT); GRANT SELECT ON test1.* TO u1@h; GRANT SELECT ON test1.* TO u2@h; # Delete explicitely a row for the u1@h. User u1@h still exists in the acl-cache # but doesn't in the database. For such case REVOKE has to revoke grant for other user # and return an error for the whole statement. DELETE FROM mysql.db WHERE host = 'h' AND user = 'u1'; COMMIT; --error ER_NONEXISTING_GRANT REVOKE SELECT ON test1.* FROM u1@h, u2@h; DROP SCHEMA test1; DROP USER u1@h, u2@h; --echo --echo # Check that DROP PROCEDURE handles correctly in the case --echo # when grant information for some user was manually deleted --echo # from the mysql.procs_priv --echo CREATE USER u1@h; CREATE USER u2@h; CREATE PROCEDURE p1() SET @a :=1; GRANT EXECUTE ON PROCEDURE p1 TO u1@h; GRANT EXECUTE ON PROCEDURE p1 TO u2@h; DELETE FROM mysql.procs_priv WHERE routine_name='p1'; COMMIT; DROP PROCEDURE p1; DROP USER u1@h, u2@h; --echo --echo #################################################################### --echo # D. Simulate the SE failure and check the ACL statement behavior. --echo #################################################################### CREATE TABLE t1(a INT); CREATE USER user1@; GRANT UPDATE (a) ON t1 TO user1@; SET debug='+d,wl7158_grant_table_1'; --error ER_ACL_OPERATION_FAILED FLUSH PRIVILEGES; SET debug='-d,wl7158_grant_table_1'; SET debug='+d,wl7158_grant_table_2'; --error ER_ACL_OPERATION_FAILED FLUSH PRIVILEGES; SET debug='-d,wl7158_grant_table_2'; SET debug='+d,wl7158_grant_table_3'; --error ER_ACL_OPERATION_FAILED FLUSH PRIVILEGES; SET debug='-d,wl7158_grant_table_3'; DROP USER user1@; DROP TABLE t1; CREATE USER u1@h; CREATE PROCEDURE p() SET @x = 1; CREATE PROCEDURE p1() SET @y = 1; GRANT EXECUTE ON PROCEDURE p TO u1@h; GRANT EXECUTE ON PROCEDURE p1 TO u1@h; SET debug='+d,wl7158_grant_load_1'; --error ER_ACL_OPERATION_FAILED FLUSH PRIVILEGES; SHOW WARNINGS; SET debug='-d,wl7158_grant_load_1'; SET debug='+d,wl7158_grant_load_proc_1'; --error ER_ACL_OPERATION_FAILED FLUSH PRIVILEGES; SHOW WARNINGS; SET debug='-d,wl7158_grant_load_proc_1'; SET debug='+d,wl7158_grant_load_2'; --error ER_ACL_OPERATION_FAILED FLUSH PRIVILEGES; SHOW WARNINGS; SET debug='-d,wl7158_grant_load_2'; SET debug="+d,wl7158_grant_load_proc_2"; --error ER_ACL_OPERATION_FAILED FLUSH PRIVILEGES; SHOW WARNINGS; SET debug="-d,wl7158_grant_load_proc_2"; FLUSH PRIVILEGES; GRANT EXECUTE on PROCEDURE p to u1@h; SET debug="+d,wl7158_grant_load_proc_3"; --error ER_ACL_OPERATION_FAILED FLUSH PRIVILEGES; SHOW WARNINGS; SET debug="-d,wl7158_grant_load_proc_3"; FLUSH PRIVILEGES; CREATE TABLE t1(a INT); GRANT SELECT ON t1 TO u1@h; SET debug='+d,wl7158_grant_load_3'; --error ER_ACL_OPERATION_FAILED FLUSH PRIVILEGES; SHOW WARNINGS; SET debug='-d,wl7158_grant_load_3'; DROP TABLE t1; DROP USER u1@h; DROP PROCEDURE p; DROP PROCEDURE p1; SET debug="+d,wl7158_replace_user_table_1"; --error ER_ACL_OPERATION_FAILED CREATE USER u1@h; SHOW WARNINGS; --error ER_NONEXISTING_GRANT SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_user_table_1"; CREATE USER u1@h; SET debug="+d,wl7158_replace_user_table_1"; --error ER_ACL_OPERATION_FAILED SET PASSWORD FOR u1@h = 'systpass'; SHOW WARNINGS; SET debug="-d,wl7158_replace_user_table_1"; SET debug="+d,wl7158_replace_user_table_2"; --error ER_ACL_OPERATION_FAILED SET PASSWORD FOR u1@h = 'systpass'; SHOW WARNINGS; SET debug="-d,wl7158_replace_user_table_2"; DROP USER u1@h; CREATE USER u1@h; SET debug="+d,wl7158_replace_user_table_1"; --error ER_ACL_OPERATION_FAILED ALTER USER u1@h REQUIRE CIPHER "EDH-RSA-DES-CBC3-SHA"; SHOW WARNINGS; SET debug="-d,wl7158_replace_user_table_1"; ALTER USER u1@h REQUIRE CIPHER "EDH-RSA-DES-CBC3-SHA"; GRANT SELECT ON mysqltest.* TO u1@h; SET debug="+d,wl7158_replace_user_table_2"; --error ER_ACL_OPERATION_FAILED ALTER USER u1@h REQUIRE CIPHER "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "testsubject" ISSUER "MySQL"; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_user_table_2"; DROP USER u1@h; SET debug="+d,wl7158_replace_user_table_1"; --error ER_ACL_OPERATION_FAILED CREATE USER u1@h; SET debug="-d,wl7158_replace_user_table_1"; CREATE USER u1@h; CREATE TABLE t1(a INT); SET debug="+d,mysql_table_grant_out_of_memory"; CALL mtr.add_suppression(".*Out of memory *"); --error ER_OUT_OF_RESOURCES, 5 GRANT SELECT ON t1 TO u1@h; SET debug="-d,mysql_table_grant_out_of_memory"; DROP TABLE t1; DROP USER u1@h; SET debug="+d,wl7158_replace_user_table_3"; --error ER_ACL_OPERATION_FAILED CREATE USER u1@h; SET debug="-d,wl7158_replace_user_table_3"; # Tests for change grants in the mysql.db table # CREATE USER u1@h; SET debug="+d,wl7158_replace_db_table_1"; --error ER_ACL_OPERATION_FAILED GRANT SELECT ON mysqltest.* TO u1@h; SHOW WARNINGS; SET debug="-d,wl7158_replace_db_table_1"; GRANT SELECT ON mysqltest.* TO u1@h; SET debug="+d,wl7158_replace_db_table_2"; --error ER_ACL_OPERATION_FAILED GRANT SELECT ON mysqltest.* TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_db_table_2"; SET debug="+d,wl7158_replace_db_table_3"; --error ER_ACL_OPERATION_FAILED REVOKE ALL PRIVILEGES ON mysqltest.* FROM u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_db_table_3"; DROP USER u1@h; CREATE USER u1@h; SET debug="+d,wl7158_replace_db_table_4"; --error ER_ACL_OPERATION_FAILED GRANT SELECT ON mysqltest.* TO u1@h; SHOW WARNINGS; SET debug="-d,wl7158_replace_db_table_4"; DROP USER u1@h; SET debug="+d,mysql_handle_grant_data_fail_on_routine_table"; --error ER_ACL_OPERATION_FAILED CREATE USER u1@h; SET debug="-d,mysql_handle_grant_data_fail_on_routine_table"; SET debug="+d,mysql_handle_grant_data_fail_on_tables_table"; --error ER_ACL_OPERATION_FAILED CREATE USER u1@h; SET debug="-d,mysql_handle_grant_data_fail_on_tables_table"; SET debug="+d,mysql_handle_grant_data_fail_on_columns_table"; --error ER_ACL_OPERATION_FAILED CREATE USER u1@h; SET debug="-d,mysql_handle_grant_data_fail_on_columns_table"; SET debug="+d,mysql_handle_grant_data_fail_on_proxies_priv_table"; --error ER_ACL_OPERATION_FAILED CREATE USER u1@h; SET debug="-d,mysql_handle_grant_data_fail_on_proxies_priv_table"; # # Test for privilege table # SET debug="+d,wl7158_handle_grant_table_1"; --error ER_ACL_OPERATION_FAILED CREATE USER u1@h; SHOW WARNINGS; --error ER_NONEXISTING_GRANT SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_handle_grant_table_1"; SET debug="+d,wl7158_handle_grant_table_2"; --error ER_ACL_OPERATION_FAILED CREATE USER u1@h; SHOW WARNINGS; --error ER_NONEXISTING_GRANT SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_handle_grant_table_2"; SET debug="+d,wl7158_handle_grant_table_3"; --error ER_ACL_OPERATION_FAILED CREATE USER u1@h; SHOW WARNINGS; --error ER_NONEXISTING_GRANT SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_handle_grant_table_3"; CREATE USER u1@h; SET debug="+d,wl7158_modify_grant_table_1"; # RENAME USER succeeds if there is no error in handler call. # Here, DBUG_EXECUTE_IF sets error after data is updated in SE. --error ER_ACL_OPERATION_FAILED rename user u1@h to u2@h; --error ER_NONEXISTING_GRANT SHOW GRANTS FOR u2@h; SHOW WARNINGS; SET debug="-d,wl7158_modify_grant_table_1"; DROP USER u1@h; CREATE USER u1@h; SET debug="+d,wl7158_modify_grant_table_2"; # DROP USER succeeds if there is no error in handler call. # Here, DBUG_EXECUTE_IF sets error after data is removed in SE. --error ER_ACL_OPERATION_FAILED DROP USER u1@h; SHOW WARNINGS; SET debug="-d,wl7158_modify_grant_table_2"; SHOW GRANTS FOR u1@h; DROP USER u1@h; # # Test for proxies priv # CREATE USER u1@h; SET debug="+d,wl7158_replace_proxies_priv_table_1"; --error ER_ACL_OPERATION_FAILED GRANT PROXY ON plug_dest TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_proxies_priv_table_1"; SET debug="+d,wl7158_replace_proxies_priv_table_2"; --error ER_ACL_OPERATION_FAILED GRANT PROXY ON plug_dest TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_proxies_priv_table_2"; SET debug="+d,wl7158_replace_proxies_priv_table_5"; --error ER_ACL_OPERATION_FAILED GRANT PROXY ON plug_dest TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_proxies_priv_table_5"; GRANT PROXY ON plug_dest TO u1@h; SET debug="+d,wl7158_replace_proxies_priv_table_3"; --error ER_ACL_OPERATION_FAILED GRANT PROXY ON plug_dest TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_proxies_priv_table_3"; SET debug="+d,wl7158_replace_proxies_priv_table_4"; --error ER_ACL_OPERATION_FAILED REVOKE PROXY ON plug_dest FROM u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_proxies_priv_table_4"; DROP USER u1@h; # # Test for Column priv # CREATE TABLE t1 (a INT); CREATE USER u1@h; SHOW GRANTS FOR u1@h; SET debug="+d,wl7158_replace_column_table_1"; --error ER_ACL_OPERATION_FAILED GRANT SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_column_table_1"; SET debug="+d,wl7158_replace_column_table_2"; --error ER_ACL_OPERATION_FAILED GRANT SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_column_table_2"; SET debug="+d,wl7158_replace_column_table_5"; --error ER_ACL_OPERATION_FAILED GRANT SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_column_table_5"; GRANT SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 TO u1@h; SET debug="+d,wl7158_replace_column_table_3"; --error ER_ACL_OPERATION_FAILED GRANT SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_column_table_3"; SET debug="+d,wl7158_replace_column_table_4"; --error ER_ACL_OPERATION_FAILED REVOKE SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 FROM u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_column_table_4"; # CHECK if even after error, above REVOKE worked. GRANT SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 TO u1@h; SET debug="+d,wl7158_replace_column_table_6"; --error ER_ACL_OPERATION_FAILED REVOKE SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 FROM u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_column_table_6"; GRANT SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 TO u1@h; SET debug="+d,wl7158_replace_column_table_7"; --error ER_ACL_OPERATION_FAILED REVOKE ALL PRIVILEGES, GRANT OPTION FROM u1@h; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_column_table_7"; GRANT SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 TO u1@h; SET debug="+d,wl7158_replace_column_table_8"; --error ER_ACL_OPERATION_FAILED REVOKE ALL PRIVILEGES, GRANT OPTION FROM u1@h; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_column_table_8"; # CHECK that REVOKE ALL works correctly in case when a row from # columns_priv had been deleted for some user before REVOKE ALL # has been run. CREATE TABLE t2 (a INT); GRANT SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 TO u1@h; GRANT INSERT(a) ON t2 TO u1@h; SELECT host, db, user, table_name, column_name, column_priv FROM mysql.columns_priv; SELECT host, db, user, table_name, grantor, table_priv, column_priv FROM mysql.tables_priv; DELETE FROM mysql.columns_priv WHERE host = 'h' AND user = 'u1' AND table_name = 't1'; COMMIT; REVOKE ALL PRIVILEGES, GRANT OPTION FROM u1@h; SELECT host, db, user, table_name, column_name, column_priv FROM mysql.columns_priv; SELECT host, db, user, table_name, grantor, table_priv, column_priv FROM mysql.tables_priv; SHOW GRANTS FOR u1@h; # Check whether on FLUSH PRIVILEGES the GRANT_TABLE::init handles OUT OF MEMORY # condition correctly GRANT UPDATE (a) ON t1 TO u1@h; SET debug='+d,mysql_grant_table_init_out_of_memory'; --error ER_OUT_OF_RESOURCES, 5 FLUSH PRIVILEGES; SET debug='-d,mysql_grant_table_init_out_of_memory'; DROP TABLE t1; DROP TABLE t2; DROP USER u1@h; --echo # Test case that checks the whole transaction was rolled back --echo # in the case of system error and that in-memory cache was reloaded after that CREATE USER u1@h; CREATE TABLE t1 (a INT); SET debug="+d,wl7158_replace_column_table_5"; --error ER_ACL_OPERATION_FAILED GRANT SELECT(a), UPDATE(a), INSERT(a), REFERENCES(a) ON t1 TO u1@h; SHOW WARNINGS; --echo # Check that changes of the whole statement have been rolled back. SELECT * FROM mysql.columns_priv WHERE host = 'h' AND user = 'u1'; SELECT * FROM mysql.tables_priv WHERE host = 'h' AND user = 'u1'; SET debug="-d,wl7158_replace_column_table_5"; DROP TABLE t1; DROP USER u1@h; # # Tests for table priv # CREATE TABLE t1 (a INT); CREATE USER u1@h; SHOW GRANTS FOR u1@h; SET debug="+d,wl7158_replace_table_table_1"; --error ER_ACL_OPERATION_FAILED GRANT UPDATE ON t1 TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_table_table_1"; SET debug="+d,wl7158_replace_table_table_3"; --error ER_ACL_OPERATION_FAILED GRANT UPDATE ON t1 TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_table_table_3"; GRANT UPDATE ON t1 TO u1@h; SET debug="+d,wl7158_replace_table_table_2"; --error ER_ACL_OPERATION_FAILED GRANT UPDATE ON t1 TO u1@h; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_table_table_2"; DROP TABLE t1; DROP USER u1@h; # # Tests for routines priv # CREATE TABLE t1 (a INT); CREATE USER u1@h; CREATE PROCEDURE p() SET @x = 1; SHOW GRANTS FOR u1@h; SET debug="+d,wl7158_replace_routine_table_1"; --error ER_ACL_OPERATION_FAILED GRANT USAGE ON PROCEDURE p TO u1@h WITH GRANT OPTION; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_routine_table_1"; SET debug="+d,wl7158_replace_routine_table_4"; --error ER_ACL_OPERATION_FAILED GRANT USAGE ON PROCEDURE p TO u1@h WITH GRANT OPTION; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_routine_table_4"; GRANT USAGE ON PROCEDURE p TO u1@h WITH GRANT OPTION; SET debug="+d,wl7158_replace_routine_table_2"; --error ER_ACL_OPERATION_FAILED GRANT USAGE ON PROCEDURE p TO u1@h WITH GRANT OPTION; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_routine_table_2"; SET debug="+d,wl7158_replace_routine_table_3"; --error ER_ACL_OPERATION_FAILED DROP PROCEDURE p; SHOW WARNINGS; SHOW GRANTS FOR u1@h; SET debug="-d,wl7158_replace_routine_table_3"; DROP TABLE t1; DROP USER u1@h; --echo --echo ######################################################################## --echo # E. Check that it is possible to ALTER storage engine for privilege --echo # tables to MyISAM. --echo # This is necessary for mysql_system_tables_fix_for_downgrade.sql --echo # to work. --echo ######################################################################## ALTER TABLE mysql.user ENGINE = MyISAM; ALTER TABLE mysql.db ENGINE = MyISAM; ALTER TABLE mysql.columns_priv ENGINE = MyISAM; ALTER TABLE mysql.procs_priv ENGINE = MyISAM; ALTER TABLE mysql.proxies_priv ENGINE = MyISAM; ALTER TABLE mysql.tables_priv ENGINE = MyISAM; SELECT table_name, engine FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = 'mysql' AND table_name IN ('user', 'db', 'columns_priv', 'procs_priv', 'proxies_priv', 'tables_priv') ORDER BY table_name; ALTER TABLE mysql.user ENGINE = InnoDB; ALTER TABLE mysql.db ENGINE = InnoDB; ALTER TABLE mysql.columns_priv ENGINE = InnoDB; ALTER TABLE mysql.procs_priv ENGINE = InnoDB; ALTER TABLE mysql.proxies_priv ENGINE = InnoDB; ALTER TABLE mysql.tables_priv ENGINE = InnoDB; --echo ######################################################################## --echo # Checking that it is possible to CREATE privilege tables in MyISAM. --echo # This is necessary for upgrade via mysqldump to work. --echo ######################################################################## RENAME TABLE mysql.user TO mysql.user_bak; RENAME TABLE mysql.db TO mysql.db_bak; RENAME TABLE mysql.columns_priv TO mysql.columns_priv_bak; RENAME TABLE mysql.procs_priv TO mysql.procs_priv_bak; RENAME TABLE mysql.proxies_priv TO mysql.proxies_priv_bak; RENAME TABLE mysql.tables_priv TO mysql.tables_priv_bak; CREATE TABLE mysql.db ENGINE=MyISAM SELECT * FROM mysql.db_bak; CREATE TABLE mysql.user ENGINE=MyISAM SELECT * FROM mysql.user_bak; CREATE TABLE mysql.columns_priv ENGINE=MyISAM SELECT * FROM mysql.columns_priv_bak; CREATE TABLE mysql.procs_priv ENGINE=MyISAM SELECT * FROM mysql.procs_priv_bak; CREATE TABLE mysql.proxies_priv ENGINE=MyISAM SELECT * FROM mysql.proxies_priv_bak; CREATE TABLE mysql.tables_priv ENGINE=MyISAM SELECT * FROM mysql.tables_priv_bak; DROP TABLE mysql.user, mysql.db, mysql.columns_priv, mysql.procs_priv, mysql.proxies_priv, mysql.tables_priv; RENAME TABLE mysql.user_bak TO mysql.user; RENAME TABLE mysql.db_bak TO mysql.db; RENAME TABLE mysql.columns_priv_bak TO mysql.columns_priv; RENAME TABLE mysql.procs_priv_bak TO mysql.procs_priv; RENAME TABLE mysql.proxies_priv_bak TO mysql.proxies_priv; RENAME TABLE mysql.tables_priv_bak TO mysql.tables_priv; --echo --echo ######################################################################## --echo # F. Upgrade/downgrade tests. --echo ######################################################################## --echo --echo # Disconnect con1 --connection con1 --disconnect con1 --source include/wait_until_disconnected.inc --echo --echo # Connection: default --connection default # Create the user u1@h before server upgrade. CREATE USER u1@h; --echo --echo # Remove the session user #This user is not compatible with 5.6 tables let $date_to_restore=`SELECT password_last_changed from mysql.user where user='mysql.session'`; let $sess_user_account_priv=`SELECT timestamp from mysql.tables_priv where user='mysql.session'`; DELETE FROM mysql.tables_priv WHERE user='mysql.session'; DELETE FROM mysql.user WHERE user='mysql.session'; DELETE FROM mysql.db WHERE user='mysql.session'; --echo --echo # Backup privilege tables and drop original ones RENAME TABLE mysql.user TO mysql.user_bak; RENAME TABLE mysql.db TO mysql.db_bak; RENAME TABLE mysql.columns_priv TO mysql.columns_priv_bak; RENAME TABLE mysql.procs_priv TO mysql.procs_priv_bak; RENAME TABLE mysql.proxies_priv TO mysql.proxies_priv_bak; RENAME TABLE mysql.tables_priv TO mysql.tables_priv_bak; --echo # Create exact structure of privilege tables as it is in 5.6 CREATE TABLE IF NOT EXISTS mysql.db ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Event_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, PRIMARY KEY Host (Host,Db,User), KEY User (User) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Database privileges'; CREATE TABLE IF NOT EXISTS mysql.user ( Host char(60) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Password char(41) character set latin1 collate latin1_bin DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Reload_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Shutdown_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Process_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, File_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_db_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Super_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_slave_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_client_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_user_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Event_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tablespace_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, ssl_type enum('','ANY','X509', 'SPECIFIED') COLLATE utf8_general_ci DEFAULT '' NOT NULL, ssl_cipher BLOB NOT NULL, x509_issuer BLOB NOT NULL, x509_subject BLOB NOT NULL, max_questions int(11) unsigned DEFAULT 0 NOT NULL, max_updates int(11) unsigned DEFAULT 0 NOT NULL, max_connections int(11) unsigned DEFAULT 0 NOT NULL, max_user_connections int(11) unsigned DEFAULT 0 NOT NULL, plugin char(64) DEFAULT 'caching_sha2_password', authentication_string TEXT, password_expired ENUM('N', 'Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, PRIMARY KEY Host (Host,User) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges'; CREATE TABLE IF NOT EXISTS mysql.tables_priv ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Table_name char(64) binary DEFAULT '' NOT NULL, Grantor char(77) DEFAULT '' NOT NULL, Timestamp timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, Table_priv set('Select','Insert','Update','Delete','Create','Drop','Grant','References', 'Index','Alter','Create View','Show view','Trigger') COLLATE utf8_general_ci DEFAULT '' NOT NULL, Column_priv set('Select','Insert','Update','References') COLLATE utf8_general_ci DEFAULT '' NOT NULL, PRIMARY KEY (Host,Db,User,Table_name), KEY Grantor (Grantor) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Table privileges'; CREATE TABLE IF NOT EXISTS mysql.columns_priv ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Table_name char(64) binary DEFAULT '' NOT NULL, Column_name char(64) binary DEFAULT '' NOT NULL, Timestamp timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, Column_priv set('Select','Insert','Update','References') COLLATE utf8_general_ci DEFAULT '' NOT NULL, PRIMARY KEY (Host,Db,User,Table_name,Column_name) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Column privileges'; CREATE TABLE IF NOT EXISTS mysql.procs_priv ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Routine_name char(64) COLLATE utf8_general_ci DEFAULT '' NOT NULL, Routine_type enum('FUNCTION','PROCEDURE') NOT NULL, Grantor char(77) DEFAULT '' NOT NULL, Proc_priv set('Execute','Alter Routine','Grant') COLLATE utf8_general_ci DEFAULT '' NOT NULL, Timestamp timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (Host,Db,User,Routine_name,Routine_type), KEY Grantor (Grantor) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Procedure privileges'; CREATE TABLE IF NOT EXISTS mysql.proxies_priv (Host char(60) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Proxied_host char(60) binary DEFAULT '' NOT NULL, Proxied_user char(16) binary DEFAULT '' NOT NULL, With_grant BOOL DEFAULT 0 NOT NULL, Grantor char(77) DEFAULT '' NOT NULL, Timestamp timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY Host (Host,User,Proxied_host,Proxied_user), KEY Grantor (Grantor) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='User proxy privileges'; --echo # Restore original content of privilege tables INSERT INTO mysql.user(Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv, Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv, Create_user_priv, Event_priv, Trigger_priv, Create_tablespace_priv, ssl_type, ssl_cipher, x509_issuer, x509_subject, max_questions, max_updates, max_connections, max_user_connections, plugin, authentication_string, password_expired) SELECT Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv, Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv, Create_user_priv, Event_priv, Trigger_priv, Create_tablespace_priv, ssl_type, ssl_cipher, x509_issuer, x509_subject, max_questions, max_updates, max_connections, max_user_connections, plugin, authentication_string, password_expired FROM mysql.user_bak; INSERT INTO mysql.db(Host, Db, User, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv, Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv, Execute_priv, Event_priv, Trigger_priv) SELECT Host, Db, User, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv, Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv, Execute_priv, Event_priv, Trigger_priv FROM mysql.db_bak; INSERT INTO mysql.columns_priv(Host, Db, User, Table_name, Column_name, Timestamp, Column_priv) SELECT Host, Db, User, Table_name, Column_name, Timestamp, Column_priv FROM mysql.columns_priv_bak; INSERT INTO mysql.procs_priv(Host, Db, User, Routine_name, Routine_type, Grantor, Proc_priv, Timestamp) SELECT Host, Db, User, Routine_name, Routine_type, Grantor, Proc_priv, Timestamp FROM mysql.procs_priv_bak; INSERT INTO mysql.proxies_priv(Host, User, Proxied_host, Proxied_user, With_grant, Grantor, Timestamp) SELECT Host, User, Proxied_host, Proxied_user, With_grant, Grantor, Timestamp FROM mysql.proxies_priv_bak; INSERT INTO mysql.tables_priv(Host, Db, User, Table_name, Grantor, Timestamp, Table_priv, Column_priv) SELECT Host, Db, User, Table_name, Grantor, Timestamp, Table_priv, Column_priv FROM mysql.tables_priv_bak; COMMIT; CREATE TABLE t1 (a INT); # Since the definition of mysql.user was changed by the WL#6409 (the column # 'password' was removed) the number of column Event_priv was changed by 1. # It resulted in output of error message that the column Event_priv is not # located in expected position. It is expected behaviour and the error message # will disappear after the database upgrade is done. call mtr.add_suppression("mysql.user has no `Event_priv` column at position 28"); --echo --echo # Shutting down mysqld... --source include/shutdown_mysqld.inc --echo --echo # Starting mysqld in the regular mode... --echo --let $restart_parameters = --source include/start_mysqld.inc --echo --echo # Check that any ACL statement is failed when privilege tables --echo # have engine type MyISAM --echo --error ER_UNSUPPORTED_ENGINE CREATE USER u2@h; --error ER_UNSUPPORTED_ENGINE ALTER USER u1@h PASSWORD EXPIRE; --error ER_UNSUPPORTED_ENGINE GRANT SELECT ON t1 TO u1@h; --error ER_UNSUPPORTED_ENGINE REVOKE SELECT ON t1 FROM u1@h; --error ER_UNSUPPORTED_ENGINE REVOKE ALL PRIVILEGES, GRANT OPTION FROM u1@h; --error ER_UNSUPPORTED_ENGINE SET PASSWORD FOR u1@h = '123'; --error ER_UNSUPPORTED_ENGINE RENAME USER u1@h TO u1_1@h; --error ER_UNSUPPORTED_ENGINE DROP USER u1@h; SELECT table_name, engine FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = 'mysql' AND table_name IN ('user', 'db', 'columns_priv', 'procs_priv', 'proxies_priv', 'tables_priv') ORDER BY table_name; --echo --echo # mysql_upgrade... # Filter out ndb_binlog_index to mask differences due to running with or # without ndb. Always report check-for-upgrade status as OK, as it depends # on the order in which tests are run. --let $restart_parameters = restart:--upgrade=FORCE --let $wait_counter= 10000 --source include/restart_mysqld.inc --echo --echo # The ACL tables must have been upgraded. SELECT table_name, engine FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = 'mysql' AND table_name IN ('user', 'db', 'columns_priv', 'procs_priv', 'proxies_priv', 'tables_priv') ORDER BY table_name; --echo # Downgrading --echo --echo --echo # Alter the storage engine to MyISAM (downgrade). ALTER TABLE mysql.user ENGINE = MyISAM; ALTER TABLE mysql.db ENGINE = MyISAM; ALTER TABLE mysql.columns_priv ENGINE = MyISAM; ALTER TABLE mysql.procs_priv ENGINE = MyISAM; ALTER TABLE mysql.proxies_priv ENGINE = MyISAM; ALTER TABLE mysql.tables_priv ENGINE = MyISAM; SELECT table_name, engine FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = 'mysql' AND table_name IN ('user', 'db', 'columns_priv', 'procs_priv', 'proxies_priv', 'tables_priv') ORDER BY table_name; --echo # --echo # Clean-up. Restore original state of privilege tables. DROP TABLES mysql.user, mysql.db, mysql.columns_priv, mysql.procs_priv, mysql.proxies_priv, mysql.tables_priv; RENAME TABLE mysql.user_bak TO mysql.user; RENAME TABLE mysql.db_bak TO mysql.db; RENAME TABLE mysql.columns_priv_bak TO mysql.columns_priv; RENAME TABLE mysql.procs_priv_bak TO mysql.procs_priv; RENAME TABLE mysql.proxies_priv_bak TO mysql.proxies_priv; RENAME TABLE mysql.tables_priv_bak TO mysql.tables_priv; #restore the state of the session user INSERT IGNORE INTO mysql.user VALUES ('localhost','mysql.session', 'N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','Y','N','N','N', 'N','N','N','N','N','N','N','N','N','N','','','','',0,0,0,0, 'caching_sha2_password','$A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED', 'N',CURRENT_TIMESTAMP,NULL,'Y', 'N', 'N', NULL, NULL, NULL, NULL); INSERT IGNORE INTO mysql.tables_priv VALUES ('localhost', 'mysql', 'mysql.session', 'user', 'root\@localhost', CURRENT_TIMESTAMP, 'Select', ''); INSERT IGNORE INTO mysql.db VALUES ('localhost', 'performance\_schema', 'mysql.session','Y','N','N','N','N','N','N','N','N','N','N','N', 'N','N','N','N','N','N','N'); --disable_query_log ONCE --eval UPDATE mysql.tables_priv SET timestamp ='$sess_user_account_priv' WHERE USER= 'mysql.session' --disable_query_log ONCE --eval UPDATE mysql.user SET password_last_changed= '$date_to_restore' WHERE USER= 'mysql.session' FLUSH PRIVILEGES; DROP USER u1@h; DROP TABLE t1; --echo # --echo # Bug #21749169 -- ASSERTS 'ERROR != 146' PROVIDED BY WL#7158 AT VARIOUS PLACES ARE HIT --echo # CREATE TABLE t1 (a INT); CREATE USER u1; # Add record into mysql.tables_priv GRANT ALL ON test.t1 TO 'u1' ; SET autocommit = 0; --connect (con1, localhost, root,,) --echo connection con1 SET autocommit = 0; START TRANSACTION WITH CONSISTENT SNAPSHOT; SAVEPOINT A; DELETE FROM mysql . tables_priv WHERE user = 'u1' LIMIT 1; # Without a patch the following statement would leave MDL lock unreleased # on mysql.tables_priv. This lock has been acquired when DELETE being executed. # It would led to the DBUG_ASSERT(error != HA_ERR_LOCK_WAIT_TIMEOUT) later # when GRANT ALL be handled. ROLLBACK WORK TO SAVEPOINT A; --connection default --echo connection default SET innodb_lock_wait_timeout= 1; # Without the patch the following statement would fire # DBUG_ASSERT(error != HA_ERR_LOCK_WAIT_TIMEOUT) --send GRANT ALL ON t1 TO 'u1' --connection con1 let $wait_timeout= 2; let $wait_condition= SELECT 1 FROM INFORMATION_SCHEMA.PROCESSLIST WHERE state = 'Waiting for table metadata lock' AND info = 'GRANT ALL ON t1 TO \'u1\''; --source include/wait_condition.inc --connection default --disconnect con1 # Reap result of GRANT ALL ON t1 TO 'u1' --reap DROP USER u1; DROP TABLE t1;