4493d40a-92aa-4162-9dfc-bfc4ec0996e6
/
polardbxengine
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polardbxengine/mysql-test/suite/auth_sec/t/atomic_revokes.test

337 lines
9.2 KiB
Plaintext
Raw Permalink Blame History

--source include/have_log_bin.inc
--source include/save_binlog_position.inc
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
--echo # ----------------------------------------------------------------------
--echo # Begin : Tests for REVOKE on global, db and proxy privileges
CREATE USER userX, userY, userA;
CREATE DATABASE db1;
GRANT SUPER ON *.* TO userX, userA;
GRANT SELECT ON db1.* TO userX, userA;
GRANT PROXY ON userY TO userX, userA;
--source include/save_binlog_position.inc
--echo # Initial set of grants for userX
SHOW GRANTS FOR userX;
--echo # Case 1 : Revoke from non-existing user
--error ER_NONEXISTING_GRANT
REVOKE SUPER ON *.* FROM useX, userZ;
--error ER_NONEXISTING_GRANT
REVOKE SELECT ON db1.* FROM userX, userZ;
--error ER_NONEXISTING_GRANT
REVOKE PROXY ON userY FROM userX, userZ;
--echo # userX's grants must not have changed
SHOW GRANTS FOR userX;
--let $invert= 1
--let $event= !Q(REVOKE SUPER ON.*FROM.*userX.*userZ.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $event= !Q(REVOKE SELCT ON.*db1.*FROM.*userX.*userZ.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $event= !Q(REVOKE PROXY ON .*userY.*FROM.*userX.*userZ.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $invert= 0
--echo # Case 2 : Revoke non-existing grants
--error ER_NONEXISTING_GRANT
REVOKE SELECT ON db1.* FROM userY;
--error ER_NONEXISTING_GRANT
REVOKE PROXY ON userX FROM userY;
--echo # userX's grants must not have changed
SHOW GRANTS FOR userX;
--let $invert= 1
--let $event= !Q(REVOKE SELECT ON .*db1.*FROM.*userY.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $event= !Q(REVOKE PROXY ON .*userX.*FROM.*userY.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $invert= 0
--echo # Case 3 : Valid revoke
REVOKE SUPER ON *.* FROM userX, userA;
--let $event= !Q(REVOKE SUPER ON *.* FROM.*userX.*userA.*)
--source ../include/auth_sec_assert_binlog_events.inc
--source include/save_binlog_position.inc
REVOKE SELECT ON db1.* FROM userX, userA;
--let $event= !Q(REVOKE SELECT ON .*db1.*FROM.*userX.*userA.*)
--source ../include/auth_sec_assert_binlog_events.inc
--source include/save_binlog_position.inc
REVOKE PROXY ON userY FROM userX, userA;
--let $event= !Q(REVOKE PROXY ON.*userY.*FROM.*userX.*userA.*)
--source ../include/auth_sec_assert_binlog_events.inc
--echo # userX's grants must have changed
SHOW GRANTS FOR userX;
DROP USER userX, userY, userA;
DROP DATABASE db1;
--echo # End : Tests for REVOKE on global, db and proxy privileges
--echo # ----------------------------------------------------------------------
--echo # Begin : Tests for REVOKE on table and column privileges
CREATE USER userX, userY, userA;
CREATE DATABASE db1;
CREATE TABLE db1.table1(c1 int, c2 int, c3 int);
GRANT SELECT ON db1.table1 TO userX, userA;
GRANT INSERT(c1, c2) ON db1.table1 TO userX, userA;
--source include/save_binlog_position.inc
--echo # Initial set of grants for userX
SHOW GRANTS FOR userX;
--echo # Case 1 : Revoke from non-existing user
--error ER_NONEXISTING_TABLE_GRANT
REVOKE SELECT ON db1.table1 FROM userX, userZ;
--error ER_NONEXISTING_TABLE_GRANT
REVOKE INSERT(c1, c2) ON db1.table1 FROM userX, userZ;
--echo # userX's grants must not have changed
SHOW GRANTS FOR userX;
--let $invert= 1
--let $event= !Q(REVOKE SELECT ON.*db1.*table1.*FROM.*userX.*userZ)
--source ../include/auth_sec_assert_binlog_events.inc
--let $event= !Q(REVOKE INSERT(.*c1.*c2.*) ON .*db1.*table1.*FROM.*userX.*userZ.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $invert= 0
--echo # Case 2 : Revoke non-existing grants
--error ER_NONEXISTING_TABLE_GRANT
REVOKE SELECT ON db1.table1 FROM userX, userY;
--error ER_NONEXISTING_TABLE_GRANT
REVOKE INSERT(c1, c2) ON db1.table1 FROM userX, userY;
--echo # userX's grants must not have changed
SHOW GRANTS FOR userX;
--let $invert= 1
--let $event= !Q(REVOKE SELECT ON.*db1.*table1.*FROM.*userX.*userY.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $event= !Q(REVOKE INSERT(.*c1.*c2.*) ON .*db1.*table1.* FROM.*userX.*userY.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $invert= 0
--echo # Case 3 : Valid revoke
REVOKE SELECT ON db1.table1 FROM userX, userA;
--let $event= !Q(REVOKE SELECT ON.*db1.*table1.*FROM.*userX.*userA.*)
--source ../include/auth_sec_assert_binlog_events.inc
--source include/save_binlog_position.inc
REVOKE INSERT(c1, c2) ON db1.table1 FROM userX, userA;
--let $event= !Q(REVOKE INSERT(.*c1.*c2.*) ON.*db1.*table1.*FROM.*userX.*userA.*)
--source ../include/auth_sec_assert_binlog_events.inc
--echo # userX's grants must have changed
SHOW GRANTS FOR userX;
DROP USER userX, userY, userA;
DROP TABLE db1.table1;
DROP DATABASE db1;
--source include/save_binlog_position.inc
--echo # End : Tests for REVOKE on table and column privileges
--echo # ----------------------------------------------------------------------
--echo # Begin : Tests for REVOKE on procedure privileges
CREATE USER userX, userY, userA;
CREATE DATABASE db1;
DELIMITER ||;
CREATE PROCEDURE db1.proc1()
BEGIN
SELECT 1234;
END ||
DELIMITER ;||
GRANT EXECUTE ON PROCEDURE db1.proc1 to userX, userA;
--source include/save_binlog_position.inc
--echo # Initial set of grants for userX
SHOW GRANTS FOR userX;
--echo Case 1 : Revoke from non-existing user
--error ER_NONEXISTING_PROC_GRANT
REVOKE EXECUTE ON PROCEDURE db1.proc1 FROM userX, userZ;
--echo # userX's grants must not have changed
SHOW GRANTS FOR userX;
--let $invert= 1
--let $event= !Q(REVOKE EXECUTE ON PROCEDURE.*db1.*proc1.*FROM.*userX.*userZ.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $invert= 0
--echo Case 2 : Revoke non-existing grants
--error ER_NONEXISTING_PROC_GRANT
REVOKE EXECUTE ON PROCEDURE db1.proc1 FROM userX, userY;
--echo # userX's grants must not have changed
SHOW GRANTS FOR userX;
--let $invert= 1
--let $event= !Q(REVOKE EXECUTE ON PROCEDURE.*db1.*proc1.*FROM.*userX.*userY.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $invert= 0
--echo Case 3 : Valid revoke
REVOKE EXECUTE ON PROCEDURE db1.proc1 FROM userX, userA;
--echo # userX's grants must have changed
SHOW GRANTS FOR userX;
--let $event= !Q(REVOKE EXECUTE ON PROCEDURE.*db1.*proc1.*FROM.*userX.*userA.*)
--source ../include/auth_sec_assert_binlog_events.inc
DROP USER userX, userY, userA;
DROP PROCEDURE db1.proc1;
DROP DATABASE db1;
--source include/save_binlog_position.inc
--echo # End : Tests for REVOKE on procedures privileges
--echo # ----------------------------------------------------------------------
--echo # Begin : Tests for REVOKE on roles
CREATE USER userX, userY, userA;
CREATE ROLE roleA, roleB;
GRANT roleA, roleB TO userX, userA;
--source include/save_binlog_position.inc
--echo # Initial set of grants for userX
SHOW GRANTS FOR userX;
--echo # Case 1 : Revoke from non-existing user
--error ER_UNKNOWN_AUTHID
REVOKE roleA, roleB FROM userX, userZ;
--echo # userX's grants must not have changed
SHOW GRANTS FOR userX;
--let $invert= 1
--let $event= !Q(REVOKE.*roleA.*,.*roleB.*FROM.*userX.*,.*userZ.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $invert= 0
--echo # Case 2 : Valid revoke
REVOKE roleA, roleB FROM userX, userA;
--echo # userX's grants must have changed
SHOW GRANTS FOR userX;
--let $event= !Q(REVOKE.*roleA.*,.*roleB.*FROM.*userX.*,.*userA.*)
--source ../include/auth_sec_assert_binlog_events.inc
DROP USER userX, userY, userA;
DROP ROLE roleA, roleB;
--source include/save_binlog_position.inc
--echo # End : Tests for REVOKE on roles
--echo # ----------------------------------------------------------------------
--echo # Begin : Tests for REVOKE ALL
CREATE USER userX, userY, userA;
CREATE ROLE roleA, roleB;
CREATE DATABASE db1;
CREATE TABLE db1.table1(c1 int, c2 int, c3 int);
DELIMITER ||;
CREATE PROCEDURE db1.proc1()
BEGIN
SELECT 1234;
END ||
DELIMITER ;||
GRANT SUPER ON *.* TO userX, userA;
GRANT SELECT ON db1.* TO userX, userA;
GRANT PROXY ON userY TO userX, userA;
GRANT SELECT ON db1.table1 TO userX, userA;
GRANT INSERT(c1, c2) ON db1.table1 TO userX, userA;
GRANT EXECUTE ON PROCEDURE db1.proc1 to userX, userA;
GRANT roleA, roleB TO userX, userA;
--source include/save_binlog_position.inc
--echo # Initial set of grants for userX
SHOW GRANTS FOR userX;
--echo # Case 1 : Revoke from non-existing user
--error ER_REVOKE_GRANTS
REVOKE ALL PRIVILEGES, GRANT OPTION FROM userX, userZ;
--echo # userX's grants must not have changed
SHOW GRANTS FOR userX;
--let $invert= 1
--let $event= !Q(REVOKE ALL PRIVILEGES, GRANT OPTION FROM.*userX.*,.*userZ.*)
--source ../include/auth_sec_assert_binlog_events.inc
--let $invert= 0
--echo # Case 2 : Valid revoke
REVOKE ALL PRIVILEGES, GRANT OPTION FROM userX, userA;
--echo # userX's grants must have changed
SHOW GRANTS FOR userX;
--let $event= !Q(REVOKE ALL PRIVILEGES, GRANT OPTION FROM.*userX.*,.*userA.*)
--source ../include/auth_sec_assert_binlog_events.inc
DROP USER userX, userY, userA;
DROP ROLE roleA, roleB;
DROP TABLE db1.table1;
DROP PROCEDURE db1.proc1;
DROP DATABASE db1;
--source include/save_binlog_position.inc
--echo # End : Tests for REVOKE ALL
--echo # ----------------------------------------------------------------------
# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc
Reference in New Issue View Git Blame Copy Permalink