153 lines
3.3 KiB
Plaintext
153 lines
3.3 KiB
Plaintext
###############################################################################
|
|
# WL#12364: Kill administration for system users #
|
|
# #
|
|
# This test file covers the scenarios around prohibiting the killing #
|
|
# connections of a user who is granted the SYSTEM_USER dynamic privilege #
|
|
# from the connections of a user who is not granted the SYSTEM_USER #
|
|
# dynamic privilege. #
|
|
# #
|
|
###############################################################################
|
|
|
|
--source include/xplugin_preamble.inc
|
|
--source include/xplugin_create_user.inc
|
|
|
|
create user unpriv@localhost;
|
|
set password for unpriv@localhost = 'x';
|
|
grant connection_admin on *.* to unpriv@localhost;
|
|
create role sys_user_role;
|
|
grant system_user on *.* to sys_user_role;
|
|
grant sys_user_role to unpriv@localhost;
|
|
|
|
## Test starts here
|
|
--write_file $MYSQL_TMP_DIR/system_user_kill.tmp
|
|
## Test data
|
|
|
|
Mysqlx.Sql.StmtExecute {
|
|
stmt: "list_clients"
|
|
namespace: "xplugin"
|
|
}
|
|
|
|
## expect Mysqlx.Sql.StmtExecuteOk
|
|
-->recvresult
|
|
|
|
## create and activate new session
|
|
-->newsession aux x_root
|
|
|
|
Mysqlx.Sql.StmtExecute {
|
|
stmt: "list_clients"
|
|
namespace: "xplugin"
|
|
}
|
|
|
|
## expect Mysqlx.Sql.StmtExecuteOk
|
|
-->recvresult
|
|
|
|
## switch back to default session
|
|
-->setsession
|
|
|
|
Mysqlx.Sql.StmtExecute {
|
|
stmt: "list_clients"
|
|
namespace: "xplugin"
|
|
}
|
|
|
|
## expect Mysqlx.Sql.StmtExecuteOk
|
|
-->recvresult
|
|
|
|
### Create a separate session with diff account
|
|
-->newsession unpriv unpriv x
|
|
|
|
-->echo Should list unprivs session only
|
|
Mysqlx.Sql.StmtExecute {
|
|
stmt: "list_clients"
|
|
namespace: "xplugin"
|
|
}
|
|
-->recvresult
|
|
|
|
-->echo Try to kill a x_root session from regular session
|
|
Mysqlx.Sql.StmtExecute {
|
|
stmt: "kill_client"
|
|
namespace: "xplugin"
|
|
args {
|
|
type: SCALAR
|
|
scalar {
|
|
type: V_UINT
|
|
v_unsigned_int: 2
|
|
}
|
|
}
|
|
}
|
|
-->recverror 1095
|
|
|
|
-->echo promote regular session to power session
|
|
-->sql
|
|
set role sys_user_role;
|
|
-->endsql
|
|
|
|
-->echo Try to kill a x_root session from unpriv
|
|
Mysqlx.Sql.StmtExecute {
|
|
stmt: "kill_client"
|
|
namespace: "xplugin"
|
|
args {
|
|
type: SCALAR
|
|
scalar {
|
|
type: V_UINT
|
|
v_unsigned_int: 2
|
|
}
|
|
}
|
|
}
|
|
|
|
## expect Mysqlx.Sql.StmtExecuteOk
|
|
-->recvresult
|
|
|
|
-->setsession
|
|
|
|
-->sql
|
|
select sleep(0.5);
|
|
-->endsql
|
|
-->echo Should two sessions
|
|
Mysqlx.Sql.StmtExecute {
|
|
stmt: "list_clients"
|
|
namespace: "xplugin"
|
|
}
|
|
-->recvresult
|
|
|
|
|
|
-->echo Now kill one power_session from another power_session
|
|
Mysqlx.Sql.StmtExecute {
|
|
stmt: "kill_client"
|
|
namespace: "xplugin"
|
|
args {
|
|
type: SCALAR
|
|
scalar {
|
|
type: V_UINT
|
|
v_unsigned_int: 3
|
|
}
|
|
}
|
|
}
|
|
-->recvresult
|
|
|
|
-->sql
|
|
select sleep(0.5);
|
|
-->endsql
|
|
-->echo Should list only x_root session
|
|
Mysqlx.Sql.StmtExecute {
|
|
stmt: "list_clients"
|
|
namespace: "xplugin"
|
|
}
|
|
-->recvresult
|
|
|
|
|
|
|
|
## Cleanup
|
|
-->sql
|
|
drop schema if exists xtest;
|
|
drop user unpriv@localhost;
|
|
drop role sys_user_role;
|
|
-->endsql
|
|
EOF
|
|
|
|
--replace_regex /([a-z]*.+localhost[ ]+)[0-9]+/\1$SESSION/ /You are not owner of thread [0-9]+/You are not owner of thread/
|
|
--exec $MYSQLXTEST -ux_root --password='' --file=$MYSQL_TMP_DIR/system_user_kill.tmp 2>&1
|
|
|
|
## Cleanup
|
|
--source include/xplugin_drop_user.inc
|
|
--remove_file $MYSQL_TMP_DIR/system_user_kill.tmp
|