4493d40a-92aa-4162-9dfc-bfc4ec0996e6
/
polardbxengine
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polardbxengine/mysql-test/suite/xengine_auth_sec/t/partial_revokes_proxy.test

74 lines
3.7 KiB
Plaintext
Raw Blame History

--source include/have_plugin_interface.inc
let PLUGIN_AUTH_OPT=`SELECT TRIM(TRAILING '/debug' FROM '$PLUGIN_AUTH_OPT')`;
--echo ------------------------------------------------------------------------
--echo # Setup
--disable_query_log
--disable_warnings
let $saved_partial_revokes = `SELECT @@global.partial_revokes`;
SET GLOBAL partial_revokes= ON;
--enable_warnings
--enable_query_log
CREATE DATABASE db1;
CREATE TABLE db1.t1(c1 int);
INSERT INTO db1.t1 VALUES (1), (2), (3);
--echo ------------------------------------------------------------------------
--echo # Case: - Connecting user has sufficient privileges
--echo # - Effective user does not have required privileges
# Connecting user has sufficient privileges
CREATE USER qa_test_3_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_3_dest';
GRANT SELECT ON *.* TO qa_test_3_user;
# Effective user has partial revokes
CREATE USER qa_test_3_dest IDENTIFIED BY 'dest_passwd';
GRANT SELECT ON *.* TO qa_test_3_dest;
REVOKE SELECT ON db1.* FROM qa_test_3_dest;
GRANT PROXY ON qa_test_3_dest TO qa_test_3_user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user\G" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user\G" 2>&1
# Following should throw error because effective user does not have sufficient
# privileges and connecting user's privileges are not considered in case of a
# proxy grant.
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest -e "SELECT COUNT(*) FROM db1.t1\G" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest -e "SELECT COUNT(*) FROM db1.t1\G" 2>&1
DROP USER qa_test_3_dest, qa_test_3_user;
--echo ------------------------------------------------------------------------
--echo # Case: - Connecting user does not have required privileges
--echo # - Effective user has sufficient privileges
# Connecting user has partial revokes
CREATE USER qa_test_4_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_4_dest';
GRANT SELECT ON *.* TO qa_test_4_user;
REVOKE SELECT ON db1.* FROM qa_test_4_user;
# Effective user has sufficient privileges
CREATE USER qa_test_4_dest IDENTIFIED BY 'dest_passwd';
GRANT SELECT ON *.* TO qa_test_4_dest;
GRANT PROXY ON qa_test_4_dest TO qa_test_4_user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user\G" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user\G" 2>&1
# Following should work because effective user has sufficient privileges and
# connecting user's privileges are not considered in case of a proxy grant
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest -e "SELECT COUNT(*) FROM db1.t1;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest -e "SELECT COUNT(*) FROM db1.t1;" 2>&1
DROP USER qa_test_4_dest, qa_test_4_user;
--echo ------------------------------------------------------------------------
--echo # Cleanup
DROP TABLE db1.t1;
DROP DATABASE db1;
--disable_query_log
--disable_warnings
eval SET GLOBAL partial_revokes = $saved_partial_revokes;
--enable_warnings
--enable_query_log
--echo ------------------------------------------------------------------------
Reference in New Issue View Git Blame Copy Permalink