# Can't run with embedded server because we use GRANT -- source include/not_embedded.inc # Save the initial number of concurrent sessions --source include/count_sessions.inc call mtr.add_suppression("Did not write failed .* into binary log while " "granting/revoking privileges in databases."); # Test of GRANT commands SET NAMES binary; connect (master,localhost,root,,); connection master; # Cleanup --disable_warnings drop table if exists t1; --enable_warnings delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; create user mysqltest_1@localhost; grant create user on *.* to mysqltest_1@localhost; grant select on `my\_1`.* to mysqltest_1@localhost with grant option; connect (user_a,localhost,mysqltest_1,,); connection user_a; --error ER_CANT_CREATE_USER_WITH_GRANT grant select on `my\_1`.* to mysqltest_2@localhost; create user mysqltest_2@localhost; disconnect user_a; disconnect master; connection default; delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; # # Bug#19828 Case sensitivity in Grant/Revoke # grant select on test.* to CUser@localhost; grant select on test.* to CUser@LOCALHOST; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; DROP USER CUser@localhost; --error ER_CANNOT_USER DROP USER CUser@LOCALHOST; #### table grants create table t1 (a int); grant select on test.t1 to CUser@localhost; grant select on test.t1 to CUser@LOCALHOST; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; DROP USER CUser@localhost; --error ER_CANNOT_USER DROP USER CUser@LOCALHOST; ### column grants grant select(a) on test.t1 to CUser@localhost; grant select(a) on test.t1 to CUser@LOCALHOST; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; DROP USER CUser@localhost; --error ER_CANNOT_USER DROP USER CUser@LOCALHOST; drop table t1; # revoke on a specific DB only grant select on test.* to CUser2@localhost; grant select on test.* to CUser2@LOCALHOST; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST'; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; --error ER_NONEXISTING_GRANT REVOKE SELECT ON test.* FROM 'CUser2'@'localhost'; flush privileges; SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; DROP USER CUser2@localhost; --error ER_CANNOT_USER DROP USER CUser2@LOCALHOST; # # Bug#31194 Privilege ordering does not order properly for wildcard values # CREATE DATABASE mysqltest_1; CREATE TABLE mysqltest_1.t1 (a INT); CREATE USER 'mysqltest1'@'%'; GRANT SELECT, UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%'; REVOKE SELECT ON `mysqltest_1`.* FROM 'mysqltest1'@'%'; GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%'; FLUSH PRIVILEGES; connect (conn1,localhost,mysqltest1,,); connection conn1; SHOW GRANTS; SELECT * FROM mysqltest_1.t1; disconnect conn1; connection default; DROP USER 'mysqltest1'@'%'; DROP DATABASE mysqltest_1; --echo # --echo # Bug#41597 - After rename of user, there are additional grants --echo # when grants are reapplied. --echo # CREATE DATABASE temp; CREATE TABLE temp.t1(a INT, b VARCHAR(10)); INSERT INTO temp.t1 VALUES(1, 'name1'); INSERT INTO temp.t1 VALUES(2, 'name2'); INSERT INTO temp.t1 VALUES(3, 'name3'); CREATE USER 'user1'@'%'; RENAME USER 'user1'@'%' TO 'user2'@'%'; --echo # Show privileges after rename and BEFORE grant SHOW GRANTS FOR 'user2'@'%'; GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%'; --echo # Show privileges after rename and grant SHOW GRANTS FOR 'user2'@'%'; --echo # Connect as the renamed user connect (conn1, localhost, user2,,); connection conn1; SHOW GRANTS; SELECT a FROM temp.t1; --echo # Check for additional privileges by accessing a --echo # non privileged column. We shouldn't be able to --echo # access this column. --error ER_COLUMNACCESS_DENIED_ERROR SELECT b FROM temp.t1; disconnect conn1; connection default; DROP USER 'user2'@'%'; DROP DATABASE temp; --echo End of 5.0 tests # Wait till we reached the initial number of concurrent sessions --source include/wait_until_count_sessions.inc