Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
97861f60
Commit
97861f60
authored
Mar 15, 2007
by
acurtis/antony@ltamd64.xiphis.org
Browse files
Options
Browse Files
Download
Plain Diff
Merge xiphis.org:/home/antony/work2/p1-bug25671.3
into xiphis.org:/home/antony/work2/p1-bug25671.4
parents
bb233cb3
e4d93c6b
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
224 additions
and
0 deletions
+224
-0
mysql-test/r/federated_server.result
mysql-test/r/federated_server.result
+85
-0
mysql-test/t/federated_server.test
mysql-test/t/federated_server.test
+127
-0
sql/sql_parse.cc
sql/sql_parse.cc
+12
-0
No files found.
mysql-test/r/federated_server.result
View file @
97861f60
...
...
@@ -104,6 +104,91 @@ drop table first_db.t1;
drop table second_db.t1;
drop database first_db;
drop database second_db;
create database db_legitimate;
create database db_bogus;
use db_legitimate;
CREATE TABLE db_legitimate.t1 (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
);
INSERT INTO db_legitimate.t1 VALUES ('1','this is legitimate');
use db_bogus;
CREATE TABLE db_bogus.t1 (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
)
;
INSERT INTO db_bogus.t1 VALUES ('2','this is bogus');
create server 's1' foreign data wrapper 'mysql' options
(HOST '127.0.0.1',
DATABASE 'db_legitimate',
USER 'root',
PASSWORD '',
PORT SLAVE_PORT,
SOCKET '',
OWNER 'root');
create user guest_select@localhost;
grant select on federated.* to guest_select@localhost;
create user guest_super@localhost;
grant select,SUPER,RELOAD on *.* to guest_super@localhost;
create user guest_usage@localhost;
grant usage on *.* to guest_usage@localhost;
CREATE TABLE federated.t1 (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
) ENGINE = FEDERATED CONNECTION = 's1';
select * from federated.t1;
id name
1 this is legitimate
alter server s1 options (database 'db_bogus');
ERROR 42000: Access denied; you need the SUPER privilege for this operation
flush tables;
select * from federated.t1;
id name
1 this is legitimate
alter server s1 options (database 'db_bogus');
ERROR 42000: Access denied; you need the SUPER privilege for this operation
flush tables;
select * from federated.t1;
id name
1 this is legitimate
alter server s1 options (database 'db_bogus');
flush tables;
select * from federated.t1;
id name
2 this is bogus
drop server if exists 's1';
ERROR 42000: Access denied; you need the SUPER privilege for this operation
create server 's1' foreign data wrapper 'mysql' options
(HOST '127.0.0.1',
DATABASE 'db_legitimate',
USER 'root',
PASSWORD '',
PORT SLAVE_PORT,
SOCKET '',
OWNER 'root');
ERROR 42000: Access denied; you need the SUPER privilege for this operation
drop server 's1';
create server 's1' foreign data wrapper 'mysql' options
(HOST '127.0.0.1',
DATABASE 'db_legitimate',
USER 'root',
PASSWORD '',
PORT SLAVE_PORT,
SOCKET '',
OWNER 'root');
flush tables;
select * from federated.t1;
id name
1 this is legitimate
drop database db_legitimate;
drop database db_bogus;
drop user guest_super@localhost;
drop user guest_usage@localhost;
drop user guest_select@localhost;
drop table federated.t1;
drop server 's1';
# End of 5.1 tests
DROP TABLE IF EXISTS federated.t1;
DROP DATABASE IF EXISTS federated;
DROP TABLE IF EXISTS federated.t1;
...
...
mysql-test/t/federated_server.test
View file @
97861f60
...
...
@@ -107,4 +107,131 @@ drop table second_db.t1;
drop
database
first_db
;
drop
database
second_db
;
#
# Bug#25671 - CREATE/DROP/ALTER SERVER should require privileges
#
# Changes to SERVER declarations should require SUPER privilege.
# Based upon test case by Giuseppe Maxia
create
database
db_legitimate
;
create
database
db_bogus
;
use
db_legitimate
;
CREATE
TABLE
db_legitimate
.
t1
(
`id`
int
(
20
)
NOT
NULL
,
`name`
varchar
(
64
)
NOT
NULL
default
''
);
INSERT
INTO
db_legitimate
.
t1
VALUES
(
'1'
,
'this is legitimate'
);
use
db_bogus
;
CREATE
TABLE
db_bogus
.
t1
(
`id`
int
(
20
)
NOT
NULL
,
`name`
varchar
(
64
)
NOT
NULL
default
''
)
;
INSERT
INTO
db_bogus
.
t1
VALUES
(
'2'
,
'this is bogus'
);
connection
master
;
--
replace_result
$SLAVE_MYPORT
SLAVE_PORT
eval
create
server
's1'
foreign
data
wrapper
'mysql'
options
(
HOST
'127.0.0.1'
,
DATABASE
'db_legitimate'
,
USER
'root'
,
PASSWORD
''
,
PORT
$SLAVE_MYPORT
,
SOCKET
''
,
OWNER
'root'
);
create
user
guest_select
@
localhost
;
grant
select
on
federated
.*
to
guest_select
@
localhost
;
create
user
guest_super
@
localhost
;
grant
select
,
SUPER
,
RELOAD
on
*.*
to
guest_super
@
localhost
;
create
user
guest_usage
@
localhost
;
grant
usage
on
*.*
to
guest_usage
@
localhost
;
CREATE
TABLE
federated
.
t1
(
`id`
int
(
20
)
NOT
NULL
,
`name`
varchar
(
64
)
NOT
NULL
default
''
)
ENGINE
=
FEDERATED
CONNECTION
=
's1'
;
select
*
from
federated
.
t1
;
connect
(
conn_select
,
127.0
.
0.1
,
guest_select
,,
federated
,
$MASTER_MYPORT
);
connect
(
conn_usage
,
127.0
.
0.1
,
guest_usage
,,,
$MASTER_MYPORT
);
connect
(
conn_super
,
127.0
.
0.1
,
guest_super
,,,
$MASTER_MYPORT
);
connection
conn_select
;
--
error
ER_SPECIFIC_ACCESS_DENIED_ERROR
alter
server
s1
options
(
database
'db_bogus'
);
connection
master
;
flush
tables
;
select
*
from
federated
.
t1
;
connection
conn_usage
;
--
error
ER_SPECIFIC_ACCESS_DENIED_ERROR
alter
server
s1
options
(
database
'db_bogus'
);
connection
master
;
flush
tables
;
select
*
from
federated
.
t1
;
connection
conn_super
;
alter
server
s1
options
(
database
'db_bogus'
);
connection
master
;
flush
tables
;
select
*
from
federated
.
t1
;
connection
conn_select
;
--
error
ER_SPECIFIC_ACCESS_DENIED_ERROR
drop
server
if
exists
's1'
;
--
replace_result
$SLAVE_MYPORT
SLAVE_PORT
--
error
ER_SPECIFIC_ACCESS_DENIED_ERROR
eval
create
server
's1'
foreign
data
wrapper
'mysql'
options
(
HOST
'127.0.0.1'
,
DATABASE
'db_legitimate'
,
USER
'root'
,
PASSWORD
''
,
PORT
$SLAVE_MYPORT
,
SOCKET
''
,
OWNER
'root'
);
connection
conn_super
;
drop
server
's1'
;
--
replace_result
$SLAVE_MYPORT
SLAVE_PORT
eval
create
server
's1'
foreign
data
wrapper
'mysql'
options
(
HOST
'127.0.0.1'
,
DATABASE
'db_legitimate'
,
USER
'root'
,
PASSWORD
''
,
PORT
$SLAVE_MYPORT
,
SOCKET
''
,
OWNER
'root'
);
connection
master
;
flush
tables
;
select
*
from
federated
.
t1
;
# clean up test
connection
slave
;
drop
database
db_legitimate
;
drop
database
db_bogus
;
disconnect
conn_select
;
disconnect
conn_usage
;
disconnect
conn_super
;
connection
master
;
drop
user
guest_super
@
localhost
;
drop
user
guest_usage
@
localhost
;
drop
user
guest_select
@
localhost
;
drop
table
federated
.
t1
;
drop
server
's1'
;
--
echo
# End of 5.1 tests
source
include
/
federated_cleanup
.
inc
;
sql/sql_parse.cc
View file @
97861f60
...
...
@@ -4276,6 +4276,10 @@ create_sp_error:
int
error
;
LEX
*
lex
=
thd
->
lex
;
DBUG_PRINT
(
"info"
,
(
"case SQLCOM_CREATE_SERVER"
));
if
(
check_global_access
(
thd
,
SUPER_ACL
))
break
;
if
((
error
=
create_server
(
thd
,
&
lex
->
server_options
)))
{
DBUG_PRINT
(
"info"
,
(
"problem creating server <%s>"
,
...
...
@@ -4291,6 +4295,10 @@ create_sp_error:
int
error
;
LEX
*
lex
=
thd
->
lex
;
DBUG_PRINT
(
"info"
,
(
"case SQLCOM_ALTER_SERVER"
));
if
(
check_global_access
(
thd
,
SUPER_ACL
))
break
;
if
((
error
=
alter_server
(
thd
,
&
lex
->
server_options
)))
{
DBUG_PRINT
(
"info"
,
(
"problem altering server <%s>"
,
...
...
@@ -4306,6 +4314,10 @@ create_sp_error:
int
err_code
;
LEX
*
lex
=
thd
->
lex
;
DBUG_PRINT
(
"info"
,
(
"case SQLCOM_DROP_SERVER"
));
if
(
check_global_access
(
thd
,
SUPER_ACL
))
break
;
if
((
err_code
=
drop_server
(
thd
,
&
lex
->
server_options
)))
{
if
(
!
lex
->
drop_if_exists
&&
err_code
==
ER_FOREIGN_SERVER_EXISTS
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment