• unknown's avatar
    Bug#25671 · 6d98913b
    unknown authored
      "CREATE/DROP/ALTER SERVER should require privileges"
      Add check for SUPER privilege when executing CREATE/DROP/ALTER SERVER.
      Previously, any user even with only USAGE priv can execute those commands.
    
    
    mysql-test/r/federated_server.result:
      Bug25671 - CREATE/DROP/ALTER SERVER should require privileges
    mysql-test/t/federated_server.test:
      Bug25671 - CREATE/DROP/ALTER SERVER should require privileges
    sql/sql_parse.cc:
      Bug25671 - CREATE/DROP/ALTER SERVER should require privileges
        Add check for SUPER privilege when executing CREATE/DROP/ALTER SERVER
    6d98913b
federated_server.result 5.39 KB
stop slave;
drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
reset master;
reset slave;
drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
start slave;
stop slave;
DROP DATABASE IF EXISTS federated;
CREATE DATABASE federated;
DROP DATABASE IF EXISTS federated;
CREATE DATABASE federated;
create database first_db;
create database second_db;
use first_db;
DROP TABLE IF EXISTS first_db.t1;
Warnings:
Note	1051	Unknown table 't1'
CREATE TABLE first_db.t1 (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
    )
DEFAULT CHARSET=latin1;
use second_db;
DROP TABLE IF EXISTS second_db.t1;
Warnings:
Note	1051	Unknown table 't1'
CREATE TABLE second_db.t1 (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
    )
DEFAULT CHARSET=latin1;
drop server if exists 'server_one';
create server 'server_one' foreign data wrapper 'mysql' options
(HOST '127.0.0.1',
DATABASE 'first_db',
USER 'root',
PASSWORD '',
PORT SLAVE_PORT,
SOCKET '',
OWNER 'root');
drop server if exists 'server_two';
create server 'server_two' foreign data wrapper 'mysql' options
(HOST '127.0.0.1',
DATABASE 'second_db',
USER 'root',
PASSWORD '',
PORT SLAVE_PORT,
SOCKET '',
OWNER 'root');
select * from mysql.servers;
Server_name	Host	Db	Username	Password	Port	Socket	Wrapper	Owner
server_one	127.0.0.1	first_db	root		SLAVE_PORT		mysql	root
server_two	127.0.0.1	second_db	root		SLAVE_PORT		mysql	root
DROP TABLE IF EXISTS federated.old;
Warnings:
Note	1051	Unknown table 'old'
CREATE TABLE federated.old (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
    )
ENGINE="FEDERATED" DEFAULT CHARSET=latin1
CONNECTION='mysql://root@127.0.0.1:SLAVE_PORT/first_db/t1';
INSERT INTO federated.old (id, name) values (1, 'federated.old url');
SELECT * FROM federated.old;
id	name
1	federated.old url
DROP TABLE IF EXISTS federated.old2;
Warnings:
Note	1051	Unknown table 'old2'
CREATE TABLE federated.old2 (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
    )
ENGINE="FEDERATED" DEFAULT CHARSET=latin1
CONNECTION='mysql://root@127.0.0.1:SLAVE_PORT/second_db/t1';
INSERT INTO federated.old2 (id, name) values (1, 'federated.old2 url');
DROP TABLE IF EXISTS federated.t1;
Warnings:
Note	1051	Unknown table 't1'
CREATE TABLE federated.t1 (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
    )
ENGINE="FEDERATED" DEFAULT CHARSET=latin1
CONNECTION='server_one';
INSERT INTO federated.t1 (id, name) values (1, 'server_one, new scheme');
SELECT * FROM federated.t1;
id	name
1	federated.old url
1	server_one, new scheme
ALTER SERVER 'server_one' options(DATABASE 'second_db');
flush tables;
INSERT INTO federated.t1 (id, name) values (1, 'server_two, new scheme');
SELECT * FROM federated.t1;
id	name
1	federated.old2 url
1	server_two, new scheme
drop table federated.t1;
drop server 'server_one';
drop server 'server_two';
select * from mysql.servers;
Server_name	Host	Db	Username	Password	Port	Socket	Wrapper	Owner
drop table first_db.t1;
drop table second_db.t1;
drop database first_db;
drop database second_db;
create database db_legitimate;
create database db_bogus;
use db_legitimate;
CREATE TABLE db_legitimate.t1 (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
    );
INSERT INTO db_legitimate.t1 VALUES ('1','this is legitimate');
use db_bogus;
CREATE TABLE db_bogus.t1 (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
    )
;
INSERT INTO db_bogus.t1 VALUES ('2','this is bogus');
create server 's1' foreign data wrapper 'mysql' options
(HOST '127.0.0.1',
DATABASE 'db_legitimate',
USER 'root',
PASSWORD '',
PORT SLAVE_PORT,
SOCKET '',
OWNER 'root');
create user guest_select@localhost;
grant select on federated.* to guest_select@localhost;
create user guest_super@localhost;
grant select,SUPER,RELOAD on *.* to guest_super@localhost;
create user guest_usage@localhost;
grant usage on *.* to guest_usage@localhost;
CREATE TABLE federated.t1 (
`id` int(20) NOT NULL,
`name` varchar(64) NOT NULL default ''
    ) ENGINE = FEDERATED CONNECTION = 's1';
select * from federated.t1;
id	name
1	this is legitimate
alter server s1 options (database 'db_bogus');
ERROR 42000: Access denied; you need the SUPER privilege for this operation
flush tables;
select * from federated.t1;
id	name
1	this is legitimate
alter server s1 options (database 'db_bogus');
ERROR 42000: Access denied; you need the SUPER privilege for this operation
flush tables;
select * from federated.t1;
id	name
1	this is legitimate
alter server s1 options (database 'db_bogus');
flush tables;
select * from federated.t1;
id	name
2	this is bogus
drop server if exists 's1';
ERROR 42000: Access denied; you need the SUPER privilege for this operation
create server 's1' foreign data wrapper 'mysql' options
(HOST '127.0.0.1',
DATABASE 'db_legitimate',
USER 'root',
PASSWORD '',
PORT SLAVE_PORT,
SOCKET '',
OWNER 'root');
ERROR 42000: Access denied; you need the SUPER privilege for this operation
drop server 's1';
create server 's1' foreign data wrapper 'mysql' options
(HOST '127.0.0.1',
DATABASE 'db_legitimate',
USER 'root',
PASSWORD '',
PORT SLAVE_PORT,
SOCKET '',
OWNER 'root');
flush tables;
select * from federated.t1;
id	name
1	this is legitimate
drop database db_legitimate;
drop database db_bogus;
drop user guest_super@localhost;
drop user guest_usage@localhost;
drop user guest_select@localhost;
drop table federated.t1;
drop server 's1';
# End of 5.1 tests
DROP TABLE IF EXISTS federated.t1;
DROP DATABASE IF EXISTS federated;
DROP TABLE IF EXISTS federated.t1;
DROP DATABASE IF EXISTS federated;