Loading mysql-test/r/federated_server.result +85 −0 Original line number Diff line number Diff line Loading @@ -104,6 +104,91 @@ drop table first_db.t1; drop table second_db.t1; drop database first_db; drop database second_db; create database db_legitimate; create database db_bogus; use db_legitimate; CREATE TABLE db_legitimate.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ); INSERT INTO db_legitimate.t1 VALUES ('1','this is legitimate'); use db_bogus; CREATE TABLE db_bogus.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ) ; INSERT INTO db_bogus.t1 VALUES ('2','this is bogus'); create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT SLAVE_PORT, SOCKET '', OWNER 'root'); create user guest_select@localhost; grant select on federated.* to guest_select@localhost; create user guest_super@localhost; grant select,SUPER,RELOAD on *.* to guest_super@localhost; create user guest_usage@localhost; grant usage on *.* to guest_usage@localhost; CREATE TABLE federated.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ) ENGINE = FEDERATED CONNECTION = 's1'; select * from federated.t1; id name 1 this is legitimate alter server s1 options (database 'db_bogus'); ERROR 42000: Access denied; you need the SUPER privilege for this operation flush tables; select * from federated.t1; id name 1 this is legitimate alter server s1 options (database 'db_bogus'); ERROR 42000: Access denied; you need the SUPER privilege for this operation flush tables; select * from federated.t1; id name 1 this is legitimate alter server s1 options (database 'db_bogus'); flush tables; select * from federated.t1; id name 2 this is bogus drop server if exists 's1'; ERROR 42000: Access denied; you need the SUPER privilege for this operation create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT SLAVE_PORT, SOCKET '', OWNER 'root'); ERROR 42000: Access denied; you need the SUPER privilege for this operation drop server 's1'; create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT SLAVE_PORT, SOCKET '', OWNER 'root'); flush tables; select * from federated.t1; id name 1 this is legitimate drop database db_legitimate; drop database db_bogus; drop user guest_super@localhost; drop user guest_usage@localhost; drop user guest_select@localhost; drop table federated.t1; drop server 's1'; # End of 5.1 tests DROP TABLE IF EXISTS federated.t1; DROP DATABASE IF EXISTS federated; DROP TABLE IF EXISTS federated.t1; Loading mysql-test/t/federated_server.test +127 −0 Original line number Diff line number Diff line Loading @@ -107,4 +107,131 @@ drop table second_db.t1; drop database first_db; drop database second_db; # # Bug#25671 - CREATE/DROP/ALTER SERVER should require privileges # # Changes to SERVER declarations should require SUPER privilege. # Based upon test case by Giuseppe Maxia create database db_legitimate; create database db_bogus; use db_legitimate; CREATE TABLE db_legitimate.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ); INSERT INTO db_legitimate.t1 VALUES ('1','this is legitimate'); use db_bogus; CREATE TABLE db_bogus.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ) ; INSERT INTO db_bogus.t1 VALUES ('2','this is bogus'); connection master; --replace_result $SLAVE_MYPORT SLAVE_PORT eval create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT $SLAVE_MYPORT, SOCKET '', OWNER 'root'); create user guest_select@localhost; grant select on federated.* to guest_select@localhost; create user guest_super@localhost; grant select,SUPER,RELOAD on *.* to guest_super@localhost; create user guest_usage@localhost; grant usage on *.* to guest_usage@localhost; CREATE TABLE federated.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ) ENGINE = FEDERATED CONNECTION = 's1'; select * from federated.t1; connect (conn_select,127.0.0.1,guest_select,,federated,$MASTER_MYPORT); connect (conn_usage,127.0.0.1,guest_usage,,,$MASTER_MYPORT); connect (conn_super,127.0.0.1,guest_super,,,$MASTER_MYPORT); connection conn_select; --error ER_SPECIFIC_ACCESS_DENIED_ERROR alter server s1 options (database 'db_bogus'); connection master; flush tables; select * from federated.t1; connection conn_usage; --error ER_SPECIFIC_ACCESS_DENIED_ERROR alter server s1 options (database 'db_bogus'); connection master; flush tables; select * from federated.t1; connection conn_super; alter server s1 options (database 'db_bogus'); connection master; flush tables; select * from federated.t1; connection conn_select; --error ER_SPECIFIC_ACCESS_DENIED_ERROR drop server if exists 's1'; --replace_result $SLAVE_MYPORT SLAVE_PORT --error ER_SPECIFIC_ACCESS_DENIED_ERROR eval create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT $SLAVE_MYPORT, SOCKET '', OWNER 'root'); connection conn_super; drop server 's1'; --replace_result $SLAVE_MYPORT SLAVE_PORT eval create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT $SLAVE_MYPORT, SOCKET '', OWNER 'root'); connection master; flush tables; select * from federated.t1; # clean up test connection slave; drop database db_legitimate; drop database db_bogus; disconnect conn_select; disconnect conn_usage; disconnect conn_super; connection master; drop user guest_super@localhost; drop user guest_usage@localhost; drop user guest_select@localhost; drop table federated.t1; drop server 's1'; --echo # End of 5.1 tests source include/federated_cleanup.inc; sql/sql_parse.cc +12 −0 Original line number Diff line number Diff line Loading @@ -4276,6 +4276,10 @@ mysql_execute_command(THD *thd) int error; LEX *lex= thd->lex; DBUG_PRINT("info", ("case SQLCOM_CREATE_SERVER")); if (check_global_access(thd, SUPER_ACL)) break; if ((error= create_server(thd, &lex->server_options))) { DBUG_PRINT("info", ("problem creating server <%s>", Loading @@ -4291,6 +4295,10 @@ mysql_execute_command(THD *thd) int error; LEX *lex= thd->lex; DBUG_PRINT("info", ("case SQLCOM_ALTER_SERVER")); if (check_global_access(thd, SUPER_ACL)) break; if ((error= alter_server(thd, &lex->server_options))) { DBUG_PRINT("info", ("problem altering server <%s>", Loading @@ -4306,6 +4314,10 @@ mysql_execute_command(THD *thd) int err_code; LEX *lex= thd->lex; DBUG_PRINT("info", ("case SQLCOM_DROP_SERVER")); if (check_global_access(thd, SUPER_ACL)) break; if ((err_code= drop_server(thd, &lex->server_options))) { if (! lex->drop_if_exists && err_code == ER_FOREIGN_SERVER_EXISTS) Loading Loading
mysql-test/r/federated_server.result +85 −0 Original line number Diff line number Diff line Loading @@ -104,6 +104,91 @@ drop table first_db.t1; drop table second_db.t1; drop database first_db; drop database second_db; create database db_legitimate; create database db_bogus; use db_legitimate; CREATE TABLE db_legitimate.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ); INSERT INTO db_legitimate.t1 VALUES ('1','this is legitimate'); use db_bogus; CREATE TABLE db_bogus.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ) ; INSERT INTO db_bogus.t1 VALUES ('2','this is bogus'); create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT SLAVE_PORT, SOCKET '', OWNER 'root'); create user guest_select@localhost; grant select on federated.* to guest_select@localhost; create user guest_super@localhost; grant select,SUPER,RELOAD on *.* to guest_super@localhost; create user guest_usage@localhost; grant usage on *.* to guest_usage@localhost; CREATE TABLE federated.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ) ENGINE = FEDERATED CONNECTION = 's1'; select * from federated.t1; id name 1 this is legitimate alter server s1 options (database 'db_bogus'); ERROR 42000: Access denied; you need the SUPER privilege for this operation flush tables; select * from federated.t1; id name 1 this is legitimate alter server s1 options (database 'db_bogus'); ERROR 42000: Access denied; you need the SUPER privilege for this operation flush tables; select * from federated.t1; id name 1 this is legitimate alter server s1 options (database 'db_bogus'); flush tables; select * from federated.t1; id name 2 this is bogus drop server if exists 's1'; ERROR 42000: Access denied; you need the SUPER privilege for this operation create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT SLAVE_PORT, SOCKET '', OWNER 'root'); ERROR 42000: Access denied; you need the SUPER privilege for this operation drop server 's1'; create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT SLAVE_PORT, SOCKET '', OWNER 'root'); flush tables; select * from federated.t1; id name 1 this is legitimate drop database db_legitimate; drop database db_bogus; drop user guest_super@localhost; drop user guest_usage@localhost; drop user guest_select@localhost; drop table federated.t1; drop server 's1'; # End of 5.1 tests DROP TABLE IF EXISTS federated.t1; DROP DATABASE IF EXISTS federated; DROP TABLE IF EXISTS federated.t1; Loading
mysql-test/t/federated_server.test +127 −0 Original line number Diff line number Diff line Loading @@ -107,4 +107,131 @@ drop table second_db.t1; drop database first_db; drop database second_db; # # Bug#25671 - CREATE/DROP/ALTER SERVER should require privileges # # Changes to SERVER declarations should require SUPER privilege. # Based upon test case by Giuseppe Maxia create database db_legitimate; create database db_bogus; use db_legitimate; CREATE TABLE db_legitimate.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ); INSERT INTO db_legitimate.t1 VALUES ('1','this is legitimate'); use db_bogus; CREATE TABLE db_bogus.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ) ; INSERT INTO db_bogus.t1 VALUES ('2','this is bogus'); connection master; --replace_result $SLAVE_MYPORT SLAVE_PORT eval create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT $SLAVE_MYPORT, SOCKET '', OWNER 'root'); create user guest_select@localhost; grant select on federated.* to guest_select@localhost; create user guest_super@localhost; grant select,SUPER,RELOAD on *.* to guest_super@localhost; create user guest_usage@localhost; grant usage on *.* to guest_usage@localhost; CREATE TABLE federated.t1 ( `id` int(20) NOT NULL, `name` varchar(64) NOT NULL default '' ) ENGINE = FEDERATED CONNECTION = 's1'; select * from federated.t1; connect (conn_select,127.0.0.1,guest_select,,federated,$MASTER_MYPORT); connect (conn_usage,127.0.0.1,guest_usage,,,$MASTER_MYPORT); connect (conn_super,127.0.0.1,guest_super,,,$MASTER_MYPORT); connection conn_select; --error ER_SPECIFIC_ACCESS_DENIED_ERROR alter server s1 options (database 'db_bogus'); connection master; flush tables; select * from federated.t1; connection conn_usage; --error ER_SPECIFIC_ACCESS_DENIED_ERROR alter server s1 options (database 'db_bogus'); connection master; flush tables; select * from federated.t1; connection conn_super; alter server s1 options (database 'db_bogus'); connection master; flush tables; select * from federated.t1; connection conn_select; --error ER_SPECIFIC_ACCESS_DENIED_ERROR drop server if exists 's1'; --replace_result $SLAVE_MYPORT SLAVE_PORT --error ER_SPECIFIC_ACCESS_DENIED_ERROR eval create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT $SLAVE_MYPORT, SOCKET '', OWNER 'root'); connection conn_super; drop server 's1'; --replace_result $SLAVE_MYPORT SLAVE_PORT eval create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', USER 'root', PASSWORD '', PORT $SLAVE_MYPORT, SOCKET '', OWNER 'root'); connection master; flush tables; select * from federated.t1; # clean up test connection slave; drop database db_legitimate; drop database db_bogus; disconnect conn_select; disconnect conn_usage; disconnect conn_super; connection master; drop user guest_super@localhost; drop user guest_usage@localhost; drop user guest_select@localhost; drop table federated.t1; drop server 's1'; --echo # End of 5.1 tests source include/federated_cleanup.inc;
sql/sql_parse.cc +12 −0 Original line number Diff line number Diff line Loading @@ -4276,6 +4276,10 @@ mysql_execute_command(THD *thd) int error; LEX *lex= thd->lex; DBUG_PRINT("info", ("case SQLCOM_CREATE_SERVER")); if (check_global_access(thd, SUPER_ACL)) break; if ((error= create_server(thd, &lex->server_options))) { DBUG_PRINT("info", ("problem creating server <%s>", Loading @@ -4291,6 +4295,10 @@ mysql_execute_command(THD *thd) int error; LEX *lex= thd->lex; DBUG_PRINT("info", ("case SQLCOM_ALTER_SERVER")); if (check_global_access(thd, SUPER_ACL)) break; if ((error= alter_server(thd, &lex->server_options))) { DBUG_PRINT("info", ("problem altering server <%s>", Loading @@ -4306,6 +4314,10 @@ mysql_execute_command(THD *thd) int err_code; LEX *lex= thd->lex; DBUG_PRINT("info", ("case SQLCOM_DROP_SERVER")); if (check_global_access(thd, SUPER_ACL)) break; if ((err_code= drop_server(thd, &lex->server_options))) { if (! lex->drop_if_exists && err_code == ER_FOREIGN_SERVER_EXISTS) Loading
