1
#### suite/funcs_1/storedproc/storedproc_06.inc
3
# This test cannot be used for the embedded server because we check here
5
--source include/not_embedded.inc
7
--source suite/funcs_1/storedproc/load_sp_tb.inc
9
# ==============================================================================
10
# (numbering from requirement document TP v1.0, Last updated: 25 Jan 2005 01:00)
12
# 3.1.6 Privilege checks:
14
# 1. Ensure that no user may create a stored procedure without the
15
# GRANT CREATE ROUTINE privilege.
16
# 2. Ensure that root always has the GRANT CREATE ROUTINE privilege.
17
# 3. Ensure that a user with the GRANT CREATE ROUTINE privilege can always
18
# create both a procedure and a function, on any appropriate database.
19
# 4. Ensure that the default security provision of a stored procedure is
20
# SQL SECURITY DEFINER.
21
# 5. Ensure that a stored procedure defined with SQL SECURITY DEFINER can be
22
# called/executed by any user, using only the privileges (including
23
# database access privileges) associated with the user who created
24
# the stored procedure.
25
# 6. Ensure that a stored procedure defined with SQL SECURITY INVOKER can be
26
# called/executed by any user, using only the privileges (including
27
# database access privileges) associated with the user executing
28
# the stored procedure.
30
# ==============================================================================
31
let $message= Section 3.1.6 - Privilege Checks:;
32
--source include/show_msg80.inc
37
--source suite/funcs_1/include/show_connection.inc
39
# ------------------------------------------------------------------------------
40
let $message= Testcase 3.1.6.1:
42
Ensure that no user may create a stored procedure without the GRANT CREATE
44
--source include/show_msg80.inc
46
create user 'user_1'@'localhost';
48
grant all on db_storedproc_1.* to 'user_1'@'localhost';
49
revoke create routine on db_storedproc_1.* from 'user_1'@'localhost';
53
DROP PROCEDURE IF EXISTS sp1;
56
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
57
connect (user1a, localhost, user_1, , db_storedproc_1);
58
--source suite/funcs_1/include/show_connection.inc
63
--error ER_DBACCESS_DENIED_ERROR
64
CREATE PROCEDURE sp1(v1 char(20))
66
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';
72
# add privilege again and check
75
--source suite/funcs_1/include/show_connection.inc
77
GRANT CREATE ROUTINE ON db_storedproc_1.* TO 'user_1'@'localhost';
78
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
79
connect (user1b, localhost, user_1, , db_storedproc_1);
80
--source suite/funcs_1/include/show_connection.inc
85
CREATE PROCEDURE sp1(v1 char(20))
87
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';
95
--source suite/funcs_1/include/show_connection.inc
97
DROP USER 'user_1'@'localhost';
101
# ------------------------------------------------------------------------------
102
let $message= Testcase 3.1.6.2:
104
Ensure that root always has the GRANT CREATE ROUTINE privilege.
105
(checked by other testscases);
106
--source include/show_msg80.inc
109
# ------------------------------------------------------------------------------
110
let $message= Testcase 3.1.6.3:
112
Ensure that a user with the GRANT CREATE ROUTINE privilege can always create
113
both a procedure and a function, on any appropriate database.
114
--source include/show_msg80.inc
117
create user 'user_1'@'localhost';
119
grant create routine on db_storedproc_1.* to 'user_1'@'localhost';
122
# disconnect default;
123
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
124
connect (user2, localhost, user_1, , db_storedproc_1);
125
--source suite/funcs_1/include/show_connection.inc
128
DROP PROCEDURE IF EXISTS sp3;
129
DROP FUNCTION IF EXISTS fn1;
133
CREATE PROCEDURE sp3(v1 char(20))
135
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';
140
CREATE FUNCTION fn1(v1 int) returns int
151
--source suite/funcs_1/include/show_connection.inc
153
drop user 'user_1'@'localhost';
155
# This drop function shouldn't generated a warning as the
156
# privileges should have been removed when the user was
157
# dropped. Reported as Bug#36544 DROP USER does not remove
158
# stored function privileges
162
# ------------------------------------------------------------------------------
163
let $message= Testcase 3.1.6.4:
165
Ensure that the default security provision of a stored procedure is SQL SECURITY
167
--source include/show_msg80.inc
169
CREATE USER 'user_1'@'localhost';
171
grant update on db_storedproc_1.t6 to 'user_1'@'localhost';
172
grant execute on db_storedproc_1.* to 'user_1'@'localhost';
178
DROP PROCEDURE IF EXISTS sp4;
182
CREATE PROCEDURE sp4(v1 char(20))
184
SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';
190
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
191
connect (user3, localhost, user_1, , db_storedproc_1);
192
--source suite/funcs_1/include/show_connection.inc
198
SELECT SPECIFIC_NAME, ROUTINE_SCHEMA, ROUTINE_NAME, ROUTINE_TYPE,
199
ROUTINE_BODY, ROUTINE_DEFINITION, IS_DETERMINISTIC,
200
SQL_DATA_ACCESS, SECURITY_TYPE, SQL_MODE, ROUTINE_COMMENT
201
FROM information_schema.routines
202
WHERE routine_schema LIKE 'db_sto%';
209
--source suite/funcs_1/include/show_connection.inc
211
DROP USER 'user_1'@'localhost';
214
# ------------------------------------------------------------------------------
215
let $message= Testcase 3.1.6.5:
217
Ensure that a stored procedure defined with SQL SECURITY DEFINER can be
218
called/executed by any user, using only the privileges (including database
219
access privileges) associated with the user who created the stored procedure.;
220
--source include/show_msg80.inc
223
CREATE TABLE t3165 ( c1 char(20), c2 char(20), c3 date);
224
INSERT INTO t3165 VALUES ('inserted', 'outside of SP', NULL);
227
create user 'user_1'@'localhost';
230
create user 'user_2'@'localhost';
232
grant create routine on db_storedproc_1.* to 'user_1'@'localhost';
233
grant SELECT on db_storedproc_1.* to 'user_2'@'localhost';
234
grant execute on db_storedproc_1.* to 'user_2'@'localhost';
237
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
238
connect (user5_1, localhost, user_1, , db_storedproc_1);
239
--source suite/funcs_1/include/show_connection.inc
242
CREATE PROCEDURE sp5_s_i () sql security definer
244
SELECT * from db_storedproc_1.t3165;
245
insert into db_storedproc_1.t3165 values ('inserted', 'from sp5_s_i', 1000);
248
CREATE PROCEDURE sp5_sel () sql security definer
250
SELECT * from db_storedproc_1.t3165;
253
CREATE PROCEDURE sp5_ins () sql security definer
255
insert into db_storedproc_1.t3165 values ('inserted', 'from sp5_ins', 1000);
261
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
262
connect (user5_2, localhost, user_2, , db_storedproc_1);
263
--source suite/funcs_1/include/show_connection.inc
265
--error ER_TABLEACCESS_DENIED_ERROR
267
--error ER_TABLEACCESS_DENIED_ERROR
269
--error ER_TABLEACCESS_DENIED_ERROR
272
# now 'add' INSERT to DEFINER
274
--source suite/funcs_1/include/show_connection.inc
275
--error ER_TABLEACCESS_DENIED_ERROR
277
grant insert on db_storedproc_1.* to 'user_1'@'localhost';
281
--source suite/funcs_1/include/show_connection.inc
282
--error ER_TABLEACCESS_DENIED_ERROR
285
--error ER_TABLEACCESS_DENIED_ERROR
288
# now 'add' SELECT to DEFINER
290
--source suite/funcs_1/include/show_connection.inc
291
--error ER_TABLEACCESS_DENIED_ERROR
293
grant SELECT on db_storedproc_1.* to 'user_1'@'localhost';
294
#grant execute on db_storedproc_1.* to 'user_2'@'localhost';
298
--source suite/funcs_1/include/show_connection.inc
303
# now revoke INSERT FROM DEFINER
305
--source suite/funcs_1/include/show_connection.inc
306
REVOKE INSERT on db_storedproc_1.* from 'user_1'@'localhost';
310
--source suite/funcs_1/include/show_connection.inc
311
--error ER_TABLEACCESS_DENIED_ERROR
313
--error ER_TABLEACCESS_DENIED_ERROR
317
# now revoke SELECT FROM DEFINER
319
--source suite/funcs_1/include/show_connection.inc
320
REVOKE SELECT on db_storedproc_1.* from 'user_1'@'localhost';
324
--source suite/funcs_1/include/show_connection.inc
325
--error ER_TABLEACCESS_DENIED_ERROR
327
--error ER_TABLEACCESS_DENIED_ERROR
329
--error ER_TABLEACCESS_DENIED_ERROR
335
--source suite/funcs_1/include/show_connection.inc
337
DROP PROCEDURE sp5_s_i;
338
DROP PROCEDURE sp5_sel;
339
DROP PROCEDURE sp5_ins;
341
DROP USER 'user_1'@'localhost';
342
DROP USER 'user_2'@'localhost';
345
# ------------------------------------------------------------------------------
346
let $message= Testcase 3.1.6.6:
348
Ensure that a stored procedure defined with SQL SECURITY INVOKER can be
349
called/executed by any user, using only the privileges (including database
350
access privileges) associated with the user executing the stored procedure.;
351
--source include/show_msg80.inc
354
CREATE TABLE t3166 ( c1 char(30) );
355
INSERT INTO db_storedproc_1.t3166 VALUES ('inserted outside SP');
358
create user 'user_1'@'localhost';
361
create user 'user_2'@'localhost';
363
GRANT CREATE ROUTINE ON db_storedproc_1.* TO 'user_1'@'localhost';
364
GRANT SELECT ON db_storedproc_1.* TO 'user_2'@'localhost';
365
GRANT EXECUTE ON db_storedproc_1.* TO 'user_2'@'localhost';
368
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
369
connect (user6_1, localhost, user_1, , db_storedproc_1);
370
--source suite/funcs_1/include/show_connection.inc
373
CREATE PROCEDURE sp3166_s_i () SQL SECURITY INVOKER
375
SELECT * from db_storedproc_1.t3166;
376
insert into db_storedproc_1.t3166 values ('inserted from sp3166_s_i');
379
CREATE PROCEDURE sp3166_sel () SQL SECURITY INVOKER
381
SELECT * from db_storedproc_1.t3166;
384
CREATE PROCEDURE sp3166_ins () SQL SECURITY INVOKER
386
insert into db_storedproc_1.t3166 values ('inserted from sp3166_ins');
392
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
393
connect (user6_2, localhost, user_2, , db_storedproc_1);
394
--source suite/funcs_1/include/show_connection.inc
396
--error ER_TABLEACCESS_DENIED_ERROR
398
--error ER_TABLEACCESS_DENIED_ERROR
402
# now 'add' INSERT to INVOKER
404
--source suite/funcs_1/include/show_connection.inc
406
GRANT INSERT ON db_storedproc_1.* TO 'user_2'@'localhost';
410
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
411
connect (user6_3, localhost, user_2, , db_storedproc_1);
412
--source suite/funcs_1/include/show_connection.inc
418
# now 'remove' SELECT from INVOKER
420
--source suite/funcs_1/include/show_connection.inc
422
REVOKE SELECT ON db_storedproc_1.* FROM 'user_2'@'localhost';
425
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
426
connect (user6_4, localhost, user_2, , db_storedproc_1);
427
--source suite/funcs_1/include/show_connection.inc
428
--error ER_TABLEACCESS_DENIED_ERROR
431
--error ER_TABLEACCESS_DENIED_ERROR
435
# now 'remove' EXECUTE FROM INVOKER
438
--source suite/funcs_1/include/show_connection.inc
439
REVOKE EXECUTE on db_storedproc_1.* FROM 'user_2'@'localhost';
442
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
443
connect (user6_5, localhost, user_2, , db_storedproc_1);
444
--source suite/funcs_1/include/show_connection.inc
445
--error ER_PROCACCESS_DENIED_ERROR
447
--error ER_PROCACCESS_DENIED_ERROR
449
--error ER_PROCACCESS_DENIED_ERROR
455
--source suite/funcs_1/include/show_connection.inc
457
DROP PROCEDURE sp3166_s_i;
458
DROP PROCEDURE sp3166_sel;
459
DROP PROCEDURE sp3166_ins;
461
DROP USER 'user_1'@'localhost';
462
DROP USER 'user_2'@'localhost';
465
# ==============================================================================
466
# USE the same .inc to cleanup before and after the test
467
--source suite/funcs_1/storedproc/cleanup_sp_tb.inc
469
# ==============================================================================
471
--echo . +++ END OF SCRIPT +++
472
--echo --------------------------------------------------------------------------------
473
# ==============================================================================