diff --git a/client/mysqltest.cc b/client/mysqltest.cc index 01488126394f7..734ec6ac7fa2c 100644 --- a/client/mysqltest.cc +++ b/client/mysqltest.cc @@ -4662,6 +4662,24 @@ void do_change_user(struct st_command *command) dynstr_set(&ds_db, mysql->db); } + /* Connection logging if enabled */ + if (!disable_query_log) + { + DYNAMIC_STRING *ds= &ds_res; + + dynstr_append_mem(ds, STRING_WITH_LEN("change_user ")); + replace_dynstr_append(ds, ds_user.str); + dynstr_append_mem(ds, STRING_WITH_LEN(",")); + + if (ds_passwd.length) + replace_dynstr_append(ds, ds_passwd.str); + dynstr_append_mem(ds, STRING_WITH_LEN(",")); + + if (ds_db.length) + replace_dynstr_append(ds, ds_db.str); + dynstr_append_mem(ds, STRING_WITH_LEN(";\n")); + } + DBUG_PRINT("info",("connection: '%s' user: '%s' password: '%s' database: '%s'", cur_con->name, ds_user.str, ds_passwd.str, ds_db.str)); diff --git a/mysql-test/main/backup_priv.result b/mysql-test/main/backup_priv.result index 4169f58f40fa0..cd7f2c1dd3239 100644 --- a/mysql-test/main/backup_priv.result +++ b/mysql-test/main/backup_priv.result @@ -13,6 +13,7 @@ BACKUP STAGE FLUSH; SELECT lock_mode FROM information_schema.metadata_lock_info WHERE lock_type='Backup lock'; lock_mode MDL_BACKUP_FLUSH +change_user user2,,; SELECT lock_mode FROM information_schema.metadata_lock_info WHERE lock_type='Backup lock'; lock_mode disconnect con1; diff --git a/mysql-test/main/change_user.result b/mysql-test/main/change_user.result index d9bbb34b6c295..a0b4222eb369d 100644 --- a/mysql-test/main/change_user.result +++ b/mysql-test/main/change_user.result @@ -11,27 +11,35 @@ grant select on test.* to test_newpw; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() test +change_user test_nopw,,; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() NULL +change_user test_oldpw,oldpw,; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() NULL +change_user test_newpw,newpw,; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() NULL +change_user root,,; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() NULL +change_user test_nopw,,test; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() test +change_user test_oldpw,oldpw,test; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() test +change_user test_newpw,newpw,test; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() test +change_user root,,test; select concat('<', user(), '>'), concat('<', current_user(), '>'), database(); concat('<', user(), '>') concat('<', current_user(), '>') database() test @@ -45,7 +53,7 @@ SELECT @@session.sql_big_selects; SELECT @@global.max_join_size; @@global.max_join_size HA_POS_ERROR -change_user +change_user root,,test; SELECT @@session.sql_big_selects; @@session.sql_big_selects 1 @@ -54,13 +62,13 @@ SELECT @@global.max_join_size; HA_POS_ERROR SET @@global.max_join_size = 10000; SET @@session.max_join_size = default; -change_user +change_user root,,test; SELECT @@session.sql_big_selects; @@session.sql_big_selects 0 SET @@global.max_join_size = 18446744073709551615; SET @@session.max_join_size = default; -change_user +change_user root,,test; SELECT @@session.sql_big_selects; @@session.sql_big_selects 1 @@ -83,7 +91,7 @@ GET_LOCK('bug31418', 1) SELECT IS_USED_LOCK('bug31418') = CONNECTION_ID(); IS_USED_LOCK('bug31418') = CONNECTION_ID() 1 -change_user +change_user root,,test; SELECT IS_FREE_LOCK('bug31418'); IS_FREE_LOCK('bug31418') 1 @@ -91,6 +99,7 @@ SELECT IS_USED_LOCK('bug31418'); IS_USED_LOCK('bug31418') NULL FLUSH STATUS; +change_user root,,test; Value of com_select did not change set global secure_auth=default; Warnings: @@ -102,7 +111,7 @@ now() select year(now()) > 2011; year(now()) > 2011 0 -change_user +change_user root,,test; select year(now()) > 2011; year(now()) > 2011 1 diff --git a/mysql-test/main/change_user.test b/mysql-test/main/change_user.test index 5f7d5a21915b0..49a89a846a945 100644 --- a/mysql-test/main/change_user.test +++ b/mysql-test/main/change_user.test @@ -74,7 +74,6 @@ SELECT @@session.sql_big_selects; # The exact value depends on the server build flags --replace_result 18446744073709551615 HA_POS_ERROR 4294967295 HA_POS_ERROR SELECT @@global.max_join_size; ---echo change_user --change_user SELECT @@session.sql_big_selects; # The exact value depends on the server build flags @@ -82,7 +81,6 @@ SELECT @@session.sql_big_selects; SELECT @@global.max_join_size; SET @@global.max_join_size = 10000; SET @@session.max_join_size = default; ---echo change_user --change_user SELECT @@session.sql_big_selects; # On some machines the following will result into a warning @@ -90,7 +88,6 @@ SELECT @@session.sql_big_selects; SET @@global.max_join_size = 18446744073709551615; --enable_warnings SET @@session.max_join_size = default; ---echo change_user --change_user SELECT @@session.sql_big_selects; --replace_result 4294967295 18446744073709551615 @@ -107,7 +104,6 @@ SELECT IS_FREE_LOCK('bug31418'); SELECT IS_USED_LOCK('bug31418'); SELECT GET_LOCK('bug31418', 1); SELECT IS_USED_LOCK('bug31418') = CONNECTION_ID(); ---echo change_user --change_user SELECT IS_FREE_LOCK('bug31418'); SELECT IS_USED_LOCK('bug31418'); @@ -151,7 +147,6 @@ set global secure_auth=default; set timestamp=unix_timestamp('2010-10-10 10:10:10'); select now(); select year(now()) > 2011; ---echo change_user --change_user select year(now()) > 2011; --enable_service_connection diff --git a/mysql-test/main/change_user_notembedded.result b/mysql-test/main/change_user_notembedded.result index 41a154f8d3dd9..a9115a9c67131 100644 --- a/mysql-test/main/change_user_notembedded.result +++ b/mysql-test/main/change_user_notembedded.result @@ -1,9 +1,15 @@ connect test,localhost,root,,; connection test; +change_user foo,bar,; ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES) +change_user foo,,; ERROR 28000: Access denied for user 'foo'@'localhost' (using password: NO) +change_user root,,test; +change_user foo,bar,; ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES) +change_user foo,bar,; ERROR 08S01: Unknown command +change_user root,,test; ERROR 08S01: Unknown command disconnect test; connection default; diff --git a/mysql-test/main/cte_nonrecursive.result b/mysql-test/main/cte_nonrecursive.result index 0e7575548d8d6..ad4f424d45886 100644 --- a/mysql-test/main/cte_nonrecursive.result +++ b/mysql-test/main/cte_nonrecursive.result @@ -1676,6 +1676,7 @@ use test; # THD::create_tmp_table_def_key # connect con1,localhost,root,,; +change_user root,,; CREATE TEMPORARY TABLE test.t (a INT); WITH cte AS (SELECT 1) SELECT * FROM cte; 1 diff --git a/mysql-test/main/failed_auth_3909.result b/mysql-test/main/failed_auth_3909.result index 5586997430185..c0daf628f0115 100644 --- a/mysql-test/main/failed_auth_3909.result +++ b/mysql-test/main/failed_auth_3909.result @@ -10,8 +10,11 @@ ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has connect(localhost,uu2,password,test,MASTER_PORT,MASTER_SOCKET); connect fail,localhost,uu2,password; ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has a password in the old format; please change the password to the new format +change_user u1,,; ERROR 28000: Access denied for user 'u1'@'localhost' (using password: NO) +change_user uu2,,; ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has a password in the old format; please change the password to the new format +change_user uu2,password,; ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has a password in the old format; please change the password to the new format delete from mysql.user where plugin = 'mysql_old_password'; flush privileges; diff --git a/mysql-test/main/failed_auth_unixsocket.result b/mysql-test/main/failed_auth_unixsocket.result index 084eb2fab64c5..73231f86c0091 100644 --- a/mysql-test/main/failed_auth_unixsocket.result +++ b/mysql-test/main/failed_auth_unixsocket.result @@ -4,6 +4,7 @@ delete from mysql.global_priv where user != 'root'; flush privileges; connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET); ERROR 28000: Access denied for user 'USER'@'localhost' +change_user buildbot,,; ERROR 28000: Access denied for user 'USER'@'localhost' replace mysql.global_priv select * from global_priv_backup; flush privileges; diff --git a/mysql-test/main/lock_user.result b/mysql-test/main/lock_user.result index 24fff2105abf1..fdde0beb3ffc5 100644 --- a/mysql-test/main/lock_user.result +++ b/mysql-test/main/lock_user.result @@ -129,6 +129,7 @@ connection default; # account is locked # alter user user1@localhost account lock; +change_user user1,,; ERROR HY000: Access denied, this account is locked # # MDEV-24098 SHOW CREATE USER invalid for both PASSWORD EXPIRE and diff --git a/mysql-test/main/max_password_errors.result b/mysql-test/main/max_password_errors.result index 9ee7d0d448d74..ba74a88503a58 100644 --- a/mysql-test/main/max_password_errors.result +++ b/mysql-test/main/max_password_errors.result @@ -25,8 +25,11 @@ connect(localhost,u,bad_pass,test,MASTER_PORT,MASTER_SOCKET); connect con1, localhost, u, bad_pass; ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES) connect con1, localhost, u, good_pass; +change_user u,bad_pass,; ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES) +change_user u,bad_pass,; ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES) +change_user u,good_pass,; ERROR HY000: User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES' disconnect con1; connection default; diff --git a/mysql-test/main/mysql_upgrade.result b/mysql-test/main/mysql_upgrade.result index 9b20a5b871308..96cec4ab98686 100644 --- a/mysql-test/main/mysql_upgrade.result +++ b/mysql-test/main/mysql_upgrade.result @@ -1159,11 +1159,13 @@ connection default; GRANT SELECT ON mysql.* TO very_long_user_name_number_1; GRANT SELECT ON mysql.* TO very_long_user_name_number_2; GRANT ALL ON *.* TO even_longer_user_name_number_3_to_test_the_grantor_and_definer_field_length@localhost WITH GRANT OPTION; +change_user even_longer_user_name_number_3_to_test_the_grantor_and_definer_field_length,,; GRANT INSERT ON mysql.user TO very_long_user_name_number_1; GRANT INSERT ON mysql.user TO very_long_user_name_number_2; GRANT UPDATE (User) ON mysql.db TO very_long_user_name_number_1; GRANT UPDATE (User) ON mysql.db TO very_long_user_name_number_2; CREATE PROCEDURE test.pr() BEGIN END; +change_user root,,; Phase 1/8: Checking and upgrading mysql database Processing databases mysql diff --git a/mysql-test/main/mysqltest.result b/mysql-test/main/mysqltest.result index 7121c4135c192..2e5a89763a24e 100644 --- a/mysql-test/main/mysqltest.result +++ b/mysql-test/main/mysqltest.result @@ -949,6 +949,10 @@ drop table t1; mysqltest: At line 1: query 'change_user root,,inexistent' failed: ER_BAD_DB_ERROR (1049): Unknown database 'inexistent' mysqltest: At line 1: query 'change_user inexistent,,test' failed: ER_ACCESS_DENIED_ERROR (1045): Access denied for user 'inexistent'@'localhost' (using password: NO) mysqltest: At line 1: query 'change_user root,inexistent,test' failed: ER_ACCESS_DENIED_ERROR (1045): Access denied for user 'root'@'localhost' (using password: YES) +change_user root,,test; +change_user root,,; +change_user root,,; +change_user root,,test; REPLACED_FILE1.txt file1.txt file2.txt diff --git a/mysql-test/main/opt_trace_security.result b/mysql-test/main/opt_trace_security.result index cf5dcf5d886b2..9cd58f6f2c705 100644 --- a/mysql-test/main/opt_trace_security.result +++ b/mysql-test/main/opt_trace_security.result @@ -11,6 +11,7 @@ BEGIN insert into t2 select * from t1; return a+1; END| +change_user foo,,; set optimizer_trace="enabled=on"; select * from db1.t1; ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table `db1`.`t1` @@ -18,7 +19,9 @@ select * from information_schema.OPTIMIZER_TRACE; QUERY TRACE MISSING_BYTES_BEYOND_MAX_MEM_SIZE INSUFFICIENT_PRIVILEGES 0 1 set optimizer_trace="enabled=off"; +change_user root,,; grant select(a) on db1.t1 to 'foo'@'%'; +change_user foo,,; set optimizer_trace="enabled=on"; select * from db1.t1; a @@ -32,10 +35,12 @@ select * from information_schema.OPTIMIZER_TRACE; QUERY TRACE MISSING_BYTES_BEYOND_MAX_MEM_SIZE INSUFFICIENT_PRIVILEGES 0 1 set optimizer_trace="enabled=off"; +change_user root,,; select * from information_schema.OPTIMIZER_TRACE; QUERY TRACE MISSING_BYTES_BEYOND_MAX_MEM_SIZE INSUFFICIENT_PRIVILEGES grant select on db1.t1 to 'foo'@'%'; grant select on db1.t2 to 'foo'@'%'; +change_user foo,,; set optimizer_trace="enabled=on"; # # SELECT privilege on the table db1.t1 @@ -158,10 +163,12 @@ select * from db1.t1 { ] } 0 0 set optimizer_trace="enabled=off"; +change_user root,,; grant select on db1.v1 to 'foo'@'%'; grant show view on db1.v1 to 'foo'@'%'; grant select on db1.v1 to 'bar'@'%'; grant show view on db1.v1 to 'bar'@'%'; +change_user foo,,; select current_user(); current_user() foo@% @@ -300,6 +307,7 @@ select * from db1.v1 { ] } 0 0 set optimizer_trace="enabled=off"; +change_user bar,,; select current_user(); current_user() bar@% @@ -319,10 +327,12 @@ select * from information_schema.OPTIMIZER_TRACE; QUERY TRACE MISSING_BYTES_BEYOND_MAX_MEM_SIZE INSUFFICIENT_PRIVILEGES 0 1 set optimizer_trace="enabled=off"; +change_user root,,; grant execute on function db1.f1 to 'foo'@'%'; grant execute on function db1.f1 to 'bar'@'%'; grant select on db1.t1 to 'bar'@'%'; grant insert on db1.t2 to 'foo'@'%'; +change_user foo,,; select current_user(); current_user() foo@% @@ -336,6 +346,7 @@ select INSUFFICIENT_PRIVILEGES from information_schema.OPTIMIZER_TRACE; INSUFFICIENT_PRIVILEGES 0 set optimizer_trace="enabled=off"; +change_user bar,,; select current_user(); current_user() bar@% @@ -354,10 +365,12 @@ select * from information_schema.OPTIMIZER_TRACE; QUERY TRACE MISSING_BYTES_BEYOND_MAX_MEM_SIZE INSUFFICIENT_PRIVILEGES 0 1 set optimizer_trace="enabled=off"; +change_user root,,; select current_user(); current_user() root@localhost REVOKE ALL PRIVILEGES, GRANT OPTION FROM foo; +change_user root,,; drop user if exists foo; drop user if exists bar; drop table db1.t1, db1.t2; diff --git a/mysql-test/main/plugin_vars.result b/mysql-test/main/plugin_vars.result index 3fadd5e74fd41..2c60aaeedeb67 100644 --- a/mysql-test/main/plugin_vars.result +++ b/mysql-test/main/plugin_vars.result @@ -22,6 +22,106 @@ CALL p_install(100); connection con2; CALL p_show_vars(100); connection default; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; +change_user root,,test; connection con1; connection con2; connection default; diff --git a/mysql-test/main/read_only.result b/mysql-test/main/read_only.result index d48edd0340edb..6a5793325e1a2 100644 --- a/mysql-test/main/read_only.result +++ b/mysql-test/main/read_only.result @@ -178,8 +178,10 @@ CREATE USER user1@localhost; GRANT ALTER ON test1.* TO user1@localhost; CREATE DATABASE test1; SET GLOBAL read_only=1; +change_user user1,,; ALTER DATABASE test1 CHARACTER SET utf8; ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement +change_user root,,; SET GLOBAL read_only=0; DROP DATABASE test1; DROP USER user1@localhost; diff --git a/mysql-test/main/user_var.result b/mysql-test/main/user_var.result index c8d82380012ad..7c4e8416c916f 100644 --- a/mysql-test/main/user_var.result +++ b/mysql-test/main/user_var.result @@ -430,6 +430,7 @@ End of 5.0 tests CREATE TABLE t1 (i INT); CREATE TRIGGER t_after_insert AFTER INSERT ON t1 FOR EACH ROW SET @bug42188 = 10; INSERT INTO t1 VALUES (1); +change_user root,,test; INSERT INTO t1 VALUES (1); DROP TABLE t1; CREATE TABLE t1(a INT); diff --git a/mysql-test/suite/perfschema/r/connect_attrs.result b/mysql-test/suite/perfschema/r/connect_attrs.result index 6db8f3585d074..2601268002f1c 100644 --- a/mysql-test/suite/perfschema/r/connect_attrs.result +++ b/mysql-test/suite/perfschema/r/connect_attrs.result @@ -49,6 +49,7 @@ ERROR 42000: SELECT command denied to user 'wl5924'@'localhost' for table `perfo connection default; disconnect non_privileged_user; grant select on performance_schema.* to wl5924@localhost; +change_user wl5924,,; SELECT SUM(ISNULL(ATTR_VALUE)), COUNT(*) FROM performance_schema.session_account_connect_attrs WHERE ATTR_NAME IN ('_os', '_client_name', '_pid', @@ -56,4 +57,5 @@ WHERE ATTR_NAME IN ('_os', '_client_name', '_pid', AND PROCESSLIST_ID = CONNECTION_ID(); SUM(ISNULL(ATTR_VALUE)) COUNT(*) 0 6 +change_user root,,test; DROP USER wl5924@localhost; diff --git a/mysql-test/suite/roles/create_and_drop_current.result b/mysql-test/suite/roles/create_and_drop_current.result index 7e84767736437..606d6c00c2d1c 100644 --- a/mysql-test/suite/roles/create_and_drop_current.result +++ b/mysql-test/suite/roles/create_and_drop_current.result @@ -1,5 +1,6 @@ create user foo@localhost; grant create user on *.* to foo@localhost; +change_user foo,,; create user current_user; ERROR HY000: Operation CREATE USER failed for CURRENT_USER create user current_role; @@ -19,6 +20,7 @@ show warnings; Level Code Message Error 1446 Invalid definer Error 1396 Operation DROP ROLE failed for CURRENT_ROLE +change_user root,,; create role r1; grant r1 to current_user; set role r1; diff --git a/mysql-test/suite/roles/set_default_role_clear.result b/mysql-test/suite/roles/set_default_role_clear.result index 8a3ae908435c5..abc7978a5aec4 100644 --- a/mysql-test/suite/roles/set_default_role_clear.result +++ b/mysql-test/suite/roles/set_default_role_clear.result @@ -2,6 +2,7 @@ create user test_user@localhost; create role test_role; grant select on *.* to test_role; grant test_role to test_user@localhost; +change_user test_user,,; show grants; Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` @@ -9,9 +10,11 @@ GRANT USAGE ON *.* TO `test_user`@`localhost` set default role test_role; select user, host, default_role from mysql.user; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`user` +change_user root,,; select user, host, default_role from mysql.user where user='test_user'; User Host default_role test_user localhost test_role +change_user test_user,,; show grants; Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` @@ -27,10 +30,13 @@ User Host default_role test_user localhost set default role invalid_role; ERROR OP000: Invalid role specification `invalid_role` +change_user root,,; select user, host, default_role from mysql.user where user='test_user'; User Host default_role test_user localhost +change_user test_user,,; select user, host, default_role from mysql.user; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`user` +change_user root,,; drop role test_role; drop user test_user@localhost; diff --git a/mysql-test/suite/roles/set_default_role_for.result b/mysql-test/suite/roles/set_default_role_for.result index 1b133b1baaebb..e375d3c1ef57b 100644 --- a/mysql-test/suite/roles/set_default_role_for.result +++ b/mysql-test/suite/roles/set_default_role_for.result @@ -8,14 +8,17 @@ grant role_a to user_a@localhost; grant select on *.* to role_a; grant role_b to user_b@localhost; grant insert, update on *.* to role_b; +change_user user_a,,; set default role role_a for user_b@localhost; ERROR 42000: Access denied for user 'user_a'@'localhost' to database 'mysql' set default role role_a for user_a@localhost; +change_user root,,; set default role invalid_role for user_a@localhost; ERROR OP000: Invalid role specification `invalid_role` set default role role_b for user_a@localhost; ERROR OP000: User `user_a`@`localhost` has not been granted role `role_b` set default role role_b for user_b@localhost; +change_user user_a,,; show grants; Grants for user_a@localhost GRANT `role_a` TO `user_a`@`localhost` @@ -38,6 +41,7 @@ user_a localhost role_a user_b localhost role_b set default role role_b for current_user; ERROR OP000: User `user_a`@`localhost` has not been granted role `role_b` +change_user user_b,,; show grants; Grants for user_b@localhost GRANT `role_b` TO `user_b`@`localhost` @@ -47,6 +51,7 @@ SET DEFAULT ROLE `role_b` FOR `user_b`@`localhost` select user, host, default_role from mysql.user where user like 'user_%'; ERROR 42000: SELECT command denied to user 'user_b'@'localhost' for table `mysql`.`user` set default role NONE for user_a@localhost; +change_user user_a,,; show grants; Grants for user_a@localhost GRANT `role_a` TO `user_a`@`localhost` @@ -54,6 +59,7 @@ GRANT USAGE ON *.* TO `user_a`@`localhost` GRANT INSERT, UPDATE ON *.* TO `role_b` select user, host, default_role from mysql.user where user like 'user_%'; ERROR 42000: SELECT command denied to user 'user_a'@'localhost' for table `mysql`.`user` +change_user root,,; drop role role_a; drop role role_b; drop user user_a@localhost; diff --git a/mysql-test/suite/roles/set_default_role_invalid.result b/mysql-test/suite/roles/set_default_role_invalid.result index 2cd84cf2ff0ea..124697a09748a 100644 --- a/mysql-test/suite/roles/set_default_role_invalid.result +++ b/mysql-test/suite/roles/set_default_role_invalid.result @@ -3,6 +3,7 @@ create role test_role; create role not_granted_role; grant select on *.* to test_role; grant test_role to test_user@localhost; +change_user test_user,,; show grants; Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` @@ -16,9 +17,11 @@ ERROR OP000: Invalid role specification `not_granted_role` set default role test_role; select user, host, default_role from mysql.user; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`user` +change_user root,,; select user, host, default_role from mysql.user where user='test_user'; User Host default_role test_user localhost test_role +change_user test_user,,; show grants; Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` @@ -33,9 +36,12 @@ ERROR OP000: Invalid role specification `invalid_role` select user, host, default_role from mysql.user where user='test_user'; User Host default_role test_user localhost test_role +change_user root,,; revoke test_role from test_user@localhost; +change_user test_user,,; select user, host, default_role from mysql.user where user='test_user'; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`user` +change_user root,,; drop role test_role; drop role not_granted_role; drop user test_user@localhost; @@ -53,6 +59,7 @@ GRANT r1 TO b; GRANT r2 TO b; SET DEFAULT ROLE r1 FOR b; # Change user b +change_user b,,; SELECT CURRENT_ROLE; CURRENT_ROLE r1 @@ -64,8 +71,10 @@ SET DEFAULT ROLE r1 FOR a; ERROR 42000: Access denied for user 'b'@'%' to database 'mysql' SET DEFAULT ROLE r2; # Change user root (session 1: select_priv to b) +change_user root,,; GRANT SELECT ON mysql.* TO b; # Change user b (session 1: select_priv) +change_user b,,; SHOW GRANTS FOR b; Grants for b@% GRANT `r1` TO `b`@`%` @@ -90,8 +99,10 @@ ERROR 42000: Access denied for user 'b'@'%' to database 'mysql' SET DEFAULT ROLE none FOR a; ERROR 42000: Access denied for user 'b'@'%' to database 'mysql' # Change user root (session 2: adding update_priv to user b) +change_user root,,; GRANT UPDATE ON mysql.* TO b; # Change user b +change_user b,,; SHOW GRANTS FOR b; Grants for b@% GRANT `r1` TO `b`@`%` @@ -107,14 +118,17 @@ SET DEFAULT ROLE invalid_role FOR a; ERROR OP000: Invalid role specification `invalid_role` SET DEFAULT ROLE none FOR a; # Change user root (session 3: Grant role to user a) +change_user root,,; GRANT r1 TO a; SET DEFAULT ROLE r1 FOR a; # Change user a (verify session 3) +change_user a,,; SELECT CURRENT_ROLE; CURRENT_ROLE r1 SET DEFAULT ROLE None; # Change user b (session 3: role granted to user a) +change_user b,,; SET DEFAULT ROLE r1 FOR a; SET DEFAULT ROLE r2 FOR a; ERROR OP000: User `a`@`%` has not been granted role `r2` @@ -122,6 +136,7 @@ SET DEFAULT ROLE invalid_role; ERROR OP000: Invalid role specification `invalid_role` SET DEFAULT ROLE invalid_role FOR a; ERROR OP000: Invalid role specification `invalid_role` +change_user root,,; SELECT user, host, default_role FROM mysql.user where user='a' or user='b'; User Host default_role a % r1 diff --git a/mysql-test/suite/roles/set_role-database-recursive.result b/mysql-test/suite/roles/set_role-database-recursive.result index 594ea059988dc..ad2a247605daf 100644 --- a/mysql-test/suite/roles/set_role-database-recursive.result +++ b/mysql-test/suite/roles/set_role-database-recursive.result @@ -21,6 +21,7 @@ select user, host from mysql.db; user host grant select on mysql.* to test_role2; flush privileges; +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` select current_user(), current_role(); @@ -54,14 +55,18 @@ localhost root test_role1 Y localhost root test_role2 Y localhost test_user test_role1 N localhost test_user test_role2 N +change_user root,,; create role test_role3; grant test_role3 to test_role2; create role test_role4; grant test_role4 to test_role3; +change_user test_user,,; set role test_role1; delete from mysql.user where user='no such user'; ERROR 42000: DELETE command denied to user 'test_user'@'localhost' for table `mysql`.`user` +change_user root,,; grant delete on mysql.* to test_role4; +change_user test_user,,; set role test_role1; delete from mysql.user where user='no such user'; show grants; @@ -78,5 +83,6 @@ GRANT `test_role2` TO `test_role1` GRANT `test_role2` TO `test_user`@`localhost` GRANT `test_role3` TO `test_role2` GRANT `test_role4` TO `test_role3` +change_user root,,; drop user test_user@localhost; drop role test_role1, test_role2, test_role3, test_role4; diff --git a/mysql-test/suite/roles/set_role-database-simple.result b/mysql-test/suite/roles/set_role-database-simple.result index 969a7ab10fa74..e7e5436abf550 100644 --- a/mysql-test/suite/roles/set_role-database-simple.result +++ b/mysql-test/suite/roles/set_role-database-simple.result @@ -13,6 +13,7 @@ localhost test_user test_role1 N grant select on mysql.* to test_role1; grant insert, delete on mysql.roles_mapping to test_role1; grant reload on *.* to test_role1; +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` select current_user(), current_role(); @@ -45,6 +46,7 @@ insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2', ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` delete from mysql.roles_mapping where Role='test_role2'; ERROR 42000: DELETE command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` +change_user root,,; drop user 'test_user'@'localhost'; revoke select on mysql.* from test_role1; revoke insert, delete on mysql.roles_mapping from test_role1; diff --git a/mysql-test/suite/roles/set_role-multiple-role.result b/mysql-test/suite/roles/set_role-multiple-role.result index e4cb3b8542c6f..21fd8b2df6c92 100644 --- a/mysql-test/suite/roles/set_role-multiple-role.result +++ b/mysql-test/suite/roles/set_role-multiple-role.result @@ -21,6 +21,7 @@ grant r_crt to test_user@localhost; grant r_drp to test_user@localhost; grant r_rld to test_user@localhost; flush privileges; +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; @@ -141,6 +142,7 @@ test_user@localhost r_sel insert into mysql.random_test_table values (1); ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table `mysql`.`random_test_table` drop table mysql.random_test_table; +change_user root,,; delete from mysql.user where user like 'r\_%'; delete from mysql.roles_mapping where Role like 'r\_%'; flush privileges; diff --git a/mysql-test/suite/roles/set_role-recursive.result b/mysql-test/suite/roles/set_role-recursive.result index f93a731bedb7f..57b63d111129b 100644 --- a/mysql-test/suite/roles/set_role-recursive.result +++ b/mysql-test/suite/roles/set_role-recursive.result @@ -22,6 +22,7 @@ Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv D select * from mysql.user where user like 'test_role2'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time test_role2 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N Y 0.000000 +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; @@ -112,6 +113,7 @@ GRANT USAGE ON *.* TO `test_user`@`localhost` GRANT `test_role1` TO `test_user`@`localhost` select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` +change_user root,,; delete from mysql.user where user='test_role1'; delete from mysql.user where user='test_role2'; delete from mysql.roles_mapping; diff --git a/mysql-test/suite/roles/set_role-routine-simple.result b/mysql-test/suite/roles/set_role-routine-simple.result index eaa630f4b6a39..e39973d409e12 100644 --- a/mysql-test/suite/roles/set_role-routine-simple.result +++ b/mysql-test/suite/roles/set_role-routine-simple.result @@ -30,6 +30,7 @@ end| grant execute on function mysql.test_func to test_role2; grant execute on procedure mysql.test_proc to test_role2; grant execute on mysql.* to test_role3; +change_user test_user,,; show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO `test_user`@`localhost` @@ -93,6 +94,7 @@ SELECT @a; SELECT test_func('AABBCCDD'); test_func('AABBCCDD') Test string: AABBCCDD +change_user root,,; drop user 'test_user'@'localhost'; revoke execute on function mysql.test_func from test_role2; revoke execute on procedure mysql.test_proc from test_role2; diff --git a/mysql-test/suite/roles/set_role-simple.result b/mysql-test/suite/roles/set_role-simple.result index c603f727fd14a..bf3d338d6b0fb 100644 --- a/mysql-test/suite/roles/set_role-simple.result +++ b/mysql-test/suite/roles/set_role-simple.result @@ -14,6 +14,7 @@ grant select on *.* to test_role1; select * from mysql.user where user='test_role1'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time test_role1 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N Y 0.000000 +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; @@ -42,6 +43,7 @@ current_user() current_role() test_user@localhost NULL select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` +change_user root,,; delete from mysql.user where user='test_role1'; delete from mysql.roles_mapping where Role='test_role1'; flush privileges; diff --git a/mysql-test/suite/roles/set_role-table-column-priv.result b/mysql-test/suite/roles/set_role-table-column-priv.result index a680e3ff8c40f..4fc97288ebfd6 100644 --- a/mysql-test/suite/roles/set_role-table-column-priv.result +++ b/mysql-test/suite/roles/set_role-table-column-priv.result @@ -16,6 +16,7 @@ localhost root test_role1 Y localhost root test_role2 Y localhost test_user test_role1 N grant select (Role) on mysql.roles_mapping to test_role2; +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; @@ -60,6 +61,7 @@ current_user() current_role() test_user@localhost NULL select Role from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` +change_user root,,; drop user 'test_user'@'localhost'; select * from mysql.tables_priv; Host Db User Table_name Grantor Timestamp Table_priv Column_priv diff --git a/mysql-test/suite/roles/set_role-table-simple.result b/mysql-test/suite/roles/set_role-table-simple.result index 3f1a68eeaa05d..81520bedcac15 100644 --- a/mysql-test/suite/roles/set_role-table-simple.result +++ b/mysql-test/suite/roles/set_role-table-simple.result @@ -16,6 +16,7 @@ localhost root test_role1 Y localhost root test_role2 Y localhost test_user test_role1 N grant select on mysql.roles_mapping to test_role2; +change_user test_user,,; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; @@ -58,6 +59,7 @@ current_user() current_role() test_user@localhost NULL select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` +change_user root,,; drop user 'test_user'@'localhost'; select * from mysql.tables_priv; Host Db User Table_name Grantor Timestamp Table_priv Column_priv diff --git a/mysql-test/suite/roles/show_grants.result b/mysql-test/suite/roles/show_grants.result index 21c5a74efe45a..243bfd43a2f6f 100644 --- a/mysql-test/suite/roles/show_grants.result +++ b/mysql-test/suite/roles/show_grants.result @@ -26,6 +26,7 @@ GRANTEE ROLE_NAME IS_GRANTABLE IS_DEFAULT root@localhost test_role1 YES NO root@localhost test_role2 YES NO test_role1 test_role2 NO NULL +change_user test_user,,; select * from information_schema.applicable_roles; GRANTEE ROLE_NAME IS_GRANTABLE IS_DEFAULT test_role1 test_role2 NO NULL @@ -138,6 +139,7 @@ show grants for CURRENT_ROLE(); Grants for test_role2 GRANT SELECT ON `mysql`.* TO `test_role2` GRANT USAGE ON *.* TO `test_role2` +change_user root,,; drop user 'test_user'@'localhost'; revoke select on mysql.* from test_role2; drop role test_role1; diff --git a/mysql-test/suite/versioning/r/insert.result b/mysql-test/suite/versioning/r/insert.result index 3b4f43dd54e32..77fc698c6a760 100644 --- a/mysql-test/suite/versioning/r/insert.result +++ b/mysql-test/suite/versioning/r/insert.result @@ -277,19 +277,23 @@ ERROR HY000: The MariaDB server is running with the --secure-timestamp=YES optio # restart: --secure-timestamp=REPLICATION create user nobody; grant all privileges on test.* to nobody; +change_user nobody,,; set @@system_versioning_insert_history= 1; insert into test.t3(z, row_start, row_end) values (9, '1980-01-01 00:00:00', '1980-01-01 00:00:01'); ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation insert into test.t3 values (9, '1980-01-01 00:00:00', '1980-01-01 00:00:01'); ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation +change_user root,,; # restart: --secure-timestamp=SUPER set @@system_versioning_insert_history= 1; insert into test.t3(z, row_start, row_end) values (10, '1980-01-01 00:00:00', '1980-01-01 00:00:01'); +change_user nobody,,; set @@system_versioning_insert_history= 1; insert into test.t3(z, row_start, row_end) values (7, '1980-01-01 00:00:00', '1980-01-01 00:00:01'); ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation insert into test.t3 values (7, '1980-01-01 00:00:00', '1980-01-01 00:00:01'); ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +change_user root,,; use test; # restart: --secure-timestamp=NO drop tables t1, t2, t3;