📄 storedproc_06.inc
字号:
#### suite/funcs_1/storedproc/storedproc_06.inc# This test cannot be used for the embedded server because we check here# privileges.--source include/not_embedded.inc--source suite/funcs_1/storedproc/load_sp_tb.inc# ==============================================================================# (numbering from requirement document TP v1.0, Last updated: 25 Jan 2005 01:00)## 3.1.6 Privilege checks:## 1. Ensure that no user may create a stored procedure without the# GRANT CREATE ROUTINE privilege.# 2. Ensure that root always has the GRANT CREATE ROUTINE privilege.# 3. Ensure that a user with the GRANT CREATE ROUTINE privilege can always# create both a procedure and a function, on any appropriate database.# 4. Ensure that the default security provision of a stored procedure is# SQL SECURITY DEFINER.# 5. Ensure that a stored procedure defined with SQL SECURITY DEFINER can be# called/executed by any user, using only the privileges (including# database access privileges) associated with the user who created# the stored procedure.# 6. Ensure that a stored procedure defined with SQL SECURITY INVOKER can be# called/executed by any user, using only the privileges (including# database access privileges) associated with the user executing# the stored procedure.## ==============================================================================let $message= Section 3.1.6 - Privilege Checks:;--source include/show_msg80.incconnection default;USE db_storedproc_1;--source suite/funcs_1/include/show_connection.inc# ------------------------------------------------------------------------------let $message= Testcase 3.1.6.1: -----------------Ensure that no user may create a stored procedure without the GRANT CREATEROUTINE privilege.;--source include/show_msg80.inccreate user 'user_1'@'localhost';grant all on db_storedproc_1.* to 'user_1'@'localhost';revoke create routine on db_storedproc_1.* from 'user_1'@'localhost';flush privileges;--disable_warningsDROP PROCEDURE IF EXISTS sp1;--enable_warnings--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user1a, localhost, user_1, , db_storedproc_1);--source suite/funcs_1/include/show_connection.incUSE db_storedproc_1;delimiter //;--error ER_DBACCESS_DENIED_ERRORCREATE PROCEDURE sp1(v1 char(20))BEGIN SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';END//delimiter ;//disconnect user1a;# add privilege again and checkconnection default;USE db_storedproc_1;--source suite/funcs_1/include/show_connection.incGRANT CREATE ROUTINE ON db_storedproc_1.* TO 'user_1'@'localhost';--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user1b, localhost, user_1, , db_storedproc_1);--source suite/funcs_1/include/show_connection.incUSE db_storedproc_1;delimiter //;CREATE PROCEDURE sp1(v1 char(20))BEGIN SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';END//delimiter ;//disconnect user1b;# cleanupconnection default;USE db_storedproc_1;--source suite/funcs_1/include/show_connection.incDROP USER 'user_1'@'localhost';DROP PROCEDURE sp1;# ------------------------------------------------------------------------------let $message= Testcase 3.1.6.2: -----------------Ensure that root always has the GRANT CREATE ROUTINE privilege.(checked by other testscases);--source include/show_msg80.inc# ------------------------------------------------------------------------------let $message= Testcase 3.1.6.3: -----------------Ensure that a user with the GRANT CREATE ROUTINE privilege can always createboth a procedure and a function, on any appropriate database.--source include/show_msg80.inccreate user 'user_1'@'localhost';grant create routine on db_storedproc_1.* to 'user_1'@'localhost';flush privileges;# disconnect default;--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user2, localhost, user_1, , db_storedproc_1);--source suite/funcs_1/include/show_connection.inc--disable_warningsDROP PROCEDURE IF EXISTS sp3;DROP FUNCTION IF EXISTS fn1;--enable_warningsdelimiter //;CREATE PROCEDURE sp3(v1 char(20))BEGIN SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';END//delimiter ;//delimiter //;CREATE FUNCTION fn1(v1 int) returns intBEGIN return v1;END//delimiter ;//disconnect user2;# cleanupconnection default;USE db_storedproc_1;--source suite/funcs_1/include/show_connection.incdrop user 'user_1'@'localhost';DROP PROCEDURE sp3;DROP FUNCTION fn1;# ------------------------------------------------------------------------------let $message= Testcase 3.1.6.4: -----------------Ensure that the default security provision of a stored procedure is SQL SECURITYDEFINER.;--source include/show_msg80.incCREATE USER 'user_1'@'localhost';grant update on db_storedproc_1.t6 to 'user_1'@'localhost';grant execute on db_storedproc_1.* to 'user_1'@'localhost';flush privileges;USE db_storedproc_1;--disable_warningsDROP PROCEDURE IF EXISTS sp4;--enable_warningsdelimiter //;CREATE PROCEDURE sp4(v1 char(20))BEGIN SELECT * from db_storedproc_1.t6 where t6.f2= 'xyz';END//delimiter ;//#disconnect default;--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user3, localhost, user_1, , db_storedproc_1);--source suite/funcs_1/include/show_connection.incUSE db_storedproc_1;CALL sp4('a');--vertical_resultsSELECT SPECIFIC_NAME, ROUTINE_SCHEMA, ROUTINE_NAME, ROUTINE_TYPE, ROUTINE_BODY, ROUTINE_DEFINITION, IS_DETERMINISTIC, SQL_DATA_ACCESS, SECURITY_TYPE, SQL_MODE, ROUTINE_COMMENTFROM information_schema.routines WHERE routine_schema LIKE 'db_sto%';--horizontal_resultsdisconnect user3;# cleanupconnection default;--source suite/funcs_1/include/show_connection.incDROP PROCEDURE sp4;DROP USER 'user_1'@'localhost';# ------------------------------------------------------------------------------let $message= Testcase 3.1.6.5: -----------------Ensure that a stored procedure defined with SQL SECURITY DEFINER can becalled/executed by any user, using only the privileges (including databaseaccess privileges) associated with the user who created the stored procedure.;--source include/show_msg80.incUSE db_storedproc_1;CREATE TABLE t3165 ( c1 char(20), c2 char(20), c3 date);INSERT INTO t3165 VALUES ('inserted', 'outside of SP', NULL);# creates procedurescreate user 'user_1'@'localhost';#executes procedurecreate user 'user_2'@'localhost';grant create routine on db_storedproc_1.* to 'user_1'@'localhost';grant SELECT on db_storedproc_1.* to 'user_2'@'localhost';grant execute on db_storedproc_1.* to 'user_2'@'localhost';flush privileges;--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user5_1, localhost, user_1, , db_storedproc_1);--source suite/funcs_1/include/show_connection.incdelimiter //;CREATE PROCEDURE sp5_s_i () sql security definerBEGIN SELECT * from db_storedproc_1.t3165; insert into db_storedproc_1.t3165 values ('inserted', 'from sp5_s_i', 1000);END//CREATE PROCEDURE sp5_sel () sql security definerBEGIN SELECT * from db_storedproc_1.t3165;END//CREATE PROCEDURE sp5_ins () sql security definerBEGIN insert into db_storedproc_1.t3165 values ('inserted', 'from sp5_ins', 1000);END//delimiter ;//disconnect user5_1;--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user5_2, localhost, user_2, , db_storedproc_1);--source suite/funcs_1/include/show_connection.inc--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_s_i();--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_ins();--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_sel();# now 'add' INSERT to DEFINERconnection default;--source suite/funcs_1/include/show_connection.inc--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_sel();grant insert on db_storedproc_1.* to 'user_1'@'localhost';flush privileges;connection user5_2;--source suite/funcs_1/include/show_connection.inc--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_s_i();CALL sp5_ins();--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_sel();# now 'add' SELECT to DEFINERconnection default;--source suite/funcs_1/include/show_connection.inc--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_sel();grant SELECT on db_storedproc_1.* to 'user_1'@'localhost';#grant execute on db_storedproc_1.* to 'user_2'@'localhost';flush privileges;connection user5_2;--source suite/funcs_1/include/show_connection.incCALL sp5_s_i();CALL sp5_ins();CALL sp5_sel();# now revoke INSERT FROM DEFINERconnection default;--source suite/funcs_1/include/show_connection.incREVOKE INSERT on db_storedproc_1.* from 'user_1'@'localhost';flush privileges;connection user5_2;--source suite/funcs_1/include/show_connection.inc--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_s_i();--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_ins();CALL sp5_sel();# now revoke SELECT FROM DEFINERconnection default;--source suite/funcs_1/include/show_connection.incREVOKE SELECT on db_storedproc_1.* from 'user_1'@'localhost';flush privileges;connection user5_2;--source suite/funcs_1/include/show_connection.inc--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_s_i();--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_ins();--error ER_TABLEACCESS_DENIED_ERRORCALL sp5_sel();# cleanupdisconnect user5_2;connection default;--source suite/funcs_1/include/show_connection.incDROP PROCEDURE sp5_s_i;DROP PROCEDURE sp5_sel;DROP PROCEDURE sp5_ins;DROP TABLE t3165;DROP USER 'user_1'@'localhost';DROP USER 'user_2'@'localhost';# ------------------------------------------------------------------------------let $message= Testcase 3.1.6.6: -----------------Ensure that a stored procedure defined with SQL SECURITY INVOKER can becalled/executed by any user, using only the privileges (including databaseaccess privileges) associated with the user executing the stored procedure.;--source include/show_msg80.incUSE db_storedproc_1;CREATE TABLE t3166 ( c1 char(30) );INSERT INTO db_storedproc_1.t3166 VALUES ('inserted outside SP');# DEFINERcreate user 'user_1'@'localhost';# INVOKERcreate user 'user_2'@'localhost';GRANT CREATE ROUTINE ON db_storedproc_1.* TO 'user_1'@'localhost';GRANT SELECT ON db_storedproc_1.* TO 'user_2'@'localhost';GRANT EXECUTE ON db_storedproc_1.* TO 'user_2'@'localhost';FLUSH PRIVILEGES;--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user6_1, localhost, user_1, , db_storedproc_1);--source suite/funcs_1/include/show_connection.incdelimiter //;CREATE PROCEDURE sp3166_s_i () SQL SECURITY INVOKERBEGIN SELECT * from db_storedproc_1.t3166; insert into db_storedproc_1.t3166 values ('inserted from sp3166_s_i');END//CREATE PROCEDURE sp3166_sel () SQL SECURITY INVOKERBEGIN SELECT * from db_storedproc_1.t3166;END//CREATE PROCEDURE sp3166_ins () SQL SECURITY INVOKERBEGIN insert into db_storedproc_1.t3166 values ('inserted from sp3166_ins');END//delimiter ;//disconnect user6_1;--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user6_2, localhost, user_2, , db_storedproc_1);--source suite/funcs_1/include/show_connection.inc--error ER_TABLEACCESS_DENIED_ERRORCALL sp3166_s_i();--error ER_TABLEACCESS_DENIED_ERRORCALL sp3166_ins();CALL sp3166_sel();# now 'add' INSERT to INVOKERconnection default;--source suite/funcs_1/include/show_connection.incCALL sp3166_sel();GRANT INSERT ON db_storedproc_1.* TO 'user_2'@'localhost';FLUSH PRIVILEGES;disconnect user6_2;--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user6_3, localhost, user_2, , db_storedproc_1);--source suite/funcs_1/include/show_connection.incCALL sp3166_s_i();CALL sp3166_ins();CALL sp3166_sel();disconnect user6_3;# now 'remove' SELECT from INVOKERconnection default;--source suite/funcs_1/include/show_connection.incCALL sp3166_sel();REVOKE SELECT ON db_storedproc_1.* FROM 'user_2'@'localhost';FLUSH PRIVILEGES;--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user6_4, localhost, user_2, , db_storedproc_1);--source suite/funcs_1/include/show_connection.inc--error ER_TABLEACCESS_DENIED_ERRORCALL sp3166_s_i();CALL sp3166_ins();--error ER_TABLEACCESS_DENIED_ERRORCALL sp3166_sel();disconnect user6_4;# now 'remove' EXECUTE FROM INVOKERconnection default;CALL sp3166_s_i();--source suite/funcs_1/include/show_connection.incREVOKE EXECUTE on db_storedproc_1.* FROM 'user_2'@'localhost';FLUSH PRIVILEGES;--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCKconnect (user6_5, localhost, user_2, , db_storedproc_1);--source suite/funcs_1/include/show_connection.inc--error ER_PROCACCESS_DENIED_ERRORCALL sp3166_s_i();--error ER_PROCACCESS_DENIED_ERRORCALL sp3166_ins();--error ER_PROCACCESS_DENIED_ERRORCALL sp3166_sel();disconnect user6_5;# cleanupconnection default;--source suite/funcs_1/include/show_connection.incDROP PROCEDURE sp3166_s_i;DROP PROCEDURE sp3166_sel;DROP PROCEDURE sp3166_ins;DROP TABLE t3166;DROP USER 'user_1'@'localhost';DROP USER 'user_2'@'localhost';# ==============================================================================# USE the same .inc to cleanup before and after the test--source suite/funcs_1/storedproc/cleanup_sp_tb.inc# ==============================================================================--echo--echo . +++ END OF SCRIPT +++--echo --------------------------------------------------------------------------------# ==============================================================================⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -