Merge lp:~ansharyan015/drizzle/trunk-bug-931917 into lp:drizzle
- trunk-bug-931917
- Merge into 7.2
Status: | Merged | ||||
---|---|---|---|---|---|
Merged at revision: | 2538 | ||||
Proposed branch: | lp:~ansharyan015/drizzle/trunk-bug-931917 | ||||
Merge into: | lp:drizzle | ||||
Diff against target: |
385 lines (+250/-36) 8 files modified
plugin/regex_policy/docs/index.rst (+14/-18) plugin/regex_policy/module.cc (+1/-1) plugin/regex_policy/policy.h (+6/-6) plugin/regex_policy/tests/r/basic_deprecated.result (+72/-0) plugin/regex_policy/tests/t/basic.policy (+11/-11) plugin/regex_policy/tests/t/basic_deprecated-master.opt (+1/-0) plugin/regex_policy/tests/t/basic_deprecated.policy (+15/-0) plugin/regex_policy/tests/t/basic_deprecated.test (+130/-0) |
||||
To merge this branch: | bzr merge lp:~ansharyan015/drizzle/trunk-bug-931917 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Henrik Ingo | Approve | ||
Review via email: mp+100298@code.launchpad.net |
Commit message
Description of the change
Changed regex plugin to support ALLOW/DENY policies. ACCEPT/REJECT can also be used but their use is deprecated. Corresponding changes done in docs and test cases added.
Brian Aker (brianaker) wrote : | # |
> I've reviewed this prior to merge proposal, see the linked bug for discussion.
> If you have any other comments, please continue review here.
So should this go to 7.1 or 7.2?
Vijay Samuel (vjsamuel) wrote : | # |
7.2
On Apr 1, 2012 6:09 AM, "Brian Aker" <email address hidden> wrote:
> > I've reviewed this prior to merge proposal, see the linked bug for
> discussion.
> > If you have any other comments, please continue review here.
>
> So should this go to 7.1 or 7.2?
> --
>
> https:/
> Your team Drizzle Trunk is subscribed to branch lp:drizzle.
>
Henrik Ingo (hingo) wrote : | # |
7.2. (We could actually backport it to 7.1 at a later time but not now.)
Preview Diff
1 | === modified file 'plugin/regex_policy/docs/index.rst' | |||
2 | --- plugin/regex_policy/docs/index.rst 2011-10-23 05:45:09 +0000 | |||
3 | +++ plugin/regex_policy/docs/index.rst 2012-03-31 16:16:21 +0000 | |||
4 | @@ -64,30 +64,26 @@ | |||
5 | 64 | The general line format of a regex policy file is:: | 64 | The general line format of a regex policy file is:: |
6 | 65 | 65 | ||
7 | 66 | USER_PATTERN SCHEMA_OBJECT_PATTERN POLICY | 66 | USER_PATTERN SCHEMA_OBJECT_PATTERN POLICY |
8 | 67 | In Drizzle 7 and Drizzle 7.1 the POLICY values supported were 'ACCEPT' and 'DENY'. Beginning with Drizzle 7.2.0, the values used should be 'ALLOW' and 'DENY'. Although 'ACCEPT' and 'REJECT' are also supported for backward compatibility, but their use is deprecated. | ||
9 | 67 | 68 | ||
10 | 68 | For example:: | 69 | For example:: |
11 | 69 | 70 | ||
12 | 70 | # This is a comment line and should be skipped | 71 | # This is a comment line and should be skipped |
24 | 71 | .+ schema=DATA_DICTIONARY ACCEPT | 72 | .+ schema=DATA_DICTIONARY ALLOW |
25 | 72 | .+ schema=INFORMATION_SCHEMA ACCEPT | 73 | .+ schema=INFORMATION_SCHEMA ALLOW |
26 | 73 | .+ schema=data_dictionary ACCEPT | 74 | .+ schema=data_dictionary ALLOW |
27 | 74 | .+ schema=information_schema ACCEPT | 75 | .+ schema=information_schema ALLOW |
28 | 75 | root table=.+ ACCEPT | 76 | root table=.+ ALLOW |
29 | 76 | root schema=.+ ACCEPT | 77 | root schema=.+ ALLOW |
30 | 77 | root process=.+ ACCEPT | 78 | root process=.+ ALLOW |
31 | 78 | user1 schema=user1 ACCEPT | 79 | user1 schema=user1 ALLOW |
32 | 79 | user2 schema=user2 ACCEPT | 80 | user2 schema=user2 ALLOW |
33 | 80 | user1 process=user1 ACCEPT | 81 | user1 process=user1 ALLOW |
34 | 81 | user2 process=user2 ACCEPT | 82 | user2 process=user2 ALLOW |
35 | 82 | # Default to denying everything | 83 | # Default to denying everything |
36 | 83 | .+ schema=.+ DENY | 84 | .+ schema=.+ DENY |
37 | 84 | .+ process=.+ DENY | 85 | .+ process=.+ DENY |
38 | 85 | 86 | ||
39 | 86 | Examples | ||
40 | 87 | -------- | ||
41 | 88 | |||
42 | 89 | Sorry, there are no examples for this plugin. | ||
43 | 90 | |||
44 | 91 | .. _regex_policy_authors: | 87 | .. _regex_policy_authors: |
45 | 92 | 88 | ||
46 | 93 | Authors | 89 | Authors |
47 | @@ -100,7 +96,7 @@ | |||
48 | 100 | Version | 96 | Version |
49 | 101 | ------- | 97 | ------- |
50 | 102 | 98 | ||
52 | 103 | This documentation applies to **regex_policy 1.0**. | 99 | This documentation applies to **regex_policy 2.0**. |
53 | 104 | 100 | ||
54 | 105 | To see which version of the plugin a Drizzle server is running, execute: | 101 | To see which version of the plugin a Drizzle server is running, execute: |
55 | 106 | 102 | ||
56 | @@ -111,6 +107,6 @@ | |||
57 | 111 | Changelog | 107 | Changelog |
58 | 112 | --------- | 108 | --------- |
59 | 113 | 109 | ||
61 | 114 | v1.0 | 110 | v2.0 |
62 | 115 | ^^^^ | 111 | ^^^^ |
63 | 116 | * First release. | 112 | * First release. |
64 | 117 | 113 | ||
65 | === modified file 'plugin/regex_policy/module.cc' | |||
66 | --- plugin/regex_policy/module.cc 2012-03-15 18:05:43 +0000 | |||
67 | +++ plugin/regex_policy/module.cc 2012-03-31 16:16:21 +0000 | |||
68 | @@ -361,7 +361,7 @@ | |||
69 | 361 | { | 361 | { |
70 | 362 | DRIZZLE_VERSION_ID, | 362 | DRIZZLE_VERSION_ID, |
71 | 363 | "regex_policy", | 363 | "regex_policy", |
73 | 364 | "1.0", | 364 | "2.0", |
74 | 365 | "Clint Byrum", | 365 | "Clint Byrum", |
75 | 366 | N_("Authorization using a regex-matched policy file"), | 366 | N_("Authorization using a regex-matched policy file"), |
76 | 367 | PLUGIN_LICENSE_GPL, | 367 | PLUGIN_LICENSE_GPL, |
77 | 368 | 368 | ||
78 | === modified file 'plugin/regex_policy/policy.h' | |||
79 | --- plugin/regex_policy/policy.h 2012-03-16 16:47:17 +0000 | |||
80 | +++ plugin/regex_policy/policy.h 2012-03-31 16:16:21 +0000 | |||
81 | @@ -46,9 +46,9 @@ | |||
82 | 46 | 46 | ||
83 | 47 | static const char *comment_regex = "^[[:space:]]*#.*$"; | 47 | static const char *comment_regex = "^[[:space:]]*#.*$"; |
84 | 48 | static const char *empty_regex = "^[[:space:]]*$"; | 48 | static const char *empty_regex = "^[[:space:]]*$"; |
88 | 49 | static const char *table_match_regex = "^([^ ]+) table\\=([^ ]+) (ACCEPT|DENY)$"; | 49 | static const char *table_match_regex = "^([^ ]+) table\\=([^ ]+) (ACCEPT|REJECT|ALLOW|DENY)$"; |
89 | 50 | static const char *process_match_regex = "^([^ ]+) process\\=([^ ]+) (ACCEPT|DENY)$"; | 50 | static const char *process_match_regex = "^([^ ]+) process\\=([^ ]+) (ACCEPT|REJECT|ALLOW|DENY)$"; |
90 | 51 | static const char *schema_match_regex = "^([^ ]+) schema\\=([^ ]+) (ACCEPT|DENY)$"; | 51 | static const char *schema_match_regex = "^([^ ]+) schema\\=([^ ]+) (ACCEPT|REJECT|ALLOW|DENY)$"; |
91 | 52 | /* These correspond to the parenthesis above and must stay in sync */ | 52 | /* These correspond to the parenthesis above and must stay in sync */ |
92 | 53 | static const int MATCH_REGEX_USER_POS= 1; | 53 | static const int MATCH_REGEX_USER_POS= 1; |
93 | 54 | static const int MATCH_REGEX_OBJECT_POS= 2; | 54 | static const int MATCH_REGEX_OBJECT_POS= 2; |
94 | @@ -75,11 +75,11 @@ | |||
95 | 75 | user_re(u), | 75 | user_re(u), |
96 | 76 | object_re(obj) | 76 | object_re(obj) |
97 | 77 | { | 77 | { |
99 | 78 | if (act == "ACCEPT") | 78 | if ((act == "ACCEPT")||(act == "ALLOW")) |
100 | 79 | { | 79 | { |
101 | 80 | action = POLICY_ACCEPT; | 80 | action = POLICY_ACCEPT; |
102 | 81 | } | 81 | } |
104 | 82 | else if (act == "DENY") | 82 | else if ((act == "REJECT")||(act == "DENY")) |
105 | 83 | { | 83 | { |
106 | 84 | action = POLICY_DENY; | 84 | action = POLICY_DENY; |
107 | 85 | } | 85 | } |
108 | @@ -101,7 +101,7 @@ | |||
109 | 101 | } | 101 | } |
110 | 102 | const char *getAction() const | 102 | const char *getAction() const |
111 | 103 | { | 103 | { |
113 | 104 | return action == POLICY_ACCEPT ? "ACCEPT" : "DENY"; | 104 | return action == POLICY_ACCEPT ? "ALLOW" : "DENY"; |
114 | 105 | } | 105 | } |
115 | 106 | }; | 106 | }; |
116 | 107 | 107 | ||
117 | 108 | 108 | ||
118 | === added file 'plugin/regex_policy/tests/r/basic_deprecated.result' | |||
119 | --- plugin/regex_policy/tests/r/basic_deprecated.result 1970-01-01 00:00:00 +0000 | |||
120 | +++ plugin/regex_policy/tests/r/basic_deprecated.result 2012-03-31 16:16:21 +0000 | |||
121 | @@ -0,0 +1,72 @@ | |||
122 | 1 | create schema user1; | ||
123 | 2 | create schema user2; | ||
124 | 3 | SELECT SCHEMA_NAME FROM DATA_DICTIONARY.SCHEMAS ORDER BY SCHEMA_NAME; | ||
125 | 4 | SCHEMA_NAME | ||
126 | 5 | DATA_DICTIONARY | ||
127 | 6 | INFORMATION_SCHEMA | ||
128 | 7 | mysql | ||
129 | 8 | test | ||
130 | 9 | user1 | ||
131 | 10 | user2 | ||
132 | 11 | use user2; | ||
133 | 12 | create table t1 (kill_id int); | ||
134 | 13 | insert into t1 values(connection_id()); | ||
135 | 14 | SELECT * from user1.dont_exist; | ||
136 | 15 | ERROR 42S02: Unknown table 'user1.dont_exist' | ||
137 | 16 | SELECT SCHEMA_NAME FROM DATA_DICTIONARY.SCHEMAS ORDER BY SCHEMA_NAME; | ||
138 | 17 | SCHEMA_NAME | ||
139 | 18 | DATA_DICTIONARY | ||
140 | 19 | INFORMATION_SCHEMA | ||
141 | 20 | user1 | ||
142 | 21 | SELECT * from user2.dont_exist; | ||
143 | 22 | ERROR 42000: Access denied for user 'user1' to schema 'user2' | ||
144 | 23 | create schema authorize_fail; | ||
145 | 24 | ERROR 42000: Access denied for user 'user1' to schema 'authorize_fail' | ||
146 | 25 | drop schema user2; | ||
147 | 26 | ERROR 42000: Access denied for user 'user1' to schema 'user2' | ||
148 | 27 | create table t1 (kill_id int); | ||
149 | 28 | insert into t1 values(connection_id()); | ||
150 | 29 | SELECT USERNAME, DB FROM DATA_DICTIONARY.PROCESSLIST ORDER BY USERNAME, DB; | ||
151 | 30 | USERNAME DB | ||
152 | 31 | user1 user1 | ||
153 | 32 | user1 user1 | ||
154 | 33 | select IF(((@id := kill_id) - kill_id), "NO", "YES") from t1; | ||
155 | 34 | IF(((@id := kill_id) - kill_id), "NO", "YES") | ||
156 | 35 | YES | ||
157 | 36 | kill @id; | ||
158 | 37 | select IF(((@id := kill_id) - kill_id), "NO", "YES") from t1; | ||
159 | 38 | IF(((@id := kill_id) - kill_id), "NO", "YES") | ||
160 | 39 | YES | ||
161 | 40 | select @id != connection_id(); | ||
162 | 41 | @id != connection_id() | ||
163 | 42 | 1 | ||
164 | 43 | update t1 set kill_id = connection_id(); | ||
165 | 44 | SELECT USERNAME, DB FROM DATA_DICTIONARY.PROCESSLIST ORDER BY USERNAME, DB; | ||
166 | 45 | USERNAME DB | ||
167 | 46 | user2 user2 | ||
168 | 47 | select IF(((@id := kill_id) - kill_id), "NO", "YES") from t1; | ||
169 | 48 | IF(((@id := kill_id) - kill_id), "NO", "YES") | ||
170 | 49 | YES | ||
171 | 50 | kill @id; | ||
172 | 51 | ERROR HY000: Unknown session id: # | ||
173 | 52 | SELECT USERNAME, DB FROM DATA_DICTIONARY.PROCESSLIST ORDER BY USERNAME, DB; | ||
174 | 53 | USERNAME DB | ||
175 | 54 | root user2 | ||
176 | 55 | user1 user1 | ||
177 | 56 | user1 user1 | ||
178 | 57 | user2 user2 | ||
179 | 58 | use user1; | ||
180 | 59 | select IF(((@id := kill_id) - kill_id), "NO", "YES") from t1; | ||
181 | 60 | IF(((@id := kill_id) - kill_id), "NO", "YES") | ||
182 | 61 | YES | ||
183 | 62 | kill @id; | ||
184 | 63 | select IF(((@id := kill_id) - kill_id), "NO", "YES") from t1; | ||
185 | 64 | IF(((@id := kill_id) - kill_id), "NO", "YES") | ||
186 | 65 | YES | ||
187 | 66 | select @id != connection_id(); | ||
188 | 67 | @id != connection_id() | ||
189 | 68 | 1 | ||
190 | 69 | connect(localhost,authz,,authz_no,MASTER_PORT,); | ||
191 | 70 | ERROR 42000: Access denied for user 'authz' to schema 'authz_no' | ||
192 | 71 | drop schema user1; | ||
193 | 72 | drop schema user2; | ||
194 | 0 | 73 | ||
195 | === modified file 'plugin/regex_policy/tests/t/basic.policy' | |||
196 | --- plugin/regex_policy/tests/t/basic.policy 2011-03-03 01:55:10 +0000 | |||
197 | +++ plugin/regex_policy/tests/t/basic.policy 2012-03-31 16:16:21 +0000 | |||
198 | @@ -1,15 +1,15 @@ | |||
199 | 1 | # This is a comment line and should be skipped | 1 | # This is a comment line and should be skipped |
211 | 2 | .+ schema=DATA_DICTIONARY ACCEPT | 2 | .+ schema=DATA_DICTIONARY ALLOW |
212 | 3 | .+ schema=INFORMATION_SCHEMA ACCEPT | 3 | .+ schema=INFORMATION_SCHEMA ALLOW |
213 | 4 | .+ schema=data_dictionary ACCEPT | 4 | .+ schema=data_dictionary ALLOW |
214 | 5 | .+ schema=information_schema ACCEPT | 5 | .+ schema=information_schema ALLOW |
215 | 6 | root table=.+ ACCEPT | 6 | root table=.+ ALLOW |
216 | 7 | root schema=.+ ACCEPT | 7 | root schema=.+ ALLOW |
217 | 8 | root process=.+ ACCEPT | 8 | root process=.+ ALLOW |
218 | 9 | user1 schema=user1 ACCEPT | 9 | user1 schema=user1 ALLOW |
219 | 10 | user2 schema=user2 ACCEPT | 10 | user2 schema=user2 ALLOW |
220 | 11 | user1 process=user1 ACCEPT | 11 | user1 process=user1 ALLOW |
221 | 12 | user2 process=user2 ACCEPT | 12 | user2 process=user2 ALLOW |
222 | 13 | # Default to denying everything | 13 | # Default to denying everything |
223 | 14 | .+ schema=.+ DENY | 14 | .+ schema=.+ DENY |
224 | 15 | .+ process=.+ DENY | 15 | .+ process=.+ DENY |
225 | 16 | 16 | ||
226 | === added file 'plugin/regex_policy/tests/t/basic_deprecated-master.opt' | |||
227 | --- plugin/regex_policy/tests/t/basic_deprecated-master.opt 1970-01-01 00:00:00 +0000 | |||
228 | +++ plugin/regex_policy/tests/t/basic_deprecated-master.opt 2012-03-31 16:16:21 +0000 | |||
229 | @@ -0,0 +1,1 @@ | |||
230 | 1 | --plugin-add=regex_policy --regex-policy.policy=$TOP_SRCDIR/plugin/regex_policy/tests/t/basic_deprecated.policy --verbose=INSPECT | ||
231 | 0 | 2 | ||
232 | === added file 'plugin/regex_policy/tests/t/basic_deprecated.policy' | |||
233 | --- plugin/regex_policy/tests/t/basic_deprecated.policy 1970-01-01 00:00:00 +0000 | |||
234 | +++ plugin/regex_policy/tests/t/basic_deprecated.policy 2012-03-31 16:16:21 +0000 | |||
235 | @@ -0,0 +1,15 @@ | |||
236 | 1 | # This is a comment line and should be skipped | ||
237 | 2 | .+ schema=DATA_DICTIONARY ACCEPT | ||
238 | 3 | .+ schema=INFORMATION_SCHEMA ACCEPT | ||
239 | 4 | .+ schema=data_dictionary ACCEPT | ||
240 | 5 | .+ schema=information_schema ACCEPT | ||
241 | 6 | root table=.+ ACCEPT | ||
242 | 7 | root schema=.+ ACCEPT | ||
243 | 8 | root process=.+ ACCEPT | ||
244 | 9 | user1 schema=user1 ACCEPT | ||
245 | 10 | user2 schema=user2 ACCEPT | ||
246 | 11 | user1 process=user1 ACCEPT | ||
247 | 12 | user2 process=user2 ACCEPT | ||
248 | 13 | # Default to denying everything | ||
249 | 14 | .+ schema=.+ REJECT | ||
250 | 15 | .+ process=.+ REJECT | ||
251 | 0 | 16 | ||
252 | === added file 'plugin/regex_policy/tests/t/basic_deprecated.test' | |||
253 | --- plugin/regex_policy/tests/t/basic_deprecated.test 1970-01-01 00:00:00 +0000 | |||
254 | +++ plugin/regex_policy/tests/t/basic_deprecated.test 2012-03-31 16:16:21 +0000 | |||
255 | @@ -0,0 +1,130 @@ | |||
256 | 1 | # Check for error if no parameter provided | ||
257 | 2 | create schema user1; | ||
258 | 3 | create schema user2; | ||
259 | 4 | SELECT SCHEMA_NAME FROM DATA_DICTIONARY.SCHEMAS ORDER BY SCHEMA_NAME; | ||
260 | 5 | |||
261 | 6 | # Set up a table to be able to test not being able to kill other people | ||
262 | 7 | use user2; | ||
263 | 8 | create table t1 (kill_id int); | ||
264 | 9 | insert into t1 values(connection_id()); | ||
265 | 10 | |||
266 | 11 | # Test that we get a normal don't exist error for things that don't exist | ||
267 | 12 | --error ER_TABLE_UNKNOWN | ||
268 | 13 | SELECT * from user1.dont_exist; | ||
269 | 14 | |||
270 | 15 | # Connect as user1 - should only see information_schema, user1 and | ||
271 | 16 | # data_dictionary | ||
272 | 17 | # Also tests that we are able to read data_dictionary, without which fail | ||
273 | 18 | # would happen | ||
274 | 19 | --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT | ||
275 | 20 | connect (should_succeed,localhost,user1,,user1,,); | ||
276 | 21 | connection should_succeed; | ||
277 | 22 | SELECT SCHEMA_NAME FROM DATA_DICTIONARY.SCHEMAS ORDER BY SCHEMA_NAME; | ||
278 | 23 | |||
279 | 24 | # Test that we get blocked on not being allowed to see user2 at all before | ||
280 | 25 | # we get blocked on the table not existing | ||
281 | 26 | --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT | ||
282 | 27 | --replace_regex /@'.*?'/@'LOCALHOST'/ | ||
283 | 28 | --error ER_DBACCESS_DENIED_ERROR | ||
284 | 29 | SELECT * from user2.dont_exist; | ||
285 | 30 | |||
286 | 31 | # Test that we can't create a schema that isn't named the same as we are | ||
287 | 32 | --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT | ||
288 | 33 | --replace_regex /@'.*?'/@'LOCALHOST'/ | ||
289 | 34 | --error ER_DBACCESS_DENIED_ERROR | ||
290 | 35 | create schema authorize_fail; | ||
291 | 36 | |||
292 | 37 | # Test that we can't drop a schema that isn't named the same as we are | ||
293 | 38 | --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT | ||
294 | 39 | --replace_regex /@'.*?'/@'LOCALHOST'/ | ||
295 | 40 | --error ER_DBACCESS_DENIED_ERROR | ||
296 | 41 | drop schema user2; | ||
297 | 42 | |||
298 | 43 | # Set up a table to test that we can kill other versions of us | ||
299 | 44 | create table t1 (kill_id int); | ||
300 | 45 | insert into t1 values(connection_id()); | ||
301 | 46 | |||
302 | 47 | --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT | ||
303 | 48 | connect (con1,localhost,user1,,user1,); | ||
304 | 49 | --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT | ||
305 | 50 | connect (con2,localhost,user2,,user2,); | ||
306 | 51 | connection con1; | ||
307 | 52 | |||
308 | 53 | # Check that we don't see other people's connections | ||
309 | 54 | SELECT USERNAME, DB FROM DATA_DICTIONARY.PROCESSLIST ORDER BY USERNAME, DB; | ||
310 | 55 | |||
311 | 56 | # Check that we can kill a process that is owned by our user | ||
312 | 57 | --disable_reconnect | ||
313 | 58 | select IF(((@id := kill_id) - kill_id), "NO", "YES") from t1; | ||
314 | 59 | kill @id; | ||
315 | 60 | |||
316 | 61 | connection should_succeed; | ||
317 | 62 | --sleep 2 | ||
318 | 63 | |||
319 | 64 | --disable_query_log | ||
320 | 65 | --disable_result_log | ||
321 | 66 | # One of the following statements should fail | ||
322 | 67 | --error EE_OK,EE_BADCLOSE,EE_UNKNOWN_CHARSET,EE_CANT_SYMLINK | ||
323 | 68 | select 1; | ||
324 | 69 | --error EE_OK,EE_BADCLOSE,EE_UNKNOWN_CHARSET,EE_CANT_SYMLINK | ||
325 | 70 | select 1; | ||
326 | 71 | --enable_query_log | ||
327 | 72 | --enable_result_log | ||
328 | 73 | --enable_reconnect | ||
329 | 74 | |||
330 | 75 | select IF(((@id := kill_id) - kill_id), "NO", "YES") from t1; | ||
331 | 76 | select @id != connection_id(); | ||
332 | 77 | |||
333 | 78 | # Set the table to our current id now | ||
334 | 79 | update t1 set kill_id = connection_id(); | ||
335 | 80 | |||
336 | 81 | # Test that we cannot kill a process owned by someone else | ||
337 | 82 | connection con2; | ||
338 | 83 | SELECT USERNAME, DB FROM DATA_DICTIONARY.PROCESSLIST ORDER BY USERNAME, DB; | ||
339 | 84 | select IF(((@id := kill_id) - kill_id), "NO", "YES") from t1; | ||
340 | 85 | |||
341 | 86 | --replace_regex /Unknown session id: [0-9]+/Unknown session id: #/ | ||
342 | 87 | --error ER_NO_SUCH_THREAD | ||
343 | 88 | kill @id; | ||
344 | 89 | |||
345 | 90 | # Test that root can see everybody | ||
346 | 91 | connection default; | ||
347 | 92 | SELECT USERNAME, DB FROM DATA_DICTIONARY.PROCESSLIST ORDER BY USERNAME, DB; | ||
348 | 93 | |||
349 | 94 | # Test that root can kill someone else | ||
350 | 95 | use user1; | ||
351 | 96 | --disable_reconnect | ||
352 | 97 | select IF(((@id := kill_id) - kill_id), "NO", "YES") from t1; | ||
353 | 98 | kill @id; | ||
354 | 99 | |||
355 | 100 | connection should_succeed; | ||
356 | 101 | --sleep 2 | ||
357 | 102 | |||
358 | 103 | --disable_query_log | ||
359 | 104 | --disable_result_log | ||
360 | 105 | # One of the following statements should fail | ||
361 | 106 | --error EE_OK,EE_BADCLOSE,EE_UNKNOWN_CHARSET,EE_CANT_SYMLINK | ||
362 | 107 | select 1; | ||
363 | 108 | --error EE_OK,EE_BADCLOSE,EE_UNKNOWN_CHARSET,EE_CANT_SYMLINK | ||
364 | 109 | select 1; | ||
365 | 110 | --enable_query_log | ||
366 | 111 | --enable_result_log | ||
367 | 112 | --enable_reconnect | ||
368 | 113 | |||
369 | 114 | select IF(((@id := kill_id) - kill_id), "NO", "YES") from t1; | ||
370 | 115 | select @id != connection_id(); | ||
371 | 116 | |||
372 | 117 | |||
373 | 118 | # Test failing initial connection | ||
374 | 119 | --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT | ||
375 | 120 | --replace_regex /@'.*?'/@'LOCALHOST'/ | ||
376 | 121 | --error ER_DBACCESS_DENIED_ERROR | ||
377 | 122 | connect (should_fail,localhost,authz,,authz_no,,); | ||
378 | 123 | |||
379 | 124 | # Clean up after ourselves | ||
380 | 125 | connection default; | ||
381 | 126 | drop schema user1; | ||
382 | 127 | drop schema user2; | ||
383 | 128 | disconnect con1; | ||
384 | 129 | disconnect con2; | ||
385 | 130 | disconnect should_succeed; |
I've reviewed this prior to merge proposal, see the linked bug for discussion. If you have any other comments, please continue review here.