MySQL 5.6.14 Source Code Document
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
processlist_priv.inc
1 ############ suite/funcs_1/datadict/processlist_priv.inc ###############
2 # #
3 # Testing of privileges around #
4 # SELECT ... PROCESSLIST/SHOW PROCESSLIST #
5 # #
6 # Note(mleich): #
7 # There is a significant risk to get an unstable test because of #
8 # timing issues. #
9 # Example1: #
10 # 1. Disconnect connection X #
11 # 2. Switch to connection Y #
12 # 3. SHOW PROCESSLIST might present a record like #
13 # <ID> <user> <host> <db> Quit 0 cleaning up NULL #
14 # or even a row where connection X is without #
15 # "Quit" or "cleaning up". #
16 # That means our SHOW PROCESSLIST can come too early. #
17 # Solution: #
18 # Close the connections at the end of the test. #
19 # Example2 (2008-08-14 again observed): #
20 # 1. connection X: SHOW PROCESSLIST/GRANT ... etc. #
21 # 2. Switch to connection Y #
22 # 3. SHOW PROCESSLIST might present a record like #
23 # <ID> <user> <host> <db> Query TIME cleaning up <command> #
24 # <ID> <user> <host> <db> Query TIME writing to net <command> #
25 # Problems happens more often in case of slow filesystem! #
26 # First Solution: #
27 # Insert a dummy SQL command where the cleanup is most probably #
28 # fast before switching to another connection and running #
29 # SHOW/SELECT PROCESSLIST. #
30 # Suppress writing to protocol by assignment to $variable. #
31 # let $my_var= `SELECT 1`; #
32 # Even the 'SELECT 1' was in some cases in state #
33 # "writing to net". #
34 # Final Solution: #
35 # --real_sleep 0.3 #
36 # This value was at least on my box sufficient. #
37 # Please inform us if this test fails so that we can adjust #
38 # the sleep time better or switch to poll routines. #
39 # #
40 # Storage engine variants of this test do not make sense. #
41 # - I_S tables use the MEMORY storage engine whenever possible. #
42 # - There are some I_S table which need column data types which #
43 # are not supported by MEMORY. Example: LONGTEXT/BLOB #
44 # MyISAM will be used for such tables. #
45 # The column PROCESSLIST.INFO is of data type LONGTEXT #
46 # ----> MyISAM #
47 # - There is no impact of the GLOBAL(server) or SESSION default #
48 # storage engine setting on the engine used for I_S tables. #
49 # That means we cannot get NDB or InnoDB instead. #
50 # #
51 # Creation: #
52 # 2007-08 hhunger Implement this test as part of #
53 # WL#3982 Test information_schema.processlist #
54 # #
55 # Last update: #
56 # 2008-08-14 mleich Bug#38270 Test "processlist_priv_ps" fails on #
57 # varying "processlist" output #
58 # - Replace one sleep by a poll routines #
59 # - Remove or disable superfluous sleeps #
60 # #
61 ########################################################################
62 
63 # The following variables are used in "datadict_priv.inc" and here.
64 #
65 # information_schema table to be tested
66 let $table= processlist;
67 #
68 # columns of the information_schema table e.g. to use in a select.
69 let $columns= ID, USER, HOST, DB, COMMAND, TIME, STATE, INFO;
70 #
71 # Where clause for an update.
72 let $update_where= WHERE id=1 ;
73 #
74 # Column to be used in the SET of an update.
75 let $set_column= user='any_user' ;
76 #
77 # Where clause of a delete.
78 let $delete_where= WHERE id=1 ;
79 #
80 # Column to be dropped.
81 let $drop_column= user;
82 #
83 # Column to be indexed
84 let $index_col= user;
85 
86 USE information_schema;
87 
88 --echo ####################################################################################
89 --echo 1 Prepare test.
90 --echo connection default (user=root)
91 --echo ####################################################################################
92 if (`SELECT COUNT(*) <> 1 FROM processlist`)
93 {
94  --echo This test expects one connection to the server.
95  --echo Expectation: USER HOST DB COMMAND STATE INFO
96  --echo Expectation: root localhost information_schema Query executing SELECT USER,HOST,DB,COMMAND,STATE,INFO FROM processlist ORDER BY ID
97  --echo But we found in the moment:
98  SELECT USER,HOST,DB,COMMAND,STATE,INFO FROM processlist ORDER BY ID;
99  --echo Maybe
100  --echo - the base configuration (no of parallel auxiliary sessions) of the server has changed
101  --echo - a parallel test intended for another server accidently connected to our current one
102  --echo We cannot proceed in this situation. Abort
103  exit;
104 }
105 
106 --echo ####################################################################################
107 --echo 1.1 Create two user
108 --echo ####################################################################################
109 # access to info tables as normal user
110 --error 0, ER_CANNOT_USER
111 DROP USER ddicttestuser1@'localhost';
112 --error 0, ER_CANNOT_USER
113 DROP USER ddicttestuser2@'localhost';
114 CREATE USER ddicttestuser1@'localhost';
115 CREATE USER ddicttestuser2@'localhost';
116 SET PASSWORD FOR ddicttestuser1@'localhost' = PASSWORD('ddictpass');
117 SET PASSWORD FOR ddicttestuser2@'localhost' = PASSWORD('ddictpass');
118 
119 --echo ####################################################################################
120 --echo 1.2 Establish connection con100 (user=ddicttestuser1 with no PROCESS privilege):
121 connect (con100,localhost,ddicttestuser1,ddictpass,information_schema);
122 --echo ####################################################################################
123 
124 
125 --echo ####################################################################################
126 --echo 2 connection default(user=root with default privileges):
127 --echo SHOW/SELECT shows all processes/threads.
128 --echo ####################################################################################
129 connection default;
130 # Avoid Bug#38270 Test "processlist_priv_ps" fails on varying "processlist" output
131 # This subtest expects that the connection con100 is in state 'Sleep'.
132 # Poll till the connection con100 is in state COMMAND = 'Sleep'.
133 let $wait_timeout= 10;
134 let $wait_condition=
135 SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST
136 WHERE DB = 'information_schema' AND COMMAND = 'Sleep' AND USER = 'ddicttestuser1';
137 --source include/wait_condition.inc
138 eval SHOW CREATE TABLE $table;
139 --replace_column 1 ID 3 HOST_NAME 6 TIME
140 --sorted_result
141 eval SHOW $table;
142 --replace_column 1 ID 3 HOST_NAME 6 TIME
143 eval SELECT * FROM $table $select_where ORDER BY id;
144 --replace_column 1 ID 3 HOST_NAME 6 TIME
145 eval SELECT $columns FROM $table $select_where ORDER BY id;
146 --source suite/funcs_1/datadict/datadict_priv.inc
147 
148 
149 --echo ####################################################################################
150 --echo 3 Switch to connection con100 (user=ddicttestuser1 with no PROCESS privilege):
151 connection con100;
152 --echo SHOW/SELECT shows only the processes (1) of the user.
153 --echo ####################################################################################
154 # No need for poll routine here.
155 # The current state of the default session might depend on load of testing box
156 # but "ddicttestuser1" must not see anything of the root session.
157 eval SHOW CREATE TABLE $table;
158 --replace_column 1 ID 3 HOST_NAME 6 TIME
159 eval SHOW $table;
160 --replace_column 1 ID 3 HOST_NAME 6 TIME
161 eval SELECT * FROM $table $select_where ORDER BY id;
162 --replace_column 1 ID 3 HOST_NAME 6 TIME
163 eval SELECT $columns FROM $table $select_where ORDER BY id;
164 --source suite/funcs_1/datadict/datadict_priv.inc
165 --real_sleep 0.3
166 
167 
168 --echo ####################################################################################
169 --echo 4 Grant PROCESS privilege to ddicttestuser1
170 --echo connection default (user=root)
171 --echo ####################################################################################
172 connection default;
173 GRANT PROCESS ON *.* TO ddicttestuser1@'localhost' IDENTIFIED BY 'ddictpass';
174 --real_sleep 0.3
175 
176 --echo ####################################################################################
177 --echo 4.1 Existing connection con100 (ddicttestuser1)
178 --echo The user ddicttestuser1 has the PROCESS privilege, but the connection was
179 --echo established before PROCESS was granted.
180 --echo SHOW/SELECT shows only the processes (1) of the user.
181 --echo ####################################################################################
182 connection con100;
183 SHOW GRANTS;
184 --replace_column 1 ID 3 HOST_NAME 6 TIME
185 --sorted_result
186 SHOW processlist;
187 --replace_column 1 ID 3 HOST_NAME 6 TIME
188 --sorted_result
189 SELECT * FROM information_schema.processlist;
190 --real_sleep 0.3
191 
192 --echo ####################################################################################
193 --echo 4.2 New connection con101 (ddicttestuser1 with PROCESS privilege)
194 --echo SHOW/SELECT shows all processes/threads.
195 --echo ####################################################################################
196 connect (con101,localhost,ddicttestuser1,ddictpass,information_schema);
197 SHOW GRANTS;
198 --replace_column 1 ID 3 HOST_NAME 6 TIME
199 --sorted_result
200 SHOW processlist;
201 --replace_column 1 ID 3 HOST_NAME 6 TIME
202 --sorted_result
203 SELECT * FROM information_schema.processlist;
204 --real_sleep 0.3
205 
206 
207 --echo ####################################################################################
208 --echo 5 Grant PROCESS privilege to anonymous user.
209 --echo connection default (user=root)
210 --echo ####################################################################################
211 connection default;
212 GRANT PROCESS ON *.* TO ''@'localhost';
213 --real_sleep 0.3
214 
215 --echo ####################################################################################
216 --echo 5.1 Establish connection (anonymous1,localhost,'',,information_schema)
217 --echo anonymous user with PROCESS privilege
218 --echo SHOW/SELECT shows all processes/threads.
219 --echo ####################################################################################
220 connect (anonymous1,localhost,"''",,information_schema);
221 SHOW GRANTS;
222 --replace_column 1 ID 3 HOST_NAME 6 TIME
223 --sorted_result
224 SHOW processlist;
225 --replace_column 1 ID 3 HOST_NAME 6 TIME
226 --sorted_result
227 SELECT * FROM information_schema.processlist;
228 --real_sleep 0.3
229 
230 
231 --echo ####################################################################################
232 --echo 6 Revoke PROCESS privilege from ddicttestuser1
233 --echo connection default (user=root)
234 --echo ####################################################################################
235 connection default;
236 REVOKE PROCESS ON *.* FROM ddicttestuser1@'localhost';
237 --real_sleep 0.3
238 
239 --echo ####################################################################################
240 --echo 6.1 New connection con102 (ddicttestuser1 has no more PROCESS privilege)
241 connect (con102,localhost,ddicttestuser1,ddictpass,information_schema);
242 --echo Again (compared to state before GRANT PROCESS) only the processes of
243 --echo ddicttestuser1 are visible.
244 --echo ####################################################################################
245 SHOW GRANTS;
246 --replace_column 1 ID 3 HOST_NAME 6 TIME
247 --sorted_result
248 SHOW processlist;
249 --replace_column 1 ID 3 HOST_NAME 6 TIME
250 --sorted_result
251 SELECT * FROM information_schema.processlist;
252 --real_sleep 0.3
253 
254 
255 --echo ####################################################################################
256 --echo 7 Revoke PROCESS privilege from anonymous user
257 --echo connection default (user=root)
258 --echo ####################################################################################
259 connection default;
260 REVOKE PROCESS ON *.* FROM ''@'localhost';
261 --real_sleep 0.3
262 
263 --echo ####################################################################################
264 --echo 7.1 New connection (anonymous2,localhost,'',,information_schema)
265 connect (anonymous2,localhost,"''",,information_schema);
266 --echo The anonymous user has no more the PROCESS privilege
267 --echo Again only the processes of the anonymous user are visible.
268 --echo ####################################################################################
269 SHOW GRANTS FOR ''@'localhost';
270 if ($fixed_bug_30395)
271 {
272 # Bug#30395 strange results after REVOKE PROCESS ON *.* FROM ...
273 --replace_column 1 ID 3 HOST_NAME 6 TIME
274 --sorted_result
275 SHOW processlist;
276 }
277 --replace_column 1 ID 3 HOST_NAME 6 TIME
278 --sorted_result
279 SELECT * FROM information_schema.processlist;
280 --real_sleep 0.3
281 
282 
283 --echo ####################################################################################
284 --echo 8 Grant SUPER (does not imply PROCESS) privilege to ddicttestuser1
285 --echo connection default (user=root)
286 --echo ####################################################################################
287 connection default;
288 GRANT SUPER ON *.* TO 'ddicttestuser1'@'localhost';
289 --real_sleep 0.3
290 
291 --echo ####################################################################################
292 --echo 8.1 New connection con103 (ddicttestuser1 with SUPER privilege)
293 connect (con103,localhost,ddicttestuser1,ddictpass,information_schema);
294 --echo Only the processes of ddicttestuser1 user are visible.
295 --echo ####################################################################################
296 SHOW GRANTS FOR 'ddicttestuser1'@'localhost';
297 --replace_column 1 ID 3 HOST_NAME 6 TIME
298 --sorted_result
299 SHOW processlist;
300 --replace_column 1 ID 3 HOST_NAME 6 TIME
301 --sorted_result
302 SELECT * FROM information_schema.processlist;
303 --real_sleep 0.3
304 
305 
306 --echo ####################################################################################
307 --echo 9 Revoke SUPER privilege from user ddicttestuser1
308 --echo connection default (user=root)
309 --echo ####################################################################################
310 connection default;
311 REVOKE SUPER ON *.* FROM 'ddicttestuser1'@'localhost';
312 --real_sleep 0.3
313 
314 --echo ####################################################################################
315 --echo 9.1 New connection con104 (ddicttestuser1 without SUPER privilege)
316 connect (con104,localhost,ddicttestuser1,ddictpass,information_schema);
317 --echo ddicttestuser1 has no more the SUPER privilege.
318 --echo Only the processes of ddicttestuser1 are visible.
319 --echo ####################################################################################
320 SHOW GRANTS FOR 'ddicttestuser1'@'localhost';
321 --replace_column 1 ID 3 HOST_NAME 6 TIME
322 --sorted_result
323 SHOW processlist;
324 --replace_column 1 ID 3 HOST_NAME 6 TIME
325 --sorted_result
326 SELECT * FROM information_schema.processlist;
327 --real_sleep 0.3
328 
329 
330 --echo ####################################################################################
331 --echo 10 Grant SUPER privilege with grant option to user ddicttestuser1.
332 --echo connection default (user=root)
333 --echo ####################################################################################
334 connection default;
335 GRANT SUPER ON *.* TO 'ddicttestuser1'@'localhost' WITH GRANT OPTION;
336 --real_sleep 0.3
337 
338 --echo ####################################################################################
339 --echo 10.1 New connection con105 (ddicttestuser1 with SUPER privilege and GRANT OPTION)
340 connect (con105,localhost,ddicttestuser1,ddictpass,information_schema);
341 --echo Try to grant PROCESS privilege to user ddicttestuser2 without having it.
342 --echo ####################################################################################
343 SHOW GRANTS FOR 'ddicttestuser1'@'localhost';
344 --error ER_ACCESS_DENIED_ERROR
345 GRANT PROCESS ON *.* TO 'ddicttestuser2'@'localhost';
346 
347 --echo ####################################################################################
348 --echo 10.2 Grant SUPER and PROCESS privilege with grant option to user ddicttestuser1
349 --echo connection default (user=root)
350 --echo ####################################################################################
351 connection default;
352 GRANT SUPER,PROCESS ON *.* TO 'ddicttestuser1'@'localhost' WITH GRANT OPTION;
353 --real_sleep 0.3
354 
355 --echo ####################################################################################
356 --echo 10.3 New connection con106 (ddicttestuser1 with SUPER,PROCESS WITH GRANT OPTION)
357 connect (con106,localhost,ddicttestuser1,ddictpass,information_schema);
358 --echo Grant PROCESS privilege to user ddicttestuser2
359 --echo ####################################################################################
360 SHOW GRANTS FOR 'ddicttestuser1'@'localhost';
361 GRANT PROCESS ON *.* TO 'ddicttestuser2'@'localhost';
362 --real_sleep 0.3
363 
364 --echo ####################################################################################
365 --echo 10.4 New connection con200 (ddicttestuser2 with PROCESS privilege)
366 connect (con200,localhost,ddicttestuser2,ddictpass,information_schema);
367 --echo ddicttestuser2 has now the PROCESS privilege and sees all connections
368 --echo ####################################################################################
369 SHOW GRANTS FOR 'ddicttestuser2'@'localhost';
370 --replace_column 1 ID 3 HOST_NAME 6 TIME
371 --sorted_result
372 SHOW processlist;
373 --replace_column 1 ID 3 HOST_NAME 6 TIME
374 --sorted_result
375 SELECT * FROM information_schema.processlist;
376 --real_sleep 0.3
377 
378 
379 --echo ####################################################################################
380 --echo 11 User ddicttestuser1 revokes PROCESS privilege from user ddicttestuser2
381 --echo connection ddicttestuser1;
382 --echo ####################################################################################
383 connection con106;
384 REVOKE PROCESS ON *.* FROM 'ddicttestuser2'@'localhost';
385 --real_sleep 0.3
386 
387 --echo ####################################################################################
388 --echo 11.1 New connection con201 (ddicttestuser2)
389 connect (con201,localhost,ddicttestuser2,ddictpass,information_schema);
390 --echo ddicttestuser2 has no more the PROCESS privilege and can only see own connects
391 --echo ####################################################################################
392 SHOW GRANTS;
393 --replace_column 1 ID 3 HOST_NAME 6 TIME
394 --sorted_result
395 SHOW processlist;
396 --replace_column 1 ID 3 HOST_NAME 6 TIME
397 --sorted_result
398 SELECT * FROM information_schema.processlist;
399 --real_sleep 0.3
400 
401 --echo ####################################################################################
402 --echo 11.2 Revoke SUPER,PROCESS,GRANT OPTION privilege from user ddicttestuser1
403 --echo connection default (user=root)
404 --echo ####################################################################################
405 connection default;
406 REVOKE SUPER,PROCESS,GRANT OPTION ON *.* FROM 'ddicttestuser1'@'localhost';
407 --real_sleep 0.3
408 
409 --echo ####################################################################################
410 --echo 11.3 New connection con107 (ddicttestuser1)
411 connect (con107,localhost,ddicttestuser1,ddictpass,information_schema);
412 --echo ddicttestuser1 has no more the PROCESS privilege and can only see own connects
413 --echo He is also unable to GRANT the PROCESS privilege to ddicttestuser2
414 --echo ####################################################################################
415 SHOW GRANTS FOR 'ddicttestuser1'@'localhost';
416 --error ER_ACCESS_DENIED_ERROR
417 GRANT PROCESS ON *.* TO 'ddicttestuser2'@'localhost';
418 --replace_column 1 ID 3 HOST_NAME 6 TIME
419 --sorted_result
420 SHOW processlist;
421 --replace_column 1 ID 3 HOST_NAME 6 TIME
422 --sorted_result
423 SELECT * FROM information_schema.processlist;
424 --real_sleep 0.3
425 
426 
427 --echo ####################################################################################
428 --echo 12 Revoke the SELECT privilege from user ddicttestuser1
429 --echo connection default (user=root)
430 --echo ####################################################################################
431 connection default;
432 REVOKE SELECT ON *.* FROM 'ddicttestuser1'@'localhost';
433 --real_sleep 0.3
434 
435 --echo ####################################################################################
436 --echo 12.1 New connection con108 (ddicttestuser1)
437 connect (con108,localhost,ddicttestuser1,ddictpass,information_schema);
438 --echo ddicttestuser1 has neither PROCESS nor SELECT privilege
439 --echo Manual says: Each MySQL user has the right to access these tables, but can see
440 --echo only the rows ...
441 --echo Therefore the missing SELECT privilege does not affect SELECTs on PROCESSLIST.
442 --echo ####################################################################################
443 SHOW GRANTS FOR 'ddicttestuser1'@'localhost';
444 --replace_column 1 ID 3 HOST_NAME 6 TIME
445 --sorted_result
446 SHOW processlist;
447 --replace_column 1 ID 3 HOST_NAME 6 TIME
448 --sorted_result
449 SELECT * FROM information_schema.processlist;
450 --real_sleep 0.3
451 
452 --echo ####################################################################################
453 --echo 12.2 Revoke only the SELECT privilege on the information_schema from ddicttestuser1.
454 --echo connection default (user=root)
455 --echo ####################################################################################
456 connection default;
457 --error ER_DBACCESS_DENIED_ERROR
458 REVOKE SELECT ON information_schema.* FROM 'ddicttestuser3'@'localhost';
459 --real_sleep 0.3
460 
461 
462 --echo ####################################################################################
463 --echo connection default (user=root)
464 --echo Cleanup: close connections, DROP USER etc.
465 --echo ####################################################################################
466 connection default;
467 disconnect con100;
468 disconnect con101;
469 disconnect con102;
470 disconnect con103;
471 disconnect con104;
472 disconnect con105;
473 disconnect con106;
474 disconnect con107;
475 disconnect con108;
476 disconnect con200;
477 disconnect con201;
478 disconnect anonymous1;
479 disconnect anonymous2;
480 DROP USER ddicttestuser1@'localhost';
481 DROP USER ddicttestuser2@'localhost';
482 REVOKE USAGE ON *.* FROM ''@'localhost';
483 DROP USER ''@'localhost';