2021-04-26 20:07:00 +02:00
|
|
|
#coding:utf-8
|
|
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
"""
|
|
|
|
|
ID: issue-5271
|
|
|
|
|
ISSUE: 5271
|
|
|
|
|
TITLE: Operator REVOKE can modify rights granted to system tables at DB creation time
|
|
|
|
|
DESCRIPTION:
|
|
|
|
|
We create here NON-privileged user and revoke any right from him. Also create trivial table TEST.
|
|
|
|
|
Then try to connect with as user and query non-system table TEST and system tables.
|
|
|
|
|
Query to table TEST should be denied, but queries to RDB-tables should run OK and display their data.
|
|
|
|
|
JIRA: CORE-4980
|
|
|
|
|
"""
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
import pytest
|
|
|
|
|
from firebird.qa import *
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
db = db_factory()
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
tmp_user = user_factory('db', name='tmp_c4980', password='123')
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
test_script = """
|
2021-04-26 20:07:00 +02:00
|
|
|
set wng off;
|
|
|
|
|
|
|
|
|
|
recreate table test(id int);
|
|
|
|
|
commit;
|
|
|
|
|
insert into test values(1);
|
|
|
|
|
commit;
|
|
|
|
|
|
|
|
|
|
connect '$(DSN)' user tmp_c4980 password '123';
|
|
|
|
|
|
|
|
|
|
-- All subsequent statements (being issued by TMP_C4980) failed on 3.0.0.32134 and runs OK on build 32136:
|
|
|
|
|
set list on;
|
|
|
|
|
|
|
|
|
|
select current_user as who_am_i from rdb$database;
|
|
|
|
|
select current_user as who_am_i, r.rdb$character_set_name from rdb$database r;
|
|
|
|
|
select current_user as who_am_i, r.rdb$relation_name from rdb$relations r order by rdb$relation_id rows 1;
|
|
|
|
|
select current_user as who_am_i, t.id from test t; -- this should ALWAYS fail because this is non-system table.
|
|
|
|
|
commit;
|
2021-12-19 22:25:36 +01:00
|
|
|
"""
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
act = isql_act('db', test_script)
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
expected_stdout = """
|
2021-04-26 20:07:00 +02:00
|
|
|
WHO_AM_I TMP_C4980
|
|
|
|
|
WHO_AM_I TMP_C4980
|
|
|
|
|
RDB$CHARACTER_SET_NAME NONE
|
|
|
|
|
WHO_AM_I TMP_C4980
|
|
|
|
|
RDB$RELATION_NAME RDB$PAGES
|
2021-12-19 22:25:36 +01:00
|
|
|
"""
|
|
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
# version: 3.0
|
|
|
|
|
|
2021-04-26 20:07:00 +02:00
|
|
|
expected_stderr_1 = """
|
|
|
|
|
Statement failed, SQLSTATE = 28000
|
|
|
|
|
no permission for SELECT access to TABLE TEST
|
2021-12-19 22:25:36 +01:00
|
|
|
"""
|
|
|
|
|
|
2021-04-26 20:07:00 +02:00
|
|
|
@pytest.mark.version('>=3.0,<4.0')
|
2022-01-24 20:27:02 +01:00
|
|
|
def test_1(act: Action, tmp_user: User):
|
|
|
|
|
act.expected_stdout = expected_stdout
|
|
|
|
|
act.expected_stderr = expected_stderr_1
|
|
|
|
|
act.execute()
|
|
|
|
|
assert (act.clean_stderr == act.clean_expected_stderr and
|
|
|
|
|
act.clean_stdout == act.clean_expected_stdout)
|
2021-04-26 20:07:00 +02:00
|
|
|
|
|
|
|
|
# version: 4.0
|
2021-12-19 22:25:36 +01:00
|
|
|
|
2021-04-26 20:07:00 +02:00
|
|
|
expected_stderr_2 = """
|
|
|
|
|
Statement failed, SQLSTATE = 28000
|
|
|
|
|
no permission for SELECT access to TABLE TEST
|
|
|
|
|
-Effective user is TMP_C4980
|
2021-12-19 22:25:36 +01:00
|
|
|
"""
|
|
|
|
|
|
2021-04-26 20:07:00 +02:00
|
|
|
@pytest.mark.version('>=4.0')
|
2022-01-24 20:27:02 +01:00
|
|
|
def test_2(act: Action, tmp_user: User):
|
|
|
|
|
act.expected_stdout = expected_stdout
|
|
|
|
|
act.expected_stderr = expected_stderr_2
|
|
|
|
|
act.execute()
|
|
|
|
|
assert (act.clean_stderr == act.clean_expected_stderr and
|
|
|
|
|
act.clean_stdout == act.clean_expected_stdout)
|
2021-04-26 20:07:00 +02:00
|
|
|
|
