firebird-qa/tests/bugs/core_4980_test.py

#coding:utf-8
#
# id:           bugs.core_4980
# title:        Operator REVOKE can modify rights granted to system tables at DB creation time
# decription:   
#                    We create here NON-privileged user and revoke any right from him. Also create trivial table TEST.
#                    Then try to connect with as user and query non-system table TEST and system tables.
#                    Query to table TEST should be denied, but queries to RDB-tables should run OK and display their data.
#                
# tracker_id:   CORE-4980
# min_versions: ['3.0']
# versions:     3.0, 4.0
# qmid:         None

import pytest
from firebird.qa import db_factory, isql_act, Action

# version: 3.0
# resources: None

substitutions_1 = []

init_script_1 = """"""

db_1 = db_factory(sql_dialect=3, init=init_script_1)

test_script_1 = """
    set wng off;
    create or alter user tmp_c4980 password '123';
    commit;

    recreate table test(id int);
    commit;
    insert into test values(1);
    commit;

    revoke all on all from tmp_c4980;
    revoke all on all from public;
    commit;

    connect '$(DSN)' user tmp_c4980 password '123';

    -- All subsequent statements (being issued by TMP_C4980) failed on 3.0.0.32134 and runs OK on build 32136:
    set list on;

    select current_user as who_am_i from rdb$database;
    select current_user as who_am_i, r.rdb$character_set_name from rdb$database r;
    select current_user as who_am_i, r.rdb$relation_name from rdb$relations r order by rdb$relation_id rows 1;
    select current_user as who_am_i, t.id from test t; -- this should ALWAYS fail because this is non-system table.
    commit;

    connect '$(DSN)' user 'SYSDBA' password 'masterkey';
    drop user tmp_c4980;
  """

act_1 = isql_act('db_1', test_script_1, substitutions=substitutions_1)

expected_stdout_1 = """
    WHO_AM_I                        TMP_C4980
    WHO_AM_I                        TMP_C4980
    RDB$CHARACTER_SET_NAME          NONE
    WHO_AM_I                        TMP_C4980
    RDB$RELATION_NAME               RDB$PAGES
  """
expected_stderr_1 = """
    Statement failed, SQLSTATE = 28000
    no permission for SELECT access to TABLE TEST
  """

@pytest.mark.version('>=3.0,<4.0')
def test_1(act_1: Action):
    act_1.expected_stdout = expected_stdout_1
    act_1.expected_stderr = expected_stderr_1
    act_1.execute()
    assert act_1.clean_expected_stderr == act_1.clean_stderr
    assert act_1.clean_expected_stdout == act_1.clean_stdout

# version: 4.0
# resources: None

substitutions_2 = []

init_script_2 = """"""

db_2 = db_factory(sql_dialect=3, init=init_script_2)

test_script_2 = """
    set wng off;
    create or alter user tmp_c4980 password '123';
    commit;

    recreate table test(id int);
    commit;
    insert into test values(1);
    commit;

    revoke all on all from tmp_c4980;
    revoke all on all from public;
    commit;

    connect '$(DSN)' user tmp_c4980 password '123';

    set list on;
    select current_user as who_am_i from rdb$database;
    select current_user as who_am_i, r.rdb$character_set_name from rdb$database r;
    select current_user as who_am_i, r.rdb$relation_name from rdb$relations r order by rdb$relation_id rows 1;
    select current_user as who_am_i, t.id from test t; -- this should ALWAYS fail because this is non-system table.
    commit;

    connect '$(DSN)' user 'SYSDBA' password 'masterkey';
    drop user tmp_c4980;
  """

act_2 = isql_act('db_2', test_script_2, substitutions=substitutions_2)

expected_stdout_2 = """
    WHO_AM_I                        TMP_C4980
    WHO_AM_I                        TMP_C4980
    RDB$CHARACTER_SET_NAME          NONE
    WHO_AM_I                        TMP_C4980
    RDB$RELATION_NAME               RDB$PAGES
  """
expected_stderr_2 = """
    Statement failed, SQLSTATE = 28000
    no permission for SELECT access to TABLE TEST
    -Effective user is TMP_C4980
  """

@pytest.mark.version('>=4.0')
def test_2(act_2: Action):
    act_2.expected_stdout = expected_stdout_2
    act_2.expected_stderr = expected_stderr_2
    act_2.execute()
    assert act_2.clean_expected_stderr == act_2.clean_stderr
    assert act_2.clean_expected_stdout == act_2.clean_stdout
Firebird engine tests 2021-04-26 20:07:00 +02:00			`#coding:utf-8`
			`#`
			`# id: bugs.core_4980`
			`# title: Operator REVOKE can modify rights granted to system tables at DB creation time`
			`# decription:`
			`# We create here NON-privileged user and revoke any right from him. Also create trivial table TEST.`
			`# Then try to connect with as user and query non-system table TEST and system tables.`
			`# Query to table TEST should be denied, but queries to RDB-tables should run OK and display their data.`
			`#`
			`# tracker_id: CORE-4980`
			`# min_versions: ['3.0']`
			`# versions: 3.0, 4.0`
			`# qmid: None`

			`import pytest`
			`from firebird.qa import db_factory, isql_act, Action`

			`# version: 3.0`
			`# resources: None`

			`substitutions_1 = []`

			`init_script_1 = """"""`

			`db_1 = db_factory(sql_dialect=3, init=init_script_1)`

			`test_script_1 = """`
			`set wng off;`
			`create or alter user tmp_c4980 password '123';`
			`commit;`

			`recreate table test(id int);`
			`commit;`
			`insert into test values(1);`
			`commit;`

			`revoke all on all from tmp_c4980;`
			`revoke all on all from public;`
			`commit;`

			`connect '$(DSN)' user tmp_c4980 password '123';`

			`-- All subsequent statements (being issued by TMP_C4980) failed on 3.0.0.32134 and runs OK on build 32136:`
			`set list on;`

			`select current_user as who_am_i from rdb$database;`
			`select current_user as who_am_i, r.rdb$character_set_name from rdb$database r;`
			`select current_user as who_am_i, r.rdb$relation_name from rdb$relations r order by rdb$relation_id rows 1;`
			`select current_user as who_am_i, t.id from test t; -- this should ALWAYS fail because this is non-system table.`
			`commit;`

			`connect '$(DSN)' user 'SYSDBA' password 'masterkey';`
			`drop user tmp_c4980;`
			`"""`

			`act_1 = isql_act('db_1', test_script_1, substitutions=substitutions_1)`

			`expected_stdout_1 = """`
			`WHO_AM_I TMP_C4980`
			`WHO_AM_I TMP_C4980`
			`RDB$CHARACTER_SET_NAME NONE`
			`WHO_AM_I TMP_C4980`
			`RDB$RELATION_NAME RDB$PAGES`
			`"""`
			`expected_stderr_1 = """`
			`Statement failed, SQLSTATE = 28000`
			`no permission for SELECT access to TABLE TEST`
			`"""`

			`@pytest.mark.version('>=3.0,<4.0')`
Change name scheme for tests 2021-04-28 12:42:11 +02:00			`def test_1(act_1: Action):`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`act_1.expected_stdout = expected_stdout_1`
			`act_1.expected_stderr = expected_stderr_1`
			`act_1.execute()`
			`assert act_1.clean_expected_stderr == act_1.clean_stderr`
			`assert act_1.clean_expected_stdout == act_1.clean_stdout`

			`# version: 4.0`
			`# resources: None`

			`substitutions_2 = []`

			`init_script_2 = """"""`

			`db_2 = db_factory(sql_dialect=3, init=init_script_2)`

			`test_script_2 = """`
			`set wng off;`
			`create or alter user tmp_c4980 password '123';`
			`commit;`

			`recreate table test(id int);`
			`commit;`
			`insert into test values(1);`
			`commit;`

			`revoke all on all from tmp_c4980;`
			`revoke all on all from public;`
			`commit;`

			`connect '$(DSN)' user tmp_c4980 password '123';`

			`set list on;`
			`select current_user as who_am_i from rdb$database;`
			`select current_user as who_am_i, r.rdb$character_set_name from rdb$database r;`
			`select current_user as who_am_i, r.rdb$relation_name from rdb$relations r order by rdb$relation_id rows 1;`
			`select current_user as who_am_i, t.id from test t; -- this should ALWAYS fail because this is non-system table.`
			`commit;`

			`connect '$(DSN)' user 'SYSDBA' password 'masterkey';`
			`drop user tmp_c4980;`
			`"""`

			`act_2 = isql_act('db_2', test_script_2, substitutions=substitutions_2)`

			`expected_stdout_2 = """`
			`WHO_AM_I TMP_C4980`
			`WHO_AM_I TMP_C4980`
			`RDB$CHARACTER_SET_NAME NONE`
			`WHO_AM_I TMP_C4980`
			`RDB$RELATION_NAME RDB$PAGES`
			`"""`
			`expected_stderr_2 = """`
			`Statement failed, SQLSTATE = 28000`
			`no permission for SELECT access to TABLE TEST`
			`-Effective user is TMP_C4980`
			`"""`

			`@pytest.mark.version('>=4.0')`
Change name scheme for tests 2021-04-28 12:42:11 +02:00			`def test_2(act_2: Action):`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`act_2.expected_stdout = expected_stdout_2`
			`act_2.expected_stderr = expected_stderr_2`
			`act_2.execute()`
			`assert act_2.clean_expected_stderr == act_2.clean_stderr`
			`assert act_2.clean_expected_stdout == act_2.clean_stdout`