MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE
- Proceed with commit fafb35ee517f309d9e507f6e3908caca5d8cd257 Reviewed by: serg@mariadb.com
This commit is contained in:
Anel Husakovic
parent
07fade6d18
commit
3fbe30024f
@ -46,7 +46,7 @@ SHOW GRANTS FOR test_user;
|
||||
Grants for test_user@%
|
||||
GRANT `test_role` TO `test_user`@`%`
|
||||
GRANT USAGE ON *.* TO `test_user`@`%`
|
||||
SET DEFAULT ROLE test_role FOR 'test_user'@'%'
|
||||
SET DEFAULT ROLE `test_role` FOR `test_user`@`%`
|
||||
SET DEFAULT ROLE NONE for test_user;
|
||||
SHOW GRANTS FOR test_user;
|
||||
Grants for test_user@%
|
||||
@ -60,7 +60,7 @@ GRANT `test_role` TO `root`@`localhost` WITH ADMIN OPTION
|
||||
GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION
|
||||
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
|
||||
GRANT USAGE ON *.* TO `test_role`
|
||||
SET DEFAULT ROLE test_role FOR 'root'@'localhost'
|
||||
SET DEFAULT ROLE `test_role` FOR `root`@`localhost`
|
||||
SET DEFAULT ROLE NONE;
|
||||
SHOW GRANTS;
|
||||
Grants for root@localhost
|
||||
@ -164,4 +164,21 @@ drop user 'user1'@'localhost';
|
||||
drop user 'fetch'@'localhost';
|
||||
drop user 'user-1'@'localhost';
|
||||
drop user 'O\'Brien'@'localhost';
|
||||
#
|
||||
# MDEV-26080 SHOW GRANTS does not quote role names properly for DEFAULT ROLE
|
||||
#
|
||||
CREATE USER 'test-user';
|
||||
CREATE ROLE `r``o'l"e`;
|
||||
select user from mysql.user where is_role='Y';
|
||||
user
|
||||
r`o'l"e
|
||||
GRANT `r``o'l"e` TO 'test-user';
|
||||
SET DEFAULT ROLE `r``o'l"e` FOR 'test-user';
|
||||
SHOW GRANTS FOR 'test-user';
|
||||
Grants for test-user@%
|
||||
GRANT `r``o'l"e` TO `test-user`@`%`
|
||||
GRANT USAGE ON *.* TO `test-user`@`%`
|
||||
SET DEFAULT ROLE `r``o'l"e` FOR `test-user`@`%`
|
||||
DROP ROLE `r``o'l"e`;
|
||||
DROP USER 'test-user';
|
||||
# End of 10.3 tests
|
||||
|
||||
@ -121,4 +121,18 @@ drop user 'fetch'@'localhost';
|
||||
drop user 'user-1'@'localhost';
|
||||
drop user 'O\'Brien'@'localhost';
|
||||
|
||||
--echo #
|
||||
--echo # MDEV-26080 SHOW GRANTS does not quote role names properly for DEFAULT ROLE
|
||||
--echo #
|
||||
|
||||
CREATE USER 'test-user';
|
||||
CREATE ROLE `r``o'l"e`;
|
||||
select user from mysql.user where is_role='Y';
|
||||
GRANT `r``o'l"e` TO 'test-user';
|
||||
SET DEFAULT ROLE `r``o'l"e` FOR 'test-user';
|
||||
# it is expected that quotes won't be shown correctly
|
||||
SHOW GRANTS FOR 'test-user';
|
||||
DROP ROLE `r``o'l"e`;
|
||||
DROP USER 'test-user';
|
||||
|
||||
--echo # End of 10.3 tests
|
||||
|
||||
@ -858,7 +858,7 @@ GRANT `aRole` TO `root`@`localhost` WITH ADMIN OPTION
|
||||
GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION
|
||||
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
|
||||
GRANT USAGE ON *.* TO `aRole`
|
||||
SET DEFAULT ROLE aRole FOR 'root'@'localhost'
|
||||
SET DEFAULT ROLE `aRole` FOR `root`@`localhost`
|
||||
SET DEFAULT ROLE NONE;
|
||||
SHOW GRANTS;
|
||||
Grants for root@localhost
|
||||
|
||||
@ -17,7 +17,7 @@ Grants for test_user@localhost
|
||||
GRANT `test_role` TO `test_user`@`localhost`
|
||||
GRANT USAGE ON *.* TO `test_user`@`localhost`
|
||||
GRANT SELECT ON *.* TO `test_role`
|
||||
SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
|
||||
SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost`
|
||||
select user, host, default_role from mysql.user where user='test_user';
|
||||
user host default_role
|
||||
test_user localhost test_role
|
||||
|
||||
@ -21,7 +21,7 @@ Grants for user_a@localhost
|
||||
GRANT `role_a` TO `user_a`@`localhost`
|
||||
GRANT USAGE ON *.* TO `user_a`@`localhost`
|
||||
GRANT SELECT ON *.* TO `role_a`
|
||||
SET DEFAULT ROLE role_a FOR 'user_a'@'localhost'
|
||||
SET DEFAULT ROLE `role_a` FOR `user_a`@`localhost`
|
||||
select user, host, default_role from mysql.user where user like 'user_%';
|
||||
user host default_role
|
||||
user_a localhost role_a
|
||||
@ -43,7 +43,7 @@ Grants for user_b@localhost
|
||||
GRANT `role_b` TO `user_b`@`localhost`
|
||||
GRANT USAGE ON *.* TO `user_b`@`localhost`
|
||||
GRANT INSERT, UPDATE ON *.* TO `role_b`
|
||||
SET DEFAULT ROLE role_b FOR 'user_b'@'localhost'
|
||||
SET DEFAULT ROLE `role_b` FOR `user_b`@`localhost`
|
||||
select user, host, default_role from mysql.user where user like 'user_%';
|
||||
ERROR 42000: SELECT command denied to user 'user_b'@'localhost' for table 'user'
|
||||
insert ignore into mysql.user (user, host) values ('someuser', 'somehost');
|
||||
|
||||
@ -24,7 +24,7 @@ Grants for test_user@localhost
|
||||
GRANT `test_role` TO `test_user`@`localhost`
|
||||
GRANT USAGE ON *.* TO `test_user`@`localhost`
|
||||
GRANT SELECT ON *.* TO `test_role`
|
||||
SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
|
||||
SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost`
|
||||
select user, host, default_role from mysql.user where user='test_user';
|
||||
user host default_role
|
||||
test_user localhost test_role
|
||||
@ -72,7 +72,7 @@ GRANT `r1` TO `b`@`%`
|
||||
GRANT `r2` TO `b`@`%`
|
||||
GRANT USAGE ON *.* TO `b`@`%`
|
||||
GRANT SELECT ON `mysql`.* TO `b`@`%`
|
||||
SET DEFAULT ROLE r2 FOR 'b'@'%'
|
||||
SET DEFAULT ROLE `r2` FOR `b`@`%`
|
||||
SET DEFAULT ROLE r1 FOR a;
|
||||
ERROR 42000: Access denied for user 'b'@'%' to database 'mysql'
|
||||
SELECT CURRENT_ROLE;
|
||||
@ -98,7 +98,7 @@ GRANT `r1` TO `b`@`%`
|
||||
GRANT `r2` TO `b`@`%`
|
||||
GRANT USAGE ON *.* TO `b`@`%`
|
||||
GRANT SELECT, UPDATE ON `mysql`.* TO `b`@`%`
|
||||
SET DEFAULT ROLE r2 FOR 'b'@'%'
|
||||
SET DEFAULT ROLE `r2` FOR `b`@`%`
|
||||
SET DEFAULT ROLE r1 FOR a;
|
||||
ERROR OP000: User `a@%` has not been granted role `r1`
|
||||
SET DEFAULT ROLE invalid_role;
|
||||
|
||||
@ -23,7 +23,7 @@ Grants for test_user@localhost
|
||||
GRANT `test_role` TO `test_user`@`localhost`
|
||||
GRANT USAGE ON *.* TO `test_user`@`localhost`
|
||||
GRANT SELECT ON *.* TO `test_role`
|
||||
SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
|
||||
SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost`
|
||||
select user, host, default_role from mysql.user where user = 'test_user';
|
||||
user host default_role
|
||||
test_user localhost test_role
|
||||
@ -52,7 +52,7 @@ Grants for test_user@localhost
|
||||
GRANT `test_role` TO `test_user`@`localhost`
|
||||
GRANT USAGE ON *.* TO `test_user`@`localhost`
|
||||
GRANT SELECT ON *.* TO `test_role`
|
||||
SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
|
||||
SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost`
|
||||
select user, host, default_role from mysql.user where user = 'test_user';
|
||||
user host default_role
|
||||
test_user localhost test_role
|
||||
|
||||
@ -8847,14 +8847,13 @@ static bool show_default_role(THD *thd, ACL_USER *acl_entry,
|
||||
String def_str(buff, buffsize, system_charset_info);
|
||||
def_str.length(0);
|
||||
def_str.append(STRING_WITH_LEN("SET DEFAULT ROLE "));
|
||||
def_str.append(&def_rolename);
|
||||
def_str.append(" FOR '");
|
||||
def_str.append(&acl_entry->user);
|
||||
append_identifier(thd, &def_str, def_rolename.str, def_rolename.length);
|
||||
def_str.append(" FOR ");
|
||||
append_identifier(thd, &def_str, acl_entry->user.str, acl_entry->user.length);
|
||||
DBUG_ASSERT(!(acl_entry->flags & IS_ROLE));
|
||||
def_str.append(STRING_WITH_LEN("'@'"));
|
||||
def_str.append(acl_entry->host.hostname, acl_entry->hostname_length,
|
||||
system_charset_info);
|
||||
def_str.append('\'');
|
||||
def_str.append('@');
|
||||
append_identifier(thd, &def_str, acl_entry->host.hostname,
|
||||
acl_entry->hostname_length);
|
||||
protocol->prepare_for_resend();
|
||||
protocol->store(def_str.ptr(),def_str.length(),def_str.charset());
|
||||
if (protocol->write())
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user