diff --git a/mysql-test/main/grant5.result b/mysql-test/main/grant5.result index abf17d736a7..83cd8677089 100644 --- a/mysql-test/main/grant5.result +++ b/mysql-test/main/grant5.result @@ -46,7 +46,7 @@ SHOW GRANTS FOR test_user; Grants for test_user@% GRANT `test_role` TO `test_user`@`%` GRANT USAGE ON *.* TO `test_user`@`%` -SET DEFAULT ROLE test_role FOR 'test_user'@'%' +SET DEFAULT ROLE `test_role` FOR `test_user`@`%` SET DEFAULT ROLE NONE for test_user; SHOW GRANTS FOR test_user; Grants for test_user@% @@ -60,7 +60,7 @@ GRANT `test_role` TO `root`@`localhost` WITH ADMIN OPTION GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION GRANT USAGE ON *.* TO `test_role` -SET DEFAULT ROLE test_role FOR 'root'@'localhost' +SET DEFAULT ROLE `test_role` FOR `root`@`localhost` SET DEFAULT ROLE NONE; SHOW GRANTS; Grants for root@localhost @@ -164,4 +164,21 @@ drop user 'user1'@'localhost'; drop user 'fetch'@'localhost'; drop user 'user-1'@'localhost'; drop user 'O\'Brien'@'localhost'; +# +# MDEV-26080 SHOW GRANTS does not quote role names properly for DEFAULT ROLE +# +CREATE USER 'test-user'; +CREATE ROLE `r``o'l"e`; +select user from mysql.user where is_role='Y'; +user +r`o'l"e +GRANT `r``o'l"e` TO 'test-user'; +SET DEFAULT ROLE `r``o'l"e` FOR 'test-user'; +SHOW GRANTS FOR 'test-user'; +Grants for test-user@% +GRANT `r``o'l"e` TO `test-user`@`%` +GRANT USAGE ON *.* TO `test-user`@`%` +SET DEFAULT ROLE `r``o'l"e` FOR `test-user`@`%` +DROP ROLE `r``o'l"e`; +DROP USER 'test-user'; # End of 10.3 tests diff --git a/mysql-test/main/grant5.test b/mysql-test/main/grant5.test index 703d87f08cc..bd711640acb 100644 --- a/mysql-test/main/grant5.test +++ b/mysql-test/main/grant5.test @@ -121,4 +121,18 @@ drop user 'fetch'@'localhost'; drop user 'user-1'@'localhost'; drop user 'O\'Brien'@'localhost'; +--echo # +--echo # MDEV-26080 SHOW GRANTS does not quote role names properly for DEFAULT ROLE +--echo # + +CREATE USER 'test-user'; +CREATE ROLE `r``o'l"e`; +select user from mysql.user where is_role='Y'; +GRANT `r``o'l"e` TO 'test-user'; +SET DEFAULT ROLE `r``o'l"e` FOR 'test-user'; +# it is expected that quotes won't be shown correctly +SHOW GRANTS FOR 'test-user'; +DROP ROLE `r``o'l"e`; +DROP USER 'test-user'; + --echo # End of 10.3 tests diff --git a/mysql-test/main/mysql_upgrade.result b/mysql-test/main/mysql_upgrade.result index 51bd86ceccb..f4c51e17c04 100644 --- a/mysql-test/main/mysql_upgrade.result +++ b/mysql-test/main/mysql_upgrade.result @@ -858,7 +858,7 @@ GRANT `aRole` TO `root`@`localhost` WITH ADMIN OPTION GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION GRANT USAGE ON *.* TO `aRole` -SET DEFAULT ROLE aRole FOR 'root'@'localhost' +SET DEFAULT ROLE `aRole` FOR `root`@`localhost` SET DEFAULT ROLE NONE; SHOW GRANTS; Grants for root@localhost diff --git a/mysql-test/suite/roles/set_default_role_clear.result b/mysql-test/suite/roles/set_default_role_clear.result index 05d52b6d58a..fbfb9369cae 100644 --- a/mysql-test/suite/roles/set_default_role_clear.result +++ b/mysql-test/suite/roles/set_default_role_clear.result @@ -17,7 +17,7 @@ Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` GRANT USAGE ON *.* TO `test_user`@`localhost` GRANT SELECT ON *.* TO `test_role` -SET DEFAULT ROLE test_role FOR 'test_user'@'localhost' +SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost` select user, host, default_role from mysql.user where user='test_user'; user host default_role test_user localhost test_role diff --git a/mysql-test/suite/roles/set_default_role_for.result b/mysql-test/suite/roles/set_default_role_for.result index b67b30ee075..9fde39ca6e4 100644 --- a/mysql-test/suite/roles/set_default_role_for.result +++ b/mysql-test/suite/roles/set_default_role_for.result @@ -21,7 +21,7 @@ Grants for user_a@localhost GRANT `role_a` TO `user_a`@`localhost` GRANT USAGE ON *.* TO `user_a`@`localhost` GRANT SELECT ON *.* TO `role_a` -SET DEFAULT ROLE role_a FOR 'user_a'@'localhost' +SET DEFAULT ROLE `role_a` FOR `user_a`@`localhost` select user, host, default_role from mysql.user where user like 'user_%'; user host default_role user_a localhost role_a @@ -43,7 +43,7 @@ Grants for user_b@localhost GRANT `role_b` TO `user_b`@`localhost` GRANT USAGE ON *.* TO `user_b`@`localhost` GRANT INSERT, UPDATE ON *.* TO `role_b` -SET DEFAULT ROLE role_b FOR 'user_b'@'localhost' +SET DEFAULT ROLE `role_b` FOR `user_b`@`localhost` select user, host, default_role from mysql.user where user like 'user_%'; ERROR 42000: SELECT command denied to user 'user_b'@'localhost' for table 'user' insert ignore into mysql.user (user, host) values ('someuser', 'somehost'); diff --git a/mysql-test/suite/roles/set_default_role_invalid.result b/mysql-test/suite/roles/set_default_role_invalid.result index 4417ef21f21..d6a48b67305 100644 --- a/mysql-test/suite/roles/set_default_role_invalid.result +++ b/mysql-test/suite/roles/set_default_role_invalid.result @@ -24,7 +24,7 @@ Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` GRANT USAGE ON *.* TO `test_user`@`localhost` GRANT SELECT ON *.* TO `test_role` -SET DEFAULT ROLE test_role FOR 'test_user'@'localhost' +SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost` select user, host, default_role from mysql.user where user='test_user'; user host default_role test_user localhost test_role @@ -72,7 +72,7 @@ GRANT `r1` TO `b`@`%` GRANT `r2` TO `b`@`%` GRANT USAGE ON *.* TO `b`@`%` GRANT SELECT ON `mysql`.* TO `b`@`%` -SET DEFAULT ROLE r2 FOR 'b'@'%' +SET DEFAULT ROLE `r2` FOR `b`@`%` SET DEFAULT ROLE r1 FOR a; ERROR 42000: Access denied for user 'b'@'%' to database 'mysql' SELECT CURRENT_ROLE; @@ -98,7 +98,7 @@ GRANT `r1` TO `b`@`%` GRANT `r2` TO `b`@`%` GRANT USAGE ON *.* TO `b`@`%` GRANT SELECT, UPDATE ON `mysql`.* TO `b`@`%` -SET DEFAULT ROLE r2 FOR 'b'@'%' +SET DEFAULT ROLE `r2` FOR `b`@`%` SET DEFAULT ROLE r1 FOR a; ERROR OP000: User `a@%` has not been granted role `r1` SET DEFAULT ROLE invalid_role; diff --git a/mysql-test/suite/roles/set_default_role_new_connection.result b/mysql-test/suite/roles/set_default_role_new_connection.result index eaa42193d6e..997ea46624c 100644 --- a/mysql-test/suite/roles/set_default_role_new_connection.result +++ b/mysql-test/suite/roles/set_default_role_new_connection.result @@ -23,7 +23,7 @@ Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` GRANT USAGE ON *.* TO `test_user`@`localhost` GRANT SELECT ON *.* TO `test_role` -SET DEFAULT ROLE test_role FOR 'test_user'@'localhost' +SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost` select user, host, default_role from mysql.user where user = 'test_user'; user host default_role test_user localhost test_role @@ -52,7 +52,7 @@ Grants for test_user@localhost GRANT `test_role` TO `test_user`@`localhost` GRANT USAGE ON *.* TO `test_user`@`localhost` GRANT SELECT ON *.* TO `test_role` -SET DEFAULT ROLE test_role FOR 'test_user'@'localhost' +SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost` select user, host, default_role from mysql.user where user = 'test_user'; user host default_role test_user localhost test_role diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 1327d2943b5..75959540c56 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -8847,14 +8847,13 @@ static bool show_default_role(THD *thd, ACL_USER *acl_entry, String def_str(buff, buffsize, system_charset_info); def_str.length(0); def_str.append(STRING_WITH_LEN("SET DEFAULT ROLE ")); - def_str.append(&def_rolename); - def_str.append(" FOR '"); - def_str.append(&acl_entry->user); + append_identifier(thd, &def_str, def_rolename.str, def_rolename.length); + def_str.append(" FOR "); + append_identifier(thd, &def_str, acl_entry->user.str, acl_entry->user.length); DBUG_ASSERT(!(acl_entry->flags & IS_ROLE)); - def_str.append(STRING_WITH_LEN("'@'")); - def_str.append(acl_entry->host.hostname, acl_entry->hostname_length, - system_charset_info); - def_str.append('\''); + def_str.append('@'); + append_identifier(thd, &def_str, acl_entry->host.hostname, + acl_entry->hostname_length); protocol->prepare_for_resend(); protocol->store(def_str.ptr(),def_str.length(),def_str.charset()); if (protocol->write())