Commit b9ddeeff authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-6401 SET ROLE returning ERROR 1959 Invalid role specification for valid role

Use user's ip address when verifying privileges for SET ROLE (just like check_access() does)
parent 86362129
create role r1;
create user foo@'127.0.0.1';
grant r1 to foo@'127.0.0.1';
show grants;
Grants for foo@127.0.0.1
GRANT r1 TO 'foo'@'127.0.0.1'
GRANT USAGE ON *.* TO 'foo'@'127.0.0.1'
set role r1;
select * from information_schema.enabled_roles;
ROLE_NAME
r1
drop user foo@'127.0.0.1';
drop role r1;
--source include/not_embedded.inc
create role r1;
create user foo@'127.0.0.1';
grant r1 to foo@'127.0.0.1';
--connect (con1,127.0.0.1,foo,,)
show grants;
set role r1;
select * from information_schema.enabled_roles;
connection default;
drop user foo@'127.0.0.1';
drop role r1;
...@@ -300,7 +300,7 @@ public: ...@@ -300,7 +300,7 @@ public:
bool eq(const char *user2, const char *host2) { return !cmp(user2, host2); } bool eq(const char *user2, const char *host2) { return !cmp(user2, host2); }
bool wild_eq(const char *user2, const char *host2, const char *ip2 = 0) bool wild_eq(const char *user2, const char *host2, const char *ip2)
{ {
if (strcmp(safe_str(user.str), safe_str(user2))) if (strcmp(safe_str(user.str), safe_str(user2)))
return false; return false;
...@@ -1883,7 +1883,7 @@ int acl_check_setrole(THD *thd, char *rolename, ulonglong *access) ...@@ -1883,7 +1883,7 @@ int acl_check_setrole(THD *thd, char *rolename, ulonglong *access)
acl_user= (ACL_USER *)acl_user_base; acl_user= (ACL_USER *)acl_user_base;
/* Yes! priv_user@host. Don't ask why - that's what check_access() does. */ /* Yes! priv_user@host. Don't ask why - that's what check_access() does. */
if (acl_user->wild_eq(thd->security_ctx->priv_user, if (acl_user->wild_eq(thd->security_ctx->priv_user,
thd->security_ctx->host)) thd->security_ctx->host, thd->security_ctx->ip))
{ {
is_granted= TRUE; is_granted= TRUE;
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment