MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE

- Proceed with commit fafb35ee Reviewed by: serg@mariadb.com

MDEV-26080: SHOW GRANTS does not quote role names properly for DEFAULT ROLE
- Proceed with commit fafb35ee Reviewed by: serg@mariadb.com
3fbe3002 · Anel Husakovic · 07fade6d · 3fbe3002 · 3fbe3002 · 3fbe3002
Commit 3fbe3002 authored Jul 07, 2021 by Anel Husakovic
8 changed files
--- a/mysql-test/main/grant5.result
+++ b/mysql-test/main/grant5.result
@@ -46,7 +46,7 @@ SHOW GRANTS FOR test_user;
 Grants for test_user@%
 GRANT `test_role` TO `test_user`@`%`
 GRANT USAGE ON *.* TO `test_user`@`%`
-SET DEFAULT ROLE test_role FOR 'test_user'@'%'
+SET DEFAULT ROLE `test_role` FOR `test_user`@`%`
 SET DEFAULT ROLE NONE for test_user;
 SHOW GRANTS FOR test_user;
 Grants for test_user@%
@@ -60,7 +60,7 @@ GRANT `test_role` TO `root`@`localhost` WITH ADMIN OPTION
 GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION
 GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
 GRANT USAGE ON *.* TO `test_role`
-SET DEFAULT ROLE test_role FOR 'root'@'localhost'
+SET DEFAULT ROLE `test_role` FOR `root`@`localhost`
 SET DEFAULT ROLE NONE;
 SHOW GRANTS;
 Grants for root@localhost
@@ -164,4 +164,21 @@ drop user 'user1'@'localhost';
 drop user 'fetch'@'localhost';
 drop user 'user-1'@'localhost';
 drop user 'O\'Brien'@'localhost';
+#
+# MDEV-26080 SHOW GRANTS does not quote role names properly for DEFAULT ROLE
+#
+CREATE USER 'test-user';
+CREATE ROLE `r``o'l"e`;
+select user from mysql.user where is_role='Y';
+user
+r`o'l"e
+GRANT `r``o'l"e` TO 'test-user';
+SET DEFAULT ROLE `r``o'l"e` FOR 'test-user';
+SHOW GRANTS FOR 'test-user';
+Grants for test-user@%
+GRANT `r``o'l"e` TO `test-user`@`%`
+GRANT USAGE ON *.* TO `test-user`@`%`
+SET DEFAULT ROLE `r``o'l"e` FOR `test-user`@`%`
+DROP ROLE `r``o'l"e`;
+DROP USER 'test-user';
 # End of 10.3 tests
--- a/mysql-test/main/grant5.test
+++ b/mysql-test/main/grant5.test
@@ -121,4 +121,18 @@ drop user 'fetch'@'localhost';
 drop user 'user-1'@'localhost';
 drop user 'O\'Brien'@'localhost';
+--echo #
+--echo # MDEV-26080 SHOW GRANTS does not quote role names properly for DEFAULT ROLE
+--echo #
+CREATE USER 'test-user';
+CREATE ROLE `r``o'l"e`;
+select user from mysql.user where is_role='Y';
+GRANT `r``o'l"e` TO 'test-user';
+SET DEFAULT ROLE `r``o'l"e` FOR 'test-user';
+# it is expected that quotes won't be shown correctly
+SHOW GRANTS FOR 'test-user';
+DROP ROLE `r``o'l"e`;
+DROP USER 'test-user';
 --echo # End of 10.3 tests
--- a/mysql-test/main/mysql_upgrade.result
+++ b/mysql-test/main/mysql_upgrade.result
@@ -858,7 +858,7 @@ GRANT `aRole` TO `root`@`localhost` WITH ADMIN OPTION
 GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION
 GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
 GRANT USAGE ON *.* TO `aRole`
-SET DEFAULT ROLE aRole FOR 'root'@'localhost'
+SET DEFAULT ROLE `aRole` FOR `root`@`localhost`
 SET DEFAULT ROLE NONE;
 SHOW GRANTS;
 Grants for root@localhost

--- a/mysql-test/suite/roles/set_default_role_clear.result
+++ b/mysql-test/suite/roles/set_default_role_clear.result
@@ -17,7 +17,7 @@ Grants for test_user@localhost
 GRANT `test_role` TO `test_user`@`localhost`
 GRANT USAGE ON *.* TO `test_user`@`localhost`
 GRANT SELECT ON *.* TO `test_role`
-SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
+SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost`
 select user, host, default_role from mysql.user where user='test_user';
 user	host	default_role
 test_user	localhost	test_role

--- a/mysql-test/suite/roles/set_default_role_for.result
+++ b/mysql-test/suite/roles/set_default_role_for.result
@@ -21,7 +21,7 @@ Grants for user_a@localhost
 GRANT `role_a` TO `user_a`@`localhost`
 GRANT USAGE ON *.* TO `user_a`@`localhost`
 GRANT SELECT ON *.* TO `role_a`
-SET DEFAULT ROLE role_a FOR 'user_a'@'localhost'
+SET DEFAULT ROLE `role_a` FOR `user_a`@`localhost`
 select user, host, default_role from mysql.user where user like 'user_%';
 user	host	default_role
 user_a	localhost	role_a
@@ -43,7 +43,7 @@ Grants for user_b@localhost
 GRANT `role_b` TO `user_b`@`localhost`
 GRANT USAGE ON *.* TO `user_b`@`localhost`
 GRANT INSERT, UPDATE ON *.* TO `role_b`
-SET DEFAULT ROLE role_b FOR 'user_b'@'localhost'
+SET DEFAULT ROLE `role_b` FOR `user_b`@`localhost`
 select user, host, default_role from mysql.user where user like 'user_%';
 ERROR 42000: SELECT command denied to user 'user_b'@'localhost' for table 'user'
 insert ignore into mysql.user (user, host) values ('someuser', 'somehost');

--- a/mysql-test/suite/roles/set_default_role_invalid.result
+++ b/mysql-test/suite/roles/set_default_role_invalid.result
@@ -24,7 +24,7 @@ Grants for test_user@localhost
 GRANT `test_role` TO `test_user`@`localhost`
 GRANT USAGE ON *.* TO `test_user`@`localhost`
 GRANT SELECT ON *.* TO `test_role`
-SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
+SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost`
 select user, host, default_role from mysql.user where user='test_user';
 user	host	default_role
 test_user	localhost	test_role
@@ -72,7 +72,7 @@ GRANT `r1` TO `b`@`%`
 GRANT `r2` TO `b`@`%`
 GRANT USAGE ON *.* TO `b`@`%`
 GRANT SELECT ON `mysql`.* TO `b`@`%`
-SET DEFAULT ROLE r2 FOR 'b'@'%'
+SET DEFAULT ROLE `r2` FOR `b`@`%`
 SET DEFAULT ROLE r1 FOR a;
 ERROR 42000: Access denied for user 'b'@'%' to database 'mysql'
 SELECT CURRENT_ROLE;
@@ -98,7 +98,7 @@ GRANT `r1` TO `b`@`%`
 GRANT `r2` TO `b`@`%`
 GRANT USAGE ON *.* TO `b`@`%`
 GRANT SELECT, UPDATE ON `mysql`.* TO `b`@`%`
-SET DEFAULT ROLE r2 FOR 'b'@'%'
+SET DEFAULT ROLE `r2` FOR `b`@`%`
 SET DEFAULT ROLE r1 FOR a;
 ERROR OP000: User `a@%` has not been granted role `r1`
 SET DEFAULT ROLE invalid_role;

--- a/mysql-test/suite/roles/set_default_role_new_connection.result
+++ b/mysql-test/suite/roles/set_default_role_new_connection.result
@@ -23,7 +23,7 @@ Grants for test_user@localhost
 GRANT `test_role` TO `test_user`@`localhost`
 GRANT USAGE ON *.* TO `test_user`@`localhost`
 GRANT SELECT ON *.* TO `test_role`
-SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
+SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost`
 select user, host, default_role from mysql.user where user = 'test_user';
 user	host	default_role
 test_user	localhost	test_role
@@ -52,7 +52,7 @@ Grants for test_user@localhost
 GRANT `test_role` TO `test_user`@`localhost`
 GRANT USAGE ON *.* TO `test_user`@`localhost`
 GRANT SELECT ON *.* TO `test_role`
-SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
+SET DEFAULT ROLE `test_role` FOR `test_user`@`localhost`
 select user, host, default_role from mysql.user where user = 'test_user';
 user	host	default_role
 test_user	localhost	test_role

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -8847,14 +8847,13 @@ static bool show_default_role(THD *thd, ACL_USER *acl_entry,
    String def_str(buff, buffsize, system_charset_info);
    def_str.length(0);
    def_str.append(STRING_WITH_LEN("SET DEFAULT ROLE "));
-    def_str.append(&def_rolename);
+    append_identifier(thd, &def_str, def_rolename.str, def_rolename.length);
-    def_str.append(" FOR '");
+    def_str.append(" FOR ");
-    def_str.append(&acl_entry->user);
+    append_identifier(thd, &def_str, acl_entry->user.str, acl_entry->user.length);
    DBUG_ASSERT(!(acl_entry->flags & IS_ROLE));
-    def_str.append(STRING_WITH_LEN("'@'"));
+    def_str.append('@');
-    def_str.append(acl_entry->host.hostname, acl_entry->hostname_length,
+    append_identifier(thd, &def_str, acl_entry->host.hostname,
-                   system_charset_info);
+                      acl_entry->hostname_length);
-    def_str.append('\'');
    protocol->prepare_for_resend();
    protocol->store(def_str.ptr(),def_str.length(),def_str.charset());
    if (protocol->write())