Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
4e987b1c
Commit
4e987b1c
authored
Apr 22, 2020
by
Anel Husakovic
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role
Reviewed-by: serg@mariadb.com
parent
64fe9d6d
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
104 additions
and
8 deletions
+104
-8
mysql-test/r/grant5.result
mysql-test/r/grant5.result
+32
-0
mysql-test/suite/roles/set_default_role_clear.result
mysql-test/suite/roles/set_default_role_clear.result
+1
-0
mysql-test/suite/roles/set_default_role_for.result
mysql-test/suite/roles/set_default_role_for.result
+2
-0
mysql-test/suite/roles/set_default_role_invalid.result
mysql-test/suite/roles/set_default_role_invalid.result
+3
-0
mysql-test/suite/roles/set_default_role_new_connection.result
...l-test/suite/roles/set_default_role_new_connection.result
+2
-0
mysql-test/t/grant5.test
mysql-test/t/grant5.test
+18
-0
sql/sql_acl.cc
sql/sql_acl.cc
+46
-8
No files found.
mysql-test/r/grant5.result
View file @
4e987b1c
...
...
@@ -39,3 +39,35 @@ connection default;
disconnect u1;
drop user u1@localhost;
drop database mysqltest1;
CREATE ROLE test_role;
CREATE USER test_user;
GRANT test_role TO test_user;
SET DEFAULT ROLE test_role FOR test_user;
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT test_role TO 'test_user'@'%'
GRANT USAGE ON *.* TO 'test_user'@'%'
SET DEFAULT ROLE test_role FOR 'test_user'@'%'
SET DEFAULT ROLE NONE for test_user;
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT test_role TO 'test_user'@'%'
GRANT USAGE ON *.* TO 'test_user'@'%'
SET ROLE test_role;
SET DEFAULT ROLE test_role;
SHOW GRANTS;
Grants for root@localhost
GRANT test_role TO 'root'@'localhost' WITH ADMIN OPTION
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
GRANT USAGE ON *.* TO 'test_role'
SET DEFAULT ROLE test_role FOR 'root'@'localhost'
SET DEFAULT ROLE NONE;
SHOW GRANTS;
Grants for root@localhost
GRANT test_role TO 'root'@'localhost' WITH ADMIN OPTION
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
GRANT USAGE ON *.* TO 'test_role'
DROP USER test_user;
DROP ROLE test_role;
mysql-test/suite/roles/set_default_role_clear.result
View file @
4e987b1c
...
...
@@ -17,6 +17,7 @@ Grants for test_user@localhost
GRANT test_role TO 'test_user'@'localhost'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT SELECT ON *.* TO 'test_role'
SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
select user, host, default_role from mysql.user where user='test_user';
user host default_role
test_user localhost test_role
...
...
mysql-test/suite/roles/set_default_role_for.result
View file @
4e987b1c
...
...
@@ -21,6 +21,7 @@ Grants for user_a@localhost
GRANT role_a TO 'user_a'@'localhost'
GRANT USAGE ON *.* TO 'user_a'@'localhost'
GRANT SELECT ON *.* TO 'role_a'
SET DEFAULT ROLE role_a FOR 'user_a'@'localhost'
select user, host, default_role from mysql.user where user like 'user_%';
user host default_role
user_a localhost role_a
...
...
@@ -42,6 +43,7 @@ Grants for user_b@localhost
GRANT role_b TO 'user_b'@'localhost'
GRANT USAGE ON *.* TO 'user_b'@'localhost'
GRANT INSERT, UPDATE ON *.* TO 'role_b'
SET DEFAULT ROLE role_b FOR 'user_b'@'localhost'
select user, host, default_role from mysql.user where user like 'user_%';
ERROR 42000: SELECT command denied to user 'user_b'@'localhost' for table 'user'
insert ignore into mysql.user (user, host) values ('someuser', 'somehost');
...
...
mysql-test/suite/roles/set_default_role_invalid.result
View file @
4e987b1c
...
...
@@ -24,6 +24,7 @@ Grants for test_user@localhost
GRANT test_role TO 'test_user'@'localhost'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT SELECT ON *.* TO 'test_role'
SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
select user, host, default_role from mysql.user where user='test_user';
user host default_role
test_user localhost test_role
...
...
@@ -71,6 +72,7 @@ GRANT r1 TO 'b'@'%'
GRANT r2 TO 'b'@'%'
GRANT USAGE ON *.* TO 'b'@'%'
GRANT SELECT ON `mysql`.* TO 'b'@'%'
SET DEFAULT ROLE r2 FOR 'b'@'%'
SET DEFAULT ROLE r1 FOR a;
ERROR 42000: Access denied for user 'b'@'%' to database 'mysql'
SELECT CURRENT_ROLE;
...
...
@@ -96,6 +98,7 @@ GRANT r1 TO 'b'@'%'
GRANT r2 TO 'b'@'%'
GRANT USAGE ON *.* TO 'b'@'%'
GRANT SELECT, UPDATE ON `mysql`.* TO 'b'@'%'
SET DEFAULT ROLE r2 FOR 'b'@'%'
SET DEFAULT ROLE r1 FOR a;
ERROR OP000: User `a@%` has not been granted role `r1`
SET DEFAULT ROLE invalid_role;
...
...
mysql-test/suite/roles/set_default_role_new_connection.result
View file @
4e987b1c
...
...
@@ -23,6 +23,7 @@ Grants for test_user@localhost
GRANT test_role TO 'test_user'@'localhost'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT SELECT ON *.* TO 'test_role'
SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
select user, host, default_role from mysql.user where user = 'test_user';
user host default_role
test_user localhost test_role
...
...
@@ -51,6 +52,7 @@ Grants for test_user@localhost
GRANT test_role TO 'test_user'@'localhost'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT SELECT ON *.* TO 'test_role'
SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
select user, host, default_role from mysql.user where user = 'test_user';
user host default_role
test_user localhost test_role
...
...
mysql-test/t/grant5.test
View file @
4e987b1c
...
...
@@ -52,6 +52,24 @@ disconnect u1;
drop
user
u1
@
localhost
;
drop
database
mysqltest1
;
#
# MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role
#
CREATE
ROLE
test_role
;
CREATE
USER
test_user
;
GRANT
test_role
TO
test_user
;
SET
DEFAULT
ROLE
test_role
FOR
test_user
;
SHOW
GRANTS
FOR
test_user
;
SET
DEFAULT
ROLE
NONE
for
test_user
;
SHOW
GRANTS
FOR
test_user
;
SET
ROLE
test_role
;
SET
DEFAULT
ROLE
test_role
;
SHOW
GRANTS
;
SET
DEFAULT
ROLE
NONE
;
SHOW
GRANTS
;
DROP
USER
test_user
;
DROP
ROLE
test_role
;
#
# End of 10.1 tests
#
sql/sql_acl.cc
View file @
4e987b1c
...
...
@@ -353,8 +353,9 @@ static void update_hostname(acl_host_and_ip *host, const char *hostname);
static
ulong
get_sort
(
uint
count
,...);
static
bool
show_proxy_grants
(
THD
*
,
const
char
*
,
const
char
*
,
char
*
,
size_t
);
static
bool
show_role_grants
(
THD
*
,
const
char
*
,
const
char
*
,
static
bool
show_role_grants
(
THD
*
,
const
char
*
,
ACL_USER_BASE
*
,
char
*
,
size_t
);
static
bool
show_default_role
(
THD
*
,
ACL_USER
*
,
char
*
,
size_t
);
static
bool
show_global_privileges
(
THD
*
,
ACL_USER_BASE
*
,
bool
,
char
*
,
size_t
);
static
bool
show_database_privileges
(
THD
*
,
const
char
*
,
const
char
*
,
...
...
@@ -8531,7 +8532,7 @@ static bool print_grants_for_role(THD *thd, ACL_ROLE * role)
{
char
buff
[
1024
];
if
(
show_role_grants
(
thd
,
role
->
user
.
str
,
""
,
role
,
buff
,
sizeof
(
buff
)))
if
(
show_role_grants
(
thd
,
""
,
role
,
buff
,
sizeof
(
buff
)))
return
TRUE
;
if
(
show_global_privileges
(
thd
,
role
,
TRUE
,
buff
,
sizeof
(
buff
)))
...
...
@@ -8746,7 +8747,7 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user)
}
/* Show granted roles to acl_user */
if
(
show_role_grants
(
thd
,
username
,
hostname
,
acl_user
,
buff
,
sizeof
(
buff
)))
if
(
show_role_grants
(
thd
,
hostname
,
acl_user
,
buff
,
sizeof
(
buff
)))
goto
end
;
/* Add first global access grants */
...
...
@@ -8795,6 +8796,14 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user)
}
}
if
(
username
)
{
/* Show default role to acl_user */
if
(
show_default_role
(
thd
,
acl_user
,
buff
,
sizeof
(
buff
)))
goto
end
;
}
error
=
0
;
end:
mysql_mutex_unlock
(
&
acl_cache
->
lock
);
...
...
@@ -8821,15 +8830,44 @@ static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_STRING *u,
my_hash_search
(
&
acl_roles_mappings
,
(
uchar
*
)
pair_key
.
ptr
(),
key_length
);
}
static
bool
show_role_grants
(
THD
*
thd
,
const
char
*
username
,
const
char
*
hostname
,
ACL_USER_BASE
*
acl_entry
,
static
bool
show_default_role
(
THD
*
thd
,
ACL_USER
*
acl_entry
,
char
*
buff
,
size_t
buffsize
)
{
Protocol
*
protocol
=
thd
->
protocol
;
LEX_STRING
def_rolename
=
acl_entry
->
default_rolename
;
if
(
def_rolename
.
length
)
{
String
def_str
(
buff
,
buffsize
,
system_charset_info
);
def_str
.
length
(
0
);
def_str
.
append
(
STRING_WITH_LEN
(
"SET DEFAULT ROLE "
));
def_str
.
append
(
&
def_rolename
);
def_str
.
append
(
" FOR '"
);
def_str
.
append
(
&
acl_entry
->
user
);
DBUG_ASSERT
(
!
(
acl_entry
->
flags
&
IS_ROLE
));
def_str
.
append
(
STRING_WITH_LEN
(
"'@'"
));
def_str
.
append
(
acl_entry
->
host
.
hostname
,
acl_entry
->
hostname_length
,
system_charset_info
);
def_str
.
append
(
'\''
);
protocol
->
prepare_for_resend
();
protocol
->
store
(
def_str
.
ptr
(),
def_str
.
length
(),
def_str
.
charset
());
if
(
protocol
->
write
())
{
return
TRUE
;
}
}
return
FALSE
;
}
static
bool
show_role_grants
(
THD
*
thd
,
const
char
*
hostname
,
ACL_USER_BASE
*
acl_entry
,
char
*
buff
,
size_t
buffsize
)
{
uint
counter
;
Protocol
*
protocol
=
thd
->
protocol
;
LEX_STRING
host
=
{
const_cast
<
char
*>
(
hostname
),
strlen
(
hostname
)};
String
grant
(
buff
,
sizeof
(
buff
),
system_charset_info
);
String
grant
(
buff
,
buffsize
,
system_charset_info
);
for
(
counter
=
0
;
counter
<
acl_entry
->
role_grants
.
elements
;
counter
++
)
{
grant
.
length
(
0
);
...
...
@@ -8873,7 +8911,7 @@ static bool show_global_privileges(THD *thd, ACL_USER_BASE *acl_entry,
ulong
want_access
;
Protocol
*
protocol
=
thd
->
protocol
;
String
global
(
buff
,
sizeof
(
buff
),
system_charset_info
);
String
global
(
buff
,
buffsize
,
system_charset_info
);
global
.
length
(
0
);
global
.
append
(
STRING_WITH_LEN
(
"GRANT "
));
...
...
@@ -8952,7 +8990,7 @@ static bool show_database_privileges(THD *thd, const char *username,
want_access
=
acl_db
->
initial_access
;
if
(
want_access
)
{
String
db
(
buff
,
sizeof
(
buff
),
system_charset_info
);
String
db
(
buff
,
buffsize
,
system_charset_info
);
db
.
length
(
0
);
db
.
append
(
STRING_WITH_LEN
(
"GRANT "
));
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment