summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnel Husakovic <anel@mariadb.org>2020-04-22 20:13:21 +0200
committerAnel Husakovic <anel@mariadb.org>2020-10-22 16:49:28 +0200
commit99c144762514d4dea3b6ec395de96aaf10881748 (patch)
treed74e08176b265d2c3857677a31786f266021ecf5
parent43ec9370b328fc9bf82e318bf992953a71925cd3 (diff)
downloadmariadb-git-bb-10.1-anel-MDEV-22313.tar.gz
MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default rolebb-10.1-anel-MDEV-22313
-rw-r--r--mysql-test/r/grant5.result21
-rw-r--r--mysql-test/t/grant5.test16
-rw-r--r--sql/sql_acl.cc36
3 files changed, 72 insertions, 1 deletions
diff --git a/mysql-test/r/grant5.result b/mysql-test/r/grant5.result
index 01ec063c1d9..3d0bb2757a8 100644
--- a/mysql-test/r/grant5.result
+++ b/mysql-test/r/grant5.result
@@ -33,3 +33,24 @@ grant update on mysqltest1.* to u1@localhost;
update mysqltest1.t1 set id=1 where id=2;
drop user u1@localhost;
drop database mysqltest1;
+CREATE ROLE test_role;
+CREATE USER test_user;
+GRANT test_role TO test_user;
+SET DEFAULT ROLE test_role FOR test_user;
+SHOW GRANTS FOR test_user;
+Grants for test_user@%
+GRANT test_role TO 'test_user'@'%'
+GRANT USAGE ON *.* TO 'test_user'@'%'
+SET DEFAULT ROLE test_role FOR 'test_user'@'%'
+SET DEFAULT ROLE NONE for test_user;
+SHOW GRANTS FOR test_user;
+Grants for test_user@%
+GRANT test_role TO 'test_user'@'%'
+GRANT USAGE ON *.* TO 'test_user'@'%'
+SHOW GRANTS;
+Grants for root@localhost
+GRANT test_role TO 'root'@'localhost' WITH ADMIN OPTION
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+DROP USER test_user;
+DROP ROLE test_role;
diff --git a/mysql-test/t/grant5.test b/mysql-test/t/grant5.test
index 74a69952124..8756648c3e1 100644
--- a/mysql-test/t/grant5.test
+++ b/mysql-test/t/grant5.test
@@ -53,5 +53,19 @@ drop user u1@localhost;
drop database mysqltest1;
#
-# End of 10.1 tests
+# MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role
+#
+CREATE ROLE test_role;
+CREATE USER test_user;
+GRANT test_role TO test_user;
+SET DEFAULT ROLE test_role FOR test_user;
+SHOW GRANTS FOR test_user;
+SET DEFAULT ROLE NONE for test_user;
+SHOW GRANTS FOR test_user;
+SHOW GRANTS;
+DROP USER test_user;
+DROP ROLE test_role;
+
#
+# End of 10.1 tests
+# \ No newline at end of file
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index cf0b1d87bd7..f42f7bdcfaf 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -355,6 +355,8 @@ static bool show_proxy_grants (THD *, const char *, const char *,
char *, size_t);
static bool show_role_grants(THD *, const char *, const char *,
ACL_USER_BASE *, char *, size_t);
+static bool show_default_role(THD *, const char *,
+ ACL_USER *, char *);
static bool show_global_privileges(THD *, ACL_USER_BASE *,
bool, char *, size_t);
static bool show_database_privileges(THD *, const char *, const char *,
@@ -7951,6 +7953,10 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user)
if (show_proxy_grants(thd, username, hostname, buff, sizeof(buff)))
goto end;
+
+ /* Show default role to acl_user */
+ if (show_default_role(thd, hostname, acl_user, buff))
+ goto end;
}
if (rolename)
@@ -8001,6 +8007,36 @@ static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_STRING *u,
my_hash_search(&acl_roles_mappings, (uchar*)pair_key.ptr(), key_length);
}
+static bool show_default_role(THD *thd, const char *hostname,
+ ACL_USER *acl_entry, char *buff)
+{
+ Protocol *protocol= thd->protocol;
+ LEX_STRING host= {const_cast<char*>(hostname), strlen(hostname)};
+
+ LEX_STRING def_rolename= acl_entry->default_rolename;
+ if (def_rolename.length)
+ {
+ String def_str(buff,sizeof(buff),system_charset_info);
+ def_str.length(0);
+ def_str.append(STRING_WITH_LEN("SET DEFAULT ROLE "));
+ def_str.append(&def_rolename);
+ def_str.append(" FOR '");
+ def_str.append(acl_entry->user.str, acl_entry->user.length,
+ system_charset_info);
+ DBUG_ASSERT(!(acl_entry->flags & IS_ROLE));
+ def_str.append(STRING_WITH_LEN("'@'"));
+ def_str.append(&host);
+ def_str.append('\'');
+ protocol->prepare_for_resend();
+ protocol->store(def_str.ptr(),def_str.length(),def_str.charset());
+ if (protocol->write())
+ {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
static bool show_role_grants(THD *thd, const char *username,
const char *hostname, ACL_USER_BASE *acl_entry,
char *buff, size_t buffsize)