diff options
author | Anel Husakovic <anel@mariadb.org> | 2020-04-22 20:13:21 +0200 |
---|---|---|
committer | Anel Husakovic <anel@mariadb.org> | 2020-10-22 16:49:28 +0200 |
commit | 99c144762514d4dea3b6ec395de96aaf10881748 (patch) | |
tree | d74e08176b265d2c3857677a31786f266021ecf5 | |
parent | 43ec9370b328fc9bf82e318bf992953a71925cd3 (diff) | |
download | mariadb-git-99c144762514d4dea3b6ec395de96aaf10881748.tar.gz |
MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default rolebb-10.1-anel-MDEV-22313
-rw-r--r-- | mysql-test/r/grant5.result | 21 | ||||
-rw-r--r-- | mysql-test/t/grant5.test | 16 | ||||
-rw-r--r-- | sql/sql_acl.cc | 36 |
3 files changed, 72 insertions, 1 deletions
diff --git a/mysql-test/r/grant5.result b/mysql-test/r/grant5.result index 01ec063c1d9..3d0bb2757a8 100644 --- a/mysql-test/r/grant5.result +++ b/mysql-test/r/grant5.result @@ -33,3 +33,24 @@ grant update on mysqltest1.* to u1@localhost; update mysqltest1.t1 set id=1 where id=2; drop user u1@localhost; drop database mysqltest1; +CREATE ROLE test_role; +CREATE USER test_user; +GRANT test_role TO test_user; +SET DEFAULT ROLE test_role FOR test_user; +SHOW GRANTS FOR test_user; +Grants for test_user@% +GRANT test_role TO 'test_user'@'%' +GRANT USAGE ON *.* TO 'test_user'@'%' +SET DEFAULT ROLE test_role FOR 'test_user'@'%' +SET DEFAULT ROLE NONE for test_user; +SHOW GRANTS FOR test_user; +Grants for test_user@% +GRANT test_role TO 'test_user'@'%' +GRANT USAGE ON *.* TO 'test_user'@'%' +SHOW GRANTS; +Grants for root@localhost +GRANT test_role TO 'root'@'localhost' WITH ADMIN OPTION +GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION +DROP USER test_user; +DROP ROLE test_role; diff --git a/mysql-test/t/grant5.test b/mysql-test/t/grant5.test index 74a69952124..8756648c3e1 100644 --- a/mysql-test/t/grant5.test +++ b/mysql-test/t/grant5.test @@ -53,5 +53,19 @@ drop user u1@localhost; drop database mysqltest1; # -# End of 10.1 tests +# MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role +# +CREATE ROLE test_role; +CREATE USER test_user; +GRANT test_role TO test_user; +SET DEFAULT ROLE test_role FOR test_user; +SHOW GRANTS FOR test_user; +SET DEFAULT ROLE NONE for test_user; +SHOW GRANTS FOR test_user; +SHOW GRANTS; +DROP USER test_user; +DROP ROLE test_role; + # +# End of 10.1 tests +#
\ No newline at end of file diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index cf0b1d87bd7..f42f7bdcfaf 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -355,6 +355,8 @@ static bool show_proxy_grants (THD *, const char *, const char *, char *, size_t); static bool show_role_grants(THD *, const char *, const char *, ACL_USER_BASE *, char *, size_t); +static bool show_default_role(THD *, const char *, + ACL_USER *, char *); static bool show_global_privileges(THD *, ACL_USER_BASE *, bool, char *, size_t); static bool show_database_privileges(THD *, const char *, const char *, @@ -7951,6 +7953,10 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user) if (show_proxy_grants(thd, username, hostname, buff, sizeof(buff))) goto end; + + /* Show default role to acl_user */ + if (show_default_role(thd, hostname, acl_user, buff)) + goto end; } if (rolename) @@ -8001,6 +8007,36 @@ static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_STRING *u, my_hash_search(&acl_roles_mappings, (uchar*)pair_key.ptr(), key_length); } +static bool show_default_role(THD *thd, const char *hostname, + ACL_USER *acl_entry, char *buff) +{ + Protocol *protocol= thd->protocol; + LEX_STRING host= {const_cast<char*>(hostname), strlen(hostname)}; + + LEX_STRING def_rolename= acl_entry->default_rolename; + if (def_rolename.length) + { + String def_str(buff,sizeof(buff),system_charset_info); + def_str.length(0); + def_str.append(STRING_WITH_LEN("SET DEFAULT ROLE ")); + def_str.append(&def_rolename); + def_str.append(" FOR '"); + def_str.append(acl_entry->user.str, acl_entry->user.length, + system_charset_info); + DBUG_ASSERT(!(acl_entry->flags & IS_ROLE)); + def_str.append(STRING_WITH_LEN("'@'")); + def_str.append(&host); + def_str.append('\''); + protocol->prepare_for_resend(); + protocol->store(def_str.ptr(),def_str.length(),def_str.charset()); + if (protocol->write()) + { + return TRUE; + } + } + return FALSE; +} + static bool show_role_grants(THD *thd, const char *username, const char *hostname, ACL_USER_BASE *acl_entry, char *buff, size_t buffsize) |