diff options
| -rw-r--r-- | mysql-test/suite/roles/show_create_database-10463.result | 65 | ||||
| -rw-r--r-- | mysql-test/suite/roles/show_create_database-10463.test | 55 | ||||
| -rw-r--r-- | sql/sql_show.cc | 15 |
3 files changed, 131 insertions, 4 deletions
diff --git a/mysql-test/suite/roles/show_create_database-10463.result b/mysql-test/suite/roles/show_create_database-10463.result new file mode 100644 index 00000000000..1bf14933966 --- /dev/null +++ b/mysql-test/suite/roles/show_create_database-10463.result @@ -0,0 +1,65 @@ +drop database if exists db; +Warnings: +Note 1008 Can't drop database 'db'; database doesn't exist +create role r1; +create user beep@'%'; +create database db; +create table db.t1 (i int); +create table db.t2 (b int); +grant select on db.* to r1; +grant r1 to beep@'%'; +show databases; +Database +information_schema +test +show create database db; +ERROR 42000: Access denied for user 'beep'@'localhost' to database 'db' +select table_schema, table_name from information_schema.tables +where table_schema = 'db'; +table_schema table_name +set role r1; +show databases; +Database +db +information_schema +test +show create database db; +Database Create Database +db CREATE DATABASE `db` /*!40100 DEFAULT CHARACTER SET latin1 */ +select table_schema, table_name from information_schema.tables +where table_schema = 'db'; +table_schema table_name +db t1 +db t2 +create role r2; +create user beep2@'%'; +grant update on db.* to r2; +grant r2 to beep2; +show databases; +Database +information_schema +test +show create database db; +ERROR 42000: Access denied for user 'beep2'@'localhost' to database 'db' +select table_schema, table_name from information_schema.tables +where table_schema = 'db'; +table_schema table_name +set role r2; +show databases; +Database +db +information_schema +test +show create database db; +Database Create Database +db CREATE DATABASE `db` /*!40100 DEFAULT CHARACTER SET latin1 */ +select table_schema, table_name from information_schema.tables +where table_schema = 'db'; +table_schema table_name +db t1 +db t2 +drop database db; +drop role r1; +drop user beep; +drop role r2; +drop user beep2; diff --git a/mysql-test/suite/roles/show_create_database-10463.test b/mysql-test/suite/roles/show_create_database-10463.test new file mode 100644 index 00000000000..2d921629c10 --- /dev/null +++ b/mysql-test/suite/roles/show_create_database-10463.test @@ -0,0 +1,55 @@ +source include/not_embedded.inc; + +drop database if exists db; + +create role r1; +create user beep@'%'; + +create database db; +create table db.t1 (i int); +create table db.t2 (b int); +grant select on db.* to r1; +grant r1 to beep@'%'; + +--connect (con1,localhost,beep,,) +show databases; +--error ER_DBACCESS_DENIED_ERROR +show create database db; +select table_schema, table_name from information_schema.tables +where table_schema = 'db'; + +set role r1; +show databases; +show create database db; +select table_schema, table_name from information_schema.tables +where table_schema = 'db'; + + +connection default; +create role r2; +create user beep2@'%'; + +grant update on db.* to r2; +grant r2 to beep2; +--connect (con2,localhost,beep2,,) +show databases; +--error ER_DBACCESS_DENIED_ERROR +show create database db; +select table_schema, table_name from information_schema.tables +where table_schema = 'db'; + +set role r2; +show databases; + +show create database db; +select table_schema, table_name from information_schema.tables +where table_schema = 'db'; + + +connection default; + +drop database db; +drop role r1; +drop user beep; +drop role r2; +drop user beep2; diff --git a/sql/sql_show.cc b/sql/sql_show.cc index ae3874506dd..ede807a0539 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -1322,8 +1322,13 @@ bool mysqld_show_create_db(THD *thd, LEX_STRING *dbname, if (test_all_bits(sctx->master_access, DB_ACLS)) db_access=DB_ACLS; else - db_access= (acl_get(sctx->host, sctx->ip, sctx->priv_user, dbname->str, 0) | - sctx->master_access); + { + db_access= acl_get(sctx->host, sctx->ip, sctx->priv_user, dbname->str, 0) | + sctx->master_access; + if (sctx->priv_role[0]) + db_access|= acl_get("", "", sctx->priv_role, dbname->str, 0); + } + if (!(db_access & DB_ACLS) && check_grant_db(thd,dbname->str)) { status_var_increment(thd->status_var.access_denied_errors); @@ -4892,8 +4897,10 @@ int fill_schema_schemata(THD *thd, TABLE_LIST *tables, COND *cond) } #ifndef NO_EMBEDDED_ACCESS_CHECKS if (sctx->master_access & (DB_ACLS | SHOW_DB_ACL) || - acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0) || - !check_grant_db(thd, db_name->str)) + acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, false) || + (sctx->priv_role[0] ? + acl_get("", "", sctx->priv_role, db_name->str, false) : 0) || + !check_grant_db(thd, db_name->str)) #endif { load_db_opt_by_name(thd, db_name->str, &create); |