From b9418ed3332358e7209300739435c5e0aeb5ba70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= Date: Mon, 9 Oct 2017 13:32:40 +0300 Subject: MDEV-13676: Field "create Procedure" is NULL, even if the the user has role which is the definer. (SHOW CREATE PROCEDURE) During show create procedure we ommited to check the current role, if it is the actual definer of the procedure. In addition, we should support indirectly granted roles to the current role. Implemented a recursive lookup to search the tree of grants if the rolename is present. SQL Standard 2016, Part 5 Section 53 View I_S.ROUTINES selects ROUTINE_BODY and its WHERE clause says that the GRANTEE must be either PUBLIC, or CURRENT_USER or in the ENABLED_ROLES. --- sql/sql_acl.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'sql/sql_acl.h') diff --git a/sql/sql_acl.h b/sql/sql_acl.h index 1aeb123153e..aeaa00856ac 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -402,6 +402,14 @@ bool acl_check_proxy_grant_access (THD *thd, const char *host, const char *user, int acl_setrole(THD *thd, char *rolename, ulonglong access); int acl_check_setrole(THD *thd, char *rolename, ulonglong *access); +/* Check if a role is granted to a user/role. + + If hostname == NULL, search for a role as the starting grantee. +*/ +bool check_role_is_granted(const char *username, + const char *hostname, + const char *rolename); + #ifndef DBUG_OFF extern ulong role_global_merges, role_db_merges, role_table_merges, role_column_merges, role_routine_merges; -- cgit v1.2.1