← Back to team overview

maria-developers team mailing list archive

Re: 99c14476251: MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role

 

Hi, Anel!

On Oct 22, Anel Husakovic wrote:
> revision-id: 99c14476251 (mariadb-10.1.43-314-g99c14476251)
> parent(s): 43ec9370b32
> author: Anel Husakovic <anel@xxxxxxxxxxx>
> committer: Anel Husakovic <anel@xxxxxxxxxxx>
> timestamp: 2020-10-22 16:49:28 +0200
> message:
> 
> MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role
> 
> diff --git a/mysql-test/t/grant5.test b/mysql-test/t/grant5.test
> index 74a69952124..8756648c3e1 100644
> --- a/mysql-test/t/grant5.test
> +++ b/mysql-test/t/grant5.test
> @@ -53,5 +53,19 @@ drop user u1@localhost;
>  drop database mysqltest1;
>  
>  #
> -# End of 10.1 tests
> +# MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role
> +#
> +CREATE ROLE test_role;
> +CREATE USER test_user;
> +GRANT test_role TO test_user;
> +SET DEFAULT ROLE test_role FOR test_user;
> +SHOW GRANTS FOR test_user;
> +SET DEFAULT ROLE NONE for test_user;
> +SHOW GRANTS FOR test_user;
> +SHOW GRANTS;

The point is to run `SHOW GRANTS` for a user with a default role.
E.g.

  SET DEFAULT ROLE test_role;
  SHOW GRANTS;
  SET DEFAULT ROLE NONE;

> +DROP USER test_user;
> +DROP ROLE test_role;
> +
>  #
> +# End of 10.1 tests
> +#
> \ No newline at end of file

new line at the end of file?

> diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
> index cf0b1d87bd7..f42f7bdcfaf 100644
> --- a/sql/sql_acl.cc
> +++ b/sql/sql_acl.cc
> @@ -8001,6 +8007,36 @@ static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_STRING *u,
>      my_hash_search(&acl_roles_mappings, (uchar*)pair_key.ptr(), key_length);
>  }
>  
> +static bool show_default_role(THD *thd, const char *hostname,
> +                              ACL_USER *acl_entry, char *buff)
> +{
> +  Protocol *protocol= thd->protocol;
> +  LEX_STRING host= {const_cast<char*>(hostname), strlen(hostname)};
> +
> +  LEX_STRING def_rolename= acl_entry->default_rolename;
> +  if (def_rolename.length)
> +  {
> +    String def_str(buff,sizeof(buff),system_charset_info);

eh? sizeof(buff) is sizeof(char*) that is usually 8 on 64-bit, 4 on
32-bit architecture. You want the size of the buffer here, not the size
of the pointer to the buffer.

> +    def_str.length(0);
> +    def_str.append(STRING_WITH_LEN("SET DEFAULT ROLE "));
> +    def_str.append(&def_rolename);
> +    def_str.append(" FOR '");
> +    def_str.append(acl_entry->user.str, acl_entry->user.length,
> +                  system_charset_info);

again, just as above, you can use

       def_str.append(&acl_entry->user);

> +    DBUG_ASSERT(!(acl_entry->flags & IS_ROLE));
> +    def_str.append(STRING_WITH_LEN("'@'"));
> +    def_str.append(&host);

why not to use

       def_str.append(acl_entry->host.hostname,
                      acl_entry->hostname_length, system_charset_info);

> +    def_str.append('\'');
> +    protocol->prepare_for_resend();
> +    protocol->store(def_str.ptr(),def_str.length(),def_str.charset());
> +    if (protocol->write())
> +    {
> +      return TRUE;
> +    }
> +  }
> +  return FALSE;
> +}

Regards,
Sergei
VP of MariaDB Server Engineering
and security@xxxxxxxxxxx