diff options
| author | Anel Husakovic <anel@mariadb.org> | 2021-10-25 14:43:30 +0200 |
|---|---|---|
| committer | Anel Husakovic <anel@mariadb.org> | 2022-02-14 13:59:24 +0100 |
| commit | 585cd1f52e75e3f20f9401a4ed899836f226949a (patch) | |
| tree | 86bea25dbcc47f5417f30d8fca2f33d2ad6b0223 | |
| parent | 52b32c60c26b512ccf9b1233d7f54c4b56499df3 (diff) | |
| download | mariadb-git-bb-10.5-anel-MDEV-26875-wrong-set-default.tar.gz | |
MDEV-26875: Wrong user in SET DEFAULT ROLE errorbb-10.5-anel-MDEV-26875-wrong-set-default
- Caused by 7c02e8717de5, where 957cb7b7ba35 introduced the bug.
Reviewed by:
| -rw-r--r-- | mysql-test/suite/roles/set_default_role_for.result | 2 | ||||
| -rw-r--r-- | mysql-test/suite/roles/set_default_role_invalid.result | 6 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 12 |
3 files changed, 12 insertions, 8 deletions
diff --git a/mysql-test/suite/roles/set_default_role_for.result b/mysql-test/suite/roles/set_default_role_for.result index 3ddf48eb416..13032070ef7 100644 --- a/mysql-test/suite/roles/set_default_role_for.result +++ b/mysql-test/suite/roles/set_default_role_for.result @@ -14,7 +14,7 @@ set default role role_a for user_a@localhost; set default role invalid_role for user_a@localhost; ERROR OP000: Invalid role specification `invalid_role` set default role role_b for user_a@localhost; -ERROR OP000: User `root`@`localhost` has not been granted role `role_b` +ERROR OP000: User `user_a`@`localhost` has not been granted role `role_b` set default role role_b for user_b@localhost; show grants; Grants for user_a@localhost diff --git a/mysql-test/suite/roles/set_default_role_invalid.result b/mysql-test/suite/roles/set_default_role_invalid.result index eb3924dc617..9b99f4c5ac7 100644 --- a/mysql-test/suite/roles/set_default_role_invalid.result +++ b/mysql-test/suite/roles/set_default_role_invalid.result @@ -48,7 +48,7 @@ CREATE USER b; CREATE ROLE r1; CREATE ROLE r2; SET DEFAULT ROLE r1 FOR a; -ERROR OP000: User `root`@`localhost` has not been granted role `r1` +ERROR OP000: User `a`@`%` has not been granted role `r1` GRANT r1 TO b; GRANT r2 TO b; SET DEFAULT ROLE r1 FOR b; @@ -100,7 +100,7 @@ GRANT USAGE ON *.* TO `b`@`%` GRANT SELECT, UPDATE ON `mysql`.* TO `b`@`%` SET DEFAULT ROLE `r2` FOR `b`@`%` SET DEFAULT ROLE r1 FOR a; -ERROR OP000: User `b`@`%` has not been granted role `r1` +ERROR OP000: User `a`@`%` has not been granted role `r1` SET DEFAULT ROLE invalid_role; ERROR OP000: Invalid role specification `invalid_role` SET DEFAULT ROLE invalid_role FOR a; @@ -117,7 +117,7 @@ SET DEFAULT ROLE None; # Change user b (session 3: role granted to user a) SET DEFAULT ROLE r1 FOR a; SET DEFAULT ROLE r2 FOR a; -ERROR OP000: User `b`@`%` has not been granted role `r2` +ERROR OP000: User `a`@`%` has not been granted role `r2` SET DEFAULT ROLE invalid_role; ERROR OP000: Invalid role specification `invalid_role` SET DEFAULT ROLE invalid_role FOR a; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index c4e66cf5d73..e83bc5635dc 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -3277,10 +3277,14 @@ end: check_role_is_granted_callback, NULL) == -1)) { - /* Role is not granted but current user can see the role */ - my_printf_error(ER_INVALID_ROLE, "User %`s@%`s has not been granted role %`s", - MYF(0), thd->security_ctx->priv_user, - thd->security_ctx->priv_host, rolename); + /* If the SET ROLE is applied on the anonymous user, host is null */ + if (!host) + my_printf_error(ER_INVALID_ROLE, "User %`s@%`s has not been granted role %`s", + MYF(0), thd->security_ctx->priv_user, thd->security_ctx->priv_host, rolename); + else + /* Role is not granted but current user can see the role */ + my_printf_error(ER_INVALID_ROLE, "User %`s@%`s has not been granted role %`s", + MYF(0), user, host, rolename); } else { |