MDEV-29465: Inherited columns privs for roles wrongly set mysql.tables_priv column

There was a bug in the ACL internal data structures GRANT_TABLE and GRANT_COLUMN. The semantics are: GRANT_TABLE::init_cols and GRANT_COLUMN::init_privs represent the bits that correspond to the privilege bits stored in the physical tables. The other struct members GRANT_TABLE::cols and GRANT_COLUMN::privs represent the actual access bits, as they may be modified through role grants. The error in logic was mixing the two fields and thus we ended up storing the logical access bits in the physical tables, instead of the physical (init_xxx) bits. This caused subsequent DBUG_ASSERT failures when dropping the involved roles.
2025-07-30 16:24:05 +03:00 · 2022-09-05 13:15:16 +03:00
parent d7aefc0fab
commit 145932a57b
3 changed files with 90 additions and 9 deletions
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -4813,7 +4813,7 @@ GRANT_NAME::GRANT_NAME(const char *h, const char *d,const char *u,

 GRANT_TABLE::GRANT_TABLE(const char *h, const char *d,const char *u,
                	 const char *t, ulong p, ulong c)
-  :GRANT_NAME(h,d,u,t,p, FALSE), cols(c)
+  :GRANT_NAME(h,d,u,t,p, FALSE), cols(c), init_cols(c)
 {
  init_hash();
 }
@ -6636,11 +6636,15 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
      /* Fix old grants */
      while ((column = column_iter++))
      {
-	grant_column = column_hash_search(grant_table,
-					  column->column.ptr(),
-					  column->column.length());
-	if (grant_column)
-	  grant_column->rights&= ~(column->rights | rights);
+        grant_column = column_hash_search(grant_table,
+                                          column->column.ptr(),
+                                          column->column.length());
+        if (grant_column)
+        {
+          grant_column->init_rights&= ~(column->rights | rights);
+          // If this is a role, rights will need to be reconstructed.
+          grant_column->rights= grant_column->init_rights;
+        }
      }
      /* scan trough all columns to get new column grant */
      column_priv= 0;
@ -6648,13 +6652,14 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
      {
        grant_column= (GRANT_COLUMN*)
          my_hash_element(&grant_table->hash_columns, idx);
-	grant_column->rights&= ~rights;		// Fix other columns
-	column_priv|= grant_column->rights;
+        grant_column->init_rights&= ~rights;  // Fix other columns
+        grant_column->rights= grant_column->init_rights;
+        column_priv|= grant_column->init_rights;
      }
    }
    else
    {
-      column_priv|= grant_table->cols;
+      column_priv|= grant_table->init_cols;
    }