database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

MDEV-29509 execute granted indirectly (via roles) doesn't always work

Browse Source 
The issue manifests due to a bug in mysql_routine_grant. This was a side
effect of e46eea8660 which fixed the problem of not giving appropriate error
message (ER_NONEXISTING_PROC_GRANT) when a routine grant existed due to role
inheritance.

When granting a routine privilege, it is possible to have a GRANT_NAME
entry already created from an inherited role, but with it's init_privs
set to 0.

In this case we must not create a *new* grant entry, but we must edit
this grant entry to set its init_privs.

Note that this case was already covered by MDEV-29458, however due to a
forgotten "flush privileges;" the actual code path never got hit.
Remove the flush privilege command as it was never intended to be there
in the first place.
This commit is contained in:
Vicențiu Ciorbaru
2022-09-12 10:44:12 +03:00
committed by Vicențiu-Marian Ciorbaru
parent 5ad8cd93b7
commit 16b2bb909a
3 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
sql/sql_acl.cc
View File

@ -6793,23 +6793,24 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list,
table_name= table_list->table_name.str;
grant_name= routine_hash_search(Str->host.str, NullS, db_name,
Str->user.str, table_name, sph, 1);
if (!grant_name || !grant_name->init_privs)
if (revoke_grant && (!grant_name || !grant_name->init_privs))
{
if (revoke_grant)
{
my_error(ER_NONEXISTING_PROC_GRANT, MYF(0),
Str->user.str, Str->host.str, table_name);
result= TRUE;
continue;
}
my_error(ER_NONEXISTING_PROC_GRANT, MYF(0),
Str->user.str, Str->host.str, table_name);
result= TRUE;
continue;
}
if (!grant_name)
{
DBUG_ASSERT(!revoke_grant);
grant_name= new GRANT_NAME(Str->host.str, db_name,
Str->user.str, table_name,
rights, TRUE);
Str->user.str, table_name,
rights, TRUE);
if (!grant_name ||
my_hash_insert(sph->get_priv_hash(), (uchar*) grant_name))
my_hash_insert(sph->get_priv_hash(), (uchar*) grant_name))
{
result= TRUE;
continue;
continue;
}
}