database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-5225 Server crashes on CREATE USER|ROLE CURRENT_ROLE or DROP ROLE CURRENT_ROLE

Browse Source
This commit is contained in:
Sergei Golubchik
2013-11-02 16:26:01 +01:00
parent f4d5d849fd
commit 1f0368658b
3 changed files with 121 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
mysql-test/suite/roles/create_and_drop_current.result Normal file
View File

@ -0,0 +1,39 @@
grant create user on *.* to foo@localhost;
create user current_user;
ERROR HY000: Operation CREATE USER failed for CURRENT_USER
create user current_role;
ERROR HY000: Operation CREATE USER failed for CURRENT_ROLE
create role current_user;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'current_user' at line 1
create role current_role;
ERROR HY000: Operation CREATE ROLE failed for CURRENT_ROLE
drop user current_user;
drop user current_role;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'current_role' at line 1
drop role current_user;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'current_user' at line 1
drop role current_role;
ERROR HY000: Operation DROP ROLE failed for CURRENT_ROLE
show warnings;
Level Code Message
Error 1446 Invalid definer
Error 1396 Operation DROP ROLE failed for CURRENT_ROLE
create role r1;
grant r1 to current_user;
set role r1;
select current_role();
current_role()
r1
create user current_role;
ERROR HY000: Operation CREATE USER failed for CURRENT_ROLE
create role current_role;
ERROR HY000: Operation CREATE ROLE failed for CURRENT_ROLE
drop user current_role;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'current_role' at line 1
drop role current_role;
select user,host,is_role from mysql.user;
user host is_role
root localhost N
root meddwl N
root 127.0.0.1 N
root ::1 N

52
mysql-test/suite/roles/create_and_drop_current.test Normal file
View File

@ -0,0 +1,52 @@
#
# MDEV-5225 Server crashes on CREATE USER|ROLE CURRENT_ROLE or DROP ROLE CURRENT_ROLE
#
# Where CURRENT_USER/CURRENT_ROLE is explicitly allowed by the grammar
# the error (if any) should be ER_CANNOT_USER
#
# Where it's not explicitly allowed, the error is ER_PARSE_ERROR,
# because CURRENT_USER/CURRENT_ROLE are reserved words and cannot be
# accepted as an identifier.
#
--source include/not_embedded.inc
grant create user on *.* to foo@localhost;
--change_user foo
--error ER_CANNOT_USER
create user current_user;
--error ER_CANNOT_USER
create user current_role;
--error ER_PARSE_ERROR
create role current_user;
--error ER_CANNOT_USER
create role current_role;
# this works
drop user current_user;
--error ER_PARSE_ERROR
drop user current_role;
--error ER_PARSE_ERROR
drop role current_user;
--error ER_CANNOT_USER
drop role current_role;
show warnings;
--change_user root
create role r1;
grant r1 to current_user;
set role r1;
select current_role();
--error ER_CANNOT_USER
create user current_role;
--error ER_CANNOT_USER
create role current_role;
--error ER_PARSE_ERROR
drop user current_role;
drop role current_role;
select user,host,is_role from mysql.user;

31
sql/sql_acl.cc
View File

@ -9043,6 +9043,13 @@ static void append_user(String *str, LEX_USER *user)
str->append('\''); str->append('\'');
} }
static void append_str(String *str, const char *s, size_t l)
{
if (str->length())
str->append(',');
str->append(s, l);
}
/* /*
Create a list of users. Create a list of users.
@ -9080,6 +9087,20 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
while ((user_name= user_list++)) while ((user_name= user_list++))
{ {
if (user_name->user.str == current_user.str)
{
append_str(&wrong_users, STRING_WITH_LEN("CURRENT_USER"));
result= TRUE;
continue;
}
if (user_name->user.str == current_role.str)
{
append_str(&wrong_users, STRING_WITH_LEN("CURRENT_ROLE"));
result= TRUE;
continue;
}
if (handle_as_role && is_invalid_role_name(user_name->user.str)) if (handle_as_role && is_invalid_role_name(user_name->user.str))
{ {
append_user(&wrong_users, user_name); append_user(&wrong_users, user_name);
@ -9189,7 +9210,15 @@ bool mysql_drop_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
while ((tmp_user_name= user_list++)) while ((tmp_user_name= user_list++))
{ {
user_name= get_current_user(thd, tmp_user_name, false); user_name= get_current_user(thd, tmp_user_name, false);
if (!user_name || handle_as_role != user_name->is_role()) if (!user_name)
{
thd->clear_error();
append_str(&wrong_users, STRING_WITH_LEN("CURRENT_ROLE"));
result= TRUE;
continue;
}
if (handle_as_role != user_name->is_role())
{ {
append_user(&wrong_users, tmp_user_name); append_user(&wrong_users, tmp_user_name);
result= TRUE; result= TRUE;