database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-29752 SHOW GRANTS for PUBLIC should work for all users

Browse Source
This commit is contained in:
Sergei Golubchik
2022-11-01 22:22:23 +01:00
parent 00c56e1c7c
commit 5dc804c3bb
3 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
mysql-test/main/public_privileges.result
View File

@ -319,3 +319,26 @@ drop database testdb1;
# clean up
delete from mysql.global_priv where user="PUBLIC";
flush privileges;
#
# MDEV-29752 SHOW GRANTS FOR PUBLIC should work for all users
#
create database dbtest;
create user `testuser`@`%`;
GRANT USAGE ON *.* TO `testuser`@`%`;
GRANT ALL PRIVILEGES ON `dbtest`.* TO `PUBLIC`;
connect testuser,localhost,testuser,,;
show grants for public;
Grants for PUBLIC
GRANT ALL PRIVILEGES ON `dbtest`.* TO PUBLIC
show grants for testuser;
Grants for testuser@%
GRANT USAGE ON *.* TO `testuser`@`%`
connection default;
disconnect testuser;
REVOKE ALL PRIVILEGES ON `dbtest`.* FROM `PUBLIC`;
REVOKE USAGE ON *.* FROM `testuser`@`%`;
drop user `testuser`@`%`;
drop database dbtest;
# clean up
delete from mysql.global_priv where user="PUBLIC";
flush privileges;

27
mysql-test/main/public_privileges.test
View File

@ -380,3 +380,30 @@ drop database testdb1;
-- echo # clean up
delete from mysql.global_priv where user="PUBLIC";
flush privileges;
--echo #
--echo # MDEV-29752 SHOW GRANTS FOR PUBLIC should work for all users
--echo #
create database dbtest;
create user `testuser`@`%`;
GRANT USAGE ON *.* TO `testuser`@`%`;
GRANT ALL PRIVILEGES ON `dbtest`.* TO `PUBLIC`;
connect (testuser,localhost,testuser,,);
show grants for public;
show grants for testuser;
connection default;
disconnect testuser;
REVOKE ALL PRIVILEGES ON `dbtest`.* FROM `PUBLIC`;
REVOKE USAGE ON *.* FROM `testuser`@`%`;
drop user `testuser`@`%`;
drop database dbtest;
-- echo # clean up
delete from mysql.global_priv where user="PUBLIC";
flush privileges;

4
sql/sql_acl.cc
View File

@ -7726,7 +7726,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
if (has_auth(user, thd->lex))
DBUG_ASSERT(!grantee);
else if (!grantee)
else if (!grantee && !user->is_public)
grantee= find_user_exact(hostname.str, username.str);
if (!grantee && !revoke)
@ -9464,7 +9464,7 @@ bool get_show_user(THD *thd, LEX_USER *lex_user, const char **username,
if (lex_user->is_role())
{
*rolename= lex_user->user.str;
do_check_access= strcmp(*rolename, sctx->priv_role);
do_check_access= !lex_user->is_public && strcmp(*rolename, sctx->priv_role);
}
else
{