Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10744

Roles are not fully case-sensitive

    XMLWordPrintable

    Details

    • Sprint:
      10.1.18, 10.1.19

      Description

      I've created a role with both upper and lowercase name, resulting in some weird behavior (output and test case below).

      The first thing I noticed is that you can create roles with the same name but different case (test_role and test_ROLE in below example), but you can't grant both to the same user as that results in an error 1961 when granting the second role. Imo this indicates that not all the roles code is case-sensitive.

      The second weird thing is that when you get the error 1961 in above scenario, the first role (that was granted successfully) is gone from the show grants output. It is not revoked (the user can still use it), it just isn't shown anymore until I flush privileges.

      MariaDB [mysql]> create role test_ROLE;
      Query OK, 0 rows affected (0.00 sec)
       
      MariaDB [mysql]> create role test_role;
      Query OK, 0 rows affected (0.00 sec)
       
      MariaDB [mysql]> grant select on mysql.* to test_role;
      Query OK, 0 rows affected (0.00 sec)
       
      MariaDB [mysql]> select user, host from user where is_role='y' and user like 'test%';
      +-----------+------+
      | user      | host |
      +-----------+------+
      | test_ROLE |      |
      | test_role |      |
      +-----------+------+
      2 rows in set (0.00 sec)
       
      MariaDB [mysql]> grant test_role to testuser;
      Query OK, 0 rows affected (0.00 sec)
       
      MariaDB [mysql]> show grants for testuser;
      +------------------------------------------------------------------------+
      | Grants for testuser@%                                                   |
      +------------------------------------------------------------------------+
      | GRANT test_role TO 'testuser'@'%'                                       |
      | GRANT USAGE ON *.* TO 'testuser'@'%' IDENTIFIED VIA pam USING 'mariadb' |
      +------------------------------------------------------------------------+
      2 rows in set (0.00 sec)
       
      MariaDB [mysql]> grant test_ROLE to testuser;
      ERROR 1961 (HY000): Cannot grant role 'test_ROLE' to: 'testuser'.
      MariaDB [mysql]> show grants for testuser;
      +------------------------------------------------------------------------+
      | Grants for testuser@%                                                   |
      +------------------------------------------------------------------------+
      | GRANT USAGE ON *.* TO 'testuser'@'%' IDENTIFIED VIA pam USING 'mariadb' |
      +------------------------------------------------------------------------+
      1 row in set (0.00 sec)
       
      MariaDB [mysql]> select * from roles_mapping where user='testuser';
      +-----------+---------+-----------+--------------+
      | Host      | User    | Role      | Admin_option |
      +-----------+---------+-----------+--------------+
      | %         | testuser | test_role | N            |
      +-----------+---------+-----------+--------------+
      3 rows in set (0.00 sec)
       
      MariaDB [mysql]> flush privileges;
      Query OK, 0 rows affected (0.00 sec)
       
      MariaDB [mysql]> show grants for testuser;
      +------------------------------------------------------------------------+
      | Grants for testuser@%                                                   |
      +------------------------------------------------------------------------+
      | GRANT test_role TO 'testuser'@'%'                                       |
      | GRANT USAGE ON *.* TO 'testuser'@'%' IDENTIFIED VIA pam USING 'mariadb' |
      +------------------------------------------------------------------------+
      2 rows in set (0.00 sec)
      

        Attachments

          Activity

            People

            Assignee:
            cvicentiu Vicențiu Ciorbaru
            Reporter:
            rpeiremans Robin Peiremans
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: