Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13676

Field "create Procedure" is NULL, even if the the user has role which is the definer. (SHOW CREATE PROCEDURE)

Details

    • 10.2.10

    Description

      show create procedure gives NULL in the Field "Create Procedure" if the permission is missing.

      It works, if the caller is the owner of the proedure or with the SELECT right of mysql.proc

      This works not, if the owner is a role.

      To reproduce:

      create database rtest;
      		 
      create role db_owner_rtest;
      		 
      grant all privileges  on rtest.*  to db_owner_rtest;
      		 
       
      		 
       
      		 
      create user user1;
      		 
      grant db_owner_rtest to user1;
      		 
       
      		 
      set default role db_owner_rtest for user1;

      Login as user 1:

      use rtest;
      		 
       
      		 
      set role  db_owner_rtest;
      		 
       
      		 
      DELIMITER //
      		 
      DROP PROCEDURE IF EXISTS user1_proc;
      		 
      CREATE DEFINER=current_role() PROCEDURE user1_proc()
      		 
      SQL SECURITY INVOKER
      		 
      BEGIN
      		 
       SELECT NOW(), VERSION();
      		 
      END;//
      		 
      DELIMITER ;

      Role db_owner_rtest is the owner and user1 has this role,but

      show create procedure db_owner_rtest;

      gives this output.

      MariaDB [rtest]> show create procedure user1_proc;
      		 
      +------------+-------------------------------------------------------------------------------------------+------------------+----------------------+----------------------+--------------------+
      		 
      | Procedure  | sql_mode                                                                                  | Create Procedure | character_set_client | collation_connection | Database Collation |
      		 
      +------------+-------------------------------------------------------------------------------------------+------------------+----------------------+----------------------+--------------------+
      		 
      | user1_proc | STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION | NULL             | latin1               | latin1_swedish_ci    | latin1_swedish_ci  |
      		 
      +------------+-------------------------------------------------------------------------------------------+------------------+----------------------+----------------------+--------------------+
      		 
      1 row in set (0.00 sec)
      		 
       

      Attachments

        Activity

          cvicentiu Vicențiu Ciorbaru added a comment -

          Hi Sergei!

          Can you review the patch for this bug?

          http://lists.askmonty.org/pipermail/commits/2017-October/011541.html

          If we don't want to support allowing indirectly granted roles to see procedure code, we can skip the additions to sql_acl.cc entirely and just leave the simple strcmp with current_role.

          cvicentiu Vicențiu Ciorbaru added a comment - Hi Sergei! Can you review the patch for this bug? http://lists.askmonty.org/pipermail/commits/2017-October/011541.html If we don't want to support allowing indirectly granted roles to see procedure code, we can skip the additions to sql_acl.cc entirely and just leave the simple strcmp with current_role.

          People

            cvicentiu Vicențiu Ciorbaru
            Richard Richard Stracke
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.