Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17674

GRANT ON PROCEDURE can be erroneously interpreted as GRANT ON TABLE

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 5.5, 10.0, 10.1, 10.2, 10.3, 10.4
    • Fix Version/s: 10.3, 10.4
    • Component/s: Parser
    • Labels:
      None

      Description

      I run this script:

      DROP USER IF EXISTS user1@localhost;
      DROP PROCEDURE IF EXISTS p1;
      CREATE PROCEDURE p1() BEGIN END;
      CREATE USER user1@localhost;
      GRANT ALL PRIVILEGES ON procedure .p1 TO user1@localhost;
      SHOW GRANTS FOR user1@localhost;
      DROP USER user1@localhost;
      

      It prints the following output in SHOW GRANTS:

      +------------------------------------------------------------------------------+
      | Grants for user1@localhost                                                   |
      +------------------------------------------------------------------------------+
      | GRANT USAGE ON *.* TO 'user1'@'localhost'                                    |
      | GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `test`.`p1` TO 'user1'@'localhost' |
      +------------------------------------------------------------------------------+
      

      Looks fine so far. The procedure name ".p1" was translated to test.p1 (i.e. took the current database name).

      Now I add run a similar script, but remove the space character in the GRANT command, between procedure and .p1:

      DROP USER IF EXISTS user1@localhost;
      DROP PROCEDURE IF EXISTS p1;
      CREATE PROCEDURE p1() BEGIN END;
      CREATE USER user1@localhost;
      GRANT ALL PRIVILEGES ON procedure.p1 TO user1@localhost;
      SHOW GRANTS FOR user1@localhost;
      DROP USER user1@localhost;
      

      +-----------------------------------------------------------------+
      | Grants for user1@localhost                                      |
      +-----------------------------------------------------------------+
      | GRANT USAGE ON *.* TO 'user1'@'localhost'                       |
      | GRANT ALL PRIVILEGES ON `procedure`.`p1` TO 'user1'@'localhost' |
      +-----------------------------------------------------------------+
      

      Looks wrong. It was translated to:

      GRANT ALL PRIVILEGES ON TABLE `procedure`.`p1` TO 'user1'@'localhost'
      

      It should not happen. The keyword PROCEDURE is reserved in MariaDB. It should never be associated with the identifier `procedure`.

      So

      ON PROCEDURE.p1

      should be interpreted as

      ON PROCEDURE current_database.p1

      .

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bar Alexander Barkov
                Reporter:
                bar Alexander Barkov
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: