Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17674

GRANT ON PROCEDURE can be erroneously interpreted as GRANT ON TABLE

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 5.5, 10.0, 10.1, 10.2, 10.3, 10.4
    • 10.4
    • Parser
    • None

    Description

      I run this script:

      DROP USER IF EXISTS user1@localhost;
      		 
      DROP PROCEDURE IF EXISTS p1;
      		 
      CREATE PROCEDURE p1() BEGIN END;
      		 
      CREATE USER user1@localhost;
      		 
      GRANT ALL PRIVILEGES ON procedure .p1 TO user1@localhost;
      		 
      SHOW GRANTS FOR user1@localhost;
      		 
      DROP USER user1@localhost;

      It prints the following output in SHOW GRANTS:

      +------------------------------------------------------------------------------+
      		 
      | Grants for user1@localhost                                                   |
      		 
      +------------------------------------------------------------------------------+
      		 
      | GRANT USAGE ON *.* TO 'user1'@'localhost'                                    |
      		 
      | GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `test`.`p1` TO 'user1'@'localhost' |
      		 
      +------------------------------------------------------------------------------+

      Looks fine so far. The procedure name ".p1" was translated to test.p1 (i.e. took the current database name).

      Now I add run a similar script, but remove the space character in the GRANT command, between procedure and .p1:

      DROP USER IF EXISTS user1@localhost;
      		 
      DROP PROCEDURE IF EXISTS p1;
      		 
      CREATE PROCEDURE p1() BEGIN END;
      		 
      CREATE USER user1@localhost;
      		 
      GRANT ALL PRIVILEGES ON procedure.p1 TO user1@localhost;
      		 
      SHOW GRANTS FOR user1@localhost;
      		 
      DROP USER user1@localhost;


      +-----------------------------------------------------------------+
      		 
      | Grants for user1@localhost                                      |
      		 
      +-----------------------------------------------------------------+
      		 
      | GRANT USAGE ON *.* TO 'user1'@'localhost'                       |
      		 
      | GRANT ALL PRIVILEGES ON `procedure`.`p1` TO 'user1'@'localhost' |
      		 
      +-----------------------------------------------------------------+

      Looks wrong. It was translated to:

      GRANT ALL PRIVILEGES ON TABLE `procedure`.`p1` TO 'user1'@'localhost'

      It should not happen. The keyword PROCEDURE is reserved in MariaDB. It should never be associated with the identifier `procedure`.

      So 

      ON PROCEDURE.p1

      should be interpreted as 

      ON PROCEDURE current_database.p1

      .

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-17677 Keywords are parsed as identifiers when followed by a dot

          • Major - Major loss of function.
          • Open

          Activity

            People

              bar Alexander Barkov
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.