Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20076

SHOW GRANTS does not quote role names properly

    XMLWordPrintable

Details

    Description

      A role with a hyphen in a name can be created:

      MariaDB [test]> create role 'role-1';
      		 
      Query OK, 0 rows affected (1.280 sec)
      		 
       
      		 
      MariaDB [test]> grant select on mysql.user to 'role-1';
      		 
      Query OK, 0 rows affected (0.211 sec)
      		 
       
      		 
      MariaDB [test]> show grants for 'role-1';
      		 
      +--------------------------------------------+
      		 
      | Grants for role-1                          |
      		 
      +--------------------------------------------+
      		 
      | GRANT USAGE ON *.* TO 'role-1'             |
      		 
      | GRANT SELECT ON `mysql`.`user` TO 'role-1' |
      		 
      +--------------------------------------------+
      		 
      2 rows in set (0.002 sec)

      In the case above we see that the role name is quoted. Now if we grant this role to some user and apply SHOW GRANTS to the user:

      MariaDB [test]> create user u0@localhost;
      		 
      Query OK, 0 rows affected (0.025 sec)
      		 
       
      		 
      MariaDB [test]> show grants for u0@localhost;
      		 
      +----------------------------------------+
      		 
      | Grants for u0@localhost                |
      		 
      +----------------------------------------+
      		 
      | GRANT USAGE ON *.* TO 'u0'@'localhost' |
      		 
      +----------------------------------------+
      		 
      1 row in set (0.001 sec)
      		 
       
      		 
      MariaDB [test]> GRANT 'role-1' TO 'u0'@'localhost';
      		 
      Query OK, 0 rows affected (0.002 sec)
      		 
       
      		 
      MariaDB [test]> show grants for u0@localhost;
      		 
      +----------------------------------------+
      		 
      | Grants for u0@localhost                |
      		 
      +----------------------------------------+
      		 
      | GRANT role-1 TO 'u0'@'localhost'       |
      		 
      | GRANT USAGE ON *.* TO 'u0'@'localhost' |
      		 
      +----------------------------------------+
      		 
      2 rows in set (0.001 sec)

      we see that role name is not quoted. We can not just get the output of SHOW GRANTS as is as run (for example, in some script to copy grants etc):

      MariaDB [test]> GRANT role-1 TO 'u0'@'localhost';
      		 
      ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that
      		 
      corresponds to your MariaDB server version for the right syntax to use near '-1
      		 
      TO 'u0'@'localhost'' at line 1

      This is inconsistent and causes problems.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21875 Postfix for MDEV-20076: quotes in GRANT PROXY haven't been changed

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MDEV-26080 SHOW GRANTS does not quote role names properly for DEFAULT ROLE

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22550 Upgrade to MariaDB 10.3.23 broke the cPanel Databases interface

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              sanja Oleksandr Byelkin
              valerii Valerii Kravchuk
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.