Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.3.7, 10.3.16
-
None
Description
A role with a hyphen in a name can be created:
MariaDB [test]> create role 'role-1';
|
Query OK, 0 rows affected (1.280 sec)
|
|
MariaDB [test]> grant select on mysql.user to 'role-1';
|
Query OK, 0 rows affected (0.211 sec)
|
|
MariaDB [test]> show grants for 'role-1';
|
+--------------------------------------------+
|
| Grants for role-1 |
|
+--------------------------------------------+
|
| GRANT USAGE ON *.* TO 'role-1' |
|
| GRANT SELECT ON `mysql`.`user` TO 'role-1' |
|
+--------------------------------------------+
|
2 rows in set (0.002 sec)
|
In the case above we see that the role name is quoted. Now if we grant this role to some user and apply SHOW GRANTS to the user:
MariaDB [test]> create user u0@localhost;
|
Query OK, 0 rows affected (0.025 sec)
|
|
MariaDB [test]> show grants for u0@localhost;
|
+----------------------------------------+
|
| Grants for u0@localhost |
|
+----------------------------------------+
|
| GRANT USAGE ON *.* TO 'u0'@'localhost' |
|
+----------------------------------------+
|
1 row in set (0.001 sec)
|
|
MariaDB [test]> GRANT 'role-1' TO 'u0'@'localhost';
|
Query OK, 0 rows affected (0.002 sec)
|
|
MariaDB [test]> show grants for u0@localhost;
|
+----------------------------------------+
|
| Grants for u0@localhost |
|
+----------------------------------------+
|
| GRANT role-1 TO 'u0'@'localhost' |
|
| GRANT USAGE ON *.* TO 'u0'@'localhost' |
|
+----------------------------------------+
|
2 rows in set (0.001 sec)
|
we see that role name is not quoted. We can not just get the output of SHOW GRANTS as is as run (for example, in some script to copy grants etc):
MariaDB [test]> GRANT role-1 TO 'u0'@'localhost';
|
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that
|
corresponds to your MariaDB server version for the right syntax to use near '-1
|
TO 'u0'@'localhost'' at line 1
|
This is inconsistent and causes problems.
Attachments
Issue Links
- relates to
-
MDEV-21875 Postfix for MDEV-20076: quotes in GRANT PROXY haven't been changed
- Open
-
MDEV-26080 SHOW GRANTS does not quote role names properly for DEFAULT ROLE
- Closed
-
MDEV-22550 Upgrade to MariaDB 10.3.23 broke the cPanel Databases interface
- Closed