[MDEV-20076] SHOW GRANTS does not quote role names properly Created: 2019-07-16  Updated: 2021-07-02  Resolved: 2020-02-05

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.3.7, 10.3.16
Fix Version/s: 10.3.23, 10.4.13

Type: Bug Priority: Critical
Reporter: Valerii Kravchuk Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-21875 Postfix for MDEV-20076: quotes in GRA... Open
relates to MDEV-26080 SHOW GRANTS does not quote role names... Closed
relates to MDEV-22550 Upgrade to MariaDB 10.3.23 broke the ... Closed

 Description   

A role with a hyphen in a name can be created:

MariaDB [test]> create role 'role-1';
 
Query OK, 0 rows affected (1.280 sec)
 
 
 
MariaDB [test]> grant select on mysql.user to 'role-1';
 
Query OK, 0 rows affected (0.211 sec)
 
 
 
MariaDB [test]> show grants for 'role-1';
 
+--------------------------------------------+
 
| Grants for role-1                          |
 
+--------------------------------------------+
 
| GRANT USAGE ON *.* TO 'role-1'             |
 
| GRANT SELECT ON `mysql`.`user` TO 'role-1' |
 
+--------------------------------------------+
 
2 rows in set (0.002 sec)

In the case above we see that the role name is quoted. Now if we grant this role to some user and apply SHOW GRANTS to the user:

MariaDB [test]> create user u0@localhost;
 
Query OK, 0 rows affected (0.025 sec)
 
 
 
MariaDB [test]> show grants for u0@localhost;
 
+----------------------------------------+
 
| Grants for u0@localhost                |
 
+----------------------------------------+
 
| GRANT USAGE ON *.* TO 'u0'@'localhost' |
 
+----------------------------------------+
 
1 row in set (0.001 sec)
 
 
 
MariaDB [test]> GRANT 'role-1' TO 'u0'@'localhost';
 
Query OK, 0 rows affected (0.002 sec)
 
 
 
MariaDB [test]> show grants for u0@localhost;
 
+----------------------------------------+
 
| Grants for u0@localhost                |
 
+----------------------------------------+
 
| GRANT role-1 TO 'u0'@'localhost'       |
 
| GRANT USAGE ON *.* TO 'u0'@'localhost' |
 
+----------------------------------------+
 
2 rows in set (0.001 sec)

we see that role name is not quoted. We can not just get the output of SHOW GRANTS as is as run (for example, in some script to copy grants etc):

MariaDB [test]> GRANT role-1 TO 'u0'@'localhost';
 
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that
 
corresponds to your MariaDB server version for the right syntax to use near '-1
 
TO 'u0'@'localhost'' at line 1

This is inconsistent and causes problems.

 Comments   
Comment by Oleksandr Byelkin [ 2019-11-06 ]

ommit aeb3432849e7127437128d762dbc37aa75ad06a2 (HEAD > bb-10.3MDEV-20076, origin/bb-10.3-MDEV-20076)
Author: Oleksandr Byelkin <sanja@mariadb.com>
Date: Wed Nov 6 12:35:19 2019 +0100

MDEV-20076: SHOW GRANTS does not quote role names properly

Quotes added to output.

Comment by Oleksandr Byelkin [ 2019-11-14 ]

commit 9d2c63d45e41208495f28fcdf28c08efe919c20f (HEAD > bb-10.3MDEV-20076, origin/bb-10.3-MDEV-20076)
Author: Oleksandr Byelkin <sanja@mariadb.com>
Date: Wed Nov 6 12:35:19 2019 +0100

MDEV-20076: SHOW GRANTS does not quote role names properly

Quotes added to output.

Generated at Thu Feb 08 08:56:33 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.