[MDEV-26080] SHOW GRANTS does not quote role names properly for DEFAULT ROLE Created: 2021-07-02  Updated: 2021-09-02  Resolved: 2021-07-09

Status: Closed
Project: MariaDB Server
Component/s: Server
Affects Version/s: 10.2, 10.3, 10.4
Fix Version/s: 10.2.40, 10.3.31, 10.4.21, 10.5.12, 10.6.4

Type: Bug Priority: Major
Reporter: Muhammad Irfan Assignee: Anel Husakovic
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-20076 SHOW GRANTS does not quote role names... Closed
relates to MDEV-22313 SHOW GRANTS does not prints a user's ... Closed

 Description   

I noticed that MDEV-20076 is fixed already.
However, this is still minor issue left for SET DEFAULT ROLE

MariaDB [(none)]> show grants for 'exploit'@'host';
 
+-------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
| Grants for exploit@host |
 
+-------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
| GRANT `role-exploit` TO `exploit`@`host` |
 
| GRANT USAGE ON *.* TO `exploit`@`host` IDENTIFIED BY PASSWORD '*' WITH MAX_STATEMENT_TIME 15.000000 |
 
| SET DEFAULT ROLE role-exploit FOR 'exploit'@'host'

If copy-pasted as-is, the last line gets a syntax error.
Can you update it so when showing grants, all of them are properly quoted?
SHOW GRANTS does not quote role names properly for DEFAULT ROLE

 Comments   
Comment by Anel Husakovic [ 2021-07-02 ]

10.2 is using ' instead of ` so we will proceed with single quotes in 10.2, while in 10.3 (commit fafb35ee517f309d9e507f6e3908caca5d8cd257 used ` and we will use them too in 10.3. I guess serg is ok with that.
Note that in 10.2 grant <role-x> TO .. in SHOW GRANT is also affected:

-GRANT test_role TO 'root'@'localhost' WITH ADMIN OPTION
 
+GRANT 'test_role' TO 'root'@'localhost' WITH ADMIN OPTION
 
-SET DEFAULT ROLE test_role FOR 'root'@'localhost'
 
+SET DEFAULT ROLE 'test_role' FOR 'root'@'localhost'

Comment by Anel Husakovic [ 2021-07-07 ]

Serg can you please review
10.3+: 4581369e55
10.2: 63b113e1 (protected branch passes)

Comment by Sergei Golubchik [ 2021-07-08 ]

ok. But add tests with role names including backticks and single quotes. Like

CREATE ROLE `r``o'l"e`;

this won't be shown correctly in 10.2 (as expected, no need to fix that) but should be shown correctly in 10.3+.

Comment by Anel Husakovic [ 2021-07-08 ]

Thanks serg. Updated:
10.2 2495f06a1
10.3 3fbe30024ff

Comment by Sergei Golubchik [ 2021-07-08 ]

2495f06a1 and 3fbe30024ff are ok to push, thanks!

Comment by Anel Husakovic [ 2021-07-09 ]

Pushed to 10.2 with d2dddbff4e6f and to 10.3 with 3fbe30024ff0b4e.
Thanks Serg

Generated at Thu Feb 08 09:42:35 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.