[MDEV-26875] Wrong user in SET DEFAULT ROLE error Created: 2021-10-21  Updated: 2023-11-13  Resolved: 2023-10-30

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.5.12
Fix Version/s: 10.5.24, 10.6.17, 10.11.7, 11.0.5, 11.1.4, 11.2.3, 11.3.2

Type: Bug Priority: Major
Reporter: markus makela Assignee: Anel Husakovic
Resolution: Fixed Votes: 1
Labels: None

Issue Links:
Duplicate
duplicates MDEV-27478 Misleading error message for SET DEFA... Closed
Relates
relates to MDEV-22312 Bad error message for SET DEFAULT ROL... Closed
relates to MDEV-26081 set role crashes when a hostname cann... Closed
relates to MDEV-6967 Wrong error code/message ER_INVALID_R... Open

 Description   

The error message for SET DEFAULT ROLE refers to the user performing the operation instead of the target user. This is misleading as the user giving the grant doesn't require the grant itself, only the target user.

Here's an example (and a test case) that reproduces the problem:

MariaDB [test]> create role test_role;
 
Query OK, 0 rows affected (0.000 sec)
 
 
 
MariaDB [test]> create user test_user;
 
Query OK, 0 rows affected (0.000 sec)
 
 
 
MariaDB [test]> set default role test_role for test_user;
 
ERROR 1959 (OP000): User `maxuser`@`127.0.0.1` has not been granted role `test_role`
 
MariaDB [test]> grant test_role to maxuser@127.0.0.1;
 
Query OK, 0 rows affected (0.000 sec)
 
 
 
MariaDB [test]> set default role test_role for test_user;
 
ERROR 1959 (OP000): User `maxuser`@`127.0.0.1` has not been granted role `test_role`
 
MariaDB [test]> grant test_role to test_user;
 
Query OK, 0 rows affected (0.000 sec)
 
 
 
MariaDB [test]> set default role test_role for test_user;
 
Query OK, 0 rows affected (0.000 sec)



 Comments   
Comment by Sergei Golubchik [ 2022-01-28 ]

I mean that thd->security_ctx->priv_user corresponds to thd->security_ctx->priv_host, there is a row in the mysql.user where username is thd->security_ctx->priv_user and hostname is thd->security_ctx->priv_host.

While user corresponds to host. They were both specified in the command SET DEFAULT ROLE FOR.

A pair or user and thd->security_ctx->priv_host is a wrong combination, it does not necessarily correspond to anything in particular.

Comment by Anel Husakovic [ 2022-02-15 ]

Hi Serg can you please review 585cd1f52e75e3f ?

Comment by Elena Stepanova [ 2022-12-06 ]

anel,

Is it supposed to be in "in review"?

Comment by Anel Husakovic [ 2022-12-07 ]

Yes I think it should be. I will update with test case related to this MDEV only. Thank you elenst.

Comment by Sergei Golubchik [ 2022-12-25 ]

you wrote

if (!host)

do you have a test case for that condition? I mean, a test case where host == NULL ?

Comment by Anel Husakovic [ 2023-01-27 ]

Hi Serg, yes I have update the test case for PR 2362

Comment by Sergei Golubchik [ 2023-07-21 ]

https://github.com/MariaDB/server/pull/2362#discussion_r1270317522

Comment by Anel Husakovic [ 2023-08-14 ]

Have updated PR 2362 per review.
Added additional commit for testing the grants of anonymous user.

Comment by Sergei Golubchik [ 2023-10-28 ]

7349633b2c59 is ok to push

you can squash both commits into one or commit separately, as you like

Comment by Anel Husakovic [ 2023-10-30 ]

Thanks pushed with ee773753778e741c.

Generated at Thu Feb 08 09:48:37 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.