[MXS-3323] Database grants with wildcards should be matched using LIKE operator (access denied with default schema) Created: 2020-12-07  Updated: 2021-04-19  Resolved: 2020-12-18

Status: Closed
Project: MariaDB MaxScale
Component/s: Authenticator
Affects Version/s: 2.5.5
Fix Version/s: 2.5.7

Type: Bug Priority: Major
Reporter: Claudio Nanni Assignee: Esa Korhonen
Resolution: Fixed Votes: 2
Labels: None

Sprint: MXS-SPRINT-121

 Description   

As per subject, on MaxScale 2.5.5 (not on 2.4.11) see example.

Worth noting the grants use a wildcard for the schema.

A somewhat similar issue has been fixed in 2.5.7 (https://jira.mariadb.org/browse/MXS-3303)

[root@centos71 ~]# mariadb -u myuser -p123 -h 127.0.0.1 -P 4006 sales-main
 
ERROR 1044 (42000): Access denied for user 'myuser'@'127.0.0.1' to database 'sales-main'
 
 
 
[root@centos71 ~]# mariadb -u myuser -p123 -h 127.0.0.1 -P 4006
 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
 
 
 
MariaDB [(none)]> use sales-main
 
Database changed
 
 
 
MariaDB [sales-main]> show tables;
 
+-------------------+
 
| Tables_in_sales-main |
 
+-------------------+
 
| t1                |
 
+-------------------+
 
1 row in set (0.003 sec)
 
 
 
MariaDB [sales-main]> show grants;
 
+---------------------------------------------------------------------------------------------------------+
 
| Grants for myuser@%                                                                                   |
 
+---------------------------------------------------------------------------------------------------------+
 
| GRANT USAGE ON *.* TO `myuser`@`%` IDENTIFIED BY PASSWORD '*password' |
 
| GRANT ALL PRIVILEGES ON `sales-%`.* TO `myuser`@`%`                                                      |
 
+---------------------------------------------------------------------------------------------------------+
 
2 rows in set (0.002 sec)



 Comments   
Comment by markus makela [ 2020-12-07 ]

MXS-3303 is not related to this and this is a separate issue.

Looks like the problem is in the code that does the database name matching to the grants and it doesn't take the wildcards properly into account.

Comment by Cuchac [ 2020-12-18 ]

Hello,
i can confirm this issue is still present in 2.5.6.

Generated at Thu Feb 08 04:20:35 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.