Hi, Anel,
On Apr 25, Anel Husakovic wrote:
> revision-id: 585cd1f52e7 (mariadb-10.5.14-10-g585cd1f52e7)
> parent(s): 52b32c60c26
> author: Anel Husakovic
> committer: Anel Husakovic
> timestamp: 2022-02-14 13:59:24 +0100
> message:
>
> MDEV-26875: Wrong user in SET DEFAULT ROLE error
>
> - Caused by 7c02e8717de5, where 957cb7b7ba35 introduced the bug.
>
> Reviewed by:
>
> diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
> index c4e66cf5d73..e83bc5635dc 100644
> --- a/sql/sql_acl.cc
> +++ b/sql/sql_acl.cc
> @@ -3277,10 +3277,14 @@ static int check_user_can_set_role(THD *thd, const
> char *user,
>
> check_role_is_granted_callback,
> NULL) == -1))
> {
> - /* Role is not granted but current user can see the role */
> - my_printf_error(ER_INVALID_ROLE, "User %`s@%`s has not been granted
> role %`s",
> - MYF(0), thd->security_ctx->priv_user,
> - thd->security_ctx->priv_host, rolename);
> + /* If the SET ROLE is applied on the anonymous user, host is null */
> + if (!host)
> + my_printf_error(ER_INVALID_ROLE, "User %`s@%`s has not been
> granted role %`s",
> + MYF(0), thd->security_ctx->priv_user,
> thd->security_ctx->priv_host, rolename);
I don't understand it.
1) what does it mean? why for anonymous user you print priv_user@priv_host ?
2) do you have any tests for that? There are none in the commit
> + else
> + /* Role is not granted but current user can see the role */
> + my_printf_error(ER_INVALID_ROLE, "User %`s@%`s has not been
> granted role %`s",
> + MYF(0), user, host, rolename);
> }
> else
> {
Regards,
Sergei
VP of MariaDB Server Engineering
and secur...@mariadb.org
_______________________________________________
Mailing list: https://launchpad.net/~maria-developers
Post to : maria-developers@lists.launchpad.net
Unsubscribe : https://launchpad.net/~maria-developers
More help : https://help.launchpad.net/ListHelp
