Skip to content

Commit f279551

Browse files
vuvovavuvova
committed
MDEV-39288 SHOW CREATE ROUTINE does not apply to roles
Reported by Aisle Research
1 parent e1972bc commit f279551

3 files changed

Lines changed: 59 additions & 3 deletions

File tree

mysql-test/main/sp-security.result

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1641,6 +1641,7 @@ BEGIN
16411641
pkv:=2;
16421642
END;
16431643
$$
1644+
SET sql_mode=@save_sql_mode;
16441645
use test;
16451646
connect conn1, localhost, user, , "*NO-ONE*";
16461647
show create procedure test_db.sp;
@@ -1727,6 +1728,38 @@ connection default;
17271728
disconnect conn1;
17281729
drop user user@localhost;
17291730
drop database test_db;
1730-
#
17311731
# End of 11.3 tests
17321732
#
1733+
# MDEV-39288 SHOW CREATE ROUTINE does not apply to roles
1734+
#
1735+
create user u@localhost;
1736+
create role r;
1737+
create procedure p1() select 10 as ten;
1738+
grant execute on procedure test.p1 to u@localhost;
1739+
grant execute on procedure test.p1 to r;
1740+
grant r to u@localhost;
1741+
connect u, localhost, u;
1742+
call p1();
1743+
ten
1744+
10
1745+
show create procedure p1;
1746+
Procedure p1
1747+
sql_mode STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
1748+
Create Procedure NULL
1749+
character_set_client latin1
1750+
collation_connection latin1_swedish_ci
1751+
Database Collation latin1_swedish_ci
1752+
set role r;
1753+
Show create procedure p1;
1754+
Procedure p1
1755+
sql_mode STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
1756+
Create Procedure NULL
1757+
character_set_client latin1
1758+
collation_connection latin1_swedish_ci
1759+
Database Collation latin1_swedish_ci
1760+
disconnect u;
1761+
connection default;
1762+
drop role r;
1763+
drop user u@localhost;
1764+
drop procedure p1;
1765+
# End of 11.4 tests

mysql-test/main/sp-security.test

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1647,6 +1647,7 @@ BEGIN
16471647
END;
16481648
$$
16491649
DELIMITER ;$$
1650+
SET sql_mode=@save_sql_mode;
16501651

16511652
use test;
16521653

@@ -1674,6 +1675,28 @@ disconnect conn1;
16741675
drop user user@localhost;
16751676
drop database test_db;
16761677

1677-
--echo #
16781678
--echo # End of 11.3 tests
1679+
1680+
--echo #
1681+
--echo # MDEV-39288 SHOW CREATE ROUTINE does not apply to roles
16791682
--echo #
1683+
create user u@localhost;
1684+
create role r;
1685+
create procedure p1() select 10 as ten;
1686+
grant execute on procedure test.p1 to u@localhost;
1687+
grant execute on procedure test.p1 to r;
1688+
grant r to u@localhost;
1689+
1690+
connect u, localhost, u;
1691+
call p1();
1692+
query_vertical show create procedure p1;
1693+
set role r;
1694+
query_vertical Show create procedure p1;
1695+
disconnect u;
1696+
1697+
connection default;
1698+
drop role r;
1699+
drop user u@localhost;
1700+
drop procedure p1;
1701+
1702+
--echo # End of 11.4 tests

sql/sql_acl.cc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9137,7 +9137,7 @@ bool check_routine_level_acl(THD *thd, privilege_t acl,
91379137
NULL, db,
91389138
sctx->priv_role,
91399139
name, sph, 0)))
9140-
no_routine_acl= !(grant_proc->privs & SHOW_PROC_WITHOUT_DEFINITION_ACLS);
9140+
no_routine_acl= !(grant_proc->privs & acl);
91419141
}
91429142
mysql_rwlock_unlock(&LOCK_grant);
91439143
return no_routine_acl;

0 commit comments

Comments
 (0)