Hi, Anel! On Oct 22, Anel Husakovic wrote:

revision-id: 99c14476251 (mariadb-10.1.43-314-g99c14476251) parent(s): 43ec9370b32 author: Anel Husakovic <anel@mariadb.org> committer: Anel Husakovic <anel@mariadb.org> timestamp: 2020-10-22 16:49:28 +0200 message:

MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role

diff --git a/mysql-test/t/grant5.test b/mysql-test/t/grant5.test index 74a69952124..8756648c3e1 100644 --- a/mysql-test/t/grant5.test +++ b/mysql-test/t/grant5.test @@ -53,5 +53,19 @@ drop user u1@localhost; drop database mysqltest1;

# -# End of 10.1 tests +# MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role +# +CREATE ROLE test_role; +CREATE USER test_user; +GRANT test_role TO test_user; +SET DEFAULT ROLE test_role FOR test_user; +SHOW GRANTS FOR test_user; +SET DEFAULT ROLE NONE for test_user; +SHOW GRANTS FOR test_user; +SHOW GRANTS;

The point is to run `SHOW GRANTS` for a user with a default role. E.g. SET DEFAULT ROLE test_role; SHOW GRANTS; SET DEFAULT ROLE NONE;

+DROP USER test_user; +DROP ROLE test_role; + # +# End of 10.1 tests +# \ No newline at end of file

new line at the end of file?

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index cf0b1d87bd7..f42f7bdcfaf 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -8001,6 +8007,36 @@ static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_STRING *u, my_hash_search(&acl_roles_mappings, (uchar*)pair_key.ptr(), key_length); }

+static bool show_default_role(THD *thd, const char *hostname, + ACL_USER *acl_entry, char *buff) +{ + Protocol *protocol= thd->protocol; + LEX_STRING host= {const_cast<char*>(hostname), strlen(hostname)}; + + LEX_STRING def_rolename= acl_entry->default_rolename; + if (def_rolename.length) + { + String def_str(buff,sizeof(buff),system_charset_info);

eh? sizeof(buff) is sizeof(char*) that is usually 8 on 64-bit, 4 on 32-bit architecture. You want the size of the buffer here, not the size of the pointer to the buffer.

+ def_str.length(0); + def_str.append(STRING_WITH_LEN("SET DEFAULT ROLE ")); + def_str.append(&def_rolename); + def_str.append(" FOR '"); + def_str.append(acl_entry->user.str, acl_entry->user.length, + system_charset_info);

again, just as above, you can use def_str.append(&acl_entry->user);

+ DBUG_ASSERT(!(acl_entry->flags & IS_ROLE)); + def_str.append(STRING_WITH_LEN("'@'")); + def_str.append(&host);

why not to use def_str.append(acl_entry->host.hostname, acl_entry->hostname_length, system_charset_info);

+ def_str.append('\''); + protocol->prepare_for_resend(); + protocol->store(def_str.ptr(),def_str.length(),def_str.charset()); + if (protocol->write()) + { + return TRUE; + } + } + return FALSE; +}

Regards, Sergei VP of MariaDB Server Engineering and security@mariadb.org