MDEV-5526 Assertion `proxied_user->host.length' fails on GRANT PROXY ON <role>

recognize the context better: always treat the barename as a username in the username context

MDEV-5526 Assertion `proxied_user->host.length' fails on GRANT PROXY ON <role>
recognize the context better: always treat the barename as a username in the username context
416148a4 · Sergei Golubchik · 5a385146 · 416148a4 · 416148a4 · 416148a4
Commit 416148a4 authored Jan 29, 2014 by Sergei Golubchik
7 changed files
--- a/mysql-test/suite/roles/create_and_drop_role.result
+++ b/mysql-test/suite/roles/create_and_drop_role.result
@@ -38,5 +38,5 @@ create role '';
 ERROR OP000: Invalid role specification ``.
 create role r1;
 drop user r1;
-ERROR HY000: Operation DROP USER failed for 'r1'
+ERROR HY000: Operation DROP USER failed for 'r1'@'%'
 drop role r1;
--- a/mysql-test/suite/roles/grant_proxy-5526.result
+++ b/mysql-test/suite/roles/grant_proxy-5526.result
+create role r1;
+create user user;
+grant proxy on r1 to user;
+show grants for user;
+Grants for user@%
+GRANT USAGE ON *.* TO 'user'@'%'
+GRANT PROXY ON 'r1'@'%' TO 'user'@'%'
+drop user user;
+drop role r1;
--- a/mysql-test/suite/roles/grant_proxy-5526.test
+++ b/mysql-test/suite/roles/grant_proxy-5526.test
+#
+# MDEV-5526 Assertion `proxied_user->host.length' fails on GRANT PROXY ON <role>
+#
+create role r1;
+create user user;
+grant proxy on r1 to user;
+show grants for user;
+drop user user;
+drop role r1;
--- a/mysql-test/suite/roles/password.result
+++ b/mysql-test/suite/roles/password.result
 create role r1;
 grant select on *.* to r1 identified by 'foobar';
-ERROR 28000: Can't find any matching row in the user table
+drop user r1;
 grant select on *.* to r1 identified by '';
-ERROR 28000: Can't find any matching row in the user table
+drop user r1;
 grant select on mysql.user to r1 identified by password '00000000000000000000000000000000000000000';
-ERROR 28000: Can't find any matching row in the user table
+drop user r1;
 grant select on *.* to r1 identified via plugin;
-ERROR 28000: Can't find any matching row in the user table
+ERROR HY000: Plugin 'plugin' is not loaded
 grant select on mysql.user to r1 identified via plugin using 'param';
-ERROR 28000: Can't find any matching row in the user table
+ERROR HY000: Plugin 'plugin' is not loaded
 grant select on *.* to r1 require subject 'foobar';
 ERROR 28000: Can't find any matching row in the user table
 grant select on mysql.user to r1 require issuer 'foobar';

--- a/mysql-test/suite/roles/password.test
+++ b/mysql-test/suite/roles/password.test
@@ -12,16 +12,18 @@
 create role r1;
--error ER_PASSWORD_NO_MATCH
+# IDENTIFIED does not apply to roles, using it forces username context
 grant select on *.* to r1 identified by 'foobar';
--error ER_PASSWORD_NO_MATCH
+drop user r1;
 grant select on *.* to r1 identified by '';
--error ER_PASSWORD_NO_MATCH
+drop user r1;
 grant select on mysql.user to r1 identified by password '00000000000000000000000000000000000000000';
--error ER_PASSWORD_NO_MATCH
+drop user r1;
+--error ER_PLUGIN_IS_NOT_LOADED
 grant select on *.* to r1 identified via plugin;
--error ER_PASSWORD_NO_MATCH
+--error ER_PLUGIN_IS_NOT_LOADED
 grant select on mysql.user to r1 identified via plugin using 'param';
 --error ER_PASSWORD_NO_MATCH
 grant select on *.* to r1 require subject 'foobar';
 --error ER_PASSWORD_NO_MATCH

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -8351,7 +8351,7 @@ static int handle_roles_mappings_table(TABLE *table, bool drop,
      {
        role= safe_str(get_field(thd->mem_root, role_field));
-        if (strcmp(user_from->user.str, role))
+        if (!user_from->is_role() || strcmp(user_from->user.str, role))
          continue;
        error= 0;
@@ -8574,7 +8574,6 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
  const char *UNINIT_VAR(user);
  const char *UNINIT_VAR(host);
  const char *UNINIT_VAR(role);
-  uint role_not_matched= 1;
  ACL_USER *acl_user= NULL;
  ACL_ROLE *acl_role= NULL;
  ACL_DB *acl_db= NULL;
@@ -8734,8 +8733,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
    if (struct_no == ROLES_MAPPINGS_HASH)
    {
-      role_not_matched= strcmp(user_from->user.str, role);
+      if (user_from->is_role() ? strcmp(user_from->user.str, role) :
-      if (role_not_matched &&
          (strcmp(user_from->user.str, user) ||
           my_strcasecmp(system_charset_info, user_from->host.str, host)))
        continue;
@@ -8858,14 +8856,14 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
          size_t old_key_length= role_grant_pair->hashkey.length;
          bool oom;
-          if (role_not_matched)
+          if (user_to->is_role())
-            oom= role_grant_pair->init(&acl_memroot, user_to->user.str,
-                                       user_to->host.str,
-                                       role_grant_pair->r_uname, false);
-          else
            oom= role_grant_pair->init(&acl_memroot, role_grant_pair->u_uname,
                                       role_grant_pair->u_hname,
                                       user_to->user.str, false);
+          else
+            oom= role_grant_pair->init(&acl_memroot, user_to->user.str,
+                                       user_to->host.str,
+                                       role_grant_pair->r_uname, false);
          if (oom)
            DBUG_RETURN(-1);
@@ -9349,20 +9347,20 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list)
  while ((tmp_user_from= user_list++))
  {
    tmp_user_to= user_list++;
-    if (!(user_from= get_current_user(thd, tmp_user_from, false)) ||
+    if (!(user_from= get_current_user(thd, tmp_user_from, false)))
-        user_from->is_role())
    {
      append_user(&wrong_users, user_from);
      result= TRUE;
      continue;
    }
-    if (!(user_to= get_current_user(thd, tmp_user_to, false)) ||
+    if (!(user_to= get_current_user(thd, tmp_user_to, false)))
-        user_to->is_role())
    {
      append_user(&wrong_users, user_to);
      result= TRUE;
      continue;
    }
+    DBUG_ASSERT(!user_from->is_role());
+    DBUG_ASSERT(!user_to->is_role());
    /*
      Search all in-memory structures and grant tables

--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -1771,7 +1771,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
 %type <symbol> keyword keyword_sp
 %type <lex_user> user grant_user grant_role user_or_role current_role
-                 admin_option_for_role
+                 admin_option_for_role user_maybe_role
 %type <charset>
        opt_collate
@@ -13916,7 +13916,7 @@ ident_or_text:
        | LEX_HOSTNAME { $$=$1;}
        ;
-user:
+user_maybe_role:
          ident_or_text
          {
            if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
@@ -13974,7 +13974,15 @@ user:
          }
        ;
-user_or_role: user | current_role;
+user_or_role: user_maybe_role | current_role;
+user: user_maybe_role
+         {
+           if ($1->user.str != current_user.str && $1->host.str == 0)
+             $1->host= host_not_specified;
+           $$= $1;
+         }
+         ;
 /* Keyword that we allow for identifiers (except SP labels) */
 keyword: