MXS-2496: Fix SHOW DATABASES grant check

The code expected that the grant was given to the actual user, not a role.
2019-05-17 15:29:15 +03:00 · 2019-05-17 15:29:15 +03:00 · b294acf276
commit b294acf276
parent bb706394f6
1 changed files with 13 additions and 8 deletions
--- a/server/modules/authenticator/MySQLAuth/dbusers.cc
+++ b/server/modules/authenticator/MySQLAuth/dbusers.cc
@ -815,23 +815,28 @@ static bool check_server_permissions(SERVICE* service,
    }

    // Check whether the current user has the SHOW DATABASES privilege
-    if (mxs_mysql_query(mysql,
-                        "SELECT show_db_priv FROM mysql.user "
-                        "WHERE CONCAT(user, '@', host) = CURRENT_USER()") == 0)
+    if (mxs_mysql_query(mysql, "SHOW GRANTS") == 0)
    {
-        MYSQL_RES* res = mysql_use_result(mysql);
-        if (res)
+        if (MYSQL_RES* res = mysql_use_result(mysql))
        {
-            MYSQL_ROW row = mysql_fetch_row(res);
+            bool found = false;

-            if (row && strcasecmp(row[0], "Y") != 0)
+            for (MYSQL_ROW row = mysql_fetch_row(res); row; row = mysql_fetch_row(res))
+            {
+                if (strcasestr(row[0], "SHOW DATABASES"))
+                {
+                    found = true;
+                    break;
+                }
+            }
+
+            if (!found)
            {
                MXS_WARNING("[%s] User '%s' is missing the SHOW DATABASES privilege. "
                            "This means that MaxScale cannot see all databases and authentication can fail.",
                            service->name,
                            user);
            }
-
            mysql_free_result(res);
        }
    }