From b294acf27628df66279b41661be675fa97588c65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Fri, 17 May 2019 15:29:15 +0300 Subject: [PATCH] MXS-2496: Fix SHOW DATABASES grant check The code expected that the grant was given to the actual user, not a role. --- .../authenticator/MySQLAuth/dbusers.cc | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/server/modules/authenticator/MySQLAuth/dbusers.cc b/server/modules/authenticator/MySQLAuth/dbusers.cc index 01197f387..d8319ef18 100644 --- a/server/modules/authenticator/MySQLAuth/dbusers.cc +++ b/server/modules/authenticator/MySQLAuth/dbusers.cc @@ -815,23 +815,28 @@ static bool check_server_permissions(SERVICE* service, } // Check whether the current user has the SHOW DATABASES privilege - if (mxs_mysql_query(mysql, - "SELECT show_db_priv FROM mysql.user " - "WHERE CONCAT(user, '@', host) = CURRENT_USER()") == 0) + if (mxs_mysql_query(mysql, "SHOW GRANTS") == 0) { - MYSQL_RES* res = mysql_use_result(mysql); - if (res) + if (MYSQL_RES* res = mysql_use_result(mysql)) { - MYSQL_ROW row = mysql_fetch_row(res); + bool found = false; - if (row && strcasecmp(row[0], "Y") != 0) + for (MYSQL_ROW row = mysql_fetch_row(res); row; row = mysql_fetch_row(res)) + { + if (strcasestr(row[0], "SHOW DATABASES")) + { + found = true; + break; + } + } + + if (!found) { MXS_WARNING("[%s] User '%s' is missing the SHOW DATABASES privilege. " "This means that MaxScale cannot see all databases and authentication can fail.", service->name, user); } - mysql_free_result(res); } }