hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2496: Fix SHOW DATABASES grant check

Browse Source 
The code expected that the grant was given to the actual user, not a role.
This commit is contained in:
Markus Mäkelä
2019-05-17 15:29:15 +03:00
parent bb706394f6
commit b294acf276
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
server/modules/authenticator/MySQLAuth/dbusers.cc
View File

@ -815,23 +815,28 @@ static bool check_server_permissions(SERVICE* service,
} }
// Check whether the current user has the SHOW DATABASES privilege // Check whether the current user has the SHOW DATABASES privilege
if (mxs_mysql_query(mysql, if (mxs_mysql_query(mysql, "SHOW GRANTS") == 0)
"SELECT show_db_priv FROM mysql.user "
"WHERE CONCAT(user, '@', host) = CURRENT_USER()") == 0)
{ {
MYSQL_RES* res = mysql_use_result(mysql); if (MYSQL_RES* res = mysql_use_result(mysql))
if (res)
{ {
MYSQL_ROW row = mysql_fetch_row(res); bool found = false;
if (row && strcasecmp(row[0], "Y") != 0) for (MYSQL_ROW row = mysql_fetch_row(res); row; row = mysql_fetch_row(res))
{
if (strcasestr(row[0], "SHOW DATABASES"))
{
found = true;
break;
}
}
if (!found)
{ {
MXS_WARNING("[%s] User '%s' is missing the SHOW DATABASES privilege. " MXS_WARNING("[%s] User '%s' is missing the SHOW DATABASES privilege. "
"This means that MaxScale cannot see all databases and authentication can fail.", "This means that MaxScale cannot see all databases and authentication can fail.",
service->name, service->name,
user); user);
} }
mysql_free_result(res); mysql_free_result(res);
} }
} }