MDEV-29752 SHOW GRANTS for PUBLIC should work for all users

5dc804c3 · Sergei Golubchik · 00c56e1c · 5dc804c3 · 5dc804c3 · 5dc804c3
Commit 5dc804c3 authored Nov 01, 2022 by Sergei Golubchik
Showing with 52 additions and 2 deletions

mysql-test/main/public_privileges.result mysql-test/main/public_privileges.result +23 -0

mysql-test/main/public_privileges.test mysql-test/main/public_privileges.test +27 -0

sql/sql_acl.cc sql/sql_acl.cc +2 -2

No files found.
--- a/mysql-test/main/public_privileges.result
+++ b/mysql-test/main/public_privileges.result
@@ -319,3 +319,26 @@ drop database testdb1;
 # clean up
 delete from mysql.global_priv where user="PUBLIC";
 flush privileges;
+#
+# MDEV-29752 SHOW GRANTS FOR PUBLIC should work for all users
+#
+create database dbtest;
+create user `testuser`@`%`;
+GRANT USAGE ON *.* TO `testuser`@`%`;
+GRANT ALL PRIVILEGES ON `dbtest`.* TO `PUBLIC`;
+connect  testuser,localhost,testuser,,;
+show grants for public;
+Grants for PUBLIC
+GRANT ALL PRIVILEGES ON `dbtest`.* TO PUBLIC
+show grants for testuser;
+Grants for testuser@%
+GRANT USAGE ON *.* TO `testuser`@`%`
+connection default;
+disconnect testuser;
+REVOKE ALL PRIVILEGES ON `dbtest`.* FROM `PUBLIC`;
+REVOKE USAGE ON *.* FROM `testuser`@`%`;
+drop user `testuser`@`%`;
+drop database dbtest;
+# clean up
+delete from mysql.global_priv where user="PUBLIC";
+flush privileges;
--- a/mysql-test/main/public_privileges.test
+++ b/mysql-test/main/public_privileges.test
@@ -380,3 +380,30 @@ drop database testdb1;
 -- echo # clean up
 delete from mysql.global_priv where user="PUBLIC";
 flush privileges;
+
+--echo #
+--echo # MDEV-29752 SHOW GRANTS FOR PUBLIC should work for all users
+--echo #
+
+create database dbtest;
+create user `testuser`@`%`;
+
+GRANT USAGE ON *.* TO `testuser`@`%`;
+GRANT ALL PRIVILEGES ON `dbtest`.* TO `PUBLIC`;
+
+connect (testuser,localhost,testuser,,);
+
+show grants for public;
+show grants for testuser;
+
+connection default;
+disconnect testuser;
+
+REVOKE ALL PRIVILEGES ON `dbtest`.* FROM `PUBLIC`;
+REVOKE USAGE ON *.* FROM `testuser`@`%`;
+drop user `testuser`@`%`;
+drop database dbtest;
+
+-- echo # clean up
+delete from mysql.global_priv where user="PUBLIC";
+flush privileges;
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -7726,7 +7726,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)

    if (has_auth(user, thd->lex))
      DBUG_ASSERT(!grantee);
-    else if (!grantee)
+    else if (!grantee && !user->is_public)
      grantee= find_user_exact(hostname.str, username.str);

    if (!grantee && !revoke)
@@ -9464,7 +9464,7 @@ bool get_show_user(THD *thd, LEX_USER *lex_user, const char **username,
  if (lex_user->is_role())
  {
    *rolename= lex_user->user.str;
-    do_check_access= strcmp(*rolename, sctx->priv_role);
+    do_check_access= !lex_user->is_public && strcmp(*rolename, sctx->priv_role);
  }
  else
  {