SHOW GRANTS incorrectly shows grants for user@ '%'
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
5.1 |
Invalid
|
Undecided
|
Unassigned | |||
5.5 |
Triaged
|
Medium
|
Unassigned | |||
5.6 |
Triaged
|
Medium
|
Unassigned | |||
5.7 |
Triaged
|
Medium
|
Unassigned |
Bug Description
If an user has grants both from everywhere ('user'@'%') and from a certain network ('user'
Tested on latest 5.6 Oracle and the bug is not there, so this looks to be a Percona only bug.
How to repeat:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.25-73.1-log Percona Server (GPL), Release 73.1, Revision 07b797f
Copyright (c) 2009-2015 Percona LLC and/or its affiliates
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> grant select on test.* to 'testuser'@'%' identified by 'test';
Query OK, 0 rows affected (0.02 sec)
mysql> grant select on test.* to 'testuser'
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'testuser'
+------
| Grants for testuser@10.10.10.% |
+------
| GRANT USAGE ON *.* TO 'testuser'
| GRANT SELECT ON `test`.* TO 'testuser'
| GRANT SELECT ON `test`.* TO 'testuser'@'%' |
+------
3 rows in set (0.00 sec)
mysql>
Verified with PS 5.6.25. Also checked with MySQL Community 5.6.25 but its not reproducible there.
nilnandan@ desktop: ~$ mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 40
Server version: 5.6.25-73.1-log Percona Server (GPL), Release 73.1, Revision 07b797f
Copyright (c) 2009-2015 Percona LLC and/or its affiliates
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> grant select on test.* to 'testuser'@'%' identified by 'test';
Query OK, 0 rows affected (0.00 sec)
mysql> grant select on test.* to 'testuser' @'10.10. 10.%' identified by 'test';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'testuser' @'10.10. 10.%'; ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ---+ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ---+ @'10.10. 10.%' IDENTIFIED BY PASSWORD '*94BDCEBE19083 CE2A1F959FD02F9 64C7AF4CFC29' | @'10.10. 10.%' | ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ---+
+------
| Grants for testuser@10.10.10.% |
+------
| GRANT USAGE ON *.* TO 'testuser'
| GRANT SELECT ON `test`.* TO 'testuser'
| GRANT SELECT ON `test`.* TO 'testuser'@'%' |
+------
3 rows in set (0.00 sec)
mysql>
With community server,
nilnandan. joshi@bm- support01: ~$ mysql -uroot -p --socket= /tmp/mysql_ sandbox27002. sock
Warning: Using unique option prefix pass instead of password is deprecated and will be removed in a future release. Please use the full name instead.
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.25-log MySQL Community Server (GPL)
Copyright (c) 2009-2015 Percona LLC and/or its affiliates
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> grant select on test.* to 'testuser'@'%' identified by 'test';
Query OK, 0 rows affected (0.09 sec)
mysql> grant select on test.* to 'testuser' @'10.10. 10.%' identified by 'test';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'testuser' @'10.10. 10.%'; ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ---+ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------. ..
+------
| Grants for testuser@10.10.10.% |
+------