diff options
author | Vicențiu Ciorbaru <vicentiu@mariadb.org> | 2015-12-18 23:41:08 +0200 |
---|---|---|
committer | Vicențiu Ciorbaru <vicentiu@mariadb.org> | 2015-12-21 13:42:19 +0200 |
commit | afc2fb1bf8aaa8559f602bf7ff7859e039a378ee (patch) | |
tree | de2710ba4f0b1ea38b11f6f53630e55463289169 | |
parent | ab9a488dec79f325d73dddd11d7ee120108a9f36 (diff) | |
download | mariadb-git-afc2fb1bf8aaa8559f602bf7ff7859e039a378ee.tar.gz |
MDEV-8627: SHOW GRANTS does not work for a replicated role
The bug was caused by accessing uninitialized fields within the LEX related to
ssl by mysql_show_grants() -> get_current_user() -> has_auth() function.
-rw-r--r-- | mysql-test/suite/roles/show_grants_replicated.result | 57 | ||||
-rw-r--r-- | mysql-test/suite/roles/show_grants_replicated.test | 41 | ||||
-rw-r--r-- | sql/sql_yacc.yy | 2 |
3 files changed, 99 insertions, 1 deletions
diff --git a/mysql-test/suite/roles/show_grants_replicated.result b/mysql-test/suite/roles/show_grants_replicated.result new file mode 100644 index 00000000000..0b2e38d3630 --- /dev/null +++ b/mysql-test/suite/roles/show_grants_replicated.result @@ -0,0 +1,57 @@ +include/master-slave.inc +[connection master] +create user u1; +create role r1; +# +# On master SHOW GRANTS work both for the user and the role: +show grants for u1; +Grants for u1@% +GRANT USAGE ON *.* TO 'u1'@'%' +show grants for r1; +Grants for r1 +GRANT USAGE ON *.* TO 'r1' +# +connection slave; +# +# The role has been replicated, +# it's visible in mysql.user and I_S: +# +select user, host, is_role from mysql.user where user in ('u1', 'r1'); +user host is_role +r1 Y +u1 % N +select * from information_schema.applicable_roles; +GRANTEE ROLE_NAME IS_GRANTABLE IS_DEFAULT +root@localhost r1 YES NO +# +# Check show grants for the new user. +show grants for u1; +Grants for u1@% +GRANT USAGE ON *.* TO 'u1'@'%' +# +# Check show grants for the new role. +show grants for r1; +Grants for r1 +GRANT USAGE ON *.* TO 'r1' +# +# Check if flushing privileges preserves the state. +flush privileges; +show grants for r1; +Grants for r1 +GRANT USAGE ON *.* TO 'r1' +# +# Check SHOW GRANTS after setting the role. +set role r1; +show grants; +Grants for root@localhost +GRANT r1 TO 'root'@'localhost' WITH ADMIN OPTION +GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION +GRANT USAGE ON *.* TO 'r1' +show grants for r1; +Grants for r1 +GRANT USAGE ON *.* TO 'r1' +connection master; +drop role r1; +drop user u1; +include/rpl_end.inc diff --git a/mysql-test/suite/roles/show_grants_replicated.test b/mysql-test/suite/roles/show_grants_replicated.test new file mode 100644 index 00000000000..1d4572bb297 --- /dev/null +++ b/mysql-test/suite/roles/show_grants_replicated.test @@ -0,0 +1,41 @@ +--source include/master-slave.inc + +--enable_connect_log + +create user u1; +create role r1; +--echo # +--echo # On master SHOW GRANTS work both for the user and the role: +show grants for u1; +show grants for r1; +--echo # +--sync_slave_with_master +--echo # +--echo # The role has been replicated, +--echo # it's visible in mysql.user and I_S: +--echo # +--sorted_result +select user, host, is_role from mysql.user where user in ('u1', 'r1'); +select * from information_schema.applicable_roles; +--echo # +--echo # Check show grants for the new user. +show grants for u1; +--echo # +--echo # Check show grants for the new role. +show grants for r1; +--echo # +--echo # Check if flushing privileges preserves the state. +flush privileges; +show grants for r1; +--echo # +--echo # Check SHOW GRANTS after setting the role. +set role r1; +show grants; +show grants for r1; + +connection master; +drop role r1; +drop user u1; +--disable_connect_log +--sync_slave_with_master +--source include/rpl_end.inc diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index a5a62aeeafb..302c2fda7f0 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -12696,7 +12696,7 @@ show_param: MYSQL_YYABORT; Lex->grant_user->user= current_user_and_current_role; } - | GRANTS FOR_SYM user_or_role + | GRANTS FOR_SYM user_or_role clear_privileges { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_GRANTS; |