diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2013-10-18 13:18:03 -0700 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2013-10-18 13:18:03 -0700 |
| commit | 4ec26a7c2dbb2a49fbedf14f0ca7d126703916ae (patch) | |
| tree | 1f6b4557c39c569adf5ad921722f8f0109818f73 | |
| parent | 4d3e4c2984d8100fa8d0cdc01e5f1806c590b56e (diff) | |
| download | mariadb-git-4ec26a7c2dbb2a49fbedf14f0ca7d126703916ae.tar.gz | |
replication of GRANT role statement
| -rw-r--r-- | mysql-test/r/acl_roles_rpl_definer.result | 27 | ||||
| -rw-r--r-- | mysql-test/t/acl_roles_rpl_definer.test | 12 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 23 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 10 |
4 files changed, 47 insertions, 25 deletions
diff --git a/mysql-test/r/acl_roles_rpl_definer.result b/mysql-test/r/acl_roles_rpl_definer.result index 158e420c03e..eadb6315d9b 100644 --- a/mysql-test/r/acl_roles_rpl_definer.result +++ b/mysql-test/r/acl_roles_rpl_definer.result @@ -1,9 +1,20 @@ include/master-slave.inc [connection master] create role role1; -grant execute on test.* to role1; -grant role1 to current_user; +create role role2; +grant execute on test.* to role2; +grant role2 to role1; set role role1; +show grants; +Grants for root@localhost +GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION +GRANT EXECUTE ON `test`.* TO 'role2' +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION +GRANT USAGE ON *.* TO 'role1' +GRANT USAGE ON *.* TO 'role2' +GRANT role1 TO 'root'@'localhost' WITH ADMIN OPTION +GRANT role2 TO 'role1' +GRANT role2 TO 'root'@'localhost' WITH ADMIN OPTION create definer=current_user procedure pcu() select current_user; create definer=root@localhost procedure pu() select "root@localhost"; create definer=current_role procedure pcr() select current_role; @@ -25,6 +36,17 @@ Procedure sql_mode Create Procedure character_set_client collation_connection Da pr CREATE DEFINER=`role1` PROCEDURE `pr`() select "role1" latin1 latin1_swedish_ci latin1_swedish_ci [connection slave] +set role role1; +show grants; +Grants for root@localhost +GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION +GRANT EXECUTE ON `test`.* TO 'role2' +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION +GRANT USAGE ON *.* TO 'role1' +GRANT USAGE ON *.* TO 'role2' +GRANT role1 TO 'root'@'localhost' WITH ADMIN OPTION +GRANT role2 TO 'role1' +GRANT role2 TO 'root'@'localhost' WITH ADMIN OPTION show create procedure pcu; Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation pcu CREATE DEFINER=`root`@`localhost` PROCEDURE `pcu`() @@ -46,4 +68,5 @@ drop procedure pu; drop procedure pcr; drop procedure pr; drop role role1; +drop role role2; include/rpl_end.inc diff --git a/mysql-test/t/acl_roles_rpl_definer.test b/mysql-test/t/acl_roles_rpl_definer.test index ba192d1fa2a..86d69de86aa 100644 --- a/mysql-test/t/acl_roles_rpl_definer.test +++ b/mysql-test/t/acl_roles_rpl_definer.test @@ -5,9 +5,12 @@ --source include/master-slave.inc create role role1; -grant execute on test.* to role1; -grant role1 to current_user; +create role role2; +grant execute on test.* to role2; +grant role2 to role1; set role role1; +--sorted_result +show grants; create definer=current_user procedure pcu() select current_user; create definer=root@localhost procedure pu() select "root@localhost"; @@ -23,6 +26,10 @@ sync_slave_with_master; connection slave; echo [connection slave]; +set role role1; +--sorted_result +show grants; + show create procedure pcu; show create procedure pu; show create procedure pcr; @@ -35,6 +42,7 @@ drop procedure pu; drop procedure pcr; drop procedure pr; drop role role1; +drop role role2; --source include/rpl_end.inc diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 5b3eca799d5..b188b909600 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -5769,6 +5769,10 @@ static int can_grant_role_callback(ACL_USER_BASE *grantee, static bool can_grant_role(THD *thd, ACL_ROLE *role) { Security_context *sctx= thd->security_ctx; + + if (!sctx->user) // replication + return true; + ACL_USER *grantee= find_user_no_anon(sctx->priv_host, sctx->priv_user, true); if (!grantee) return false; @@ -5981,21 +5985,14 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) } mysql_mutex_unlock(&acl_cache->lock); - mysql_rwlock_unlock(&LOCK_grant); if (result) - { - if (!revoke) - { - my_error(ER_CANNOT_GRANT_ROLE, MYF(0), rolename.str, - wrong_users.c_ptr_safe()); - } - else - { - my_error(ER_CANNOT_REVOKE_ROLE, MYF(0), rolename.str, - wrong_users.c_ptr_safe()); - } - } + my_error(revoke ? ER_CANNOT_REVOKE_ROLE : ER_CANNOT_GRANT_ROLE, MYF(0), + rolename.str, wrong_users.c_ptr_safe()); + else + result= write_bin_log(thd, TRUE, thd->query(), thd->query_length()); + + mysql_rwlock_unlock(&LOCK_grant); DBUG_RETURN(result); } diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 27162b1cac4..e18b16fce94 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3908,14 +3908,8 @@ end_with_restore_list: { /* TODO access check */ - if (thd->security_ctx->user) // If not replication - { - if (!(res= mysql_grant_role(thd, lex->users_list, - lex->sql_command == SQLCOM_GRANT_ROLE ? 0 : 1 - ))) - my_ok(thd); - } - else + if (!(res= mysql_grant_role(thd, lex->users_list, + lex->sql_command != SQLCOM_GRANT_ROLE))) my_ok(thd); break; } |