Various bug fixes.

Also updated tests to reflect new show grants functionality.

6 files changed, 69 insertions, 16 deletions

diff --git a/mysql-test/r/acl_roles_rename_user.result b/mysql-test/r/acl_roles_rename_user.result
index a66cdea5007..9108a34c143 100644
--- a/mysql-test/r/acl_roles_rename_user.result
+++ b/mysql-test/r/acl_roles_rename_user.result
@@ -13,8 +13,8 @@ flush privileges;
 use mysql;
 select * from roles_mapping;
 HostFk	UserFk	RoleFk
-localhost	test_user	test_role1
 	test_role1	test_role2
+localhost	test_user	test_role1
 rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost';
 select user, host from user where user like 'test%';
 user	host
@@ -23,8 +23,8 @@ test_role2
 test_user_rm	newhost
 select * from roles_mapping;
 HostFk	UserFk	RoleFk
-newhost	test_user_rm	test_role1
 	test_role1	test_role2
+newhost	test_user_rm	test_role1
 rename user 'test_role2'@'' to 'test_role2_rm'@'';
 select user, host from user where user like 'test%';
 user	host
@@ -33,8 +33,8 @@ test_role2_rm
 test_user_rm	newhost
 select * from roles_mapping;
 HostFk	UserFk	RoleFk
-newhost	test_user_rm	test_role1
 	test_role1	test_role2_rm
+newhost	test_user_rm	test_role1
 rename user 'test_role1'@'' to 'test_role1_rm'@'';
 select user, host from user where user like 'test%';
 user	host
@@ -43,8 +43,8 @@ test_role2_rm
 test_user_rm	newhost
 select * from roles_mapping;
 HostFk	UserFk	RoleFk
-newhost	test_user_rm	test_role1_rm
 	test_role1_rm	test_role2_rm
+newhost	test_user_rm	test_role1_rm
 delete from mysql.roles_mapping;
 delete from mysql.user where user like 'test%';
 flush privileges;
diff --git a/mysql-test/r/acl_roles_set_role-multiple-role.result b/mysql-test/r/acl_roles_set_role-multiple-role.result
index ffb0255b045..e795ecbf27b 100644
--- a/mysql-test/r/acl_roles_set_role-multiple-role.result
+++ b/mysql-test/r/acl_roles_set_role-multiple-role.result
@@ -72,6 +72,7 @@ GRANT r_upd TO 'test_user'@'localhost'
 set role r_sel;
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'r_sel'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT r_crt TO 'test_user'@'localhost'
 GRANT r_del TO 'test_user'@'localhost'
@@ -92,6 +93,7 @@ localhost	test_user	r_upd
 set role r_ins;
 show grants;
 Grants for test_user@localhost
+GRANT INSERT ON *.* TO 'r_ins'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT r_crt TO 'test_user'@'localhost'
 GRANT r_del TO 'test_user'@'localhost'
diff --git a/mysql-test/r/acl_roles_set_role-recursive.result b/mysql-test/r/acl_roles_set_role-recursive.result
index 6661ed0058e..7ac932452f0 100644
--- a/mysql-test/r/acl_roles_set_role-recursive.result
+++ b/mysql-test/r/acl_roles_set_role-recursive.result
@@ -38,6 +38,8 @@ GRANT test_role1 TO 'test_user'@'localhost'
 set role test_role1;
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 select * from mysql.roles_mapping where HostFk='';
@@ -45,6 +47,8 @@ HostFk	UserFk	RoleFk
 	test_role1	test_role2
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 set role none;
@@ -73,6 +77,8 @@ GRANT test_role1 TO 'test_user'@'localhost'
 set role test_role1;
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 select * from mysql.roles_mapping where HostFk='';
@@ -80,6 +86,8 @@ HostFk	UserFk	RoleFk
 	test_role1	test_role2
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 set role none;
diff --git a/mysql-test/r/acl_roles_set_role-simple.result b/mysql-test/r/acl_roles_set_role-simple.result
index 11ed783e02f..db54592333d 100644
--- a/mysql-test/r/acl_roles_set_role-simple.result
+++ b/mysql-test/r/acl_roles_set_role-simple.result
@@ -25,6 +25,7 @@ GRANT test_role1 TO 'test_user'@'localhost'
 set role test_role1;
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'test_role1'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 select * from mysql.roles_mapping;
diff --git a/mysql-test/t/acl_roles_rename_user.test b/mysql-test/t/acl_roles_rename_user.test
index 0919d8338ab..e2808c661ae 100644
--- a/mysql-test/t/acl_roles_rename_user.test
+++ b/mysql-test/t/acl_roles_rename_user.test
@@ -16,20 +16,27 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
 flush privileges;
 
 use mysql;
+--sorted_result
 select * from roles_mapping;
 
 #regular user rename
 rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost';
+--sorted_result
 select user, host from user where user like 'test%';
+--sorted_result
 select * from roles_mapping;
 
 rename user 'test_role2'@'' to 'test_role2_rm'@'';
+--sorted_result
 select user, host from user where user like 'test%';
+--sorted_result
 select * from roles_mapping;
 
 #role rename
 rename user 'test_role1'@'' to 'test_role1_rm'@'';
+--sorted_result
 select user, host from user where user like 'test%';
+--sorted_result
 select * from roles_mapping;
 
 delete from mysql.roles_mapping;
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 53630c6b223..51cdf596838 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -730,11 +730,15 @@ static my_bool acl_role_propagate_grants(ACL_ROLE *role,
                                          void * not_used __attribute__((unused)));
 static int add_role_user_mapping(ROLE_GRANT_PAIR *mapping);
 
-static void role_explore_create_list(ACL_ROLE *role, void *context_data);
+static void role_explore_create_list(ACL_ROLE *unused,
+                                     ACL_ROLE *role,
+                                     void *context_data);
 static bool role_explore_start_access_check(ACL_ROLE *role, void *unused);
 static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour,
                                         void *unused);
-static void role_explore_set_final_access_bits(ACL_ROLE *current, void *unused);
+static void role_explore_set_final_access_bits(ACL_ROLE *parent,
+                                               ACL_ROLE *current,
+                                               void *unused);
 static int traverse_role_graph(ACL_ROLE *role,
                                void *context_data,
                                bool (*on_start) (ACL_ROLE *role,
@@ -745,7 +749,8 @@ static int traverse_role_graph(ACL_ROLE *role,
                                bool (*on_cycle) (ACL_ROLE *current,
                                                  ACL_ROLE *neighbour,
                                                  void *context_data),
-                               void (*on_finish)(ACL_ROLE *current,
+                               void (*on_finish)(ACL_ROLE *parent,
+                                                 ACL_ROLE *current,
                                                  void *context_data));
 
 static void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source);
@@ -2477,7 +2482,8 @@ void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source)
   /* TODO */
 }
 
-static void role_explore_create_list(ACL_ROLE *role, void *context_data)
+static void role_explore_create_list(ACL_ROLE *unused __attribute__((unused)),
+                                     ACL_ROLE *role, void *context_data)
 {
   DYNAMIC_ARRAY *list= (DYNAMIC_ARRAY *)context_data;
   push_dynamic(list, (uchar*)&role);
@@ -2508,7 +2514,8 @@ static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour,
   return FALSE;
 }
 
-static void role_explore_set_final_access_bits(ACL_ROLE *current,
+static void role_explore_set_final_access_bits(ACL_ROLE *parent,
+                                               ACL_ROLE *current,
                                                void *unused __attribute__((unused)))
 {
   current->flags|= ROLE_GRANTS_FINAL;
@@ -2517,6 +2524,10 @@ static void role_explore_set_final_access_bits(ACL_ROLE *current,
   DBUG_PRINT("info",
              ("Setting final access for node: %s %lu",
               current->user.str, current->access));
+  if (parent)
+  {
+    merge_role_grant_privileges(parent, current);
+  }
 }
 
 /*
@@ -2554,7 +2565,8 @@ static int traverse_role_graph(ACL_ROLE *role,
                                bool (*on_cycle) (ACL_ROLE *current,
                                                  ACL_ROLE *neighbour,
                                                  void *context_data),
-                               void (*on_finish)(ACL_ROLE *current,
+                               void (*on_finish)(ACL_ROLE *parent,
+                                                 ACL_ROLE *current,
                                                  void *context_data))
 {
 
@@ -2672,7 +2684,19 @@ static int traverse_role_graph(ACL_ROLE *role,
       curr_state->node_data->flags|= ROLE_EXPLORED;
       push_dynamic(&to_clear, (uchar*)&curr_state->node_data);
       if (on_finish)
-        on_finish(curr_state->node_data, context_data);
+      {
+        NODE_STATE *parent= NULL;
+        if (stack.elements)
+        {
+          parent= dynamic_element(&stack, stack.elements - 1, NODE_STATE *);
+          on_finish(parent->node_data, curr_state->node_data, context_data);
+        }
+        else
+        {
+          /* no parent node, this is the starting node */
+          on_finish(NULL, curr_state->node_data, context_data);
+        }
+      }
     }
   }
 
@@ -6597,12 +6621,13 @@ static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
   global.append (STRING_WITH_LEN(" ON *.* TO '"));
   global.append(lex_user->user.str, lex_user->user.length,
                 system_charset_info);
+  global.append('\'');
 
   if (!handle_as_role)
   {
     ACL_USER *acl_user= (ACL_USER *)acl_entry;
 
-    global.append (STRING_WITH_LEN("'@'"));
+    global.append (STRING_WITH_LEN("@'"));
     global.append(lex_user->host.str, lex_user->host.length,
                   system_charset_info);
     global.append ('\'');
@@ -6683,6 +6708,7 @@ static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
                       "MAX_USER_CONNECTIONS", 1);
     }
   }
+
   protocol->prepare_for_resend();
   protocol->store(global.ptr(),global.length(),global.charset());
   if (protocol->write())
@@ -7656,11 +7682,20 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
                        struct_no, idx, user, host));
 #endif
 
-    if ((strcmp(user_from->user.str, user) ||
-        my_strcasecmp(system_charset_info, user_from->host.str, host)) &&
-        (role_not_matched= strcmp(user_from->user.str, role))
-        )
+    if (struct_no == ROLES_MAPPINGS_HASH)
+    {
+      role_not_matched= strcmp(user_from->user.str, role);
+      if (role_not_matched &&
+          (strcmp(user_from->user.str, user) ||
+           my_strcasecmp(system_charset_info, user_from->host.str, host)))
       continue;
+    }
+    else
+    {
+      if (strcmp(user_from->user.str, user) ||
+          my_strcasecmp(system_charset_info, user_from->host.str, host))
+        continue;
+    }
 
     result= 1; /* At least one element found. */
     if ( drop )