Bug#25482 GRANT statements are not replicated if you use "replicate-ignore-table"

 - GRANT and REVOKE statments didn't have the "updating" flag set and
   thus statements with a table specified would not replicate if
   slave filtering rules where turned on.
   For example "GRANT ... ON test.t1 TO ..." would not replicate.


mysql-test/r/rpl_ignore_table.result:
  Add test results
mysql-test/t/rpl_ignore_table.test:
  Add tests
sql/sql_yacc.yy:
  Pass option TL_OPTION_UPDATING to 'add_table_to_list' when parsing a
  GRANT or REVOKE and a table specifier is found. This will set the
  property "updating" on the table and thus the slave filtering rules will 
  be applied.
  
  Without setting updating the statement will be not
  replicated - since "it's not updating anything" - an optimization
  to quickly skip SELECT's and similar.

3 files changed, 203 insertions, 1 deletions

diff --git a/mysql-test/r/rpl_ignore_table.result b/mysql-test/r/rpl_ignore_table.result
index 356a9dcb2f8..28bb4a448e0 100644
--- a/mysql-test/r/rpl_ignore_table.result
+++ b/mysql-test/r/rpl_ignore_table.result
@@ -14,3 +14,106 @@ SELECT * FROM t4;
 a
 DROP TABLE t1;
 DROP TABLE t4;
+**** Test case for BUG#25482 ****
+**** Adding GRANTS on master ****
+create table test.t1(a int);
+create table test.t4(a int);
+GRANT SELECT ON test.t1 TO mysqltest1@localhost;
+GRANT INSERT ON test.t4 TO mysqltest2@localhost;
+GRANT select, update, insert, references on t1
+to mysqltest2@localhost;
+GRANT SELECT ON test.* TO mysqltest3@localhost;
+GRANT INSERT ON test.t4 TO mysqltest3@localhost;
+GRANT select(a), update(a), insert(a), references(a) on t4
+to mysqltest3@localhost;
+create database mysqltest2;
+create table mysqltest2.t2 (id int);
+GRANT SELECT ON mysqltest2.t2 TO mysqltest4@localhost IDENTIFIED BY 'pass';
+insert into mysql.user (user, host) values ("mysqltest5", "somehost");
+GRANT SELECT ON *.* TO mysqltest6@localhost;
+GRANT INSERT ON *.* TO mysqltest6@localhost;
+GRANT INSERT ON test.* TO mysqltest6@localhost;
+GRANT INSERT ON test.t1 TO mysqltest6@localhost;
+show grants for mysqltest1@localhost;
+Grants for mysqltest1@localhost
+GRANT USAGE ON *.* TO 'mysqltest1'@'localhost'
+GRANT SELECT ON `test`.`t1` TO 'mysqltest1'@'localhost'
+show grants for mysqltest2@localhost;
+Grants for mysqltest2@localhost
+GRANT USAGE ON *.* TO 'mysqltest2'@'localhost'
+GRANT SELECT, INSERT, UPDATE, REFERENCES ON `test`.`t1` TO 'mysqltest2'@'localhost'
+GRANT INSERT ON `test`.`t4` TO 'mysqltest2'@'localhost'
+show grants for mysqltest3@localhost;
+Grants for mysqltest3@localhost
+GRANT USAGE ON *.* TO 'mysqltest3'@'localhost'
+GRANT SELECT ON `test`.* TO 'mysqltest3'@'localhost'
+GRANT SELECT (a), INSERT, INSERT (a), UPDATE (a), REFERENCES (a) ON `test`.`t4` TO 'mysqltest3'@'localhost'
+show grants for mysqltest4@localhost;
+Grants for mysqltest4@localhost
+GRANT USAGE ON *.* TO 'mysqltest4'@'localhost' IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7'
+GRANT SELECT ON `mysqltest2`.`t2` TO 'mysqltest4'@'localhost'
+show grants for mysqltest6@localhost;
+Grants for mysqltest6@localhost
+GRANT SELECT, INSERT ON *.* TO 'mysqltest6'@'localhost'
+GRANT INSERT ON `test`.* TO 'mysqltest6'@'localhost'
+GRANT INSERT ON `test`.`t1` TO 'mysqltest6'@'localhost'
+flush privileges;
+show grants for mysqltest5@somehost;
+Grants for mysqltest5@somehost
+GRANT USAGE ON *.* TO 'mysqltest5'@'somehost'
+**** Checking grants on slave ****
+show grants for mysqltest2@localhost;
+Grants for mysqltest2@localhost
+GRANT USAGE ON *.* TO 'mysqltest2'@'localhost'
+GRANT INSERT ON `test`.`t4` TO 'mysqltest2'@'localhost'
+show grants for mysqltest3@localhost;
+Grants for mysqltest3@localhost
+GRANT USAGE ON *.* TO 'mysqltest3'@'localhost'
+GRANT SELECT ON `test`.* TO 'mysqltest3'@'localhost'
+GRANT SELECT (a), INSERT, INSERT (a), UPDATE (a), REFERENCES (a) ON `test`.`t4` TO 'mysqltest3'@'localhost'
+show grants for mysqltest4@localhost;
+Grants for mysqltest4@localhost
+GRANT USAGE ON *.* TO 'mysqltest4'@'localhost' IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7'
+GRANT SELECT ON `mysqltest2`.`t2` TO 'mysqltest4'@'localhost'
+show grants for mysqltest5@somehost;
+Grants for mysqltest5@somehost
+GRANT USAGE ON *.* TO 'mysqltest5'@'somehost'
+show grants for mysqltest6@localhost;
+Grants for mysqltest6@localhost
+GRANT SELECT, INSERT ON *.* TO 'mysqltest6'@'localhost'
+GRANT INSERT ON `test`.* TO 'mysqltest6'@'localhost'
+show grants for mysqltest1@localhost;
+ERROR 42000: There is no such grant defined for user 'mysqltest1' on host 'localhost'
+**** Revoking grants on master ****
+REVOKE SELECT ON test.t1 FROM mysqltest1@localhost;
+REVOKE SELECT ON mysqltest2.t2 FROM mysqltest4@localhost;
+REVOKE select(a) on t4
+from mysqltest3@localhost;
+show grants for mysqltest1@localhost;
+Grants for mysqltest1@localhost
+GRANT USAGE ON *.* TO 'mysqltest1'@'localhost'
+show grants for mysqltest3@localhost;
+Grants for mysqltest3@localhost
+GRANT USAGE ON *.* TO 'mysqltest3'@'localhost'
+GRANT SELECT ON `test`.* TO 'mysqltest3'@'localhost'
+GRANT INSERT, INSERT (a), UPDATE (a), REFERENCES (a) ON `test`.`t4` TO 'mysqltest3'@'localhost'
+show grants for mysqltest4@localhost;
+Grants for mysqltest4@localhost
+GRANT USAGE ON *.* TO 'mysqltest4'@'localhost' IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7'
+**** Checking grants on slave ****
+show grants for mysqltest1@localhost;
+ERROR 42000: There is no such grant defined for user 'mysqltest1' on host 'localhost'
+show grants for mysqltest3@localhost;
+Grants for mysqltest3@localhost
+GRANT USAGE ON *.* TO 'mysqltest3'@'localhost'
+GRANT SELECT ON `test`.* TO 'mysqltest3'@'localhost'
+GRANT INSERT, INSERT (a), UPDATE (a), REFERENCES (a) ON `test`.`t4` TO 'mysqltest3'@'localhost'
+show grants for mysqltest4@localhost;
+Grants for mysqltest4@localhost
+GRANT USAGE ON *.* TO 'mysqltest4'@'localhost' IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7'
+drop table t1, t4, mysqltest2.t2;
+drop database mysqltest2;
+delete from mysql.user where user like "mysqltest%";
+delete from mysql.db where user like "mysqltest%";
+delete from mysql.tables_priv where user like "mysqltest%";
+delete from mysql.columns_priv where user like "mysqltest%";
diff --git a/mysql-test/t/rpl_ignore_table.test b/mysql-test/t/rpl_ignore_table.test
index bc651779208..660921a94be 100644
--- a/mysql-test/t/rpl_ignore_table.test
+++ b/mysql-test/t/rpl_ignore_table.test
@@ -26,3 +26,101 @@ SELECT * FROM t4;
 connection master;
 DROP TABLE t1;
 DROP TABLE t4;
+
+
+#
+# Bug#25482 GRANT statements are not replicated if
+# you use "replicate-ignore-table"
+#
+
+--echo **** Test case for BUG#25482 ****
+--echo **** Adding GRANTS on master ****
+
+connection master;
+create table test.t1(a int);
+create table test.t4(a int);
+
+# Simple user that should not replicate
+GRANT SELECT ON test.t1 TO mysqltest1@localhost;
+
+# Partial replicate
+GRANT INSERT ON test.t4 TO mysqltest2@localhost;
+GRANT select, update, insert, references on t1
+  to mysqltest2@localhost;
+
+# Partial replicate 2
+GRANT SELECT ON test.* TO mysqltest3@localhost;
+GRANT INSERT ON test.t4 TO mysqltest3@localhost;
+GRANT select(a), update(a), insert(a), references(a) on t4
+  to mysqltest3@localhost;
+
+# Create another database and table
+create database mysqltest2;
+create table mysqltest2.t2 (id int);
+# Create a grant that should replicate
+GRANT SELECT ON mysqltest2.t2 TO mysqltest4@localhost IDENTIFIED BY 'pass';
+
+# Create a grant manually
+insert into mysql.user (user, host) values ("mysqltest5", "somehost");
+
+# Partial replicate 3 with *.*
+GRANT SELECT ON *.* TO mysqltest6@localhost;
+GRANT INSERT ON *.* TO mysqltest6@localhost;
+GRANT INSERT ON test.* TO mysqltest6@localhost;
+GRANT INSERT ON test.t1 TO mysqltest6@localhost;
+
+show grants for mysqltest1@localhost;
+show grants for mysqltest2@localhost;
+show grants for mysqltest3@localhost;
+show grants for mysqltest4@localhost;
+show grants for mysqltest6@localhost;
+
+flush privileges;
+show grants for mysqltest5@somehost;
+
+
+sync_slave_with_master;
+
+--echo **** Checking grants on slave ****
+
+# Check that grants are replicated to slave
+show grants for mysqltest2@localhost;
+show grants for mysqltest3@localhost;
+show grants for mysqltest4@localhost;
+show grants for mysqltest5@somehost;
+show grants for mysqltest6@localhost;
+
+# mysqltest1 should not be on slave
+--error 1141
+show grants for mysqltest1@localhost;
+
+--echo **** Revoking grants on master ****
+connection master;
+REVOKE SELECT ON test.t1 FROM mysqltest1@localhost;
+REVOKE SELECT ON mysqltest2.t2 FROM mysqltest4@localhost;
+REVOKE select(a) on t4
+ from mysqltest3@localhost;
+
+show grants for mysqltest1@localhost;
+show grants for mysqltest3@localhost;
+show grants for mysqltest4@localhost;
+
+sync_slave_with_master;
+
+--echo **** Checking grants on slave ****
+
+# mysqltest1 should not be on slave
+--error 1141
+show grants for mysqltest1@localhost;
+show grants for mysqltest3@localhost;
+show grants for mysqltest4@localhost;
+
+# Cleanup
+connection master;
+drop table t1, t4, mysqltest2.t2;
+drop database mysqltest2;
+delete from mysql.user where user like "mysqltest%";
+delete from mysql.db where user like "mysqltest%";
+delete from mysql.tables_priv where user like "mysqltest%";
+delete from mysql.columns_priv where user like "mysqltest%";
+sync_slave_with_master;
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index ee57a4d611c..b72caac46a0 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -5926,7 +5926,8 @@ opt_table:
 	| table_ident
 	  {
 	    LEX *lex=Lex;
-	    if (!lex->current_select->add_table_to_list(lex->thd, $1,NULL,0))
+	    if (!lex->current_select->add_table_to_list(lex->thd, $1,NULL,
+                                                        TL_OPTION_UPDATING))
 	      YYABORT;
 	    if (lex->grant == GLOBAL_ACLS)
 	      lex->grant =  TABLE_ACLS & ~GRANT_ACL;