diff options
| author | Brandon Nesterenko <brandon.nesterenko@mariadb.com> | 2022-04-26 19:51:42 -0600 |
|---|---|---|
| committer | Brandon Nesterenko <brandon.nesterenko@mariadb.com> | 2022-04-29 17:01:05 -0600 |
| commit | 960223da39e6e7704b3b0e2de9fda404cc5f8d51 (patch) | |
| tree | 101c69694eac4ebd4a306131cdadcdf66392bf93 /sql/sql_acl.h | |
| parent | 388032e99057449219d4a943b4407e36c42ec4af (diff) | |
| download | mariadb-git-10.2-MDEV-28294-pre-exec.tar.gz | |
MDEV-28294: set default role bypasses Replicate_Wild_Ignore_Table: mysql.%10.2-MDEV-28294-pre-exec
Problem:
========
When replicating SET DEFAULT ROLE, the pre-update check (i.e. that
in set_var_default_role::check()) tries to validate the existence of
the given rules/user even when the targeted tables are ignored. When
previously issued CREATE USER/ROLE commands are ignored by the
replica because of the replication filtering rules, this results in
an error because the targeted data does not exist.
Solution:
========
Before checking that the given rules/user exist of a SET DEFAULT
ROLE command, first ensure that the mysql.user and
mysql.roles_mapping tables are not excluded by replication filters.
Reviewed By
===========
Andrei Elkin <andrei.elkin@mariadb.com>
Diffstat (limited to 'sql/sql_acl.h')
| -rw-r--r-- | sql/sql_acl.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sql/sql_acl.h b/sql/sql_acl.h index e9063673b8e..677884f04fc 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -412,6 +412,8 @@ int acl_check_setrole(THD *thd, char *rolename, ulonglong *access); int acl_check_set_default_role(THD *thd, const char *host, const char *user, const char *role); int acl_set_default_role(THD *thd, const char *host, const char *user, const char *rolename); +void acl_get_tables_set_password(TABLE_LIST *out, size_t *n_tables); +void acl_get_tables_set_default_role(TABLE_LIST *out, size_t *n_tables); extern SHOW_VAR acl_statistics[]; |