5 files changed, 78 insertions, 10 deletions

diff --git a/mysql-test/r/acl_roles_admin.result b/mysql-test/r/acl_roles_admin.result
new file mode 100644
index 00000000000..31879eced21
--- /dev/null
+++ b/mysql-test/r/acl_roles_admin.result
@@ -0,0 +1,19 @@
+create user foo@localhost;
+create role role1;
+create role role2 with admin current_user;
+create role role3 with admin current_role;
+create role role4 with admin root@localhost;
+create role role5 with admin foo@localhost;
+create role role6 with admin foo@bar;
+create user bar with admin current_user;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'admin current_user' at line 1
+grant role1 to foo@localhost with admin option;
+grant role2 to role1;
+grant role3 to role4 with admin option;
+grant select on *.* to foo@localhost with admin option;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'admin option' at line 1
+revoke role1 from foo@localhost;
+revoke admin option for role3 from role4;
+revoke admin option for role2 from role1;
+drop role role1, role2, role3, role4, role5, role6;
+drop user foo@localhost;
diff --git a/mysql-test/t/acl_roles_admin.test b/mysql-test/t/acl_roles_admin.test
new file mode 100644
index 00000000000..e5c9e0bfec3
--- /dev/null
+++ b/mysql-test/t/acl_roles_admin.test
@@ -0,0 +1,32 @@
+create user foo@localhost;
+
+########################################
+# syntax tests
+########################################
+
+create role role1;
+create role role2 with admin current_user;
+create role role3 with admin current_role;
+create role role4 with admin root@localhost;
+create role role5 with admin foo@localhost;
+create role role6 with admin foo@bar;
+
+--error ER_PARSE_ERROR
+create user bar with admin current_user;
+
+grant role1 to foo@localhost with admin option;
+grant role2 to role1;
+grant role3 to role4 with admin option;
+--error ER_PARSE_ERROR
+grant select on *.* to foo@localhost with admin option;
+
+revoke role1 from foo@localhost;
+revoke admin option for role3 from role4;
+revoke admin option for role2 from role1;
+
+########################################
+# cleanup
+########################################
+drop role role1, role2, role3, role4, role5, role6;
+drop user foo@localhost;
+
diff --git a/sql/lex.h b/sql/lex.h
index 7c0c9193b2e..e5f570e5526 100644
--- a/sql/lex.h
+++ b/sql/lex.h
@@ -59,6 +59,7 @@ static SYMBOL symbols[] = {
   { "ACCESSIBLE",	SYM(ACCESSIBLE_SYM)},
   { "ACTION",		SYM(ACTION)},
   { "ADD",		SYM(ADD)},
+  { "ADMIN",            SYM(ADMIN_SYM)},
   { "AFTER",		SYM(AFTER_SYM)},
   { "AGAINST",          SYM(AGAINST)},
   { "AGGREGATE",	SYM(AGGREGATE_SYM)},
diff --git a/sql/sql_lex.h b/sql/sql_lex.h
index 281ca26b64f..77b03f32105 100644
--- a/sql/sql_lex.h
+++ b/sql/sql_lex.h
@@ -2580,7 +2580,6 @@ struct LEX: public Query_tables_list
     this command.
   */
   bool parse_vcol_expr;
-  bool with_persistent_for_clause; // uses PERSISTENT FOR clause (in ANALYZE)
 
   enum SSL_type ssl_type;			/* defined in violite.h */
   enum enum_duplicates duplicates;
@@ -2589,6 +2588,8 @@ struct LEX: public Query_tables_list
   union {
     enum ha_rkey_function ha_rkey_mode;
     enum xa_option_words xa_opt;
+    bool with_admin_option;                     // GRANT role
+    bool with_persistent_for_clause; // uses PERSISTENT FOR clause (in ANALYZE)
   };
   enum enum_var_type option_type;
   enum enum_view_create_mode create_view_mode;
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 332333da620..5f68d79a763 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -800,7 +800,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
    MYSQL-FUNC : MySQL extention, function
    INTERNAL   : Not a real token, lex optimization
    OPERATOR   : SQL operator
-   FUTURE-USE : Reserved for futur use
+   FUTURE-USE : Reserved for future use
 
    This makes the code grep-able, and helps maintenance.
 */
@@ -809,6 +809,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
 %token  ACCESSIBLE_SYM
 %token  ACTION                        /* SQL-2003-N */
 %token  ADD                           /* SQL-2003-R */
+%token  ADMIN_SYM                     /* SQL-2003-N */
 %token  ADDDATE_SYM                   /* MYSQL-FUNC */
 %token  AFTER_SYM                     /* SQL-2003-N */
 %token  AGAINST
@@ -1571,6 +1572,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
 %type <symbol> keyword keyword_sp
 
 %type <lex_user> user grant_user grant_role user_or_role current_role
+                 admin_option_for_role
 
 %type <charset>
         opt_collate
@@ -1601,7 +1603,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
         show describe load alter optimize keycache preload flush
         reset purge begin commit rollback savepoint release
         slave master_def master_defs master_file_def slave_until_opts
-        repair analyze
+        repair analyze opt_with_admin opt_with_admin_option
         analyze_table_list analyze_table_elem_spec
         opt_persistent_stat_clause persistent_stat_spec
         persistent_column_stat_spec persistent_index_stat_spec
@@ -2218,7 +2220,7 @@ create:
           {
             Lex->sql_command = SQLCOM_CREATE_USER;
           }
-        | CREATE ROLE_SYM clear_privileges role_list
+        | CREATE ROLE_SYM clear_privileges role_list opt_with_admin
           {
             Lex->sql_command = SQLCOM_CREATE_ROLE;
           }
@@ -13297,6 +13299,7 @@ keyword:
 keyword_sp:
           ACTION                   {}
         | ADDDATE_SYM              {}
+        | ADMIN_SYM                {}
         | AFTER_SYM                {}
         | AGAINST                  {}
         | AGGREGATE_SYM            {}
@@ -14257,17 +14260,21 @@ revoke_command:
             lex->sql_command= SQLCOM_REVOKE;
             lex->type= TYPE_ENUM_PROXY;
           }
-        | grant_role FROM user_and_role_list
+        | admin_option_for_role FROM user_and_role_list
           {
-            LEX *lex= Lex;
-            lex->sql_command= SQLCOM_REVOKE_ROLE;
-            /* The first role is the one that is revoked */
+            Lex->sql_command= SQLCOM_REVOKE_ROLE;
             if (Lex->users_list.push_front($1))
               MYSQL_YYABORT;
           }
-
         ;
 
+admin_option_for_role:
+        ADMIN_SYM OPTION FOR_SYM grant_role
+        { Lex->with_admin_option= true; $$= $4; }
+      | grant_role
+        { Lex->with_admin_option= false; $$= $1; }
+      ;
+
 grant:
           GRANT clear_privileges grant_command
           {}
@@ -14312,7 +14319,7 @@ grant_command:
             lex->sql_command= SQLCOM_GRANT;
             lex->type= TYPE_ENUM_PROXY;
           }
-        | grant_role TO_SYM user_and_role_list
+        | grant_role TO_SYM user_and_role_list opt_with_admin_option
           {
             LEX *lex= Lex;
             lex->sql_command= SQLCOM_GRANT_ROLE;
@@ -14323,6 +14330,14 @@ grant_command:
 
         ;
 
+opt_with_admin:
+           /* nothing */               { Lex->definer = 0; }
+         | WITH ADMIN_SYM user_or_role { Lex->definer = $3; }
+
+opt_with_admin_option:
+           /* nothing */               { Lex->with_admin_option= false; }
+         | WITH ADMIN_SYM OPTION       { Lex->with_admin_option= true; }
+
 role_list:
           grant_role
           {