diff options
Diffstat (limited to 'sql/sql_acl.cc')
| -rw-r--r-- | sql/sql_acl.cc | 67 |
1 files changed, 58 insertions, 9 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 88d1630d94b..9d243e95fbb 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -3880,6 +3880,41 @@ static bool test_if_create_new_users(THD *thd) return create_new_users; } +void user_require_to_str(LEX *lex, String &str) +{ + int ssl_type= lex->ssl_type; + if (ssl_type != SSL_TYPE_NOT_SPECIFIED) + { + str.append(" REQUIRE "); + if (ssl_type == SSL_TYPE_ANY) + str.append(" SSL "); + else if (ssl_type == SSL_TYPE_X509) + str.append(" X509 "); + else if (ssl_type == SSL_TYPE_NONE) + str.append(" NONE "); + else if (ssl_type == SSL_TYPE_SPECIFIED) + { + if (strlen(lex->x509_subject)) + { + str.append(" SUBJECT '"); + str.append(lex->x509_subject); + str.append("' "); + } + if (strlen(lex->x509_issuer)) + { + str.append(" ISSUER '"); + str.append(lex->x509_issuer); + str.append("' "); + } + if (strlen(lex->ssl_cipher)) + { + str.append(" CIPHER '"); + str.append(lex->ssl_cipher); + str.append("' "); + } + } + } +} /**************************************************************************** Handle GRANT commands @@ -10137,10 +10172,10 @@ end: bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) { int result; - String wrong_users; + String wrong_users, binlog_query; LEX_USER *user_name; List_iterator <LEX_USER> user_list(list); - bool binlog= false; + bool if_not_exists= thd->lex->create_info.if_not_exists(); DBUG_ENTER("mysql_create_user"); DBUG_PRINT("entry", ("Handle as %s", handle_as_role ? "role" : "user")); @@ -10209,9 +10244,8 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) } // Proceed with the creation } - else if (thd->lex->create_info.if_not_exists()) + else if (if_not_exists) { - binlog= true; if (handle_as_role) push_warning_printf(thd, Sql_condition::WARN_LEVEL_NOTE, ER_ROLE_CREATE_EXISTS, @@ -10222,7 +10256,7 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) ER_USER_CREATE_EXISTS, ER_THD(thd, ER_USER_CREATE_EXISTS), user_name->user.str, user_name->host.str); - continue; + goto log; } else { @@ -10239,7 +10273,6 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) result= TRUE; continue; } - binlog= true; // every created role is automatically granted to its creator-admin if (handle_as_role) @@ -10273,6 +10306,25 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) &thd->lex->definer->host, &user_name->user, true, NULL, false); } + +log: + if (mysql_bin_log.is_open()) + { + binlog_query.append("CREATE USER "); + if (thd->lex->create_info.if_not_exists()) + binlog_query.append(" IF NOT EXISTS "); + user_name->to_str(binlog_query); + user_require_to_str(thd->lex, binlog_query); + thd->lex->mqh.to_str(binlog_query); + binlog_query.append("/* Generated by server */"); + // Log individual user into binlog + thd->binlog_query(THD::STMT_QUERY_TYPE, + binlog_query.ptr(), + binlog_query.length(), + FALSE, FALSE, if_not_exists, + result ? ER_CANNOT_USER : 0); + binlog_query.release(); + } } mysql_mutex_unlock(&acl_cache->lock); @@ -10282,9 +10334,6 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) (handle_as_role) ? "CREATE ROLE" : "CREATE USER", wrong_users.c_ptr_safe()); - if (binlog) - result |= write_bin_log(thd, FALSE, thd->query(), thd->query_length()); - mysql_rwlock_unlock(&LOCK_grant); DBUG_RETURN(result); } |