replication of GRANT role statement

2013-10-18 13:18:03 -07:00 · 2013-10-18 13:18:03 -07:00 · 4ec26a7c2d
commit 4ec26a7c2d
parent 4d3e4c2984
4 changed files with 47 additions and 25 deletions
--- a/mysql-test/r/acl_roles_rpl_definer.result
+++ b/mysql-test/r/acl_roles_rpl_definer.result
@ -1,9 +1,20 @@
 include/master-slave.inc
 [connection master]
 create role role1;
-grant execute on test.* to role1;
-grant role1 to current_user;
+create role role2;
+grant execute on test.* to role2;
+grant role2 to role1;
 set role role1;
+show grants;
+Grants for root@localhost
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
+GRANT EXECUTE ON `test`.* TO 'role2'
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+GRANT USAGE ON *.* TO 'role1'
+GRANT USAGE ON *.* TO 'role2'
+GRANT role1 TO 'root'@'localhost' WITH ADMIN OPTION
+GRANT role2 TO 'role1'
+GRANT role2 TO 'root'@'localhost' WITH ADMIN OPTION
 create definer=current_user procedure pcu() select current_user;
 create definer=root@localhost procedure pu() select "root@localhost";
 create definer=current_role procedure pcr() select current_role;
@ -25,6 +36,17 @@ Procedure	sql_mode	Create Procedure	character_set_client	collation_connection	Da
 pr		CREATE DEFINER=`role1` PROCEDURE `pr`()
 select "role1"	latin1	latin1_swedish_ci	latin1_swedish_ci
 [connection slave]
+set role role1;
+show grants;
+Grants for root@localhost
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
+GRANT EXECUTE ON `test`.* TO 'role2'
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+GRANT USAGE ON *.* TO 'role1'
+GRANT USAGE ON *.* TO 'role2'
+GRANT role1 TO 'root'@'localhost' WITH ADMIN OPTION
+GRANT role2 TO 'role1'
+GRANT role2 TO 'root'@'localhost' WITH ADMIN OPTION
 show create procedure pcu;
 Procedure	sql_mode	Create Procedure	character_set_client	collation_connection	Database Collation
 pcu		CREATE DEFINER=`root`@`localhost` PROCEDURE `pcu`()
@ -46,4 +68,5 @@ drop procedure pu;
 drop procedure pcr;
 drop procedure pr;
 drop role role1;
+drop role role2;
 include/rpl_end.inc
--- a/mysql-test/t/acl_roles_rpl_definer.test
+++ b/mysql-test/t/acl_roles_rpl_definer.test
@ -5,9 +5,12 @@
 --source include/master-slave.inc

 create role role1;
-grant execute on test.* to role1;
-grant role1 to current_user;
+create role role2;
+grant execute on test.* to role2;
+grant role2 to role1;
 set role role1;
+--sorted_result
+show grants;

 create definer=current_user procedure pcu() select current_user;
 create definer=root@localhost procedure pu() select "root@localhost";
@ -23,6 +26,10 @@ sync_slave_with_master;
 connection slave;
 echo [connection slave];

+set role role1;
+--sorted_result
+show grants;
+
 show create procedure pcu;
 show create procedure pu;
 show create procedure pcr;
@ -35,6 +42,7 @@ drop procedure pu;
 drop procedure pcr;
 drop procedure pr;
 drop role role1;
+drop role role2;

 --source include/rpl_end.inc

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -5769,6 +5769,10 @@ static int can_grant_role_callback(ACL_USER_BASE *grantee,
 static bool can_grant_role(THD *thd, ACL_ROLE *role)
 {
  Security_context *sctx= thd->security_ctx;
+
+  if (!sctx->user) // replication
+    return true;
+
  ACL_USER *grantee= find_user_no_anon(sctx->priv_host, sctx->priv_user, true);
  if (!grantee)
    return false;
@ -5981,21 +5985,14 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
  }

  mysql_mutex_unlock(&acl_cache->lock);
-  mysql_rwlock_unlock(&LOCK_grant);

  if (result)
-  {
-    if (!revoke)
-    {
-      my_error(ER_CANNOT_GRANT_ROLE, MYF(0), rolename.str,
-               wrong_users.c_ptr_safe());
-    }
-    else
-    {
-      my_error(ER_CANNOT_REVOKE_ROLE, MYF(0), rolename.str,
-               wrong_users.c_ptr_safe());
-    }
-  }
+    my_error(revoke ? ER_CANNOT_REVOKE_ROLE : ER_CANNOT_GRANT_ROLE, MYF(0),
+             rolename.str, wrong_users.c_ptr_safe());
+  else
+    result= write_bin_log(thd, TRUE, thd->query(), thd->query_length());
+
+  mysql_rwlock_unlock(&LOCK_grant);

  DBUG_RETURN(result);
 }
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@ -3908,14 +3908,8 @@ end_with_restore_list:
  {
    /* TODO access check */

-    if (thd->security_ctx->user)              // If not replication
-    {
-      if (!(res= mysql_grant_role(thd, lex->users_list,
-                                  lex->sql_command == SQLCOM_GRANT_ROLE ? 0 : 1
-                                  )))
-        my_ok(thd);
-    }
-    else
+    if (!(res= mysql_grant_role(thd, lex->users_list,
+                                lex->sql_command != SQLCOM_GRANT_ROLE)))
      my_ok(thd);
    break;
  }