diff --git a/mysql-test/r/plugin_auth_qa_2.result b/mysql-test/r/plugin_auth_qa_2.result index a73cc25418c..99fe9c6f5a9 100644 --- a/mysql-test/r/plugin_auth_qa_2.result +++ b/mysql-test/r/plugin_auth_qa_2.result @@ -15,7 +15,7 @@ NULL SELECT @@external_user; @@external_user NULL -exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 current_user() user() @@local.proxy_user @@local.external_user qa_test_1_user@% qa_test_1_user@localhost NULL NULL SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; @@ -42,7 +42,7 @@ NULL SELECT @@external_user; @@external_user NULL -exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 current_user() user() @@local.proxy_user @@local.external_user authenticated_as@% user_name@localhost 'qa_test_2_user'@'%' 'qa_test_2_user'@'%' SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; @@ -58,7 +58,7 @@ CREATE USER qa_test_3_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_3_dest' CREATE USER qa_test_3_dest IDENTIFIED BY 'dest_passwd'; GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_3_dest identified by 'dest_passwd'; GRANT PROXY ON qa_test_3_dest TO qa_test_3_user; -exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 current_user() user() @@local.proxy_user @@local.external_user qa_test_3_dest@% qa_test_3_user@localhost 'qa_test_3_user'@'%' 'qa_test_3_user'@'%' DROP USER qa_test_3_user; @@ -68,7 +68,7 @@ CREATE USER qa_test_4_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_4_dest' CREATE USER qa_test_4_dest IDENTIFIED BY 'dest_passwd'; GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_4_dest identified by 'dest_passwd'; GRANT PROXY ON qa_test_4_dest TO qa_test_4_user; -exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 current_user() user() @@local.proxy_user @@local.external_user qa_test_4_dest@% qa_test_4_user@localhost 'qa_test_4_user'@'%' 'qa_test_4_user'@'%' DROP USER qa_test_4_user; @@ -84,9 +84,9 @@ GRANT PROXY ON qa_test_5_dest TO ''@'localhost'; SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; user plugin authentication_string password *DFCACE76914AD7BD801FC1A1ECF6562272621A22 -qa_test_5_user qa_auth_interface qa_test_5_dest qa_test_5_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22 -exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +qa_test_5_user qa_auth_interface qa_test_5_dest +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 ERROR 1045 (28000): Access denied for user 'qa_test_5_user'@'localhost' (using password: YES) DROP USER qa_test_5_user; DROP USER qa_test_5_dest; @@ -98,34 +98,37 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_pas GRANT PROXY ON qa_test_6_dest TO qa_test_6_user; SELECT user,plugin,authentication_string,password FROM mysql.user; user plugin authentication_string password -root -root -root -qa_test_6_user qa_auth_interface qa_test_6_dest qa_test_6_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22 -exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +qa_test_6_user qa_auth_interface qa_test_6_dest +root +root +root +root +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 ERROR 1045 (28000): Access denied for user 'qa_test_6_user'@'localhost' (using password: YES) GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest'; SELECT user,plugin,authentication_string,password FROM mysql.user; user plugin authentication_string password -root -root -root -qa_test_6_user qa_auth_interface qa_test_6_dest qa_test_6_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22 +qa_test_6_user qa_auth_interface qa_test_6_dest +root +root +root +root root qa_auth_interface qa_test_6_dest -exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) REVOKE PROXY ON qa_test_6_dest FROM root; SELECT user,plugin,authentication_string FROM mysql.user; user plugin authentication_string -root -root -root -qa_test_6_user qa_auth_interface qa_test_6_dest qa_test_6_dest +qa_test_6_user qa_auth_interface qa_test_6_dest +root +root +root +root root qa_auth_interface qa_test_6_dest -exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) DROP USER qa_test_6_user; DROP USER qa_test_6_dest; @@ -135,12 +138,13 @@ user plugin authentication_string password root root root +root === Test of the --default_auth option for clients ==== CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_11_dest'; CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd'; GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd'; GRANT PROXY ON qa_test_11_dest TO qa_test_11_user; -exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 ERROR 1045 (28000): Access denied for user 'qa_test_11_user'@'localhost' (using password: YES) DROP USER qa_test_11_user, qa_test_11_dest; DROP DATABASE test_user_db; diff --git a/mysql-test/r/plugin_auth_qa_3.result b/mysql-test/r/plugin_auth_qa_3.result index 92d47bcf580..d94d8879e7d 100644 --- a/mysql-test/r/plugin_auth_qa_3.result +++ b/mysql-test/r/plugin_auth_qa_3.result @@ -2,10 +2,10 @@ CREATE DATABASE test_user_db; CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_server AS 'qa_test_11_dest'; GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd'; GRANT PROXY ON qa_test_11_dest TO qa_test_11_user; -exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 current_user() user() @@local.proxy_user @@local.external_user qa_test_11_dest@% qa_test_11_user@localhost 'qa_test_11_user'@'%' 'qa_test_11_user'@'%' -exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P MASTER_MYPORT -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 ERROR 1045 (28000): Access denied for user 'qa_test_2_user'@'localhost' (using password: NO) DROP USER qa_test_11_user, qa_test_11_dest; DROP DATABASE test_user_db; diff --git a/mysql-test/suite/rpl/r/rpl_do_grant.result b/mysql-test/suite/rpl/r/rpl_do_grant.result index ce0417cce07..0739fcbcc5c 100644 --- a/mysql-test/suite/rpl/r/rpl_do_grant.result +++ b/mysql-test/suite/rpl/r/rpl_do_grant.result @@ -264,4 +264,27 @@ Log_name Pos Event_type Server_id End_log_pos Info master-bin.000001 # Query # # use `test`; grant all on *.* to foo@"1.2.3.4" master-bin.000001 # Query # # use `test`; revoke all privileges, grant option from "foo" DROP USER foo@"1.2.3.4"; + +# Bug#27606 GRANT statement should be replicated with DEFINER information +stop slave; +drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; +reset master; +reset slave; +drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; +start slave; +GRANT SELECT, INSERT ON mysql.user TO user_bug27606@localhost; +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +Grantor +root@localhost +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +Grantor +root@localhost +REVOKE SELECT ON mysql.user FROM user_bug27606@localhost; +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +Grantor +root@localhost +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +Grantor +root@localhost +DROP USER user_bug27606@localhost; "End of test" diff --git a/mysql-test/suite/rpl/t/rpl_do_grant.test b/mysql-test/suite/rpl/t/rpl_do_grant.test index 37358077145..2ac36e62563 100644 --- a/mysql-test/suite/rpl/t/rpl_do_grant.test +++ b/mysql-test/suite/rpl/t/rpl_do_grant.test @@ -347,4 +347,25 @@ revoke all privileges, grant option from "foo"; DROP USER foo@"1.2.3.4"; -- sync_slave_with_master +--echo +--echo # Bug#27606 GRANT statement should be replicated with DEFINER information +--connection master +--source include/master-slave-reset.inc +--connection master +GRANT SELECT, INSERT ON mysql.user TO user_bug27606@localhost; + +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +sync_slave_with_master; +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; + +--connection master +REVOKE SELECT ON mysql.user FROM user_bug27606@localhost; +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +sync_slave_with_master; +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; + +--connection master +DROP USER user_bug27606@localhost; + +--source include/master-slave-end.inc --echo "End of test" diff --git a/mysql-test/t/plugin_auth_qa_1.test b/mysql-test/t/plugin_auth_qa_1.test index d7a7afe9407..06908935b01 100644 --- a/mysql-test/t/plugin_auth_qa_1.test +++ b/mysql-test/t/plugin_auth_qa_1.test @@ -14,10 +14,11 @@ SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; GRANT PROXY ON plug_dest TO plug_user; ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +--replace_result $MASTER_MYSOCK MASTER_MYSOCK $PLUGIN_AUTH_OPT PLUGIN_AUTH_OPT +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 REVOKE PROXY ON plug_dest FROM plug_user; --error 1 ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 DROP USER plug_user,plug_dest; # # GRANT...WITH @@ -29,15 +30,17 @@ GRANT PROXY ON plug_dest TO plug_user; --sorted_result SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; --echo 1) ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +--replace_result $MASTER_MYSOCK MASTER_MYSOCK $PLUGIN_AUTH_OPT PLUGIN_AUTH_OPT +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user' IDENTIFIED WITH test_plugin_server AS 'plug_dest'; --echo 2) ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +--replace_result $MASTER_MYSOCK MASTER_MYSOCK $PLUGIN_AUTH_OPT PLUGIN_AUTH_OPT +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 REVOKE PROXY ON plug_dest FROM plug_user; --echo 3) --error 1 ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 DROP USER plug_user,plug_dest; # # GRANT...WITH/CREATE...BY @@ -46,10 +49,11 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; --echo 1) --error 1 ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 GRANT PROXY ON plug_dest TO plug_user; --echo 2) ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +--replace_result $MASTER_MYSOCK MASTER_MYSOCK $PLUGIN_AUTH_OPT PLUGIN_AUTH_OPT +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user' IDENTIFIED WITH test_plugin_server AS 'plug_dest'; #REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_dest' @@ -63,13 +67,14 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; GRANT PROXY ON plug_dest TO plug_user; ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 +--replace_result $MASTER_MYSOCK MASTER_MYSOCK $PLUGIN_AUTH_OPT PLUGIN_AUTH_OPT +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 RENAME USER plug_dest TO new_dest; --error 1 ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 GRANT PROXY ON new_dest TO plug_user; --error 1 ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1 +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1 --sorted_result SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; DROP USER plug_user,new_dest; @@ -79,15 +84,16 @@ CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; --error 1 ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 GRANT PROXY ON plug_dest TO plug_user; ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 +--replace_result $MASTER_MYSOCK MASTER_MYSOCK $PLUGIN_AUTH_OPT PLUGIN_AUTH_OPT +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 RENAME USER plug_dest TO new_dest; --error 1 ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 GRANT PROXY ON new_dest TO plug_user; --error 1 ---exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1 +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user $PLUGIN_AUTH_OPT --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1 --sorted_result SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; DROP USER plug_user,new_dest; diff --git a/mysql-test/t/plugin_auth_qa_2.test b/mysql-test/t/plugin_auth_qa_2.test index 053e89166b7..e265690dc7d 100644 --- a/mysql-test/t/plugin_auth_qa_2.test +++ b/mysql-test/t/plugin_auth_qa_2.test @@ -20,7 +20,7 @@ SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; SELECT @@proxy_user; SELECT @@external_user; ---echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --sorted_result @@ -42,7 +42,7 @@ SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; SELECT @@proxy_user; SELECT @@external_user; ---echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --sorted_result @@ -59,7 +59,7 @@ CREATE USER qa_test_3_dest IDENTIFIED BY 'dest_passwd'; GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_3_dest identified by 'dest_passwd'; GRANT PROXY ON qa_test_3_dest TO qa_test_3_user; ---echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 DROP USER qa_test_3_user; @@ -72,7 +72,7 @@ CREATE USER qa_test_4_dest IDENTIFIED BY 'dest_passwd'; GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_4_dest identified by 'dest_passwd'; GRANT PROXY ON qa_test_4_dest TO qa_test_4_user; ---echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 DROP USER qa_test_4_user; @@ -88,9 +88,10 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'localhost' identified by 'dest_pas GRANT PROXY ON qa_test_5_dest TO qa_test_5_user; GRANT PROXY ON qa_test_5_dest TO ''@'localhost'; +--sorted_result SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; ---echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --error 1 --exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 @@ -105,29 +106,33 @@ CREATE USER qa_test_6_dest IDENTIFIED BY 'dest_passwd'; GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_passwd'; GRANT PROXY ON qa_test_6_dest TO qa_test_6_user; +--sorted_result SELECT user,plugin,authentication_string,password FROM mysql.user; ---echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --error 1 --exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest'; +--sorted_result SELECT user,plugin,authentication_string,password FROM mysql.user; ---echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --error 1 --exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 REVOKE PROXY ON qa_test_6_dest FROM root; +--sorted_result SELECT user,plugin,authentication_string FROM mysql.user; ---echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --error 1 --exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 DROP USER qa_test_6_user; DROP USER qa_test_6_dest; DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface'; +--sorted_result SELECT user,plugin,authentication_string,password FROM mysql.user; @@ -138,7 +143,7 @@ CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd'; GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd'; GRANT PROXY ON qa_test_11_dest TO qa_test_11_user; ---echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --error 1 --exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 diff --git a/mysql-test/t/plugin_auth_qa_3.test b/mysql-test/t/plugin_auth_qa_3.test index 4fe02f10ba6..f7d90226332 100644 --- a/mysql-test/t/plugin_auth_qa_3.test +++ b/mysql-test/t/plugin_auth_qa_3.test @@ -12,10 +12,10 @@ CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_server AS 'qa_test_11_dest'; GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd'; GRANT PROXY ON qa_test_11_dest TO qa_test_11_user; ---echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 ---echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P MASTER_MYPORT -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --error 1 --exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 diff --git a/sql/log_event.cc b/sql/log_event.cc index e96f45aedc8..b4641af07c5 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -2332,7 +2332,7 @@ bool Query_log_event::write(IO_CACHE* file) start+= 4; } - if (thd && thd->is_current_user_used()) + if (thd && thd->need_binlog_invoker()) { LEX_STRING user; LEX_STRING host; diff --git a/sql/sql_class.cc b/sql/sql_class.cc index da61c67f1c8..c848d686299 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -631,7 +631,7 @@ THD::THD() thr_lock_info_init(&lock_info); /* safety: will be reset after start */ m_internal_handler= NULL; - current_user_used= FALSE; + m_binlog_invoker= FALSE; memset(&invoker_user, 0, sizeof(invoker_user)); memset(&invoker_host, 0, sizeof(invoker_host)); } @@ -1375,7 +1375,7 @@ void THD::cleanup_after_query() where= THD::DEFAULT_WHERE; /* reset table map for multi-table update */ table_map_for_update= 0; - clean_current_user_used(); + m_binlog_invoker= FALSE; } @@ -3506,7 +3506,7 @@ void THD::leave_locked_tables_mode() void THD::get_definer(LEX_USER *definer) { - set_current_user_used(); + binlog_invoker(); #if !defined(MYSQL_CLIENT) && defined(HAVE_REPLICATION) if (slave_thread && has_invoker()) { diff --git a/sql/sql_class.h b/sql/sql_class.h index 8b0399037ea..8c444f34364 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -2702,9 +2702,8 @@ public: } void leave_locked_tables_mode(); int decide_logging_format(TABLE_LIST *tables); - void set_current_user_used() { current_user_used= TRUE; } - bool is_current_user_used() { return current_user_used; } - void clean_current_user_used() { current_user_used= FALSE; } + void binlog_invoker() { m_binlog_invoker= TRUE; } + bool need_binlog_invoker() { return m_binlog_invoker; } void get_definer(LEX_USER *definer); void set_invoker(const LEX_STRING *user, const LEX_STRING *host) { @@ -2745,7 +2744,7 @@ private: Current user will be binlogged into Query_log_event if current_user_used is TRUE; It will be stored into invoker_host and invoker_user by SQL thread. */ - bool current_user_used; + bool m_binlog_invoker; /** It points to the invoker in the Query_log_event. diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 8a7f42b462d..c09a4abb2c8 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3430,6 +3430,10 @@ end_with_restore_list: if (check_access(thd, UPDATE_ACL, "mysql", NULL, NULL, 1, 1) && check_global_access(thd,CREATE_USER_ACL)) break; + + /* Replicate current user as grantor */ + thd->binlog_invoker(); + /* Conditionally writes to binlog */ if (!(res = mysql_revoke_all(thd, lex->users_list))) my_ok(thd); @@ -3446,6 +3450,9 @@ end_with_restore_list: first_table ? 0 : 1, 0)) goto error; + /* Replicate current user as grantor */ + thd->binlog_invoker(); + if (thd->security_ctx->user) // If not replication { LEX_USER *user, *tmp_user;