replication of GRANT role statement

4ec26a7c · Sergei Golubchik · 4d3e4c29 · 4ec26a7c · 4ec26a7c · 4ec26a7c
Commit 4ec26a7c authored Oct 18, 2013 by Sergei Golubchik
4 changed files
--- a/mysql-test/r/acl_roles_rpl_definer.result
+++ b/mysql-test/r/acl_roles_rpl_definer.result
 include/master-slave.inc
 [connection master]
 create role role1;
-grant execute on test.* to role1;
-grant role1 to current_user;
+create role role2;
+grant execute on test.* to role2;
+grant role2 to role1;
 set role role1;
+show grants;
+Grants for root@localhost
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
+GRANT EXECUTE ON `test`.* TO 'role2'
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+GRANT USAGE ON *.* TO 'role1'
+GRANT USAGE ON *.* TO 'role2'
+GRANT role1 TO 'root'@'localhost' WITH ADMIN OPTION
+GRANT role2 TO 'role1'
+GRANT role2 TO 'root'@'localhost' WITH ADMIN OPTION
 create definer=current_user procedure pcu() select current_user;
 create definer=root@localhost procedure pu() select "root@localhost";
 create definer=current_role procedure pcr() select current_role;
@@ -25,6 +36,17 @@ Procedure	sql_mode	Create Procedure	character_set_client	collation_connection	Da
 pr		CREATE DEFINER=`role1` PROCEDURE `pr`()
 select "role1"	latin1	latin1_swedish_ci	latin1_swedish_ci
 [connection slave]
+set role role1;
+show grants;
+Grants for root@localhost
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
+GRANT EXECUTE ON `test`.* TO 'role2'
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+GRANT USAGE ON *.* TO 'role1'
+GRANT USAGE ON *.* TO 'role2'
+GRANT role1 TO 'root'@'localhost' WITH ADMIN OPTION
+GRANT role2 TO 'role1'
+GRANT role2 TO 'root'@'localhost' WITH ADMIN OPTION
 show create procedure pcu;
 Procedure	sql_mode	Create Procedure	character_set_client	collation_connection	Database Collation
 pcu		CREATE DEFINER=`root`@`localhost` PROCEDURE `pcu`()
@@ -46,4 +68,5 @@ drop procedure pu;
 drop procedure pcr;
 drop procedure pr;
 drop role role1;
+drop role role2;
 include/rpl_end.inc
--- a/mysql-test/t/acl_roles_rpl_definer.test
+++ b/mysql-test/t/acl_roles_rpl_definer.test
@@ -5,9 +5,12 @@
 --source include/master-slave.inc

 create role role1;
-grant execute on test.* to role1;
-grant role1 to current_user;
+create role role2;
+grant execute on test.* to role2;
+grant role2 to role1;
 set role role1;
+--sorted_result
+show grants;

 create definer=current_user procedure pcu() select current_user;
 create definer=root@localhost procedure pu() select "root@localhost";
@@ -23,6 +26,10 @@ sync_slave_with_master;
 connection slave;
 echo [connection slave];

+set role role1;
+--sorted_result
+show grants;
+
 show create procedure pcu;
 show create procedure pu;
 show create procedure pcr;
@@ -35,6 +42,7 @@ drop procedure pu;
 drop procedure pcr;
 drop procedure pr;
 drop role role1;
+drop role role2;

 --source include/rpl_end.inc

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -5769,6 +5769,10 @@ static int can_grant_role_callback(ACL_USER_BASE *grantee,
 static bool can_grant_role(THD *thd, ACL_ROLE *role)
 {
  Security_context *sctx= thd->security_ctx;
+
+  if (!sctx->user) // replication
+    return true;
+
  ACL_USER *grantee= find_user_no_anon(sctx->priv_host, sctx->priv_user, true);
  if (!grantee)
    return false;
@@ -5981,21 +5985,14 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
  }

  mysql_mutex_unlock(&acl_cache->lock);
-  mysql_rwlock_unlock(&LOCK_grant);

  if (result)
-  {
-    if (!revoke)
-    {
-      my_error(ER_CANNOT_GRANT_ROLE, MYF(0), rolename.str,
-               wrong_users.c_ptr_safe());
-    }
-    else
-    {
-      my_error(ER_CANNOT_REVOKE_ROLE, MYF(0), rolename.str,
-               wrong_users.c_ptr_safe());
-    }
-  }
+    my_error(revoke ? ER_CANNOT_REVOKE_ROLE : ER_CANNOT_GRANT_ROLE, MYF(0),
+             rolename.str, wrong_users.c_ptr_safe());
+  else
+    result= write_bin_log(thd, TRUE, thd->query(), thd->query_length());
+
+  mysql_rwlock_unlock(&LOCK_grant);

  DBUG_RETURN(result);
 }

--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -3908,14 +3908,8 @@ end_with_restore_list:
  {
    /* TODO access check */

-    if (thd->security_ctx->user)              // If not replication
-    {
-      if (!(res= mysql_grant_role(thd, lex->users_list,
-                                  lex->sql_command == SQLCOM_GRANT_ROLE ? 0 : 1
-                                  )))
-        my_ok(thd);
-    }
-    else
+    if (!(res= mysql_grant_role(thd, lex->users_list,
+                                lex->sql_command != SQLCOM_GRANT_ROLE)))
      my_ok(thd);
    break;
  }