mirror of
https://github.com/MariaDB/server.git
synced 2026-05-06 07:05:33 +02:00
replication of GRANT role statement
This commit is contained in:
Sergei Golubchik
parent
4d3e4c2984
commit
4ec26a7c2d
4 changed files with 47 additions and 25 deletions
|
|
@ -1,9 +1,20 @@
|
|||
include/master-slave.inc
|
||||
[connection master]
|
||||
create role role1;
|
||||
grant execute on test.* to role1;
|
||||
grant role1 to current_user;
|
||||
create role role2;
|
||||
grant execute on test.* to role2;
|
||||
grant role2 to role1;
|
||||
set role role1;
|
||||
show grants;
|
||||
Grants for root@localhost
|
||||
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
|
||||
GRANT EXECUTE ON `test`.* TO 'role2'
|
||||
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
|
||||
GRANT USAGE ON *.* TO 'role1'
|
||||
GRANT USAGE ON *.* TO 'role2'
|
||||
GRANT role1 TO 'root'@'localhost' WITH ADMIN OPTION
|
||||
GRANT role2 TO 'role1'
|
||||
GRANT role2 TO 'root'@'localhost' WITH ADMIN OPTION
|
||||
create definer=current_user procedure pcu() select current_user;
|
||||
create definer=root@localhost procedure pu() select "root@localhost";
|
||||
create definer=current_role procedure pcr() select current_role;
|
||||
|
|
@ -25,6 +36,17 @@ Procedure sql_mode Create Procedure character_set_client collation_connection Da
|
|||
pr CREATE DEFINER=`role1` PROCEDURE `pr`()
|
||||
select "role1" latin1 latin1_swedish_ci latin1_swedish_ci
|
||||
[connection slave]
|
||||
set role role1;
|
||||
show grants;
|
||||
Grants for root@localhost
|
||||
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
|
||||
GRANT EXECUTE ON `test`.* TO 'role2'
|
||||
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
|
||||
GRANT USAGE ON *.* TO 'role1'
|
||||
GRANT USAGE ON *.* TO 'role2'
|
||||
GRANT role1 TO 'root'@'localhost' WITH ADMIN OPTION
|
||||
GRANT role2 TO 'role1'
|
||||
GRANT role2 TO 'root'@'localhost' WITH ADMIN OPTION
|
||||
show create procedure pcu;
|
||||
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
|
||||
pcu CREATE DEFINER=`root`@`localhost` PROCEDURE `pcu`()
|
||||
|
|
@ -46,4 +68,5 @@ drop procedure pu;
|
|||
drop procedure pcr;
|
||||
drop procedure pr;
|
||||
drop role role1;
|
||||
drop role role2;
|
||||
include/rpl_end.inc
|
||||
|
|
|
|||
|
|
@ -5,9 +5,12 @@
|
|||
--source include/master-slave.inc
|
||||
|
||||
create role role1;
|
||||
grant execute on test.* to role1;
|
||||
grant role1 to current_user;
|
||||
create role role2;
|
||||
grant execute on test.* to role2;
|
||||
grant role2 to role1;
|
||||
set role role1;
|
||||
--sorted_result
|
||||
show grants;
|
||||
|
||||
create definer=current_user procedure pcu() select current_user;
|
||||
create definer=root@localhost procedure pu() select "root@localhost";
|
||||
|
|
@ -23,6 +26,10 @@ sync_slave_with_master;
|
|||
connection slave;
|
||||
echo [connection slave];
|
||||
|
||||
set role role1;
|
||||
--sorted_result
|
||||
show grants;
|
||||
|
||||
show create procedure pcu;
|
||||
show create procedure pu;
|
||||
show create procedure pcr;
|
||||
|
|
@ -35,6 +42,7 @@ drop procedure pu;
|
|||
drop procedure pcr;
|
||||
drop procedure pr;
|
||||
drop role role1;
|
||||
drop role role2;
|
||||
|
||||
--source include/rpl_end.inc
|
||||
|
||||
|
|
|
|||
|
|
@ -5769,6 +5769,10 @@ static int can_grant_role_callback(ACL_USER_BASE *grantee,
|
|||
static bool can_grant_role(THD *thd, ACL_ROLE *role)
|
||||
{
|
||||
Security_context *sctx= thd->security_ctx;
|
||||
|
||||
if (!sctx->user) // replication
|
||||
return true;
|
||||
|
||||
ACL_USER *grantee= find_user_no_anon(sctx->priv_host, sctx->priv_user, true);
|
||||
if (!grantee)
|
||||
return false;
|
||||
|
|
@ -5981,21 +5985,14 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
|
|||
}
|
||||
|
||||
mysql_mutex_unlock(&acl_cache->lock);
|
||||
mysql_rwlock_unlock(&LOCK_grant);
|
||||
|
||||
if (result)
|
||||
{
|
||||
if (!revoke)
|
||||
{
|
||||
my_error(ER_CANNOT_GRANT_ROLE, MYF(0), rolename.str,
|
||||
wrong_users.c_ptr_safe());
|
||||
}
|
||||
else
|
||||
{
|
||||
my_error(ER_CANNOT_REVOKE_ROLE, MYF(0), rolename.str,
|
||||
wrong_users.c_ptr_safe());
|
||||
}
|
||||
}
|
||||
my_error(revoke ? ER_CANNOT_REVOKE_ROLE : ER_CANNOT_GRANT_ROLE, MYF(0),
|
||||
rolename.str, wrong_users.c_ptr_safe());
|
||||
else
|
||||
result= write_bin_log(thd, TRUE, thd->query(), thd->query_length());
|
||||
|
||||
mysql_rwlock_unlock(&LOCK_grant);
|
||||
|
||||
DBUG_RETURN(result);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3908,14 +3908,8 @@ end_with_restore_list:
|
|||
{
|
||||
/* TODO access check */
|
||||
|
||||
if (thd->security_ctx->user) // If not replication
|
||||
{
|
||||
if (!(res= mysql_grant_role(thd, lex->users_list,
|
||||
lex->sql_command == SQLCOM_GRANT_ROLE ? 0 : 1
|
||||
)))
|
||||
my_ok(thd);
|
||||
}
|
||||
else
|
||||
if (!(res= mysql_grant_role(thd, lex->users_list,
|
||||
lex->sql_command != SQLCOM_GRANT_ROLE)))
|
||||
my_ok(thd);
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue