From 180e74bd492f5f746ab4d570d84cf646d3eb0731 Mon Sep 17 00:00:00 2001 From: Date: Sat, 23 Oct 2010 20:55:44 +0800 Subject: [PATCH] Bug#27606 GRANT statement should be replicated with DEFINER information "Grantor" columns' data is lost when replicating mysql.tables_priv. Slave SQL thread used its default user ''@'' as the grantor of GRANT|REVOKE statements executing on it. In this patch, current user is put in query log event for all GRANT and REVOKE statement, SQL thread uses the user in query log event as grantor. --- mysql-test/suite/rpl/r/rpl_do_grant.result | 23 ++++++++++++++++++++++ mysql-test/suite/rpl/t/rpl_do_grant.test | 21 ++++++++++++++++++++ sql/log_event.cc | 2 +- sql/sql_class.cc | 6 +++--- sql/sql_class.h | 7 +++---- sql/sql_parse.cc | 7 +++++++ 6 files changed, 58 insertions(+), 8 deletions(-) diff --git a/mysql-test/suite/rpl/r/rpl_do_grant.result b/mysql-test/suite/rpl/r/rpl_do_grant.result index 1cea2cfa9ad..6472294fe9d 100644 --- a/mysql-test/suite/rpl/r/rpl_do_grant.result +++ b/mysql-test/suite/rpl/r/rpl_do_grant.result @@ -260,4 +260,27 @@ Log_name Pos Event_type Server_id End_log_pos Info master-bin.000001 # Query # # use `test`; grant all on *.* to foo@"1.2.3.4" master-bin.000001 # Query # # use `test`; revoke all privileges, grant option from "foo" DROP USER foo@"1.2.3.4"; + +# Bug#27606 GRANT statement should be replicated with DEFINER information +stop slave; +drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; +reset master; +reset slave; +drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; +start slave; +GRANT SELECT, INSERT ON mysql.user TO user_bug27606@localhost; +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +Grantor +root@localhost +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +Grantor +root@localhost +REVOKE SELECT ON mysql.user FROM user_bug27606@localhost; +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +Grantor +root@localhost +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +Grantor +root@localhost +DROP USER user_bug27606@localhost; "End of test" diff --git a/mysql-test/suite/rpl/t/rpl_do_grant.test b/mysql-test/suite/rpl/t/rpl_do_grant.test index fb8ea35e869..c65eef6e939 100644 --- a/mysql-test/suite/rpl/t/rpl_do_grant.test +++ b/mysql-test/suite/rpl/t/rpl_do_grant.test @@ -355,4 +355,25 @@ revoke all privileges, grant option from "foo"; DROP USER foo@"1.2.3.4"; -- sync_slave_with_master +--echo +--echo # Bug#27606 GRANT statement should be replicated with DEFINER information +--connection master +--source include/master-slave-reset.inc +--connection master +GRANT SELECT, INSERT ON mysql.user TO user_bug27606@localhost; + +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +sync_slave_with_master; +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; + +--connection master +REVOKE SELECT ON mysql.user FROM user_bug27606@localhost; +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; +sync_slave_with_master; +SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606'; + +--connection master +DROP USER user_bug27606@localhost; + +--source include/master-slave-end.inc --echo "End of test" diff --git a/sql/log_event.cc b/sql/log_event.cc index 041f90a057f..d0635ddac1a 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -2314,7 +2314,7 @@ bool Query_log_event::write(IO_CACHE* file) start+= 4; } - if (thd && thd->is_current_user_used()) + if (thd && thd->need_binlog_invoker()) { LEX_STRING user; LEX_STRING host; diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 44bb6d51c6c..a61ce7bfd14 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -738,7 +738,7 @@ THD::THD() thr_lock_owner_init(&main_lock_id, &lock_info); m_internal_handler= NULL; - current_user_used= FALSE; + m_binlog_invoker= FALSE; memset(&invoker_user, 0, sizeof(invoker_user)); memset(&invoker_host, 0, sizeof(invoker_host)); } @@ -1247,7 +1247,7 @@ void THD::cleanup_after_query() where= THD::DEFAULT_WHERE; /* reset table map for multi-table update */ table_map_for_update= 0; - clean_current_user_used(); + m_binlog_invoker= FALSE; } @@ -3281,7 +3281,7 @@ void THD::set_query(char *query_arg, uint32 query_length_arg) void THD::get_definer(LEX_USER *definer) { - set_current_user_used(); + binlog_invoker(); #if !defined(MYSQL_CLIENT) && defined(HAVE_REPLICATION) if (slave_thread && has_invoker()) { diff --git a/sql/sql_class.h b/sql/sql_class.h index 42c873e9fc3..774ae4abac4 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -2344,9 +2344,8 @@ public: Protected with LOCK_thd_data mutex. */ void set_query(char *query_arg, uint32 query_length_arg); - void set_current_user_used() { current_user_used= TRUE; } - bool is_current_user_used() { return current_user_used; } - void clean_current_user_used() { current_user_used= FALSE; } + void binlog_invoker() { m_binlog_invoker= TRUE; } + bool need_binlog_invoker() { return m_binlog_invoker; } void get_definer(LEX_USER *definer); void set_invoker(const LEX_STRING *user, const LEX_STRING *host) { @@ -2384,7 +2383,7 @@ private: Current user will be binlogged into Query_log_event if current_user_used is TRUE; It will be stored into invoker_host and invoker_user by SQL thread. */ - bool current_user_used; + bool m_binlog_invoker; /** It points to the invoker in the Query_log_event. diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index b38cdf4a983..7cf64134d70 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3923,6 +3923,10 @@ end_with_restore_list: if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) && check_global_access(thd,CREATE_USER_ACL)) break; + + /* Replicate current user as grantor */ + thd->binlog_invoker(); + /* Conditionally writes to binlog */ if (!(res = mysql_revoke_all(thd, lex->users_list))) my_ok(thd); @@ -3943,6 +3947,9 @@ end_with_restore_list: is_schema_db(select_lex->db) : 0)) goto error; + /* Replicate current user as grantor */ + thd->binlog_invoker(); + if (thd->security_ctx->user) // If not replication { LEX_USER *user, *tmp_user;