mirror of
https://github.com/MariaDB/server.git
synced 2025-01-19 13:32:33 +01:00
0ba1cc2523
mysql.procs_priv table itself does not get replicated. Inserting routine privilege record into mysql.procs_priv table is triggered by creating function/procedure statements according to current user's privileges. Because the current user of SQL thread has GLOBAL_ACL, which doesn't need any check mysql.procs_priv privilege when create/alter/execute routines. Corresponding GLOBAL_ACL privilege user doesn't insert routine privilege record into mysql.procs_priv when creating a routine. Fixed by switching the current user of SQL thread to definer user if the definer user exists on slave. That populates procs_priv, otherwise to keep the SQL thread user and procs_priv remains unchanged. mysql-test/suite/rpl/r/rpl_do_grant.result: Test case result for routine privilege when definer user exist or not on slave mysql-test/suite/rpl/t/rpl_do_grant.test: Test case result for routine privilege when definer user exist or not on slave sql/sql_parse.cc: Switch current user of SQL thread to definer user if the definer user existes on slave when checking whether the routine privilege is needed to insert mysql.procs_priv table or not.
211 lines
5.9 KiB
Text
211 lines
5.9 KiB
Text
# Works in statement-based and row-based binlogging.
|
|
# Test that GRANT and other user management commands are replicated to the slave
|
|
|
|
-- source include/master-slave.inc
|
|
|
|
# do not be influenced by other tests.
|
|
connection master;
|
|
delete from mysql.user where user=_binary'rpl_do_grant';
|
|
delete from mysql.db where user=_binary'rpl_do_grant';
|
|
flush privileges;
|
|
save_master_pos;
|
|
connection slave;
|
|
sync_with_master;
|
|
# if these DELETE did nothing on the master, we need to do them manually on the
|
|
# slave.
|
|
delete from mysql.user where user=_binary'rpl_ignore_grant';
|
|
delete from mysql.db where user=_binary'rpl_ignore_grant';
|
|
flush privileges;
|
|
|
|
# test replication of GRANT
|
|
connection master;
|
|
grant select on *.* to rpl_do_grant@localhost;
|
|
grant drop on test.* to rpl_do_grant@localhost;
|
|
save_master_pos;
|
|
connection slave;
|
|
sync_with_master;
|
|
show grants for rpl_do_grant@localhost;
|
|
|
|
# test replication of SET PASSWORD
|
|
connection master;
|
|
set password for rpl_do_grant@localhost=password("does it work?");
|
|
save_master_pos;
|
|
connection slave;
|
|
sync_with_master;
|
|
select password<>_binary'' from mysql.user where user=_binary'rpl_do_grant';
|
|
|
|
#
|
|
# Bug#24158 SET PASSWORD in binary log fails under ANSI_QUOTES
|
|
#
|
|
connection master;
|
|
update mysql.user set password='' where user='rpl_do_grant';
|
|
flush privileges;
|
|
select password<>'' from mysql.user where user='rpl_do_grant';
|
|
set sql_mode='ANSI_QUOTES';
|
|
set password for rpl_do_grant@localhost=password('does it work?');
|
|
set sql_mode='';
|
|
save_master_pos;
|
|
connection slave;
|
|
sync_with_master;
|
|
select password<>'' from mysql.user where user='rpl_do_grant';
|
|
|
|
|
|
# clear what we have done, to not influence other tests.
|
|
connection master;
|
|
delete from mysql.user where user=_binary'rpl_do_grant';
|
|
delete from mysql.db where user=_binary'rpl_do_grant';
|
|
flush privileges;
|
|
sync_slave_with_master;
|
|
# The mysql database is not replicated, so we have to do the deletes
|
|
# manually on the slave as well.
|
|
delete from mysql.user where user=_binary'rpl_do_grant';
|
|
delete from mysql.db where user=_binary'rpl_do_grant';
|
|
flush privileges;
|
|
|
|
# End of 4.1 tests
|
|
|
|
connection master;
|
|
--error 1141
|
|
show grants for rpl_do_grant@localhost;
|
|
connection slave;
|
|
--error 1141
|
|
show grants for rpl_do_grant@localhost;
|
|
|
|
connection master;
|
|
create user rpl_do_grant@localhost;
|
|
show grants for rpl_do_grant@localhost;
|
|
--error 1141
|
|
show grants for rpl_do_grant2@localhost;
|
|
sync_slave_with_master;
|
|
show grants for rpl_do_grant@localhost;
|
|
--error 1141
|
|
show grants for rpl_do_grant2@localhost;
|
|
|
|
connection master;
|
|
rename user rpl_do_grant@localhost to rpl_do_grant2@localhost;
|
|
show grants for rpl_do_grant2@localhost;
|
|
sync_slave_with_master;
|
|
show grants for rpl_do_grant2@localhost;
|
|
|
|
connection master;
|
|
grant DELETE,INSERT on mysqltest1.* to rpl_do_grant2@localhost;
|
|
show grants for rpl_do_grant2@localhost;
|
|
sync_slave_with_master;
|
|
show grants for rpl_do_grant2@localhost;
|
|
|
|
connection master;
|
|
revoke DELETE on mysqltest1.* from rpl_do_grant2@localhost;
|
|
show grants for rpl_do_grant2@localhost;
|
|
sync_slave_with_master;
|
|
show grants for rpl_do_grant2@localhost;
|
|
|
|
connection master;
|
|
revoke all privileges, grant option from rpl_do_grant2@localhost;
|
|
show grants for rpl_do_grant2@localhost;
|
|
sync_slave_with_master;
|
|
show grants for rpl_do_grant2@localhost;
|
|
|
|
connection master;
|
|
drop user rpl_do_grant2@localhost;
|
|
--error 1141
|
|
show grants for rpl_do_grant2@localhost;
|
|
sync_slave_with_master;
|
|
--error 1141
|
|
show grants for rpl_do_grant2@localhost;
|
|
|
|
#####################################################
|
|
# Purpose
|
|
# Test whether mysql.procs_priv get replicated
|
|
# Related bugs:
|
|
# BUG42217 mysql.procs_priv does not get replicated
|
|
#####################################################
|
|
connection master;
|
|
|
|
--disable_warnings
|
|
DROP DATABASE IF EXISTS bug42217_db;
|
|
--enable_warnings
|
|
CREATE DATABASE bug42217_db;
|
|
|
|
GRANT CREATE ROUTINE ON bug42217_db.* TO 'create_rout_db'@'localhost'
|
|
IDENTIFIED BY 'create_rout_db' WITH GRANT OPTION;
|
|
|
|
connect (create_rout_db_master, localhost, create_rout_db, create_rout_db, bug42217_db,$MASTER_MYPORT,);
|
|
connect (create_rout_db_slave, localhost, create_rout_db, create_rout_db, bug42217_db, $SLAVE_MYPORT,);
|
|
|
|
connection create_rout_db_master;
|
|
|
|
|
|
USE bug42217_db;
|
|
|
|
DELIMITER //;
|
|
CREATE FUNCTION upgrade_del_func() RETURNS CHAR(30)
|
|
BEGIN
|
|
RETURN "INSIDE upgrade_del_func()";
|
|
END//
|
|
|
|
DELIMITER ;//
|
|
|
|
connection master;
|
|
|
|
USE bug42217_db;
|
|
--replace_column 8 #
|
|
SELECT * FROM mysql.procs_priv;
|
|
SELECT upgrade_del_func();
|
|
|
|
sync_slave_with_master;
|
|
--replace_column 8 #
|
|
SELECT * FROM mysql.procs_priv;
|
|
SHOW GRANTS FOR 'create_rout_db'@'localhost';
|
|
|
|
USE bug42217_db;
|
|
SHOW CREATE FUNCTION upgrade_del_func;
|
|
SELECT upgrade_del_func();
|
|
|
|
--echo "Check whether the definer user will be able to execute the replicated routine on slave"
|
|
connection create_rout_db_slave;
|
|
USE bug42217_db;
|
|
SHOW CREATE FUNCTION upgrade_del_func;
|
|
SELECT upgrade_del_func();
|
|
|
|
connection slave;
|
|
DELETE FROM mysql.procs_priv;
|
|
FLUSH PRIVILEGES;
|
|
USE bug42217_db;
|
|
--echo "Can't execute the replicated routine on slave like before after procs privilege is deleted "
|
|
--error 1370
|
|
SELECT upgrade_del_func();
|
|
|
|
--echo "Test the user who creates a function on master doesn't exist on slave."
|
|
--echo "Hence SQL thread ACL_GLOBAL privilege jumps in and no mysql.procs_priv is inserted"
|
|
DROP USER 'create_rout_db'@'localhost';
|
|
|
|
connection create_rout_db_master;
|
|
DELIMITER //;
|
|
CREATE FUNCTION upgrade_alter_func() RETURNS CHAR(30)
|
|
BEGIN
|
|
RETURN "INSIDE upgrade_alter_func()";
|
|
END//
|
|
DELIMITER ;//
|
|
|
|
connection master;
|
|
SELECT upgrade_alter_func();
|
|
|
|
sync_slave_with_master;
|
|
SHOW CREATE FUNCTION upgrade_alter_func;
|
|
--echo "Should no privilege record for upgrade_alter_func in mysql.procs_priv"
|
|
--replace_column 8 #
|
|
SELECT * FROM mysql.procs_priv;
|
|
--error 1449
|
|
SELECT upgrade_alter_func();
|
|
|
|
###### CLEAN UP SECTION ##############
|
|
disconnect create_rout_db_master;
|
|
disconnect create_rout_db_slave;
|
|
connection master;
|
|
USE bug42217_db;
|
|
DROP FUNCTION upgrade_del_func;
|
|
DROP FUNCTION upgrade_alter_func;
|
|
DROP DATABASE bug42217_db;
|
|
DROP USER 'create_rout_db'@'localhost';
|
|
|
|
--echo "End of test"
|