1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
|
include/master-slave.inc
[connection master]
delete from mysql.user where user=_binary'rpl_do_grant';
delete from mysql.db where user=_binary'rpl_do_grant';
flush privileges;
delete from mysql.user where user=_binary'rpl_ignore_grant';
delete from mysql.db where user=_binary'rpl_ignore_grant';
flush privileges;
grant select on *.* to rpl_do_grant@localhost;
grant drop on test.* to rpl_do_grant@localhost;
show grants for rpl_do_grant@localhost;
Grants for rpl_do_grant@localhost
GRANT SELECT ON *.* TO 'rpl_do_grant'@'localhost'
GRANT DROP ON `test`.* TO 'rpl_do_grant'@'localhost'
set password for rpl_do_grant@localhost=password("does it work?");
select password<>_binary'' from mysql.user where user=_binary'rpl_do_grant';
password<>_binary''
1
update mysql.user set password='' where user='rpl_do_grant';
flush privileges;
select password<>'' from mysql.user where user='rpl_do_grant';
password<>''
0
set sql_mode='ANSI_QUOTES';
set password for rpl_do_grant@localhost=password('does it work?');
set sql_mode='';
select password<>'' from mysql.user where user='rpl_do_grant';
password<>''
1
delete from mysql.user where user=_binary'rpl_do_grant';
delete from mysql.db where user=_binary'rpl_do_grant';
flush privileges;
delete from mysql.user where user=_binary'rpl_do_grant';
delete from mysql.db where user=_binary'rpl_do_grant';
flush privileges;
show grants for rpl_do_grant@localhost;
ERROR 42000: There is no such grant defined for user 'rpl_do_grant' on host 'localhost'
show grants for rpl_do_grant@localhost;
ERROR 42000: There is no such grant defined for user 'rpl_do_grant' on host 'localhost'
create user rpl_do_grant@localhost;
show grants for rpl_do_grant@localhost;
Grants for rpl_do_grant@localhost
GRANT USAGE ON *.* TO 'rpl_do_grant'@'localhost'
show grants for rpl_do_grant2@localhost;
ERROR 42000: There is no such grant defined for user 'rpl_do_grant2' on host 'localhost'
show grants for rpl_do_grant@localhost;
Grants for rpl_do_grant@localhost
GRANT USAGE ON *.* TO 'rpl_do_grant'@'localhost'
show grants for rpl_do_grant2@localhost;
ERROR 42000: There is no such grant defined for user 'rpl_do_grant2' on host 'localhost'
rename user rpl_do_grant@localhost to rpl_do_grant2@localhost;
show grants for rpl_do_grant2@localhost;
Grants for rpl_do_grant2@localhost
GRANT USAGE ON *.* TO 'rpl_do_grant2'@'localhost'
show grants for rpl_do_grant2@localhost;
Grants for rpl_do_grant2@localhost
GRANT USAGE ON *.* TO 'rpl_do_grant2'@'localhost'
grant DELETE,INSERT on mysqltest1.* to rpl_do_grant2@localhost;
show grants for rpl_do_grant2@localhost;
Grants for rpl_do_grant2@localhost
GRANT USAGE ON *.* TO 'rpl_do_grant2'@'localhost'
GRANT INSERT, DELETE ON `mysqltest1`.* TO 'rpl_do_grant2'@'localhost'
show grants for rpl_do_grant2@localhost;
Grants for rpl_do_grant2@localhost
GRANT USAGE ON *.* TO 'rpl_do_grant2'@'localhost'
GRANT INSERT, DELETE ON `mysqltest1`.* TO 'rpl_do_grant2'@'localhost'
revoke DELETE on mysqltest1.* from rpl_do_grant2@localhost;
show grants for rpl_do_grant2@localhost;
Grants for rpl_do_grant2@localhost
GRANT USAGE ON *.* TO 'rpl_do_grant2'@'localhost'
GRANT INSERT ON `mysqltest1`.* TO 'rpl_do_grant2'@'localhost'
show grants for rpl_do_grant2@localhost;
Grants for rpl_do_grant2@localhost
GRANT USAGE ON *.* TO 'rpl_do_grant2'@'localhost'
GRANT INSERT ON `mysqltest1`.* TO 'rpl_do_grant2'@'localhost'
revoke all privileges, grant option from rpl_do_grant2@localhost;
show grants for rpl_do_grant2@localhost;
Grants for rpl_do_grant2@localhost
GRANT USAGE ON *.* TO 'rpl_do_grant2'@'localhost'
show grants for rpl_do_grant2@localhost;
Grants for rpl_do_grant2@localhost
GRANT USAGE ON *.* TO 'rpl_do_grant2'@'localhost'
drop user rpl_do_grant2@localhost;
show grants for rpl_do_grant2@localhost;
ERROR 42000: There is no such grant defined for user 'rpl_do_grant2' on host 'localhost'
show grants for rpl_do_grant2@localhost;
ERROR 42000: There is no such grant defined for user 'rpl_do_grant2' on host 'localhost'
call mtr.add_suppression("Slave: Operation DROP USER failed for 'create_rout_db'@'localhost' error.* 1396");
DROP DATABASE IF EXISTS bug42217_db;
CREATE DATABASE bug42217_db;
GRANT CREATE ROUTINE ON bug42217_db.* TO 'create_rout_db'@'localhost'
IDENTIFIED BY 'create_rout_db' WITH GRANT OPTION;
USE bug42217_db;
CREATE FUNCTION upgrade_del_func() RETURNS CHAR(30)
BEGIN
RETURN "INSIDE upgrade_del_func()";
END//
USE bug42217_db;
SELECT * FROM mysql.procs_priv;
Host Db User Routine_name Routine_type Grantor Proc_priv Timestamp
localhost bug42217_db create_rout_db upgrade_del_func FUNCTION create_rout_db@localhost Execute,Alter Routine #
SELECT upgrade_del_func();
upgrade_del_func()
INSIDE upgrade_del_func()
SELECT * FROM mysql.procs_priv;
Host Db User Routine_name Routine_type Grantor Proc_priv Timestamp
localhost bug42217_db create_rout_db upgrade_del_func FUNCTION create_rout_db@localhost Execute,Alter Routine #
SHOW GRANTS FOR 'create_rout_db'@'localhost';
Grants for create_rout_db@localhost
GRANT USAGE ON *.* TO 'create_rout_db'@'localhost' IDENTIFIED BY PASSWORD '*08792480350CBA057BDE781B9DF183B263934601'
GRANT CREATE ROUTINE ON `bug42217_db`.* TO 'create_rout_db'@'localhost' WITH GRANT OPTION
GRANT EXECUTE, ALTER ROUTINE ON FUNCTION `bug42217_db`.`upgrade_del_func` TO 'create_rout_db'@'localhost'
USE bug42217_db;
SHOW CREATE FUNCTION upgrade_del_func;
Function sql_mode Create Function character_set_client collation_connection Database Collation
upgrade_del_func CREATE DEFINER=`create_rout_db`@`localhost` FUNCTION `upgrade_del_func`() RETURNS char(30) CHARSET latin1
BEGIN
RETURN "INSIDE upgrade_del_func()";
END latin1 latin1_swedish_ci latin1_swedish_ci
SELECT upgrade_del_func();
upgrade_del_func()
INSIDE upgrade_del_func()
"Check whether the definer user will be able to execute the replicated routine on slave"
USE bug42217_db;
SHOW CREATE FUNCTION upgrade_del_func;
Function sql_mode Create Function character_set_client collation_connection Database Collation
upgrade_del_func CREATE DEFINER=`create_rout_db`@`localhost` FUNCTION `upgrade_del_func`() RETURNS char(30) CHARSET latin1
BEGIN
RETURN "INSIDE upgrade_del_func()";
END latin1 latin1_swedish_ci latin1_swedish_ci
SELECT upgrade_del_func();
upgrade_del_func()
INSIDE upgrade_del_func()
DELETE FROM mysql.procs_priv;
FLUSH PRIVILEGES;
USE bug42217_db;
"Can't execute the replicated routine on slave like before after procs privilege is deleted "
SELECT upgrade_del_func();
ERROR 42000: execute command denied to user 'create_rout_db'@'localhost' for routine 'bug42217_db.upgrade_del_func'
"Test the user who creates a function on master doesn't exist on slave."
"Hence SQL thread ACL_GLOBAL privilege jumps in and no mysql.procs_priv is inserted"
DROP USER 'create_rout_db'@'localhost';
CREATE FUNCTION upgrade_alter_func() RETURNS CHAR(30)
BEGIN
RETURN "INSIDE upgrade_alter_func()";
END//
SELECT upgrade_alter_func();
upgrade_alter_func()
INSIDE upgrade_alter_func()
SHOW CREATE FUNCTION upgrade_alter_func;
Function sql_mode Create Function character_set_client collation_connection Database Collation
upgrade_alter_func CREATE DEFINER=`create_rout_db`@`localhost` FUNCTION `upgrade_alter_func`() RETURNS char(30) CHARSET latin1
BEGIN
RETURN "INSIDE upgrade_alter_func()";
END latin1 latin1_swedish_ci latin1_swedish_ci
"Should no privilege record for upgrade_alter_func in mysql.procs_priv"
SELECT * FROM mysql.procs_priv;
Host Db User Routine_name Routine_type Grantor Proc_priv Timestamp
SELECT upgrade_alter_func();
ERROR HY000: The user specified as a definer ('create_rout_db'@'localhost') does not exist
USE bug42217_db;
DROP FUNCTION upgrade_del_func;
DROP FUNCTION upgrade_alter_func;
DROP DATABASE bug42217_db;
SET SQL_LOG_BIN= 0;
DROP USER 'create_rout_db'@'localhost';
SET SQL_LOG_BIN= 1;
include/rpl_reset.inc
USE test;
######## BUG#49119 #######
### i) test case from the 'how to repeat section'
CREATE TABLE t1(c1 INT);
CREATE PROCEDURE p1() SELECT * FROM t1 |
REVOKE EXECUTE ON PROCEDURE p1 FROM 'root'@'localhost';
ERROR 42000: There is no such grant defined for user 'root' on host 'localhost' on routine 'p1'
DROP TABLE t1;
DROP PROCEDURE p1;
### ii) Test case in which REVOKE partially succeeds
include/rpl_reset.inc
CREATE TABLE t1(c1 INT);
CREATE PROCEDURE p1() SELECT * FROM t1 |
CREATE USER 'user49119'@'localhost';
GRANT EXECUTE ON PROCEDURE p1 TO 'user49119'@'localhost';
##############################################################
### Showing grants for both users: root and user49119 (master)
SHOW GRANTS FOR 'user49119'@'localhost';
Grants for user49119@localhost
GRANT USAGE ON *.* TO 'user49119'@'localhost'
GRANT EXECUTE ON PROCEDURE `test`.`p1` TO 'user49119'@'localhost'
SHOW GRANTS FOR CURRENT_USER;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
##############################################################
##############################################################
### Showing grants for both users: root and user49119 (master)
SHOW GRANTS FOR 'user49119'@'localhost';
Grants for user49119@localhost
GRANT USAGE ON *.* TO 'user49119'@'localhost'
GRANT EXECUTE ON PROCEDURE `test`.`p1` TO 'user49119'@'localhost'
SHOW GRANTS FOR CURRENT_USER;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
##############################################################
## This statement will make the revoke fail because root has no
## execute grant. However, it will still revoke the grant for
## user49119.
REVOKE EXECUTE ON PROCEDURE p1 FROM 'user49119'@'localhost', 'root'@'localhost';
ERROR 42000: There is no such grant defined for user 'root' on host 'localhost' on routine 'p1'
##############################################################
### Showing grants for both users: root and user49119 (master)
### after revoke statement failure
SHOW GRANTS FOR 'user49119'@'localhost';
Grants for user49119@localhost
GRANT USAGE ON *.* TO 'user49119'@'localhost'
SHOW GRANTS FOR CURRENT_USER;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
##############################################################
#############################################################
### Showing grants for both users: root and user49119 (slave)
### after revoke statement failure (should match
SHOW GRANTS FOR 'user49119'@'localhost';
Grants for user49119@localhost
GRANT USAGE ON *.* TO 'user49119'@'localhost'
SHOW GRANTS FOR CURRENT_USER;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
##############################################################
DROP TABLE t1;
DROP PROCEDURE p1;
DROP USER 'user49119'@'localhost';
include/rpl_reset.inc
grant all on *.* to foo@"1.2.3.4";
revoke all privileges, grant option from "foo";
ERROR HY000: Can't revoke all privileges for one or more of the requested users
include/show_binlog_events.inc
Log_name Pos Event_type Server_id End_log_pos Info
master-bin.000001 # Gtid # # GTID #-#-#
master-bin.000001 # Query # # use `test`; grant all on *.* to foo@"1.2.3.4"
master-bin.000001 # Gtid # # GTID #-#-#
master-bin.000001 # Query # # use `test`; revoke all privileges, grant option from "foo"
include/check_slave_no_error.inc
DROP USER foo@"1.2.3.4";
# Bug#27606 GRANT statement should be replicated with DEFINER information
include/rpl_reset.inc
GRANT SELECT, INSERT ON mysql.user TO user_bug27606@localhost;
SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606';
Grantor
root@localhost
SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606';
Grantor
root@localhost
REVOKE SELECT ON mysql.user FROM user_bug27606@localhost;
SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606';
Grantor
root@localhost
SELECT Grantor FROM mysql.tables_priv WHERE User='user_bug27606';
Grantor
root@localhost
DROP USER user_bug27606@localhost;
include/rpl_end.inc
|
