4019 Martin Skold 2010-12-20
WL#5482 Distribute MySQL Cluster Users, adding handling of REVOKE ALL, testcases
modified:
mysql-test/suite/ndb/r/ndb_distribute_user.result
mysql-test/suite/ndb/t/ndb_distribute_user.test
mysql-test/suite/rpl_ndb/r/rpl_ndb_distribute_user.result
mysql-test/suite/rpl_ndb/t/rpl_ndb_distribute_user.test
sql/ha_ndbcluster_binlog.cc
sql/ha_ndbcluster_binlog.h
sql/handler.h
sql/sql_acl.cc
4018 Martin Skold 2010-12-20
Reverted extension for mysqld options
modified:
mysql-test/include/restart_mysqld.inc
4017 Martin Skold 2010-12-15
WL#5482 Distribute MySQL Cluster Users: Updated HOWTO file
modified:
HOWTO_distribute_privileges.txt
=== modified file 'mysql-test/include/restart_mysqld.inc'
--- a/mysql-test/include/restart_mysqld.inc 2010-12-15 10:40:24 +0000
+++ b/mysql-test/include/restart_mysqld.inc 2010-12-20 11:18:22 +0000
@@ -15,11 +15,9 @@ shutdown_server 10;
# Write file to make mysql-test-run.pl start up the server again
--append_file $MYSQLTEST_VARDIR/tmp/$mysqld_name.expect
-restart $mysqld_options
+restart
EOF
-let $mysqld_options=
-
# Turn on reconnect
--enable_reconnect
=== modified file 'mysql-test/suite/ndb/r/ndb_distribute_user.result'
--- a/mysql-test/suite/ndb/r/ndb_distribute_user.result 2010-12-15 10:40:24 +0000
+++ b/mysql-test/suite/ndb/r/ndb_distribute_user.result 2010-12-20 13:06:14 +0000
@@ -2,16 +2,23 @@ call mysql.mysql_cluster_move_privileges
select mysql.mysql_cluster_privileges_are_distributed();
mysql.mysql_cluster_privileges_are_distributed()
1
+CREATE TABLE t1 (pk INT PRIMARY KEY) engine = ndb;
CREATE USER 'user'@'localhost' IDENTIFIED by 'mypass';
+GRANT UPDATE ON t1 TO 'user'@'localhost';
SET PASSWORD FOR 'user'@'localhost'= PASSWORD('newpass');
RENAME USER 'user'@'localhost' TO 'newuser'@'localhost';
GRANT SELECT ON test.* TO 'newuser'@'localhost' IDENTIFIED by 'mypass2';
CREATE USER 'user2'@'localhost' IDENTIFIED by 'mypass';
+GRANT SELECT ON test.t1 TO 'user2'@'localhost';
select distinct User,Password from mysql.user order by User;
User Password
newuser *1E9649BB3F345563008E37641B407AFF50E5835C
root
user2 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+User Table_priv
+newuser Update
+user2 Select
CREATE USER 'user3'@'localhost' IDENTIFIED by 'mypass';
select distinct User,Password from mysql.user order by User;
User Password
@@ -19,12 +26,23 @@ newuser *1E9649BB3F345563008E37641B407AF
root
user2 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
user3 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+User Table_priv
+newuser Update
+user2 Select
+FLUSH PRIVILEGES;
+REVOKE UPDATE ON t1 FROM 'newuser'@'localhost';
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user2'@'localhost';
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+User Table_priv
select distinct User,Password from mysql.user order by User;
User Password
newuser *1E9649BB3F345563008E37641B407AFF50E5835C
root
user2 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
user3 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+User Table_priv
=== making backup of new users ===
call mysql.mysql_cluster_backup_privileges();
==== clean up ====
=== modified file 'mysql-test/suite/ndb/t/ndb_distribute_user.test'
--- a/mysql-test/suite/ndb/t/ndb_distribute_user.test 2010-12-15 10:40:24 +0000
+++ b/mysql-test/suite/ndb/t/ndb_distribute_user.test 2010-12-20 13:06:14 +0000
@@ -25,20 +25,29 @@ connection server1;
call mysql.mysql_cluster_move_privileges();
select mysql.mysql_cluster_privileges_are_distributed();
+CREATE TABLE t1 (pk INT PRIMARY KEY) engine = ndb;
CREATE USER 'user'@'localhost' IDENTIFIED by 'mypass';
+GRANT UPDATE ON t1 TO 'user'@'localhost';
SET PASSWORD FOR 'user'@'localhost'= PASSWORD('newpass');
RENAME USER 'user'@'localhost' TO 'newuser'@'localhost';
GRANT SELECT ON test.* TO 'newuser'@'localhost' IDENTIFIED by 'mypass2';
CREATE USER 'user2'@'localhost' IDENTIFIED by 'mypass';
-
+GRANT SELECT ON test.t1 TO 'user2'@'localhost';
select distinct User,Password from mysql.user order by User;
+select User,Table_priv from mysql.tables_priv ORDER BY User;
connection server2;
CREATE USER 'user3'@'localhost' IDENTIFIED by 'mypass';
select distinct User,Password from mysql.user order by User;
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+FLUSH PRIVILEGES;
+REVOKE UPDATE ON t1 FROM 'newuser'@'localhost';
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user2'@'localhost';
+select User,Table_priv from mysql.tables_priv ORDER BY User;
connection server1;
select distinct User,Password from mysql.user order by User;
+select User,Table_priv from mysql.tables_priv ORDER BY User;
--echo === making backup of new users ===
@@ -119,6 +128,7 @@ drop procedure if exists mysql.mysql_clu
drop procedure if exists mysql.mysql_cluster_restore_privileges;
drop procedure if exists mysql.mysql_cluster_restore_privileges_from_local;
drop procedure if exists mysql.mysql_cluster_move_privileges;
+drop table if exists t1;
--enable_result_log
--enable_query_log
--enable_warnings
@@ -145,6 +155,7 @@ drop procedure if exists mysql.mysql_clu
drop procedure if exists mysql.mysql_cluster_restore_privileges;
drop procedure if exists mysql.mysql_cluster_restore_privileges_from_local;
drop procedure if exists mysql.mysql_cluster_move_privileges;
+drop table if exists t1;
--enable_result_log
--enable_query_log
--enable_warnings
=== modified file 'mysql-test/suite/rpl_ndb/r/rpl_ndb_distribute_user.result'
--- a/mysql-test/suite/rpl_ndb/r/rpl_ndb_distribute_user.result 2010-12-15 10:40:24 +0000
+++ b/mysql-test/suite/rpl_ndb/r/rpl_ndb_distribute_user.result 2010-12-20 13:06:14 +0000
@@ -8,16 +8,23 @@ call mysql.mysql_cluster_move_privileges
select mysql.mysql_cluster_privileges_are_distributed();
mysql.mysql_cluster_privileges_are_distributed()
1
+CREATE TABLE t1 (pk INT PRIMARY KEY) engine = ndb;
CREATE USER 'user'@'localhost' IDENTIFIED by 'mypass';
+GRANT UPDATE ON t1 TO 'user'@'localhost';
SET PASSWORD FOR 'user'@'localhost'= PASSWORD('newpass');
RENAME USER 'user'@'localhost' TO 'newuser'@'localhost';
GRANT SELECT ON test.* TO 'newuser'@'localhost' IDENTIFIED by 'mypass2';
CREATE USER 'user2'@'localhost' IDENTIFIED by 'mypass';
+GRANT SELECT ON test.t1 TO 'user2'@'localhost';
select distinct User,Password from mysql.user order by User;
User Password
newuser *1E9649BB3F345563008E37641B407AFF50E5835C
root
user2 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+User Table_priv
+newuser Update
+user2 Select
CREATE USER 'user3'@'localhost' IDENTIFIED by 'mypass';
select distinct User,Password from mysql.user order by User;
User Password
@@ -25,18 +32,41 @@ newuser *1E9649BB3F345563008E37641B407AF
root
user2 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
user3 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+User Table_priv
+newuser Update
+user2 Select
select distinct User,Password from mysql.user order by User;
User Password
newuser *1E9649BB3F345563008E37641B407AFF50E5835C
root
user2 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
user3 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+User Table_priv
+newuser Update
+user2 Select
+FLUSH PRIVILEGES;
+REVOKE UPDATE ON t1 FROM 'newuser'@'localhost';
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user2'@'localhost';
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+User Table_priv
select distinct User,Password from mysql.user order by User;
User Password
newuser *1E9649BB3F345563008E37641B407AFF50E5835C
root
user2 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
user3 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+User Table_priv
+select distinct User,Password from mysql.user order by User;
+User Password
+newuser *1E9649BB3F345563008E37641B407AFF50E5835C
+root
+user2 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
+user3 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+User Table_priv
=== making backup of new users ===
call mysql.mysql_cluster_backup_privileges();
==== clean up ====
=== modified file 'mysql-test/suite/rpl_ndb/t/rpl_ndb_distribute_user.test'
--- a/mysql-test/suite/rpl_ndb/t/rpl_ndb_distribute_user.test 2010-12-15 10:40:24 +0000
+++ b/mysql-test/suite/rpl_ndb/t/rpl_ndb_distribute_user.test 2010-12-20 13:06:14 +0000
@@ -27,25 +27,43 @@ connection server1;
call mysql.mysql_cluster_move_privileges();
select mysql.mysql_cluster_privileges_are_distributed();
+CREATE TABLE t1 (pk INT PRIMARY KEY) engine = ndb;
CREATE USER 'user'@'localhost' IDENTIFIED by 'mypass';
+GRANT UPDATE ON t1 TO 'user'@'localhost';
SET PASSWORD FOR 'user'@'localhost'= PASSWORD('newpass');
RENAME USER 'user'@'localhost' TO 'newuser'@'localhost';
GRANT SELECT ON test.* TO 'newuser'@'localhost' IDENTIFIED by 'mypass2';
CREATE USER 'user2'@'localhost' IDENTIFIED by 'mypass';
-
+GRANT SELECT ON test.t1 TO 'user2'@'localhost';
select distinct User,Password from mysql.user order by User;
+select User,Table_priv from mysql.tables_priv ORDER BY User;
connection server2;
CREATE USER 'user3'@'localhost' IDENTIFIED by 'mypass';
select distinct User,Password from mysql.user order by User;
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+
+connection master;
+sync_slave_with_master;
+
+select distinct User,Password from mysql.user order by User;
+select User,Table_priv from mysql.tables_priv ORDER BY User;
+
+connection server2;
+FLUSH PRIVILEGES;
+REVOKE UPDATE ON t1 FROM 'newuser'@'localhost';
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user2'@'localhost';
+select User,Table_priv from mysql.tables_priv ORDER BY User;
connection server1;
select distinct User,Password from mysql.user order by User;
+select User,Table_priv from mysql.tables_priv ORDER BY User;
connection master;
sync_slave_with_master;
select distinct User,Password from mysql.user order by User;
+select User,Table_priv from mysql.tables_priv ORDER BY User;
--echo === making backup of new users ===
@@ -131,6 +149,7 @@ drop procedure if exists mysql.mysql_clu
drop procedure if exists mysql.mysql_cluster_restore_privileges;
drop procedure if exists mysql.mysql_cluster_restore_privileges_from_local;
drop procedure if exists mysql.mysql_cluster_move_privileges;
+drop table if exists t1;
--enable_result_log
--enable_query_log
--enable_warnings
@@ -157,6 +176,7 @@ drop procedure if exists mysql.mysql_clu
drop procedure if exists mysql.mysql_cluster_restore_privileges;
drop procedure if exists mysql.mysql_cluster_restore_privileges_from_local;
drop procedure if exists mysql.mysql_cluster_move_privileges;
+drop table if exists t1;
--enable_result_log
--enable_query_log
--enable_warnings
@@ -184,6 +204,7 @@ drop procedure if exists mysql.mysql_clu
drop procedure if exists mysql.mysql_cluster_restore_privileges;
drop procedure if exists mysql.mysql_cluster_restore_privileges_from_local;
drop procedure if exists mysql.mysql_cluster_move_privileges;
+drop table if exists t1;
--enable_result_log
--enable_query_log
--enable_warnings
=== modified file 'sql/ha_ndbcluster_binlog.cc'
--- a/sql/ha_ndbcluster_binlog.cc 2010-12-15 10:40:24 +0000
+++ b/sql/ha_ndbcluster_binlog.cc 2010-12-20 13:06:14 +0000
@@ -832,6 +832,14 @@ ndbcluster_binlog_log_query(handlerton *
log= 1;
}
break;
+ case LOGCOM_REVOKE:
+ type= SOT_REVOKE;
+ if (ndbcluster_distributed_privileges(thd))
+ {
+ DBUG_PRINT("info", ("Privilege tables have been distributed, logging statement"));
+ log= 1;
+ }
+ break;
}
if (log)
{
@@ -2179,6 +2187,9 @@ int ndbcluster_log_schema_op(THD *thd,
case SOT_GRANT:
type_str= "grant/revoke";
break;
+ case SOT_REVOKE:
+ type_str= "revoke all";
+ break;
default:
abort(); /* should not happen, programming error */
}
@@ -2936,6 +2947,7 @@ ndb_binlog_thread_handle_schema_event(TH
case SOT_DROP_USER:
case SOT_RENAME_USER:
case SOT_GRANT:
+ case SOT_REVOKE:
{
thd_ndb_options.set(TNO_NO_LOCK_SCHEMA_OP);
const int no_print_error[1]= {0};
=== modified file 'sql/ha_ndbcluster_binlog.h'
--- a/sql/ha_ndbcluster_binlog.h 2010-12-15 10:40:24 +0000
+++ b/sql/ha_ndbcluster_binlog.h 2010-12-20 13:06:14 +0000
@@ -88,7 +88,8 @@ enum SCHEMA_OP_TYPE
SOT_CREATE_USER= 15,
SOT_DROP_USER= 16,
SOT_RENAME_USER= 17,
- SOT_GRANT= 18
+ SOT_GRANT= 18,
+ SOT_REVOKE= 19
};
const uint max_ndb_nodes= 256; /* multiple of 32 */
=== modified file 'sql/handler.h'
--- a/sql/handler.h 2010-12-15 10:40:24 +0000
+++ b/sql/handler.h 2010-12-20 13:06:14 +0000
@@ -373,7 +373,8 @@ enum enum_binlog_command {
LOGCOM_CREATE_USER,
LOGCOM_DROP_USER,
LOGCOM_RENAME_USER,
- LOGCOM_GRANT
+ LOGCOM_GRANT,
+ LOGCOM_REVOKE
};
/* struct to hold information about the table that should be created */
=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc 2010-12-15 10:40:24 +0000
+++ b/sql/sql_acl.cc 2010-12-20 13:06:14 +0000
@@ -3470,11 +3470,11 @@ bool mysql_routine_grant(THD *thd, TABLE
thd->mem_root= old_root;
pthread_mutex_unlock(&acl_cache->lock);
+ ha_binlog_log_query(thd, 0, LOGCOM_GRANT,
+ thd->query(), thd->query_length(),
+ "mysql", "user");
if (write_to_binlog)
{
- ha_binlog_log_query(thd, 0, LOGCOM_GRANT,
- thd->query(), thd->query_length(),
- "mysql", "user");
if (write_bin_log(thd, FALSE, thd->query(), thd->query_length()))
result= TRUE;
}
@@ -6008,12 +6008,15 @@ bool mysql_rename_user(THD *thd, List <L
if (result)
my_error(ER_CANNOT_USER, MYF(0), "RENAME USER", wrong_users.c_ptr_safe());
- if (some_users_renamed && mysql_bin_log.is_open())
+ if (some_users_renamed)
{
ha_binlog_log_query(thd, 0, LOGCOM_RENAME_USER,
thd->query(), thd->query_length(),
"mysql", "user");
- result |= write_bin_log(thd, FALSE, thd->query(), thd->query_length());
+ if (mysql_bin_log.is_open())
+ {
+ result |= write_bin_log(thd, FALSE, thd->query(), thd->query_length());
+ }
}
rw_unlock(&LOCK_grant);
@@ -6207,6 +6210,9 @@ bool mysql_revoke_all(THD *thd, List <L
if (result)
my_message(ER_REVOKE_GRANTS, ER(ER_REVOKE_GRANTS), MYF(0));
+ ha_binlog_log_query(thd, 0, LOGCOM_REVOKE,
+ thd->query(), thd->query_length(),
+ "mysql", "user");
result= result |
write_bin_log(thd, FALSE, thd->query(), thd->query_length());
| Thread |
|---|
| • bzr push into mysql-5.1-telco-7.1 branch (Martin.Skold:4017 to 4019) WL#5482 | Martin Skold | 20 Dec |
