#At file:///home/daogang/bzrwork/bug58712/mysql-5.0/ based on revid:alexander.nozdrin@stripped
2895 daogang.qu@stripped 2011-01-19
Bug #58712 GRANT ... IDENTIFIED BY password is not encrypted in the binary log
The password is not encrypted in binary log for GRANT stmt.
After the patch, the password will be encrypted in binary
log for GRANT stmt.
@ mysql-test/r/grant.result
Test result of the patch of bug#58712.
@ mysql-test/r/rpl_grant.result
Updated for the patch of bug#58712.
@ mysql-test/r/rpl_openssl.result
Updated for the patch of bug#58712.
@ mysql-test/r/rpl_sp.result
Updated for the patch of bug#58712.
@ mysql-test/r/rpl_ssl.result
Updated for the patch of bug#58712.
@ mysql-test/r/rpl_user.result
Test result of the patch of bug#58712.
@ mysql-test/t/grant.test
Added test to verify if the password is encrypted
in binary log when granting privileges to users.
@ mysql-test/t/rpl_user.test
Added test to verify if the password is encrypted
in binary log for CREATE USER stmt.
@ sql/sql_acl.cc
Add code to create a new query string for user password is
encryped in the binary log for GRANT stmt.
@ sql/sql_yacc.yy
Added code to record the offset of begin and end
of grant_list.
modified:
mysql-test/r/grant.result
mysql-test/r/rpl_grant.result
mysql-test/r/rpl_openssl.result
mysql-test/r/rpl_sp.result
mysql-test/r/rpl_ssl.result
mysql-test/r/rpl_user.result
mysql-test/t/grant.test
mysql-test/t/rpl_user.test
sql/sql_acl.cc
sql/sql_lex.h
sql/sql_yacc.yy
=== modified file 'mysql-test/r/grant.result'
--- a/mysql-test/r/grant.result 2009-06-11 11:49:04 +0000
+++ b/mysql-test/r/grant.result 2011-01-19 06:12:05 +0000
@@ -1156,4 +1156,53 @@ CURRENT_USER()
root@localhost
SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");
SET PASSWORD FOR CURRENT_USER() = PASSWORD("");
+RESET MASTER;
+CREATE USER user1@localhost IDENTIFIED BY 'secret';
+CREATE USER user2@localhost IDENTIFIED BY 'secret';
+SET PASSWORD FOR user1@localhost = PASSWORD('secret');
+# Test the password is encrypted in binary log
+# when granting privileges on tables to users.
+GRANT UPDATE ON *.* /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT UPDATE ON *.* /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT UPDATE ON *.* TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE UPDATE ON *.* FROM user1@localhost, user2@localhost;
+# Test the password is encrypted in binary log
+# when granting privileges on procedure to users.
+CREATE PROCEDURE p1() SQL SECURITY INVOKER SELECT 1;
+GRANT EXECUTE ON PROCEDURE p1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON PROCEDURE p1 /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON PROCEDURE p1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE EXECUTE ON PROCEDURE p1 FROM user1@localhost, user2@localhost;
+# Test the password is encrypted in binary log
+# when granting privileges on function to users.
+CREATE FUNCTION f1() RETURNS INT RETURN 123;
+GRANT EXECUTE ON FUNCTION f1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON FUNCTION f1 /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON FUNCTION f1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE EXECUTE ON FUNCTION f1 FROM user1@localhost, user2@localhost;
+show binlog events from <binlog_start>;
+Log_name Pos Event_type Server_id End_log_pos Info
+master-bin.000001 # Query # # use `test`; CREATE USER'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7'
+master-bin.000001 # Query # # use `test`; CREATE USER'user2'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7'
+master-bin.000001 # Query # # use `test`; SET PASSWORD FOR 'user1'@'localhost'='*14E65567ABDB5135D0CFD9A70B3032C179A49EE7'
+master-bin.000001 # Query # # use `test`; GRANT UPDATE ON *.* /*before to*/TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90
+master-bin.000001 # Query # # use `test`; GRANT UPDATE ON *.* /*before to*/TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90
+master-bin.000001 # Query # # use `test`; GRANT UPDATE ON *.* TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F'
+master-bin.000001 # Query # # use `test`; REVOKE UPDATE ON *.* FROM user1@localhost, user2@localhost
+master-bin.000001 # Query # # use `test`; CREATE DEFINER=`root`@`localhost` PROCEDURE `p1`()
+ SQL SECURITY INVOKER
+SELECT 1
+master-bin.000001 # Query # # use `test`; GRANT EXECUTE ON PROCEDURE p1 TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90
+master-bin.000001 # Query # # use `test`; GRANT EXECUTE ON PROCEDURE p1 /*before to*/TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90
+master-bin.000001 # Query # # use `test`; GRANT EXECUTE ON PROCEDURE p1 TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F'
+master-bin.000001 # Query # # use `test`; REVOKE EXECUTE ON PROCEDURE p1 FROM user1@localhost, user2@localhost
+master-bin.000001 # Query # # use `test`; CREATE DEFINER=`root`@`localhost` FUNCTION `f1`() RETURNS int(11)
+RETURN 123
+master-bin.000001 # Query # # use `test`; GRANT EXECUTE ON FUNCTION f1 TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90
+master-bin.000001 # Query # # use `test`; GRANT EXECUTE ON FUNCTION f1 /*before to*/TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90
+master-bin.000001 # Query # # use `test`; GRANT EXECUTE ON FUNCTION f1 TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F'
+master-bin.000001 # Query # # use `test`; REVOKE EXECUTE ON FUNCTION f1 FROM user1@localhost, user2@localhost
+DROP USER user1@localhost, user2@localhost;
+DROP FUNCTION f1;
+DROP PROCEDURE p1;
End of 5.0 tests
=== modified file 'mysql-test/r/rpl_grant.result'
--- a/mysql-test/r/rpl_grant.result 2008-09-24 12:59:56 +0000
+++ b/mysql-test/r/rpl_grant.result 2011-01-19 06:12:05 +0000
@@ -48,7 +48,7 @@ Master_User root
Master_Port MASTER_PORT
Connect_Retry 1
Master_Log_File master-bin.000001
-Read_Master_Log_Pos 515
+Read_Master_Log_Pos 524
Relay_Log_File #
Relay_Log_Pos #
Relay_Master_Log_File master-bin.000001
@@ -63,7 +63,7 @@ Replicate_Wild_Ignore_Table
Last_Errno 0
Last_Error
Skip_Counter 0
-Exec_Master_Log_Pos 515
+Exec_Master_Log_Pos 524
Relay_Log_Space #
Until_Condition None
Until_Log_File
=== modified file 'mysql-test/r/rpl_openssl.result'
--- a/mysql-test/r/rpl_openssl.result 2006-04-18 16:10:47 +0000
+++ b/mysql-test/r/rpl_openssl.result 2011-01-19 06:12:05 +0000
@@ -20,7 +20,7 @@ t
1
show slave status;
Slave_IO_State Master_Host Master_User Master_Port Connect_Retry Master_Log_File Read_Master_Log_Pos Relay_Log_File Relay_Log_Pos Relay_Master_Log_File Slave_IO_Running Slave_SQL_Running Replicate_Do_DB Replicate_Ignore_DB Replicate_Do_Table Replicate_Ignore_Table Replicate_Wild_Do_Table Replicate_Wild_Ignore_Table Last_Errno Last_Error Skip_Counter Exec_Master_Log_Pos Relay_Log_Space Until_Condition Until_Log_File Until_Log_Pos Master_SSL_Allowed Master_SSL_CA_File Master_SSL_CA_Path Master_SSL_Cert Master_SSL_Cipher Master_SSL_Key Seconds_Behind_Master
-# 127.0.0.1 replssl MASTER_MYPORT 1 master-bin.000001 398 # # master-bin.000001 Yes Yes 0 0 398 # None 0 Yes MYSQL_TEST_DIR/std_data/cacert.pem MYSQL_TEST_DIR/std_data/client-cert.pem MYSQL_TEST_DIR/std_data/client-key.pem #
+# 127.0.0.1 replssl MASTER_MYPORT 1 master-bin.000001 402 # # master-bin.000001 Yes Yes 0 0 402 # None 0 Yes MYSQL_TEST_DIR/std_data/cacert.pem MYSQL_TEST_DIR/std_data/client-cert.pem MYSQL_TEST_DIR/std_data/client-key.pem #
stop slave;
change master to master_user='root',master_password='', master_ssl=0;
start slave;
@@ -28,4 +28,4 @@ drop user replssl@localhost;
drop table t1;
show slave status;
Slave_IO_State Master_Host Master_User Master_Port Connect_Retry Master_Log_File Read_Master_Log_Pos Relay_Log_File Relay_Log_Pos Relay_Master_Log_File Slave_IO_Running Slave_SQL_Running Replicate_Do_DB Replicate_Ignore_DB Replicate_Do_Table Replicate_Ignore_Table Replicate_Wild_Do_Table Replicate_Wild_Ignore_Table Last_Errno Last_Error Skip_Counter Exec_Master_Log_Pos Relay_Log_Space Until_Condition Until_Log_File Until_Log_Pos Master_SSL_Allowed Master_SSL_CA_File Master_SSL_CA_Path Master_SSL_Cert Master_SSL_Cipher Master_SSL_Key Seconds_Behind_Master
-# 127.0.0.1 root MASTER_MYPORT 1 master-bin.000001 564 # # master-bin.000001 Yes Yes 0 0 564 # None 0 No MYSQL_TEST_DIR/std_data/cacert.pem MYSQL_TEST_DIR/std_data/client-cert.pem MYSQL_TEST_DIR/std_data/client-key.pem #
+# 127.0.0.1 root MASTER_MYPORT 1 master-bin.000001 568 # # master-bin.000001 Yes Yes 0 0 568 # None 0 No MYSQL_TEST_DIR/std_data/cacert.pem MYSQL_TEST_DIR/std_data/client-cert.pem MYSQL_TEST_DIR/std_data/client-key.pem #
=== modified file 'mysql-test/r/rpl_sp.result'
--- a/mysql-test/r/rpl_sp.result 2009-07-02 11:22:12 +0000
+++ b/mysql-test/r/rpl_sp.result 2011-01-19 06:12:05 +0000
@@ -405,7 +405,7 @@ master-bin.000001 # Query 1 # use `mysql
master-bin.000001 # Query 1 # use `mysqltest1`; CREATE DEFINER=`root`@`localhost` PROCEDURE `foo3`()
DETERMINISTIC
insert into t1 values (15)
-master-bin.000001 # Query 1 # use `mysqltest1`; grant CREATE ROUTINE, EXECUTE on mysqltest1.* to "zedjzlcsjhd"@127.0.0.1
+master-bin.000001 # Query 1 # use `mysqltest1`; grant CREATE ROUTINE, EXECUTE on mysqltest1.* to 'zedjzlcsjhd'@'127.0.0.1'
master-bin.000001 # Query 1 # use `mysqltest1`; grant SELECT on mysqltest1.t1 to "zedjzlcsjhd"@127.0.0.1
master-bin.000001 # Query 1 # use `mysqltest1`; grant SELECT, INSERT on mysqltest1.t2 to "zedjzlcsjhd"@127.0.0.1
master-bin.000001 # Query 1 # use `mysqltest1`; CREATE DEFINER=`zedjzlcsjhd`@`127.0.0.1` PROCEDURE `foo4`()
@@ -637,7 +637,7 @@ CREATE DEFINER=`root`@`localhost` PROCED
insert into t1 values (15)
/*!*/;
SET TIMESTAMP=t/*!*/;
-grant CREATE ROUTINE, EXECUTE on mysqltest1.* to "zedjzlcsjhd"@127.0.0.1
+grant CREATE ROUTINE, EXECUTE on mysqltest1.* to 'zedjzlcsjhd'@'127.0.0.1'
/*!*/;
SET TIMESTAMP=t/*!*/;
grant SELECT on mysqltest1.t1 to "zedjzlcsjhd"@127.0.0.1
=== modified file 'mysql-test/r/rpl_ssl.result'
--- a/mysql-test/r/rpl_ssl.result 2007-06-15 11:09:28 +0000
+++ b/mysql-test/r/rpl_ssl.result 2011-01-19 06:12:05 +0000
@@ -26,7 +26,7 @@ Master_User replssl
Master_Port MASTER_MYPORT
Connect_Retry 1
Master_Log_File master-bin.000001
-Read_Master_Log_Pos 420
+Read_Master_Log_Pos 424
Relay_Log_File #
Relay_Log_Pos #
Relay_Master_Log_File master-bin.000001
@@ -41,7 +41,7 @@ Replicate_Wild_Ignore_Table
Last_Errno 0
Last_Error
Skip_Counter 0
-Exec_Master_Log_Pos 420
+Exec_Master_Log_Pos 424
Relay_Log_Space #
Until_Condition None
Until_Log_File
=== modified file 'mysql-test/r/rpl_user.result'
--- a/mysql-test/r/rpl_user.result 2008-03-27 05:42:34 +0000
+++ b/mysql-test/r/rpl_user.result 2011-01-19 06:12:05 +0000
@@ -15,11 +15,19 @@ create user 'foo'@'fakehost', 'bar'@'fak
ERROR HY000: Operation CREATE USER failed for 'foo'@'fakehost'
create user 'foo'@'fakehost', 'bar'@'fakehost';
ERROR HY000: Operation CREATE USER failed for 'foo'@'fakehost','bar'@'fakehost'
+create user 'foo1'@'fakehost' IDENTIFIED BY 'foo1', 'foo2'@'fakehost'
+ IDENTIFIED BY PASSWORD'*1111111111111111111111111111111111111111',
+'foo3'@'fakehost';
select Host,User from mysql.user where Host='fakehost';
Host User
fakehost bar
fakehost foo
+fakehost foo1
+fakehost foo2
+fakehost foo3
+Comparing tables master:mysql.user and slave:mysql.user
rename user 'foo'@'fakehost' to 'foofoo'@'fakehost';
+drop user 'foo1'@'fakehost', 'foo2'@'fakehost', 'foo3'@'fakehost';
rename user 'not_exist_user1'@'fakehost' to 'foobar'@'fakehost', 'bar'@'fakehost' to 'barbar'@'fakehost';
ERROR HY000: Operation RENAME USER failed for 'not_exist_user1'@'fakehost'
rename user 'not_exist_user1'@'fakehost' to 'foobar'@'fakehost', 'not_exist_user2'@'fakehost' to 'barfoo'@'fakehost';
@@ -37,9 +45,11 @@ select Host,User from mysql.user where H
Host User
show binlog events from <binlog_start>;
Log_name Pos Event_type Server_id End_log_pos Info
-master-bin.000001 # Query # # use `test`; create user 'foo'@'fakehost'
-master-bin.000001 # Query # # use `test`; create user 'foo'@'fakehost', 'bar'@'fakehost'
+master-bin.000001 # Query # # use `test`; CREATE USER'foo'@'fakehost'
+master-bin.000001 # Query # # use `test`; CREATE USER'foo'@'fakehost','bar'@'fakehost'
+master-bin.000001 # Query # # use `test`; CREATE USER'foo1'@'fakehost' IDENTIFIED BY PASSWORD '*6EAC5249D53050AE649BDB0CC4B85D1AE90CA16E','foo2'@'fakehost' IDENTIFIED BY PASSWORD '*1111111111111111111111111111111111111111','foo3'@'fakehost'
master-bin.000001 # Query # # use `test`; rename user 'foo'@'fakehost' to 'foofoo'@'fakehost'
+master-bin.000001 # Query # # use `test`; drop user 'foo1'@'fakehost', 'foo2'@'fakehost', 'foo3'@'fakehost'
master-bin.000001 # Query # # use `test`; rename user 'not_exist_user1'@'fakehost' to 'foobar'@'fakehost', 'bar'@'fakehost' to 'barbar'@'fakehost'
master-bin.000001 # Query # # use `test`; drop user 'foofoo'@'fakehost'
master-bin.000001 # Query # # use `test`; drop user 'not_exist_user1'@'fakehost', 'barbar'@'fakehost'
=== modified file 'mysql-test/t/grant.test'
--- a/mysql-test/t/grant.test 2009-06-11 11:49:04 +0000
+++ b/mysql-test/t/grant.test 2011-01-19 06:12:05 +0000
@@ -1166,6 +1166,44 @@ SELECT CURRENT_USER();
SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");
SET PASSWORD FOR CURRENT_USER() = PASSWORD("");
+#
+# Bug #58712
+# This test verifies that the password is encrypted
+# in binary log when granting privileges to users.
+#
+RESET MASTER;
+CREATE USER user1@localhost IDENTIFIED BY 'secret';
+CREATE USER user2@localhost IDENTIFIED BY 'secret';
+SET PASSWORD FOR user1@localhost = PASSWORD('secret');
+
+--echo # Test the password is encrypted in binary log
+--echo # when granting privileges on tables to users.
+GRANT UPDATE ON *.* /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT UPDATE ON *.* /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT UPDATE ON *.* TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE UPDATE ON *.* FROM user1@localhost, user2@localhost;
+
+--echo # Test the password is encrypted in binary log
+--echo # when granting privileges on procedure to users.
+CREATE PROCEDURE p1() SQL SECURITY INVOKER SELECT 1;
+GRANT EXECUTE ON PROCEDURE p1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON PROCEDURE p1 /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON PROCEDURE p1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE EXECUTE ON PROCEDURE p1 FROM user1@localhost, user2@localhost;
+
+--echo # Test the password is encrypted in binary log
+--echo # when granting privileges on function to users.
+CREATE FUNCTION f1() RETURNS INT RETURN 123;
+GRANT EXECUTE ON FUNCTION f1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON FUNCTION f1 /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON FUNCTION f1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE EXECUTE ON FUNCTION f1 FROM user1@localhost, user2@localhost;
+
+--source include/show_binlog_events.inc
+DROP USER user1@localhost, user2@localhost;
+DROP FUNCTION f1;
+DROP PROCEDURE p1;
+
--echo End of 5.0 tests
disconnect master;
=== modified file 'mysql-test/t/rpl_user.test'
--- a/mysql-test/t/rpl_user.test 2008-02-04 11:22:37 +0000
+++ b/mysql-test/t/rpl_user.test 2011-01-19 06:12:05 +0000
@@ -25,15 +25,23 @@ create user 'foo'@'fakehost';
create user 'foo'@'fakehost', 'bar'@'fakehost';
--error ER_CANNOT_USER
create user 'foo'@'fakehost', 'bar'@'fakehost';
+# In log event, Plaintext password 'foo1' is replaced by ciphertext.
+create user 'foo1'@'fakehost' IDENTIFIED BY 'foo1', 'foo2'@'fakehost'
+ IDENTIFIED BY PASSWORD'*1111111111111111111111111111111111111111',
+ 'foo3'@'fakehost';
sync_slave_with_master;
select Host,User from mysql.user where Host='fakehost';
+let $diff_table_1= master:mysql.user;
+let $diff_table_2= slave:mysql.user;
+source include/diff_tables.inc;
#
# Test rename user
#
connection master;
rename user 'foo'@'fakehost' to 'foofoo'@'fakehost';
+drop user 'foo1'@'fakehost', 'foo2'@'fakehost', 'foo3'@'fakehost';
--error ER_CANNOT_USER
rename user 'not_exist_user1'@'fakehost' to 'foobar'@'fakehost', 'bar'@'fakehost' to 'barbar'@'fakehost';
--error ER_CANNOT_USER
=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc 2010-02-20 17:08:35 +0000
+++ b/sql/sql_acl.cc 2011-01-19 06:12:05 +0000
@@ -3050,6 +3050,61 @@ int mysql_table_grant(THD *thd, TABLE_LI
}
+/**
+ Auxiliary function for constructing a user list string.
+ @param str A String to store the user list.
+ @param user A LEX_USER which will be appended into user list.
+ @param comma If TRUE, append a ',' before the the user.
+ @param passwd If TRUE, append ' IDENTIFIED BY PASSWORD ...' after the user,
+ if the given user has password.
+ */
+static void append_user(String *str, LEX_USER *user, bool comma,
+ bool passwd)
+{
+ if (comma)
+ str->append(',');
+ str->append('\'');
+ str->append(user->user.str);
+ str->append(STRING_WITH_LEN("'@'"));
+ str->append(user->host.str);
+ str->append('\'');
+
+ if (passwd && user->password.str)
+ {
+ str->append(STRING_WITH_LEN(" IDENTIFIED BY PASSWORD '"));
+ str->append(user->password.str, user->password.length);
+ str->append('\'');
+ }
+}
+
+/**
+ Create a new query string for user password is encrypted
+ in the binary log for grant stmt.
+
+ @param[in] thd Thread handler
+ @param[in] log_buf Query string for binlog
+ @param[in] user_query Query string for users
+
+ @return
+ 0 ok
+ 1 error
+*/
+static int
+create_grant_stmt(THD *thd, String *log_buf, const String &user_query)
+{
+ /* Make a copy of thd->query() and then remove the "DELAYED" keyword */
+ if (log_buf->append(thd->query,
+ thd->lex->stmt_definition_begin -
+ thd->query + 2 /*TO*/) ||
+ log_buf->append(' ') ||
+ log_buf->append(user_query) ||
+ log_buf->append(thd->lex->stmt_definition_end))
+ return 1;
+
+ return 0;
+}
+
+
/*
Store routine level grants in the privilege tables
@@ -3076,6 +3131,8 @@ bool mysql_routine_grant(THD *thd, TABLE
TABLE_LIST tables[2];
bool create_new_users=0, result=0;
char *db_name, *table_name;
+ String log_query, user_query;
+ bool comma= FALSE;
DBUG_ENTER("mysql_routine_grant");
if (!initialized)
@@ -3148,7 +3205,15 @@ bool mysql_routine_grant(THD *thd, TABLE
{
result= TRUE;
continue;
- }
+ }
+
+ if (!revoke_grant)
+ {
+ /* Generate user_specification for GRANT query */
+ append_user(&user_query, Str, comma, TRUE);
+ comma= TRUE;
+ }
+
/* Create user if needed */
error=replace_user_table(thd, tables[0].table, *Str,
0, revoke_grant, create_new_users,
@@ -3201,9 +3266,32 @@ bool mysql_routine_grant(THD *thd, TABLE
if (mysql_bin_log.is_open())
{
thd->clear_error();
- Query_log_event qinfo(thd, thd->query, thd->query_length,
+ if (revoke_grant)
+ {
+ Query_log_event qinfo(thd, thd->query, thd->query_length,
0, FALSE, THD::NOT_KILLED);
- mysql_bin_log.write(&qinfo);
+ result= mysql_bin_log.write(&qinfo);
+ }
+ else
+ {
+ /*
+ Binlog grant stmt with user password is encrypted
+ when granting privileges on routine to users.
+ */
+ if (create_grant_stmt(thd, &log_query, user_query))
+ {
+ sql_print_error("Event Error: An error occurred while creating query "
+ "for GRANT stmt when granting privileges on routine "
+ "to users, before writing it into binary log.");
+ result= TRUE;
+ }
+ else
+ {
+ Query_log_event qinfo(thd, log_query.c_ptr_safe(), log_query.length(),
+ 0, FALSE, THD::NOT_KILLED);
+ result= mysql_bin_log.write(&qinfo);
+ }
+ }
}
}
@@ -3225,6 +3313,8 @@ bool mysql_grant(THD *thd, const char *d
char tmp_db[NAME_LEN+1];
bool create_new_users=0;
TABLE_LIST tables[2];
+ String log_query, user_query;
+ bool comma= FALSE;
DBUG_ENTER("mysql_grant");
if (!initialized)
{
@@ -3287,6 +3377,14 @@ bool mysql_grant(THD *thd, const char *d
result= TRUE;
continue;
}
+
+ if (!revoke_grant)
+ {
+ /* Generate user_specification for GRANT query */
+ append_user(&user_query, Str, comma, TRUE);
+ comma= TRUE;
+ }
+
if (replace_user_table(thd, tables[0].table, *Str,
(!db ? rights : 0), revoke_grant, create_new_users,
test(thd->variables.sql_mode &
@@ -3315,9 +3413,34 @@ bool mysql_grant(THD *thd, const char *d
if (mysql_bin_log.is_open())
{
thd->clear_error();
- Query_log_event qinfo(thd, thd->query, thd->query_length,
- 0, FALSE, THD::NOT_KILLED);
- mysql_bin_log.write(&qinfo);
+ if (revoke_grant)
+ {
+ Query_log_event qinfo(thd, thd->query, thd->query_length,
+ 0, FALSE, THD::NOT_KILLED);
+ if (mysql_bin_log.write(&qinfo))
+ result= -1;
+ }
+ else
+ {
+ /*
+ Binlog grant stmt with user password is encrypted
+ when granting privileges on tables to users.
+ */
+ if (create_grant_stmt(thd, &log_query, user_query))
+ {
+ sql_print_error("Event Error: An error occurred while creating query "
+ "for GRANT stmt when granting privileges on tables "
+ "to users, before writing it into binary log.");
+ result= -1;
+ }
+ else
+ {
+ Query_log_event qinfo(thd, log_query.c_ptr_safe(), log_query.length(),
+ 0, FALSE, THD::NOT_KILLED);
+ if (mysql_bin_log.write(&qinfo))
+ result= -1;
+ }
+ }
}
}
@@ -5356,18 +5479,6 @@ static int handle_grant_data(TABLE_LIST
}
-static void append_user(String *str, LEX_USER *user)
-{
- if (str->length())
- str->append(',');
- str->append('\'');
- str->append(user->user.str);
- str->append(STRING_WITH_LEN("'@'"));
- str->append(user->host.str);
- str->append('\'');
-}
-
-
/*
Create a list of users.
@@ -5385,11 +5496,13 @@ bool mysql_create_user(THD *thd, List <L
{
int result;
String wrong_users;
+ String log_query;
ulong sql_mode;
LEX_USER *user_name, *tmp_user_name;
List_iterator <LEX_USER> user_list(list);
TABLE_LIST tables[GRANT_TABLES];
bool some_users_created= FALSE;
+ bool comma= FALSE;
DBUG_ENTER("mysql_create_user");
/* CREATE USER may be skipped on replication client. */
@@ -5399,6 +5512,7 @@ bool mysql_create_user(THD *thd, List <L
rw_wrlock(&LOCK_grant);
VOID(pthread_mutex_lock(&acl_cache->lock));
+ log_query.append(STRING_WITH_LEN("CREATE USER"));
while ((tmp_user_name= user_list++))
{
if (!(user_name= get_current_user(thd, tmp_user_name)))
@@ -5407,13 +5521,16 @@ bool mysql_create_user(THD *thd, List <L
continue;
}
+ /* Generate user_specification for CREATE USER query */
+ append_user(&log_query, user_name, comma, TRUE);
+ comma= TRUE;
/*
Search all in-memory structures and grant tables
for a mention of the new user name.
*/
if (handle_grant_data(tables, 0, user_name, NULL))
{
- append_user(&wrong_users, user_name);
+ append_user(&wrong_users, user_name, wrong_users.length() > 0, FALSE);
result= TRUE;
continue;
}
@@ -5422,7 +5539,7 @@ bool mysql_create_user(THD *thd, List <L
sql_mode= thd->variables.sql_mode;
if (replace_user_table(thd, tables[0].table, *user_name, 0, 0, 1, 0))
{
- append_user(&wrong_users, user_name);
+ append_user(&wrong_users, user_name, wrong_users.length() > 0, FALSE);
result= TRUE;
}
}
@@ -5434,7 +5551,7 @@ bool mysql_create_user(THD *thd, List <L
if (some_users_created && mysql_bin_log.is_open())
{
- Query_log_event qinfo(thd, thd->query, thd->query_length,
+ Query_log_event qinfo(thd, log_query.c_ptr_safe(), log_query.length(),
0, FALSE, THD::NOT_KILLED);
mysql_bin_log.write(&qinfo);
}
@@ -5484,7 +5601,7 @@ bool mysql_drop_user(THD *thd, List <LEX
}
if (handle_grant_data(tables, 1, user_name, NULL) <= 0)
{
- append_user(&wrong_users, user_name);
+ append_user(&wrong_users, user_name, wrong_users.length() > 0, FALSE);
result= TRUE;
continue;
}
@@ -5568,7 +5685,7 @@ bool mysql_rename_user(THD *thd, List <L
if (handle_grant_data(tables, 0, user_to, NULL) ||
handle_grant_data(tables, 0, user_from, user_to) <= 0)
{
- append_user(&wrong_users, user_from);
+ append_user(&wrong_users, user_from, wrong_users.length() > 0, FALSE);
result= TRUE;
continue;
}
=== modified file 'sql/sql_lex.h'
--- a/sql/sql_lex.h 2009-05-06 13:06:32 +0000
+++ b/sql/sql_lex.h 2011-01-19 06:12:05 +0000
@@ -1169,11 +1169,13 @@ typedef struct st_lex : public Query_tab
- CREATE TRIGGER (points to "TRIGGER");
- CREATE PROCEDURE (points to "PROCEDURE");
- CREATE FUNCTION (points to "FUNCTION" or "AGGREGATE");
+ - GRANT STMT (points to "USER_SPECIFICATION");
This pointer is required to add possibly omitted DEFINER-clause to the
DDL-statement before dumping it to the binlog.
*/
const char *stmt_definition_begin;
+ const char *stmt_definition_end;
/*
Pointers to part of LOAD DATA statement that should be rewritten
=== modified file 'sql/sql_yacc.yy'
--- a/sql/sql_yacc.yy 2010-02-20 17:08:35 +0000
+++ b/sql/sql_yacc.yy 2011-01-19 06:12:05 +0000
@@ -10357,16 +10357,18 @@ grant:
;
grant_command:
- grant_privileges ON opt_table grant_ident TO_SYM grant_list
- require_clause grant_options
+ grant_privileges ON opt_table grant_ident TO_SYM remember_name
+ grant_list remember_end require_clause grant_options
{
LEX *lex= Lex;
+ lex->stmt_definition_begin= $6;
+ lex->stmt_definition_end= $8;
lex->sql_command= SQLCOM_GRANT;
lex->type= 0;
}
|
- grant_privileges ON FUNCTION_SYM grant_ident TO_SYM grant_list
- require_clause grant_options
+ grant_privileges ON FUNCTION_SYM grant_ident TO_SYM remember_name
+ grant_list remember_end require_clause grant_options
{
LEX *lex= Lex;
if (lex->columns.elements)
@@ -10374,12 +10376,14 @@ grant_command:
my_parse_error(ER(ER_SYNTAX_ERROR));
MYSQL_YYABORT;
}
+ lex->stmt_definition_begin= $6;
+ lex->stmt_definition_end= $8;
lex->sql_command= SQLCOM_GRANT;
lex->type= TYPE_ENUM_FUNCTION;
}
|
- grant_privileges ON PROCEDURE grant_ident TO_SYM grant_list
- require_clause grant_options
+ grant_privileges ON PROCEDURE grant_ident TO_SYM remember_name
+ grant_list remember_end require_clause grant_options
{
LEX *lex= Lex;
if (lex->columns.elements)
@@ -10387,6 +10391,8 @@ grant_command:
my_parse_error(ER(ER_SYNTAX_ERROR));
MYSQL_YYABORT;
}
+ lex->stmt_definition_begin= $6;
+ lex->stmt_definition_end= $8;
lex->sql_command= SQLCOM_GRANT;
lex->type= TYPE_ENUM_PROCEDURE;
}
Attachment: [text/bzr-bundle] bzr/daogang.qu@greatopensource.com-20110119061205-l3dql3hwufihzjas.bundle
