List:Commits« Previous MessageNext Message »
From:daogang.qu Date:January 21 2011 11:12am
Subject:bzr commit into mysql-5.0 branch (daogang.qu:2895) Bug#58712
View as plain text  
#At file:///home/daogang/bzrwork/bug58712/mysql-5.0/ based on revid:alexander.nozdrin@stripped

 2895 daogang.qu@stripped	2011-01-21
      Bug #58712  GRANT ... IDENTIFIED BY password is not encrypted in the binary log
      
      The password is not encrypted in binary log for GRANT stmt.
      
      After the patch, the password will be encrypted in binary
      log for GRANT stmt.
     @ mysql-test/r/grant.result
        Test result of the patch of bug#58712.
     @ mysql-test/r/rpl_grant.result
        Updated for the patch of bug#58712.
     @ mysql-test/r/rpl_openssl.result
        Updated for the patch of bug#58712.
     @ mysql-test/r/rpl_sp.result
        Updated for the patch of bug#58712.
     @ mysql-test/r/rpl_ssl.result
        Updated for the patch of bug#58712.
     @ mysql-test/r/rpl_user.result
        Test result of the patch of bug#58712.
     @ mysql-test/t/grant.test
        Added test to verify if the password is encrypted
        in binary log when granting privileges to users.
     @ mysql-test/t/rpl_user.test
        Added test to verify if the password is encrypted
        in binary log for CREATE USER stmt.
     @ sql/sql_acl.cc
        Add code to create a new query string for user password is
        encryped in the binary log for GRANT stmt.
     @ sql/sql_yacc.yy
        Added code to record the offset of begin and end
        of grant_list.

    modified:
      mysql-test/r/grant.result
      mysql-test/r/rpl_grant.result
      mysql-test/r/rpl_openssl.result
      mysql-test/r/rpl_sp.result
      mysql-test/r/rpl_ssl.result
      mysql-test/r/rpl_user.result
      mysql-test/t/grant.test
      mysql-test/t/rpl_user.test
      sql/sql_acl.cc
      sql/sql_lex.h
      sql/sql_yacc.yy
=== modified file 'mysql-test/r/grant.result'
--- a/mysql-test/r/grant.result	2009-06-11 11:49:04 +0000
+++ b/mysql-test/r/grant.result	2011-01-21 11:12:29 +0000
@@ -1156,4 +1156,55 @@ CURRENT_USER()
 root@localhost
 SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");
 SET PASSWORD FOR CURRENT_USER() = PASSWORD("");
+RESET MASTER;
+CREATE USER user1@localhost IDENTIFIED BY 'secret';
+CREATE USER user2@localhost IDENTIFIED BY 'secret';
+SET PASSWORD FOR user1@localhost = PASSWORD('secret');
+# Test the password is encrypted in binary log
+# when granting privileges on tables to users.
+GRANT UPDATE ON *.* TO user1@localhost IDENTIFIED BY 'secret' WITH GRANT OPTION;
+GRANT UPDATE ON *.* /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT UPDATE ON *.* /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT UPDATE ON *.* TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE UPDATE ON *.* FROM user1@localhost, user2@localhost;
+# Test the password is encrypted in binary log
+# when granting privileges on procedure to users.
+CREATE PROCEDURE p1() SQL SECURITY INVOKER SELECT 1;
+GRANT EXECUTE ON PROCEDURE p1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON PROCEDURE p1 /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON PROCEDURE p1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE EXECUTE ON PROCEDURE p1 FROM user1@localhost, user2@localhost;
+# Test the password is encrypted in binary log
+# when granting privileges on function to users.
+CREATE FUNCTION f1() RETURNS INT RETURN 123;
+GRANT EXECUTE ON FUNCTION f1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON FUNCTION f1 /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON FUNCTION f1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE EXECUTE ON FUNCTION f1 FROM user1@localhost, user2@localhost;
+show binlog events from <binlog_start>;
+Log_name	Pos	Event_type	Server_id	End_log_pos	Info
+master-bin.000001	#	Query	#	#	use `test`; CREATE USER 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7'
+master-bin.000001	#	Query	#	#	use `test`; CREATE USER 'user2'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7'
+master-bin.000001	#	Query	#	#	use `test`; SET PASSWORD FOR 'user1'@'localhost'='*14E65567ABDB5135D0CFD9A70B3032C179A49EE7'
+master-bin.000001	#	Query	#	#	use `test`; GRANT UPDATE ON *.* TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7' WITH GRANT OPTION
+master-bin.000001	#	Query	#	#	use `test`; GRANT UPDATE ON *.* /*before to*/TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90
+master-bin.000001	#	Query	#	#	use `test`; GRANT UPDATE ON *.* /*before to*/TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90
+master-bin.000001	#	Query	#	#	use `test`; GRANT UPDATE ON *.* TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F'
+master-bin.000001	#	Query	#	#	use `test`; REVOKE UPDATE ON *.* FROM user1@localhost, user2@localhost
+master-bin.000001	#	Query	#	#	use `test`; CREATE DEFINER=`root`@`localhost` PROCEDURE `p1`()
+    SQL SECURITY INVOKER
+SELECT 1
+master-bin.000001	#	Query	#	#	use `test`; GRANT EXECUTE ON PROCEDURE p1 TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90
+master-bin.000001	#	Query	#	#	use `test`; GRANT EXECUTE ON PROCEDURE p1 /*before to*/TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90
+master-bin.000001	#	Query	#	#	use `test`; GRANT EXECUTE ON PROCEDURE p1 TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F'
+master-bin.000001	#	Query	#	#	use `test`; REVOKE EXECUTE ON PROCEDURE p1 FROM user1@localhost, user2@localhost
+master-bin.000001	#	Query	#	#	use `test`; CREATE DEFINER=`root`@`localhost` FUNCTION `f1`() RETURNS int(11)
+RETURN 123
+master-bin.000001	#	Query	#	#	use `test`; GRANT EXECUTE ON FUNCTION f1 TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90
+master-bin.000001	#	Query	#	#	use `test`; GRANT EXECUTE ON FUNCTION f1 /*before to*/TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90
+master-bin.000001	#	Query	#	#	use `test`; GRANT EXECUTE ON FUNCTION f1 TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*14E65567ABDB5135D0CFD9A70B3032C179A49EE7','user2'@'localhost' IDENTIFIED BY PASSWORD '*305D7BCA9D65D8D5C4677F05CD2EA2EBE350158F'
+master-bin.000001	#	Query	#	#	use `test`; REVOKE EXECUTE ON FUNCTION f1 FROM user1@localhost, user2@localhost
+DROP USER user1@localhost, user2@localhost;
+DROP FUNCTION f1;
+DROP PROCEDURE p1;
 End of 5.0 tests

=== modified file 'mysql-test/r/rpl_grant.result'
--- a/mysql-test/r/rpl_grant.result	2008-09-24 12:59:56 +0000
+++ b/mysql-test/r/rpl_grant.result	2011-01-21 11:12:29 +0000
@@ -48,7 +48,7 @@ Master_User	root
 Master_Port	MASTER_PORT
 Connect_Retry	1
 Master_Log_File	master-bin.000001
-Read_Master_Log_Pos	515
+Read_Master_Log_Pos	524
 Relay_Log_File	#
 Relay_Log_Pos	#
 Relay_Master_Log_File	master-bin.000001
@@ -63,7 +63,7 @@ Replicate_Wild_Ignore_Table
 Last_Errno	0
 Last_Error	
 Skip_Counter	0
-Exec_Master_Log_Pos	515
+Exec_Master_Log_Pos	524
 Relay_Log_Space	#
 Until_Condition	None
 Until_Log_File	

=== modified file 'mysql-test/r/rpl_openssl.result'
--- a/mysql-test/r/rpl_openssl.result	2006-04-18 16:10:47 +0000
+++ b/mysql-test/r/rpl_openssl.result	2011-01-21 11:12:29 +0000
@@ -20,7 +20,7 @@ t
 1
 show slave status;
 Slave_IO_State	Master_Host	Master_User	Master_Port	Connect_Retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_Do_DB	Replicate_Ignore_DB	Replicate_Do_Table	Replicate_Ignore_Table	Replicate_Wild_Do_Table	Replicate_Wild_Ignore_Table	Last_Errno	Last_Error	Skip_Counter	Exec_Master_Log_Pos	Relay_Log_Space	Until_Condition	Until_Log_File	Until_Log_Pos	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key	Seconds_Behind_Master
-#	127.0.0.1	replssl	MASTER_MYPORT	1	master-bin.000001	398	#	#	master-bin.000001	Yes	Yes							0		0	398	#	None		0	Yes	MYSQL_TEST_DIR/std_data/cacert.pem		MYSQL_TEST_DIR/std_data/client-cert.pem		MYSQL_TEST_DIR/std_data/client-key.pem	#
+#	127.0.0.1	replssl	MASTER_MYPORT	1	master-bin.000001	402	#	#	master-bin.000001	Yes	Yes							0		0	402	#	None		0	Yes	MYSQL_TEST_DIR/std_data/cacert.pem		MYSQL_TEST_DIR/std_data/client-cert.pem		MYSQL_TEST_DIR/std_data/client-key.pem	#
 stop slave;
 change master to master_user='root',master_password='', master_ssl=0;
 start slave;
@@ -28,4 +28,4 @@ drop user replssl@localhost;
 drop table t1;
 show slave status;
 Slave_IO_State	Master_Host	Master_User	Master_Port	Connect_Retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_Do_DB	Replicate_Ignore_DB	Replicate_Do_Table	Replicate_Ignore_Table	Replicate_Wild_Do_Table	Replicate_Wild_Ignore_Table	Last_Errno	Last_Error	Skip_Counter	Exec_Master_Log_Pos	Relay_Log_Space	Until_Condition	Until_Log_File	Until_Log_Pos	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key	Seconds_Behind_Master
-#	127.0.0.1	root	MASTER_MYPORT	1	master-bin.000001	564	#	#	master-bin.000001	Yes	Yes							0		0	564	#	None		0	No	MYSQL_TEST_DIR/std_data/cacert.pem		MYSQL_TEST_DIR/std_data/client-cert.pem		MYSQL_TEST_DIR/std_data/client-key.pem	#
+#	127.0.0.1	root	MASTER_MYPORT	1	master-bin.000001	568	#	#	master-bin.000001	Yes	Yes							0		0	568	#	None		0	No	MYSQL_TEST_DIR/std_data/cacert.pem		MYSQL_TEST_DIR/std_data/client-cert.pem		MYSQL_TEST_DIR/std_data/client-key.pem	#

=== modified file 'mysql-test/r/rpl_sp.result'
--- a/mysql-test/r/rpl_sp.result	2009-07-02 11:22:12 +0000
+++ b/mysql-test/r/rpl_sp.result	2011-01-21 11:12:29 +0000
@@ -405,7 +405,7 @@ master-bin.000001	#	Query	1	#	use `mysql
 master-bin.000001	#	Query	1	#	use `mysqltest1`; CREATE DEFINER=`root`@`localhost` PROCEDURE `foo3`()
     DETERMINISTIC
 insert into t1 values (15)
-master-bin.000001	#	Query	1	#	use `mysqltest1`; grant CREATE ROUTINE, EXECUTE on mysqltest1.* to "zedjzlcsjhd"@127.0.0.1
+master-bin.000001	#	Query	1	#	use `mysqltest1`; grant CREATE ROUTINE, EXECUTE on mysqltest1.* to 'zedjzlcsjhd'@'127.0.0.1'
 master-bin.000001	#	Query	1	#	use `mysqltest1`; grant SELECT on mysqltest1.t1 to "zedjzlcsjhd"@127.0.0.1
 master-bin.000001	#	Query	1	#	use `mysqltest1`; grant SELECT, INSERT on mysqltest1.t2 to "zedjzlcsjhd"@127.0.0.1
 master-bin.000001	#	Query	1	#	use `mysqltest1`; CREATE DEFINER=`zedjzlcsjhd`@`127.0.0.1` PROCEDURE `foo4`()
@@ -637,7 +637,7 @@ CREATE DEFINER=`root`@`localhost` PROCED
 insert into t1 values (15)
 /*!*/;
 SET TIMESTAMP=t/*!*/;
-grant CREATE ROUTINE, EXECUTE on mysqltest1.* to "zedjzlcsjhd"@127.0.0.1
+grant CREATE ROUTINE, EXECUTE on mysqltest1.* to 'zedjzlcsjhd'@'127.0.0.1'
 /*!*/;
 SET TIMESTAMP=t/*!*/;
 grant SELECT on mysqltest1.t1 to "zedjzlcsjhd"@127.0.0.1

=== modified file 'mysql-test/r/rpl_ssl.result'
--- a/mysql-test/r/rpl_ssl.result	2007-06-15 11:09:28 +0000
+++ b/mysql-test/r/rpl_ssl.result	2011-01-21 11:12:29 +0000
@@ -26,7 +26,7 @@ Master_User	replssl
 Master_Port	MASTER_MYPORT
 Connect_Retry	1
 Master_Log_File	master-bin.000001
-Read_Master_Log_Pos	420
+Read_Master_Log_Pos	424
 Relay_Log_File	#
 Relay_Log_Pos	#
 Relay_Master_Log_File	master-bin.000001
@@ -41,7 +41,7 @@ Replicate_Wild_Ignore_Table
 Last_Errno	0
 Last_Error	
 Skip_Counter	0
-Exec_Master_Log_Pos	420
+Exec_Master_Log_Pos	424
 Relay_Log_Space	#
 Until_Condition	None
 Until_Log_File	

=== modified file 'mysql-test/r/rpl_user.result'
--- a/mysql-test/r/rpl_user.result	2008-03-27 05:42:34 +0000
+++ b/mysql-test/r/rpl_user.result	2011-01-21 11:12:29 +0000
@@ -15,11 +15,19 @@ create user 'foo'@'fakehost', 'bar'@'fak
 ERROR HY000: Operation CREATE USER failed for 'foo'@'fakehost'
 create user 'foo'@'fakehost', 'bar'@'fakehost';
 ERROR HY000: Operation CREATE USER failed for 'foo'@'fakehost','bar'@'fakehost'
+create user 'foo1'@'fakehost' IDENTIFIED BY 'foo1', 'foo2'@'fakehost'
+  IDENTIFIED BY PASSWORD'*1111111111111111111111111111111111111111',
+'foo3'@'fakehost';
 select Host,User from mysql.user where Host='fakehost';
 Host	User
 fakehost	bar
 fakehost	foo
+fakehost	foo1
+fakehost	foo2
+fakehost	foo3
+Comparing tables master:mysql.user and slave:mysql.user
 rename user 'foo'@'fakehost' to 'foofoo'@'fakehost';
+drop user 'foo1'@'fakehost', 'foo2'@'fakehost', 'foo3'@'fakehost';
 rename user 'not_exist_user1'@'fakehost' to 'foobar'@'fakehost', 'bar'@'fakehost' to 'barbar'@'fakehost';
 ERROR HY000: Operation RENAME USER failed for 'not_exist_user1'@'fakehost'
 rename user 'not_exist_user1'@'fakehost' to 'foobar'@'fakehost', 'not_exist_user2'@'fakehost' to 'barfoo'@'fakehost';
@@ -37,9 +45,11 @@ select Host,User from mysql.user where H
 Host	User
 show binlog events from <binlog_start>;
 Log_name	Pos	Event_type	Server_id	End_log_pos	Info
-master-bin.000001	#	Query	#	#	use `test`; create user 'foo'@'fakehost'
-master-bin.000001	#	Query	#	#	use `test`; create user 'foo'@'fakehost', 'bar'@'fakehost'
+master-bin.000001	#	Query	#	#	use `test`; CREATE USER 'foo'@'fakehost'
+master-bin.000001	#	Query	#	#	use `test`; CREATE USER 'foo'@'fakehost','bar'@'fakehost'
+master-bin.000001	#	Query	#	#	use `test`; CREATE USER 'foo1'@'fakehost' IDENTIFIED BY PASSWORD '*6EAC5249D53050AE649BDB0CC4B85D1AE90CA16E','foo2'@'fakehost' IDENTIFIED BY PASSWORD '*1111111111111111111111111111111111111111','foo3'@'fakehost'
 master-bin.000001	#	Query	#	#	use `test`; rename user 'foo'@'fakehost' to 'foofoo'@'fakehost'
+master-bin.000001	#	Query	#	#	use `test`; drop user 'foo1'@'fakehost', 'foo2'@'fakehost', 'foo3'@'fakehost'
 master-bin.000001	#	Query	#	#	use `test`; rename user 'not_exist_user1'@'fakehost' to 'foobar'@'fakehost', 'bar'@'fakehost' to 'barbar'@'fakehost'
 master-bin.000001	#	Query	#	#	use `test`; drop user 'foofoo'@'fakehost'
 master-bin.000001	#	Query	#	#	use `test`; drop user 'not_exist_user1'@'fakehost', 'barbar'@'fakehost'

=== modified file 'mysql-test/t/grant.test'
--- a/mysql-test/t/grant.test	2009-06-11 11:49:04 +0000
+++ b/mysql-test/t/grant.test	2011-01-21 11:12:29 +0000
@@ -1166,6 +1166,45 @@ SELECT CURRENT_USER();
 SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");
 SET PASSWORD FOR CURRENT_USER() = PASSWORD("");
 
+#
+# Bug #58712
+# This test verifies that the password is encrypted
+# in binary log when granting privileges to users.
+#
+RESET MASTER;
+CREATE USER user1@localhost IDENTIFIED BY 'secret';
+CREATE USER user2@localhost IDENTIFIED BY 'secret';
+SET PASSWORD FOR user1@localhost = PASSWORD('secret');
+
+--echo # Test the password is encrypted in binary log
+--echo # when granting privileges on tables to users.
+GRANT UPDATE ON *.* TO user1@localhost IDENTIFIED BY 'secret' WITH GRANT OPTION;
+GRANT UPDATE ON *.* /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT UPDATE ON *.* /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT UPDATE ON *.* TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE UPDATE ON *.* FROM user1@localhost, user2@localhost;
+
+--echo # Test the password is encrypted in binary log
+--echo # when granting privileges on procedure to users.
+CREATE PROCEDURE p1() SQL SECURITY INVOKER SELECT 1;
+GRANT EXECUTE ON PROCEDURE p1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON PROCEDURE p1 /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON PROCEDURE p1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE EXECUTE ON PROCEDURE p1 FROM user1@localhost, user2@localhost;
+
+--echo # Test the password is encrypted in binary log
+--echo # when granting privileges on function to users.
+CREATE FUNCTION f1() RETURNS INT RETURN 123;
+GRANT EXECUTE ON FUNCTION f1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before with*/ WITH MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON FUNCTION f1 /*before to*/TO/*after to*/ user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2' /*before require*/REQUIRE SSL/*after require*/ /*before with*/WITH/*after with*/MAX_QUERIES_PER_HOUR 90;
+GRANT EXECUTE ON FUNCTION f1 TO user1@localhost IDENTIFIED BY 'secret', user2@localhost IDENTIFIED BY 'secret2';
+REVOKE EXECUTE ON FUNCTION f1 FROM user1@localhost, user2@localhost;
+
+--source include/show_binlog_events.inc
+DROP USER user1@localhost, user2@localhost;
+DROP FUNCTION f1;
+DROP PROCEDURE p1;
+
 --echo End of 5.0 tests
 
 disconnect master;

=== modified file 'mysql-test/t/rpl_user.test'
--- a/mysql-test/t/rpl_user.test	2008-02-04 11:22:37 +0000
+++ b/mysql-test/t/rpl_user.test	2011-01-21 11:12:29 +0000
@@ -25,15 +25,23 @@ create user 'foo'@'fakehost';
 create user 'foo'@'fakehost', 'bar'@'fakehost';
 --error ER_CANNOT_USER
 create user 'foo'@'fakehost', 'bar'@'fakehost';
+# In log event, Plaintext password 'foo1' is replaced by ciphertext.
+create user 'foo1'@'fakehost' IDENTIFIED BY 'foo1', 'foo2'@'fakehost'
+  IDENTIFIED BY PASSWORD'*1111111111111111111111111111111111111111',
+  'foo3'@'fakehost';
 
 sync_slave_with_master;
 select Host,User from mysql.user where Host='fakehost';
+let $diff_table_1= master:mysql.user;
+let $diff_table_2= slave:mysql.user;
+source include/diff_tables.inc;
 
 #
 # Test rename user
 #
 connection master;
 rename user 'foo'@'fakehost' to 'foofoo'@'fakehost';
+drop user 'foo1'@'fakehost', 'foo2'@'fakehost', 'foo3'@'fakehost';
 --error ER_CANNOT_USER
 rename user 'not_exist_user1'@'fakehost' to 'foobar'@'fakehost', 'bar'@'fakehost' to 'barbar'@'fakehost';
 --error ER_CANNOT_USER

=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc	2010-02-20 17:08:35 +0000
+++ b/sql/sql_acl.cc	2011-01-21 11:12:29 +0000
@@ -3050,6 +3050,60 @@ int mysql_table_grant(THD *thd, TABLE_LI
 }
 
 
+/**
+  Auxiliary function for constructing a  user list string.
+  @param str     A String to store the user list.
+  @param user    A LEX_USER which will be appended into user list.
+  @param comma   If TRUE, append a ',' before the the user.
+  @param passwd  If TRUE, append ' IDENTIFIED BY PASSWORD ...' after the user,
+                 if the given user has password.
+ */
+static void append_user(String *str, LEX_USER *user, bool comma,
+                        bool passwd)
+{
+  if (comma)
+    str->append(',');
+  str->append('\'');
+  str->append(user->user.str);
+  str->append(STRING_WITH_LEN("'@'"));
+  str->append(user->host.str);
+  str->append('\'');
+
+  if (passwd && user->password.str)
+  {
+    str->append(STRING_WITH_LEN(" IDENTIFIED BY PASSWORD '"));
+    str->append(user->password.str, user->password.length);
+    str->append('\'');
+  }
+}
+
+/**
+  Create a new query string for user password is encrypted
+  in the binary log for grant stmt.
+
+  @param[in] thd                 Thread handler
+  @param[in] log_buf             Query string for binlog
+  @param[in] user_query          Query string for users
+
+  @return
+             0           ok
+             1           error
+*/
+static int
+create_grant_stmt(THD *thd, String *log_buf, const String &user_query)
+{
+  if (log_buf->append(thd->query,
+                      thd->lex->stmt_definition_begin -
+                      thd->query + 2 /*TO*/) ||
+      log_buf->append(' ') ||
+      log_buf->append(user_query) ||
+      log_buf->append(thd->lex->stmt_definition_end))
+    return 1;
+
+  return 0;
+}
+
+
 /*
   Store routine level grants in the privilege tables
 
@@ -3076,6 +3130,8 @@ bool mysql_routine_grant(THD *thd, TABLE
   TABLE_LIST tables[2];
   bool create_new_users=0, result=0;
   char *db_name, *table_name;
+  String log_query, user_query;
+  bool comma= FALSE;
   DBUG_ENTER("mysql_routine_grant");
 
   if (!initialized)
@@ -3148,7 +3204,15 @@ bool mysql_routine_grant(THD *thd, TABLE
     {
       result= TRUE;
       continue;
-    }  
+    }
+
+    if (!revoke_grant)
+    {
+      /* Generate user_specification for GRANT query */
+      append_user(&user_query, Str, comma, TRUE);
+      comma= TRUE;
+    }
+
     /* Create user if needed */
     error=replace_user_table(thd, tables[0].table, *Str,
 			     0, revoke_grant, create_new_users,
@@ -3201,9 +3265,32 @@ bool mysql_routine_grant(THD *thd, TABLE
     if (mysql_bin_log.is_open())
     {
       thd->clear_error();
-      Query_log_event qinfo(thd, thd->query, thd->query_length,
+      if (revoke_grant)
+      {
+        Query_log_event qinfo(thd, thd->query, thd->query_length,
                             0, FALSE, THD::NOT_KILLED);
-      mysql_bin_log.write(&qinfo);
+        result= mysql_bin_log.write(&qinfo);
+      }
+      else
+      {
+        /*
+          Binlog grant stmt with user password is encrypted
+          when granting privileges on routine to users.
+        */
+        if (create_grant_stmt(thd, &log_query, user_query))
+        {
+          sql_print_error("Event Error: An error occurred while creating query "
+                          "for GRANT stmt when granting privileges on routine "
+                          "to users, before writing it into binary log.");
+          result= TRUE;
+        }
+        else
+        {
+          Query_log_event qinfo(thd, log_query.c_ptr_safe(), log_query.length(),
+                                0, FALSE, THD::NOT_KILLED);
+          result= mysql_bin_log.write(&qinfo);
+        }
+      }
     }
   }
 
@@ -3225,6 +3312,8 @@ bool mysql_grant(THD *thd, const char *d
   char tmp_db[NAME_LEN+1];
   bool create_new_users=0;
   TABLE_LIST tables[2];
+  String log_query, user_query;
+  bool comma= FALSE;
   DBUG_ENTER("mysql_grant");
   if (!initialized)
   {
@@ -3287,6 +3376,14 @@ bool mysql_grant(THD *thd, const char *d
       result= TRUE;
       continue;
     }
+
+    if (!revoke_grant)
+    {
+      /* Generate user_specification for GRANT query */
+      append_user(&user_query, Str, comma, TRUE);
+      comma= TRUE;
+    }
+
     if (replace_user_table(thd, tables[0].table, *Str,
                            (!db ? rights : 0), revoke_grant, create_new_users,
                            test(thd->variables.sql_mode &
@@ -3315,9 +3412,34 @@ bool mysql_grant(THD *thd, const char *d
     if (mysql_bin_log.is_open())
     {
       thd->clear_error();
-      Query_log_event qinfo(thd, thd->query, thd->query_length,
-                            0, FALSE, THD::NOT_KILLED);
-      mysql_bin_log.write(&qinfo);
+      if (revoke_grant)
+      {
+        Query_log_event qinfo(thd, thd->query, thd->query_length,
+                              0, FALSE, THD::NOT_KILLED);
+        if (mysql_bin_log.write(&qinfo))
+          result= -1;
+      }
+      else
+      {
+        /*
+          Binlog grant stmt with user password is encrypted
+          when granting privileges on tables to users.
+        */
+        if (create_grant_stmt(thd, &log_query, user_query))
+        {
+          sql_print_error("Event Error: An error occurred while creating query "
+                          "for GRANT stmt when granting privileges on tables "
+                          "to users, before writing it into binary log.");
+          result= -1;
+        }
+        else
+        {
+          Query_log_event qinfo(thd, log_query.c_ptr_safe(), log_query.length(),
+                                0, FALSE, THD::NOT_KILLED);
+          if (mysql_bin_log.write(&qinfo))
+            result= -1;
+        }
+      }
     }
   }
 
@@ -5356,18 +5478,6 @@ static int handle_grant_data(TABLE_LIST
 }
 
 
-static void append_user(String *str, LEX_USER *user)
-{
-  if (str->length())
-    str->append(',');
-  str->append('\'');
-  str->append(user->user.str);
-  str->append(STRING_WITH_LEN("'@'"));
-  str->append(user->host.str);
-  str->append('\'');
-}
-
-
 /*
   Create a list of users.
 
@@ -5385,11 +5495,13 @@ bool mysql_create_user(THD *thd, List <L
 {
   int result;
   String wrong_users;
+  String log_query;
   ulong sql_mode;
   LEX_USER *user_name, *tmp_user_name;
   List_iterator <LEX_USER> user_list(list);
   TABLE_LIST tables[GRANT_TABLES];
   bool some_users_created= FALSE;
+  bool comma= FALSE;
   DBUG_ENTER("mysql_create_user");
 
   /* CREATE USER may be skipped on replication client. */
@@ -5399,6 +5511,7 @@ bool mysql_create_user(THD *thd, List <L
   rw_wrlock(&LOCK_grant);
   VOID(pthread_mutex_lock(&acl_cache->lock));
 
+  log_query.append(STRING_WITH_LEN("CREATE USER "));
   while ((tmp_user_name= user_list++))
   {
     if (!(user_name= get_current_user(thd, tmp_user_name)))
@@ -5407,13 +5520,16 @@ bool mysql_create_user(THD *thd, List <L
       continue;
     }
 
+    /* Generate user_specification for CREATE USER query */
+    append_user(&log_query, user_name, comma, TRUE);
+    comma= TRUE;
     /*
       Search all in-memory structures and grant tables
       for a mention of the new user name.
     */
     if (handle_grant_data(tables, 0, user_name, NULL))
     {
-      append_user(&wrong_users, user_name);
+      append_user(&wrong_users, user_name, wrong_users.length() > 0, FALSE);
       result= TRUE;
       continue;
     }
@@ -5422,7 +5538,7 @@ bool mysql_create_user(THD *thd, List <L
     sql_mode= thd->variables.sql_mode;
     if (replace_user_table(thd, tables[0].table, *user_name, 0, 0, 1, 0))
     {
-      append_user(&wrong_users, user_name);
+      append_user(&wrong_users, user_name, wrong_users.length() > 0, FALSE);
       result= TRUE;
     }
   }
@@ -5434,7 +5550,7 @@ bool mysql_create_user(THD *thd, List <L
 
   if (some_users_created && mysql_bin_log.is_open())
   {
-    Query_log_event qinfo(thd, thd->query, thd->query_length,
+    Query_log_event qinfo(thd, log_query.c_ptr_safe(), log_query.length(),
                           0, FALSE, THD::NOT_KILLED);
     mysql_bin_log.write(&qinfo);
   }
@@ -5484,7 +5600,7 @@ bool mysql_drop_user(THD *thd, List <LEX
     }  
     if (handle_grant_data(tables, 1, user_name, NULL) <= 0)
     {
-      append_user(&wrong_users, user_name);
+      append_user(&wrong_users, user_name, wrong_users.length() > 0, FALSE);
       result= TRUE;
       continue;
     }
@@ -5568,7 +5684,7 @@ bool mysql_rename_user(THD *thd, List <L
     if (handle_grant_data(tables, 0, user_to, NULL) ||
         handle_grant_data(tables, 0, user_from, user_to) <= 0)
     {
-      append_user(&wrong_users, user_from);
+      append_user(&wrong_users, user_from, wrong_users.length() > 0, FALSE);
       result= TRUE;
       continue;
     }

=== modified file 'sql/sql_lex.h'
--- a/sql/sql_lex.h	2009-05-06 13:06:32 +0000
+++ b/sql/sql_lex.h	2011-01-21 11:12:29 +0000
@@ -1169,11 +1169,13 @@ typedef struct st_lex : public Query_tab
       - CREATE TRIGGER (points to "TRIGGER");
       - CREATE PROCEDURE (points to "PROCEDURE");
       - CREATE FUNCTION (points to "FUNCTION" or "AGGREGATE");
+      - GRANT STMT (points to "USER_SPECIFICATION");
 
     This pointer is required to add possibly omitted DEFINER-clause to the
     DDL-statement before dumping it to the binlog. 
   */
   const char *stmt_definition_begin;
+  const char *stmt_definition_end;
 
   /*
     Pointers to part of LOAD DATA statement that should be rewritten

=== modified file 'sql/sql_yacc.yy'
--- a/sql/sql_yacc.yy	2010-02-20 17:08:35 +0000
+++ b/sql/sql_yacc.yy	2011-01-21 11:12:29 +0000
@@ -10357,16 +10357,18 @@ grant:
         ;
 
 grant_command:
-	grant_privileges ON opt_table grant_ident TO_SYM grant_list
-	require_clause grant_options
+	grant_privileges ON opt_table grant_ident TO_SYM remember_name
+        grant_list remember_end require_clause grant_options
 	{
           LEX *lex= Lex;
+          lex->stmt_definition_begin= $6;
+          lex->stmt_definition_end= $8;
           lex->sql_command= SQLCOM_GRANT;
           lex->type= 0;
         }
         |
-	grant_privileges ON FUNCTION_SYM grant_ident TO_SYM grant_list
-	require_clause grant_options
+	grant_privileges ON FUNCTION_SYM grant_ident TO_SYM remember_name
+        grant_list remember_end require_clause grant_options
 	{
           LEX *lex= Lex;
           if (lex->columns.elements)
@@ -10374,12 +10376,14 @@ grant_command:
             my_parse_error(ER(ER_SYNTAX_ERROR));
 	    MYSQL_YYABORT;
           }
+          lex->stmt_definition_begin= $6;
+          lex->stmt_definition_end= $8;
           lex->sql_command= SQLCOM_GRANT;
           lex->type= TYPE_ENUM_FUNCTION;
         }
         |
-	grant_privileges ON PROCEDURE grant_ident TO_SYM grant_list
-	require_clause grant_options
+	grant_privileges ON PROCEDURE grant_ident TO_SYM remember_name
+        grant_list remember_end require_clause grant_options
 	{
           LEX *lex= Lex;
           if (lex->columns.elements)
@@ -10387,6 +10391,8 @@ grant_command:
             my_parse_error(ER(ER_SYNTAX_ERROR));
 	    MYSQL_YYABORT;
           }
+          lex->stmt_definition_begin= $6;
+          lex->stmt_definition_end= $8;
           lex->sql_command= SQLCOM_GRANT;
           lex->type= TYPE_ENUM_PROCEDURE;
         }


Attachment: [text/bzr-bundle] bzr/daogang.qu@greatopensource.com-20110121111229-gqipiyc21ctk4mpj.bundle
Thread
bzr commit into mysql-5.0 branch (daogang.qu:2895) Bug#58712daogang.qu21 Jan
  • Re: bzr commit into mysql-5.0 branch (daogang.qu:2895) Bug#58712anders25 Jan
    • Re: bzr commit into mysql-5.0 branch (daogang.qu:2895) Bug#58712Daogang Qu26 Jan