Bug #27606 | GRANT statement should be replicated with DEFINER information | ||
---|---|---|---|
Submitted: | 3 Apr 2007 6:00 | Modified: | 15 Nov 2010 11:51 |
Reporter: | Magnus Blåudd | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Replication | Severity: | S1 (Critical) |
Version: | all | OS: | Any |
Assigned to: | Libing Song | CPU Architecture: | Any |
[3 Apr 2007 6:00]
Magnus Blåudd
[6 Apr 2007 17:25]
Bugs System
Pushed into 5.1.18-beta
[6 Apr 2007 19:37]
Timothy Smith
For clarity: this bug is not fixed; what was pushed is a simple workaround for a test case failure caused by this bug. There is no server code change, and nothing to document at this time.
[23 May 2007 5:23]
Igor Babaev
Hi! The problem with the grantor is similar to how the definer for stored routines and triggers is replicated, i.e., by using an explicit field. The proper solution is to add such a field to the privileges statements that need it, but that is a significant amount of work. The workaround is to connect to the slaves, setting the privileges using the GRANT statement and avoid replicating DML statements that manipulate tables in the mysql.* tables. Since there is a workaround, which is not very taxing on the user, I am tempted to discard of this bug or at least move it to post-5.1. Just my few cents, Mats Kindahl
[23 May 2007 5:24]
Igor Babaev
This problem will be fixed in a version after 5.1.
[1 Oct 2007 7:58]
Mats Kindahl
Reopening this bug since we need to make replication work for this statement. The idea for solving this bug is to add a GRANTOR field in a similar fashion to how the DEFINER field was added to the definition of stored routines and triggers.
[14 Dec 2009 17:18]
MySQL Verification Team
Grantor column is there for future features, mostly for cascaded actions. It should be replicated within the WL# for those features.
[13 Sep 2010 8:06]
Valeriy Kravchuk
Indeed, this is not repeatable with current mysql-5.1 tree: openxs@ubuntu:/home2/openxs/dbs/5.1/mysql-test$ ./mtr bug27606 Logging: ./mtr bug27606 ... TEST RESULT TIME (ms) ------------------------------------------------------------ worker[1] Using MTR_BUILD_THREAD 300, with reserved ports 13000..13009 stop slave; drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; reset master; reset slave; drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; start slave; create table test.t4(a int); GRANT INSERT ON test.t4 TO mysqltest2@localhost; select * from mysql.tables_priv; Host Db User Table_name Grantor Timestamp Table_priv Column_priv localhost test mysqltest2 t4 root@localhost 2010-09-13 11:03:04 Insert select * from mysql.tables_priv; Host Db User Table_name Grantor Timestamp Table_priv Column_priv localhost test mysqltest2 t4 2010-09-13 11:03:04 Insert
[13 Sep 2010 8:07]
Valeriy Kravchuk
My previous comment was wrong. It was 5.1.50 and grantor is NOT replicated.
[13 Sep 2010 8:51]
Valeriy Kravchuk
Problem is still repeatable with recent 5.1.51 (mysql-5.1 tree) from bzr: openxs@ubuntu:/home2/openxs/dbs/5.1/mysql-test$ ./mtr bug27606 Logging: ./mtr bug27606 100913 11:49:38 [Note] Plugin 'FEDERATED' is disabled. 100913 11:49:38 [Note] Plugin 'ndbcluster' is disabled. MySQL Version 5.1.51 Checking supported features... - using ndbcluster when necessary, mysqld supports it - SSL connections supported - binaries are debug compiled Collecting tests... vardir: /home2/openxs/dbs/5.1/mysql-test/var Checking leftover processes... Removing old var directory... Creating var directory '/home2/openxs/dbs/5.1/mysql-test/var'... Installing system database... Using server port 59794 ============================================================================== TEST RESULT TIME (ms) ------------------------------------------------------------ worker[1] Using MTR_BUILD_THREAD 300, with reserved ports 13000..13009 stop slave; drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; reset master; reset slave; drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; start slave; create table test.t4(a int); GRANT INSERT ON test.t4 TO mysqltest2@localhost; select * from mysql.tables_priv; Host Db User Table_name Grantor Timestamp Table_priv Column_priv localhost test mysqltest2 t4 root@localhost 2010-09-13 11:49:42 Insert select * from mysql.tables_priv; Host Db User Table_name Grantor Timestamp Table_priv Column_priv localhost test mysqltest2 t4 2010-09-13 11:49:42 Insert
[13 Sep 2010 8:53]
Valeriy Kravchuk
I've used the following revno: openxs@ubuntu:/home2/openxs/bzr2/mysql-5.1$ bzr log --show-ids -l1 ------------------------------------------------------------ revno: 3468 [merge] revision-id: build@mysql.com-20100819151858-muaaor6jojb5ouzj parent: build@mysql.com-20100819150329-wbfsgrz9hfs73gon parent: alfranio.correia@sun.com-20100803115202-djw53teru56ls7nd author: karen.langford@oracle.com committer: MySQL Build Team <build@mysql.com> branch nick: mysql-5.1 timestamp: Thu 2010-08-19 17:18:58 +0200 message: Merge from mysql-5.1.50-release
[21 Oct 2010 3:13]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/121431 3530 Li-Bing.Song@sun.com 2010-10-21 Bug#27606 GRANT statement should be replicated with DEFINER information "Grantor" columns' data is lost when replicating mysql.tables_priv. Slave SQL thread used its default user ''@'' as the grantor of GRANT|REVOKE statements executing on it. In this patch, current user is put in query log event for all GRANT and REVOKE statement, SQL thread uses the user in query log event as grantor. @ mysql-test/suite/rpl/r/rpl_do_grant.result Add test for this bug. @ mysql-test/suite/rpl/t/rpl_do_grant.test Add test for this bug. @ sql/log_event.cc Refactoring THD::current_user_used and related functions. current_user_used is used to judge if current user should be binlogged in query log event. So it is better to call it m_binlog_invoker. The related functions are renamed too. @ sql/sql_class.cc Refactoring THD::current_user_used and related functions. current_user_used is used to judge if current user should be binlogged in query log event. So it is better to call it m_binlog_invoker. The related functions are renamed too. @ sql/sql_class.h Refactoring THD::current_user_used and related functions. current_user_used is used to judge if current user should be binlogged in query log event. So it is better to call it m_binlog_invoker. The related functions are renamed too. @ sql/sql_parse.cc Call binlog_invoker() for GRANT and REVOKE statements.
[23 Oct 2010 12:57]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/121734 3545 Li-Bing.Song@sun.com 2010-10-23 Bug#27606 GRANT statement should be replicated with DEFINER information "Grantor" columns' data is lost when replicating mysql.tables_priv. Slave SQL thread used its default user ''@'' as the grantor of GRANT|REVOKE statements executing on it. In this patch, current user is put in query log event for all GRANT and REVOKE statement, SQL thread uses the user in query log event as grantor. @ mysql-test/suite/rpl/r/rpl_do_grant.result Add test for this bug. @ mysql-test/suite/rpl/t/rpl_do_grant.test Add test for this bug. @ sql/log_event.cc Refactoring THD::current_user_used and related functions. current_user_used is used to judge if current user should be binlogged in query log event. So it is better to call it m_binlog_invoker. The related functions are renamed too. @ sql/sql_class.cc Refactoring THD::current_user_used and related functions. current_user_used is used to judge if current user should be binlogged in query log event. So it is better to call it m_binlog_invoker. The related functions are renamed too. @ sql/sql_class.h Refactoring THD::current_user_used and related functions. current_user_used is used to judge if current user should be binlogged in query log event. So it is better to call it m_binlog_invoker. The related functions are renamed too. @ sql/sql_parse.cc Call binlog_invoker() for GRANT and REVOKE statements.
[25 Oct 2010 3:24]
Libing Song
Pushed into mysql-5.1-bugteam and merged into mysql-5.5-bugteam and mysql-trunk-merge.
[29 Oct 2010 13:43]
Jon Stephens
Documented bugfix in the 5.1.53 and 5.5.8 changelogs as follows: When replicating mysql.tables_priv, the Grantor column was not replicated and thus left empty on the slave. Waiting for merge to next-mr.
[4 Nov 2010 17:25]
Jon Stephens
Still waiting for merge to -trunk.
[13 Nov 2010 16:16]
Bugs System
Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:alexander.nozdrin@oracle.com-20101113152450-2zzcm50e7i4j35v7) (merge vers: 5.6.1-m4) (pib:21)
[13 Nov 2010 16:28]
Bugs System
Pushed into mysql-next-mr (revid:alexander.nozdrin@oracle.com-20101113160336-atmtmfb3mzm4pz4i) (version source revid:vasil.dimov@oracle.com-20100629074804-359l9m9gniauxr94) (pib:21)
[15 Nov 2010 11:51]
Jon Stephens
Bug does not appear in a 5.6 release, no additional changelog entries required. Closed.
[18 Nov 2010 15:54]
Bugs System
Pushed into mysql-5.1 5.1.54 (revid:build@mysql.com-20101118153531-693taxtxyxpt037i) (version source revid:build@mysql.com-20101118153531-693taxtxyxpt037i) (merge vers: 5.1.54) (pib:21)
[16 Dec 2010 22:25]
Bugs System
Pushed into mysql-5.5 5.5.9 (revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (version source revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (merge vers: 5.5.9) (pib:24)