Commit 19e998d2 authored by Alexander Barkov's avatar Alexander Barkov

MDEV-22030 Don't grant REPLICATION MASTER ADMIN automatically on upgrade from...

MDEV-22030 Don't grant REPLICATION MASTER ADMIN automatically on upgrade from an older JSON user table
parent 30cacf3f
...@@ -90,6 +90,10 @@ host='localhost' and user='good_version_id_100400'; ...@@ -90,6 +90,10 @@ host='localhost' and user='good_version_id_100400';
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
SHOW GRANTS FOR good_version_id_100400@localhost; SHOW GRANTS FOR good_version_id_100400@localhost;
Grants for good_version_id_100400@localhost Grants for good_version_id_100400@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION
GRANT REPLICATION MASTER ADMIN ON *.* TO good_version_id_100400@localhost;
SHOW GRANTS FOR good_version_id_100400@localhost;
Grants for good_version_id_100400@localhost
GRANT ALL PRIVILEGES ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION GRANT ALL PRIVILEGES ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION
DROP USER good_version_id_100400@localhost; DROP USER good_version_id_100400@localhost;
CREATE USER good_version_id_100500@localhost; CREATE USER good_version_id_100500@localhost;
......
...@@ -81,6 +81,10 @@ WHERE ...@@ -81,6 +81,10 @@ WHERE
host='localhost' and user='good_version_id_100400'; host='localhost' and user='good_version_id_100400';
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
SHOW GRANTS FOR good_version_id_100400@localhost; SHOW GRANTS FOR good_version_id_100400@localhost;
# Testing that it's missing only "REPLICATION MASTER ADMIN".
# Should report ALL PRIVILEGES after GRANT REPLICATION MASTER ADMIN:
GRANT REPLICATION MASTER ADMIN ON *.* TO good_version_id_100400@localhost;
SHOW GRANTS FOR good_version_id_100400@localhost;
DROP USER good_version_id_100400@localhost; DROP USER good_version_id_100400@localhost;
......
...@@ -1033,6 +1033,14 @@ class User_table_tabular: public User_table ...@@ -1033,6 +1033,14 @@ class User_table_tabular: public User_table
if (access & SUPER_ACL) if (access & SUPER_ACL)
access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS; access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS;
/*
The SHOW SLAVE HOSTS statement :
- required REPLICATION SLAVE privilege prior to 10.5.2
- requires REPLICATION MASTER ADMIN privilege since 10.5.2
There is no a way to GRANT MASTER ADMIN with User_table_tabular.
So let's automatically add REPLICATION MASTER ADMIN for all users
that had REPLICATION SLAVE. This will allow to do SHOW SLAVE HOSTS.
*/
if (access & REPL_SLAVE_ACL) if (access & REPL_SLAVE_ACL)
access|= REPL_MASTER_ADMIN_ACL; access|= REPL_MASTER_ADMIN_ACL;
...@@ -1519,9 +1527,6 @@ class User_table_json: public User_table ...@@ -1519,9 +1527,6 @@ class User_table_json: public User_table
{ {
if (access & SUPER_ACL) if (access & SUPER_ACL)
access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS; access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS;
if (access & REPL_SLAVE_ACL)
access|= REPL_MASTER_ADMIN_ACL;
} }
if (orig_access & ~mask) if (orig_access & ~mask)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment