Reworked the implementation of create role and drop role.

Also fixed issue with drop role not clearing internal memory entry for that role. The issue was due to a condition introduced in handle_grant_data Updated testsuite to also check the possible error conditions.

Reworked the implementation of create role and drop role.
Also fixed issue with drop role not clearing internal memory entry for that role. The issue was due to a condition introduced in handle_grant_data Updated testsuite to also check the possible error conditions.
ce4851c3 · Vicențiu Ciorbaru · Sergei Golubchik · db850c52 · ce4851c3 · ce4851c3
Commit ce4851c3 authored Oct 18, 2013 by Vicențiu Ciorbaru Committed by Sergei Golubchik Oct 18, 2013
6 changed files
--- a/mysql-test/r/acl_roles_create_and_drop_role.result
+++ b/mysql-test/r/acl_roles_create_and_drop_role.result
 use mysql;
+create role test_role1@host1;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '@host1' at line 1
+create role test_role2@host2, test_role1@host1;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '@host2, test_role1@host1' at line 1
 create role test_role1;
 create role test_role2, test_role3;
-select user, host, is_role from user where user like 'test';
+select user, host, is_role from user where user like 'test%';
 user	host	is_role
+test_role1		Y
+test_role2		Y
+test_role3		Y
 drop role test_role1;
 drop role test_role2, test_role3;
 create role test_role1;
@@ -10,12 +17,20 @@ create role test_role1;
 ERROR HY000: Operation CREATE ROLE failed for 'test_role1'
 create role test_role1, test_role2;
 ERROR HY000: Operation CREATE ROLE failed for 'test_role1'
-select user, host, is_role from user where user like 'test';
+select user, host, is_role from user where user like 'test%';
 user	host	is_role
+test_role1		Y
+test_role2		Y
 drop role test_role1;
 drop role test_role1;
 ERROR HY000: Operation DROP ROLE failed for 'test_role1'
 drop role test_role1, test_role2;
 ERROR HY000: Operation DROP ROLE failed for 'test_role1'
-select user, host, is_role from user where user like 'test';
+drop role root;
+ERROR HY000: Operation DROP ROLE failed for 'root'
+create user dummy@'';
+drop role dummy;
+ERROR HY000: Operation DROP ROLE failed for 'dummy'
+drop user dummy@'';
+select user, host, is_role from user where user like 'test%';
 user	host	is_role
--- a/mysql-test/t/acl_roles_create_and_drop_role.test
+++ b/mysql-test/t/acl_roles_create_and_drop_role.test
 connect (mysql, localhost, root,,);
 use mysql;
+#test valid syntax
+--error ER_PARSE_ERROR
+create role test_role1@host1;
+--error ER_PARSE_ERROR
+create role test_role2@host2, test_role1@host1;
 create role test_role1;
 create role test_role2, test_role3;
 --sorted_result
-select user, host, is_role from user where user like 'test';
+select user, host, is_role from user where user like 'test%';
 drop role test_role1;
 drop role test_role2, test_role3;
@@ -18,7 +24,7 @@ create role test_role1;
 create role test_role1, test_role2;
 --sorted_result
-select user, host, is_role from user where user like 'test';
+select user, host, is_role from user where user like 'test%';
 drop role test_role1;
 --error ER_CANNOT_USER
@@ -26,6 +32,14 @@ drop role test_role1;
 --error ER_CANNOT_USER
 drop role test_role1, test_role2;
+#test that we can not drop users when calling drop role
+--error ER_CANNOT_USER
+drop role root;
+create user dummy@'';
+--error ER_CANNOT_USER
+drop role dummy;
+drop user dummy@'';
 --sorted_result
-select user, host, is_role from user where user like 'test';
+select user, host, is_role from user where user like 'test%';
 disconnect mysql;
--- a/sql/share/errmsg-utf8.txt
+++ b/sql/share/errmsg-utf8.txt
@@ -6572,5 +6572,3 @@ ER_INVALID_CURRENT_USER
 ER_INVALID_ROLE_COMMAND
 	eng "Unable to execute role related command. The user table is in invalid format."
 	rum "Comanda asupra rolurilor nu poate fi executate. Tabelul "user" este in format invalid."
-ER_ROLE_AS_USER
-	eng "The role '%s' is marked as a user '%s'@''
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
--- a/sql/sql_acl.h
+++ b/sql/sql_acl.h
@@ -230,12 +230,10 @@ ulong get_column_grant(THD *thd, GRANT_INFO *grant,
 bool mysql_show_grants(THD *thd, LEX_USER *user);
 void get_privilege_desc(char *to, uint max_length, ulong access);
 void get_mqh(const char *user, const char *host, USER_CONN *uc);
-bool mysql_create_user(THD *thd, List <LEX_USER> &list);
+bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role);
-bool mysql_drop_user(THD *thd, List <LEX_USER> &list);
+bool mysql_drop_user(THD *thd, List <LEX_USER> &list, bool handle_as_role);
 bool mysql_rename_user(THD *thd, List <LEX_USER> &list);
 bool mysql_revoke_all(THD *thd, List <LEX_USER> &list);
-bool mysql_create_role(THD *thd, List <LEX_USER> &list);
-bool mysql_drop_role(THD *thd, List <LEX_USER> &list);
 void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
                                     const char *db, const char *table);
 bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,

--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -3728,22 +3728,26 @@ case SQLCOM_PREPARE:
  }
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
  case SQLCOM_CREATE_USER:
+  case SQLCOM_CREATE_ROLE:
  {
    if (check_access(thd, INSERT_ACL, "mysql", NULL, NULL, 1, 1) &&
        check_global_access(thd,CREATE_USER_ACL))
      break;
    /* Conditionally writes to binlog */
-    if (!(res= mysql_create_user(thd, lex->users_list)))
+    if (!(res= mysql_create_user(thd, lex->users_list,
+                                 lex->sql_command == SQLCOM_CREATE_ROLE)))
      my_ok(thd);
    break;
  }
  case SQLCOM_DROP_USER:
+  case SQLCOM_DROP_ROLE:
  {
    if (check_access(thd, DELETE_ACL, "mysql", NULL, NULL, 1, 1) &&
        check_global_access(thd,CREATE_USER_ACL))
      break;
    /* Conditionally writes to binlog */
-    if (!(res= mysql_drop_user(thd, lex->users_list)))
+    if (!(res= mysql_drop_user(thd, lex->users_list,
+                               lex->sql_command == SQLCOM_DROP_ROLE)))
      my_ok(thd);
    break;
  }
@@ -3757,26 +3761,6 @@ case SQLCOM_PREPARE:
      my_ok(thd);
    break;
  }
-  case SQLCOM_CREATE_ROLE:
-  {
-    if (check_access(thd, INSERT_ACL, "mysql", NULL, NULL, 1, 1) &&
-        check_global_access(thd,CREATE_USER_ACL))
-      break;
-    /* Conditionally writes to binlog */
-    if (!(res= mysql_create_role(thd, lex->users_list)))
-      my_ok(thd);
-    break;
-  }
-  case SQLCOM_DROP_ROLE:
-  {
-    if (check_access(thd, DELETE_ACL, "mysql", NULL, NULL, 1, 1) &&
-        check_global_access(thd,CREATE_USER_ACL))
-      break;
-    /* Conditionally writes to binlog */
-    if (!(res= mysql_drop_role(thd, lex->users_list)))
-      my_ok(thd);
-    break;
-  }
  case SQLCOM_REVOKE_ALL:
  {
    if (check_access(thd, UPDATE_ACL, "mysql", NULL, NULL, 1, 1) &&