mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
MDEV-22030 Don't grant REPLICATION MASTER ADMIN automatically on upgrade from an older JSON user table
This commit is contained in:
Alexander Barkov
@ -90,6 +90,10 @@ host='localhost' and user='good_version_id_100400';
|
||||
FLUSH PRIVILEGES;
|
||||
SHOW GRANTS FOR good_version_id_100400@localhost;
|
||||
Grants for good_version_id_100400@localhost
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION
|
||||
GRANT REPLICATION MASTER ADMIN ON *.* TO good_version_id_100400@localhost;
|
||||
SHOW GRANTS FOR good_version_id_100400@localhost;
|
||||
Grants for good_version_id_100400@localhost
|
||||
GRANT ALL PRIVILEGES ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION
|
||||
DROP USER good_version_id_100400@localhost;
|
||||
CREATE USER good_version_id_100500@localhost;
|
||||
|
||||
@ -81,6 +81,10 @@ WHERE
|
||||
host='localhost' and user='good_version_id_100400';
|
||||
FLUSH PRIVILEGES;
|
||||
SHOW GRANTS FOR good_version_id_100400@localhost;
|
||||
# Testing that it's missing only "REPLICATION MASTER ADMIN".
|
||||
# Should report ALL PRIVILEGES after GRANT REPLICATION MASTER ADMIN:
|
||||
GRANT REPLICATION MASTER ADMIN ON *.* TO good_version_id_100400@localhost;
|
||||
SHOW GRANTS FOR good_version_id_100400@localhost;
|
||||
DROP USER good_version_id_100400@localhost;
|
||||
|
||||
|
||||
|
||||
@ -1033,6 +1033,14 @@ class User_table_tabular: public User_table
|
||||
if (access & SUPER_ACL)
|
||||
access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS;
|
||||
|
||||
/*
|
||||
The SHOW SLAVE HOSTS statement :
|
||||
- required REPLICATION SLAVE privilege prior to 10.5.2
|
||||
- requires REPLICATION MASTER ADMIN privilege since 10.5.2
|
||||
There is no a way to GRANT MASTER ADMIN with User_table_tabular.
|
||||
So let's automatically add REPLICATION MASTER ADMIN for all users
|
||||
that had REPLICATION SLAVE. This will allow to do SHOW SLAVE HOSTS.
|
||||
*/
|
||||
if (access & REPL_SLAVE_ACL)
|
||||
access|= REPL_MASTER_ADMIN_ACL;
|
||||
|
||||
@ -1519,9 +1527,6 @@ class User_table_json: public User_table
|
||||
{
|
||||
if (access & SUPER_ACL)
|
||||
access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS;
|
||||
|
||||
if (access & REPL_SLAVE_ACL)
|
||||
access|= REPL_MASTER_ADMIN_ACL;
|
||||
}
|
||||
|
||||
if (orig_access & ~mask)
|
||||
|
||||
Reference in New Issue
Block a user