Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
MDEV-9443: Roles aren't supported in prepared statements
Make role statements work with the PREPARE keyword.
  • Loading branch information
cvicentiu committed Mar 22, 2016
1 parent 16ddd18 commit c4bef7a
Show file tree
Hide file tree
Showing 3 changed files with 117 additions and 0 deletions.
62 changes: 62 additions & 0 deletions mysql-test/suite/roles/prepare_stmt_with_role.result
@@ -0,0 +1,62 @@
#
# Test user to check if we can grant the created role to it.
#
create user test_user;
#
# First create the role.
#
SET @createRole = 'CREATE ROLE developers';
PREPARE stmtCreateRole FROM @createRole;
EXECUTE stmtCreateRole;
#
# Test to see if the role is created.
#
SELECT user, host,is_role FROM mysql.user
WHERE user = 'developers';
user host is_role
developers Y
SHOW GRANTS;
Grants for root@localhost
GRANT developers TO 'root'@'localhost' WITH ADMIN OPTION
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
#
# Now grant the role to the test user.
#
SET @grantRole = 'GRANT developers to test_user';
PREPARE stmtGrantRole FROM @grantRole;
EXECUTE stmtGrantRole;
#
# We should see 2 entries in the roles_mapping table.
#
SELECT * FROM mysql.roles_mapping;
Host User Role Admin_option
% test_user developers N
localhost root developers Y
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT developers TO 'test_user'@'%'
GRANT USAGE ON *.* TO 'test_user'@'%'
#
# Now drop the role.
#
SET @dropRole = 'DROP ROLE developers';
PREPARE stmtDropRole FROM @dropRole;
EXECUTE stmtDropRole;
#
# Check both user and roles_mapping table for traces of our role.
#
SELECT user, host,is_role FROM mysql.user
WHERE user = 'developers';
user host is_role
SELECT * FROM mysql.roles_mapping;
Host User Role Admin_option
SHOW GRANTS;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT USAGE ON *.* TO 'test_user'@'%'
# Cleanup.
DROP USER test_user;
52 changes: 52 additions & 0 deletions mysql-test/suite/roles/prepare_stmt_with_role.test
@@ -0,0 +1,52 @@
--source include/not_embedded.inc


--echo #
--echo # Test user to check if we can grant the created role to it.
--echo #
create user test_user;
--echo #
--echo # First create the role.
--echo #
SET @createRole = 'CREATE ROLE developers';
PREPARE stmtCreateRole FROM @createRole;
EXECUTE stmtCreateRole;
--echo #
--echo # Test to see if the role is created.
--echo #
SELECT user, host,is_role FROM mysql.user
WHERE user = 'developers';
SHOW GRANTS;

--echo #
--echo # Now grant the role to the test user.
--echo #
SET @grantRole = 'GRANT developers to test_user';
PREPARE stmtGrantRole FROM @grantRole;
EXECUTE stmtGrantRole;

--echo #
--echo # We should see 2 entries in the roles_mapping table.
--echo #
--sorted_result
SELECT * FROM mysql.roles_mapping;
SHOW GRANTS FOR test_user;

--echo #
--echo # Now drop the role.
--echo #
SET @dropRole = 'DROP ROLE developers';
PREPARE stmtDropRole FROM @dropRole;
EXECUTE stmtDropRole;

--echo #
--echo # Check both user and roles_mapping table for traces of our role.
--echo #
SELECT user, host,is_role FROM mysql.user
WHERE user = 'developers';
SELECT * FROM mysql.roles_mapping;
SHOW GRANTS;
SHOW GRANTS FOR test_user;

--echo # Cleanup.
DROP USER test_user;
3 changes: 3 additions & 0 deletions sql/sql_prepare.cc
Expand Up @@ -2458,9 +2458,12 @@ static bool check_prepared_statement(Prepared_statement *stmt)
case SQLCOM_CREATE_USER:
case SQLCOM_RENAME_USER:
case SQLCOM_DROP_USER:
case SQLCOM_CREATE_ROLE:
case SQLCOM_DROP_ROLE:
case SQLCOM_ASSIGN_TO_KEYCACHE:
case SQLCOM_PRELOAD_KEYS:
case SQLCOM_GRANT:
case SQLCOM_GRANT_ROLE:
case SQLCOM_REVOKE:
case SQLCOM_KILL:
case SQLCOM_COMPOUND:
Expand Down

0 comments on commit c4bef7a

Please sign in to comment.