[MDEV-22057] REPLICATION MASTER ADMIN is missing in root account after upgrade Created: 2020-03-27  Updated: 2020-04-01  Resolved: 2020-03-27

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.5.2
Fix Version/s: 10.5.3

Type: Bug Priority: Critical
Reporter: Alexander Barkov Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-22091 REVOKE ALL is not allowed for root Closed
Relates
relates to MDEV-21743 Split up SUPER privilege to smaller p... Closed

 Description   

If I run this mtr test:

-- source include/mysql_upgrade_preparation.inc
 
-- source include/have_working_dns.inc
 
-- source include/have_innodb.inc
 
-- source include/have_partition.inc
 
let $MYSQLD_DATADIR= `select @@datadir`;
 
 
 
--source include/switch_to_mysql_user.inc
 
DROP VIEW mysql.user_bak;
 
FLUSH PRIVILEGES;
 
SHOW GRANTS FOR root@localhost;
 
 
 
--echo # mysql_upgrade --force --silent 2>&1
 
--exec $MYSQL_UPGRADE --force --silent 2>&1
 
--remove_file $MYSQLD_DATADIR/mysql_upgrade_info
 
FLUSH PRIVILEGES;
 
SHOW GRANTS FOR root@localhost;
 
 
 
DROP TABLE mysql.global_priv;
 
RENAME TABLE mysql.global_priv_bak TO mysql.global_priv;
 
FLUSH PRIVILEGES;
 
SHOW GRANTS FOR root@localhost;

it produces the following output:

DROP VIEW mysql.user_bak;
 
FLUSH PRIVILEGES;
 
SHOW GRANTS FOR root@localhost;
 
Grants for root@localhost
 
GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION
 
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION


# mysql_upgrade --force --silent 2>&1
 
FLUSH PRIVILEGES;
 
SHOW GRANTS FOR root@localhost;
 
Grants for root@localhost
 
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `root`@`localhost` WITH GRANT OPTION
 
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
 
DROP TABLE mysql.global_priv;


RENAME TABLE mysql.global_priv_bak TO mysql.global_priv;
 
FLUSH PRIVILEGES;
 
SHOW GRANTS FOR root@localhost;
 
Grants for root@localhost
 
GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION
 
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION

Notice, the user root@localhost has ALL PRIVILEGES before the upgrade, but it misses the REPLICATION MASTER ADMIN after the upgrade.

Looks wrong. REPLICATION MASTER ADMIN should be automatically granted somehow.

 Comments   
Comment by Elena Stepanova [ 2020-03-27 ]

ACL upgrade tests are currently scheduled to run every day, but due to high load they de-facto run approximately once in two days. Test results on 5f5c63e were still all right, while b8e7579 failed all over. The change must have come between those two revisions.

Old: GRANT ALL PRIVILEGES ON *.* TO dmosi@localhost IDENTIFIED BY PASSWORD *D8EF25C74328392B89B927505E6F79F8DC04DAD4 WITH MAX_QUERIES_PER_HOUR 3226271744 MAX_CONNECTIONS_PER_HOUR 224 MAX_USER_CONNECTIONS 142
 
New: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO dmosi@localhost IDENTIFIED BY PASSWORD *D8EF25C74328392B89B927505E6F79F8DC04DAD4 WITH MAX_QUERIES_PER_HOUR 3226271744 MAX_CONNECTIONS_PER_HOUR 224 MAX_USER_CONNECTIONS 142

Unfortunately, results from the broken revision arrived after the release.

Generated at Thu Feb 08 09:11:52 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.