Commit f48db1bc authored by unknown's avatar unknown

Temporary solution for bug #13969 "Routines which are replicated from master

can't be executed on slave". It will be possible to solve this problem
in more correct way when we will implement WL#2897 "Complete definer support
in the stored routines".


mysql-test/r/rpl_sp.result:
  Added test for bug #13969 "Routines which are replicated from master can't be
  executed on slave".
mysql-test/t/rpl_sp.test:
  Added test for bug #13969 "Routines which are replicated from master can't be
  executed on slave".
sql/sp_head.cc:
  sp_change_security_context():
    Currently the slave replication thread creates all stored routines with
    definer ''@'', ignoring the actual definer. When the slave replication
    thread executes these routines, it ignores the definer, and so the routines
    work. However, in case of a failover, the replica operates in a normal mysqld
    mode and changes security context to the definer when executing a routine.
    A proper fix for this issue is described in WL#2897 "Complete definer support
    in the stored routines". Until this WL is implemented, we need this temporary
    fix, which ignores errors when changing security context.
parent 63e7824f
......@@ -264,6 +264,14 @@ master-bin.000002 # Query 1 # use `mysqltest1`; insert into t1 values (1)
select * from t1;
a
1
create procedure foo()
not deterministic
reads sql data
select * from t1;
call foo();
a
1
drop procedure foo;
drop function fn1;
drop database mysqltest1;
drop user "zedjzlcsjhd"@127.0.0.1;
......@@ -258,6 +258,23 @@ sync_slave_with_master;
select * from t1;
#
# Test for bug #13969 "Routines which are replicated from master can't be
# executed on slave".
#
connection master;
create procedure foo()
not deterministic
reads sql data
select * from t1;
sync_slave_with_master;
# This should not fail
call foo();
connection master;
drop procedure foo;
sync_slave_with_master;
# Clean up
connection master;
drop function fn1;
......
......@@ -2650,9 +2650,24 @@ sp_change_security_context(THD *thd, sp_head *sp, Security_context **backup)
sp->m_definer_host.str,
sp->m_db.str))
{
#ifdef NOT_YET_REPLICATION_SAFE
/*
Until we don't properly replicate information about stored routine
definer with stored routine creation statement all stored routines
on slave are created under ''@'' definer. Therefore we won't be able
to run any routine which was replicated from master on slave server
if we emit error here. This will cause big problems for users
who use slave for fail-over. So until we fully implement WL#2897
"Complete definer support in the stored routines" we run suid
stored routines for which we were unable to find definer under
invoker security context.
*/
my_error(ER_NO_SUCH_USER, MYF(0), sp->m_definer_user.str,
sp->m_definer_host.str);
return TRUE;
#else
return FALSE;
#endif
}
*backup= thd->security_ctx;
thd->security_ctx= &sp->m_security_ctx;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment