From 14e03613a06d2a3f10926bd77846c2f35b9b405f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Wed, 20 Jun 2018 14:24:28 +0300 Subject: [PATCH] MXS-872: Use the new query only when privileges are OK If the service user does not have adequate grants to the mysql tables, the legacy query is used. This prevents an upgrade failure when the user was lacking the new privileges. --- .../modules/authenticator/MySQLAuth/dbusers.c | 35 ++++++++++++++++--- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/server/modules/authenticator/MySQLAuth/dbusers.c b/server/modules/authenticator/MySQLAuth/dbusers.c index e1c6bf04a..498a9716f 100644 --- a/server/modules/authenticator/MySQLAuth/dbusers.c +++ b/server/modules/authenticator/MySQLAuth/dbusers.c @@ -113,9 +113,9 @@ static char* get_mariadb_users_query(bool include_root) return rval; } -static char* get_users_query(const char *server_version, uint64_t version, bool include_root) +static char* get_users_query(const char *server_version, bool include_root, bool is_mariadb) { - if (version >= 100101) // 10.1.1 or newer, supports default roles + if (is_mariadb) // 10.1.1 or newer, supports default roles { return get_mariadb_users_query(include_root); } @@ -794,6 +794,31 @@ static bool get_hostname(DCB *dcb, char *client_hostname, size_t size) return lookup_result == 0; } +static bool roles_are_available(MYSQL* conn, SERVICE* service, SERVER* server) +{ + bool rval = false; + + if (server->version >= 100101) + { + static bool log_missing_privs = true; + + if (mxs_mysql_query(conn, "SELECT 1 FROM mysql.roles_mapping LIMIT 1") == 0) + { + mysql_free_result(mysql_store_result(conn)); + rval = true; + } + else if (log_missing_privs) + { + log_missing_privs = false; + MXS_WARNING("The user for service '%s' is missing the SELECT grant on " + "`mysql.roles_mapping`. Use of default roles is disabled " + "until the missing privileges are added.", service->name); + } + } + + return rval; +} + int get_users_from_server(MYSQL *con, SERVER_REF *server_ref, SERVICE *service, SERV_LISTENER *listener) { if (server_ref->server->version_string[0] == 0) @@ -801,9 +826,9 @@ int get_users_from_server(MYSQL *con, SERVER_REF *server_ref, SERVICE *service, mxs_mysql_set_server_version(con, server_ref->server); } - char *query = get_users_query(server_ref->server->version_string, - server_ref->server->version, - service->enable_root); + char *query = get_users_query(server_ref->server->version_string, service->enable_root, + roles_are_available(con, service, server_ref->server)); + MYSQL_AUTH *instance = (MYSQL_AUTH*)listener->auth_instance; sqlite3* handle = get_handle(instance); bool anon_user = false;