MDEV-38506: (Patch) Failed GRANT on a procedure breaks replication

A failed GRANT on a procedure will be replicated when sql_mode does not
have NO_AUTO_CREATE_USER. This is because the function
mysql_routine_grant() does not check if an error occured while
performing the GRANT on a procedure before binlogging, it simply always
binlogs.

This patch fixes this problem by checking if an error happened
previously before binlogging, and if so, then skip binlogging.

Note there is still a broader issue in this area leading to replication
divergence. Reported in MDEV-29848, a partially-completed GRANT
statment (where some earlier GRANTS succeed and a later fails) will not
binlog. Note this affects all grant types, whereas the issue addressed
in this patch is limited to GRANT EXECUTE ON PROCEDURE. This patch
makes GRANT EXECUTE ON PROCEDURE binlogging behavior consistent with
the other grant types. A separate follow-up patch will address the
broader MDEV-29848 issue.

Reviewed-by: TODO
Signed-off-by: Brandon Nesterenko <[email protected]>

Author: bnestere

mysql-test/suite/rpl/r/rpl_grant.result

@@ -38,4 +38,33 @@ User	Host
 SELECT COUNT(*) FROM mysql.user WHERE user like 'dummy%';
 COUNT(*)
 0
+#
+# MDEV-38506: Failed GRANT on a procedure breaks replication
+#
+# Disable NO_AUTO_CREATE_USER so grant will auto-create users
+connection master;
+SET @old_sql_mode= @@GLOBAL.sql_mode;
+SET GLOBAL sql_mode='';
+# Create new stored procedure sp to be granted to new role test_role
+CREATE PROCEDURE test.sp() SELECT 1;
+# Create a new user with limited privileges to grant sp execution to test_role
+CREATE USER 'test_user'@'%' IDENTIFIED BY 'somepass';
+GRANT EXECUTE ON test.* TO 'test_user'@'%' WITH GRANT OPTION;
+connect  con_test_user,localhost,test_user,somepass;
+GRANT EXECUTE ON PROCEDURE test.sp TO 'nonexistentuser'@'';
+ERROR 42000: You are not allowed to create a user with GRANT
+# Ensuring the failed GRANT is not replicated..
+include/rpl_sync.inc
+connection master;
+connection slave;
+SHOW GRANTS for 'nonexistentuser'@'';
+ERROR 42000: There is no such grant defined for user 'nonexistentuser' on host '%'
+# ..PASS
+connection master;
+disconnect con_test_user;
+SET GLOBAL sql_mode= @old_sql_mode;
+DROP USER test_user@'%';
+DROP PROCEDURE test.sp;
+# End of MDEV-38506 test case
 include/rpl_end.inc
+# End of rpl_grant.test

sql/sql_acl.cc

@@ -7428,7 +7428,7 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list,
   List_iterator <LEX_USER> str_list (user_list);
   LEX_USER *Str, *tmp_Str;
   bool create_new_users= 0;
-  int result;
+  bool result;
   const char *db_name, *table_name;
   DBUG_ENTER("mysql_routine_grant");
 
@@ -7519,11 +7519,9 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list,
   thd->mem_root= old_root;
   mysql_mutex_unlock(&acl_cache->lock);
 
-  if (write_to_binlog)
-  {
-    if (write_bin_log(thd, FALSE, thd->query(), thd->query_length()))
-      result= TRUE;
-  }
+  if (write_to_binlog && !result)
+    result= static_cast<bool>(
+        write_bin_log(thd, FALSE, thd->query(), thd->query_length()));
 
   mysql_rwlock_unlock(&LOCK_grant);