Bug#28643405: LAST_ERROR_NUMBER: 1064 DURING GRANT SELECT

Problem
=======
Replication breaks when 'GRANT SELECT' is executed on master
when column names are keywords.

Analysis
========
On master, column names in GRANT query were not quoted
properly while writing to the binary log, leading to syntax
error on slave.

Fix
===
For GRANT commands, column names are properly quoted before
writing to the binary log.

Author: venkatesh-prasad-v

mysql-test/suite/rpl/r/rpl_grant_select_columns.result

@@ -0,0 +1,70 @@
+include/master-slave.inc
+Warnings:
+Note	####	Sending passwords in plain text without SSL/TLS is extremely insecure.
+Note	####	Storing MySQL user name or password information in the master info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the 'START SLAVE Syntax' in the MySQL Manual for more information.
+[connection master]
+
+# 1. Initial setup on master.
+# 1.1 Create tables with reserved words as column names.
+CREATE DATABASE `order`;
+CREATE TABLE `order`.`order` (`order` INT);
+CREATE DATABASE `column`;
+CREATE TABLE `column`.`column` (`column` INT);
+CREATE DATABASE `all`;
+CREATE TABLE `all`.`all`(
+id int NOT NULL PRIMARY KEY,
+item int,
+`table` varchar(10),
+`regexp` varchar(10));
+
+# 1.2 Create users for granting column privileges.
+CREATE USER `order` IDENTIFIED BY 'password1';
+CREATE USER `column` IDENTIFIED BY 'password2';
+CREATE USER `all` IDENTIFIED BY 'password3';
+
+# 2. With sql_mode='ANSI_QUOTES', execute GRANT SELECT commands on master.
+SET @saved_sql_mode= @@session.sql_mode;
+SET SESSION sql_mode= 'ANSI_QUOTES';
+Warnings:
+Warning	3090	Changing sql mode 'NO_AUTO_CREATE_USER' is deprecated. It will be removed in a future release.
+
+# Execute GRANT SELECT commands on master.
+GRANT SELECT(`order`) ON `order`.`order` TO `order`;
+GRANT SELECT(id,`table`) ON `all`.`all` TO `all`;
+
+# Verify the correctness of 'GRANT SELECT' statement by printing
+# the binlog entry for the statement.
+include/show_binlog_events.inc
+Log_name	Pos	Event_type	Server_id	End_log_pos	Info
+master-bin.000001	#	Query	#	#	use `test`; GRANT SELECT ("order") ON "order"."order" TO 'order'@'%'
+master-bin.000001	#	Query	#	#	use `test`; GRANT SELECT ("id", "table") ON "all"."all" TO 'all'@'%'
+
+# 3. With sql_mode='', execute GRANT SELECT commands on master.
+SET SESSION sql_mode= '';
+
+# Execute GRANT SELECT commands on master.
+GRANT SELECT(`column`) ON `column`.`column` TO `column`;
+GRANT SELECT(item,`regexp`) ON `all`.`all` TO `all`;
+
+# 4. Verify the correctness of 'GRANT SELECT' statement by printing
+#    the binlog entry for the statement.
+include/show_binlog_events.inc
+Log_name	Pos	Event_type	Server_id	End_log_pos	Info
+master-bin.000001	#	Query	#	#	use `test`; GRANT SELECT (`column`) ON `column`.`column` TO 'column'@'%'
+master-bin.000001	#	Query	#	#	use `test`; GRANT SELECT (`item`, `regexp`) ON `all`.`all` TO 'all'@'%'
+
+# 5. Sync the slave with master.
+include/sync_slave_sql_with_master.inc
+
+# 6. Verify that there is no difference in the column privileges
+#    tables of master and slave.
+[connection master]
+include/diff_tables.inc [master:mysql.columns_priv, slave:mysql.columns_priv]
+SET SESSION sql_mode= @saved_sql_mode;
+Warnings:
+Warning	3090	Changing sql mode 'NO_AUTO_CREATE_USER' is deprecated. It will be removed in a future release.
+DROP USER `order`,`column`,`all`;
+DROP DATABASE `order`;
+DROP DATABASE `column`;
+DROP DATABASE `all`;
+include/rpl_end.inc

mysql-test/suite/rpl/t/rpl_grant_select_columns.test

@@ -0,0 +1,118 @@
+# ==== Purpose ====
+#
+# Verify that columns in the 'GRANT SELECT' statements
+# are properly quoted before writing to the binary log.
+#
+# ==== Implementation ====
+#
+# 1. Initial setup on master.
+#    1.1 Create tables with reserved words as column names.
+#    1.2 Create users for granting column privileges.
+# 2. With sql_mode='ANSI_QUOTES', execute GRANT SELECT commands on master.
+# 3. With sql_mode='', execute GRANT SELECT commands on master.
+# 4. Verify the correctness of 'GRANT SELECT' statement by printing
+#    the binlog entry for the statement.
+# 5. Sync the slave with master.
+# 6. Verify that there is no difference in the column privileges
+#    tables of master and slave.
+#
+# ==== References ====
+#
+# Bug#28643405: LAST_ERROR_NUMBER: 1064 DURING GRANT SELECT
+#
+
+--source include/have_binlog_format_statement.inc
+--source include/master-slave.inc
+
+--echo
+--echo # 1. Initial setup on master.
+--echo # 1.1 Create tables with reserved words as column names.
+CREATE DATABASE `order`;
+CREATE TABLE `order`.`order` (`order` INT);
+
+CREATE DATABASE `column`;
+CREATE TABLE `column`.`column` (`column` INT);
+
+CREATE DATABASE `all`;
+CREATE TABLE `all`.`all`(
+    id int NOT NULL PRIMARY KEY,
+    item int,
+    `table` varchar(10),
+    `regexp` varchar(10));
+
+--echo
+--echo # 1.2 Create users for granting column privileges.
+CREATE USER `order` IDENTIFIED BY 'password1';
+CREATE USER `column` IDENTIFIED BY 'password2';
+CREATE USER `all` IDENTIFIED BY 'password3';
+
+--echo
+--echo # 2. With sql_mode='ANSI_QUOTES', execute GRANT SELECT commands on master.
+
+# Setting sql_mode to ANSI_QUOTES before executing GRANT.
+# ANSI_QUOTES mode will make sure the "(double quote) is used
+# as the identifier quote character while writing to the binlog.
+# This mode treats "(double quotes) as an identifier quote character
+# and not as a string quote character.
+SET @saved_sql_mode= @@session.sql_mode;
+SET SESSION sql_mode= 'ANSI_QUOTES';
+
+# Save master position
+--let $binlog_start= query_get_value('SHOW MASTER STATUS', Position, 1)
+
+--echo
+--echo # Execute GRANT SELECT commands on master.
+
+# Columns having reserved words
+GRANT SELECT(`order`) ON `order`.`order` TO `order`;
+
+# Column names having both reserved words and non-reserved words
+GRANT SELECT(id,`table`) ON `all`.`all` TO `all`;
+
+--echo
+--echo # Verify the correctness of 'GRANT SELECT' statement by printing
+--echo # the binlog entry for the statement.
+--source include/show_binlog_events.inc
+
+--echo
+--echo # 3. With sql_mode='', execute GRANT SELECT commands on master.
+
+# Reseting sql_mode. This will make sure `(backtick) is used as
+# the identifier quote character while writing to the binlog.
+SET SESSION sql_mode= '';
+
+# Update master position
+--let $binlog_start= query_get_value('SHOW MASTER STATUS', Position, 1)
+
+--echo
+--echo # Execute GRANT SELECT commands on master.
+
+# Columns having reserved words
+GRANT SELECT(`column`) ON `column`.`column` TO `column`;
+
+# Column names having both reserved words and non-reserved words
+GRANT SELECT(item,`regexp`) ON `all`.`all` TO `all`;
+
+--echo
+--echo # 4. Verify the correctness of 'GRANT SELECT' statement by printing
+--echo #    the binlog entry for the statement.
+--source include/show_binlog_events.inc
+
+--echo
+--echo # 5. Sync the slave with master.
+--source include/sync_slave_sql_with_master.inc
+
+--echo
+--echo # 6. Verify that there is no difference in the column privileges
+--echo #    tables of master and slave.
+--source include/rpl_connection_master.inc
+--let diff_tables=master:mysql.columns_priv, slave:mysql.columns_priv
+--source include/diff_tables.inc
+
+# Cleanup
+SET SESSION sql_mode= @saved_sql_mode;
+DROP USER `order`,`column`,`all`;
+DROP DATABASE `order`;
+DROP DATABASE `column`;
+DROP DATABASE `all`;
+--source include/rpl_end.inc

sql/sql_rewrite.cc

@@ -233,7 +233,7 @@ void mysql_rewrite_grant(THD *thd, String *rlb)
               cols.append(STRING_WITH_LEN(", "));
             else
               comma_inner= TRUE;
-            cols.append(column->column.ptr(),column->column.length());
+            append_identifier(thd, &cols, column->column.ptr(), column->column.length());
           }
         }
         cols.append(STRING_WITH_LEN(")"));