MDEV-33006 Missing required privilege CONNECTION ADMIN
opt_kill_long_query_type being an enum could be 0 corresponding to ALL. When ALL is specified, the CONNECTION ADMIN is still required. Also check REPLICA MONITOR privilege and make the tests find the results by recording stderr. Noticed thanks to bug report by Tim van Dijen. Fixes: 79b58f1ca893b8affc5075d0a548563d376cd481
This commit is contained in:
Daniel Black
parent
e472b682e0
commit
2c60d43d7d
@ -6403,7 +6403,7 @@ static bool check_all_privileges()
|
||||
}
|
||||
|
||||
/* KILL ... */
|
||||
if (!opt_no_lock && (opt_kill_long_queries_timeout || opt_kill_long_query_type)) {
|
||||
if (!opt_no_lock && opt_kill_long_queries_timeout) {
|
||||
check_result |= check_privilege(
|
||||
granted_privileges,
|
||||
"CONNECTION ADMIN", "*", "*",
|
||||
@ -6424,7 +6424,7 @@ static bool check_all_privileges()
|
||||
if (opt_galera_info || opt_slave_info
|
||||
|| opt_safe_slave_backup) {
|
||||
check_result |= check_privilege(granted_privileges,
|
||||
"SLAVE MONITOR", "*", "*",
|
||||
"REPLICA MONITOR", "*", "*",
|
||||
PRIVILEGE_WARNING);
|
||||
}
|
||||
|
||||
|
||||
@ -3,12 +3,13 @@ FOUND 1 /missing required privilege RELOAD/ in backup.log
|
||||
FOUND 1 /missing required privilege PROCESS/ in backup.log
|
||||
FOUND 1 /GRANT USAGE ON/ in backup.log
|
||||
GRANT RELOAD, PROCESS on *.* to backup@localhost;
|
||||
NOT FOUND /missing required privilege REPLICA MONITOR/ in backup.log
|
||||
FOUND 1 /missing required privilege REPLICA MONITOR/ in backup.log
|
||||
GRANT REPLICA MONITOR ON *.* TO backup@localhost;
|
||||
REVOKE REPLICA MONITOR ON *.* FROM backup@localhost;
|
||||
FOUND 1 /missing required privilege CONNECTION ADMIN/ in backup.log
|
||||
GRANT CONNECTION ADMIN ON *.* TO backup@localhost;
|
||||
FOUND 1 /missing required privilege REPLICATION SLAVE ADMIN/ in backup.log
|
||||
NOT FOUND /missing required privilege REPLICA MONITOR/ in backup.log
|
||||
FOUND 1 /missing required privilege REPLICA MONITOR/ in backup.log
|
||||
GRANT REPLICATION SLAVE ADMIN ON *.* TO backup@localhost;
|
||||
GRANT REPLICA MONITOR ON *.* TO backup@localhost;
|
||||
DROP USER backup@localhost;
|
||||
|
||||
@ -10,7 +10,7 @@ rmdir $targetdir;
|
||||
# backup fails without --no-lock, because of FTWRL
|
||||
--disable_result_log
|
||||
error 1;
|
||||
exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log;
|
||||
exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log 2>&1;
|
||||
--enable_result_log
|
||||
|
||||
let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/backup.log;
|
||||
@ -31,7 +31,7 @@ rmdir $targetdir;
|
||||
# --slave-info and galera info require REPLICA MONITOR
|
||||
--disable_result_log
|
||||
error 1;
|
||||
exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --slave-info --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log;
|
||||
exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --slave-info --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log 2>&1;
|
||||
--enable_result_log
|
||||
rmdir $targetdir;
|
||||
|
||||
@ -47,16 +47,15 @@ REVOKE REPLICA MONITOR ON *.* FROM backup@localhost;
|
||||
|
||||
# TODO need a query that would delay a BACKUP STAGE START/ BACKUP STAGE BLOCK_COMMIT longer than the kill-long-queries-timeout
|
||||
#--send SELECT SLEEP(9) kill_me
|
||||
## kill-long-query-type=(not empty) requires CONNECTION ADMIN
|
||||
#--disable_result_log
|
||||
#error 1;
|
||||
#--exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --kill-long-query-type=all --kill-long-queries-timeout=4 --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log;
|
||||
#--reap
|
||||
#--enable_result_log
|
||||
#rmdir $targetdir;
|
||||
#
|
||||
#--let SEARCH_PATTERN= missing required privilege CONNECTION ADMIN
|
||||
#--source include/search_pattern_in_file.inc
|
||||
|
||||
# kill-long-query-type=(not empty) requires CONNECTION ADMIN
|
||||
--disable_result_log
|
||||
--exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --kill-long-query-type=ALL --kill-long-queries-timeout=4 --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log 2>&1;
|
||||
--enable_result_log
|
||||
rmdir $targetdir;
|
||||
|
||||
--let SEARCH_PATTERN= missing required privilege CONNECTION ADMIN
|
||||
--source include/search_pattern_in_file.inc
|
||||
|
||||
GRANT CONNECTION ADMIN ON *.* TO backup@localhost;
|
||||
--disable_result_log
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user