revision-id: 41d807dfc8c5f640ccbbac5838cf572b2b1712c1 (mariadb-10.4.4-1804-g41d807dfc8c) parent(s): 38cbb0915eb4a0c43f1a83afa37c7de5e481a718 author: Sujatha committer: Sujatha timestamp: 2020-08-31 22:30:38 +0530 message: MENT-731:Setting of SHUTDOWN_WAIT_FOR_SLAVES should require special privilege, not generic SUPER Fix: === 'shutdown_wait_for_slaves' variable can be set either by having SUPER or SHUTDOWN privilege. --- mysql-test/suite/binlog/r/binlog_grant.result | 34 +++++++++++++++++++++++ mysql-test/suite/binlog/t/binlog_grant.test | 40 +++++++++++++++++++++++++++ sql/privilege.h | 3 ++ sql/sys_vars.cc | 5 +++- 4 files changed, 81 insertions(+), 1 deletion(-) diff --git a/mysql-test/suite/binlog/r/binlog_grant.result b/mysql-test/suite/binlog/r/binlog_grant.result index af4c02411d5..aee0730c0ab 100644 --- a/mysql-test/suite/binlog/r/binlog_grant.result +++ b/mysql-test/suite/binlog/r/binlog_grant.result @@ -124,6 +124,40 @@ disconnect user1; connection default; DROP USER user1@localhost; # +# MENT-731: Setting of SHUTDOWN_WAIT_FOR_SLAVES should require special +# privilege, not generic SUPER +# +# Test that 'shutdown_wait_for_slaves' variable cannot be set without +# SHUTDOWN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE SHUTDOWN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=ON; +ERROR 42000: Access denied; you need (at least one of) the SHUTDOWN, SUPER privilege(s) for this operation +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that 'shutdown_wait_for_slaves' variable can be set with SHUTDOWN +CREATE USER user1@localhost; +GRANT SHUTDOWN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=ON; +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that 'shutdown_wait_for_slaves' variable can be set with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=OFF; +disconnect user1; +connection default; +DROP USER user1@localhost; +# # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to # gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id # diff --git a/mysql-test/suite/binlog/t/binlog_grant.test b/mysql-test/suite/binlog/t/binlog_grant.test index ec8d2aeccd2..ca0e40299a9 100644 --- a/mysql-test/suite/binlog/t/binlog_grant.test +++ b/mysql-test/suite/binlog/t/binlog_grant.test @@ -172,6 +172,46 @@ SHOW BINLOG EVENTS; connection default; DROP USER user1@localhost; +--echo # +--echo # MENT-731: Setting of SHUTDOWN_WAIT_FOR_SLAVES should require special +--echo # privilege, not generic SUPER +--echo # + +--echo # Test that 'shutdown_wait_for_slaves' variable cannot be set without +--echo # SHUTDOWN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE SHUTDOWN, SUPER ON *.* FROM user1@localhost; +--connect(user1,localhost,user1,,) +--connection user1 +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=ON; +--disconnect user1 +--connection default +DROP USER user1@localhost; + + +--echo # Test that 'shutdown_wait_for_slaves' variable can be set with SHUTDOWN +CREATE USER user1@localhost; +GRANT SHUTDOWN ON *.* TO user1@localhost; +--connect(user1,localhost,user1,,) +--connection user1 +SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=ON; +--disconnect user1 +connection default; +DROP USER user1@localhost; + + +--echo # Test that 'shutdown_wait_for_slaves' variable can be set with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +--connect(user1,localhost,user1,,) +--connection user1 +SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=OFF; +--disconnect user1 +connection default; +DROP USER user1@localhost; + --echo # --echo # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to --echo # gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id diff --git a/sql/privilege.h b/sql/privilege.h index 37cdf4da01a..f4bfd835013 100644 --- a/sql/privilege.h +++ b/sql/privilege.h @@ -433,6 +433,9 @@ constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLOW_LAUNCH_TIME= constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_THREAD_POOL= CONNECTION_ADMIN_ACL | SUPER_ACL; +// Was SUPER_ACL prior to 10.5.5 +constexpr privilege_t PRIV_SET_SYSTEM_VAR_SHUTDOWN_WAIT_FOR_SLAVES= + SHUTDOWN_ACL | SUPER_ACL; /* Binary log related privileges that are checked regardless diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 1577457a5d7..396c0570215 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -4573,7 +4573,10 @@ static Sys_var_ulong Sys_profiling_history_size( VALID_RANGE(0, 100), DEFAULT(15), BLOCK_SIZE(1)); #endif -static Sys_var_mybool Sys_shutdown_wait_for_slaves( +static Sys_var_on_access_global<Sys_var_mybool, + PRIV_SET_SYSTEM_VAR_SHUTDOWN_WAIT_FOR_SLAVES> + +Sys_shutdown_wait_for_slaves( "shutdown_wait_for_slaves", "when ON, SHUTDOWN command runs with implicit WAIT FOR ALL SLAVES option.", GLOBAL_VAR(opt_shutdown_wait_for_slaves), CMD_LINE(OPT_ARG),