Skip to content

M
MariaDB
Commit 2c60d43d authored by Daniel Black's avatar Daniel Black
Browse files
Options

MDEV-33006 Missing required privilege CONNECTION ADMIN 

opt_kill_long_query_type being an enum could be 0 corresponding
to ALL. When ALL is specified, the CONNECTION ADMIN is still
required.

Also check REPLICA MONITOR privilege and make the tests
find the results by recording stderr.

Noticed thanks to bug report by Tim van Dijen.

Fixes: 79b58f1c
parent e472b682
Hide whitespace changes
Inline Side-by-side
Showing with 16 additions and 16 deletions
extra/mariabackup/xtrabackup.cc
View file @ 2c60d43d
...@@ -6403,7 +6403,7 @@ static bool check_all_privileges() ...@@ -6403,7 +6403,7 @@ static bool check_all_privileges()
} }
/* KILL ... */ /* KILL ... */
if (!opt_no_lock && (opt_kill_long_queries_timeout || opt_kill_long_query_type)) { if (!opt_no_lock && opt_kill_long_queries_timeout) {
check_result |= check_privilege( check_result |= check_privilege(
granted_privileges, granted_privileges,
"CONNECTION ADMIN", "*", "*", "CONNECTION ADMIN", "*", "*",
...@@ -6424,7 +6424,7 @@ static bool check_all_privileges() ...@@ -6424,7 +6424,7 @@ static bool check_all_privileges()
if (opt_galera_info || opt_slave_info if (opt_galera_info || opt_slave_info
|| opt_safe_slave_backup) { || opt_safe_slave_backup) {
check_result |= check_privilege(granted_privileges, check_result |= check_privilege(granted_privileges,
"SLAVE MONITOR", "*", "*", "REPLICA MONITOR", "*", "*",
PRIVILEGE_WARNING); PRIVILEGE_WARNING);
} }
......
mysql-test/suite/mariabackup/backup_grants.result
View file @ 2c60d43d
...@@ -3,12 +3,13 @@ FOUND 1 /missing required privilege RELOAD/ in backup.log ...@@ -3,12 +3,13 @@ FOUND 1 /missing required privilege RELOAD/ in backup.log
FOUND 1 /missing required privilege PROCESS/ in backup.log FOUND 1 /missing required privilege PROCESS/ in backup.log
FOUND 1 /GRANT USAGE ON/ in backup.log FOUND 1 /GRANT USAGE ON/ in backup.log
GRANT RELOAD, PROCESS on *.* to backup@localhost; GRANT RELOAD, PROCESS on *.* to backup@localhost;
NOT FOUND /missing required privilege REPLICA MONITOR/ in backup.log FOUND 1 /missing required privilege REPLICA MONITOR/ in backup.log
GRANT REPLICA MONITOR ON *.* TO backup@localhost; GRANT REPLICA MONITOR ON *.* TO backup@localhost;
REVOKE REPLICA MONITOR ON *.* FROM backup@localhost; REVOKE REPLICA MONITOR ON *.* FROM backup@localhost;
FOUND 1 /missing required privilege CONNECTION ADMIN/ in backup.log
GRANT CONNECTION ADMIN ON *.* TO backup@localhost; GRANT CONNECTION ADMIN ON *.* TO backup@localhost;
FOUND 1 /missing required privilege REPLICATION SLAVE ADMIN/ in backup.log FOUND 1 /missing required privilege REPLICATION SLAVE ADMIN/ in backup.log
NOT FOUND /missing required privilege REPLICA MONITOR/ in backup.log FOUND 1 /missing required privilege REPLICA MONITOR/ in backup.log
GRANT REPLICATION SLAVE ADMIN ON *.* TO backup@localhost; GRANT REPLICATION SLAVE ADMIN ON *.* TO backup@localhost;
GRANT REPLICA MONITOR ON *.* TO backup@localhost; GRANT REPLICA MONITOR ON *.* TO backup@localhost;
DROP USER backup@localhost; DROP USER backup@localhost;
mysql-test/suite/mariabackup/backup_grants.test
View file @ 2c60d43d
...@@ -10,7 +10,7 @@ rmdir $targetdir; ...@@ -10,7 +10,7 @@ rmdir $targetdir;
# backup fails without --no-lock, because of FTWRL # backup fails without --no-lock, because of FTWRL
--disable_result_log --disable_result_log
error 1; error 1;
exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log; exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log 2>&1;
--enable_result_log --enable_result_log
let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/backup.log; let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/backup.log;
...@@ -31,7 +31,7 @@ rmdir $targetdir; ...@@ -31,7 +31,7 @@ rmdir $targetdir;
# --slave-info and galera info require REPLICA MONITOR # --slave-info and galera info require REPLICA MONITOR
--disable_result_log --disable_result_log
error 1; error 1;
exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --slave-info --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log; exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --slave-info --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log 2>&1;
--enable_result_log --enable_result_log
rmdir $targetdir; rmdir $targetdir;
...@@ -47,16 +47,15 @@ REVOKE REPLICA MONITOR ON *.* FROM backup@localhost; ...@@ -47,16 +47,15 @@ REVOKE REPLICA MONITOR ON *.* FROM backup@localhost;
# TODO need a query that would delay a BACKUP STAGE START/ BACKUP STAGE BLOCK_COMMIT longer than the kill-long-queries-timeout # TODO need a query that would delay a BACKUP STAGE START/ BACKUP STAGE BLOCK_COMMIT longer than the kill-long-queries-timeout
#--send SELECT SLEEP(9) kill_me #--send SELECT SLEEP(9) kill_me
## kill-long-query-type=(not empty) requires CONNECTION ADMIN
#--disable_result_log # kill-long-query-type=(not empty) requires CONNECTION ADMIN
#error 1; --disable_result_log
#--exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --kill-long-query-type=all --kill-long-queries-timeout=4 --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log; --exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --kill-long-query-type=ALL --kill-long-queries-timeout=4 --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log 2>&1;
#--reap --enable_result_log
#--enable_result_log rmdir $targetdir;
#rmdir $targetdir;
# --let SEARCH_PATTERN= missing required privilege CONNECTION ADMIN
#--let SEARCH_PATTERN= missing required privilege CONNECTION ADMIN --source include/search_pattern_in_file.inc
#--source include/search_pattern_in_file.inc
GRANT CONNECTION ADMIN ON *.* TO backup@localhost; GRANT CONNECTION ADMIN ON *.* TO backup@localhost;
--disable_result_log --disable_result_log
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7