File: grant_slave_monitor.test

package info (click to toggle)
mariadb 1%3A11.8.3-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 772,520 kB
  • sloc: ansic: 2,414,714; cpp: 1,791,394; asm: 381,336; perl: 62,905; sh: 49,647; pascal: 40,897; java: 39,363; python: 20,791; yacc: 20,432; sql: 17,907; xml: 12,344; ruby: 8,544; cs: 6,542; makefile: 6,145; ada: 1,879; lex: 1,193; javascript: 996; objc: 80; tcl: 73; awk: 46; php: 22
file content (92 lines) | stat: -rw-r--r-- 3,039 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# ==== Purpose ====
#
# SLAVE MONITOR privilege is required to execute following commands.
#   SHOW SLAVE STATUS
#   SHOW RELAYLOG EVENTS
#
# ==== Implementation ====
#
# Step1: GRANT ALL privileges for a new user 'user1' and then REVOKE
#        SLAVE MONITOR privileges.
# Step2: Execute SHOW SLAVE STAUTS/SHOW RELAYLOG EVENTS commands and expect
#        ER_SPECIFIC_ACCESS_DENIED_ERROR. This also verifies that REPLICATION
#        SLAVE ADMIN privilege is not required for these two commands.
# Step3: GRANT SLAVE MONITOR privilege and observe that both commands are
#        allowd to execute.
#
# ==== References ====
#
# MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade
#             to 10.5, mysql_upgrade should take of that
# MDEV-23918: admin privlege required to view contents of relay logs in 10.5
#

--source include/not_embedded.inc

CREATE USER user1@localhost IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE SLAVE MONITOR ON *.* FROM user1@localhost;
FLUSH PRIVILEGES;

--connect(con1,localhost,user1,,)
--connection con1
SHOW GRANTS;

--echo #
--echo # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW SLAVE STATUS
--echo # Expected error: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation
--echo #
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
SHOW SLAVE STATUS;
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
SELECT * from information_schema.slave_status;

--echo #
--echo # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW RELAYLOG EVENTS
--echo # Expected error: Access denied; you need (at least one of) the REPLICA MONITOR
--echo #                 privilege(s) for this operation
--echo #
--disable_ps_protocol
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
SHOW RELAYLOG EVENTS;
--enable_ps_protocol
--disconnect con1

--echo #
--echo # SHOW SLAVE STATUS and SHOW RELAYLOG EVENTS are allowed with SLAVE MONITOR privilege
--echo #

--connection default
GRANT SLAVE MONITOR ON *.* TO user1@localhost;
FLUSH PRIVILEGES;

--connect(con1,localhost,user1,,)
--connection con1
SHOW GRANTS;

--disable_result_log
SHOW SLAVE STATUS;
--disable_ps_protocol
SHOW RELAYLOG EVENTS;
--enable_ps_protocol
--enable_result_log
--disconnect con1

--connection default
DROP USER user1@localhost;

--echo #
--echo # MDEV-25030 Upgrade to 10.5.9 breaks root's ability to grant
--echo #
insert mysql.global_priv values ('bar', 'foo7', '{"access":274877906943,"version_id":100507,"plugin":"mysql_native_password","authentication_string":""}'),
                                ('bar', 'foo8', '{"access":274877906943,"version_id":100508,"plugin":"mysql_native_password","authentication_string":""}'),
                                ('bar', 'foo9', '{"access":274877906943,"version_id":100509,"plugin":"mysql_native_password","authentication_string":""}');
flush privileges;
show grants for foo7@bar;
show grants for foo8@bar;
show grants for foo9@bar;
drop user foo7@bar, foo8@bar, foo9@bar;

--echo #
--echo # End of 10.5 tests
--echo #