From 3f619478f796eddbba6e39502fe941b285dd97b1 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 4 May 2024 20:00:34 +0200 Subject: Adding upstream version 1:10.11.6. Signed-off-by: Daniel Baumann --- mysql-test/suite/binlog/t/binlog_grant.test | 216 ++++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) create mode 100644 mysql-test/suite/binlog/t/binlog_grant.test (limited to 'mysql-test/suite/binlog/t/binlog_grant.test') diff --git a/mysql-test/suite/binlog/t/binlog_grant.test b/mysql-test/suite/binlog/t/binlog_grant.test new file mode 100644 index 00000000..d573281f --- /dev/null +++ b/mysql-test/suite/binlog/t/binlog_grant.test @@ -0,0 +1,216 @@ +# Test grants for various objects (especially variables) related to +# the binary log + +source include/have_log_bin.inc; + +connection default; +--disable_warnings +reset master; +--enable_warnings + +set @saved_binlog_format = @@global.binlog_format; +create user mysqltest_1@localhost; +GRANT SELECT on test.* to mysqltest_1@localhost; +show grants for mysqltest_1@localhost; + +connect (plain,localhost,mysqltest_1,,test); +connect (root,localhost,root,,test); + +# Testing setting session SQL_LOG_BIN variable both as +# root and as plain user. + +--echo **** Variable SQL_LOG_BIN **** + +connection root; +--echo [root] +set session sql_log_bin = 1; + +connection plain; +--echo [plain] +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +set session sql_log_bin = 1; + + +# Testing setting both session and global BINLOG_FORMAT variable both +# as root and as plain user. + +--echo **** Variable BINLOG_FORMAT **** + +connection root; +--echo [root] +set global binlog_format = row; +set session binlog_format = row; + +connection plain; +--echo [plain] +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +set global binlog_format = row; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +set session binlog_format = row; + +--echo **** Clean up **** +disconnect plain; +disconnect root; + +connection default; +set global binlog_format = @saved_binlog_format; +drop user mysqltest_1@localhost; + + +# Testing if REPLICATION CLIENT privilege is enough to execute +# SHOW MASTER LOGS and SHOW BINARY. +CREATE USER 'mysqltest_1'@'localhost'; +GRANT REPLICATION CLIENT ON *.* TO 'mysqltest_1'@'localhost'; +--connect(rpl,localhost,mysqltest_1,,"*NO-ONE*") + +--connection rpl +# We are only interested if the following commands succeed and not on +# their output. +--disable_result_log +SHOW MASTER LOGS; +SHOW BINARY LOGS; +SHOW BINLOG STATUS; +--enable_result_log + +# clean up +--disconnect rpl +connection default; +DROP USER 'mysqltest_1'@'localhost'; + + +--echo # +--echo # Start of 10.5 test +--echo # + +--echo # +--echo # MDEV-21743 Split up SUPER privilege to smaller privileges +--echo # + +--echo # Test that REPLICATION CLIENT is an alias for BINLOG MONITOR + +CREATE USER user1@localhost; +GRANT REPLICATION CLIENT ON *.* TO user1@localhost; +SHOW GRANTS FOR user1@localhost; +REVOKE REPLICATION CLIENT ON *.* FROM user1@localhost; +SHOW GRANTS FOR user1@localhost; +DROP USER user1@localhost; + + +--echo # Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE REPLICATION CLIENT, SUPER ON *.* FROM user1@localhost; +--connect(user1,localhost,user1,,) +--connection user1 +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +SHOW MASTER LOGS; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +SHOW BINARY LOGS; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +SHOW BINLOG STATUS; +--disconnect user1 +--connection default +DROP USER user1@localhost; + + +--echo # Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +--connect(user1,localhost,user1,,) +--connection user1 +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; +--disconnect user1 +--connection default +DROP USER user1@localhost; + + +--echo # Test if PURGE BINLOG is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +--connect(user1,localhost,user1,,"*NO-ONE*") +--connection user1 +PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; +--disconnect user1 +connection default; +DROP USER user1@localhost; + + +--echo # Test if PURGE BINLOG is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +--connect(user1,localhost,user1,,"*NO-ONE*") +--connection user1 +PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; +--disconnect user1 +connection default; +DROP USER user1@localhost; + + +--echo # Test if SHOW BINLOG EVENTS is not allowed without BINLOG MONITOR +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG MONITOR ON *.* FROM user1@localhost; +--connect(user1,localhost,user1,,) +--connection user1 +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +SHOW BINLOG EVENTS; +--disconnect user1 +--connection default +DROP USER user1@localhost; + + +--echo # Test if SHOW BINLOG EVENTS is allowed with BINLOG MONITOR +CREATE USER user1@localhost; +GRANT BINLOG MONITOR ON *.* TO user1@localhost; +--connect(user1,localhost,user1,,"*NO-ONE*") +--connection user1 +--disable_result_log +SHOW BINLOG EVENTS; +--enable_result_log +--disconnect user1 +connection default; +DROP USER user1@localhost; + +--echo # +--echo # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to +--echo # gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id +--echo # +--echo # Test combinations of BINLOG REPLAY guarded features which typically +--echo # arise in mysqlbinlog output replay on server. +--echo # + +CREATE USER user1@localhost; +GRANT BINLOG REPLAY ON *.* TO user1@localhost; +GRANT ALL ON test.* TO user1@localhost; +RESET MASTER; +CREATE TABLE t1 (a INT); +INSERT INTO t1 VALUES (1),(2),(3); +--connect(user1,localhost,user1,,) +# Genuine mysqlbinlog output +--exec $MYSQL_BINLOG --read-from-remote-server --user=root --host=127.0.0.1 --port=$MASTER_MYPORT master-bin.000001 > $MYSQLTEST_VARDIR/tmp/mysqlbinlog.sql +RENAME TABLE t1 to t2; + +--exec $MYSQL --user=user1 test < $MYSQLTEST_VARDIR/tmp/mysqlbinlog.sql + +--connection default +REVOKE BINLOG REPLAY ON *.* FROM user1@localhost; +call mtr.add_suppression("Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation"); +--echo # Privilege errors are expected now: +--connection user1 +--error 1 +--exec $MYSQL --user=user1 test < $MYSQLTEST_VARDIR/tmp/mysqlbinlog.sql + +--connection default +--let $diff_tables=t1,t2 +--source include/diff_tables.inc + +--echo # Test cleanup +--remove_file $MYSQLTEST_VARDIR/tmp/mysqlbinlog.sql +DROP TABLE t2,t1; +DROP USER user1@localhost; + +--echo # +--echo # End of 10.5 test +--echo # -- cgit v1.2.3