3873 Nuno Carvalho 2012-04-12
WL#6236: Allow SHOW MASTER LOGS and SHOW BINARY LOGS with REPLICATION CLIENT
Currently SHOW MASTER LOGS and SHOW BINARY LOGS require the SUPER
privilege. Monitoring tools (such as MEM) often want to check this
output - for instance MEM generates the SUM of the sizes of the logs
reported here, and puts that in the Replication overview within the MEM
Dashboard.
However, because of the SUPER requirement, these tools often have an
account that holds open the connection whilst monitoring, and can lock
out administrators when the server gets overloaded and reaches
max_connections - there is already another SUPER privileged account
connected, the "monitor".
As SHOW MASTER STATUS, and all other replication related statements,
return with either REPLICATION CLIENT or SUPER privileges, this worklog
is to make SHOW MASTER LOGS and SHOW BINARY LOGS be consistent with this
as well, and allow both of these commands with either SUPER or
REPLICATION CLIENT.
This allows monitoring tools to not require a SUPER privilege any more,
so is safer in overloaded situations, as well as being more secure, as
lighter privileges can be given to users of such tools or scripts.
modified:
mysql-test/suite/binlog/r/binlog_grant.result
mysql-test/suite/binlog/t/binlog_grant.test
sql/sql_parse.cc
3872 Tor Didriksen 2012-04-12
WL#6221 THD refactoring, remove ilink inheritance
Remove the ilink ineritance from THD, and remove global variables
I_List<THD> threads;
uint volatile thread_count;
Add an interface for manipulating the list of THDs and the count.
@ libmysqld/lib_sql.cc
Use add/remove_global_thread()
@ mysql-test/r/show_check.result
Tests need sorted_result with the new implementation.
@ mysql-test/r/sp-threads.result
Tests need sorted_result with the new implementation.
@ mysql-test/suite/funcs_1/datadict/processlist_priv.inc
Tests need sorted_result with the new implementation.
@ mysql-test/suite/funcs_1/datadict/processlist_val.inc
Tests need sorted_result with the new implementation.
@ mysql-test/suite/funcs_1/r/processlist_priv_no_prot.result
Tests need sorted_result with the new implementation.
@ mysql-test/suite/funcs_1/r/processlist_priv_ps.result
Tests need sorted_result with the new implementation.
@ mysql-test/suite/funcs_1/r/processlist_val_no_prot.result
Tests need sorted_result with the new implementation.
@ mysql-test/suite/funcs_1/r/processlist_val_ps.result
Tests need sorted_result with the new implementation.
@ mysql-test/t/show_check.test
Tests need sorted_result with the new implementation.
@ mysql-test/t/sp-threads.test
Tests need sorted_result with the new implementation.
@ sql/binlog.cc
Use Thread_iterator.
@ sql/event_scheduler.cc
Use add/remove_global_thread()
Use Thread_iterator.
@ sql/global_threads.h
New interface for keeping list of global threads.
@ sql/mysqld.cc
Remove the global variables
I_List<THD> threads;
uint volatile thread_count;
global_thread_count is read by a signal handler, so it must be of type sig_atomic_t
global_thread_list is on the heap, to avoid race conditions during shutdown
The list of threads is no longer internal to each THD,
so we can grab LOCK_thread_count once, and then
iterate through the list doing close_connection(THD*)
We must keep delete_thd() since it is used by the thread_pool.
Remove unlink_thd(), which locked the mutex, and left it locked.
Rename cache_thread() to block_until_new_connection()
and let it do it's own mutex lock/unlock.
In bootstrap mode: Tell the signal handler thread to enter it's main loop.
@ sql/mysqld.h
Move LOCK_thread_count COND_thread_count to global_threads.h
Remove unlink_thd()
Move sql_rnd_with_mutex(), since Lock_thread_count was moved.
@ sql/rpl_master.cc
Use Thread_iterator.
@ sql/rpl_slave.cc
Use add/remove_global_thread()
@ sql/scheduler.cc
Grab and release LOCK_thread_count in the same function.
@ sql/sql_class.cc
Use add_global_thread().
@ sql/sql_class.h
ilink<THD> is gone!
@ sql/sql_insert.cc
Use add_global_thread().
@ sql/sql_parse.cc
Use add_global_thread().
Use Thread_iterator.
@ sql/sql_plugin.cc
Dont cast current_thd to (long)
@ sql/sql_show.cc
Use Thread_iterator.
@ storage/perfschema/pfs_check.cc
current_thd returned pointer to a THD which was deleted.
modified:
libmysqld/lib_sql.cc
mysql-test/r/show_check.result
mysql-test/r/sp-threads.result
mysql-test/suite/funcs_1/datadict/processlist_priv.inc
mysql-test/suite/funcs_1/datadict/processlist_val.inc
mysql-test/suite/funcs_1/r/processlist_priv_no_prot.result
mysql-test/suite/funcs_1/r/processlist_priv_ps.result
mysql-test/suite/funcs_1/r/processlist_val_no_prot.result
mysql-test/suite/funcs_1/r/processlist_val_ps.result
mysql-test/t/show_check.test
mysql-test/t/sp-threads.test
sql/binlog.cc
sql/event_scheduler.cc
sql/global_threads.h
sql/mysqld.cc
sql/mysqld.h
sql/rpl_master.cc
sql/rpl_slave.cc
sql/rpl_slave.h
sql/scheduler.cc
sql/signal_handler.cc
sql/sp_head.cc
sql/sql_class.cc
sql/sql_class.h
sql/sql_insert.cc
sql/sql_parse.cc
sql/sql_plugin.cc
sql/sql_reload.cc
sql/sql_show.cc
sql/sql_test.cc
sql/sys_vars.cc
storage/perfschema/pfs_check.cc
=== modified file 'mysql-test/suite/binlog/r/binlog_grant.result'
--- a/mysql-test/suite/binlog/r/binlog_grant.result 2009-12-22 09:35:56 +0000
+++ b/mysql-test/suite/binlog/r/binlog_grant.result 2012-04-12 15:21:22 +0000
@@ -22,3 +22,7 @@ ERROR 42000: Access denied; you need (at
**** Clean up ****
set global binlog_format = @saved_binlog_format;
drop user mysqltest_1@localhost;
+GRANT REPLICATION CLIENT ON *.* TO 'mysqltest_1'@'localhost';
+SHOW MASTER LOGS;
+SHOW BINARY LOGS;
+DROP USER 'mysqltest_1'@'localhost';
=== modified file 'mysql-test/suite/binlog/t/binlog_grant.test'
--- a/mysql-test/suite/binlog/t/binlog_grant.test 2009-12-22 09:35:56 +0000
+++ b/mysql-test/suite/binlog/t/binlog_grant.test 2012-04-12 15:21:22 +0000
@@ -54,3 +54,22 @@ disconnect root;
connection default;
set global binlog_format = @saved_binlog_format;
drop user mysqltest_1@localhost;
+
+
+# Testing if REPLICATION CLIENT privilege is enough to execute
+# SHOW MASTER LOGS and SHOW BINARY.
+GRANT REPLICATION CLIENT ON *.* TO 'mysqltest_1'@'localhost';
+--connect(rpl,localhost,mysqltest_1,,)
+
+--connection rpl
+# We are only interested if the following commands succeed and not on
+# their output.
+--disable_result_log
+SHOW MASTER LOGS;
+SHOW BINARY LOGS;
+--enable_result_log
+
+# clean up
+--disconnect rpl
+connection default;
+DROP USER 'mysqltest_1'@'localhost';
=== modified file 'sql/sql_parse.cc'
--- a/sql/sql_parse.cc 2012-04-12 14:39:38 +0000
+++ b/sql/sql_parse.cc 2012-04-12 15:21:22 +0000
@@ -3042,7 +3042,7 @@ end_with_restore_list:
goto error;
#else
{
- if (check_global_access(thd, SUPER_ACL))
+ if (check_global_access(thd, SUPER_ACL | REPL_CLIENT_ACL))
goto error;
res = show_binlogs(thd);
break;
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-trunk branch (nuno.carvalho:3872 to 3873) WL#6236 | Nuno Carvalho | 12 Apr |
