From: Nuno Carvalho Date: April 12 2012 3:22pm Subject: bzr push into mysql-trunk branch (nuno.carvalho:3872 to 3873) WL#6236 List-Archive: http://lists.mysql.com/commits/143469 Message-Id: <201204121522.q3CFMI16028437@acsmt356.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 3873 Nuno Carvalho 2012-04-12 WL#6236: Allow SHOW MASTER LOGS and SHOW BINARY LOGS with REPLICATION CLIENT Currently SHOW MASTER LOGS and SHOW BINARY LOGS require the SUPER privilege. Monitoring tools (such as MEM) often want to check this output - for instance MEM generates the SUM of the sizes of the logs reported here, and puts that in the Replication overview within the MEM Dashboard. However, because of the SUPER requirement, these tools often have an account that holds open the connection whilst monitoring, and can lock out administrators when the server gets overloaded and reaches max_connections - there is already another SUPER privileged account connected, the "monitor". As SHOW MASTER STATUS, and all other replication related statements, return with either REPLICATION CLIENT or SUPER privileges, this worklog is to make SHOW MASTER LOGS and SHOW BINARY LOGS be consistent with this as well, and allow both of these commands with either SUPER or REPLICATION CLIENT. This allows monitoring tools to not require a SUPER privilege any more, so is safer in overloaded situations, as well as being more secure, as lighter privileges can be given to users of such tools or scripts. modified: mysql-test/suite/binlog/r/binlog_grant.result mysql-test/suite/binlog/t/binlog_grant.test sql/sql_parse.cc 3872 Tor Didriksen 2012-04-12 WL#6221 THD refactoring, remove ilink inheritance Remove the ilink ineritance from THD, and remove global variables I_List threads; uint volatile thread_count; Add an interface for manipulating the list of THDs and the count. @ libmysqld/lib_sql.cc Use add/remove_global_thread() @ mysql-test/r/show_check.result Tests need sorted_result with the new implementation. @ mysql-test/r/sp-threads.result Tests need sorted_result with the new implementation. @ mysql-test/suite/funcs_1/datadict/processlist_priv.inc Tests need sorted_result with the new implementation. @ mysql-test/suite/funcs_1/datadict/processlist_val.inc Tests need sorted_result with the new implementation. @ mysql-test/suite/funcs_1/r/processlist_priv_no_prot.result Tests need sorted_result with the new implementation. @ mysql-test/suite/funcs_1/r/processlist_priv_ps.result Tests need sorted_result with the new implementation. @ mysql-test/suite/funcs_1/r/processlist_val_no_prot.result Tests need sorted_result with the new implementation. @ mysql-test/suite/funcs_1/r/processlist_val_ps.result Tests need sorted_result with the new implementation. @ mysql-test/t/show_check.test Tests need sorted_result with the new implementation. @ mysql-test/t/sp-threads.test Tests need sorted_result with the new implementation. @ sql/binlog.cc Use Thread_iterator. @ sql/event_scheduler.cc Use add/remove_global_thread() Use Thread_iterator. @ sql/global_threads.h New interface for keeping list of global threads. @ sql/mysqld.cc Remove the global variables I_List threads; uint volatile thread_count; global_thread_count is read by a signal handler, so it must be of type sig_atomic_t global_thread_list is on the heap, to avoid race conditions during shutdown The list of threads is no longer internal to each THD, so we can grab LOCK_thread_count once, and then iterate through the list doing close_connection(THD*) We must keep delete_thd() since it is used by the thread_pool. Remove unlink_thd(), which locked the mutex, and left it locked. Rename cache_thread() to block_until_new_connection() and let it do it's own mutex lock/unlock. In bootstrap mode: Tell the signal handler thread to enter it's main loop. @ sql/mysqld.h Move LOCK_thread_count COND_thread_count to global_threads.h Remove unlink_thd() Move sql_rnd_with_mutex(), since Lock_thread_count was moved. @ sql/rpl_master.cc Use Thread_iterator. @ sql/rpl_slave.cc Use add/remove_global_thread() @ sql/scheduler.cc Grab and release LOCK_thread_count in the same function. @ sql/sql_class.cc Use add_global_thread(). @ sql/sql_class.h ilink is gone! @ sql/sql_insert.cc Use add_global_thread(). @ sql/sql_parse.cc Use add_global_thread(). Use Thread_iterator. @ sql/sql_plugin.cc Dont cast current_thd to (long) @ sql/sql_show.cc Use Thread_iterator. @ storage/perfschema/pfs_check.cc current_thd returned pointer to a THD which was deleted. modified: libmysqld/lib_sql.cc mysql-test/r/show_check.result mysql-test/r/sp-threads.result mysql-test/suite/funcs_1/datadict/processlist_priv.inc mysql-test/suite/funcs_1/datadict/processlist_val.inc mysql-test/suite/funcs_1/r/processlist_priv_no_prot.result mysql-test/suite/funcs_1/r/processlist_priv_ps.result mysql-test/suite/funcs_1/r/processlist_val_no_prot.result mysql-test/suite/funcs_1/r/processlist_val_ps.result mysql-test/t/show_check.test mysql-test/t/sp-threads.test sql/binlog.cc sql/event_scheduler.cc sql/global_threads.h sql/mysqld.cc sql/mysqld.h sql/rpl_master.cc sql/rpl_slave.cc sql/rpl_slave.h sql/scheduler.cc sql/signal_handler.cc sql/sp_head.cc sql/sql_class.cc sql/sql_class.h sql/sql_insert.cc sql/sql_parse.cc sql/sql_plugin.cc sql/sql_reload.cc sql/sql_show.cc sql/sql_test.cc sql/sys_vars.cc storage/perfschema/pfs_check.cc === modified file 'mysql-test/suite/binlog/r/binlog_grant.result' --- a/mysql-test/suite/binlog/r/binlog_grant.result 2009-12-22 09:35:56 +0000 +++ b/mysql-test/suite/binlog/r/binlog_grant.result 2012-04-12 15:21:22 +0000 @@ -22,3 +22,7 @@ ERROR 42000: Access denied; you need (at **** Clean up **** set global binlog_format = @saved_binlog_format; drop user mysqltest_1@localhost; +GRANT REPLICATION CLIENT ON *.* TO 'mysqltest_1'@'localhost'; +SHOW MASTER LOGS; +SHOW BINARY LOGS; +DROP USER 'mysqltest_1'@'localhost'; === modified file 'mysql-test/suite/binlog/t/binlog_grant.test' --- a/mysql-test/suite/binlog/t/binlog_grant.test 2009-12-22 09:35:56 +0000 +++ b/mysql-test/suite/binlog/t/binlog_grant.test 2012-04-12 15:21:22 +0000 @@ -54,3 +54,22 @@ disconnect root; connection default; set global binlog_format = @saved_binlog_format; drop user mysqltest_1@localhost; + + +# Testing if REPLICATION CLIENT privilege is enough to execute +# SHOW MASTER LOGS and SHOW BINARY. +GRANT REPLICATION CLIENT ON *.* TO 'mysqltest_1'@'localhost'; +--connect(rpl,localhost,mysqltest_1,,) + +--connection rpl +# We are only interested if the following commands succeed and not on +# their output. +--disable_result_log +SHOW MASTER LOGS; +SHOW BINARY LOGS; +--enable_result_log + +# clean up +--disconnect rpl +connection default; +DROP USER 'mysqltest_1'@'localhost'; === modified file 'sql/sql_parse.cc' --- a/sql/sql_parse.cc 2012-04-12 14:39:38 +0000 +++ b/sql/sql_parse.cc 2012-04-12 15:21:22 +0000 @@ -3042,7 +3042,7 @@ end_with_restore_list: goto error; #else { - if (check_global_access(thd, SUPER_ACL)) + if (check_global_access(thd, SUPER_ACL | REPL_CLIENT_ACL)) goto error; res = show_binlogs(thd); break; No bundle (reason: useless for push emails).