List:Commits« Previous MessageNext Message »
From:He Zhenxing Date:September 9 2008 10:26am
Subject:Re: bzr commit into mysql-5.1 branch (mats:2732) Bug#39106
View as plain text  
Hi,

Nice work, patch approved!

Mats Kindahl wrote:
> #At file:///home/bzr/bugs/b39106-5.1-bugteam/
> 
>  2732 Mats Kindahl	2008-09-04
>       Bug #39106:
>       SUPER is not required to change binlog format for session
>       
>       A user without SUPER privileges can change the value of the
>       session variable BINLOG_FORMAT, causing problems for a DBA.
>       
>       This changeset requires a user to have SUPER privileges to
>       change the value of the session variable BINLOG_FORMAT, and
>       not only the global variable BINLOG_FORMAT.
> added:
>   mysql-test/suite/binlog/r/binlog_grant.result
>   mysql-test/suite/binlog/t/binlog_grant.test
> modified:
>   sql/set_var.cc
>   sql/set_var.h
> 
> per-file messages:
>   mysql-test/suite/binlog/t/binlog_grant.test
>     Adding test to test grants needed for SQL_LOG_BIN and BINLOG_FORMAT.
>   sql/set_var.cc
>     Adding code to check that user has SUPER permission
>     needed to change the value of BINLOG_FORMAT.
>   sql/set_var.h
>     Adding function sys_var_thd_binlog_format::check()
> === added file 'mysql-test/suite/binlog/r/binlog_grant.result'
> --- a/mysql-test/suite/binlog/r/binlog_grant.result	1970-01-01 00:00:00 +0000
> +++ b/mysql-test/suite/binlog/r/binlog_grant.result	2008-09-04 14:12:43 +0000
> @@ -0,0 +1,28 @@
> +reset master;
> +set @saved_binlog_format = @@global.binlog_format;
> +create user mysqltest_1@localhost;
> +show grants for mysqltest_1@localhost;
> +Grants for mysqltest_1@localhost
> +GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
> +**** Variable SQL_LOG_BIN ****
> +[root]
> +set global sql_log_bin = 1;
> +ERROR HY000: Variable 'sql_log_bin' is a SESSION variable and can't be used with SET
> GLOBAL
> +set session sql_log_bin = 1;
> +[plain]
> +set global sql_log_bin = 1;
> +ERROR HY000: Variable 'sql_log_bin' is a SESSION variable and can't be used with SET
> GLOBAL
> +set session sql_log_bin = 1;
> +ERROR 42000: Access denied; you need the SUPER privilege for this operation
> +**** Variable BINLOG_FORMAT ****
> +[root]
> +set global binlog_format = row;
> +set session binlog_format = row;
> +[plain]
> +set global binlog_format = row;
> +ERROR 42000: Access denied; you need the SUPER privilege for this operation
> +set session binlog_format = row;
> +ERROR 42000: Access denied; you need the SUPER privilege for this operation
> +**** Clean up ****
> +set global binlog_format = @saved_binlog_format;
> +drop user mysqltest_1@localhost;
> 
> === added file 'mysql-test/suite/binlog/t/binlog_grant.test'
> --- a/mysql-test/suite/binlog/t/binlog_grant.test	1970-01-01 00:00:00 +0000
> +++ b/mysql-test/suite/binlog/t/binlog_grant.test	2008-09-04 14:12:43 +0000
> @@ -0,0 +1,60 @@
> +# Test grants for various objects (especially variables) related to
> +# the binary log
> +
> +source include/have_log_bin.inc;
> +
> +connection default;
> +--disable_warnings
> +reset master;
> +--enable_warnings
> +
> +set @saved_binlog_format = @@global.binlog_format;
> +create user mysqltest_1@localhost;
> +show grants for mysqltest_1@localhost;
> +
> +connect (plain,localhost,mysqltest_1,,test);
> +connect (root,localhost,root,,test);
> +
> +# Testing setting both session and global SQL_LOG_BIN variable both as
> +# root and as plain user.
> +
> +--echo **** Variable SQL_LOG_BIN ****
> +
> +connection root;
> +--echo [root]
> +--error ER_LOCAL_VARIABLE
> +set global sql_log_bin = 1;
> +set session sql_log_bin = 1;
> +
> +connection plain;
> +--echo [plain]
> +--error ER_LOCAL_VARIABLE
> +set global sql_log_bin = 1;
> +--error ER_SPECIFIC_ACCESS_DENIED_ERROR
> +set session sql_log_bin = 1;
> +
> +
> +# Testing setting both session and global BINLOG_FORMAT variable both
> +# as root and as plain user.
> +
> +--echo **** Variable BINLOG_FORMAT ****
> +
> +connection root;
> +--echo [root]
> +set global binlog_format = row;
> +set session binlog_format = row;
> +
> +connection plain;
> +--echo [plain]
> +--error ER_SPECIFIC_ACCESS_DENIED_ERROR
> +set global binlog_format = row;
> +--error ER_SPECIFIC_ACCESS_DENIED_ERROR
> +set session binlog_format = row;
> +
> +--echo **** Clean up ****
> +disconnect plain;
> +disconnect root;
> +
> +connection default;
> +set global binlog_format = @saved_binlog_format;
> +drop user mysqltest_1@localhost;
> 
> === modified file 'sql/set_var.cc'
> --- a/sql/set_var.cc	2008-08-25 12:44:05 +0000
> +++ b/sql/set_var.cc	2008-09-04 14:12:43 +0000
> @@ -1162,6 +1162,21 @@ void fix_slave_exec_mode(enum_var_type t
>      bit_do_set(slave_exec_mode_options, SLAVE_EXEC_MODE_STRICT);
>  }
>  
> +
> +bool sys_var_thd_binlog_format::check(THD *thd, set_var *var) {
> +  /*
> +    All variables that affect writing to binary log (either format or
> +    turning logging on and off) use the same checking. We call the
> +    superclass ::check function to assign the variable correctly, and
> +    then check the value.
> +   */
> +  bool result= sys_var_thd_enum::check(thd, var);
> +  if (!result)
> +    result= check_log_update(thd, var);
> +  return result;
> +}
> +
> +
>  bool sys_var_thd_binlog_format::is_readonly() const
>  {
>    /*
> 
> === modified file 'sql/set_var.h'
> --- a/sql/set_var.h	2008-05-20 07:38:17 +0000
> +++ b/sql/set_var.h	2008-09-04 14:12:43 +0000
> @@ -1126,6 +1126,7 @@ public:
>                        &binlog_format_typelib,
>                        fix_binlog_format_after_update)
>    {};
> +  bool check(THD *thd, set_var *var);
>    bool is_readonly() const;
>  };
>  
>
Thread
bzr commit into mysql-5.1 branch (mats:2732) Bug#39106Mats Kindahl4 Sep
  • Re: bzr commit into mysql-5.1 branch (mats:2732) Bug#39106Andrei Elkin9 Sep
  • Re: bzr commit into mysql-5.1 branch (mats:2732) Bug#39106He Zhenxing9 Sep