#At file:///D:/source/bzr/mysql-6.0-bug-39580/ based on revid:charles.bell@stripped6-8m3n4w9qxi6h91y7
2832 Chuck Bell 2009-06-30
BUG#39580 : BACKUP/RESTORE should not use SUPER
The backup system uses a privilege (SUPER) that is much more powerful
than what is necessary to allow backup and restore.
This patch changes the requirement of SUPER to two new privileges:
BACKUP - required for backup operations
RESTORE - required for restore operaions
These new privileges are set at the database-level thereby giving the
ability to grant BACKUP or RESTORE to one or more users for a given
database.
This patch does not infer any additional rights to the user during
the operation. The user must still have sufficient rights to read
all objects for backup and create all objects for restore.
@ mysql-test/r/events_grant.result
New result file as a consequence of adding columns to the mysql tables.
@ mysql-test/r/grant.result
New result file as a consequence of adding columns to the mysql tables.
@ mysql-test/r/lowercase_table_grant.result
New result file as a consequence of adding columns to the mysql tables.
@ mysql-test/r/ps.result
New result file as a consequence of adding columns to the mysql tables.
@ mysql-test/r/system_mysql_db.result
New result file as a consequence of adding columns to the mysql tables.
@ mysql-test/suite/backup/include/backup_check_privileges.inc
Include file for checking privilege failures in backup_security test.
@ mysql-test/suite/backup/r/backup_db_grants.result
New result file as a consequence of adding columns to the mysql tables.
@ mysql-test/suite/backup/r/backup_security.result
New result file.
@ mysql-test/suite/backup/t/backup_security.test
Test reworked to explictly deny all rights for one user and grant only
the new privileges to the other and checks the security privileges after
the backup operations.
@ mysql-test/suite/funcs_1/r/is_column_privileges.result
New result file as a consequence of adding columns to the mysql tables.
@ mysql-test/suite/funcs_1/r/is_schema_privileges.result
New result file as a consequence of adding columns to the mysql tables.
@ mysql-test/suite/funcs_1/r/is_schema_privileges_is_mysql_test.result
New result file as a consequence of adding columns to the mysql tables.
@ mysql-test/suite/funcs_1/r/is_user_privileges.result
New result file as a consequence of adding columns to the mysql tables.
@ scripts/mysql_system_tables.sql
Added new columns to user and db tables in mysql database.
@ scripts/mysql_system_tables_data.sql
Added new data for the new columns to user and db tables in mysql database.
@ scripts/mysql_system_tables_fix.sql
Added code to fix the mysql tables.
@ sql/backup/backup_info.cc
Moved checking for backup because we need the list of
databases to check.
@ sql/backup/kernel.cc
Removed checking for SUPER privilege.
@ sql/backup/restore_info.h
Moved checking for restore because we need the list of
databases to check.
@ sql/share/errmsg.txt
New error messages.
@ sql/sql_acl.cc
Added new column definitions for db table.
@ sql/sql_acl.h
Added new privilege declarations and associations for
BACKUP and RESTORE.
@ sql/sql_show.cc
Added explanation of new columns for show.
@ sql/sql_yacc.yy
Added parser tags for grant recognition.
added:
mysql-test/suite/backup/include/backup_check_privileges.inc
modified:
mysql-test/r/events_grant.result
mysql-test/r/grant.result
mysql-test/r/lowercase_table_grant.result
mysql-test/r/ps.result
mysql-test/r/system_mysql_db.result
mysql-test/suite/backup/r/backup_db_grants.result
mysql-test/suite/backup/r/backup_security.result
mysql-test/suite/backup/t/backup_security.test
mysql-test/suite/funcs_1/r/is_column_privileges.result
mysql-test/suite/funcs_1/r/is_schema_privileges.result
mysql-test/suite/funcs_1/r/is_schema_privileges_is_mysql_test.result
mysql-test/suite/funcs_1/r/is_user_privileges.result
scripts/mysql_system_tables.sql
scripts/mysql_system_tables_data.sql
scripts/mysql_system_tables_fix.sql
sql/backup/backup_info.cc
sql/backup/kernel.cc
sql/backup/restore_info.h
sql/share/errmsg.txt
sql/sql_acl.cc
sql/sql_acl.h
sql/sql_show.cc
sql/sql_yacc.yy
=== modified file 'mysql-test/r/events_grant.result'
--- a/mysql-test/r/events_grant.result 2009-02-16 14:47:53 +0000
+++ b/mysql-test/r/events_grant.result 2009-06-30 18:31:56 +0000
@@ -22,7 +22,7 @@ SHOW GRANTS;
Grants for ev_test@localhost
GRANT USAGE ON *.* TO 'ev_test'@'localhost'
GRANT ALL PRIVILEGES ON `events_test`.* TO 'ev_test'@'localhost'
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `events_test2`.* TO 'ev_test'@'localhost'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER, BACKUP, RESTORE ON `events_test2`.* TO 'ev_test'@'localhost'
"Here comes an error:";
SHOW EVENTS;
ERROR 42000: Access denied for user 'ev_test'@'localhost' to database 'events_test2'
=== modified file 'mysql-test/r/grant.result'
--- a/mysql-test/r/grant.result 2009-06-17 07:30:19 +0000
+++ b/mysql-test/r/grant.result 2009-06-30 18:31:56 +0000
@@ -13,8 +13,8 @@ GRANT USAGE ON *.* TO 'mysqltest_1'@'loc
GRANT SELECT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
grant delete on mysqltest.* to mysqltest_1@localhost;
select * from mysql.user where user="mysqltest_1";
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED EDH-RSA-DES-CBC3-SHA 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED EDH-RSA-DES-CBC3-SHA 0 0 0 0
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE CIPHER 'EDH-RSA-DES-CBC3-SHA'
@@ -44,15 +44,15 @@ delete from mysql.user where user='mysql
flush privileges;
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;
select * from mysql.user where user="mysqltest_1";
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 10 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 10 0 0 0
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;
select * from mysql.user where user="mysqltest_1";
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 10 20 30 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 10 20 30 0
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30
@@ -87,7 +87,7 @@ revoke LOCK TABLES, ALTER on mysqltest.*
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, CREATE TEMPORARY TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `mysqltest`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, CREATE TEMPORARY TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, BACKUP, RESTORE ON `mysqltest`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION
revoke all privileges on mysqltest.* from mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
flush privileges;
@@ -486,6 +486,8 @@ Trigger Tables To use triggers
Create tablespace Server Admin To create/alter/drop tablespaces
Update Tables To update existing rows
Usage Server Admin No privileges - allow connect only
+Backup Server Admin To execute BACKUP commands.
+Restore Server Admin To execute RESTORE commands.
create database mysqltest;
create table mysqltest.t1 (a int,b int,c int);
grant all on mysqltest.t1 to mysqltest_1@localhost;
@@ -614,7 +616,7 @@ flush privileges;
use test;
set @user123="non-existent";
select * from mysql.db where user=@user123;
-Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv
+Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Backup_priv Restore_priv
set names koi8r;
create database ┬─;
grant select on ┬─.* to root@localhost;
=== modified file 'mysql-test/r/lowercase_table_grant.result'
--- a/mysql-test/r/lowercase_table_grant.result 2006-02-01 10:28:45 +0000
+++ b/mysql-test/r/lowercase_table_grant.result 2009-06-30 18:31:56 +0000
@@ -6,8 +6,8 @@ Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
select * from db where user = 'mysqltest_1';
-Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv
-localhost mysqltest mysqltest_1 Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y
+Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Backup_priv Restore_priv
+localhost mysqltest mysqltest_1 Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y Y Y
update db set db = 'MYSQLtest' where db = 'mysqltest' and user = 'mysqltest_1' and host = 'localhost';
flush privileges;
show grants for mysqltest_1@localhost;
@@ -15,8 +15,8 @@ Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
select * from db where user = 'mysqltest_1';
-Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv
-localhost MYSQLtest mysqltest_1 Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y
+Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv Backup_priv Restore_priv
+localhost MYSQLtest mysqltest_1 Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y Y Y
delete from db where db = 'MYSQLtest' and user = 'mysqltest_1' and host = 'localhost';
flush privileges;
drop user mysqltest_1@localhost;
=== modified file 'mysql-test/r/ps.result'
--- a/mysql-test/r/ps.result 2009-05-29 08:09:00 +0000
+++ b/mysql-test/r/ps.result 2009-06-30 18:31:56 +0000
@@ -1194,13 +1194,13 @@ SET @aux= "SELECT COUNT(*)
prepare my_stmt from @aux;
execute my_stmt;
COUNT(*)
-40
+42
execute my_stmt;
COUNT(*)
-40
+42
execute my_stmt;
COUNT(*)
-40
+42
deallocate prepare my_stmt;
drop procedure if exists p1|
drop table if exists t1|
=== modified file 'mysql-test/r/system_mysql_db.result'
--- a/mysql-test/r/system_mysql_db.result 2009-06-02 11:59:00 +0000
+++ b/mysql-test/r/system_mysql_db.result 2009-06-30 18:31:56 +0000
@@ -50,6 +50,8 @@ db CREATE TABLE `db` (
`Execute_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
`Event_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
`Trigger_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
+ `Backup_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
+ `Restore_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
PRIMARY KEY (`Host`,`Db`,`User`),
KEY `User` (`User`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Database privileges'
@@ -113,6 +115,8 @@ user CREATE TABLE `user` (
`Event_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
`Trigger_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
`Create_tablespace_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
+ `Backup_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
+ `Restore_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
`ssl_type` enum('','ANY','X509','SPECIFIED') CHARACTER SET utf8 NOT NULL DEFAULT '',
`ssl_cipher` blob NOT NULL,
`x509_issuer` blob NOT NULL,
=== added file 'mysql-test/suite/backup/include/backup_check_privileges.inc'
--- a/mysql-test/suite/backup/include/backup_check_privileges.inc 1970-01-01 00:00:00 +0000
+++ b/mysql-test/suite/backup/include/backup_check_privileges.inc 2009-06-30 18:31:56 +0000
@@ -0,0 +1,127 @@
+#
+# This file adds a check for privileges used in the backup_security test.
+# It is designed to attempt one of each type of command to ensure none of
+# these are enabled as a consequence of granting BACKUP or RESTORE to a
+# user who otherwise has no rights.
+#
+
+--echo #
+--echo # Show user has not gained rights.
+--echo #
+
+--echo #
+--echo # Checking privileges for a table.
+--echo #
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM backup_test.t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+INSERT INTO backup_test.t1 VALUES ("900");
+--error ER_TABLEACCESS_DENIED_ERROR
+UPDATE backup_test.t1 SET a = "gotcha!";
+--error ER_TABLEACCESS_DENIED_ERROR
+DELETE FROM backup_test.t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+TRUNCATE TABLE backup_test.t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+ALTER TABLE backup_test.t1 ENGINE=MEMORY;
+--error ER_TABLEACCESS_DENIED_ERROR
+DROP TABLE backup_test.t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+CREATE TABLE backup_test.t2 (a int);
+--error ER_TABLEACCESS_DENIED_ERROR
+DESCRIBE backup_test.t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+SHOW CREATE TABLE backup_test.t1;
+
+--echo #
+--echo # Checking privileges for a view.
+--echo #
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM backup_test.v1;
+--error ER_TABLEACCESS_DENIED_ERROR
+INSERT INTO backup_test.v1 VALUES ("800");
+--error ER_TABLEACCESS_DENIED_ERROR
+UPDATE backup_test.v1 SET a = "gotcha again!";
+--error ER_TABLEACCESS_DENIED_ERROR
+DELETE FROM backup_test.v1;
+--error ER_TABLEACCESS_DENIED_ERROR
+TRUNCATE TABLE backup_test.v1;
+--error ER_TABLEACCESS_DENIED_ERROR
+ALTER VIEW backup_test.v1 AS SELECT 1;
+--error ER_TABLEACCESS_DENIED_ERROR
+DROP VIEW backup_test.v1;
+--error ER_TABLEACCESS_DENIED_ERROR
+CREATE VIEW backup_test.v2 AS SELECT 0;
+--error ER_TABLEACCESS_DENIED_ERROR
+DESCRIBE backup_test.v1;
+--error ER_TABLEACCESS_DENIED_ERROR
+SHOW CREATE VIEW backup_test.v1;
+
+--echo #
+--echo # Checking privileges for a trigger.
+--echo #
+--error ER_TABLEACCESS_DENIED_ERROR
+DROP TRIGGER backup_test.trg;
+--error ER_TABLEACCESS_DENIED_ERROR
+CREATE TRIGGER backup_test.trg2 BEFORE INSERT ON backup_test.t1 FOR EACH ROW
+ INSERT INTO backup_test.t1 VALUES('not there at all');
+#
+# BUG#45412 : SHOW CREATE TRIGGER does not require privileges to disclose trigger data
+#
+#--error ER_TABLEACCESS_DENIED_ERROR
+#SHOW CREATE TRIGGER backup_test.trg;
+
+--echo #
+--echo # Checking privileges for an event.
+--echo #
+--error ER_DBACCESS_DENIED_ERROR
+DROP EVENT backup_test.e1;
+--error ER_DBACCESS_DENIED_ERROR
+ALTER EVENT backup_test.e1 ENABLE;
+--error ER_DBACCESS_DENIED_ERROR
+CREATE EVENT backup_test.e2 ON SCHEDULE EVERY 1 YEAR DO
+ DELETE FROM backup_test.t1;
+--error ER_DBACCESS_DENIED_ERROR
+SHOW CREATE EVENT backup_test.e1;
+
+--echo #
+--echo # Checking privileges for a function.
+--echo #
+--error ER_PROCACCESS_DENIED_ERROR
+DROP FUNCTION backup_test.f1;
+--error ER_PROCACCESS_DENIED_ERROR
+ALTER FUNCTION backup_test.f1 COMMENT "Tricky, eh?";
+--error ER_DBACCESS_DENIED_ERROR
+CREATE FUNCTION backup_test.f2() RETURNS INT RETURN (SELECT 11);
+# Note: SHOW CREATE FUNCTION with no rights returns wrong error message.
+--error ER_SP_DOES_NOT_EXIST
+SHOW CREATE FUNCTION backup_test.f1;
+--error ER_SP_DOES_NOT_EXIST
+SHOW PROCEDURE CODE backup_test.f1;
+
+--echo #
+--echo # Checking privileges for a procedure.
+--echo #
+--error ER_PROCACCESS_DENIED_ERROR
+DROP PROCEDURE backup_test.p1;
+--error ER_PROCACCESS_DENIED_ERROR
+ALTER PROCEDURE backup_test.p1 COMMENT "Tricky, eh?";
+--error ER_DBACCESS_DENIED_ERROR
+CREATE PROCEDURE backup_test.p1(p1 CHAR(20))
+ INSERT INTO backup_test.t1 VALUES ("100");
+# Note: SHOW CREATE PROCEDURE with no rights returns wrong error message.
+--error ER_SP_DOES_NOT_EXIST
+SHOW CREATE PROCEDURE backup_test.p1;
+--error ER_SP_DOES_NOT_EXIST
+SHOW PROCEDURE CODE backup_test.p1;
+
+--echo #
+--echo # Checking to make sure we cannot create a new or drop the
+--echo # existing database.
+--echo #
+--error ER_DBACCESS_DENIED_ERROR
+DROP DATABASE backup_test;
+--error ER_DBACCESS_DENIED_ERROR
+CREATE DATABASE x1;
+--error ER_DBACCESS_DENIED_ERROR
+ALTER DATABASE backup_test UPGRADE DATA DIRECTORY NAME;
=== modified file 'mysql-test/suite/backup/r/backup_db_grants.result'
--- a/mysql-test/suite/backup/r/backup_db_grants.result 2009-06-08 14:58:33 +0000
+++ b/mysql-test/suite/backup/r/backup_db_grants.result 2009-06-30 18:31:56 +0000
@@ -72,6 +72,7 @@ backup_id
Warnings:
# 1752 The grant 'ALTER ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'ALTER ROUTINE ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
+# 1752 The grant 'BACKUP ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'CREATE ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'CREATE ROUTINE ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'CREATE TEMPORARY TABLES ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
@@ -84,6 +85,7 @@ Warnings:
# 1752 The grant 'INSERT ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'LOCK TABLES ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'REFERENCES ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
+# 1752 The grant 'RESTORE ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'SELECT ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'SHOW VIEW ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'TRIGGER ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
@@ -126,6 +128,7 @@ Warnings:
# 1752 The grant 'SELECT(b) ON bup_db_grants.s1' for the user 'bup_user2'@'%' was skipped because the user does not exist.
# 1752 The grant 'ALTER ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'ALTER ROUTINE ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
+# 1752 The grant 'BACKUP ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'CREATE ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'CREATE ROUTINE ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'CREATE TEMPORARY TABLES ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
@@ -138,6 +141,7 @@ Warnings:
# 1752 The grant 'INSERT ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'LOCK TABLES ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'REFERENCES ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
+# 1752 The grant 'RESTORE ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'SELECT ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'SHOW VIEW ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
# 1752 The grant 'TRIGGER ON bup_db_grants.*' for the user 'no_user'@'%' was skipped because the user does not exist.
=== modified file 'mysql-test/suite/backup/r/backup_security.result'
--- a/mysql-test/suite/backup/r/backup_security.result 2009-05-21 06:25:17 +0000
+++ b/mysql-test/suite/backup/r/backup_security.result 2009-06-30 18:31:56 +0000
@@ -1,80 +1,375 @@
DROP DATABASE IF EXISTS backup_test;
+#
+# Create database and data to test.
+# Create 2 users and grants rights as follows:
+# bup_no_rights - denied everything (poor chap)
+# bup_with_rights - super user account (like root)
+#
CREATE DATABASE backup_test;
-default: Create table and new users.
CREATE TABLE backup_test.t1 (a char(30)) ENGINE=MEMORY;
-INSERT INTO backup_test.t1 VALUES ("01 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("02 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("03 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("04 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("05 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("06 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("07 Test #1 - super privilege");
-CREATE USER bup_no_rights;
-CREATE USER bup_with_rights;
-default: Grant user rights to run backup. Revoke SUPER from one user.
-GRANT ALL ON *.* TO 'bup_no_rights'@'%';
-GRANT ALL ON *.* TO 'bup_with_rights'@'%';
-REVOKE SUPER ON *.* FROM 'bup_no_rights'@'%';
-GRANT SUPER ON *.* TO 'bup_with_rights'@'%';
+INSERT INTO backup_test.t1 VALUES ("01 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("02 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("03 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("04 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("05 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("06 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("07 Test #1 - privilege");
+CREATE DATABASE backup_test_alt;
+CREATE TABLE backup_test_alt.t1 (a char(30)) ENGINE=MEMORY;
+INSERT INTO backup_test_alt.t1 VALUES ("01 Test #2 - privilege");
+#
+# Now create more database objects for test.
+#
+CREATE PROCEDURE backup_test.p1(p1 CHAR(20))
+INSERT INTO backup_test.t1 VALUES ("50");
+CREATE TRIGGER backup_test.trg AFTER INSERT ON backup_test.t1 FOR EACH ROW
+INSERT INTO backup_test.t1 VALUES('Test objects count');
+CREATE FUNCTION backup_test.f1() RETURNS INT RETURN (SELECT 1);
+CREATE VIEW backup_test.v1 as SELECT * FROM backup_test.t1;
+CREATE EVENT backup_test.e1 ON SCHEDULE EVERY 1 YEAR DO
+DELETE FROM backup_test.t1 WHERE a = "not there";
+CREATE USER 'bup_no_rights'@'localhost';
+CREATE USER 'bup_with_rights'@'localhost';
+REVOKE ALL ON *.* FROM 'bup_no_rights'@'localhost';
+REVOKE ALL ON *.* FROM 'bup_with_rights'@'localhost';
+GRANT SELECT ON backup_test_alt.* TO 'bup_no_rights'@'localhost';
+GRANT ALL ON *.* TO 'bup_with_rights'@'localhost';
+GRANT SELECT ON mysql.* TO 'bup_with_rights'@'localhost';
FLUSH PRIVILEGES;
-default: Do backup of database with default test user for later tests.
+#
+# root_user: Do backup of database with root user for later tests.
+#
BACKUP DATABASE backup_test to 'backup_test_orig.bak';
backup_id
#
-default: Connect as user with no rights and attempt backup and restore.
-no_rights: Attempting backup. Should fail with error 1227
+#
+# Show list of all objects in the database.
+#
+SHOW FULL TABLES FROM backup_test;
+Tables_in_backup_test Table_type
+t1 BASE TABLE
+v1 VIEW
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+event_name
+e1
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+routine_name
+f1
+p1
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+trigger_name
+trg
+#
+# Connect as user with no rights and attempt backup.
+#
+#
+# no_rights: Attempting backup. Should fail with
+# error ER_BAD_DB_ERROR
+#
BACKUP DATABASE backup_test to 'bup_no_rights.bak';
-ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation
+ERROR 42000: Unknown database 'backup_test'
+SHOW ERRORS;
+Level Code Message
+Error #### Unknown database 'backup_test'
+#
+# Show user has not gained rights.
+#
+#
+# Checking privileges for a table.
+#
+SELECT * FROM backup_test.t1;
+ERROR 42000: SELECT command denied to user 'bup_no_rights'@'localhost' for table 't1'
+INSERT INTO backup_test.t1 VALUES ("900");
+ERROR 42000: INSERT command denied to user 'bup_no_rights'@'localhost' for table 't1'
+UPDATE backup_test.t1 SET a = "gotcha!";
+ERROR 42000: UPDATE command denied to user 'bup_no_rights'@'localhost' for table 't1'
+DELETE FROM backup_test.t1;
+ERROR 42000: DELETE command denied to user 'bup_no_rights'@'localhost' for table 't1'
+TRUNCATE TABLE backup_test.t1;
+ERROR 42000: DROP command denied to user 'bup_no_rights'@'localhost' for table 't1'
+ALTER TABLE backup_test.t1 ENGINE=MEMORY;
+ERROR 42000: ALTER command denied to user 'bup_no_rights'@'localhost' for table 't1'
+DROP TABLE backup_test.t1;
+ERROR 42000: DROP command denied to user 'bup_no_rights'@'localhost' for table 't1'
+CREATE TABLE backup_test.t2 (a int);
+ERROR 42000: CREATE command denied to user 'bup_no_rights'@'localhost' for table 't2'
+DESCRIBE backup_test.t1;
+ERROR 42000: SELECT command denied to user 'bup_no_rights'@'localhost' for table 't1'
+SHOW CREATE TABLE backup_test.t1;
+ERROR 42000: SHOW command denied to user 'bup_no_rights'@'localhost' for table 't1'
+#
+# Checking privileges for a view.
+#
+SELECT * FROM backup_test.v1;
+ERROR 42000: SELECT command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+INSERT INTO backup_test.v1 VALUES ("800");
+ERROR 42000: INSERT command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+UPDATE backup_test.v1 SET a = "gotcha again!";
+ERROR 42000: UPDATE command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+DELETE FROM backup_test.v1;
+ERROR 42000: DELETE command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+TRUNCATE TABLE backup_test.v1;
+ERROR 42000: DROP command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+ALTER VIEW backup_test.v1 AS SELECT 1;
+ERROR 42000: CREATE VIEW command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+DROP VIEW backup_test.v1;
+ERROR 42000: DROP command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+CREATE VIEW backup_test.v2 AS SELECT 0;
+ERROR 42000: CREATE VIEW command denied to user 'bup_no_rights'@'localhost' for table 'v2'
+DESCRIBE backup_test.v1;
+ERROR 42000: SELECT command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+SHOW CREATE VIEW backup_test.v1;
+ERROR 42000: SELECT command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+#
+# Checking privileges for a trigger.
+#
+DROP TRIGGER backup_test.trg;
+ERROR 42000: TRIGGER command denied to user 'bup_no_rights'@'localhost' for table 't1'
+CREATE TRIGGER backup_test.trg2 BEFORE INSERT ON backup_test.t1 FOR EACH ROW
+INSERT INTO backup_test.t1 VALUES('not there at all');
+ERROR 42000: TRIGGER command denied to user 'bup_no_rights'@'localhost' for table 't1'
+#
+# Checking privileges for an event.
+#
+DROP EVENT backup_test.e1;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+ALTER EVENT backup_test.e1 ENABLE;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+CREATE EVENT backup_test.e2 ON SCHEDULE EVERY 1 YEAR DO
+DELETE FROM backup_test.t1;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+SHOW CREATE EVENT backup_test.e1;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+#
+# Checking privileges for a function.
+#
+DROP FUNCTION backup_test.f1;
+ERROR 42000: alter routine command denied to user 'bup_no_rights'@'localhost' for routine 'backup_test.f1'
+ALTER FUNCTION backup_test.f1 COMMENT "Tricky, eh?";
+ERROR 42000: alter routine command denied to user 'bup_no_rights'@'localhost' for routine 'backup_test.f1'
+CREATE FUNCTION backup_test.f2() RETURNS INT RETURN (SELECT 11);
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+SHOW CREATE FUNCTION backup_test.f1;
+ERROR 42000: FUNCTION f1 does not exist
+SHOW PROCEDURE CODE backup_test.f1;
+ERROR 42000: PROCEDURE f1 does not exist
+#
+# Checking privileges for a procedure.
+#
+DROP PROCEDURE backup_test.p1;
+ERROR 42000: alter routine command denied to user 'bup_no_rights'@'localhost' for routine 'backup_test.p1'
+ALTER PROCEDURE backup_test.p1 COMMENT "Tricky, eh?";
+ERROR 42000: alter routine command denied to user 'bup_no_rights'@'localhost' for routine 'backup_test.p1'
+CREATE PROCEDURE backup_test.p1(p1 CHAR(20))
+INSERT INTO backup_test.t1 VALUES ("100");
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+SHOW CREATE PROCEDURE backup_test.p1;
+ERROR 42000: PROCEDURE p1 does not exist
+SHOW PROCEDURE CODE backup_test.p1;
+ERROR 42000: PROCEDURE p1 does not exist
+#
+# Checking to make sure we cannot create a new or drop the
+# existing database.
+#
+DROP DATABASE backup_test;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+CREATE DATABASE x1;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'x1'
+ALTER DATABASE backup_test UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+#
+# no_rights: Attempting backup. Should fail with
+# error ER_BACKUP_ACCESS_DENIED_ERROR
+#
+BACKUP DATABASE backup_test_alt to 'bup_no_rights.bak';
+ERROR HY000: Insufficient privileges. You must have the BACKUP privilege to backup database 'backup_test_alt'.
+SHOW ERRORS;
+Level Code Message
+Error #### Insufficient privileges. You must have the BACKUP privilege to backup database 'backup_test_alt'.
+#
+# no_rights: Attempting backup. Should fail with
+# error ER_BACKUP_ACCESS_DENIED_ERROR
+#
+BACKUP DATABASE * to 'bup_no_rights.bak';
+ERROR HY000: Insufficient privileges. You must have the BACKUP privilege to backup database 'backup_test_alt'.
SHOW ERRORS;
Level Code Message
-Error 1227 Access denied; you need (at least one of) the SUPER privilege(s) for this operation
-no_rights: Attempting restore. Should fail with error 1227
-RESTORE FROM 'bup_no_rights.bak';
-ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation
+Error #### Insufficient privileges. You must have the BACKUP privilege to backup database 'backup_test_alt'.
+#
+# no_rights: Attempting restore. Should fail with
+# error ER_RESTORE_ACCESS_DENIED_ERROR
+#
+RESTORE FROM 'backup_test_orig.bak';
+ERROR HY000: Insufficient privileges. You must have the RESTORE privilege to restore database 'backup_test'.
SHOW ERRORS;
Level Code Message
-Error 1227 Access denied; you need (at least one of) the SUPER privilege(s) for this operation
+Error #### Insufficient privileges. You must have the RESTORE privilege to restore database 'backup_test'.
+#
+# Show user has not gained rights.
+#
+#
+# Checking privileges for a table.
+#
SELECT * FROM backup_test.t1;
-a
-01 Test #1 - super privilege
-02 Test #1 - super privilege
-03 Test #1 - super privilege
-04 Test #1 - super privilege
-05 Test #1 - super privilege
-06 Test #1 - super privilege
-07 Test #1 - super privilege
-Connect as user with rights and attempt backup and restore.
-no_rights: Attempting backup. Should succeed
+ERROR 42000: SELECT command denied to user 'bup_no_rights'@'localhost' for table 't1'
+INSERT INTO backup_test.t1 VALUES ("900");
+ERROR 42000: INSERT command denied to user 'bup_no_rights'@'localhost' for table 't1'
+UPDATE backup_test.t1 SET a = "gotcha!";
+ERROR 42000: UPDATE command denied to user 'bup_no_rights'@'localhost' for table 't1'
+DELETE FROM backup_test.t1;
+ERROR 42000: DELETE command denied to user 'bup_no_rights'@'localhost' for table 't1'
+TRUNCATE TABLE backup_test.t1;
+ERROR 42000: DROP command denied to user 'bup_no_rights'@'localhost' for table 't1'
+ALTER TABLE backup_test.t1 ENGINE=MEMORY;
+ERROR 42000: ALTER command denied to user 'bup_no_rights'@'localhost' for table 't1'
+DROP TABLE backup_test.t1;
+ERROR 42000: DROP command denied to user 'bup_no_rights'@'localhost' for table 't1'
+CREATE TABLE backup_test.t2 (a int);
+ERROR 42000: CREATE command denied to user 'bup_no_rights'@'localhost' for table 't2'
+DESCRIBE backup_test.t1;
+ERROR 42000: SELECT command denied to user 'bup_no_rights'@'localhost' for table 't1'
+SHOW CREATE TABLE backup_test.t1;
+ERROR 42000: SHOW command denied to user 'bup_no_rights'@'localhost' for table 't1'
+#
+# Checking privileges for a view.
+#
+SELECT * FROM backup_test.v1;
+ERROR 42000: SELECT command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+INSERT INTO backup_test.v1 VALUES ("800");
+ERROR 42000: INSERT command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+UPDATE backup_test.v1 SET a = "gotcha again!";
+ERROR 42000: UPDATE command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+DELETE FROM backup_test.v1;
+ERROR 42000: DELETE command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+TRUNCATE TABLE backup_test.v1;
+ERROR 42000: DROP command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+ALTER VIEW backup_test.v1 AS SELECT 1;
+ERROR 42000: CREATE VIEW command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+DROP VIEW backup_test.v1;
+ERROR 42000: DROP command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+CREATE VIEW backup_test.v2 AS SELECT 0;
+ERROR 42000: CREATE VIEW command denied to user 'bup_no_rights'@'localhost' for table 'v2'
+DESCRIBE backup_test.v1;
+ERROR 42000: SELECT command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+SHOW CREATE VIEW backup_test.v1;
+ERROR 42000: SELECT command denied to user 'bup_no_rights'@'localhost' for table 'v1'
+#
+# Checking privileges for a trigger.
+#
+DROP TRIGGER backup_test.trg;
+ERROR 42000: TRIGGER command denied to user 'bup_no_rights'@'localhost' for table 't1'
+CREATE TRIGGER backup_test.trg2 BEFORE INSERT ON backup_test.t1 FOR EACH ROW
+INSERT INTO backup_test.t1 VALUES('not there at all');
+ERROR 42000: TRIGGER command denied to user 'bup_no_rights'@'localhost' for table 't1'
+#
+# Checking privileges for an event.
+#
+DROP EVENT backup_test.e1;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+ALTER EVENT backup_test.e1 ENABLE;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+CREATE EVENT backup_test.e2 ON SCHEDULE EVERY 1 YEAR DO
+DELETE FROM backup_test.t1;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+SHOW CREATE EVENT backup_test.e1;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+#
+# Checking privileges for a function.
+#
+DROP FUNCTION backup_test.f1;
+ERROR 42000: alter routine command denied to user 'bup_no_rights'@'localhost' for routine 'backup_test.f1'
+ALTER FUNCTION backup_test.f1 COMMENT "Tricky, eh?";
+ERROR 42000: alter routine command denied to user 'bup_no_rights'@'localhost' for routine 'backup_test.f1'
+CREATE FUNCTION backup_test.f2() RETURNS INT RETURN (SELECT 11);
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+SHOW CREATE FUNCTION backup_test.f1;
+ERROR 42000: FUNCTION f1 does not exist
+SHOW PROCEDURE CODE backup_test.f1;
+ERROR 42000: PROCEDURE f1 does not exist
+#
+# Checking privileges for a procedure.
+#
+DROP PROCEDURE backup_test.p1;
+ERROR 42000: alter routine command denied to user 'bup_no_rights'@'localhost' for routine 'backup_test.p1'
+ALTER PROCEDURE backup_test.p1 COMMENT "Tricky, eh?";
+ERROR 42000: alter routine command denied to user 'bup_no_rights'@'localhost' for routine 'backup_test.p1'
+CREATE PROCEDURE backup_test.p1(p1 CHAR(20))
+INSERT INTO backup_test.t1 VALUES ("100");
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+SHOW CREATE PROCEDURE backup_test.p1;
+ERROR 42000: PROCEDURE p1 does not exist
+SHOW PROCEDURE CODE backup_test.p1;
+ERROR 42000: PROCEDURE p1 does not exist
+#
+# Checking to make sure we cannot create a new or drop the
+# existing database.
+#
+DROP DATABASE backup_test;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+CREATE DATABASE x1;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'x1'
+ALTER DATABASE backup_test UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Access denied for user 'bup_no_rights'@'localhost' to database 'backup_test'
+#
+# Connect as user with rights and attempt backup and restore.
+#
+#
+# with_rights: Attempting backup. Should succeed
+#
BACKUP DATABASE backup_test to 'bup_with_rights.bak';
backup_id
#
-no_rights: Attempting restore. Should succeed
+#
+# with_rights: Attempting restore. Should succeed
+#
RESTORE FROM 'bup_with_rights.bak' OVERWRITE;
backup_id
#
-SELECT * FROM backup_test.t1;
-a
-01 Test #1 - super privilege
-02 Test #1 - super privilege
-03 Test #1 - super privilege
-04 Test #1 - super privilege
-05 Test #1 - super privilege
-06 Test #1 - super privilege
-07 Test #1 - super privilege
-default: Do restore to ensure it still works with default test user.
+#
+# Do restore to ensure it still works with root user.
+#
+#
+# Show that all objects were recreated after restore.
+#
+SHOW FULL TABLES FROM backup_test;
+Tables_in_backup_test Table_type
+t1 BASE TABLE
+v1 VIEW
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+event_name
+e1
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+routine_name
+f1
+p1
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+trigger_name
+trg
RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
backup_id
#
-SELECT * FROM backup_test.t1;
-a
-01 Test #1 - super privilege
-02 Test #1 - super privilege
-03 Test #1 - super privilege
-04 Test #1 - super privilege
-05 Test #1 - super privilege
-06 Test #1 - super privilege
-07 Test #1 - super privilege
-Cleanup
-DROP USER bup_no_rights;
-DROP USER bup_with_rights;
+#
+# Show that all objects were recreated after restore.
+#
+SHOW FULL TABLES FROM backup_test;
+Tables_in_backup_test Table_type
+t1 BASE TABLE
+v1 VIEW
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+event_name
+e1
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+routine_name
+f1
+p1
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+trigger_name
+trg
+#
+# Cleanup
+#
+DROP USER 'bup_no_rights'@'localhost';
+DROP USER 'bup_with_rights'@'localhost';
DROP DATABASE backup_test;
+DROP DATABASE backup_test_alt;
+FLUSH PRIVILEGES;
=== modified file 'mysql-test/suite/backup/t/backup_security.test'
--- a/mysql-test/suite/backup/t/backup_security.test 2009-02-24 20:57:21 +0000
+++ b/mysql-test/suite/backup/t/backup_security.test 2009-06-30 18:31:56 +0000
@@ -2,7 +2,7 @@
# This test includes tests for all of the security-related tasks in
# Online Backup. These include tests for:
#
-# 1) Only users with super privilege can run backup or restore.
+# 1) Only users with BACKUP or RESTORE privilege can run backup or restore.
#
--source include/not_embedded.inc
@@ -12,90 +12,180 @@ call mtr.add_suppression("Backup:");
call mtr.add_suppression("Restore:");
enable_query_log;
+connect (root_user,localhost,root,,);
+
--disable_warnings
DROP DATABASE IF EXISTS backup_test;
--enable_warnings
#
-# Test 1 - Only users with super privilege can run backup and restore.
+# Test 1 - Only users with BACKUP and RESTORE privilege can run backup
+# and restore.
#
+--echo #
+--echo # Create database and data to test.
+--echo # Create 2 users and grants rights as follows:
+--echo # bup_no_rights - denied everything (poor chap)
+--echo # bup_with_rights - super user account (like root)
+--echo #
CREATE DATABASE backup_test;
-
---echo default: Create table and new users.
-
CREATE TABLE backup_test.t1 (a char(30)) ENGINE=MEMORY;
-
-INSERT INTO backup_test.t1 VALUES ("01 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("02 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("03 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("04 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("05 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("06 Test #1 - super privilege");
-INSERT INTO backup_test.t1 VALUES ("07 Test #1 - super privilege");
-
-CREATE USER bup_no_rights;
-CREATE USER bup_with_rights;
-
---echo default: Grant user rights to run backup. Revoke SUPER from one user.
-GRANT ALL ON *.* TO 'bup_no_rights'@'%';
-GRANT ALL ON *.* TO 'bup_with_rights'@'%';
-REVOKE SUPER ON *.* FROM 'bup_no_rights'@'%';
-GRANT SUPER ON *.* TO 'bup_with_rights'@'%';
+INSERT INTO backup_test.t1 VALUES ("01 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("02 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("03 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("04 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("05 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("06 Test #1 - privilege");
+INSERT INTO backup_test.t1 VALUES ("07 Test #1 - privilege");
+
+CREATE DATABASE backup_test_alt;
+CREATE TABLE backup_test_alt.t1 (a char(30)) ENGINE=MEMORY;
+INSERT INTO backup_test_alt.t1 VALUES ("01 Test #2 - privilege");
+
+--echo #
+--echo # Now create more database objects for test.
+--echo #
+CREATE PROCEDURE backup_test.p1(p1 CHAR(20))
+ INSERT INTO backup_test.t1 VALUES ("50");
+
+CREATE TRIGGER backup_test.trg AFTER INSERT ON backup_test.t1 FOR EACH ROW
+ INSERT INTO backup_test.t1 VALUES('Test objects count');
+
+CREATE FUNCTION backup_test.f1() RETURNS INT RETURN (SELECT 1);
+
+CREATE VIEW backup_test.v1 as SELECT * FROM backup_test.t1;
+
+CREATE EVENT backup_test.e1 ON SCHEDULE EVERY 1 YEAR DO
+ DELETE FROM backup_test.t1 WHERE a = "not there";
+
+CREATE USER 'bup_no_rights'@'localhost';
+CREATE USER 'bup_with_rights'@'localhost';
+
+REVOKE ALL ON *.* FROM 'bup_no_rights'@'localhost';
+REVOKE ALL ON *.* FROM 'bup_with_rights'@'localhost';
+GRANT SELECT ON backup_test_alt.* TO 'bup_no_rights'@'localhost';
+GRANT ALL ON *.* TO 'bup_with_rights'@'localhost';
+GRANT SELECT ON mysql.* TO 'bup_with_rights'@'localhost';
FLUSH PRIVILEGES;
---echo default: Do backup of database with default test user for later tests.
+--echo #
+--echo # root_user: Do backup of database with root user for later tests.
+--echo #
--replace_column 1 #
BACKUP DATABASE backup_test to 'backup_test_orig.bak';
---echo default: Connect as user with no rights and attempt backup and restore.
-connect (no_rights,localhost,bup_no_rights,,backup_test);
-
---echo no_rights: Attempting backup. Should fail with error 1227
+--echo #
+--echo # Show list of all objects in the database.
+--echo #
+SHOW FULL TABLES FROM backup_test;
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+
+disconnect root_user;
+--echo #
+--echo # Connect as user with no rights and attempt backup.
+--echo #
+connect (no_rights,localhost,bup_no_rights,,);
+
+--echo #
+--echo # no_rights: Attempting backup. Should fail with
+--echo # error ER_BAD_DB_ERROR
+--echo #
--replace_column 1 #
---error ER_SPECIFIC_ACCESS_DENIED_ERROR
+--error ER_BAD_DB_ERROR
BACKUP DATABASE backup_test to 'bup_no_rights.bak';
+--replace_regex /[0-9]/#/
SHOW ERRORS;
---echo no_rights: Attempting restore. Should fail with error 1227
---replace_column 1 #
---error ER_SPECIFIC_ACCESS_DENIED_ERROR
-RESTORE FROM 'bup_no_rights.bak';
+source suite/backup/include/backup_check_privileges.inc;
+
+--echo #
+--echo # no_rights: Attempting backup. Should fail with
+--echo # error ER_BACKUP_ACCESS_DENIED_ERROR
+--echo #
+--replace_column 1 #
+--error ER_BACKUP_ACCESS_DENIED_ERROR
+BACKUP DATABASE backup_test_alt to 'bup_no_rights.bak';
+--replace_regex /[0-9]/#/
SHOW ERRORS;
-SELECT * FROM backup_test.t1;
+--echo #
+--echo # no_rights: Attempting backup. Should fail with
+--echo # error ER_BACKUP_ACCESS_DENIED_ERROR
+--echo #
+--replace_column 1 #
+--error ER_BACKUP_ACCESS_DENIED_ERROR
+BACKUP DATABASE * to 'bup_no_rights.bak';
+--replace_regex /[0-9]/#/
+SHOW ERRORS;
-disconnect no_rights;
+--echo #
+--echo # no_rights: Attempting restore. Should fail with
+--echo # error ER_RESTORE_ACCESS_DENIED_ERROR
+--echo #
+--replace_column 1 #
+--error ER_RESTORE_ACCESS_DENIED_ERROR
+RESTORE FROM 'backup_test_orig.bak';
+--replace_regex /[0-9]/#/
+SHOW ERRORS;
---echo Connect as user with rights and attempt backup and restore.
-connect (with_rights,localhost,bup_with_rights,,backup_test);
+source suite/backup/include/backup_check_privileges.inc;
---echo no_rights: Attempting backup. Should succeed
+disconnect no_rights;
+--echo #
+--echo # Connect as user with rights and attempt backup and restore.
+--echo #
+connect (with_rights,localhost,bup_with_rights,,);
+
+--echo #
+--echo # with_rights: Attempting backup. Should succeed
+--echo #
--replace_column 1 #
BACKUP DATABASE backup_test to 'bup_with_rights.bak';
---echo no_rights: Attempting restore. Should succeed
+--echo #
+--echo # with_rights: Attempting restore. Should succeed
+--echo #
--replace_column 1 #
RESTORE FROM 'bup_with_rights.bak' OVERWRITE;
-SELECT * FROM backup_test.t1;
-
disconnect with_rights;
-
---echo default: Do restore to ensure it still works with default test user.
-connection default;
+--echo #
+--echo # Do restore to ensure it still works with root user.
+--echo #
+connect (root_user,localhost,root,,);
+
+--echo #
+--echo # Show that all objects were recreated after restore.
+--echo #
+SHOW FULL TABLES FROM backup_test;
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
--replace_column 1 #
RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
-SELECT * FROM backup_test.t1;
-
---echo Cleanup
+--echo #
+--echo # Show that all objects were recreated after restore.
+--echo #
+SHOW FULL TABLES FROM backup_test;
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+
+--echo #
+--echo # Cleanup
+--echo #
-DROP USER bup_no_rights;
-DROP USER bup_with_rights;
+DROP USER 'bup_no_rights'@'localhost';
+DROP USER 'bup_with_rights'@'localhost';
DROP DATABASE backup_test;
+DROP DATABASE backup_test_alt;
+FLUSH PRIVILEGES;
let $MYSQLD_BACKUPDIR= `select @@backupdir`;
remove_file $MYSQLD_BACKUPDIR/bup_with_rights.bak;
=== modified file 'mysql-test/suite/funcs_1/r/is_column_privileges.result'
--- a/mysql-test/suite/funcs_1/r/is_column_privileges.result 2009-02-16 14:47:53 +0000
+++ b/mysql-test/suite/funcs_1/r/is_column_privileges.result 2009-06-30 18:31:56 +0000
@@ -135,6 +135,7 @@ ORDER BY grantee,table_schema,privilege_
GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
'testuser3'@'localhost' def db_datadict ALTER NO
'testuser3'@'localhost' def db_datadict ALTER ROUTINE NO
+'testuser3'@'localhost' def db_datadict BACKUP NO
'testuser3'@'localhost' def db_datadict CREATE NO
'testuser3'@'localhost' def db_datadict CREATE ROUTINE NO
'testuser3'@'localhost' def db_datadict CREATE TEMPORARY TABLES NO
@@ -147,6 +148,7 @@ GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVI
'testuser3'@'localhost' def db_datadict INSERT NO
'testuser3'@'localhost' def db_datadict LOCK TABLES NO
'testuser3'@'localhost' def db_datadict REFERENCES NO
+'testuser3'@'localhost' def db_datadict RESTORE NO
'testuser3'@'localhost' def db_datadict SELECT NO
'testuser3'@'localhost' def db_datadict SHOW VIEW NO
'testuser3'@'localhost' def db_datadict TRIGGER NO
=== modified file 'mysql-test/suite/funcs_1/r/is_schema_privileges.result'
--- a/mysql-test/suite/funcs_1/r/is_schema_privileges.result 2009-02-16 14:47:53 +0000
+++ b/mysql-test/suite/funcs_1/r/is_schema_privileges.result 2009-06-30 18:31:56 +0000
@@ -68,6 +68,8 @@ GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVI
''@'%' def test CREATE ROUTINE
''@'%' def test EVENT
''@'%' def test TRIGGER
+''@'%' def test BACKUP
+''@'%' def test RESTORE
''@'%' def test\_% SELECT
''@'%' def test\_% INSERT
''@'%' def test\_% UPDATE
@@ -84,6 +86,8 @@ GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVI
''@'%' def test\_% CREATE ROUTINE
''@'%' def test\_% EVENT
''@'%' def test\_% TRIGGER
+''@'%' def test\_% BACKUP
+''@'%' def test\_% RESTORE
###############################################################################
# Testcase 3.2.15.2-3.2.15.4 INFORMATION_SCHEMA.SCHEMA_PRIVILEGES accessibility
###############################################################################
=== modified file 'mysql-test/suite/funcs_1/r/is_schema_privileges_is_mysql_test.result'
--- a/mysql-test/suite/funcs_1/r/is_schema_privileges_is_mysql_test.result 2009-02-16 14:47:53 +0000
+++ b/mysql-test/suite/funcs_1/r/is_schema_privileges_is_mysql_test.result 2009-06-30 18:31:56 +0000
@@ -11,6 +11,7 @@ WHERE table_schema IN ('information_sche
ORDER BY grantee, table_schema, privilege_type;
GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
''@'%' def test ALTER NO
+''@'%' def test BACKUP NO
''@'%' def test CREATE NO
''@'%' def test CREATE ROUTINE NO
''@'%' def test CREATE TEMPORARY TABLES NO
@@ -22,6 +23,7 @@ GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVI
''@'%' def test INSERT NO
''@'%' def test LOCK TABLES NO
''@'%' def test REFERENCES NO
+''@'%' def test RESTORE NO
''@'%' def test SELECT NO
''@'%' def test SHOW VIEW NO
''@'%' def test TRIGGER NO
=== modified file 'mysql-test/suite/funcs_1/r/is_user_privileges.result'
--- a/mysql-test/suite/funcs_1/r/is_user_privileges.result 2009-02-17 11:16:05 +0000
+++ b/mysql-test/suite/funcs_1/r/is_user_privileges.result 2009-06-30 18:31:56 +0000
@@ -76,10 +76,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser3'@'localhost' def USAGE NO
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
#
# Add GRANT OPTION db_datadict.* to testuser1;
GRANT UPDATE ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
@@ -93,10 +93,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser3'@'localhost' def USAGE NO
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
# Establish connection testuser1 (user=testuser1)
SELECT * FROM information_schema.user_privileges
WHERE grantee LIKE '''testuser%'''
@@ -105,10 +105,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser1'@'localhost' def USAGE NO
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
SHOW GRANTS;
Grants for testuser1@localhost
GRANT USAGE ON *.* TO 'testuser1'@'localhost'
@@ -130,10 +130,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser3'@'localhost' def USAGE NO
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
GRANT SELECT ON *.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
#
# Here <SELECT YES> is shown correctly for testuser1;
@@ -147,10 +147,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser3'@'localhost' def USAGE NO
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 Y N N N N N N N N N Y N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 Y N N N N N N N N N Y N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
# Switch to connection testuser1
SELECT * FROM information_schema.user_privileges
WHERE grantee LIKE '''testuser%'''
@@ -159,10 +159,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser1'@'localhost' def SELECT YES
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 Y N N N N N N N N N Y N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 Y N N N N N N N N N Y N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
SHOW GRANTS;
Grants for testuser1@localhost
GRANT SELECT ON *.* TO 'testuser1'@'localhost' WITH GRANT OPTION
@@ -207,10 +207,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser3'@'localhost' def USAGE NO
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
# Switch to connection testuser1
SELECT * FROM information_schema.user_privileges
WHERE grantee LIKE '''testuser%'''
@@ -253,10 +253,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser3'@'localhost' def USAGE NO
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
# Switch to connection testuser1
SELECT * FROM information_schema.user_privileges
WHERE grantee LIKE '''testuser%'''
@@ -265,10 +265,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser1'@'localhost' def USAGE NO
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
SHOW GRANTS;
Grants for testuser1@localhost
GRANT USAGE ON *.* TO 'testuser1'@'localhost'
@@ -284,10 +284,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser1'@'localhost' def USAGE NO
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
SHOW GRANTS;
Grants for testuser1@localhost
GRANT USAGE ON *.* TO 'testuser1'@'localhost'
@@ -309,10 +309,10 @@ GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_
'testuser3'@'localhost' def USAGE NO
SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
-Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
-localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
-localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Backup_priv Restore_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
+localhost testuser1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser2 N Y Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
+localhost testuser3 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
# Switch to connection testuser1
SELECT * FROM information_schema.user_privileges
WHERE grantee LIKE '''testuser%'''
=== modified file 'scripts/mysql_system_tables.sql'
--- a/scripts/mysql_system_tables.sql 2009-06-17 07:30:19 +0000
+++ b/scripts/mysql_system_tables.sql 2009-06-30 18:31:56 +0000
@@ -5,7 +5,7 @@
set sql_mode='';
set storage_engine=myisam;
-CREATE TABLE IF NOT EXISTS db ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Event_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, PRIMARY KEY Host (Host,Db,User), KEY User (User) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Database privileges';
+CREATE TABLE IF NOT EXISTS db ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Event_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Backup_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Restore_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, PRIMARY KEY Host (Host,Db,User), KEY User (User) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Database privileges';
-- Remember for later if db table already existed
set @had_db_table= @@warning_count != 0;
@@ -13,7 +13,7 @@ set @had_db_table= @@warning_count != 0;
CREATE TABLE IF NOT EXISTS host ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, PRIMARY KEY Host (Host,Db) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Host privileges; Merged with database privileges';
-CREATE TABLE IF NOT EXISTS user ( Host char(60) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Password char(41) character set latin1 collate latin1_bin DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Reload_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Shutdown_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Process_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, File_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_db_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Super_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_slave_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_client_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_user_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Event_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tablespace_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, ssl_type enum('','ANY','X509', 'SPECIFIED') COLLATE utf8_general_ci DEFAULT '' NOT NULL, ssl_cipher BLOB NOT NULL, x509_issuer BLOB NOT NULL, x509_subject BLOB NOT NULL, max_questions int(11) unsigned DEFAULT 0 NOT NULL, max_updates int(11) unsigned DEFAULT 0 NOT NULL, max_connections int(11) unsigned DEFAULT 0 NOT NULL, max_user_connections int(11) unsigned DEFAULT 0 NOT NULL, PRIMARY KEY Host (Host,User) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges';
+CREATE TABLE IF NOT EXISTS user ( Host char(60) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Password char(41) character set latin1 collate latin1_bin DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Reload_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Shutdown_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Process_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, File_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_db_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Super_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_slave_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_client_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_user_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Event_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tablespace_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Backup_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Restore_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, ssl_type enum('','ANY','X509', 'SPECIFIED') COLLATE utf8_general_ci DEFAULT '' NOT NULL, ssl_cipher BLOB NOT NULL, x509_issuer BLOB NOT NULL, x509_subject BLOB NOT NULL, max_questions int(11) unsigned DEFAULT 0 NOT NULL, max_updates int(11) unsigned DEFAULT 0 NOT NULL, max_connections int(11) unsigned DEFAULT 0 NOT NULL, max_user_connections int(11) unsigned DEFAULT 0 NOT NULL, PRIMARY KEY Host (Host,User) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges';
-- Remember for later if user table already existed
set @had_user_table= @@warning_count != 0;
=== modified file 'scripts/mysql_system_tables_data.sql'
--- a/scripts/mysql_system_tables_data.sql 2008-10-03 16:41:23 +0000
+++ b/scripts/mysql_system_tables_data.sql 2009-06-30 18:31:56 +0000
@@ -11,8 +11,8 @@ set @current_hostname= @@hostname;
-- Fill "db" table with default grants for anyone to
-- access database 'test' and 'test_%' if "db" table didn't exist
CREATE TEMPORARY TABLE tmp_db LIKE db;
-INSERT INTO tmp_db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');
-INSERT INTO tmp_db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');
+INSERT INTO tmp_db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y','Y','Y');
+INSERT INTO tmp_db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y','Y','Y');
INSERT INTO db SELECT * FROM tmp_db WHERE @had_db_table=0;
DROP TABLE tmp_db;
@@ -21,9 +21,9 @@ DROP TABLE tmp_db;
-- from local machine if "users" table didn't exist before
CREATE TEMPORARY TABLE tmp_user LIKE user;
set @current_hostname= @@hostname;
-INSERT INTO tmp_user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0);
-REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0 FROM dual WHERE LOWER( @current_hostname) != 'localhost';
-REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0);
+INSERT INTO tmp_user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0);
+REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0 FROM dual WHERE LOWER( @current_hostname) != 'localhost';
+REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0);
INSERT INTO tmp_user (host,user) VALUES ('localhost','');
INSERT INTO tmp_user (host,user) SELECT @current_hostname,'' FROM dual WHERE LOWER(@current_hostname ) != 'localhost';
INSERT INTO user SELECT * FROM tmp_user WHERE @had_user_table=0;
=== modified file 'scripts/mysql_system_tables_fix.sql'
--- a/scripts/mysql_system_tables_fix.sql 2009-06-11 14:01:26 +0000
+++ b/scripts/mysql_system_tables_fix.sql 2009-06-30 18:31:56 +0000
@@ -603,6 +603,44 @@ ALTER TABLE user MODIFY Create_tablespac
UPDATE user SET Create_tablespace_priv = Super_priv WHERE @hadCreateTablespacePriv = 0;
+#
+# user.Backup_priv and user.Restore.priv
+#
+SET @hadBackupPriv := 0;
+SELECT @hadBackupPriv :=1 FROM db WHERE Backup_priv LIKE '%';
+
+ALTER TABLE db ADD Backup_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL AFTER Trigger_priv;
+ALTER TABLE db MODIFY Backup_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL AFTER Trigger_priv;
+
+UPDATE user SET Backup_priv = Super_priv WHERE @hadBackupPriv = 0;
+
+SET @hadRestorePriv := 0;
+SELECT @hadRestorePriv :=1 FROM user WHERE Restore_priv LIKE '%';
+
+ALTER TABLE db ADD Restore_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL AFTER Backup_priv;
+ALTER TABLE db MODIFY Restore_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL AFTER Backup_priv;
+
+UPDATE db SET Restore_priv = Super_priv WHERE @hadRestorePriv = 0;
+
+#
+# user.Backup_priv and user.Restore.priv
+#
+SET @hadBackupPriv := 0;
+SELECT @hadBackupPriv :=1 FROM user WHERE Backup_priv LIKE '%';
+
+ALTER TABLE user ADD Backup_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL AFTER Create_tablespace_priv;
+ALTER TABLE user MODIFY Backup_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL AFTER Create_tablespace_priv;
+
+UPDATE user SET Backup_priv = Super_priv WHERE @hadBackupPriv = 0;
+
+SET @hadRestorePriv := 0;
+SELECT @hadRestorePriv :=1 FROM user WHERE Restore_priv LIKE '%';
+
+ALTER TABLE user ADD Restore_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL AFTER Backup_priv;
+ALTER TABLE user MODIFY Restore_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL AFTER Backup_priv;
+
+UPDATE user SET Restore_priv = Super_priv WHERE @hadRestorePriv = 0;
+
# Activate the new, possible modified privilege tables
# This should not be needed, but gives us some extra testing that the above
# changes was correct
=== modified file 'sql/backup/backup_info.cc'
--- a/sql/backup/backup_info.cc 2009-06-03 20:29:31 +0000
+++ b/sql/backup/backup_info.cc 2009-06-30 18:31:56 +0000
@@ -624,6 +624,17 @@ backup::Image_info::Db* Backup_info::add
DBUG_ASSERT(name);
+ /*
+ Check privileges for this database. User must have BACKUP
+ privilege in order to execute a backup.
+ */
+ DEBUG_SYNC(m_thd, "before_backup_privileges");
+ if (check_access(m_thd, BACKUP_ACL, name->ptr(), 0, 1, 1, 0))
+ {
+ m_log.report_error(ER_BACKUP_ACCESS_DENIED_ERROR, name->ptr());
+ return NULL;
+ }
+
Db *db= Image_info::add_db(*name, pos);
if (!db)
=== modified file 'sql/backup/kernel.cc'
--- a/sql/backup/kernel.cc 2009-05-25 07:11:29 +0000
+++ b/sql/backup/kernel.cc 2009-06-30 18:31:56 +0000
@@ -553,17 +553,6 @@ int Backup_restore_ctx::prepare(::String
int ret= 0;
/*
- Check access for SUPER rights. If user does not have SUPER, fail with error.
-
- In case of error, we write only to backup logs, because check_global_access()
- pushes the same error on the error stack.
- */
- DEBUG_SYNC(m_thd, "before_backup_privileges");
- ret= check_global_access(m_thd, SUPER_ACL);
- if (ret || is_killed())
- return fatal_error(log_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, "SUPER"));
-
- /*
Check if another BACKUP/RESTORE is running and if not, register
this operation.
*/
=== modified file 'sql/backup/restore_info.h'
--- a/sql/backup/restore_info.h 2009-01-08 14:57:41 +0000
+++ b/sql/backup/restore_info.h 2009-06-30 18:31:56 +0000
@@ -112,6 +112,17 @@ inline
backup::Image_info::Db*
Restore_info::add_db(const ::String &name, uint pos)
{
+ /*
+ Check privileges for this database. User must have RESTORE
+ privilege in order to execute a restore.
+ */
+ DEBUG_SYNC(m_thd, "before_restore_privileges");
+ if (check_access(m_thd, RESTORE_ACL, name.ptr(), 0, 1, 1, 0))
+ {
+ m_log.report_error(ER_RESTORE_ACCESS_DENIED_ERROR, name.ptr());
+ return NULL;
+ }
+
Db *db= Image_info::add_db(name, pos);
if (!db)
=== modified file 'sql/share/errmsg.txt'
--- a/sql/share/errmsg.txt 2009-06-16 13:41:36 +0000
+++ b/sql/share/errmsg.txt 2009-06-30 18:31:56 +0000
@@ -6544,3 +6544,7 @@ WARN_DB_DROP_RENAMED
eng "Renamed directory with unknown files to '%.200s'"
ER_BACKUP_NO_NDB
eng "NDB tables cannot be used with MySQL Backup. Please see the MySQL Cluster reference manual."
+ER_BACKUP_ACCESS_DENIED_ERROR
+ eng "Insufficient privileges. You must have the BACKUP privilege to backup database '%s'."
+ER_RESTORE_ACCESS_DENIED_ERROR
+ eng "Insufficient privileges. You must have the RESTORE privilege to restore database '%s'."
=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc 2009-06-12 02:01:08 +0000
+++ b/sql/sql_acl.cc 2009-06-30 18:31:56 +0000
@@ -144,6 +144,16 @@ TABLE_FIELD_W_TYPE mysql_db_table_fields
{ C_STRING_WITH_LEN("Trigger_priv") },
{ C_STRING_WITH_LEN("enum('N','Y')") },
{ C_STRING_WITH_LEN("utf8") }
+ },
+ {
+ { C_STRING_WITH_LEN("Backup_priv") },
+ { C_STRING_WITH_LEN("enum('N','Y')") },
+ { C_STRING_WITH_LEN("utf8") }
+ },
+ {
+ { C_STRING_WITH_LEN("Restore_priv") },
+ { C_STRING_WITH_LEN("enum('N','Y')") },
+ { C_STRING_WITH_LEN("utf8") }
}
};
@@ -4595,13 +4605,13 @@ static const char *command_array[]=
"ALTER", "SHOW DATABASES", "SUPER", "CREATE TEMPORARY TABLES",
"LOCK TABLES", "EXECUTE", "REPLICATION SLAVE", "REPLICATION CLIENT",
"CREATE VIEW", "SHOW VIEW", "CREATE ROUTINE", "ALTER ROUTINE",
- "CREATE USER", "EVENT", "TRIGGER", "CREATE TABLESPACE"
+ "CREATE USER", "EVENT", "TRIGGER", "CREATE TABLESPACE", "BACKUP", "RESTORE"
};
static uint command_lengths[]=
{
6, 6, 6, 6, 6, 4, 6, 8, 7, 4, 5, 10, 5, 5, 14, 5, 23, 11, 7, 17, 18, 11, 9,
- 14, 13, 11, 5, 7, 17
+ 14, 13, 11, 5, 7, 17, 6, 7
};
@@ -4620,7 +4630,7 @@ static int show_routine_grants(THD *thd,
bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
{
ulong want_access;
- uint counter,index;
+ ulong counter,index;
int error = 0;
ACL_USER *acl_user;
ACL_DB *acl_db;
=== modified file 'sql/sql_acl.h'
--- a/sql/sql_acl.h 2009-06-12 02:01:08 +0000
+++ b/sql/sql_acl.h 2009-06-30 18:31:56 +0000
@@ -52,13 +52,16 @@
4. acl_init() or whatever - to define behaviour for old privilege tables
5. sql_yacc.yy - for GRANT/REVOKE to work
*/
-#define EXTRA_ACL (1L << 29)
-#define NO_ACCESS (1L << 30)
+#define BACKUP_ACL (1L << 29)
+#define RESTORE_ACL (1L << 30)
+#define NO_ACCESS (1L << 31)
+
#define DB_ACLS \
(UPDATE_ACL | SELECT_ACL | INSERT_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_TMP_ACL | \
LOCK_TABLES_ACL | EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | \
- CREATE_PROC_ACL | ALTER_PROC_ACL | EVENT_ACL | TRIGGER_ACL)
+ CREATE_PROC_ACL | ALTER_PROC_ACL | EVENT_ACL | TRIGGER_ACL | \
+ BACKUP_ACL | RESTORE_ACL )
#define TABLE_ACLS \
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
@@ -81,7 +84,7 @@
CREATE_TMP_ACL | LOCK_TABLES_ACL | REPL_SLAVE_ACL | REPL_CLIENT_ACL | \
EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL | \
ALTER_PROC_ACL | CREATE_USER_ACL | EVENT_ACL | TRIGGER_ACL | \
- CREATE_TABLESPACE_ACL)
+ CREATE_TABLESPACE_ACL | BACKUP_ACL | RESTORE_ACL )
#define DEFAULT_CREATE_PROC_ACLS \
(ALTER_PROC_ACL | EXECUTE_ACL)
@@ -105,19 +108,22 @@
CREATE_PROC_ACL | ALTER_PROC_ACL )
#define DB_CHUNK4 (EXECUTE_ACL)
#define DB_CHUNK5 (EVENT_ACL | TRIGGER_ACL)
+#define DB_CHUNK6 (BACKUP_ACL | RESTORE_ACL)
#define fix_rights_for_db(A) (((A) & DB_CHUNK0) | \
(((A) << 4) & DB_CHUNK1) | \
(((A) << 6) & DB_CHUNK2) | \
(((A) << 9) & DB_CHUNK3) | \
(((A) << 2) & DB_CHUNK4))| \
- (((A) << 9) & DB_CHUNK5)
+ (((A) << 9) & DB_CHUNK5) | \
+ (((A) << 10) & DB_CHUNK6)
#define get_rights_for_db(A) (((A) & DB_CHUNK0) | \
(((A) & DB_CHUNK1) >> 4) | \
(((A) & DB_CHUNK2) >> 6) | \
(((A) & DB_CHUNK3) >> 9) | \
(((A) & DB_CHUNK4) >> 2))| \
- (((A) & DB_CHUNK5) >> 9)
+ (((A) & DB_CHUNK5) >> 9) | \
+ (((A) & DB_CHUNK6) >> 10)
#define TBL_CHUNK0 DB_CHUNK0
#define TBL_CHUNK1 DB_CHUNK1
#define TBL_CHUNK2 (CREATE_VIEW_ACL | SHOW_VIEW_ACL)
@@ -163,6 +169,8 @@ enum mysql_db_table_field
MYSQL_DB_FIELD_EXECUTE_PRIV,
MYSQL_DB_FIELD_EVENT_PRIV,
MYSQL_DB_FIELD_TRIGGER_PRIV,
+ MYSQL_DB_FIELD_BACKUP_PRIV,
+ MYSQL_DB_FIELD_RESTORE_PRIV,
MYSQL_DB_FIELD_COUNT
};
=== modified file 'sql/sql_show.cc'
--- a/sql/sql_show.cc 2009-06-17 07:30:19 +0000
+++ b/sql/sql_show.cc 2009-06-30 18:31:56 +0000
@@ -317,6 +317,8 @@ static struct show_privileges_st sys_pri
{"Create tablespace", "Server Admin", "To create/alter/drop tablespaces"},
{"Update", "Tables", "To update existing rows"},
{"Usage","Server Admin","No privileges - allow connect only"},
+ {"Backup", "Server Admin", "To execute BACKUP commands."},
+ {"Restore", "Server Admin", "To execute RESTORE commands."},
{NullS, NullS, NullS}
};
=== modified file 'sql/sql_yacc.yy'
--- a/sql/sql_yacc.yy 2009-06-12 02:01:08 +0000
+++ b/sql/sql_yacc.yy 2009-06-30 18:31:56 +0000
@@ -13341,6 +13341,8 @@ object_privilege:
| EVENT_SYM { Lex->grant |= EVENT_ACL;}
| TRIGGER_SYM { Lex->grant |= TRIGGER_ACL; }
| CREATE TABLESPACE { Lex->grant |= CREATE_TABLESPACE_ACL; }
+ | BACKUP_SYM { Lex->grant |= BACKUP_ACL; }
+ | RESTORE_SYM { Lex->grant |= RESTORE_ACL; }
;
opt_and:
Attachment: [text/bzr-bundle] bzr/charles.bell@sun.com-20090630183156-89ebht2bhgr0rse6.bundle
