Rafal,
> 1. The patch does not solve the problem as is illustrated by this test
> (as I described in my other email):
>
> ------------------------------------->8---------------------------------------
>
> create database db1;
> create event db1.e1 on schedule every 1 year do set @foo=1;
>
> create user bob;
> grant backup on *.* to bob;
> grant select on *.* to bob;
>
> --connect(bob, localhost, bob,,)
> --connection bob
>
> backup database db1 to 'db1.bkp';
>
> --connection default
>
> select count(*) from information_schema.events;
>
> drop database db1;
> restore from 'db1.bkp';
>
> select count(*) from information_schema.events;
>
> drop database db1;
> drop user bob;
>
> --exit
> --------------------------------------8<--------------------------------------
>
>
> In this case the problem manifests in the fact that BACKUP DATABASE
> succeeds creating a backup image which does not contain event db1.e1.
> This can be seen after RESTORE - the event count is 0. This happens for
> an unpatched server and also after applying your patch. Unless I did
> something wrong which I very much hope is the case.
You did nothing wrong. My mistake. The problem has been solved.
> 2. The modified backup_security test "passes" on an unmodified server.
>
> To run modified test on otherwise unmodified server, I had to remove
> from it references to the new error messages. See attached patch for the
> changes I did.
>
> With these changes I was able to run this test on the current server.
> The only result differences I can observe are due to changed error
> messages - all other checks pass without a problem even though the
> server is not modified. I conclude that the test is not complete as it
> does not include a scenario which corresponds to the problem described
> in the bug report.
>
> Here are the result differences which I get when I run modified
> backup_security test on the current, unmodified server:
Ok. Here is what going on...
Since the check for the user having visibility to all of the objects in
the database, the error is not fired. Granted, and we know this.
However, none of these test cases/steps were setup to ensure backup
would succeed -- only that it would fail if a user cannot 'see' all of
the objects. So what is happening is the code is attempting to enumerate
the grants but the user does not have privileges to read the grants (she
does not have rights to the mysql privilege tables).
We must realize that the current code can indeed fail a backup in the
middle if the user does not have privileges on the mysql tables. Even is
she has full privileges on all of the objects in a databse, it does not
guarantee a successful backup. Again, this bug report is only about
backup failing if insufficient visibility, not backup succeeding.
As to a scenario that is happening in the bug report, you need to look
at test case 1 again. Realize I cannot create a test case the runs with
the 'old' code nor can I create a test case that shows missing objects.
So other than the test case steps I have in test case 1, I see no way to
do what you want to do.
Furthermore, to create a test case that shows objects are missing
belongs to the code *before* the patch, not after the patch. Note that
there is a test case that shows a backup succeeds if a user has all of
the privileges to run backup.
The tests that complete successfully are the test cases where the user
has all of the privileges needed to execute backup.
I must therefore disagree and unless you can come up with a test case to
the contrary, I do not see how I can construct a test case to test
something the code is fixing. I contend this is demonstrated by the
counting test steps in the test.
>
>>> ---
>>>
> /ext/mysql/bzr/backup/bug45889-privileges/mysql-test/suite/backup/r/backup_security.result
>
>>> 2009-07-13 12:09:49.000000000 +0300
>>> +++
>>>
> /ext/mysql/bzr/backup/bug45889-privileges/mysql-test/suite/backup/r/backup_security.reject
>
>>> 2009-07-13 12:27:30.000000000 +0300
>>> @@ -223,10 +223,10 @@
>>> # error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
>>> #
>>> BACKUP DATABASE backup_test to 'backup_test_select.bak';
>>> -ERROR HY000: Insufficient privileges. You do not have privileges to
>>> backup database 'backup_test'.
>>> +ERROR HY000: Can't enumerate grants in database 'backup_test'.
>>> SHOW ERRORS;
>>> Level Code Message
>>> -Error # Insufficient privileges. You do not have privileges
>>> to backup database 'backup_test'.
>>> +Error # Can't enumerate grants in database 'backup_test'.
This is what should happen. The user does not have
>>> #
>>> # Connect as root and add privileges.
>>> #
>>> @@ -257,10 +257,10 @@
>>> # error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
>>> #
>>> BACKUP DATABASE backup_test to 'backup_test_select.bak';
>>> -ERROR HY000: Insufficient privileges. You do not have privileges to
>>> backup database 'backup_test'.
>>> +ERROR HY000: Can't enumerate grants in database 'backup_test'.
>>> SHOW ERRORS;
>>> Level Code Message
>>> -Error # Insufficient privileges. You do not have privileges
>>> to backup database 'backup_test'.
>>> +Error # Can't enumerate grants in database 'backup_test'.
Same here.
>>> #
>>> # Connect as root and add privileges.
>>> #
>>> @@ -309,19 +309,19 @@
>>> # error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
>>> #
>>> BACKUP DATABASE backup_test, not_there_at_all_ever to
>>> 'backup_test_select.bak';
>>> -ERROR HY000: Insufficient privileges. You do not have privileges to
>>> backup database 'backup_test'.
>>> +ERROR HY000: Can't enumerate grants in database 'backup_test'.
Again...
>>> SHOW ERRORS;
>>> Level Code Message
>>> -Error # Insufficient privileges. You do not have privileges
>>> to backup database 'backup_test'.
>>> +Error # Can't enumerate grants in database 'backup_test'.
>>> #
>>> # conn_select_priv: Attempting backup. Should fail with # error
>>> ER_BACKUP_ACCESS_OBJS_INCOMPLETE
>>> #
>>> BACKUP DATABASE backup_test to 'backup_test_select.bak';
>>> -ERROR HY000: Insufficient privileges. You do not have privileges to
>>> backup database 'backup_test'.
>>> +ERROR HY000: Can't enumerate grants in database 'backup_test'.
Again...
>>> SHOW ERRORS;
>>> Level Code Message
>>> -Error # Insufficient privileges. You do not have privileges
>>> to backup database 'backup_test'.
>>> +Error # Can't enumerate grants in database 'backup_test'.
Again... etcetera
>>> #
>>> # Connect as root and add privileges.
>>> #
>>> @@ -723,10 +723,10 @@
>>> # error ER_BACKUP_ACCESS_DBS_INCOMPLETE
>>> #
>>> BACKUP DATABASE * to 'bup_no_rights.bak';
>>> -ERROR HY000: Insufficient privileges. You must have the SELECT
>>> privilege on all databases to execute BACKUP DATABASE *.
>>> +ERROR HY000: Insufficient privileges. You must have the BACKUP
>>> privilege to backup database 'backup_test_alt'.
>>> SHOW ERRORS;
>>> Level Code Message
>>> -Error # Insufficient privileges. You must have the SELECT
>>> privilege on all databases to execute BACKUP DATABASE *.
>>> +Error # Insufficient privileges. You must have the BACKUP
>>> privilege to backup database 'backup_test_alt'.
>>> #
>>> # Connect as user with rights and attempt backup and restore.
>>> #
>>> @@ -744,10 +744,10 @@
>>> # error ER_BACKUP_ACCESS_DBS_INCOMPLETE
>>> #
>>> BACKUP DATABASE * to 'bup_no_bup_priv.bak';
>>> -ERROR HY000: Insufficient privileges. You must have the SELECT
>>> privilege on all databases to execute BACKUP DATABASE *.
>>> +ERROR HY000: Insufficient privileges. You must have the BACKUP
>>> privilege to backup database 'backup_test'.
>>> SHOW ERRORS;
>>> Level Code Message
>>> -Error # Insufficient privileges. You must have the SELECT
>>> privilege on all databases to execute BACKUP DATABASE *.
>>> +Error # Insufficient privileges. You must have the BACKUP
>>> privilege to backup database 'backup_test'.
>>> #
>>> # Connect as root and redo privileges for user with only select.
>>> #
>>> @@ -802,10 +802,10 @@
>>> # error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
>>> #
>>> BACKUP DATABASE backup_test to 'bup_some_rights.bak';
>>> -ERROR HY000: Insufficient privileges. You do not have privileges to
>>> backup database 'backup_test'.
>>> +ERROR HY000: Can't enumerate grants in database 'backup_test'.
>>> SHOW ERRORS;
>>> Level Code Message
>>> -Error # Insufficient privileges. You do not have privileges
>>> to backup database 'backup_test'.
>>> +Error # Can't enumerate grants in database 'backup_test'.
>>> #
>>> # Reconnect as root to ensure we can restore correctly.
>>> #
>>> @@ -848,10 +848,10 @@
>>> # error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
>>> #
>>> BACKUP DATABASE backup_test to 'backup_test_full.bak';
>>> -ERROR HY000: Insufficient privileges. You do not have privileges to
>>> backup database 'backup_test'.
>>> +ERROR HY000: Can't enumerate grants in database 'backup_test'.
>>> SHOW ERRORS;
>>> Level Code Message
>>> -Error # Insufficient privileges. You do not have privileges
>>> to backup database 'backup_test'.
>>> +Error # Can't enumerate grants in database 'backup_test'.
>>> #
>>> # Connect as root and add another privilege.
>>> #
>>> @@ -876,10 +876,10 @@
>>> # error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
>>> #
>>> BACKUP DATABASE backup_test to 'backup_test_full.bak';
>>> -ERROR HY000: Insufficient privileges. You do not have privileges to
>>> backup database 'backup_test'.
>>> +ERROR HY000: Can't enumerate grants in database 'backup_test'.
>>> SHOW ERRORS;
>>> Level Code Message
>>> -Error # Insufficient privileges. You do not have privileges
>>> to backup database 'backup_test'.
>>> +Error # Can't enumerate grants in database 'backup_test'.
>>> #
>>> # Connect as root and add another privilege.
>>> #
>>> @@ -905,10 +905,10 @@
>>> # error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
>>> #
>>> BACKUP DATABASE backup_test to 'backup_test_full.bak';
>>> -ERROR HY000: Insufficient privileges. You do not have privileges to
>>> backup database 'backup_test'.
>>> +ERROR HY000: Can't enumerate grants in database 'backup_test'.
>>> SHOW ERRORS;
>>> Level Code Message
>>> -Error # Insufficient privileges. You do not have privileges
>>> to backup database 'backup_test'.
>>> +Error # Can't enumerate grants in database 'backup_test'.
>>> #
>>> # Connect as root and add another privilege.
>>>
