#At file:///Users/cbell/source/bzr/mysql-6.0-bug-44787-options/ based on revid:charles.bell@stripped
2890 Chuck Bell 2009-11-05
BUG#44787 : Backup: Check privileges before executing BACKUP/RESTORE
The backup system must be changed to meet the Server PT decision
to turn off backup elevation, restore elevation, and restore
prechecking by startup options and variables.
This patch implements startup options and variables to do the
following:
backup-elevation/backup_elevation
ON = turn on backup elevation
OFF = turn off backup elevation
Note: Default is ON
restore-elevation/restore_elevation
ON = turn on restore elevation
OFF = turn off restore elevation
Note: Default is ON
restore-precheck/restore_precheck
ON = turn on restore precheck
OFF = turn off restore precheck
Note: Default is ON
Note: This is patch 3 of 3. Patch 1 implements privilege checking,
patch 2 implements privilege elevation.
@ mysql-test/suite/backup/r/backup_security_options.result
New result file.
@ mysql-test/suite/backup/r/backup_security_var.result
New result file.
@ mysql-test/suite/backup/t/backup_security_options-master.opt
Option file to disable all options.
@ mysql-test/suite/backup/t/backup_security_options.test
New test for testing startup options.
@ mysql-test/suite/backup/t/backup_security_var.test
New test for testing new variables.
@ sql/backup/backup_info.cc
Added code to turn elevation on or off depending on option set.
@ sql/backup/restore_info.h
Added gates to skip privilege elevation for restore.
Rearranged code to catch all combination of options.
@ sql/mysqld.cc
Added startup options.
@ sql/set_var.cc
Added variable classes.
@ sql/sql_class.h
Added variable declarations.
added:
mysql-test/suite/backup/r/backup_security_options.result
mysql-test/suite/backup/r/backup_security_var.result
mysql-test/suite/backup/t/backup_security_options-master.opt
mysql-test/suite/backup/t/backup_security_options.test
mysql-test/suite/backup/t/backup_security_var.test
modified:
sql/backup/backup_info.cc
sql/backup/restore_info.h
sql/mysqld.cc
sql/set_var.cc
sql/sql_class.h
=== added file 'mysql-test/suite/backup/r/backup_security_options.result'
--- a/mysql-test/suite/backup/r/backup_security_options.result 1970-01-01 00:00:00 +0000
+++ b/mysql-test/suite/backup/r/backup_security_options.result 2009-11-05 19:39:55 +0000
@@ -0,0 +1,230 @@
+DROP DATABASE IF EXISTS backup_test;
+SHOW VARIABLES LIKE 'backup_elevation';
+Variable_name Value
+backup_elevation OFF
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation OFF
+SHOW VARIABLES LIKE 'restore_precheck';
+Variable_name Value
+restore_precheck OFF
+#
+# Create users.
+#
+CREATE USER 'bup_some_priv'@'localhost';
+#
+# Use the basic data setup in backup_test database.
+#
+#
+# Create database and data to test.
+#
+CREATE DATABASE backup_test;
+CREATE TABLE backup_test.t1 (a char(30)) ENGINE=MEMORY;
+INSERT INTO backup_test.t1 VALUES ("01 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("02 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("03 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("04 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("05 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("06 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("07 Test Basic database example");
+CREATE TABLE backup_test.t2 (a char(30)) ENGINE=MYISAM;
+INSERT INTO backup_test.t2 VALUES ("11 Test Basic database example");
+INSERT INTO backup_test.t2 VALUES ("12 Test Basic database example");
+INSERT INTO backup_test.t2 VALUES ("13 Test Basic database example");
+#
+# Now create more database objects for test.
+#
+CREATE PROCEDURE backup_test.p1(p1 CHAR(20))
+INSERT INTO backup_test.t1 VALUES ("50");
+CREATE TRIGGER backup_test.trg AFTER INSERT ON backup_test.t1 FOR EACH ROW
+INSERT INTO backup_test.t1 VALUES('Test objects count');
+CREATE FUNCTION backup_test.f1() RETURNS INT RETURN (SELECT 1);
+CREATE VIEW backup_test.v1 as SELECT * FROM backup_test.t1;
+CREATE EVENT backup_test.e1 ON SCHEDULE EVERY 1 YEAR DO
+DELETE FROM backup_test.t1 WHERE a = "not there";
+#
+# Now we need some privileges
+#
+GRANT ALL ON backup_test.* TO 'joe'@'user';
+#
+# Revoke grants for bup_some_priv
+#
+REVOKE ALL ON *.* FROM 'bup_some_priv'@'localhost';
+REVOKE ALL ON backup_test.* FROM 'joe'@'user';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT USAGE ON *.* TO 'bup_some_priv'@'localhost'
+#
+# conn_root_user: Do backup of database with root user for later tests.
+#
+BACKUP DATABASE backup_test to 'backup_test_orig.bak';
+backup_id
+#
+#
+# Show list of all objects in the database.
+#
+SHOW FULL TABLES FROM backup_test;
+Tables_in_backup_test Table_type
+t1 BASE TABLE
+t2 BASE TABLE
+v1 VIEW
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+event_name
+e1
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+routine_name
+f1
+p1
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+trigger_name
+trg
+#
+# Test Case 1 : Ensure backup_elevation = OFF fails for not enough
+# privileges.
+#
+GRANT BACKUP ON backup_test.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT USAGE ON *.* TO 'bup_some_priv'@'localhost'
+GRANT BACKUP ON `backup_test`.* TO 'bup_some_priv'@'localhost'
+SHOW VARIABLES LIKE 'backup_elevation';
+Variable_name Value
+backup_elevation OFF
+SET @@global.backup_elevation = OFF;
+SHOW VARIABLES LIKE 'backup_elevation';
+Variable_name Value
+backup_elevation OFF
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting backup. Should fail with
+# error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
+#
+BACKUP DATABASE backup_test TO 'backup_test_fail.bak';
+ERROR HY000: Insufficient privileges. You do not have privileges to backup database 'backup_test'.
+SHOW ERRORS;
+Level Code Message
+Error # Insufficient privileges. You do not have privileges to backup database 'backup_test'.
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 2 : Ensure restore_elevation = OFF fails for not enough
+# privileges.
+#
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost'
+GRANT RESTORE ON `backup_test`.* TO 'bup_some_priv'@'localhost'
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation OFF
+SET @@global.restore_elevation = OFF;
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation OFF
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting restore. Should fail with
+# error ER_BACKUP_CANT_RESTORE_DB
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+ERROR HY000: Could not restore database `backup_test`
+SHOW ERRORS;
+Level Code Message
+Error # Access denied for user 'bup_some_priv'@'localhost' to database 'backup_test'
+Error # Could not restore database `backup_test`
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 3 : Ensure restore_precheck = OFF fails for not enough
+# privileges (Restore will fail in the middle).
+#
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+REVOKE SUPER ON *.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT USAGE ON *.* TO 'bup_some_priv'@'localhost'
+GRANT RESTORE ON `backup_test`.* TO 'bup_some_priv'@'localhost'
+SHOW VARIABLES LIKE 'restore_precheck';
+Variable_name Value
+restore_precheck OFF
+SET @@global.restore_elevation = ON;
+SET @@global.restore_precheck = OFF;
+SHOW VARIABLES LIKE 'restore_precheck';
+Variable_name Value
+restore_precheck OFF
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting restore. Should fail with
+# error ER_BACKUP_CANT_RESTORE_DB
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+ERROR HY000: Could not restore database `backup_test`
+SHOW ERRORS;
+Level Code Message
+Error # Access denied for user 'bup_some_priv'@'localhost' to database 'backup_test'
+Error # Could not restore database `backup_test`
+#
+# Connect as root and cleanup.
+#
+#
+# Compare to original backup image file.
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+backup_id
+#
+#
+# Show list of all objects in the database.
+#
+SHOW FULL TABLES FROM backup_test;
+Tables_in_backup_test Table_type
+t1 BASE TABLE
+t2 BASE TABLE
+v1 VIEW
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+event_name
+e1
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+routine_name
+f1
+p1
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+trigger_name
+trg
+#
+# Cleanup
+#
+DROP USER 'bup_some_priv'@'localhost';
+DROP USER 'joe'@'user';
+SET @@global.backup_elevation = OFF;
+SET @@global.restore_elevation = OFF;
+SET @@global.restore_precheck = OFF;
+DROP DATABASE backup_test;
+FLUSH PRIVILEGES;
=== added file 'mysql-test/suite/backup/r/backup_security_var.result'
--- a/mysql-test/suite/backup/r/backup_security_var.result 1970-01-01 00:00:00 +0000
+++ b/mysql-test/suite/backup/r/backup_security_var.result 2009-11-05 19:39:55 +0000
@@ -0,0 +1,480 @@
+DROP DATABASE IF EXISTS backup_test;
+SHOW VARIABLES LIKE 'backup_elevation';
+Variable_name Value
+backup_elevation ON
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation ON
+SHOW VARIABLES LIKE 'restore_precheck';
+Variable_name Value
+restore_precheck ON
+#
+# Create users.
+#
+CREATE USER 'bup_some_priv'@'localhost';
+#
+# Use the basic data setup in backup_test database.
+#
+#
+# Create database and data to test.
+#
+CREATE DATABASE backup_test;
+CREATE TABLE backup_test.t1 (a char(30)) ENGINE=MEMORY;
+INSERT INTO backup_test.t1 VALUES ("01 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("02 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("03 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("04 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("05 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("06 Test Basic database example");
+INSERT INTO backup_test.t1 VALUES ("07 Test Basic database example");
+CREATE TABLE backup_test.t2 (a char(30)) ENGINE=MYISAM;
+INSERT INTO backup_test.t2 VALUES ("11 Test Basic database example");
+INSERT INTO backup_test.t2 VALUES ("12 Test Basic database example");
+INSERT INTO backup_test.t2 VALUES ("13 Test Basic database example");
+#
+# Now create more database objects for test.
+#
+CREATE PROCEDURE backup_test.p1(p1 CHAR(20))
+INSERT INTO backup_test.t1 VALUES ("50");
+CREATE TRIGGER backup_test.trg AFTER INSERT ON backup_test.t1 FOR EACH ROW
+INSERT INTO backup_test.t1 VALUES('Test objects count');
+CREATE FUNCTION backup_test.f1() RETURNS INT RETURN (SELECT 1);
+CREATE VIEW backup_test.v1 as SELECT * FROM backup_test.t1;
+CREATE EVENT backup_test.e1 ON SCHEDULE EVERY 1 YEAR DO
+DELETE FROM backup_test.t1 WHERE a = "not there";
+#
+# Now we need some privileges
+#
+GRANT ALL ON backup_test.* TO 'joe'@'user';
+#
+# Revoke grants for bup_some_priv
+#
+REVOKE ALL ON *.* FROM 'bup_some_priv'@'localhost';
+REVOKE ALL ON backup_test.* FROM 'joe'@'user';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT USAGE ON *.* TO 'bup_some_priv'@'localhost'
+#
+# conn_root_user: Do backup of database with root user for later tests.
+#
+BACKUP DATABASE backup_test to 'backup_test_orig.bak';
+backup_id
+#
+#
+# Show list of all objects in the database.
+#
+SHOW FULL TABLES FROM backup_test;
+Tables_in_backup_test Table_type
+t1 BASE TABLE
+t2 BASE TABLE
+v1 VIEW
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+event_name
+e1
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+routine_name
+f1
+p1
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+trigger_name
+trg
+#
+# Test Case 1 : Ensure backup_elevation = OFF fails for not enough
+# privileges.
+#
+GRANT BACKUP ON backup_test.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT USAGE ON *.* TO 'bup_some_priv'@'localhost'
+GRANT BACKUP ON `backup_test`.* TO 'bup_some_priv'@'localhost'
+SHOW VARIABLES LIKE 'backup_elevation';
+Variable_name Value
+backup_elevation ON
+SET @@global.backup_elevation = OFF;
+SHOW VARIABLES LIKE 'backup_elevation';
+Variable_name Value
+backup_elevation OFF
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting backup. Should fail with
+# error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
+#
+BACKUP DATABASE backup_test TO 'backup_test_fail.bak';
+ERROR HY000: Insufficient privileges. You do not have privileges to backup database 'backup_test'.
+SHOW ERRORS;
+Level Code Message
+Error # Insufficient privileges. You do not have privileges to backup database 'backup_test'.
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 2 : Show backup_elevation = OFF can succeed if privileges
+# granted.
+#
+GRANT ALL ON backup_test.* TO 'bup_some_priv'@'localhost';
+GRANT ALL ON mysql.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT USAGE ON *.* TO 'bup_some_priv'@'localhost'
+GRANT ALL PRIVILEGES ON `mysql`.* TO 'bup_some_priv'@'localhost'
+GRANT ALL PRIVILEGES ON `backup_test`.* TO 'bup_some_priv'@'localhost'
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting backup. Should succeed
+#
+BACKUP DATABASE backup_test TO 'backup_test_fail.bak';
+backup_id
+#
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 3 : Show backup_elevation = ON can succeed if minimal
+# privileges granted.
+#
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+REVOKE ALL ON mysql.* FROM 'bup_some_priv'@'localhost';
+GRANT BACKUP ON backup_test.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT USAGE ON *.* TO 'bup_some_priv'@'localhost'
+GRANT BACKUP ON `backup_test`.* TO 'bup_some_priv'@'localhost'
+SHOW VARIABLES LIKE 'backup_elevation';
+Variable_name Value
+backup_elevation OFF
+SET @@global.backup_elevation = ON;
+SHOW VARIABLES LIKE 'backup_elevation';
+Variable_name Value
+backup_elevation ON
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting backup. Should succeed
+#
+BACKUP DATABASE backup_test TO 'backup_test_fail.bak';
+backup_id
+#
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 4 : Ensure restore_elevation = OFF fails for not enough
+# privileges.
+#
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost'
+GRANT RESTORE ON `backup_test`.* TO 'bup_some_priv'@'localhost'
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation ON
+SET @@global.restore_elevation = OFF;
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation OFF
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting restore. Should fail with
+# error ER_RESTORE_ACCESS_OBJS_INCOMPLETE
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+ERROR HY000: Insufficient privileges. You do not have privileges to restore the object 'backup_test' from this backup image.
+SHOW ERRORS;
+Level Code Message
+Error # Insufficient privileges. You do not have privileges to restore the object 'backup_test' from this backup image.
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 5 : Show restore_elevation = OFF can succeed if privileges
+# granted.
+#
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+GRANT ALL ON backup_test.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION;
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost'
+GRANT ALL PRIVILEGES ON `backup_test`.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation OFF
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting restore. Should succeed
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+backup_id
+#
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 6 : Show restore_elevation = OFF and RESTORE + SUPER still
+# fail.
+#
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost'
+GRANT RESTORE ON `backup_test`.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation OFF
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting restore. Should fail with
+# error ER_RESTORE_ACCESS_OBJS_INCOMPLETE
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+ERROR HY000: Insufficient privileges. You do not have privileges to restore the object 'backup_test' from this backup image.
+SHOW ERRORS;
+Level Code Message
+Error # Insufficient privileges. You do not have privileges to restore the object 'backup_test' from this backup image.
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 7 : Show restore_elevation = ON and RESTORE + SUPER succeed.
+#
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation OFF
+SET @@global.restore_elevation = ON;
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation ON
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting restore. Should succeed
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+backup_id
+#
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 8 : Ensure restore_precheck = OFF fails for not enough
+# privileges (Restore will fail in the middle).
+#
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+REVOKE SUPER ON *.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT USAGE ON *.* TO 'bup_some_priv'@'localhost'
+GRANT RESTORE ON `backup_test`.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION
+SHOW VARIABLES LIKE 'restore_precheck';
+Variable_name Value
+restore_precheck ON
+SET @@global.restore_elevation = ON;
+SET @@global.restore_precheck = OFF;
+SHOW VARIABLES LIKE 'restore_precheck';
+Variable_name Value
+restore_precheck OFF
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting restore. Should fail with
+# error ER_BACKUP_CANT_RESTORE_DB
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+ERROR HY000: Could not restore database `backup_test`
+SHOW ERRORS;
+Level Code Message
+Error # Access denied for user 'bup_some_priv'@'localhost' to database 'backup_test'
+Error # Could not restore database `backup_test`
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 9 : Show restore_precheck = OFF can succeed if privileges
+# granted.
+#
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+GRANT ALL ON backup_test.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION;
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost'
+GRANT ALL PRIVILEGES ON `backup_test`.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation ON
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting restore. Should succeed
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+backup_id
+#
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 10 : Ensure restore_elevation = OFF and
+# restore_precheck = OFF fails
+# for not enough privileges.
+#
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+REVOKE SUPER ON *.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT USAGE ON *.* TO 'bup_some_priv'@'localhost'
+GRANT RESTORE ON `backup_test`.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION
+SET @@global.restore_elevation = OFF;
+SET @@global.restore_precheck = OFF;
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation OFF
+SHOW VARIABLES LIKE 'restore_precheck';
+Variable_name Value
+restore_precheck OFF
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting restore. Should fail with
+# error ER_BACKUP_CANT_RESTORE_DB
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+ERROR HY000: Could not restore database `backup_test`
+SHOW ERRORS;
+Level Code Message
+Error # Access denied for user 'bup_some_priv'@'localhost' to database 'backup_test'
+Error # Could not restore database `backup_test`
+#
+# Connect as root and prepare next test case.
+#
+#
+# Test Case 11 : Ensure restore_elevation = OFF and
+# restore_precheck = OFF can succeed
+# if privileges granted.
+#
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+REVOKE SUPER ON *.* FROM 'bup_some_priv'@'localhost';
+GRANT ALL ON backup_test.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION;
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+FLUSH PRIVILEGES;
+#
+# Show grants for user.
+#
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+Grants for bup_some_priv@localhost
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost'
+GRANT ALL PRIVILEGES ON `backup_test`.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION
+SHOW VARIABLES LIKE 'restore_elevation';
+Variable_name Value
+restore_elevation OFF
+SHOW VARIABLES LIKE 'restore_precheck';
+Variable_name Value
+restore_precheck OFF
+#
+# Connect as user with only some privileges.
+#
+#
+# conn_some_priv: Attempting restore. Should succeed
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+backup_id
+#
+#
+# Connect as root and cleanup.
+#
+#
+# Compare to original backup image file.
+#
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+backup_id
+#
+#
+# Show list of all objects in the database.
+#
+SHOW FULL TABLES FROM backup_test;
+Tables_in_backup_test Table_type
+t1 BASE TABLE
+t2 BASE TABLE
+v1 VIEW
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+event_name
+e1
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+routine_name
+f1
+p1
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+trigger_name
+trg
+#
+# Cleanup
+#
+DROP USER 'bup_some_priv'@'localhost';
+DROP USER 'joe'@'user';
+SET @@global.backup_elevation = ON;
+SET @@global.restore_elevation = ON;
+SET @@global.restore_precheck = ON;
+DROP DATABASE backup_test;
+FLUSH PRIVILEGES;
=== added file 'mysql-test/suite/backup/t/backup_security_options-master.opt'
--- a/mysql-test/suite/backup/t/backup_security_options-master.opt 1970-01-01 00:00:00 +0000
+++ b/mysql-test/suite/backup/t/backup_security_options-master.opt 2009-11-05 19:39:55 +0000
@@ -0,0 +1 @@
+--disable-backup-elevation --disable-restore-elevation --disable-restore-precheck
=== added file 'mysql-test/suite/backup/t/backup_security_options.test'
--- a/mysql-test/suite/backup/t/backup_security_options.test 1970-01-01 00:00:00 +0000
+++ b/mysql-test/suite/backup/t/backup_security_options.test 2009-11-05 19:39:55 +0000
@@ -0,0 +1,236 @@
+#
+# This test includes test cases for testing privilege checking in backup
+# and restore using the following system startup options.
+#
+# backup_elevation - turns elevation on backup on or off
+# Note: default is ON
+# restore_elevation - turns elevation on restore on or off
+# Note: default is ON
+# restore_precheck - turns privilege prechecking on restore on or off
+# Note: default is ON
+#
+# Test Cases
+# ----------
+# 1. Ensure backup_elevation = OFF fails for not enough privileges.
+# 2. Ensure restore_elevation = OFF fails for not enough privileges.
+# 3. Ensure restore_precheck = OFF fails for not enough privileges
+# (Restore will fail in the middle).
+#
+
+--source include/not_embedded.inc
+
+disable_query_log;
+call mtr.add_suppression("Backup:");
+call mtr.add_suppression("Restore:");
+enable_query_log;
+
+connect (conn_root,localhost,root,,);
+
+--disable_warnings
+DROP DATABASE IF EXISTS backup_test;
+--enable_warnings
+
+SHOW VARIABLES LIKE 'backup_elevation';
+SHOW VARIABLES LIKE 'restore_elevation';
+SHOW VARIABLES LIKE 'restore_precheck';
+
+--echo #
+--echo # Create users.
+--echo #
+CREATE USER 'bup_some_priv'@'localhost';
+
+--echo #
+--echo # Use the basic data setup in backup_test database.
+--echo #
+--source suite/backup/include/basic_data.inc
+
+--echo #
+--echo # Revoke grants for bup_some_priv
+--echo #
+REVOKE ALL ON *.* FROM 'bup_some_priv'@'localhost';
+REVOKE ALL ON backup_test.* FROM 'joe'@'user';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+--echo #
+--echo # conn_root_user: Do backup of database with root user for later tests.
+--echo #
+
+--replace_column 1 #
+BACKUP DATABASE backup_test to 'backup_test_orig.bak';
+
+--echo #
+--echo # Show list of all objects in the database.
+--echo #
+SHOW FULL TABLES FROM backup_test;
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+
+--echo #
+--echo # Test Case 1 : Ensure backup_elevation = OFF fails for not enough
+--echo # privileges.
+--echo #
+
+GRANT BACKUP ON backup_test.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'backup_elevation';
+
+SET @@global.backup_elevation = OFF;
+
+SHOW VARIABLES LIKE 'backup_elevation';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting backup. Should fail with
+--echo # error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
+--echo #
+--replace_column 1 #
+--error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
+BACKUP DATABASE backup_test TO 'backup_test_fail.bak';
+--replace_column 2 #
+SHOW ERRORS;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 2 : Ensure restore_elevation = OFF fails for not enough
+--echo # privileges.
+--echo #
+
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'restore_elevation';
+
+SET @@global.restore_elevation = OFF;
+
+SHOW VARIABLES LIKE 'restore_elevation';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting restore. Should fail with
+--echo # error ER_BACKUP_CANT_RESTORE_DB
+--echo #
+--replace_column 1 #
+--error ER_BACKUP_CANT_RESTORE_DB
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+--replace_column 2 #
+SHOW ERRORS;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 3 : Ensure restore_precheck = OFF fails for not enough
+--echo # privileges (Restore will fail in the middle).
+--echo #
+
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+REVOKE SUPER ON *.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'restore_precheck';
+
+SET @@global.restore_elevation = ON;
+SET @@global.restore_precheck = OFF;
+
+SHOW VARIABLES LIKE 'restore_precheck';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting restore. Should fail with
+--echo # error ER_BACKUP_CANT_RESTORE_DB
+--echo #
+--replace_column 1 #
+--error ER_BACKUP_CANT_RESTORE_DB
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+--replace_column 2 #
+SHOW ERRORS;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and cleanup.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Compare to original backup image file.
+--echo #
+
+--replace_column 1 #
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+
+--echo #
+--echo # Show list of all objects in the database.
+--echo #
+SHOW FULL TABLES FROM backup_test;
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+
+--echo #
+--echo # Cleanup
+--echo #
+
+DROP USER 'bup_some_priv'@'localhost';
+DROP USER 'joe'@'user';
+
+SET @@global.backup_elevation = OFF;
+SET @@global.restore_elevation = OFF;
+SET @@global.restore_precheck = OFF;
+
+DROP DATABASE backup_test;
+FLUSH PRIVILEGES;
+
+let $MYSQLD_BACKUPDIR= `select @@backupdir`;
+remove_file $MYSQLD_BACKUPDIR/backup_test_orig.bak;
=== added file 'mysql-test/suite/backup/t/backup_security_var.test'
--- a/mysql-test/suite/backup/t/backup_security_var.test 1970-01-01 00:00:00 +0000
+++ b/mysql-test/suite/backup/t/backup_security_var.test 2009-11-05 19:39:55 +0000
@@ -0,0 +1,549 @@
+#
+# This test includes test cases for testing privilege checking in backup
+# and restore using the following system variables.
+#
+# backup_elevation - turns elevation on backup on or off
+# Note: default is ON
+# restore_elevation - turns elevation on restore on or off
+# Note: default is ON
+# restore_precheck - turns privilege prechecking on restore on or off
+# Note: default is ON
+#
+# Test Cases
+# ----------
+# 1. Ensure backup_elevation = OFF fails for not enough privileges.
+# 2. Show backup_elevation = OFF can succeed if privileges granted.
+# 3. Show backup_elevation = ON can succeed if minimal privileges granted.
+# 4. Ensure restore_elevation = OFF fails for not enough privileges.
+# 5. Show restore_elevation = OFF can succeed if privileges granted.
+# 6. Show restore_elevation = OFF and RESTORE + SUPER still fail.
+# 7. Show restore_elevation = ON and RESTORE + SUPER still succeed.
+# 8. Ensure restore_precheck = OFF fails for not enough privileges
+# (Restore will fail in the middle).
+# 9. Show restore_precheck = OFF can succeed if privileges granted.
+# 10. Ensure restore_elevation = OFF and restore_precheck = OFF fails
+# for not enough privileges.
+# 11. Show restore_elevation = OFF and restore_precheck = OFF can succeed
+# if privileges granted.
+#
+
+--source include/not_embedded.inc
+
+disable_query_log;
+call mtr.add_suppression("Backup:");
+call mtr.add_suppression("Restore:");
+enable_query_log;
+
+connect (conn_root,localhost,root,,);
+
+--disable_warnings
+DROP DATABASE IF EXISTS backup_test;
+--enable_warnings
+
+SHOW VARIABLES LIKE 'backup_elevation';
+SHOW VARIABLES LIKE 'restore_elevation';
+SHOW VARIABLES LIKE 'restore_precheck';
+
+--echo #
+--echo # Create users.
+--echo #
+CREATE USER 'bup_some_priv'@'localhost';
+
+--echo #
+--echo # Use the basic data setup in backup_test database.
+--echo #
+--source suite/backup/include/basic_data.inc
+
+--echo #
+--echo # Revoke grants for bup_some_priv
+--echo #
+REVOKE ALL ON *.* FROM 'bup_some_priv'@'localhost';
+REVOKE ALL ON backup_test.* FROM 'joe'@'user';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+--echo #
+--echo # conn_root_user: Do backup of database with root user for later tests.
+--echo #
+
+--replace_column 1 #
+BACKUP DATABASE backup_test to 'backup_test_orig.bak';
+
+--echo #
+--echo # Show list of all objects in the database.
+--echo #
+SHOW FULL TABLES FROM backup_test;
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+
+--echo #
+--echo # Test Case 1 : Ensure backup_elevation = OFF fails for not enough
+--echo # privileges.
+--echo #
+
+GRANT BACKUP ON backup_test.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'backup_elevation';
+
+SET @@global.backup_elevation = OFF;
+
+SHOW VARIABLES LIKE 'backup_elevation';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting backup. Should fail with
+--echo # error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
+--echo #
+--replace_column 1 #
+--error ER_BACKUP_ACCESS_OBJS_INCOMPLETE
+BACKUP DATABASE backup_test TO 'backup_test_fail.bak';
+--replace_column 2 #
+SHOW ERRORS;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 2 : Show backup_elevation = OFF can succeed if privileges
+--echo # granted.
+--echo #
+
+GRANT ALL ON backup_test.* TO 'bup_some_priv'@'localhost';
+GRANT ALL ON mysql.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting backup. Should succeed
+--echo #
+--replace_column 1 #
+BACKUP DATABASE backup_test TO 'backup_test_fail.bak';
+
+let $MYSQLD_BACKUPDIR= `select @@backupdir`;
+remove_file $MYSQLD_BACKUPDIR/backup_test_fail.bak;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 3 : Show backup_elevation = ON can succeed if minimal
+--echo # privileges granted.
+--echo #
+
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+REVOKE ALL ON mysql.* FROM 'bup_some_priv'@'localhost';
+GRANT BACKUP ON backup_test.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'backup_elevation';
+
+SET @@global.backup_elevation = ON;
+
+SHOW VARIABLES LIKE 'backup_elevation';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting backup. Should succeed
+--echo #
+--replace_column 1 #
+BACKUP DATABASE backup_test TO 'backup_test_fail.bak';
+
+let $MYSQLD_BACKUPDIR= `select @@backupdir`;
+remove_file $MYSQLD_BACKUPDIR/backup_test_fail.bak;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 4 : Ensure restore_elevation = OFF fails for not enough
+--echo # privileges.
+--echo #
+
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'restore_elevation';
+
+SET @@global.restore_elevation = OFF;
+
+SHOW VARIABLES LIKE 'restore_elevation';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting restore. Should fail with
+--echo # error ER_RESTORE_ACCESS_OBJS_INCOMPLETE
+--echo #
+--replace_column 1 #
+--error ER_RESTORE_ACCESS_OBJS_INCOMPLETE
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+--replace_column 2 #
+SHOW ERRORS;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 5 : Show restore_elevation = OFF can succeed if privileges
+--echo # granted.
+--echo #
+
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+GRANT ALL ON backup_test.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION;
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'restore_elevation';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting restore. Should succeed
+--echo #
+--replace_column 1 #
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 6 : Show restore_elevation = OFF and RESTORE + SUPER still
+--echo # fail.
+--echo #
+
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'restore_elevation';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting restore. Should fail with
+--echo # error ER_RESTORE_ACCESS_OBJS_INCOMPLETE
+--echo #
+--replace_column 1 #
+--error ER_RESTORE_ACCESS_OBJS_INCOMPLETE
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+--replace_column 2 #
+SHOW ERRORS;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 7 : Show restore_elevation = ON and RESTORE + SUPER succeed.
+--echo #
+
+SHOW VARIABLES LIKE 'restore_elevation';
+
+SET @@global.restore_elevation = ON;
+
+SHOW VARIABLES LIKE 'restore_elevation';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting restore. Should succeed
+--echo #
+--replace_column 1 #
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 8 : Ensure restore_precheck = OFF fails for not enough
+--echo # privileges (Restore will fail in the middle).
+--echo #
+
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+REVOKE SUPER ON *.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'restore_precheck';
+
+SET @@global.restore_elevation = ON;
+SET @@global.restore_precheck = OFF;
+
+SHOW VARIABLES LIKE 'restore_precheck';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting restore. Should fail with
+--echo # error ER_BACKUP_CANT_RESTORE_DB
+--echo #
+--replace_column 1 #
+--error ER_BACKUP_CANT_RESTORE_DB
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+--replace_column 2 #
+SHOW ERRORS;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 9 : Show restore_precheck = OFF can succeed if privileges
+--echo # granted.
+--echo #
+
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+GRANT ALL ON backup_test.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION;
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'restore_elevation';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting restore. Should succeed
+--echo #
+--replace_column 1 #
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 10 : Ensure restore_elevation = OFF and
+--echo # restore_precheck = OFF fails
+--echo # for not enough privileges.
+--echo #
+
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+REVOKE SUPER ON *.* FROM 'bup_some_priv'@'localhost';
+GRANT RESTORE ON backup_test.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SET @@global.restore_elevation = OFF;
+SET @@global.restore_precheck = OFF;
+
+SHOW VARIABLES LIKE 'restore_elevation';
+SHOW VARIABLES LIKE 'restore_precheck';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting restore. Should fail with
+--echo # error ER_BACKUP_CANT_RESTORE_DB
+--echo #
+--replace_column 1 #
+--error ER_BACKUP_CANT_RESTORE_DB
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+--replace_column 2 #
+SHOW ERRORS;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and prepare next test case.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Test Case 11 : Ensure restore_elevation = OFF and
+--echo # restore_precheck = OFF can succeed
+--echo # if privileges granted.
+--echo #
+
+REVOKE ALL ON backup_test.* FROM 'bup_some_priv'@'localhost';
+REVOKE SUPER ON *.* FROM 'bup_some_priv'@'localhost';
+GRANT ALL ON backup_test.* TO 'bup_some_priv'@'localhost' WITH GRANT OPTION;
+GRANT SUPER ON *.* TO 'bup_some_priv'@'localhost';
+
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # Show grants for user.
+--echo #
+SHOW GRANTS FOR 'bup_some_priv'@'localhost';
+
+SHOW VARIABLES LIKE 'restore_elevation';
+SHOW VARIABLES LIKE 'restore_precheck';
+
+disconnect conn_root;
+--echo #
+--echo # Connect as user with only some privileges.
+--echo #
+connect (conn_some_priv,localhost,bup_some_priv,,);
+
+--echo #
+--echo # conn_some_priv: Attempting restore. Should succeed
+--echo #
+--replace_column 1 #
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+
+disconnect conn_some_priv;
+--echo #
+--echo # Connect as root and cleanup.
+--echo #
+connect (conn_root,localhost,root,,);
+
+--echo #
+--echo # Compare to original backup image file.
+--echo #
+
+--replace_column 1 #
+RESTORE FROM 'backup_test_orig.bak' OVERWRITE;
+
+--echo #
+--echo # Show list of all objects in the database.
+--echo #
+SHOW FULL TABLES FROM backup_test;
+SELECT event_name FROM INFORMATION_SCHEMA.EVENTS WHERE event_schema = 'backup_test';
+SELECT routine_name FROM INFORMATION_SCHEMA.ROUTINES WHERE routine_schema = 'backup_test';
+SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS WHERE trigger_schema = 'backup_test';
+
+--echo #
+--echo # Cleanup
+--echo #
+
+DROP USER 'bup_some_priv'@'localhost';
+DROP USER 'joe'@'user';
+
+SET @@global.backup_elevation = ON;
+SET @@global.restore_elevation = ON;
+SET @@global.restore_precheck = ON;
+
+DROP DATABASE backup_test;
+FLUSH PRIVILEGES;
+
+let $MYSQLD_BACKUPDIR= `select @@backupdir`;
+remove_file $MYSQLD_BACKUPDIR/backup_test_orig.bak;
=== modified file 'sql/backup/backup_info.cc'
--- a/sql/backup/backup_info.cc 2009-11-05 19:05:44 +0000
+++ b/sql/backup/backup_info.cc 2009-11-05 19:39:55 +0000
@@ -678,10 +678,13 @@ backup::Image_info::Db* Backup_info::add
}
/*
- The base check for BACKUP_ACL for this database is satisfied,
- ok to elevate by turning off privilege checking.
- */
- m_thd->security_ctx->set_all_global_privileges();
+ The base check for BACKUP_ACL for this database is satisfied,
+ ok to elevate by turning off privilege checking.
+
+ Only do the elevation if backup_elevation is turned on.
+ */
+ if (m_thd->variables.backup_elevation)
+ m_thd->security_ctx->set_all_global_privileges();
// Check to see if the user can see all of the objects in the database.
if (obs::check_user_access(m_thd, name))
=== modified file 'sql/backup/restore_info.h'
--- a/sql/backup/restore_info.h 2009-11-05 19:05:44 +0000
+++ b/sql/backup/restore_info.h 2009-11-05 19:39:55 +0000
@@ -212,33 +212,45 @@ Restore_info::check_restore_privileges(s
if (item->type == BSTREAM_IT_DB)
{
- // We must turn privilege checking back on first.
- m_thd->security_ctx->restore_global_privileges();
-
/*
- If this is the first check, set m_skip_precheck.
- */
- if (m_first_priv_check)
- {
- m_skip_precheck= TRUE;
- m_first_priv_check= FALSE;
- }
- if (!check_access(m_thd, RESTORE_ACL, name_str, 0, 1, 1, 0) &&
- (m_thd->security_ctx->master_access & SUPER_ACL) &&
- m_skip_precheck)
+ Only perform the elevation if restore_elevation is turned on.
+ */
+ if (m_thd->variables.restore_elevation)
{
+ // We must turn privilege checking back on first.
+ m_thd->security_ctx->restore_global_privileges();
+
/*
- The base check for RESTORE_ACL + SUPER_ACL for this database is
- satisfied. It is ok to elevate by turning off privilege checking.
+ If this is the first check, set m_skip_precheck.
*/
- m_thd->security_ctx->set_all_global_privileges();
- m_skip_precheck= TRUE;
- }
- else
- {
- m_skip_precheck= FALSE;
+ if (m_first_priv_check)
+ {
+ m_skip_precheck= TRUE;
+ m_first_priv_check= FALSE;
+ }
+ if (!check_access(m_thd, RESTORE_ACL, name_str, 0, 1, 1, 0) &&
+ (m_thd->security_ctx->master_access & SUPER_ACL) &&
+ m_skip_precheck)
+ {
+ /*
+ The base check for RESTORE_ACL + SUPER_ACL for this database is
+ satisfied. It is ok to elevate by turning off privilege checking.
+ */
+ m_thd->security_ctx->set_all_global_privileges();
+ m_skip_precheck= TRUE;
+ }
+ else if (check_access(thd, RESTORE_ACL, name_str, 0, 1, 1, 0))
+ {
+ m_log.report_error(ER_RESTORE_ACCESS_DENIED_ERROR, name_str);
+ return TRUE;
+ }
+ else
+ {
+ m_skip_precheck= FALSE;
+ }
+
}
- if (check_access(thd, RESTORE_ACL, name_str, 0, 1, 1, 0))
+ else if (check_access(thd, RESTORE_ACL, name_str, 0, 1, 1, 0))
{
m_log.report_error(ER_RESTORE_ACCESS_DENIED_ERROR, name_str);
return TRUE;
@@ -247,8 +259,10 @@ Restore_info::check_restore_privileges(s
/*
If we have elevated privileges, skip the precheck and return.
+
+ Only perform the precheck if restore_precheck is turned on.
*/
- if (m_skip_precheck)
+ if (m_skip_precheck || !m_thd->variables.restore_precheck)
return FALSE;
/*
=== modified file 'sql/mysqld.cc'
--- a/sql/mysqld.cc 2009-10-29 21:33:17 +0000
+++ b/sql/mysqld.cc 2009-11-05 19:39:55 +0000
@@ -6052,6 +6052,9 @@ enum options_mysqld
OPT_BACKUP_HISTORY_LOG_FILE,
OPT_BACKUP_PROGRESS_LOG_FILE,
OPT_MYSQL_BACKUP,
+ OPT_BACKUP_ELEVATION,
+ OPT_RESTORE_ELEVATION,
+ OPT_RESTORE_PRECHECK,
OPT_IGNORE_BUILTIN_INNODB
};
@@ -6101,8 +6104,11 @@ struct my_option my_long_options[] =
"Enable|disable backup progress log", (uchar**) &opt_backup_progress_log,
(uchar**) &opt_backup_progress_log, 0, GET_BOOL, OPT_ARG, 1, 0, 0, 0, 0, 0},
{"mysql-backup", OPT_MYSQL_BACKUP,
- "Enable|disable MySQL Backup system", (uchar**) &opt_mysql_backup,
- (uchar**) &opt_mysql_backup, 0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
+ "Enable|disable MySQL Backup system", (uchar**) &opt_mysql_backup,
+ (uchar**) &opt_mysql_backup, 0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
+ {"backup-elevation", OPT_BACKUP_ELEVATION,
+ "Enable|disable privilege elevaton for backup", (uchar**) &global_system_variables.backup_elevation,
+ (uchar**) &global_system_variables.backup_elevation, 0, GET_BOOL, OPT_ARG, 1, 0, 0, 0, 0, 0},
{"basedir", 'b',
"Path to installation directory. All paths are usually resolved relative to this.",
(uchar**) &mysql_home_ptr, (uchar**) &mysql_home_ptr, 0, GET_STR, REQUIRED_ARG,
@@ -6679,6 +6685,12 @@ relay logs.",
thread is in the relay logs.",
(uchar**) &relay_log_info_file, (uchar**) &relay_log_info_file, 0, GET_STR,
REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+ {"restore-elevation", OPT_RESTORE_ELEVATION,
+ "Enable|disable privilege elevaton for restore", (uchar**) &global_system_variables.restore_elevation,
+ (uchar**) &global_system_variables.restore_elevation, 0, GET_BOOL, OPT_ARG, 1, 0, 0, 0, 0, 0},
+ {"restore-precheck", OPT_RESTORE_PRECHECK,
+ "Enable|disable privilege prechecking for restore", (uchar**) &global_system_variables.restore_precheck,
+ (uchar**) &global_system_variables.restore_precheck, 0, GET_BOOL, OPT_ARG, 1, 0, 0, 0, 0, 0},
{"replicate-do-db", OPT_REPLICATE_DO_DB,
"Tells the slave thread to restrict replication to the specified database. To specify more than one database, use the directive multiple times, once for each database. Note that this will only work if you do not use cross-database queries such as UPDATE some_db.some_table SET foo='bar' while having selected a different or no database. If you need cross database updates to work, make sure you have 3.23.28 or later, and use replicate-wild-do-table=db_name.%.",
0, 0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
=== modified file 'sql/set_var.cc'
--- a/sql/set_var.cc 2009-10-27 10:03:00 +0000
+++ b/sql/set_var.cc 2009-11-05 19:39:55 +0000
@@ -185,6 +185,8 @@ static sys_var_bool_ptr sys_automatic_sp
static sys_var_const sys_back_log(&vars, "back_log",
OPT_GLOBAL, SHOW_LONG,
(uchar*) &back_log);
+static sys_var_bool_ptr sys_backup_elevation(&vars, "backup_elevation",
+ (my_bool *) &global_system_variables.backup_elevation);
static sys_var_const_os_str sys_basedir(&vars, "basedir", mysql_home);
static sys_var_long_ptr sys_binlog_cache_size(&vars, "binlog_cache_size",
&binlog_cache_size);
@@ -511,6 +513,10 @@ static sys_var_thd_ulong sys_read_rnd_bu
&SV::read_rnd_buff_size);
static sys_var_thd_ulong sys_div_precincrement(&vars, "div_precision_increment",
&SV::div_precincrement);
+static sys_var_bool_ptr sys_restore_elevation(&vars, "restore_elevation",
+ (my_bool*) &global_system_variables.restore_elevation);
+static sys_var_bool_ptr sys_restore_precheck(&vars, "restore_precheck",
+ (my_bool*) &global_system_variables.restore_precheck);
static sys_var_long_ptr sys_rpl_recovery_rank(&vars, "rpl_recovery_rank",
&rpl_recovery_rank);
static sys_var_thd_ulong sys_range_alloc_block_size(&vars, "range_alloc_block_size",
=== modified file 'sql/sql_class.h'
--- a/sql/sql_class.h 2009-11-05 19:05:44 +0000
+++ b/sql/sql_class.h 2009-11-05 19:39:55 +0000
@@ -337,6 +337,7 @@ struct system_variables
ha_rows select_limit;
ha_rows max_join_size;
ulong auto_increment_increment, auto_increment_offset;
+ ulong backup_elevation, restore_elevation, restore_precheck;
ulong bulk_insert_buff_size;
ulong join_buff_size;
ulong join_cache_level;
Attachment: [text/bzr-bundle] bzr/charles.bell@sun.com-20091105193955-2hfr0i247g58j554.bundle
| Thread |
|---|
| • bzr commit into mysql-6.0-backup branch (charles.bell:2890) Bug#44787 | Chuck Bell | 5 Nov |
