MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Marc Alff Date:June 5 2009 5:18pm
Subject:bzr commit into mysql-6.0-perfschema branch (marc.alff:3164) Bug#45324
View as plain text  
#At file:///home/malff/BZR-TREE/mysql-6.0-perfschema/ based on revid:marc.alff@stripped

 3164 Marc Alff	2009-06-05
      Bug#45324 Performance schema: can write lock
      
      Added LOCK_TABLES_ACL to the list of forbidden privilege,
      for all performance schema tables using PFS_readonly_ACL
      and PFS_truncatable_ACL.
      
      Locking SETUP_* tables (PFS_updatable_acl) is allowed.
      modified:
        mysql-test/suite/perfschema/include/privilege.inc
        mysql-test/suite/perfschema/r/privilege.result
        mysql-test/suite/perfschema/t/privilege.test
        storage/perfschema/pfs_engine_table.cc

=== modified file 'mysql-test/suite/perfschema/include/privilege.inc'
--- a/mysql-test/suite/perfschema/include/privilege.inc	2009-06-03 17:55:20 +0000
+++ b/mysql-test/suite/perfschema/include/privilege.inc	2009-06-05 17:18:52 +0000
@@ -142,4 +142,25 @@ delete from performance_schema.EVENTS_WA
 --error ER_TABLEACCESS_DENIED_ERROR
 delete from performance_schema.FILE_INSTANCES;
 
+lock table performance_schema.SETUP_INSTRUMENTS read;
+unlock tables;
+
+lock table performance_schema.SETUP_INSTRUMENTS write;
+unlock tables;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+lock table performance_schema.EVENTS_WAITS_CURRENT read;
+unlock tables;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+lock table performance_schema.EVENTS_WAITS_CURRENT write;
+unlock tables;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+lock table performance_schema.FILE_INSTANCES read;
+unlock tables;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+lock table performance_schema.FILE_INSTANCES write;
+unlock tables;
 

=== modified file 'mysql-test/suite/perfschema/r/privilege.result'
--- a/mysql-test/suite/perfschema/r/privilege.result	2009-06-03 17:55:20 +0000
+++ b/mysql-test/suite/perfschema/r/privilege.result	2009-06-05 17:18:52 +0000
@@ -117,6 +117,8 @@ grant DELETE on performance_schema.FILE_
 ERROR 42000: DELETE,GRANT command denied to user 'root'@'localhost' for table 'FILE_INSTANCES'
 grant SELECT on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost
 with GRANT OPTION;
+grant LOCK TABLES on performance_schema.* to 'pfs_user_3'@localhost
+with GRANT OPTION;
 flush privileges;
 drop table if exists test.t1;
 show grants;
@@ -206,6 +208,22 @@ delete from performance_schema.EVENTS_WA
 ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'EVENTS_WAITS_CURRENT'
 delete from performance_schema.FILE_INSTANCES;
 ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'FILE_INSTANCES'
+lock table performance_schema.SETUP_INSTRUMENTS read;
+unlock tables;
+lock table performance_schema.SETUP_INSTRUMENTS write;
+unlock tables;
+lock table performance_schema.EVENTS_WAITS_CURRENT read;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'root'@'localhost' for table 'EVENTS_WAITS_CURRENT'
+unlock tables;
+lock table performance_schema.EVENTS_WAITS_CURRENT write;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'root'@'localhost' for table 'EVENTS_WAITS_CURRENT'
+unlock tables;
+lock table performance_schema.FILE_INSTANCES read;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'root'@'localhost' for table 'FILE_INSTANCES'
+unlock tables;
+lock table performance_schema.FILE_INSTANCES write;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'root'@'localhost' for table 'FILE_INSTANCES'
+unlock tables;
 drop table if exists test.t1;
 show grants;
 Grants for pfs_user_1@localhost
@@ -294,6 +312,22 @@ delete from performance_schema.EVENTS_WA
 ERROR 42000: DELETE command denied to user 'pfs_user_1'@'localhost' for table 'EVENTS_WAITS_CURRENT'
 delete from performance_schema.FILE_INSTANCES;
 ERROR 42000: DELETE command denied to user 'pfs_user_1'@'localhost' for table 'FILE_INSTANCES'
+lock table performance_schema.SETUP_INSTRUMENTS read;
+unlock tables;
+lock table performance_schema.SETUP_INSTRUMENTS write;
+unlock tables;
+lock table performance_schema.EVENTS_WAITS_CURRENT read;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_1'@'localhost' for table 'EVENTS_WAITS_CURRENT'
+unlock tables;
+lock table performance_schema.EVENTS_WAITS_CURRENT write;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_1'@'localhost' for table 'EVENTS_WAITS_CURRENT'
+unlock tables;
+lock table performance_schema.FILE_INSTANCES read;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_1'@'localhost' for table 'FILE_INSTANCES'
+unlock tables;
+lock table performance_schema.FILE_INSTANCES write;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_1'@'localhost' for table 'FILE_INSTANCES'
+unlock tables;
 drop table if exists test.t1;
 show grants;
 Grants for pfs_user_2@localhost
@@ -383,10 +417,27 @@ delete from performance_schema.EVENTS_WA
 ERROR 42000: DELETE command denied to user 'pfs_user_2'@'localhost' for table 'EVENTS_WAITS_CURRENT'
 delete from performance_schema.FILE_INSTANCES;
 ERROR 42000: DELETE command denied to user 'pfs_user_2'@'localhost' for table 'FILE_INSTANCES'
+lock table performance_schema.SETUP_INSTRUMENTS read;
+unlock tables;
+lock table performance_schema.SETUP_INSTRUMENTS write;
+unlock tables;
+lock table performance_schema.EVENTS_WAITS_CURRENT read;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_2'@'localhost' for table 'EVENTS_WAITS_CURRENT'
+unlock tables;
+lock table performance_schema.EVENTS_WAITS_CURRENT write;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_2'@'localhost' for table 'EVENTS_WAITS_CURRENT'
+unlock tables;
+lock table performance_schema.FILE_INSTANCES read;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_2'@'localhost' for table 'FILE_INSTANCES'
+unlock tables;
+lock table performance_schema.FILE_INSTANCES write;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_2'@'localhost' for table 'FILE_INSTANCES'
+unlock tables;
 drop table if exists test.t1;
 show grants;
 Grants for pfs_user_3@localhost
 GRANT USAGE ON *.* TO 'pfs_user_3'@'localhost'
+GRANT LOCK TABLES ON `performance_schema`.* TO 'pfs_user_3'@'localhost' WITH GRANT OPTION
 GRANT SELECT, UPDATE ON `performance_schema`.`SETUP_INSTRUMENTS` TO 'pfs_user_3'@'localhost' WITH GRANT OPTION
 GRANT SELECT ON `performance_schema`.`EVENTS_WAITS_CURRENT` TO 'pfs_user_3'@'localhost' WITH GRANT OPTION
 GRANT SELECT ON `performance_schema`.`FILE_INSTANCES` TO 'pfs_user_3'@'localhost' WITH GRANT OPTION
@@ -474,6 +525,22 @@ delete from performance_schema.EVENTS_WA
 ERROR 42000: DELETE command denied to user 'pfs_user_3'@'localhost' for table 'EVENTS_WAITS_CURRENT'
 delete from performance_schema.FILE_INSTANCES;
 ERROR 42000: DELETE command denied to user 'pfs_user_3'@'localhost' for table 'FILE_INSTANCES'
+lock table performance_schema.SETUP_INSTRUMENTS read;
+unlock tables;
+lock table performance_schema.SETUP_INSTRUMENTS write;
+unlock tables;
+lock table performance_schema.EVENTS_WAITS_CURRENT read;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_3'@'localhost' for table 'EVENTS_WAITS_CURRENT'
+unlock tables;
+lock table performance_schema.EVENTS_WAITS_CURRENT write;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_3'@'localhost' for table 'EVENTS_WAITS_CURRENT'
+unlock tables;
+lock table performance_schema.FILE_INSTANCES read;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_3'@'localhost' for table 'FILE_INSTANCES'
+unlock tables;
+lock table performance_schema.FILE_INSTANCES write;
+ERROR 42000: SELECT,LOCK TABL command denied to user 'pfs_user_3'@'localhost' for table 'FILE_INSTANCES'
+unlock tables;
 revoke all privileges, grant option from 'pfs_user_1'@localhost;
 revoke all privileges, grant option from 'pfs_user_2'@localhost;
 revoke all privileges, grant option from 'pfs_user_3'@localhost;

=== modified file 'mysql-test/suite/perfschema/t/privilege.test'
--- a/mysql-test/suite/perfschema/t/privilege.test	2009-06-03 17:55:20 +0000
+++ b/mysql-test/suite/perfschema/t/privilege.test	2009-06-05 17:18:52 +0000
@@ -115,6 +115,7 @@ grant DELETE on performance_schema.SETUP
 
 grant SELECT on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost
   with GRANT OPTION;
+
 grant UPDATE on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost
   with GRANT OPTION;
 
@@ -198,6 +199,10 @@ grant DELETE on performance_schema.FILE_
 grant SELECT on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost
   with GRANT OPTION;
 
+# See bug#45354 LOCK TABLES is not a TABLE privilege
+grant LOCK TABLES on performance_schema.* to 'pfs_user_3'@localhost
+  with GRANT OPTION;
+
 flush privileges;
 
 --source ../include/privilege.inc

=== modified file 'storage/perfschema/pfs_engine_table.cc'
--- a/storage/perfschema/pfs_engine_table.cc	2009-06-03 17:55:20 +0000
+++ b/storage/perfschema/pfs_engine_table.cc	2009-06-05 17:18:52 +0000
@@ -246,7 +246,7 @@ PFS_readonly_acl::check(enum_sql_command
 {
   const ulong always_forbidden= INSERT_ACL | UPDATE_ACL | DELETE_ACL
     | CREATE_ACL | DROP_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL
-    | CREATE_VIEW_ACL | SHOW_VIEW_ACL | TRIGGER_ACL;
+    | CREATE_VIEW_ACL | SHOW_VIEW_ACL | TRIGGER_ACL | LOCK_TABLES_ACL;
 
   if (unlikely(want_access & always_forbidden))
    return ACL_INTERNAL_ACCESS_DENIED;
@@ -261,7 +261,7 @@ PFS_truncatable_acl::check(enum_sql_comm
 {
   const ulong always_forbidden= INSERT_ACL | UPDATE_ACL | DELETE_ACL
     | CREATE_ACL | DROP_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL
-    | CREATE_VIEW_ACL | SHOW_VIEW_ACL | TRIGGER_ACL;
+    | CREATE_VIEW_ACL | SHOW_VIEW_ACL | TRIGGER_ACL | LOCK_TABLES_ACL;
 
   if (unlikely(want_access & always_forbidden))
   {

Thread
bzr commit into mysql-6.0-perfschema branch (marc.alff:3164) Bug#45324Marc Alff5 Jun