← Back to team overview

maria-developers team mailing list archive

41d807dfc8c: MENT-731:Setting of SHUTDOWN_WAIT_FOR_SLAVES should require special privilege, not generic SUPER

 

revision-id: 41d807dfc8c5f640ccbbac5838cf572b2b1712c1 (mariadb-10.4.4-1804-g41d807dfc8c)
parent(s): 38cbb0915eb4a0c43f1a83afa37c7de5e481a718
author: Sujatha
committer: Sujatha
timestamp: 2020-08-31 22:30:38 +0530
message:

MENT-731:Setting of SHUTDOWN_WAIT_FOR_SLAVES should require special privilege, not generic SUPER

Fix:
===
'shutdown_wait_for_slaves' variable can be set either by having SUPER or
SHUTDOWN privilege.

---
 mysql-test/suite/binlog/r/binlog_grant.result | 34 +++++++++++++++++++++++
 mysql-test/suite/binlog/t/binlog_grant.test   | 40 +++++++++++++++++++++++++++
 sql/privilege.h                               |  3 ++
 sql/sys_vars.cc                               |  5 +++-
 4 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/mysql-test/suite/binlog/r/binlog_grant.result b/mysql-test/suite/binlog/r/binlog_grant.result
index af4c02411d5..aee0730c0ab 100644
--- a/mysql-test/suite/binlog/r/binlog_grant.result
+++ b/mysql-test/suite/binlog/r/binlog_grant.result
@@ -124,6 +124,40 @@ disconnect user1;
 connection default;
 DROP USER user1@localhost;
 #
+# MENT-731: Setting of SHUTDOWN_WAIT_FOR_SLAVES should require special
+#           privilege, not generic SUPER
+#
+# Test that 'shutdown_wait_for_slaves' variable cannot be set without
+# SHUTDOWN or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE SHUTDOWN, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=ON;
+ERROR 42000: Access denied; you need (at least one of) the SHUTDOWN, SUPER privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that 'shutdown_wait_for_slaves' variable can be set with SHUTDOWN
+CREATE USER user1@localhost;
+GRANT SHUTDOWN ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=ON;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that 'shutdown_wait_for_slaves' variable can be set with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=OFF;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+#
 # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to
 #             gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
 #
diff --git a/mysql-test/suite/binlog/t/binlog_grant.test b/mysql-test/suite/binlog/t/binlog_grant.test
index ec8d2aeccd2..ca0e40299a9 100644
--- a/mysql-test/suite/binlog/t/binlog_grant.test
+++ b/mysql-test/suite/binlog/t/binlog_grant.test
@@ -172,6 +172,46 @@ SHOW BINLOG EVENTS;
 connection default;
 DROP USER user1@localhost;
 
+--echo #
+--echo # MENT-731: Setting of SHUTDOWN_WAIT_FOR_SLAVES should require special
+--echo #           privilege, not generic SUPER
+--echo #
+
+--echo # Test that 'shutdown_wait_for_slaves' variable cannot be set without
+--echo # SHUTDOWN or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE SHUTDOWN, SUPER ON *.* FROM user1@localhost;
+--connect(user1,localhost,user1,,)
+--connection user1
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=ON;
+--disconnect user1
+--connection default
+DROP USER user1@localhost;
+
+
+--echo # Test that 'shutdown_wait_for_slaves' variable can be set with SHUTDOWN
+CREATE USER user1@localhost;
+GRANT SHUTDOWN ON *.* TO user1@localhost;
+--connect(user1,localhost,user1,,)
+--connection user1
+SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=ON;
+--disconnect user1
+connection default;
+DROP USER user1@localhost;
+
+
+--echo # Test that 'shutdown_wait_for_slaves' variable can be set with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+--connect(user1,localhost,user1,,)
+--connection user1
+SET GLOBAL SHUTDOWN_WAIT_FOR_SLAVES=OFF;
+--disconnect user1
+connection default;
+DROP USER user1@localhost;
+
 --echo #
 --echo # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to
 --echo #             gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
diff --git a/sql/privilege.h b/sql/privilege.h
index 37cdf4da01a..f4bfd835013 100644
--- a/sql/privilege.h
+++ b/sql/privilege.h
@@ -433,6 +433,9 @@ constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLOW_LAUNCH_TIME=
 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_THREAD_POOL=
   CONNECTION_ADMIN_ACL | SUPER_ACL;
 
+// Was SUPER_ACL prior to 10.5.5
+constexpr privilege_t PRIV_SET_SYSTEM_VAR_SHUTDOWN_WAIT_FOR_SLAVES=
+  SHUTDOWN_ACL | SUPER_ACL;
 
 /*
   Binary log related privileges that are checked regardless
diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc
index 1577457a5d7..396c0570215 100644
--- a/sql/sys_vars.cc
+++ b/sql/sys_vars.cc
@@ -4573,7 +4573,10 @@ static Sys_var_ulong Sys_profiling_history_size(
        VALID_RANGE(0, 100), DEFAULT(15), BLOCK_SIZE(1));
 #endif
 
-static Sys_var_mybool Sys_shutdown_wait_for_slaves(
+static Sys_var_on_access_global<Sys_var_mybool,
+                                PRIV_SET_SYSTEM_VAR_SHUTDOWN_WAIT_FOR_SLAVES>
+
+Sys_shutdown_wait_for_slaves(
        "shutdown_wait_for_slaves",
        "when ON, SHUTDOWN command runs with implicit WAIT FOR ALL SLAVES option.",
        GLOBAL_VAR(opt_shutdown_wait_for_slaves), CMD_LINE(OPT_ARG),