only allow SUPER user to modify wsrep_on

MariaDB · Mar 1, 2018 · 09b25f8 · 09b25f8
1 parent 7cec685
commit 09b25f8
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 1 deletion.
diff --git a/mysql-test/suite/wsrep/r/variables.result b/mysql-test/suite/wsrep/r/variables.result
@@ -73,6 +73,13 @@ Threads_connected	1
 SHOW STATUS LIKE 'wsrep_thread_count';
 Variable_name	Value
 wsrep_thread_count	11
+set wsrep_on=0;
+set wsrep_on=1;
+create user test@localhost;
+set auto_increment_increment=10;
+set wsrep_on=0;
+ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation
+drop user test@localhost;
 #
 # MDEV#6411: Setting set @@global.wsrep_sst_auth=NULL causes crash
 #

diff --git a/mysql-test/suite/wsrep/t/variables.test b/mysql-test/suite/wsrep/t/variables.test
@@ -68,6 +68,20 @@ sleep 3;
 SHOW STATUS LIKE 'threads_connected';
 SHOW STATUS LIKE 'wsrep_thread_count';
 
+#
+# privileges for wsrep_on
+#
+set wsrep_on=0;
+set wsrep_on=1;
+create user test@localhost;
+connect con1,localhost,test;
+set auto_increment_increment=10;
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+set wsrep_on=0;
+disconnect con1;
+connection default;
+drop user test@localhost;
+
 --echo #
 --echo # MDEV#6411: Setting set @@global.wsrep_sst_auth=NULL causes crash
 --echo #

diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc
@@ -3854,7 +3854,7 @@ static Sys_var_mybool Sys_wsrep_on (
        "wsrep_on", "To enable wsrep replication ",
        SESSION_VAR(wsrep_on), 
        CMD_LINE(OPT_ARG), DEFAULT(TRUE), 
-       NO_MUTEX_GUARD, NOT_IN_BINLOG, ON_CHECK(0),
+       NO_MUTEX_GUARD, NOT_IN_BINLOG, ON_CHECK(check_has_super),
        ON_UPDATE(wsrep_on_update));
 
 static Sys_var_charptr Sys_wsrep_start_position (