MDEV-33006 Missing required privilege CONNECTION ADMIN

opt_kill_long_query_type being an enum could be 0 corresponding to ALL. When ALL is specified, the CONNECTION ADMIN is still required. Also check REPLICA MONITOR privilege and make the tests find the results by recording stderr. Noticed thanks to bug report by Tim van Dijen. Fixes: 79b58f1
MariaDB · Dec 13, 2023 · 2c60d43 · 2c60d43
1 parent e472b68
commit 2c60d43
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 16 deletions.
diff --git a/extra/mariabackup/xtrabackup.cc b/extra/mariabackup/xtrabackup.cc
@@ -6403,7 +6403,7 @@ static bool check_all_privileges()
 	}
 
 	/* KILL ... */
-	if (!opt_no_lock && (opt_kill_long_queries_timeout || opt_kill_long_query_type)) {
+	if (!opt_no_lock && opt_kill_long_queries_timeout) {
 		check_result |= check_privilege(
 			granted_privileges,
 			"CONNECTION ADMIN", "*", "*",
@@ -6424,7 +6424,7 @@ static bool check_all_privileges()
 	if (opt_galera_info || opt_slave_info
 		|| opt_safe_slave_backup) {
 		check_result |= check_privilege(granted_privileges,
-			"SLAVE MONITOR", "*", "*",
+			"REPLICA MONITOR", "*", "*",
 			PRIVILEGE_WARNING);
 	}
 

diff --git a/mysql-test/suite/mariabackup/backup_grants.result b/mysql-test/suite/mariabackup/backup_grants.result
@@ -3,12 +3,13 @@ FOUND 1 /missing required privilege RELOAD/ in backup.log
 FOUND 1 /missing required privilege PROCESS/ in backup.log
 FOUND 1 /GRANT USAGE ON/ in backup.log
 GRANT RELOAD, PROCESS on *.* to backup@localhost;
-NOT FOUND /missing required privilege REPLICA MONITOR/ in backup.log
+FOUND 1 /missing required privilege REPLICA MONITOR/ in backup.log
 GRANT REPLICA MONITOR ON *.* TO backup@localhost;
 REVOKE REPLICA MONITOR ON *.* FROM backup@localhost;
+FOUND 1 /missing required privilege CONNECTION ADMIN/ in backup.log
 GRANT CONNECTION ADMIN ON *.* TO backup@localhost;
 FOUND 1 /missing required privilege REPLICATION SLAVE ADMIN/ in backup.log
-NOT FOUND /missing required privilege REPLICA MONITOR/ in backup.log
+FOUND 1 /missing required privilege REPLICA MONITOR/ in backup.log
 GRANT REPLICATION SLAVE ADMIN ON *.* TO backup@localhost;
 GRANT REPLICA MONITOR ON *.* TO backup@localhost;
 DROP USER backup@localhost;
diff --git a/mysql-test/suite/mariabackup/backup_grants.test b/mysql-test/suite/mariabackup/backup_grants.test
@@ -10,7 +10,7 @@ rmdir $targetdir;
 # backup fails without --no-lock, because of FTWRL
 --disable_result_log
 error 1;
-exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log;
+exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log 2>&1;
 --enable_result_log
 
 let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/backup.log;
@@ -31,7 +31,7 @@ rmdir $targetdir;
 # --slave-info and galera info require REPLICA MONITOR
 --disable_result_log
 error 1;
-exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --slave-info  --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log;
+exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --slave-info  --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log 2>&1;
 --enable_result_log
 rmdir $targetdir;
 
@@ -47,16 +47,15 @@ REVOKE REPLICA MONITOR ON *.* FROM backup@localhost;
 
 # TODO need a query that would delay a BACKUP STAGE START/ BACKUP STAGE BLOCK_COMMIT longer than the kill-long-queries-timeout
 #--send SELECT SLEEP(9) kill_me
-## kill-long-query-type=(not empty) requires CONNECTION ADMIN
-#--disable_result_log
-#error 1;
-#--exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup  --kill-long-query-type=all --kill-long-queries-timeout=4 --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log;
-#--reap
-#--enable_result_log
-#rmdir $targetdir;
-#
-#--let SEARCH_PATTERN=  missing required privilege CONNECTION ADMIN
-#--source include/search_pattern_in_file.inc
+
+# kill-long-query-type=(not empty) requires CONNECTION ADMIN
+--disable_result_log
+--exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --kill-long-query-type=ALL --kill-long-queries-timeout=4 --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log 2>&1;
+--enable_result_log
+rmdir $targetdir;
+
+--let SEARCH_PATTERN= missing required privilege CONNECTION ADMIN
+--source include/search_pattern_in_file.inc
 
 GRANT CONNECTION ADMIN ON *.* TO backup@localhost;
 --disable_result_log