From 5716c71c54d84d1f68bae8766ab51d186535c291 Mon Sep 17 00:00:00 2001
From: Vladislav Vaintroub <wlad@mariadb.com>
Date: Fri, 14 Dec 2018 23:36:21 +0100
Subject: MDEV-14975  mariabackup starts with unprivileged user.

ported privilege checking from xtrabackup.
Now, mariabackup would terminate early if either RELOAD or PROCESS privilege
is not held, not at the very end of backup

The behavior can be disabled with nre setting --check-privileges=0.
Also , --no-lock does not need all of these privileges, since it skips
FTWRL and SHOW ENGINE STATUS INNODB.
---
 mysql-test/suite/mariabackup/backup_grants.result |  5 ++++
 mysql-test/suite/mariabackup/backup_grants.test   | 30 +++++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 mysql-test/suite/mariabackup/backup_grants.result
 create mode 100644 mysql-test/suite/mariabackup/backup_grants.test

(limited to 'mysql-test')

diff --git a/mysql-test/suite/mariabackup/backup_grants.result b/mysql-test/suite/mariabackup/backup_grants.result
new file mode 100644
index 00000000000..d8869b7ac82
--- /dev/null
+++ b/mysql-test/suite/mariabackup/backup_grants.result
@@ -0,0 +1,5 @@
+CREATE user backup@localhost;
+FOUND 1 /missing required privilege RELOAD/ in backup.log
+FOUND 1 /missing required privilege PROCESS/ in backup.log
+GRANT RELOAD, PROCESS on *.* to backup@localhost;
+DROP USER backup@localhost;
diff --git a/mysql-test/suite/mariabackup/backup_grants.test b/mysql-test/suite/mariabackup/backup_grants.test
new file mode 100644
index 00000000000..1c0c3f89346
--- /dev/null
+++ b/mysql-test/suite/mariabackup/backup_grants.test
@@ -0,0 +1,30 @@
+let $targetdir=$MYSQLTEST_VARDIR/tmp/backup;
+CREATE user backup@localhost;
+
+# backup possible for unprivileges user, with --no-lock
+--disable_result_log
+exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --no-lock  --target-dir=$targetdir;
+--enable_result_log
+rmdir $targetdir;
+
+# backup fails without --no-lock, because of FTWRL
+--disable_result_log
+error 1;
+exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log;
+--enable_result_log
+
+let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/backup.log;
+--let SEARCH_PATTERN=  missing required privilege RELOAD
+--source include/search_pattern_in_file.inc
+--let SEARCH_PATTERN=  missing required privilege PROCESS
+--source include/search_pattern_in_file.inc
+
+# backup succeeds with RELOAD privilege
+GRANT RELOAD, PROCESS on *.* to backup@localhost;
+--disable_result_log
+exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf  --backup -ubackup --target-dir=$targetdir;
+--enable_result_log
+
+DROP USER backup@localhost;
+# Cleanup
+rmdir $targetdir;
-- 
cgit v1.2.1