Changing SET SQL_LOG_BIN so that it explicitely throws an error if

user is not SUPER, instead of setting the value but ignoring it
silently internally.

mysql-test/r/rpl_temporary.result

@@ -7,6 +7,12 @@ start slave;
 reset master;
 SET @@session.pseudo_thread_id=100;
 ERROR HY000: Access denied. You need the SUPER privilege for this operation
+SET @@session.sql_log_bin=0;
+ERROR HY000: Access denied. You need the SUPER privilege for this operation
+SET @@session.pseudo_thread_id=100;
+SET @@session.pseudo_thread_id=connection_id();
+SET @@session.sql_log_bin=0;
+SET @@session.sql_log_bin=1;
 drop table if exists t1,t2;
 create table t1(f int);
 create table t2(f int);

mysql-test/t/rpl_temporary.test

@@ -30,7 +30,17 @@ connect (con3,localhost,zedjzlcsjhd,,);
 connection con3;
 --error 1227
 SET @@session.pseudo_thread_id=100;
+# While we are here we also test that SQL_LOG_BIN can't be set
+--error 1227
+SET @@session.sql_log_bin=0;
+# Now as root, to be sure it works
+connection con2;
+SET @@session.pseudo_thread_id=100;
+SET @@session.pseudo_thread_id=connection_id();
+SET @@session.sql_log_bin=0;
+SET @@session.sql_log_bin=1;
 
+connection con3;
 let $VERSION=`select version()`;
 
 --disable_warnings

sql/log.cc

@@ -1208,8 +1208,7 @@ bool MYSQL_LOG::write(Log_event* event_info)
        "do the involved tables match (to be implemented)
         binlog_[wild_]{do|ignore}_table?" (WL#1049)"
     */
-    if ((thd && !(thd->options & OPTION_BIN_LOG) &&
+    if ((thd && !(thd->options & OPTION_BIN_LOG)) ||
-	 (thd->master_access & SUPER_ACL)) ||
 	(local_db && !db_ok(local_db, binlog_do_db, binlog_ignore_db)))
     {
       VOID(pthread_mutex_unlock(&LOCK_log));
@@ -1556,11 +1555,7 @@ bool MYSQL_LOG::write(THD *thd,const char *query, uint query_length,
     int tmp_errno=0;
     char buff[80],*end;
     end=buff;
-    if (!(thd->options & OPTION_UPDATE_LOG)
+    if (!(thd->options & OPTION_UPDATE_LOG))
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
-	&& (thd->master_access & SUPER_ACL)
-#endif
-	)
     {
       VOID(pthread_mutex_unlock(&LOCK_log));
       return 0;

sql/set_var.cc

@@ -2288,6 +2288,13 @@ static bool set_option_autocommit(THD *thd, set_var *var)
 
 static bool set_log_update(THD *thd, set_var *var)
 {
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+  if (!(thd->master_access & SUPER_ACL))
+  {
+    my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER");
+    return 1;
+  }
+#endif
   if (opt_sql_bin_update)
     ((sys_var_thd_bit*) var->var)->bit_flag|= (OPTION_BIN_LOG |
 					       OPTION_UPDATE_LOG);

sql/sql_insert.cc

@@ -134,15 +134,10 @@ int mysql_insert(THD *thd,TABLE_LIST *table_list,
     thd->lex->select_lex.table_list.first;
   DBUG_ENTER("mysql_insert");
 
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
+  if (!(thd->options & OPTION_UPDATE_LOG))
-  if (thd->master_access & SUPER_ACL)
+    log_on&= ~(int) DELAYED_LOG_UPDATE;
-#endif
+  if (!(thd->options & OPTION_BIN_LOG))
-  {
+    log_on&= ~(int) DELAYED_LOG_BIN;
-    if (!(thd->options & OPTION_UPDATE_LOG))
-      log_on&= ~(int) DELAYED_LOG_UPDATE;
-    if (!(thd->options & OPTION_BIN_LOG))
-      log_on&= ~(int) DELAYED_LOG_BIN;
-  }
   /*
     in safe mode or with skip-new change delayed insert to be regular
     if we are told to replace duplicates, the insert cannot be concurrent