database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-36425 Extend read_only to also block share locks and super user

Browse Source 
The main purpose of this allow one to use the --read-only
option to ensure that no one can issue a query that can
block replication.

The --read-only option can now take 4 different values:
0  No read only (as before).
1  Blocks changes for users without the 'READ ONLY ADMIN'
   privilege (as before).
2  Blocks in addition LOCK TABLES and SELECT IN SHARE MODE
   for not 'READ ONLY ADMIN' users.
3  Blocks in addition 'READ_ONLY_ADMIN' users for all the
   previous statements.

read_only is changed to an enum and one can use the following
names for the lock levels:
OFF, ON, NO_LOCK, NO_LOCK_NO_ADMIN

Too keep things compatible with older versions config files, one can
still use values FALSE and TRUE, which are mapped to OFF and ON.

The main visible changes are:
- 'show variables like "read_only"' now returns a string
   instead of a number.
- Error messages related to read_only violations now contains
  the current value off readonly.

Other things:
- is_read_only_ctx() renamed to check_read_only_with_error()
- Moved TL_READ_SKIP_LOCKED to it's logical place

Reviewed by: Sergei Golubchik <serg@mariadb.org>
This commit is contained in:
Monty
2025-03-31 20:07:13 +03:00
parent 595e834946
commit ce8a74f235
37 changed files with 455 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
sql/sql_class.h
View File

@ -126,6 +126,8 @@ enum enum_slave_run_triggers_for_rbr { SLAVE_RUN_TRIGGERS_FOR_RBR_NO,
SLAVE_RUN_TRIGGERS_FOR_RBR_ENFORCE};
enum enum_slave_type_conversions { SLAVE_TYPE_CONVERSIONS_ALL_LOSSY,
SLAVE_TYPE_CONVERSIONS_ALL_NON_LOSSY};
enum read_only_options { READONLY_OFF, READONLY_ON, READONLY_NO_LOCK,
READONLY_NO_LOCK_NO_ADMIN};
/*
COLUMNS_READ: A column is goind to be read.
@ -235,6 +237,8 @@ extern "C" int thd_current_status(MYSQL_THD thd);
extern "C" enum enum_server_command thd_current_command(MYSQL_THD thd);
extern "C" int thd_double_innodb_cardinality(MYSQL_THD thd);
extern void mariadb_error_read_only();
/**
@class CSET_STRING
@brief Character set armed LEX_STRING
@ -3534,11 +3538,14 @@ public:
/**
Checks if a user connection is read-only
*/
inline bool is_read_only_ctx()
inline bool check_read_only_with_error()
{
return opt_readonly &&
!(security_ctx->master_access & PRIV_IGNORE_READ_ONLY) &&
!slave_thread;
if (likely(!opt_readonly) || slave_thread ||
((security_ctx->master_access & PRIV_IGNORE_READ_ONLY) &&
opt_readonly != READONLY_NO_LOCK_NO_ADMIN))
return false;
mariadb_error_read_only();
return true;
}
private: