MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id

mysql-test/suite/sys_vars/r/gtid_domain_id_grant.result

@@ -0,0 +1,69 @@
+#
+# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+#
+SET @global=@@global.gtid_domain_id;
+# Test that "SET GLOBAL gtid_domain_id" is not allowed without REPLICATION MASTER ADMIN or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_domain_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET GLOBAL gtid_domain_id" is allowed with REPLICATION MASTER ADMIN
+CREATE USER user1@localhost;
+GRANT REPLICATION MASTER ADMIN ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_domain_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET GLOBAL gtid_domain_id" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_domain_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@global.gtid_domain_id=@global;
+SET @session=@@session.gtid_domain_id;
+# Test that "SET gtid_domain_id" is not allowed without BINLOG REPLAY or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET gtid_domain_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+SET SESSION gtid_domain_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET gtid_domain_id" is allowed with BINLOG REPLAY
+CREATE USER user1@localhost;
+GRANT BINLOG REPLAY ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET gtid_domain_id=1;
+SET SESSION gtid_domain_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET gtid_domain_id" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET gtid_domain_id=1;
+SET SESSION gtid_domain_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@session.gtid_domain_id=@session;

mysql-test/suite/sys_vars/r/gtid_seq_no_grant.result

@@ -0,0 +1,44 @@
+#
+# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+#
+SET @session=@@session.gtid_seq_no;
+# Test that "SET gtid_seq_no" is not allowed without BINLOG REPLAY or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_seq_no=1;
+ERROR HY000: Variable 'gtid_seq_no' is a SESSION variable and can't be used with SET GLOBAL
+SET gtid_seq_no=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+SET SESSION gtid_seq_no=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET gtid_seq_no" is allowed with BINLOG REPLAY
+CREATE USER user1@localhost;
+GRANT BINLOG REPLAY ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_seq_no=1;
+ERROR HY000: Variable 'gtid_seq_no' is a SESSION variable and can't be used with SET GLOBAL
+SET gtid_seq_no=1;
+SET SESSION gtid_seq_no=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET gtid_seq_no" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_seq_no=1;
+ERROR HY000: Variable 'gtid_seq_no' is a SESSION variable and can't be used with SET GLOBAL
+SET gtid_seq_no=1;
+SET SESSION gtid_seq_no=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@session.gtid_seq_no=@session;

mysql-test/suite/sys_vars/r/preudo_thread_id_grant.result

@@ -0,0 +1,44 @@
+#
+# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+#
+SET @session=@@session.pseudo_thread_id;
+# Test that "SET pseudo_thread_id" is not allowed without BINLOG REPLAY or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL pseudo_thread_id=1;
+ERROR HY000: Variable 'pseudo_thread_id' is a SESSION variable and can't be used with SET GLOBAL
+SET pseudo_thread_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+SET SESSION pseudo_thread_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET pseudo_thread_id" is allowed with BINLOG REPLAY
+CREATE USER user1@localhost;
+GRANT BINLOG REPLAY ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL pseudo_thread_id=1;
+ERROR HY000: Variable 'pseudo_thread_id' is a SESSION variable and can't be used with SET GLOBAL
+SET pseudo_thread_id=1;
+SET SESSION pseudo_thread_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET pseudo_thread_id" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL pseudo_thread_id=1;
+ERROR HY000: Variable 'pseudo_thread_id' is a SESSION variable and can't be used with SET GLOBAL
+SET pseudo_thread_id=1;
+SET SESSION pseudo_thread_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@session.pseudo_thread_id=@session;

mysql-test/suite/sys_vars/r/secure_timestamp_super.result

@@ -11,7 +11,7 @@ EDITABLE
 create user foo@127.0.0.1;
 connect con2,127.0.0.1,foo,,test,$SLAVE_MYPORT;
 set timestamp=1234567890.101112;
-ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
 select if(now(6) > 20100101, 'READONLY', 'EDITABLE') as 'non-privileged';
 non-privileged
 READONLY

mysql-test/suite/sys_vars/r/server_id_grant.result

@@ -0,0 +1,69 @@
+#
+# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+#
+SET @global=@@global.server_id;
+# Test that "SET GLOBAL server_id" is not allowed without REPLICATION MASTER ADMIN or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL server_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET GLOBAL server_id" is allowed with REPLICATION MASTER ADMIN
+CREATE USER user1@localhost;
+GRANT REPLICATION MASTER ADMIN ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL server_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET GLOBAL server_id" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL server_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@global.server_id=@global;
+SET @session=@@session.server_id;
+# Test that "SET server_id" is not allowed without BINLOG REPLAY or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET server_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+SET SESSION server_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET server_id" is allowed with BINLOG REPLAY
+CREATE USER user1@localhost;
+GRANT BINLOG REPLAY ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET server_id=1;
+SET SESSION server_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET server_id" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET server_id=1;
+SET SESSION server_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@session.server_id=@session;