MDEV-28367: BACKUP LOCKS on table to be accessible to those with database LOCK TABLES privileges

- Allow database level access via `LOCK TABLES` to execute statement
`BACKUP [un]LOCK <object>`
- `BACKUP UNLOCK` works only with `RELOAD` privilege.
  In case there is `LOCK TABLES` privilege without `RELOAD` privilege,
  we check if backup lock is taken before.
  If it is not we raise an error of missing `RELOAD` privilege.
- We had to remove any error/warnings from calling functions because
`thd->get_stmt_da()->m_status` will be set to error and will break
`my_ok()`.
- Added missing test coverage of `RELOAD` privilege to `main.grant.test`
Reviewer: <daniel@mariadb.org>

mysql-test/main/backup_locks.result

@@ -163,5 +163,82 @@ ERROR HY000: Can't execute the query because you have a conflicting read lock
 BACKUP UNLOCK;
 DROP TABLE t3;
 #
+#  MDEV-28367: BACKUP LOCKS on table to be accessible to those
+#              with database LOCK TABLES privileges
+#
+create database db1;
+create table db1.t1(t int);
+create user user1@localhost;
+select user,host from mysql.user where user='user1';
+User	Host
+user1	localhost
+connect(localhost,user1,,db1,MASTER_PORT,MASTER_SOCKET);
+connect  con1, localhost, user1, ,db1;
+ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1'
+grant reload on *.* to user1@localhost;
+grant select on db1.* to user1@localhost;
+show grants for user1@localhost;
+Grants for user1@localhost
+GRANT RELOAD ON *.* TO `user1`@`localhost`
+GRANT SELECT ON `db1`.* TO `user1`@`localhost`
+connect  con1, localhost, user1, ,db1;
+BACKUP UNLOCK;
+BACKUP LOCK db1.t1;
+SELECT LOCK_MODE, LOCK_TYPE, TABLE_SCHEMA, TABLE_NAME FROM information_schema.metadata_lock_info;
+LOCK_MODE	LOCK_TYPE	TABLE_SCHEMA	TABLE_NAME
+MDL_SHARED_HIGH_PRIO	Table metadata lock	db1	t1
+BACKUP UNLOCK;
+SELECT LOCK_MODE, LOCK_TYPE, TABLE_SCHEMA, TABLE_NAME FROM information_schema.metadata_lock_info;
+LOCK_MODE	LOCK_TYPE	TABLE_SCHEMA	TABLE_NAME
+connection default;
+disconnect con1;
+grant lock tables on db1.* to user1@localhost;
+show grants for user1@localhost;
+Grants for user1@localhost
+GRANT RELOAD ON *.* TO `user1`@`localhost`
+GRANT SELECT, LOCK TABLES ON `db1`.* TO `user1`@`localhost`
+connect  con1, localhost, user1, ,db1;
+BACKUP UNLOCK;
+BACKUP LOCK db1.t1;
+SELECT LOCK_MODE, LOCK_TYPE, TABLE_SCHEMA, TABLE_NAME FROM information_schema.metadata_lock_info;
+LOCK_MODE	LOCK_TYPE	TABLE_SCHEMA	TABLE_NAME
+MDL_SHARED_HIGH_PRIO	Table metadata lock	db1	t1
+BACKUP UNLOCK;
+SELECT LOCK_MODE, LOCK_TYPE, TABLE_SCHEMA, TABLE_NAME FROM information_schema.metadata_lock_info;
+LOCK_MODE	LOCK_TYPE	TABLE_SCHEMA	TABLE_NAME
+connection default;
+disconnect con1;
+revoke reload on *.* from user1@localhost;
+show grants for user1@localhost;
+Grants for user1@localhost
+GRANT USAGE ON *.* TO `user1`@`localhost`
+GRANT SELECT, LOCK TABLES ON `db1`.* TO `user1`@`localhost`
+connect  con1, localhost, user1, ,db1;
+BACKUP UNLOCK;
+ERROR 42000: Access denied; you need (at least one of) the RELOAD, LOCK TABLES privilege(s) for this operation
+BACKUP LOCK db1.t1;
+SELECT LOCK_MODE, LOCK_TYPE, TABLE_SCHEMA, TABLE_NAME FROM information_schema.metadata_lock_info;
+LOCK_MODE	LOCK_TYPE	TABLE_SCHEMA	TABLE_NAME
+MDL_SHARED_HIGH_PRIO	Table metadata lock	db1	t1
+BACKUP UNLOCK;
+SELECT LOCK_MODE, LOCK_TYPE, TABLE_SCHEMA, TABLE_NAME FROM information_schema.metadata_lock_info;
+LOCK_MODE	LOCK_TYPE	TABLE_SCHEMA	TABLE_NAME
+connection default;
+disconnect con1;
+revoke lock tables on db1.* from user1@localhost;
+show grants for user1@localhost;
+Grants for user1@localhost
+GRANT USAGE ON *.* TO `user1`@`localhost`
+GRANT SELECT ON `db1`.* TO `user1`@`localhost`
+connect  con1, localhost, user1, ,db1;
+BACKUP LOCK db1.t1;
+ERROR 42000: Access denied; you need (at least one of) the RELOAD, LOCK TABLES privilege(s) for this operation
+BACKUP UNLOCK;
+ERROR 42000: Access denied; you need (at least one of) the RELOAD, LOCK TABLES privilege(s) for this operation
+connection default;
+disconnect con1;
+drop database db1;
+drop user user1@localhost;
+#
 # End of MariaDB 10.4 tests
 #