Bug #27440 read_only allows create and drop database

When read_only option was enabled, a user without SUPER privilege could
perform CREATE DATABASE and DROP DATABASE operations.

This patch adds a check to make sure this isn't possible. It also attempts to 
simplify the logic used to determine if relevant tables are updated,
making it more human readable.


mysql-test/r/read_only.result:
  Updated result file
mysql-test/t/read_only.test:
  A test case is added which shows that it is not possible to drop or create a
  database in read-only mode despite having the GRANT permissions to do so,
  SUPER user excepted.
sql/sql_parse.cc:
  - Simplified complex predicate by grouping it in a read friendly way.
  - Added predicate to fail on database updates while running in read-only
    mode.

1 files changed, 34 insertions, 0 deletions

diff --git a/mysql-test/t/read_only.test b/mysql-test/t/read_only.test
index 8e14b310f4c..5ec062bc103 100644
--- a/mysql-test/t/read_only.test
+++ b/mysql-test/t/read_only.test
@@ -117,4 +117,38 @@ connection default;
 drop table t1,t2;
 drop user test@localhost;
 
+--echo #
+--echo # Bug #27440 read_only allows create and drop database
+--echo #
+--disable_warnings
+drop database if exists mysqltest_db1;
+drop database if exists mysqltest_db2;
+--enable_warnings
+
+delete from mysql.user where User like 'mysqltest_%';
+delete from mysql.db where User like 'mysqltest_%';
+delete from mysql.tables_priv where User like 'mysqltest_%';
+delete from mysql.columns_priv where User like 'mysqltest_%';
+flush privileges;
+
+grant all on mysqltest_db2.* to `mysqltest_u1`@`%`;
+create database mysqltest_db1;
+grant all on mysqltest_db1.* to `mysqltest_u1`@`%`;
+flush privileges;
+connect (con_bug27440,127.0.0.1,mysqltest_u1,,test,$MASTER_MYPORT,);
+connection con_bug27440;
+show grants for current_user();
+--error ER_OPTION_PREVENTS_STATEMENT
+create database mysqltest_db2;
+show databases like '%mysqltest_db2%';
+--error ER_OPTION_PREVENTS_STATEMENT
+drop database mysqltest_db1;
+disconnect con_bug27440;
+connection default;
+delete from mysql.user where User like 'mysqltest_%';
+delete from mysql.db where User like 'mysqltest_%';
+delete from mysql.tables_priv where User like 'mysqltest_%';
+delete from mysql.columns_priv where User like 'mysqltest_%';
+flush privileges;
+drop database mysqltest_db1;
 set global read_only=0;