WL#14317: Offline_mode: checks for SYSTEM_USER and CONNECTION_ADMIN privileges

Description:
-----------
When OFFLINE_MODE is activated, all connections without CONNECTION_ADMIN privilege
are being terminated. The current implementation causes race conditions because
sctx of one thread is accessed by another thread.

This worklog solves the issue by introducing the atomic bool variable to cache
the state of CONNECTION_ADMIN privilege. Using the variable avoids the need to check
the sctx of another thread when activating OFFLINE_MODE.
Additionally, a protection was added for the same operation, so that the user which
only has SYSTEM_VARIABLES_ADMIN privilege (enough to perform the operation), must
not kill the session of the user having SYSTEM_USER, but not CONNECTION_ADMIN privilege.

Testing:
-------
Test files added :
- t/offline_mode_kill

Approved by: Bharathy Satish <bharathy.x.satish@oracle.com>
Approved by: Harin Vadodaria <harin.vadodaria@oracle.com>
Approved by: Praveen Hulakund <praveenkumar.hulakund@oracle.com>
RB: 27496

Change-Id: I52ee72124a61f6b92e4cb50595e541265bfcf5e2

Author: MRajcic

mysql-test/r/offline_mode_kill.result

@@ -0,0 +1,151 @@
+##
+## WL#14317: Offline_mode: checks for SYSTEM_USER and CONNECTION_ADMIN privileges
+##
+## Each of the following clients can activate server OFFLINE_MODE:
+## - regular_session:  having SYSTEM_VARIABLES_ADMIN privilege
+## - power_session:    having SYSTEM_VARIABLES_ADMIN and SYSTEM_USER privileges
+## - super_session:    having SYSTEM_VARIABLES_ADMIN and CONNECTION_ADMIN privileges
+## - sysadmin_session: having SYSTEM_VARIABLES_ADMIN, CONNECTION_ADMIN, SYSTEM_USER privileges
+## Test that activating OFFLINE_MODE action performed by:
+## 1. regular_session only kills regular_sessions (including itself)
+## 2. power_session kills regular_sessions and power_sessions (including itself), but not super_session or sysadmin_session
+## 3. super_session kills regular_sessions, but not power_session or super_session or sysadmin_session
+## 4. sysadmin_session kills regular_sessions and power_sessions, but not super_session or sysadmin_session
+##
+SET @original_offline_mode = @@global.offline_mode;
+
+### Setup ###
+
+# Create regular_session user
+create user regular@localhost identified by 'regular';
+grant SYSTEM_VARIABLES_ADMIN on *.* to regular@localhost;
+
+# Create power_session user
+create user power@localhost identified by 'power';
+grant SYSTEM_USER, SYSTEM_VARIABLES_ADMIN on *.* to power@localhost;
+
+# Create super_session user (switches off OFFLINE_MODE)
+create user super@localhost identified by 'super';
+grant SYSTEM_VARIABLES_ADMIN, CONNECTION_ADMIN on *.* to super@localhost;
+
+# Create sysadmin_session user (max privileges)
+create user sysadmin@localhost identified by 'sysadmin';
+grant SYSTEM_VARIABLES_ADMIN, CONNECTION_ADMIN, SYSTEM_USER on *.* to sysadmin@localhost;
+
+flush privileges;
+
+## TEST 1: regular_session activates OFFLINE_MODE
+
+# Create power_session connection
+# Create regular_session connection
+# Create super_session connection (switches off OFFLINE_MODE)
+# Create sysadmin_session connection (max privileges)
+# Activate regular_session connection
+# Activate OFFLINE_MODE (with regular_session)
+SET GLOBAL OFFLINE_MODE=ON;
+# Verify that the regular_session killed itself
+SELECT USER();
+ERROR HY000: Lost connection to MySQL server during query
+# Verify that the power_session is kept alive
+SELECT USER();
+USER()
+power@localhost
+# Verify that the super_session is kept alive
+SELECT USER();
+USER()
+super@localhost
+# Verify that the sysadmin_session is kept alive
+SELECT USER();
+USER()
+sysadmin@localhost
+
+## TEST 2: power_session activates OFFLINE_MODE
+
+# Setup - activate super_session connection
+# Setup - deactivate OFFLINE_MODE
+SET GLOBAL OFFLINE_MODE=OFF;
+# Setup - create additional regular_session connection
+# Setup - create additional power_session connection
+# Activate power_session connection
+# Activate OFFLINE_MODE (with power_session)
+SET GLOBAL OFFLINE_MODE=ON;
+# Verify that the power_session killed itself
+SELECT USER();
+ERROR HY000: Lost connection to MySQL server during query
+# Verify that the regular_session has been killed
+SELECT USER();
+ERROR HY000: Lost connection to MySQL server during query
+# Verify that the additional power_session has been killed
+SELECT USER();
+ERROR HY000: Lost connection to MySQL server during query
+# Verify that the super_session is kept alive
+SELECT USER();
+USER()
+super@localhost
+# Verify that the sysadmin_session is kept alive
+SELECT USER();
+USER()
+sysadmin@localhost
+
+## TEST 3: super_session activates OFFLINE_MODE
+
+# Setup - activate super_session connection
+# Setup - deactivate OFFLINE_MODE
+SET GLOBAL OFFLINE_MODE=OFF;
+# Setup - create additional super_session connection
+# Setup - create additional regular_session connection
+# Setup - create additional power_session connection
+# Activate super_session connection
+# Activate OFFLINE_MODE (with super_session)
+SET GLOBAL OFFLINE_MODE=ON;
+# Verify that the regular_session has been killed
+SELECT USER();
+ERROR HY000: Lost connection to MySQL server during query
+# Verify that the power_session is kept alive
+SELECT USER();
+USER()
+power@localhost
+# Verify that the super_session is kept alive
+SELECT USER();
+USER()
+super@localhost
+# Verify that the additional super_session is kept alive
+SELECT USER();
+USER()
+super@localhost
+# Verify that the sysadmin_session is kept alive
+SELECT USER();
+USER()
+sysadmin@localhost
+
+## TEST 4: sysadmin_session activates OFFLINE_MODE
+
+# Setup - activate super_session connection
+# Setup - deactivate OFFLINE_MODE
+SET GLOBAL OFFLINE_MODE=OFF;
+# Setup - create additional regular_session connection
+# Activate sysadmin_session connection
+# Activate OFFLINE_MODE (with super_session)
+SET GLOBAL OFFLINE_MODE=ON;
+# Verify that the sysadmin_session did not kill itself
+SELECT USER();
+USER()
+sysadmin@localhost
+# Verify that the regular_session has been killed
+SELECT USER();
+ERROR HY000: Lost connection to MySQL server during query
+# Verify that the power_session has been killed
+SELECT USER();
+ERROR HY000: Lost connection to MySQL server during query
+# Verify that the super_session is kept alive
+SELECT USER();
+USER()
+super@localhost
+
+# CLEAN UP
+
+DROP USER regular@localhost;
+DROP USER power@localhost;
+DROP USER super@localhost;
+DROP USER sysadmin@localhost;
+SET @@global.offline_mode = @original_offline_mode;

mysql-test/t/offline_mode_kill.test

@@ -0,0 +1,227 @@
+--echo ##
+--echo ## WL#14317: Offline_mode: checks for SYSTEM_USER and CONNECTION_ADMIN privileges
+--echo ##
+--echo ## Each of the following clients can activate server OFFLINE_MODE:
+--echo ## - regular_session:  having SYSTEM_VARIABLES_ADMIN privilege
+--echo ## - power_session:    having SYSTEM_VARIABLES_ADMIN and SYSTEM_USER privileges
+--echo ## - super_session:    having SYSTEM_VARIABLES_ADMIN and CONNECTION_ADMIN privileges
+--echo ## - sysadmin_session: having SYSTEM_VARIABLES_ADMIN, CONNECTION_ADMIN, SYSTEM_USER privileges
+--echo ## Test that activating OFFLINE_MODE action performed by:
+--echo ## 1. regular_session only kills regular_sessions (including itself)
+--echo ## 2. power_session kills regular_sessions and power_sessions (including itself), but not super_session or sysadmin_session
+--echo ## 3. super_session kills regular_sessions, but not power_session or super_session or sysadmin_session
+--echo ## 4. sysadmin_session kills regular_sessions and power_sessions, but not super_session or sysadmin_session
+--echo ##
+
+SET @original_offline_mode = @@global.offline_mode;
+
+--echo
+--echo ### Setup ###
+
+--echo
+--echo # Create regular_session user
+create user regular@localhost identified by 'regular';
+grant SYSTEM_VARIABLES_ADMIN on *.* to regular@localhost;
+
+--echo
+--echo # Create power_session user
+create user power@localhost identified by 'power';
+grant SYSTEM_USER, SYSTEM_VARIABLES_ADMIN on *.* to power@localhost;
+
+--echo
+--echo # Create super_session user (switches off OFFLINE_MODE)
+create user super@localhost identified by 'super';
+grant SYSTEM_VARIABLES_ADMIN, CONNECTION_ADMIN on *.* to super@localhost;
+
+--echo
+--echo # Create sysadmin_session user (max privileges)
+create user sysadmin@localhost identified by 'sysadmin';
+grant SYSTEM_VARIABLES_ADMIN, CONNECTION_ADMIN, SYSTEM_USER on *.* to sysadmin@localhost;
+
+--echo
+flush privileges;
+
+--echo
+--echo ## TEST 1: regular_session activates OFFLINE_MODE
+--echo
+
+--echo # Create power_session connection
+connect (con_power, localhost, power, power, );
+
+--echo # Create regular_session connection
+connect (con_regular, localhost, regular, regular, );
+
+--echo # Create super_session connection (switches off OFFLINE_MODE)
+connect (con_super, localhost, super, super, );
+
+--echo # Create sysadmin_session connection (max privileges)
+connect (con_sysadmin, localhost, sysadmin, sysadmin, );
+
+--echo # Activate regular_session connection
+connection con_regular;
+
+--echo # Activate OFFLINE_MODE (with regular_session)
+SET GLOBAL OFFLINE_MODE=ON;
+
+--echo # Verify that the regular_session killed itself
+--error CR_SERVER_LOST
+SELECT USER();
+
+--echo # Verify that the power_session is kept alive
+connection con_power;
+SELECT USER();
+
+--echo # Verify that the super_session is kept alive
+connection con_super;
+SELECT USER();
+
+--echo # Verify that the sysadmin_session is kept alive
+connection con_sysadmin;
+SELECT USER();
+
+--echo
+--echo ## TEST 2: power_session activates OFFLINE_MODE
+--echo
+
+--echo # Setup - activate super_session connection
+connection con_super;
+
+--echo # Setup - deactivate OFFLINE_MODE
+SET GLOBAL OFFLINE_MODE=OFF;
+
+--echo # Setup - create additional regular_session connection
+connect (con_regular1, localhost, regular, regular, );
+
+--echo # Setup - create additional power_session connection
+connect (con_power1, localhost, power, power, );
+
+--echo # Activate power_session connection
+connection con_power;
+
+--echo # Activate OFFLINE_MODE (with power_session)
+SET GLOBAL OFFLINE_MODE=ON;
+
+--echo # Verify that the power_session killed itself
+--error CR_SERVER_LOST
+SELECT USER();
+
+--echo # Verify that the regular_session has been killed
+connection con_regular1;
+--error CR_SERVER_LOST
+SELECT USER();
+
+--echo # Verify that the additional power_session has been killed
+connection con_power1;
+--error CR_SERVER_LOST
+SELECT USER();
+
+--echo # Verify that the super_session is kept alive
+connection con_super;
+SELECT USER();
+
+--echo # Verify that the sysadmin_session is kept alive
+connection con_sysadmin;
+SELECT USER();
+
+--echo
+--echo ## TEST 3: super_session activates OFFLINE_MODE
+--echo
+
+--echo # Setup - activate super_session connection
+connection con_super;
+
+--echo # Setup - deactivate OFFLINE_MODE
+SET GLOBAL OFFLINE_MODE=OFF;
+
+--echo # Setup - create additional super_session connection
+connect (con_super1, localhost, super, super, );
+
+--echo # Setup - create additional regular_session connection
+connect (con_regular2, localhost, regular, regular, );
+
+--echo # Setup - create additional power_session connection
+connect (con_power2, localhost, power, power, );
+
+--echo # Activate super_session connection
+connection con_super;
+
+--echo # Activate OFFLINE_MODE (with super_session)
+SET GLOBAL OFFLINE_MODE=ON;
+
+--echo # Verify that the regular_session has been killed
+connection con_regular2;
+--error CR_SERVER_LOST
+SELECT USER();
+
+--echo # Verify that the power_session is kept alive
+connection con_power2;
+SELECT USER();
+
+--echo # Verify that the super_session is kept alive
+connection con_super;
+SELECT USER();
+
+--echo # Verify that the additional super_session is kept alive
+connection con_super1;
+SELECT USER();
+
+--echo # Verify that the sysadmin_session is kept alive
+connection con_sysadmin;
+SELECT USER();
+
+--echo
+--echo ## TEST 4: sysadmin_session activates OFFLINE_MODE
+--echo
+
+--echo # Setup - activate super_session connection
+connection con_super;
+
+--echo # Setup - deactivate OFFLINE_MODE
+SET GLOBAL OFFLINE_MODE=OFF;
+
+--echo # Setup - create additional regular_session connection
+connect (con_regular3, localhost, regular, regular, );
+
+--echo # Activate sysadmin_session connection
+connection con_sysadmin;
+
+--echo # Activate OFFLINE_MODE (with super_session)
+SET GLOBAL OFFLINE_MODE=ON;
+
+--echo # Verify that the sysadmin_session did not kill itself
+SELECT USER();
+
+--echo # Verify that the regular_session has been killed
+connection con_regular3;
+--error CR_SERVER_LOST
+SELECT USER();
+
+--echo # Verify that the power_session has been killed
+connection con_power2;
+--error CR_SERVER_LOST
+SELECT USER();
+
+--echo # Verify that the super_session is kept alive
+connection con_super;
+SELECT USER();
+
+## Cleanup
+--echo
+--echo # CLEAN UP
+--echo
+connection default;
+disconnect con_super;
+disconnect con_super1;
+disconnect con_regular;
+disconnect con_regular1;
+disconnect con_regular2;
+disconnect con_regular3;
+disconnect con_power;
+disconnect con_power1;
+disconnect con_power2;
+disconnect con_sysadmin;
+DROP USER regular@localhost;
+DROP USER power@localhost;
+DROP USER super@localhost;
+DROP USER sysadmin@localhost;
+SET @@global.offline_mode = @original_offline_mode;