MariaDB
diff --git a/‎include/thr_lock.h
+7-3 b/‎include/thr_lock.h
+7-3
diff --git a/‎mysql-test/main/alter_user.result
+2-2 b/‎mysql-test/main/alter_user.result
+2-2
diff --git a/‎mysql-test/main/bug58669.result
+1-1 b/‎mysql-test/main/bug58669.result
+1-1
diff --git a/‎mysql-test/main/grant.result
+1-1 b/‎mysql-test/main/grant.result
+1-1
diff --git a/‎mysql-test/main/grant_read_only.result
+7-7 b/‎mysql-test/main/grant_read_only.result
+7-7
diff --git a/‎mysql-test/main/mysqld--help.result
+8-4 b/‎mysql-test/main/mysqld--help.result
+8-4
diff --git a/‎mysql-test/main/read_only.result
+134-24 b/‎mysql-test/main/read_only.result
+134-24
@@ -41,15 +41,16 @@ enum thr_lock_type { TL_IGNORE=-1,
                        modify tables.
                      */
                      TL_READ_DEFAULT,
+		     /* READ, but skip locks if found */
+		     TL_READ_SKIP_LOCKED,
 		     TL_READ,			/* Read lock */
+                     /* Get shared locks on all read rows */
 		     TL_READ_WITH_SHARED_LOCKS,
 		     /* High prior. than TL_WRITE. Allow concurrent insert */
 		     TL_READ_HIGH_PRIORITY,
 		     /* READ, Don't allow concurrent insert */
 		     TL_READ_NO_INSERT,
-		     /* READ, but skip locks if found */
-		     TL_READ_SKIP_LOCKED,
-		     /* 
+		     /*
 			Write lock, but allow other threads to read / write.
 			Used by BDB tables in MySQL to mark that someone is
 			reading/writing to the table.
@@ -85,6 +86,9 @@ enum thr_lock_type { TL_IGNORE=-1,
 */
 #define TL_FIRST_WRITE TL_WRITE_ALLOW_WRITE
 
+/* First lock that can block readonly slaves using InnoDB tables */
+#define TL_BLOCKS_READONLY TL_READ_WITH_SHARED_LOCKS
+
 enum enum_thr_lock_result { THR_LOCK_SUCCESS= 0, THR_LOCK_ABORTED= 1,
                             THR_LOCK_WAIT_TIMEOUT= 2, THR_LOCK_DEADLOCK= 3 };
 
 
@@ -31,9 +31,9 @@ grant create user on *.* to foo;
 connect  a, localhost, foo;
 select @@global.read_only;
@@global.read_only
-1
+ON
 alter user foo;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 # Grant READ_ONLY ADMIN privilege to the user.
 connection default;
 grant READ_ONLY ADMIN on *.* to foo;
 
@@ -14,7 +14,7 @@ SHOW VARIABLES LIKE "read_only%";
 Variable_name	Value
 read_only	ON
 INSERT INTO db1.t1 VALUES (1);
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 connection default;
 disconnect con1;
 DROP DATABASE db1;
 
@@ -637,7 +637,7 @@ Update	Tables	To update existing rows
 Set user	Server	To create views and stored routines with a different definer
 Federated admin	Server	To execute the CREATE SERVER, ALTER SERVER, DROP SERVER statements
 Connection admin	Server	To bypass connection limits and kill other users' connections
-Read_only admin	Server	To perform write operations even if @@read_only=ON
+Read_only admin	Server	To perform write operations even if @@read_only=READ_ONLY or READ_ONLY_NO_LOCK
 Usage	Server Admin	No privileges - allow connect only
 Show Create Routine	Databases,Functions,Procedures	To allow SHOW CREATE PROCEDURE/FUNCTION/PACKAGE
 connect  root,localhost,root,,test,$MASTER_MYPORT,$MASTER_MYSOCK;
 
@@ -12,11 +12,11 @@ SET @@GLOBAL.read_only=1;
 connect  con1,localhost,user1,,;
 connection con1;
 UPDATE t1 SET a=11 WHERE a=10;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 DELETE FROM t1 WHERE a=11;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 INSERT INTO t1 VALUES (20);
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 disconnect con1;
 connection default;
 SET @@GLOBAL.read_only=0;
@@ -36,7 +36,7 @@ connect  con1,localhost,user1,,;
 connection con1;
 SELECT @@read_only;
@@read_only
-1
+ON
 UPDATE t1 SET a=11 WHERE a=10;
 DELETE FROM t1 WHERE a=11;
 INSERT INTO t1 VALUES (20);
@@ -59,11 +59,11 @@ connect  con1,localhost,user1,,;
 connection con1;
 SELECT @@read_only;
@@read_only
-1
+ON
 UPDATE t1 SET a=11 WHERE a=10;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 DELETE FROM t1 WHERE a=11;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 connection default;
 grant read only admin on *.* to user1@localhost;
 disconnect con1;
 
@@ -1154,9 +1154,13 @@ The following specify which files/extra groups are read (specified before remain
  buffer of this size for each table it scans. If you do
  many sequential scans, you may want to increase this
  value
- --read-only         Make all non-temporary tables read-only, with the
- exception for replication (slave) threads and users with
- the 'READ ONLY ADMIN' privilege
+ --read-only[=name]  Do not allow changes to non-temporary tables. Options
+ are:OFF changes allowed. ON Disallow changes for users
+ without the READ ONLY ADMIN privilege. NO_LOCK
+ Additionally disallows LOCK TABLES and SELECT IN SHARE
+ MODE. NO_LOCK_NO_ADMIN Disallows also for users with
+ READ_ONLY ADMIN privilege. Replication (slave) threads
+ are not affected by this option
  --read-rnd-buffer-size=# 
  When reading rows in sorted order after a sort, the rows
  are read through this buffer to avoid a disk seeks
@@ -1972,7 +1976,7 @@ query-prealloc-size 32768
 range-alloc-block-size 4096
 read-binlog-speed-limit 0
 read-buffer-size 131072
-read-only FALSE
+read-only OFF
 read-rnd-buffer-size 262144
 redirect-url 
 relay-log (No default value)
 
@@ -18,31 +18,31 @@ drop table t3;
 connection con1;
 select @@global.read_only;
@@global.read_only
-1
+ON
 create table t3 (a int);
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 insert into t1 values(1);
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 drop trigger trg1;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 update t1 set a=1 where 1=0;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 update t1,t2 set t1.a=t2.a+1 where t1.a=t2.a;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 delete t1,t2 from t1,t2 where t1.a=t2.a;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 create temporary table t3 (a int);
 create temporary table t4 (a int) select * from t3;
 insert into t3 values(1);
 insert into t4 select * from t3;
 create table t3 (a int);
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 update t1,t3 set t1.a=t3.a+1 where t1.a=t3.a;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 update t1,t3 set t3.a=t1.a+1 where t1.a=t3.a;
 update t4,t3 set t4.a=t3.a+1 where t4.a=t3.a;
 delete t1 from t1,t3 where t1.a=t3.a;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 delete t3 from t1,t3 where t1.a=t3.a;
 delete t4 from t3,t4 where t4.a=t3.a;
 create temporary table t1 (a int);
@@ -51,7 +51,7 @@ update t1,t3 set t1.a=t3.a+1 where t1.a=t3.a;
 delete t1 from t1,t3 where t1.a=t3.a;
 drop table t1;
 insert into t1 values(1);
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 drop temporary table if exists t1;
 Warnings:
 Note	1051	Unknown table 'test.t1'
@@ -69,11 +69,11 @@ set global read_only=1;
 connection con1;
 select @@global.read_only;
@@global.read_only
-0
+OFF
 unlock tables ;
 select @@global.read_only;
@@global.read_only
-1
+ON
 connection default;
 reap;
 connection default;
@@ -88,11 +88,11 @@ unlock tables ;
 set global read_only=1;
 select @@global.read_only;
@@global.read_only
-1
+ON
 connection con1;
 select @@global.read_only;
@@global.read_only
-1
+ON
 unlock tables ;
 connection default;
 connection default;
@@ -108,7 +108,7 @@ set global read_only=1;
 connection con1;
 select @@global.read_only;
@@global.read_only
-1
+ON
 ROLLBACK;
 connection default;
 set global read_only=0;
@@ -124,7 +124,7 @@ set global read_only=1;
 connection default;
 select @@global.read_only;
@@global.read_only
-1
+ON
 unlock tables;
 disconnect root2;
 drop temporary table ttt;
@@ -157,11 +157,11 @@ flush privileges;
 connect  con_bug27440,127.0.0.1,mysqltest_u1,,test,$MASTER_MYPORT,;
 connection con_bug27440;
 create database mysqltest_db2;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 show databases like '%mysqltest_db2%';
 Database (%mysqltest_db2%)
 drop database mysqltest_db1;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 disconnect con_bug27440;
 connection default;
 delete from mysql.user where User like 'mysqltest_%';
@@ -179,7 +179,7 @@ GRANT ALTER ON test1.* TO user1@localhost;
 CREATE DATABASE test1;
 SET GLOBAL read_only=1;
 ALTER DATABASE test1 CHARACTER SET utf8;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 SET GLOBAL read_only=0;
 DROP DATABASE test1;
 DROP USER user1@localhost;
@@ -210,21 +210,131 @@ connection con1;
 START TRANSACTION;
 # Check that table updates are still disallowed.
 INSERT INTO t1 VALUES (3);
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 UPDATE t1 SET a= 1;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 DELETE FROM t1;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 COMMIT;
 START TRANSACTION READ ONLY;
 COMMIT;
 # Explicit RW trans is not allowed without super privilege
 START TRANSACTION READ WRITE;
-ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 COMMIT;
 disconnect con1;
 connection default;
 DROP USER user1;
 SET GLOBAL read_only= 0;
 DROP TABLE t1;
 # End of 10.0 tests
+#
+# MDEV-36425 Extend read_only to also block share locks and super user
+#
+CREATE USER user1;
+GRANT ALL on test.* to user1;
+connect  con1, localhost, user1;
+connection default;
+CREATE TABLE t1 (a int primary key auto_increment);
+insert into t1 values (1),(2);
+show variables like "read_only";
+Variable_name	Value
+read_only	OFF
+SET GLOBAL read_only=1;
+show variables like "read_only";
+Variable_name	Value
+read_only	ON
+# admin
+insert into t1 values ();
+lock tables t1 read;
+unlock tables;
+lock tables t1 write;
+unlock tables;
+begin;
+select count(*) from t1 LOCK IN SHARE MODE;
+count(*)
+3
+select count(*) from t1,(select a from t1 LOCK IN SHARE MODE) as t2;
+count(*)
+9
+commit;
+# user
+connection con1;
+insert into t1 values ();
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
+lock tables t1 read;
+unlock tables;
+lock tables t1 write;
+ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
+unlock tables;
+begin;
+select count(*) from t1 LOCK IN SHARE MODE;
+count(*)
+3
+select count(*) from t1,(select a from t1 LOCK IN SHARE MODE) as t2;
+count(*)
+9
+commit;
+connection default;
+SET GLOBAL read_only=2;
+show variables like "read_only";
+Variable_name	Value
+read_only	NO_LOCK
+# admin
+insert into t1 values ();
+lock tables t1 read;
+unlock tables;
+lock tables t1 write;
+unlock tables;
+begin;
+select count(*) from t1 LOCK IN SHARE MODE;
+count(*)
+4
+select count(*) from t1,(select a from t1 LOCK IN SHARE MODE) as t2;
+count(*)
+16
+commit;
+#user
+connection con1;
+insert into t1 values ();
+ERROR HY000: The MariaDB server is running with the --read-only=NO_LOCK option so it cannot execute this statement
+lock tables t1 read;
+ERROR HY000: The MariaDB server is running with the --read-only=NO_LOCK option so it cannot execute this statement
+unlock tables;
+lock tables t1 write;
+ERROR HY000: The MariaDB server is running with the --read-only=NO_LOCK option so it cannot execute this statement
+unlock tables;
+begin;
+select count(*) from t1 LOCK IN SHARE MODE;
+ERROR HY000: The MariaDB server is running with the --read-only=NO_LOCK option so it cannot execute this statement
+select count(*) from t1,(select a from t1 LOCK IN SHARE MODE) as t2;
+ERROR HY000: The MariaDB server is running with the --read-only=NO_LOCK option so it cannot execute this statement
+commit;
+connection default;
+SET GLOBAL read_only=3;
+show variables like "read_only";
+Variable_name	Value
+read_only	NO_LOCK_NO_ADMIN
+# admin
+insert into t1 values ();
+ERROR HY000: The MariaDB server is running with the --read-only=NO_LOCK_NO_ADMIN option so it cannot execute this statement
+lock tables t1 read;
+ERROR HY000: The MariaDB server is running with the --read-only=NO_LOCK_NO_ADMIN option so it cannot execute this statement
+unlock tables;
+lock tables t1 write;
+ERROR HY000: The MariaDB server is running with the --read-only=NO_LOCK_NO_ADMIN option so it cannot execute this statement
+unlock tables;
+begin;
+select count(*) from t1 LOCK IN SHARE MODE;
+ERROR HY000: The MariaDB server is running with the --read-only=NO_LOCK_NO_ADMIN option so it cannot execute this statement
+select count(*) from t1,(select a from t1 LOCK IN SHARE MODE) as t2;
+ERROR HY000: The MariaDB server is running with the --read-only=NO_LOCK_NO_ADMIN option so it cannot execute this statement
+commit;
+SET GLOBAL read_only=0;
+select count(*) from t1;
+count(*)
+4
+drop table t1;
+drop user user1;
+disconnect con1;
+# End of 11.8 tests