From 635b4261b0301f8509772497c3b055552b2ab3bb Mon Sep 17 00:00:00 2001 From: zhangdong Date: Wed, 30 Jul 2025 15:25:56 +0800 Subject: [PATCH 1/3] 1 --- .../trees/plans/commands/ShowGrantsCommand.java | 10 ++++++---- .../plans/commands/ShowGrantsCommandTest.java | 17 +++++++++++++++++ 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java index b686add882f76e..ab9fe05edb42cf 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java @@ -70,6 +70,7 @@ public ShowResultSetMetaData getMetaData() { @Override public ShowResultSet doRun(ConnectContext ctx, StmtExecutor executor) throws Exception { + boolean isSelf = false; if (userIdent != null) { if (isAll) { throw new AnalysisException("Can not specified keyword ALL when specified user"); @@ -79,18 +80,19 @@ public ShowResultSet doRun(ConnectContext ctx, StmtExecutor executor) throws Exc if (!isAll) { // self userIdent = ConnectContext.get().getCurrentUserIdentity(); + isSelf = true; } } Preconditions.checkState(isAll || userIdent != null); - UserIdentity self = ConnectContext.get().getCurrentUserIdentity(); - // if show all grants, or show other user's grants, need global GRANT priv. - if (isAll || !self.equals(userIdent)) { + if (isAll || !isSelf) { if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "GRANT"); } } - if (userIdent != null && !Env.getCurrentEnv().getAccessManager().getAuth().doesUserExist(userIdent)) { + // ldap user not exist in userManager, so should not check + if (userIdent != null && !isSelf && !Env.getCurrentEnv().getAccessManager().getAuth() + .doesUserExist(userIdent)) { throw new AnalysisException(String.format("User: %s does not exist", userIdent)); } List> infos = Env.getCurrentEnv().getAuth().getAuthInfo(userIdent); diff --git a/fe/fe-core/src/test/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommandTest.java b/fe/fe-core/src/test/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommandTest.java index 5699069b161d9b..ffcbcdb42863b1 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommandTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommandTest.java @@ -86,4 +86,21 @@ void testDorun() throws Exception { int size = results.size(); Assertions.assertEquals("'zzz'@'%'", results.get(size - 1).get(0)); } + + @Test + void testNonExistUser() { + ConnectContext ctx = ConnectContext.get(); + UserIdentity nonExistUser = UserIdentity.createAnalyzedUserIdentWithIp("non_exist_user", "%"); + Assertions.assertThrows(AnalysisException.class, () -> { + ShowGrantsCommand sg = new ShowGrantsCommand(nonExistUser, false); + sg.doRun(ctx, null); + }); + + ctx.setIsTempUser(true); + ctx.setCurrentUserIdentity(nonExistUser); + Assertions.assertDoesNotThrow(() -> { + ShowGrantsCommand sg = new ShowGrantsCommand(null, false); + sg.doRun(ctx, null); + }); + } } From df6267f9f0883831284b50fcfdac63620564e66f Mon Sep 17 00:00:00 2001 From: zhangdong Date: Thu, 7 Aug 2025 17:41:47 +0800 Subject: [PATCH 2/3] 1 --- .../doris/nereids/trees/plans/commands/ShowGrantsCommand.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java index ab9fe05edb42cf..6ec76a085d7c29 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java @@ -70,7 +70,6 @@ public ShowResultSetMetaData getMetaData() { @Override public ShowResultSet doRun(ConnectContext ctx, StmtExecutor executor) throws Exception { - boolean isSelf = false; if (userIdent != null) { if (isAll) { throw new AnalysisException("Can not specified keyword ALL when specified user"); @@ -80,9 +79,9 @@ public ShowResultSet doRun(ConnectContext ctx, StmtExecutor executor) throws Exc if (!isAll) { // self userIdent = ConnectContext.get().getCurrentUserIdentity(); - isSelf = true; } } + boolean isSelf = userIdent!= null && ConnectContext.get().getCurrentUserIdentity().equals(userIdent); Preconditions.checkState(isAll || userIdent != null); // if show all grants, or show other user's grants, need global GRANT priv. if (isAll || !isSelf) { From a1df479568b2b7651cab2db0735134f96db06b77 Mon Sep 17 00:00:00 2001 From: zhangdong Date: Thu, 7 Aug 2025 17:54:04 +0800 Subject: [PATCH 3/3] 1 --- .../doris/nereids/trees/plans/commands/ShowGrantsCommand.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java index 6ec76a085d7c29..5daf756db96508 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ShowGrantsCommand.java @@ -81,7 +81,7 @@ public ShowResultSet doRun(ConnectContext ctx, StmtExecutor executor) throws Exc userIdent = ConnectContext.get().getCurrentUserIdentity(); } } - boolean isSelf = userIdent!= null && ConnectContext.get().getCurrentUserIdentity().equals(userIdent); + boolean isSelf = userIdent != null && ConnectContext.get().getCurrentUserIdentity().equals(userIdent); Preconditions.checkState(isAll || userIdent != null); // if show all grants, or show other user's grants, need global GRANT priv. if (isAll || !isSelf) {