Skip to content

planner: fix visit info for grant/revoke #23946

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ti-chi-bot merged 4 commits into from
Apr 26, 2021
Merged

planner: fix visit info for grant/revoke #23946

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b32c4b0
planner: fix visit info for grant/revoke
morgo Apr 11, 2021
dc747c3
Merge branch 'master' into fix-revoke-dynamic-privs
ti-chi-bot Apr 26, 2021
5e439a7
Merge branch 'master' into fix-revoke-dynamic-privs
ti-chi-bot Apr 26, 2021
1375470
Merge branch 'master' into fix-revoke-dynamic-privs
ti-chi-bot Apr 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 88 additions & 0 deletions planner/core/logical_plan_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1076,6 +1076,43 @@ func (s *testPlanSuite) TestVisitInfo(c *C) {
{mysql.ShowViewPriv, "test", "", "", nil, false, "", false},
},
},
{
sql: `grant all privileges on *.* to 'test'@'%'`,
ans: []visitInfo{
{mysql.SelectPriv, "", "", "", nil, false, "", false},
{mysql.InsertPriv, "", "", "", nil, false, "", false},
{mysql.UpdatePriv, "", "", "", nil, false, "", false},
{mysql.DeletePriv, "", "", "", nil, false, "", false},
{mysql.CreatePriv, "", "", "", nil, false, "", false},
{mysql.DropPriv, "", "", "", nil, false, "", false},
{mysql.ProcessPriv, "", "", "", nil, false, "", false},
{mysql.ReferencesPriv, "", "", "", nil, false, "", false},
{mysql.AlterPriv, "", "", "", nil, false, "", false},
{mysql.ShowDBPriv, "", "", "", nil, false, "", false},
{mysql.SuperPriv, "", "", "", nil, false, "", false},
{mysql.ExecutePriv, "", "", "", nil, false, "", false},
{mysql.IndexPriv, "", "", "", nil, false, "", false},
{mysql.CreateUserPriv, "", "", "", nil, false, "", false},
{mysql.CreateTablespacePriv, "", "", "", nil, false, "", false},
{mysql.TriggerPriv, "", "", "", nil, false, "", false},
{mysql.CreateViewPriv, "", "", "", nil, false, "", false},
{mysql.ShowViewPriv, "", "", "", nil, false, "", false},
{mysql.CreateRolePriv, "", "", "", nil, false, "", false},
{mysql.DropRolePriv, "", "", "", nil, false, "", false},
{mysql.CreateTMPTablePriv, "", "", "", nil, false, "", false},
{mysql.LockTablesPriv, "", "", "", nil, false, "", false},
{mysql.CreateRoutinePriv, "", "", "", nil, false, "", false},
{mysql.AlterRoutinePriv, "", "", "", nil, false, "", false},
{mysql.EventPriv, "", "", "", nil, false, "", false},
{mysql.ShutdownPriv, "", "", "", nil, false, "", false},
{mysql.ReloadPriv, "", "", "", nil, false, "", false},
{mysql.FilePriv, "", "", "", nil, false, "", false},
{mysql.ConfigPriv, "", "", "", nil, false, "", false},
{mysql.ReplicationClientPriv, "", "", "", nil, false, "", false},
{mysql.ReplicationSlavePriv, "", "", "", nil, false, "", false},
{mysql.GrantPriv, "", "", "", nil, false, "", false},
},
},
{
sql: `grant select on test.ttt to 'test'@'%'`,
ans: []visitInfo{
Expand Down Expand Up @@ -1107,6 +1144,57 @@ func (s *testPlanSuite) TestVisitInfo(c *C) {
{mysql.ShowViewPriv, "test", "", "", nil, false, "", false},
},
},
{
sql: `revoke connection_admin on *.* from u1`,
ans: []visitInfo{
{mysql.ExtendedPriv, "", "", "", nil, false, "CONNECTION_ADMIN", true},
},
},
{
sql: `revoke connection_admin, select on *.* from u1`,
ans: []visitInfo{
{mysql.ExtendedPriv, "", "", "", nil, false, "CONNECTION_ADMIN", true},
{mysql.SelectPriv, "", "", "", nil, false, "", false},
{mysql.GrantPriv, "", "", "", nil, false, "", false},
},
},
{
sql: `revoke all privileges on *.* FROM u1`,
ans: []visitInfo{
{mysql.SelectPriv, "", "", "", nil, false, "", false},
{mysql.InsertPriv, "", "", "", nil, false, "", false},
{mysql.UpdatePriv, "", "", "", nil, false, "", false},
{mysql.DeletePriv, "", "", "", nil, false, "", false},
{mysql.CreatePriv, "", "", "", nil, false, "", false},
{mysql.DropPriv, "", "", "", nil, false, "", false},
{mysql.ProcessPriv, "", "", "", nil, false, "", false},
{mysql.ReferencesPriv, "", "", "", nil, false, "", false},
{mysql.AlterPriv, "", "", "", nil, false, "", false},
{mysql.ShowDBPriv, "", "", "", nil, false, "", false},
{mysql.SuperPriv, "", "", "", nil, false, "", false},
{mysql.ExecutePriv, "", "", "", nil, false, "", false},
{mysql.IndexPriv, "", "", "", nil, false, "", false},
{mysql.CreateUserPriv, "", "", "", nil, false, "", false},
{mysql.CreateTablespacePriv, "", "", "", nil, false, "", false},
{mysql.TriggerPriv, "", "", "", nil, false, "", false},
{mysql.CreateViewPriv, "", "", "", nil, false, "", false},
{mysql.ShowViewPriv, "", "", "", nil, false, "", false},
{mysql.CreateRolePriv, "", "", "", nil, false, "", false},
{mysql.DropRolePriv, "", "", "", nil, false, "", false},
{mysql.CreateTMPTablePriv, "", "", "", nil, false, "", false},
{mysql.LockTablesPriv, "", "", "", nil, false, "", false},
{mysql.CreateRoutinePriv, "", "", "", nil, false, "", false},
{mysql.AlterRoutinePriv, "", "", "", nil, false, "", false},
{mysql.EventPriv, "", "", "", nil, false, "", false},
{mysql.ShutdownPriv, "", "", "", nil, false, "", false},
{mysql.ReloadPriv, "", "", "", nil, false, "", false},
{mysql.FilePriv, "", "", "", nil, false, "", false},
{mysql.ConfigPriv, "", "", "", nil, false, "", false},
{mysql.ReplicationClientPriv, "", "", "", nil, false, "", false},
{mysql.ReplicationSlavePriv, "", "", "", nil, false, "", false},
{mysql.GrantPriv, "", "", "", nil, false, "", false},
},
},
{
sql: `set password for 'root'@'%' = 'xxxxx'`,
ans: []visitInfo{},
Expand Down
22 changes: 17 additions & 5 deletions planner/core/planbuilder.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2260,13 +2260,19 @@ func collectVisitInfoFromRevokeStmt(sctx sessionctx.Context, vi []visitInfo, stm
// and you must have the privileges that you are granting.
dbName := stmt.Level.DBName
tableName := stmt.Level.TableName
if dbName == "" {
// This supports a local revoke SELECT on tablename, but does
// not add dbName to the visitInfo of a *.* grant.
if dbName == "" && stmt.Level.Level != ast.GrantLevelGlobal {
dbName = sctx.GetSessionVars().CurrentDB
}
vi = appendVisitInfo(vi, mysql.GrantPriv, dbName, tableName, "", nil)

var nonDynamicPrivilege bool
var allPrivs []mysql.PrivilegeType
for _, item := range stmt.Privs {
if item.Priv == mysql.ExtendedPriv {
vi = appendDynamicVisitInfo(vi, strings.ToUpper(item.Name), true, nil) // verified in MySQL: requires the dynamic grant option to revoke.
continue
}
nonDynamicPrivilege = true
if item.Priv == mysql.AllPriv {
switch stmt.Level.Level {
case ast.GrantLevelGlobal:
Expand All @@ -2284,7 +2290,11 @@ func collectVisitInfoFromRevokeStmt(sctx sessionctx.Context, vi []visitInfo, stm
for _, priv := range allPrivs {
vi = appendVisitInfo(vi, priv, dbName, tableName, "", nil)
}

if nonDynamicPrivilege {
// Dynamic privileges use their own GRANT OPTION. If there were any non-dynamic privilege requests,
// we need to attach the "GLOBAL" version of the GRANT OPTION.
vi = appendVisitInfo(vi, mysql.GrantPriv, dbName, tableName, "", nil)
}
return vi
}

Expand All @@ -2293,7 +2303,9 @@ func collectVisitInfoFromGrantStmt(sctx sessionctx.Context, vi []visitInfo, stmt
// and you must have the privileges that you are granting.
dbName := stmt.Level.DBName
tableName := stmt.Level.TableName
if dbName == "" {
// This supports a local revoke SELECT on tablename, but does
// not add dbName to the visitInfo of a *.* grant.
if dbName == "" && stmt.Level.Level != ast.GrantLevelGlobal {
dbName = sctx.GetSessionVars().CurrentDB
}
var nonDynamicPrivilege bool
Expand Down