From 701d0da815abbb007366b95423fe69b4726ec887 Mon Sep 17 00:00:00 2001 From: lysu Date: Tue, 17 Dec 2019 18:38:35 +0800 Subject: [PATCH] *: make 'grant all privileges' work right (#400) (#686) --- ast/misc.go | 52 +++-------------- mysql/const.go | 156 ++++++++++++++++++++++++++++--------------------- parser.go | 10 ++-- parser.y | 10 ++-- parser_test.go | 2 +- 5 files changed, 109 insertions(+), 121 deletions(-) diff --git a/ast/misc.go b/ast/misc.go index 541d10bbd..9ed0acf57 100755 --- a/ast/misc.go +++ b/ast/misc.go @@ -1649,51 +1649,17 @@ type PrivElem struct { // Restore implements Node interface. func (n *PrivElem) Restore(ctx *RestoreCtx) error { - switch n.Priv { - case 0: + if n.Priv == 0 { ctx.WritePlain("/* UNSUPPORTED TYPE */") - case mysql.AllPriv: + } else if n.Priv == mysql.AllPriv { ctx.WriteKeyWord("ALL") - case mysql.AlterPriv: - ctx.WriteKeyWord("ALTER") - case mysql.CreatePriv: - ctx.WriteKeyWord("CREATE") - case mysql.CreateUserPriv: - ctx.WriteKeyWord("CREATE USER") - case mysql.CreateRolePriv: - ctx.WriteKeyWord("CREATE ROLE") - case mysql.TriggerPriv: - ctx.WriteKeyWord("TRIGGER") - case mysql.DeletePriv: - ctx.WriteKeyWord("DELETE") - case mysql.DropPriv: - ctx.WriteKeyWord("DROP") - case mysql.ProcessPriv: - ctx.WriteKeyWord("PROCESS") - case mysql.ExecutePriv: - ctx.WriteKeyWord("EXECUTE") - case mysql.IndexPriv: - ctx.WriteKeyWord("INDEX") - case mysql.InsertPriv: - ctx.WriteKeyWord("INSERT") - case mysql.SelectPriv: - ctx.WriteKeyWord("SELECT") - case mysql.SuperPriv: - ctx.WriteKeyWord("SUPER") - case mysql.ShowDBPriv: - ctx.WriteKeyWord("SHOW DATABASES") - case mysql.UpdatePriv: - ctx.WriteKeyWord("UPDATE") - case mysql.GrantPriv: - ctx.WriteKeyWord("GRANT OPTION") - case mysql.ReferencesPriv: - ctx.WriteKeyWord("REFERENCES") - case mysql.CreateViewPriv: - ctx.WriteKeyWord("CREATE VIEW") - case mysql.ShowViewPriv: - ctx.WriteKeyWord("SHOW VIEW") - default: - return errors.New("Undefined privilege type") + } else { + str, ok := mysql.Priv2Str[n.Priv] + if ok { + ctx.WriteKeyWord(str) + } else { + return errors.New("Undefined privilege type") + } } if n.Cols != nil { ctx.WritePlain(" (") diff --git a/mysql/const.go b/mysql/const.go index 1d80e1664..b771e923a 100644 --- a/mysql/const.go +++ b/mysql/const.go @@ -233,6 +233,13 @@ const ( CreateRolePriv // DropRolePriv is the privilege to drop a role. DropRolePriv + + CreateTMPTablePriv + LockTablesPriv + CreateRoutinePriv + AlterRoutinePriv + EventPriv + // AllPriv is the privilege for all actions. AllPriv ) @@ -279,26 +286,60 @@ const PWDHashLen = 40 // Priv2UserCol is the privilege to mysql.user table column name. var Priv2UserCol = map[PrivilegeType]string{ - CreatePriv: "Create_priv", - SelectPriv: "Select_priv", - InsertPriv: "Insert_priv", - UpdatePriv: "Update_priv", - DeletePriv: "Delete_priv", - ShowDBPriv: "Show_db_priv", - SuperPriv: "Super_priv", - CreateUserPriv: "Create_user_priv", - TriggerPriv: "Trigger_priv", - DropPriv: "Drop_priv", - ProcessPriv: "Process_priv", - GrantPriv: "Grant_priv", - ReferencesPriv: "References_priv", - AlterPriv: "Alter_priv", - ExecutePriv: "Execute_priv", - IndexPriv: "Index_priv", - CreateViewPriv: "Create_view_priv", - ShowViewPriv: "Show_view_priv", - CreateRolePriv: "Create_role_priv", - DropRolePriv: "Drop_role_priv", + CreatePriv: "Create_priv", + SelectPriv: "Select_priv", + InsertPriv: "Insert_priv", + UpdatePriv: "Update_priv", + DeletePriv: "Delete_priv", + ShowDBPriv: "Show_db_priv", + SuperPriv: "Super_priv", + CreateUserPriv: "Create_user_priv", + TriggerPriv: "Trigger_priv", + DropPriv: "Drop_priv", + ProcessPriv: "Process_priv", + GrantPriv: "Grant_priv", + ReferencesPriv: "References_priv", + AlterPriv: "Alter_priv", + ExecutePriv: "Execute_priv", + IndexPriv: "Index_priv", + CreateViewPriv: "Create_view_priv", + ShowViewPriv: "Show_view_priv", + CreateRolePriv: "Create_role_priv", + DropRolePriv: "Drop_role_priv", + CreateTMPTablePriv: "Create_tmp_table_priv", + LockTablesPriv: "Lock_tables_priv", + CreateRoutinePriv: "Create_routine_priv", + AlterRoutinePriv: "Alter_routine_priv", + EventPriv: "Event_priv", +} + +// Col2PrivType is the privilege tables column name to privilege type. +var Col2PrivType = map[string]PrivilegeType{ + "Create_priv": CreatePriv, + "Select_priv": SelectPriv, + "Insert_priv": InsertPriv, + "Update_priv": UpdatePriv, + "Delete_priv": DeletePriv, + "Show_db_priv": ShowDBPriv, + "Super_priv": SuperPriv, + "Create_user_priv": CreateUserPriv, + "Trigger_priv": TriggerPriv, + "Drop_priv": DropPriv, + "Process_priv": ProcessPriv, + "Grant_priv": GrantPriv, + "References_priv": ReferencesPriv, + "Alter_priv": AlterPriv, + "Execute_priv": ExecutePriv, + "Index_priv": IndexPriv, + "Create_view_priv": CreateViewPriv, + "Show_view_priv": ShowViewPriv, + "Create_role_priv": CreateRolePriv, + "Drop_role_priv": DropRolePriv, + "Create_tmp_table_priv": CreateTMPTablePriv, + "Lock_tables_priv": LockTablesPriv, + "Create_routine_priv": CreateRoutinePriv, + "Alter_routine_priv": AlterRoutinePriv, + "Event_priv": EventPriv, } // Command2Str is the command information to command name. @@ -337,55 +378,33 @@ var Command2Str = map[byte]string{ ComResetConnection: "Reset connect", } -// Col2PrivType is the privilege tables column name to privilege type. -var Col2PrivType = map[string]PrivilegeType{ - "Create_priv": CreatePriv, - "Select_priv": SelectPriv, - "Insert_priv": InsertPriv, - "Update_priv": UpdatePriv, - "Delete_priv": DeletePriv, - "Show_db_priv": ShowDBPriv, - "Super_priv": SuperPriv, - "Create_user_priv": CreateUserPriv, - "Trigger_priv": TriggerPriv, - "Drop_priv": DropPriv, - "Process_priv": ProcessPriv, - "Grant_priv": GrantPriv, - "References_priv": ReferencesPriv, - "Alter_priv": AlterPriv, - "Execute_priv": ExecutePriv, - "Index_priv": IndexPriv, - "Create_view_priv": CreateViewPriv, - "Show_view_priv": ShowViewPriv, - "Create_role_priv": CreateRolePriv, - "Drop_role_priv": DropRolePriv, -} - -// AllGlobalPrivs is all the privileges in global scope. -var AllGlobalPrivs = []PrivilegeType{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, ProcessPriv, ReferencesPriv, AlterPriv, ShowDBPriv, SuperPriv, ExecutePriv, IndexPriv, CreateUserPriv, TriggerPriv, CreateViewPriv, ShowViewPriv, CreateRolePriv, DropRolePriv} - // Priv2Str is the map for privilege to string. var Priv2Str = map[PrivilegeType]string{ - CreatePriv: "Create", - SelectPriv: "Select", - InsertPriv: "Insert", - UpdatePriv: "Update", - DeletePriv: "Delete", - ShowDBPriv: "Show Databases", - SuperPriv: "Super", - CreateUserPriv: "Create User", - TriggerPriv: "Trigger", - DropPriv: "Drop", - ProcessPriv: "Process", - GrantPriv: "Grant Option", - ReferencesPriv: "References", - AlterPriv: "Alter", - ExecutePriv: "Execute", - IndexPriv: "Index", - CreateViewPriv: "Create View", - ShowViewPriv: "Show View", - CreateRolePriv: "Create Role", - DropRolePriv: "Drop Role", + CreatePriv: "Create", + SelectPriv: "Select", + InsertPriv: "Insert", + UpdatePriv: "Update", + DeletePriv: "Delete", + ShowDBPriv: "Show Databases", + SuperPriv: "Super", + CreateUserPriv: "Create User", + TriggerPriv: "Trigger", + DropPriv: "Drop", + ProcessPriv: "Process", + GrantPriv: "Grant Option", + ReferencesPriv: "References", + AlterPriv: "Alter", + ExecutePriv: "Execute", + IndexPriv: "Index", + CreateViewPriv: "Create View", + ShowViewPriv: "Show View", + CreateRolePriv: "Create Role", + DropRolePriv: "Drop Role", + CreateTMPTablePriv: "CREATE TEMPORARY TABLES", + LockTablesPriv: "LOCK TABLES", + CreateRoutinePriv: "CREATE ROUTINE", + AlterRoutinePriv: "ALTER ROUTINE", + EventPriv: "EVENT", } // Priv2SetStr is the map for privilege to string. @@ -422,6 +441,9 @@ var SetStr2Priv = map[string]PrivilegeType{ "Show View": ShowViewPriv, } +// AllGlobalPrivs is all the privileges in global scope. +var AllGlobalPrivs = []PrivilegeType{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, ProcessPriv, ReferencesPriv, AlterPriv, ShowDBPriv, SuperPriv, ExecutePriv, IndexPriv, CreateUserPriv, TriggerPriv, CreateViewPriv, ShowViewPriv, CreateRolePriv, DropRolePriv, CreateTMPTablePriv, LockTablesPriv, CreateRoutinePriv, AlterRoutinePriv, EventPriv} + // AllDBPrivs is all the privileges in database scope. var AllDBPrivs = []PrivilegeType{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, AlterPriv, ExecutePriv, IndexPriv, CreateViewPriv, ShowViewPriv} diff --git a/parser.go b/parser.go index 7571fc1ae..edef3b787 100644 --- a/parser.go +++ b/parser.go @@ -14629,11 +14629,11 @@ yynewstate: } case 1636: { - parser.yyVAL.item = mysql.PrivilegeType(0) + parser.yyVAL.item = mysql.CreateTMPTablePriv } case 1637: { - parser.yyVAL.item = mysql.PrivilegeType(0) + parser.yyVAL.item = mysql.LockTablesPriv } case 1638: { @@ -14653,15 +14653,15 @@ yynewstate: } case 1642: { - parser.yyVAL.item = mysql.PrivilegeType(0) + parser.yyVAL.item = mysql.CreateRoutinePriv } case 1643: { - parser.yyVAL.item = mysql.PrivilegeType(0) + parser.yyVAL.item = mysql.AlterRoutinePriv } case 1644: { - parser.yyVAL.item = mysql.PrivilegeType(0) + parser.yyVAL.item = mysql.EventPriv } case 1645: { diff --git a/parser.y b/parser.y index e6c22b3d6..c4a547f35 100644 --- a/parser.y +++ b/parser.y @@ -8860,11 +8860,11 @@ PrivType: } | "CREATE" "TEMPORARY" "TABLES" { - $$ = mysql.PrivilegeType(0) + $$ = mysql.CreateTMPTablePriv } | "LOCK" "TABLES" { - $$ = mysql.PrivilegeType(0) + $$ = mysql.LockTablesPriv } | "CREATE" "VIEW" { @@ -8884,15 +8884,15 @@ PrivType: } | "CREATE" "ROUTINE" { - $$ = mysql.PrivilegeType(0) + $$ = mysql.CreateRoutinePriv } | "ALTER" "ROUTINE" { - $$ = mysql.PrivilegeType(0) + $$ = mysql.AlterRoutinePriv } | "EVENT" { - $$ = mysql.PrivilegeType(0) + $$ = mysql.EventPriv } ObjectType: diff --git a/parser_test.go b/parser_test.go index 0c3cc8e2b..d1aa533d6 100755 --- a/parser_test.go +++ b/parser_test.go @@ -2445,7 +2445,7 @@ func (s *testParserSuite) TestPrivilege(c *C) { {"grant all privileges on zabbix.* to 'zabbix'@'localhost' identified by 'password';", true, "GRANT ALL ON `zabbix`.* TO `zabbix`@`localhost` IDENTIFIED BY 'password'"}, {"GRANT SELECT ON test.* to 'test'", true, "GRANT SELECT ON `test`.* TO `test`@`%`"}, // For issue 2654. {"grant PROCESS,usage, REPLICATION SLAVE, REPLICATION CLIENT on *.* to 'xxxxxxxxxx'@'%' identified by password 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'", true, "GRANT PROCESS /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */ ON *.* TO `xxxxxxxxxx`@`%` IDENTIFIED BY PASSWORD 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'"}, // For issue 4865 - {"/* rds internal mark */ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, RELOAD, PROCESS, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER on *.* to 'root2'@'%' identified by password '*sdsadsdsadssadsadsadsadsada' with grant option", true, "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES /* UNSUPPORTED TYPE */, PROCESS, INDEX, ALTER /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */, EXECUTE /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */, CREATE VIEW, SHOW VIEW /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */, CREATE USER /* UNSUPPORTED TYPE */, TRIGGER ON *.* TO `root2`@`%` IDENTIFIED BY PASSWORD '*sdsadsdsadssadsadsadsadsada' WITH GRANT OPTION"}, + {"/* rds internal mark */ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, RELOAD, PROCESS, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER on *.* to 'root2'@'%' identified by password '*sdsadsdsadssadsadsadsadsada' with grant option", true, "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES /* UNSUPPORTED TYPE */, PROCESS, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO `root2`@`%` IDENTIFIED BY PASSWORD '*sdsadsdsadssadsadsadsadsada' WITH GRANT OPTION"}, {"GRANT 'role1', 'role2' TO 'user1'@'localhost', 'user2'@'localhost';", true, "GRANT `role1`@`%`, `role2`@`%` TO `user1`@`localhost`, `user2`@`localhost`"}, {"GRANT 'u1' TO 'u1';", true, "GRANT `u1`@`%` TO `u1`@`%`"}, {"GRANT 'app_developer' TO 'dev1'@'localhost';", true, "GRANT `app_developer`@`%` TO `dev1`@`localhost`"},