From d0502a6f8dafb2ec995b5cf80b05fc5134194418 Mon Sep 17 00:00:00 2001 From: lysu Date: Tue, 17 Dec 2019 21:14:46 +0800 Subject: [PATCH] privilege: make 'grant all privileges' work right (#11449) (#14092) --- executor/grant_test.go | 26 ------------------------- go.mod | 2 +- go.sum | 6 ++---- privilege/privileges/cache.go | 7 ++++++- privilege/privileges/privileges_test.go | 26 +++++++++++++++++++++++++ 5 files changed, 35 insertions(+), 32 deletions(-) diff --git a/executor/grant_test.go b/executor/grant_test.go index b4fb7b856d566..f652ec37a1448 100644 --- a/executor/grant_test.go +++ b/executor/grant_test.go @@ -14,7 +14,6 @@ package executor_test import ( - "bytes" "fmt" "strings" @@ -238,28 +237,3 @@ func (s *testSuite3) TestGrantUnderANSIQuotes(c *C) { tk.MustExec(`REVOKE ALL PRIVILEGES ON video_ulimit.* FROM web@'%';`) tk.MustExec(`DROP USER IF EXISTS 'web'@'%'`) } - -func (s *testSuite3) TestUserTableConsistency(c *C) { - tk := testkit.NewTestKit(c, s.store) - tk.MustExec("create user superadmin") - tk.MustExec("grant all privileges on *.* to 'superadmin'") - - // GrantPriv is not in AllGlobalPrivs any more, see pingcap/parser#581 - c.Assert(len(mysql.Priv2UserCol), Equals, len(mysql.AllGlobalPrivs)+1) - - var buf bytes.Buffer - var res bytes.Buffer - buf.WriteString("select ") - i := 0 - for _, priv := range mysql.AllGlobalPrivs { - if i != 0 { - buf.WriteString(", ") - res.WriteString(" ") - } - buf.WriteString(mysql.Priv2UserCol[priv]) - res.WriteString("Y") - i++ - } - buf.WriteString(" from mysql.user where user = 'superadmin'") - tk.MustQuery(buf.String()).Check(testkit.Rows(res.String())) -} diff --git a/go.mod b/go.mod index 76f704c450209..86d948ce64ddf 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( github.com/pingcap/goleveldb v0.0.0-20171020122428-b9ff6c35079e github.com/pingcap/kvproto v0.0.0-20191106014506-c5d88d699a8d github.com/pingcap/log v0.0.0-20190715063458-479153f07ebd - github.com/pingcap/parser v0.0.0-20191209121001-06cb36ea337f + github.com/pingcap/parser v0.0.0-20191217103835-701d0da815ab github.com/pingcap/pd v1.1.0-beta.0.20190912093418-dc03c839debd github.com/pingcap/tidb-tools v3.0.6-0.20191119150227-ff0a3c6e5763+incompatible github.com/pingcap/tipb v0.0.0-20191120045257-1b9900292ab6 diff --git a/go.sum b/go.sum index 37d429d5d8c6d..4e64fc2e6d7b2 100644 --- a/go.sum +++ b/go.sum @@ -13,7 +13,6 @@ github.com/blacktear23/go-proxyprotocol v0.0.0-20180807104634-af7a81e8dd0d/go.mo github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20171208011716-f6d7a1f6fbf3/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd h1:qMd81Ts1T2OTKmB4acZcyKaMtRnY5Y44NuXGX2GFJ1w= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= @@ -154,8 +153,8 @@ github.com/pingcap/kvproto v0.0.0-20191106014506-c5d88d699a8d h1:zTHgLr8+0LTEJmj github.com/pingcap/kvproto v0.0.0-20191106014506-c5d88d699a8d/go.mod h1:QMdbTAXCHzzygQzqcG9uVUgU2fKeSN1GmfMiykdSzzY= github.com/pingcap/log v0.0.0-20190715063458-479153f07ebd h1:hWDol43WY5PGhsh3+8794bFHY1bPrmu6bTalpssCrGg= github.com/pingcap/log v0.0.0-20190715063458-479153f07ebd/go.mod h1:WpHUKhNZ18v116SvGrmjkA9CBhYmuUTKL+p8JC9ANEw= -github.com/pingcap/parser v0.0.0-20191209121001-06cb36ea337f h1:np0CiiCmtVMGvXrqd6jlKKgIWURcKjv9a8u1OMkS/JI= -github.com/pingcap/parser v0.0.0-20191209121001-06cb36ea337f/go.mod h1:1FNvfp9+J0wvc4kl8eGNh7Rqrxveg15jJoWo/a0uHwA= +github.com/pingcap/parser v0.0.0-20191217103835-701d0da815ab h1:U0lKTYjmd2Kgz2DfVaaoSKPdiMyp6h2MHOZl/4gQT1U= +github.com/pingcap/parser v0.0.0-20191217103835-701d0da815ab/go.mod h1:1FNvfp9+J0wvc4kl8eGNh7Rqrxveg15jJoWo/a0uHwA= github.com/pingcap/pd v1.1.0-beta.0.20190912093418-dc03c839debd h1:bKj6hodu/ro78B0oN2yicdGn0t4yd9XjnyoW95qmWic= github.com/pingcap/pd v1.1.0-beta.0.20190912093418-dc03c839debd/go.mod h1:I7TEby5BHTYIxgHszfsOJSBsk8b2Qt8QrSIgdv5n5QQ= github.com/pingcap/tidb-tools v3.0.6-0.20191119150227-ff0a3c6e5763+incompatible h1:I8HirWsu1MZp6t9G/g8yKCEjJJxtHooKakEgccvdJ4M= @@ -182,7 +181,6 @@ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d h1:GoAlyOgbOEIFd github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/remyoudompheng/bigfft v0.0.0-20190512091148-babf20351dd7 h1:FUL3b97ZY2EPqg2NbXKuMHs5pXJB9hjj1fDHnF2vl28= github.com/remyoudompheng/bigfft v0.0.0-20190512091148-babf20351dd7/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= -github.com/sergi/go-diff v1.0.1-0.20180205163309-da645544ed44 h1:tB9NOR21++IjLyVx3/PCPhWMwqGNCMQEH96A6dMZ/gc= github.com/sergi/go-diff v1.0.1-0.20180205163309-da645544ed44/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/shirou/gopsutil v2.18.10+incompatible h1:cy84jW6EVRPa5g9HAHrlbxMSIjBhDSX0OFYyMYminYs= github.com/shirou/gopsutil v2.18.10+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= diff --git a/privilege/privileges/cache.go b/privilege/privileges/cache.go index 9c27fbd54b578..f82f50e7dbbed 100644 --- a/privilege/privileges/cache.go +++ b/privilege/privileges/cache.go @@ -254,7 +254,12 @@ func (p *MySQLPrivilege) LoadRoleGraph(ctx sessionctx.Context) error { // LoadUserTable loads the mysql.user table from database. func (p *MySQLPrivilege) LoadUserTable(ctx sessionctx.Context) error { - err := p.loadTable(ctx, "select HIGH_PRIORITY Host,User,Password,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Process_priv,Grant_priv,References_priv,Alter_priv,Show_db_priv,Super_priv,Execute_priv,Create_view_priv,Show_view_priv,Index_priv,Create_user_priv,Trigger_priv,Create_role_priv,Drop_role_priv,account_locked from mysql.user;", p.decodeUserTableRow) + userPrivCols := make([]string, 0, len(mysql.Priv2UserCol)) + for _, v := range mysql.Priv2UserCol { + userPrivCols = append(userPrivCols, v) + } + query := fmt.Sprintf("select HIGH_PRIORITY Host,User,Password,%s,account_locked from mysql.user;", strings.Join(userPrivCols, ", ")) + err := p.loadTable(ctx, query, p.decodeUserTableRow) if err != nil { return errors.Trace(err) } diff --git a/privilege/privileges/privileges_test.go b/privilege/privileges/privileges_test.go index a36332565b714..a4c8961d2e57d 100644 --- a/privilege/privileges/privileges_test.go +++ b/privilege/privileges/privileges_test.go @@ -14,6 +14,7 @@ package privileges_test import ( + "bytes" "context" "fmt" "strings" @@ -30,6 +31,7 @@ import ( "github.com/pingcap/tidb/session" "github.com/pingcap/tidb/sessionctx" "github.com/pingcap/tidb/store/mockstore" + "github.com/pingcap/tidb/util/testkit" "github.com/pingcap/tidb/util/testleak" "github.com/pingcap/tidb/util/testutil" ) @@ -732,6 +734,30 @@ func (s *testPrivilegeSuite) TestDefaultRoles(c *C) { c.Assert(len(ret), Equals, 0) } +func (s *testPrivilegeSuite) TestUserTableConsistency(c *C) { + tk := testkit.NewTestKit(c, s.store) + tk.MustExec("create user superadmin") + tk.MustExec("grant all privileges on *.* to 'superadmin'") + + // GrantPriv is not in AllGlobalPrivs any more, see pingcap/parser#581 + c.Assert(len(mysql.Priv2UserCol), Equals, len(mysql.AllGlobalPrivs)+1) + + var buf bytes.Buffer + var res bytes.Buffer + buf.WriteString("select ") + i := 0 + for _, priv := range mysql.AllGlobalPrivs { + if i != 0 { + buf.WriteString(", ") + res.WriteString(" ") + } + buf.WriteString(mysql.Priv2UserCol[priv]) + res.WriteString("Y") + i++ + } + buf.WriteString(" from mysql.user where user = 'superadmin'") + tk.MustQuery(buf.String()).Check(testkit.Rows(res.String())) +} func mustExec(c *C, se session.Session, sql string) { _, err := se.Execute(context.Background(), sql) c.Assert(err, IsNil)