Skip to content

Commit

Permalink
fix merge from master, change to ExecuteInternal
Browse files Browse the repository at this point in the history
  • Loading branch information
@morgo
morgo committed Feb 2, 2021
1 parent 3680748 commit 8f319f7
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 45 deletions.
4 changes: 1 addition & 3 deletions privilege/privileges/cache.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -532,13 +532,11 @@ func (p *MySQLPrivilege) LoadDefaultRoles(ctx sessionctx.Context) error {
func (p *MySQLPrivilege) loadTable(sctx sessionctx.Context, sql string,
decodeTableRow func(chunk.Row, []*ast.ResultField) error) error {
ctx := context.Background()
tmp, err := sctx.(sqlexec.SQLExecutor).ExecuteInternal(ctx, sql)
rs, err := sctx.(sqlexec.SQLExecutor).ExecuteInternal(ctx, sql)
if err != nil {
return errors.Trace(err)
}
rs := tmp[0]
defer terror.Call(rs.Close)

fs := rs.Fields()
req := rs.NewChunk()
for {
Expand Down
84 changes: 42 additions & 42 deletions privilege/privileges/privileges_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,9 +150,9 @@ func (s *testPrivilegeSuite) TestCheckPointGetDBPrivilege(c *C) {
se := newSession(c, s.store, s.dbName)
c.Assert(se.Auth(&auth.UserIdentity{Username: "tester", Hostname: "localhost"}, nil, nil), IsTrue)
mustExec(c, se, `use test;`)
_, err := se.Execute(context.Background(), `select * from test2.t where id = 1`)
_, err := se.ExecuteInternal(context.Background(), `select * from test2.t where id = 1`)
c.Assert(terror.ErrorEqual(err, core.ErrTableaccessDenied), IsTrue)
_, err = se.Execute(context.Background(), "update test2.t set v = 2 where id = 1")
_, err = se.ExecuteInternal(context.Background(), "update test2.t set v = 2 where id = 1")
c.Assert(terror.ErrorEqual(err, core.ErrTableaccessDenied), IsTrue)
}

Expand Down Expand Up @@ -410,7 +410,7 @@ func (s *testPrivilegeSuite) TestDropTablePriv(c *C) {
// ctx.GetSessionVars().User = "drop@localhost"
c.Assert(se.Auth(&auth.UserIdentity{Username: "drop", Hostname: "localhost"}, nil, nil), IsTrue)
mustExec(c, se, `SELECT * FROM todrop;`)
_, err := se.Execute(context.Background(), "DROP TABLE todrop;")
_, err := se.ExecuteInternal(context.Background(), "DROP TABLE todrop;")
c.Assert(err, NotNil)

se = newSession(c, s.store, s.dbName)
Expand All @@ -437,7 +437,7 @@ func (s *testPrivilegeSuite) TestSetPasswdStmt(c *C) {

// low privileged user trying to set password for other user (fails)
c.Assert(se.Auth(&auth.UserIdentity{Username: "nobodyuser", Hostname: "localhost", AuthUsername: "nobodyuser", AuthHostname: "%"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), "SET PASSWORD for 'superuser' = 'newpassword'")
_, err := se.ExecuteInternal(context.Background(), "SET PASSWORD for 'superuser' = 'newpassword'")
c.Assert(err, NotNil)
}

Expand All @@ -460,7 +460,7 @@ func (s *testPrivilegeSuite) TestSelectViewSecurity(c *C) {
ctx.GetSessionVars().User = &auth.UserIdentity{Username: "root", Hostname: "localhost"}
mustExec(c, se, "SELECT * FROM test.selectviewsecurity")
mustExec(c, se, `REVOKE Select ON test.viewsecurity FROM 'selectusr'@'localhost';`)
_, err := se.Execute(context.Background(), "select * from test.selectviewsecurity")
_, err := se.ExecuteInternal(context.Background(), "select * from test.selectviewsecurity")
c.Assert(err.Error(), Equals, core.ErrViewInvalid.GenWithStackByArgs("test", "selectviewsecurity").Error())
}

Expand All @@ -479,7 +479,7 @@ func (s *testPrivilegeSuite) TestRoleAdminSecurity(c *C) {
mustExec(c, se, `create role r_test1@localhost`)

c.Assert(se.Auth(&auth.UserIdentity{Username: "ar2", Hostname: "localhost"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), `create role r_test2@localhost`)
_, err := se.ExecuteInternal(context.Background(), `create role r_test2@localhost`)
c.Assert(terror.ErrorEqual(err, core.ErrSpecificAccessDenied), IsTrue)
}

Expand Down Expand Up @@ -765,7 +765,7 @@ func (s *testPrivilegeSuite) TestUseDB(c *C) {
mustExec(c, se, "GRANT ALL ON *.* TO 'usesuper'")
// without grant option
c.Assert(se.Auth(&auth.UserIdentity{Username: "usesuper", Hostname: "localhost", AuthUsername: "usesuper", AuthHostname: "%"}, nil, nil), IsTrue)
_, e := se.Execute(context.Background(), "GRANT SELECT ON mysql.* TO 'usenobody'")
_, e := se.ExecuteInternal(context.Background(), "GRANT SELECT ON mysql.* TO 'usenobody'")
c.Assert(e, NotNil)
// with grant option
se = newSession(c, s.store, s.dbName)
Expand All @@ -775,14 +775,14 @@ func (s *testPrivilegeSuite) TestUseDB(c *C) {
mustExec(c, se, "use mysql")
// low privileged user
c.Assert(se.Auth(&auth.UserIdentity{Username: "usenobody", Hostname: "localhost", AuthUsername: "usenobody", AuthHostname: "%"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), "use mysql")
_, err := se.ExecuteInternal(context.Background(), "use mysql")
c.Assert(err, NotNil)

// try again after privilege granted
c.Assert(se.Auth(&auth.UserIdentity{Username: "usesuper", Hostname: "localhost", AuthUsername: "usesuper", AuthHostname: "%"}, nil, nil), IsTrue)
mustExec(c, se, "GRANT SELECT ON mysql.* TO 'usenobody'")
c.Assert(se.Auth(&auth.UserIdentity{Username: "usenobody", Hostname: "localhost", AuthUsername: "usenobody", AuthHostname: "%"}, nil, nil), IsTrue)
_, err = se.Execute(context.Background(), "use mysql")
_, err = se.ExecuteInternal(context.Background(), "use mysql")
c.Assert(err, IsNil)

// test `use db` for role.
Expand All @@ -794,9 +794,9 @@ func (s *testPrivilegeSuite) TestUseDB(c *C) {
mustExec(c, se, `GRANT 'app_developer' TO 'dev'@'localhost'`)
mustExec(c, se, `SET DEFAULT ROLE 'app_developer' TO 'dev'@'localhost'`)
c.Assert(se.Auth(&auth.UserIdentity{Username: "dev", Hostname: "localhost", AuthUsername: "dev", AuthHostname: "localhost"}, nil, nil), IsTrue)
_, err = se.Execute(context.Background(), "use app_db")
_, err = se.ExecuteInternal(context.Background(), "use app_db")
c.Assert(err, IsNil)
_, err = se.Execute(context.Background(), "use mysql")
_, err = se.ExecuteInternal(context.Background(), "use mysql")
c.Assert(err, NotNil)
}

Expand All @@ -808,7 +808,7 @@ func (s *testPrivilegeSuite) TestRevokePrivileges(c *C) {
mustExec(c, se, "GRANT ALL ON mysql.* TO 'withoutgrant'")
// Without grant option
c.Assert(se.Auth(&auth.UserIdentity{Username: "hasgrant", Hostname: "localhost", AuthUsername: "hasgrant", AuthHostname: "%"}, nil, nil), IsTrue)
_, e := se.Execute(context.Background(), "REVOKE SELECT ON mysql.* FROM 'withoutgrant'")
_, e := se.ExecuteInternal(context.Background(), "REVOKE SELECT ON mysql.* FROM 'withoutgrant'")
c.Assert(e, NotNil)
// With grant option
se = newSession(c, s.store, s.dbName)
Expand All @@ -828,7 +828,7 @@ func (s *testPrivilegeSuite) TestSetGlobal(c *C) {
mustExec(c, se, `set global innodb_commit_concurrency=16`)

c.Assert(se.Auth(&auth.UserIdentity{Username: "setglobal_b", Hostname: "localhost"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), `set global innodb_commit_concurrency=16`)
_, err := se.ExecuteInternal(context.Background(), `set global innodb_commit_concurrency=16`)
c.Assert(terror.ErrorEqual(err, core.ErrSpecificAccessDenied), IsTrue)
}

Expand All @@ -839,9 +839,9 @@ func (s *testPrivilegeSuite) TestCreateDropUser(c *C) {

// should fail
c.Assert(se.Auth(&auth.UserIdentity{Username: "tcd1", Hostname: "localhost", AuthUsername: "tcd1", AuthHostname: "%"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), `CREATE USER acdc`)
_, err := se.ExecuteInternal(context.Background(), `CREATE USER acdc`)
c.Assert(terror.ErrorEqual(err, core.ErrSpecificAccessDenied), IsTrue)
_, err = se.Execute(context.Background(), `DROP USER tcd2`)
_, err = se.ExecuteInternal(context.Background(), `DROP USER tcd2`)
c.Assert(terror.ErrorEqual(err, core.ErrSpecificAccessDenied), IsTrue)

// should pass
Expand Down Expand Up @@ -870,7 +870,7 @@ func (s *testPrivilegeSuite) TestConfigPrivilege(c *C) {
c.Assert(se.Auth(&auth.UserIdentity{Username: "tcd1", Hostname: "localhost", AuthHostname: "tcd1", AuthUsername: "%"}, nil, nil), IsTrue)
mustExec(c, se, `SET CONFIG TIKV testkey="testval"`)
c.Assert(se.Auth(&auth.UserIdentity{Username: "tcd2", Hostname: "localhost", AuthHostname: "tcd2", AuthUsername: "%"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), `SET CONFIG TIKV testkey="testval"`)
_, err := se.ExecuteInternal(context.Background(), `SET CONFIG TIKV testkey="testval"`)
c.Assert(err, ErrorMatches, ".*you need \\(at least one of\\) the CONFIG privilege\\(s\\) for this operation")
mustExec(c, se, `DROP USER tcd1, tcd2`)
}
Expand All @@ -882,7 +882,7 @@ func (s *testPrivilegeSuite) TestShowCreateTable(c *C) {

// should fail
c.Assert(se.Auth(&auth.UserIdentity{Username: "tsct1", Hostname: "localhost", AuthUsername: "tsct1", AuthHostname: "%"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), `SHOW CREATE TABLE mysql.user`)
_, err := se.ExecuteInternal(context.Background(), `SHOW CREATE TABLE mysql.user`)
c.Assert(terror.ErrorEqual(err, core.ErrTableaccessDenied), IsTrue)

// should pass
Expand All @@ -905,25 +905,25 @@ func (s *testPrivilegeSuite) TestAnalyzeTable(c *C) {
mustExec(c, se, "analyze table mysql.user")
// low privileged user
c.Assert(se.Auth(&auth.UserIdentity{Username: "anobody", Hostname: "localhost", AuthUsername: "anobody", AuthHostname: "%"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), "analyze table t1")
_, err := se.ExecuteInternal(context.Background(), "analyze table t1")
c.Assert(terror.ErrorEqual(err, core.ErrTableaccessDenied), IsTrue)
c.Assert(err.Error(), Equals, "[planner:1142]INSERT command denied to user 'anobody'@'%' for table 't1'")

_, err = se.Execute(context.Background(), "select * from t1")
_, err = se.ExecuteInternal(context.Background(), "select * from t1")
c.Assert(err.Error(), Equals, "[planner:1142]SELECT command denied to user 'anobody'@'%' for table 't1'")

// try again after SELECT privilege granted
c.Assert(se.Auth(&auth.UserIdentity{Username: "asuper", Hostname: "localhost", AuthUsername: "asuper", AuthHostname: "%"}, nil, nil), IsTrue)
mustExec(c, se, "GRANT SELECT ON atest.* TO 'anobody'")
c.Assert(se.Auth(&auth.UserIdentity{Username: "anobody", Hostname: "localhost", AuthUsername: "anobody", AuthHostname: "%"}, nil, nil), IsTrue)
_, err = se.Execute(context.Background(), "analyze table t1")
_, err = se.ExecuteInternal(context.Background(), "analyze table t1")
c.Assert(terror.ErrorEqual(err, core.ErrTableaccessDenied), IsTrue)
c.Assert(err.Error(), Equals, "[planner:1142]INSERT command denied to user 'anobody'@'%' for table 't1'")
// Add INSERT privilege and it should work.
c.Assert(se.Auth(&auth.UserIdentity{Username: "asuper", Hostname: "localhost", AuthUsername: "asuper", AuthHostname: "%"}, nil, nil), IsTrue)
mustExec(c, se, "GRANT INSERT ON atest.* TO 'anobody'")
c.Assert(se.Auth(&auth.UserIdentity{Username: "anobody", Hostname: "localhost", AuthUsername: "anobody", AuthHostname: "%"}, nil, nil), IsTrue)
_, err = se.Execute(context.Background(), "analyze table t1")
_, err = se.ExecuteInternal(context.Background(), "analyze table t1")
c.Assert(err, IsNil)

}
Expand All @@ -935,34 +935,34 @@ func (s *testPrivilegeSuite) TestSystemSchema(c *C) {
c.Assert(se.Auth(&auth.UserIdentity{Username: "u1", Hostname: "localhost"}, nil, nil), IsTrue)
mustExec(c, se, `select * from information_schema.tables`)
mustExec(c, se, `select * from information_schema.key_column_usage`)
_, err := se.Execute(context.Background(), "create table information_schema.t(a int)")
_, err := se.ExecuteInternal(context.Background(), "create table information_schema.t(a int)")
c.Assert(strings.Contains(err.Error(), "denied to user"), IsTrue)
_, err = se.Execute(context.Background(), "drop table information_schema.tables")
_, err = se.ExecuteInternal(context.Background(), "drop table information_schema.tables")
c.Assert(strings.Contains(err.Error(), "denied to user"), IsTrue)
_, err = se.Execute(context.Background(), "update information_schema.tables set table_name = 'tst' where table_name = 'mysql'")
_, err = se.ExecuteInternal(context.Background(), "update information_schema.tables set table_name = 'tst' where table_name = 'mysql'")
c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue)

// Test performance_schema.
mustExec(c, se, `select * from performance_schema.events_statements_summary_by_digest`)
_, err = se.Execute(context.Background(), "drop table performance_schema.events_statements_summary_by_digest")
_, err = se.ExecuteInternal(context.Background(), "drop table performance_schema.events_statements_summary_by_digest")
c.Assert(strings.Contains(err.Error(), "denied to user"), IsTrue)
_, err = se.Execute(context.Background(), "update performance_schema.events_statements_summary_by_digest set schema_name = 'tst'")
_, err = se.ExecuteInternal(context.Background(), "update performance_schema.events_statements_summary_by_digest set schema_name = 'tst'")
c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue)
_, err = se.Execute(context.Background(), "delete from performance_schema.events_statements_summary_by_digest")
_, err = se.ExecuteInternal(context.Background(), "delete from performance_schema.events_statements_summary_by_digest")
c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue)
_, err = se.Execute(context.Background(), "create table performance_schema.t(a int)")
_, err = se.ExecuteInternal(context.Background(), "create table performance_schema.t(a int)")
c.Assert(err, NotNil)
c.Assert(strings.Contains(err.Error(), "CREATE command denied"), IsTrue, Commentf(err.Error()))

// Test metric_schema.
mustExec(c, se, `select * from metrics_schema.tidb_query_duration`)
_, err = se.Execute(context.Background(), "drop table metrics_schema.tidb_query_duration")
_, err = se.ExecuteInternal(context.Background(), "drop table metrics_schema.tidb_query_duration")
c.Assert(strings.Contains(err.Error(), "denied to user"), IsTrue)
_, err = se.Execute(context.Background(), "update metrics_schema.tidb_query_duration set instance = 'tst'")
_, err = se.ExecuteInternal(context.Background(), "update metrics_schema.tidb_query_duration set instance = 'tst'")
c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue)
_, err = se.Execute(context.Background(), "delete from metrics_schema.tidb_query_duration")
_, err = se.ExecuteInternal(context.Background(), "delete from metrics_schema.tidb_query_duration")
c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue)
_, err = se.Execute(context.Background(), "create table metric_schema.t(a int)")
_, err = se.ExecuteInternal(context.Background(), "create table metric_schema.t(a int)")
c.Assert(err, NotNil)
c.Assert(strings.Contains(err.Error(), "CREATE command denied"), IsTrue, Commentf(err.Error()))
}
Expand All @@ -974,13 +974,13 @@ func (s *testPrivilegeSuite) TestAdminCommand(c *C) {
mustExec(c, se, `CREATE TABLE t(a int)`)

c.Assert(se.Auth(&auth.UserIdentity{Username: "test_admin", Hostname: "localhost"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), "ADMIN SHOW DDL JOBS")
_, err := se.ExecuteInternal(context.Background(), "ADMIN SHOW DDL JOBS")
c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue)
_, err = se.Execute(context.Background(), "ADMIN CHECK TABLE t")
_, err = se.ExecuteInternal(context.Background(), "ADMIN CHECK TABLE t")
c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue)

c.Assert(se.Auth(&auth.UserIdentity{Username: "root", Hostname: "localhost"}, nil, nil), IsTrue)
_, err = se.Execute(context.Background(), "ADMIN SHOW DDL JOBS")
_, err = se.ExecuteInternal(context.Background(), "ADMIN SHOW DDL JOBS")
c.Assert(err, IsNil)
}

Expand Down Expand Up @@ -1013,8 +1013,8 @@ func (s *testPrivilegeSuite) TestTableNotExistNoPermissions(c *C) {

for _, t := range tests {

_, err1 := se.Execute(context.Background(), fmt.Sprintf(t.stmt, "dbexists", "t1"))
_, err2 := se.Execute(context.Background(), fmt.Sprintf(t.stmt, "dbnotexists", "t1"))
_, err1 := se.ExecuteInternal(context.Background(), fmt.Sprintf(t.stmt, "dbexists", "t1"))
_, err2 := se.ExecuteInternal(context.Background(), fmt.Sprintf(t.stmt, "dbnotexists", "t1"))

// Check the error is the same whether table exists or not.
c.Assert(terror.ErrorEqual(err1, err2), IsTrue)
Expand Down Expand Up @@ -1046,20 +1046,20 @@ func (s *testPrivilegeSuite) TestLoadDataPrivilege(c *C) {
mustExec(c, se, `CREATE TABLE t_load(a int)`)
mustExec(c, se, `GRANT SELECT on *.* to 'test_load'@'localhost'`)
c.Assert(se.Auth(&auth.UserIdentity{Username: "test_load", Hostname: "localhost"}, nil, nil), IsTrue)
_, err = se.Execute(context.Background(), "LOAD DATA LOCAL INFILE '/tmp/load_data_priv.csv' INTO TABLE t_load")
_, err = se.ExecuteInternal(context.Background(), "LOAD DATA LOCAL INFILE '/tmp/load_data_priv.csv' INTO TABLE t_load")
c.Assert(strings.Contains(err.Error(), "INSERT command denied to user 'test_load'@'localhost' for table 't_load'"), IsTrue)
c.Assert(se.Auth(&auth.UserIdentity{Username: "root", Hostname: "localhost"}, nil, nil), IsTrue)
mustExec(c, se, `GRANT INSERT on *.* to 'test_load'@'localhost'`)
c.Assert(se.Auth(&auth.UserIdentity{Username: "test_load", Hostname: "localhost"}, nil, nil), IsTrue)
_, err = se.Execute(context.Background(), "LOAD DATA LOCAL INFILE '/tmp/load_data_priv.csv' INTO TABLE t_load")
_, err = se.ExecuteInternal(context.Background(), "LOAD DATA LOCAL INFILE '/tmp/load_data_priv.csv' INTO TABLE t_load")
c.Assert(err, IsNil)
}

func (s *testPrivilegeSuite) TestSelectIntoNoPremissions(c *C) {
se := newSession(c, s.store, s.dbName)
mustExec(c, se, `CREATE USER 'nofile'@'localhost';`)
c.Assert(se.Auth(&auth.UserIdentity{Username: "nofile", Hostname: "localhost"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), `select 1 into outfile '/tmp/doesntmatter-no-permissions'`)
_, err := se.ExecuteInternal(context.Background(), `select 1 into outfile '/tmp/doesntmatter-no-permissions'`)
message := "Access denied; you need (at least one of) the FILE privilege(s) for this operation"
c.Assert(strings.Contains(err.Error(), message), IsTrue)
}
Expand All @@ -1082,7 +1082,7 @@ func (s *testPrivilegeSuite) TestAuthHost(c *C) {
mustExec(c, se, "GRANT SELECT ON *.* TO 'test_auth_host'@'192.168.%';")

c.Assert(se.Auth(&auth.UserIdentity{Username: "test_auth_host", Hostname: "192.168.0.10"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), "create user test_auth_host_a")
_, err := se.ExecuteInternal(context.Background(), "create user test_auth_host_a")
c.Assert(err, NotNil)

mustExec(c, rootSe, "DROP USER 'test_auth_host'@'192.168.%';")
Expand Down Expand Up @@ -1148,7 +1148,7 @@ func (s *testPrivilegeSuite) TestFieldList(c *C) { // Issue #14237 List fields R
}

func mustExec(c *C, se session.Session, sql string) {
_, err := se.Execute(context.Background(), sql)
_, err := se.ExecuteInternal(context.Background(), sql)
c.Assert(err, IsNil)
}

Expand Down

0 comments on commit 8f319f7

Please sign in to comment.