diff --git a/privilege/privileges/cache.go b/privilege/privileges/cache.go index 8d466690250a7..f695742047473 100644 --- a/privilege/privileges/cache.go +++ b/privilege/privileges/cache.go @@ -48,6 +48,23 @@ var ( const globalDBVisible = mysql.CreatePriv | mysql.SelectPriv | mysql.InsertPriv | mysql.UpdatePriv | mysql.DeletePriv | mysql.ShowDBPriv | mysql.DropPriv | mysql.AlterPriv | mysql.IndexPriv | mysql.CreateViewPriv | mysql.ShowViewPriv | mysql.GrantPriv | mysql.TriggerPriv | mysql.ReferencesPriv | mysql.ExecutePriv +const ( + sqlLoadRoleGraph = "SELECT HIGH_PRIORITY FROM_USER, FROM_HOST, TO_USER, TO_HOST FROM mysql.role_edges" + sqlLoadGlobalPrivTable = "SELECT HIGH_PRIORITY Host,User,Priv FROM mysql.global_priv" + sqlLoadDBTable = "SELECT HIGH_PRIORITY Host,DB,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,Index_priv,Alter_priv,Execute_priv,Create_view_priv,Show_view_priv FROM mysql.db ORDER BY host, db, user" + sqlLoadTablePrivTable = "SELECT HIGH_PRIORITY Host,DB,User,Table_name,Grantor,Timestamp,Table_priv,Column_priv FROM mysql.tables_priv" + sqlLoadColumnsPrivTable = "SELECT HIGH_PRIORITY Host,DB,User,Table_name,Column_name,Timestamp,Column_priv FROM mysql.columns_priv" + sqlLoadDefaultRoles = "SELECT HIGH_PRIORITY HOST, USER, DEFAULT_ROLE_HOST, DEFAULT_ROLE_USER FROM mysql.default_roles" + // list of privileges from mysql.Priv2UserCol + sqlLoadUserTable = `SELECT HIGH_PRIORITY Host,User,authentication_string, + Create_priv, Select_priv, Insert_priv, Update_priv, Delete_priv, Show_db_priv, Super_priv, + Create_user_priv,Create_tablespace_priv,Trigger_priv,Drop_priv,Process_priv,Grant_priv, + References_priv,Alter_priv,Execute_priv,Index_priv,Create_view_priv,Show_view_priv, + Create_role_priv,Drop_role_priv,Create_tmp_table_priv,Lock_tables_priv,Create_routine_priv, + Alter_routine_priv,Event_priv,Shutdown_priv,Reload_priv,File_priv,Config_priv,Repl_client_priv,Repl_slave_priv, + account_locked FROM mysql.user` +) + func computePrivMask(privs []mysql.PrivilegeType) mysql.PrivilegeType { var mask mysql.PrivilegeType for _, p := range privs { @@ -348,7 +365,7 @@ func noSuchTable(err error) bool { // LoadRoleGraph loads the mysql.role_edges table from database. func (p *MySQLPrivilege) LoadRoleGraph(ctx sessionctx.Context) error { p.RoleGraph = make(map[string]roleGraphEdgesTable) - err := p.loadTable(ctx, "select FROM_USER, FROM_HOST, TO_USER, TO_HOST from mysql.role_edges;", p.decodeRoleEdgesTable) + err := p.loadTable(ctx, sqlLoadRoleGraph, p.decodeRoleEdgesTable) if err != nil { return errors.Trace(err) } @@ -357,12 +374,7 @@ func (p *MySQLPrivilege) LoadRoleGraph(ctx sessionctx.Context) error { // LoadUserTable loads the mysql.user table from database. func (p *MySQLPrivilege) LoadUserTable(ctx sessionctx.Context) error { - userPrivCols := make([]string, 0, len(mysql.Priv2UserCol)) - for _, v := range mysql.Priv2UserCol { - userPrivCols = append(userPrivCols, v) - } - query := fmt.Sprintf("select HIGH_PRIORITY Host,User,authentication_string,%s,account_locked from mysql.user;", strings.Join(userPrivCols, ", ")) - err := p.loadTable(ctx, query, p.decodeUserTableRow) + err := p.loadTable(ctx, sqlLoadUserTable, p.decodeUserTableRow) if err != nil { return errors.Trace(err) } @@ -468,12 +480,12 @@ func (p MySQLPrivilege) SortUserTable() { // LoadGlobalPrivTable loads the mysql.global_priv table from database. func (p *MySQLPrivilege) LoadGlobalPrivTable(ctx sessionctx.Context) error { - return p.loadTable(ctx, "select HIGH_PRIORITY Host,User,Priv from mysql.global_priv", p.decodeGlobalPrivTableRow) + return p.loadTable(ctx, sqlLoadGlobalPrivTable, p.decodeGlobalPrivTableRow) } // LoadDBTable loads the mysql.db table from database. func (p *MySQLPrivilege) LoadDBTable(ctx sessionctx.Context) error { - err := p.loadTable(ctx, "select HIGH_PRIORITY Host,DB,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,Index_priv,Alter_priv,Execute_priv,Create_view_priv,Show_view_priv from mysql.db order by host, db, user;", p.decodeDBTableRow) + err := p.loadTable(ctx, sqlLoadDBTable, p.decodeDBTableRow) if err != nil { return err } @@ -491,7 +503,7 @@ func (p *MySQLPrivilege) buildDBMap() { // LoadTablesPrivTable loads the mysql.tables_priv table from database. func (p *MySQLPrivilege) LoadTablesPrivTable(ctx sessionctx.Context) error { - err := p.loadTable(ctx, "select HIGH_PRIORITY Host,DB,User,Table_name,Grantor,Timestamp,Table_priv,Column_priv from mysql.tables_priv", p.decodeTablesPrivTableRow) + err := p.loadTable(ctx, sqlLoadTablePrivTable, p.decodeTablesPrivTableRow) if err != nil { return err } @@ -509,24 +521,22 @@ func (p *MySQLPrivilege) buildTablesPrivMap() { // LoadColumnsPrivTable loads the mysql.columns_priv table from database. func (p *MySQLPrivilege) LoadColumnsPrivTable(ctx sessionctx.Context) error { - return p.loadTable(ctx, "select HIGH_PRIORITY Host,DB,User,Table_name,Column_name,Timestamp,Column_priv from mysql.columns_priv", p.decodeColumnsPrivTableRow) + return p.loadTable(ctx, sqlLoadColumnsPrivTable, p.decodeColumnsPrivTableRow) } // LoadDefaultRoles loads the mysql.columns_priv table from database. func (p *MySQLPrivilege) LoadDefaultRoles(ctx sessionctx.Context) error { - return p.loadTable(ctx, "select HOST, USER, DEFAULT_ROLE_HOST, DEFAULT_ROLE_USER from mysql.default_roles", p.decodeDefaultRoleTableRow) + return p.loadTable(ctx, sqlLoadDefaultRoles, p.decodeDefaultRoleTableRow) } func (p *MySQLPrivilege) loadTable(sctx sessionctx.Context, sql string, decodeTableRow func(chunk.Row, []*ast.ResultField) error) error { ctx := context.Background() - tmp, err := sctx.(sqlexec.SQLExecutor).Execute(ctx, sql) + rs, err := sctx.(sqlexec.SQLExecutor).ExecuteInternal(ctx, sql) if err != nil { return errors.Trace(err) } - rs := tmp[0] defer terror.Call(rs.Close) - fs := rs.Fields() req := rs.NewChunk() for { diff --git a/privilege/privileges/privileges_test.go b/privilege/privileges/privileges_test.go index 96c3eb34053af..6f79d9c0d8c84 100644 --- a/privilege/privileges/privileges_test.go +++ b/privilege/privileges/privileges_test.go @@ -150,9 +150,9 @@ func (s *testPrivilegeSuite) TestCheckPointGetDBPrivilege(c *C) { se := newSession(c, s.store, s.dbName) c.Assert(se.Auth(&auth.UserIdentity{Username: "tester", Hostname: "localhost"}, nil, nil), IsTrue) mustExec(c, se, `use test;`) - _, err := se.Execute(context.Background(), `select * from test2.t where id = 1`) + _, err := se.ExecuteInternal(context.Background(), `select * from test2.t where id = 1`) c.Assert(terror.ErrorEqual(err, core.ErrTableaccessDenied), IsTrue) - _, err = se.Execute(context.Background(), "update test2.t set v = 2 where id = 1") + _, err = se.ExecuteInternal(context.Background(), "update test2.t set v = 2 where id = 1") c.Assert(terror.ErrorEqual(err, core.ErrTableaccessDenied), IsTrue) } @@ -410,7 +410,7 @@ func (s *testPrivilegeSuite) TestDropTablePriv(c *C) { // ctx.GetSessionVars().User = "drop@localhost" c.Assert(se.Auth(&auth.UserIdentity{Username: "drop", Hostname: "localhost"}, nil, nil), IsTrue) mustExec(c, se, `SELECT * FROM todrop;`) - _, err := se.Execute(context.Background(), "DROP TABLE todrop;") + _, err := se.ExecuteInternal(context.Background(), "DROP TABLE todrop;") c.Assert(err, NotNil) se = newSession(c, s.store, s.dbName) @@ -437,7 +437,7 @@ func (s *testPrivilegeSuite) TestSetPasswdStmt(c *C) { // low privileged user trying to set password for other user (fails) c.Assert(se.Auth(&auth.UserIdentity{Username: "nobodyuser", Hostname: "localhost", AuthUsername: "nobodyuser", AuthHostname: "%"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), "SET PASSWORD for 'superuser' = 'newpassword'") + _, err := se.ExecuteInternal(context.Background(), "SET PASSWORD for 'superuser' = 'newpassword'") c.Assert(err, NotNil) } @@ -460,7 +460,7 @@ func (s *testPrivilegeSuite) TestSelectViewSecurity(c *C) { ctx.GetSessionVars().User = &auth.UserIdentity{Username: "root", Hostname: "localhost"} mustExec(c, se, "SELECT * FROM test.selectviewsecurity") mustExec(c, se, `REVOKE Select ON test.viewsecurity FROM 'selectusr'@'localhost';`) - _, err := se.Execute(context.Background(), "select * from test.selectviewsecurity") + _, err := se.ExecuteInternal(context.Background(), "select * from test.selectviewsecurity") c.Assert(err.Error(), Equals, core.ErrViewInvalid.GenWithStackByArgs("test", "selectviewsecurity").Error()) } @@ -479,7 +479,7 @@ func (s *testPrivilegeSuite) TestRoleAdminSecurity(c *C) { mustExec(c, se, `create role r_test1@localhost`) c.Assert(se.Auth(&auth.UserIdentity{Username: "ar2", Hostname: "localhost"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), `create role r_test2@localhost`) + _, err := se.ExecuteInternal(context.Background(), `create role r_test2@localhost`) c.Assert(terror.ErrorEqual(err, core.ErrSpecificAccessDenied), IsTrue) } @@ -765,7 +765,7 @@ func (s *testPrivilegeSuite) TestUseDB(c *C) { mustExec(c, se, "GRANT ALL ON *.* TO 'usesuper'") // without grant option c.Assert(se.Auth(&auth.UserIdentity{Username: "usesuper", Hostname: "localhost", AuthUsername: "usesuper", AuthHostname: "%"}, nil, nil), IsTrue) - _, e := se.Execute(context.Background(), "GRANT SELECT ON mysql.* TO 'usenobody'") + _, e := se.ExecuteInternal(context.Background(), "GRANT SELECT ON mysql.* TO 'usenobody'") c.Assert(e, NotNil) // with grant option se = newSession(c, s.store, s.dbName) @@ -775,14 +775,14 @@ func (s *testPrivilegeSuite) TestUseDB(c *C) { mustExec(c, se, "use mysql") // low privileged user c.Assert(se.Auth(&auth.UserIdentity{Username: "usenobody", Hostname: "localhost", AuthUsername: "usenobody", AuthHostname: "%"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), "use mysql") + _, err := se.ExecuteInternal(context.Background(), "use mysql") c.Assert(err, NotNil) // try again after privilege granted c.Assert(se.Auth(&auth.UserIdentity{Username: "usesuper", Hostname: "localhost", AuthUsername: "usesuper", AuthHostname: "%"}, nil, nil), IsTrue) mustExec(c, se, "GRANT SELECT ON mysql.* TO 'usenobody'") c.Assert(se.Auth(&auth.UserIdentity{Username: "usenobody", Hostname: "localhost", AuthUsername: "usenobody", AuthHostname: "%"}, nil, nil), IsTrue) - _, err = se.Execute(context.Background(), "use mysql") + _, err = se.ExecuteInternal(context.Background(), "use mysql") c.Assert(err, IsNil) // test `use db` for role. @@ -794,9 +794,9 @@ func (s *testPrivilegeSuite) TestUseDB(c *C) { mustExec(c, se, `GRANT 'app_developer' TO 'dev'@'localhost'`) mustExec(c, se, `SET DEFAULT ROLE 'app_developer' TO 'dev'@'localhost'`) c.Assert(se.Auth(&auth.UserIdentity{Username: "dev", Hostname: "localhost", AuthUsername: "dev", AuthHostname: "localhost"}, nil, nil), IsTrue) - _, err = se.Execute(context.Background(), "use app_db") + _, err = se.ExecuteInternal(context.Background(), "use app_db") c.Assert(err, IsNil) - _, err = se.Execute(context.Background(), "use mysql") + _, err = se.ExecuteInternal(context.Background(), "use mysql") c.Assert(err, NotNil) } @@ -808,7 +808,7 @@ func (s *testPrivilegeSuite) TestRevokePrivileges(c *C) { mustExec(c, se, "GRANT ALL ON mysql.* TO 'withoutgrant'") // Without grant option c.Assert(se.Auth(&auth.UserIdentity{Username: "hasgrant", Hostname: "localhost", AuthUsername: "hasgrant", AuthHostname: "%"}, nil, nil), IsTrue) - _, e := se.Execute(context.Background(), "REVOKE SELECT ON mysql.* FROM 'withoutgrant'") + _, e := se.ExecuteInternal(context.Background(), "REVOKE SELECT ON mysql.* FROM 'withoutgrant'") c.Assert(e, NotNil) // With grant option se = newSession(c, s.store, s.dbName) @@ -828,7 +828,7 @@ func (s *testPrivilegeSuite) TestSetGlobal(c *C) { mustExec(c, se, `set global innodb_commit_concurrency=16`) c.Assert(se.Auth(&auth.UserIdentity{Username: "setglobal_b", Hostname: "localhost"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), `set global innodb_commit_concurrency=16`) + _, err := se.ExecuteInternal(context.Background(), `set global innodb_commit_concurrency=16`) c.Assert(terror.ErrorEqual(err, core.ErrSpecificAccessDenied), IsTrue) } @@ -839,9 +839,9 @@ func (s *testPrivilegeSuite) TestCreateDropUser(c *C) { // should fail c.Assert(se.Auth(&auth.UserIdentity{Username: "tcd1", Hostname: "localhost", AuthUsername: "tcd1", AuthHostname: "%"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), `CREATE USER acdc`) + _, err := se.ExecuteInternal(context.Background(), `CREATE USER acdc`) c.Assert(terror.ErrorEqual(err, core.ErrSpecificAccessDenied), IsTrue) - _, err = se.Execute(context.Background(), `DROP USER tcd2`) + _, err = se.ExecuteInternal(context.Background(), `DROP USER tcd2`) c.Assert(terror.ErrorEqual(err, core.ErrSpecificAccessDenied), IsTrue) // should pass @@ -870,7 +870,7 @@ func (s *testPrivilegeSuite) TestConfigPrivilege(c *C) { c.Assert(se.Auth(&auth.UserIdentity{Username: "tcd1", Hostname: "localhost", AuthHostname: "tcd1", AuthUsername: "%"}, nil, nil), IsTrue) mustExec(c, se, `SET CONFIG TIKV testkey="testval"`) c.Assert(se.Auth(&auth.UserIdentity{Username: "tcd2", Hostname: "localhost", AuthHostname: "tcd2", AuthUsername: "%"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), `SET CONFIG TIKV testkey="testval"`) + _, err := se.ExecuteInternal(context.Background(), `SET CONFIG TIKV testkey="testval"`) c.Assert(err, ErrorMatches, ".*you need \\(at least one of\\) the CONFIG privilege\\(s\\) for this operation") mustExec(c, se, `DROP USER tcd1, tcd2`) } @@ -882,7 +882,7 @@ func (s *testPrivilegeSuite) TestShowCreateTable(c *C) { // should fail c.Assert(se.Auth(&auth.UserIdentity{Username: "tsct1", Hostname: "localhost", AuthUsername: "tsct1", AuthHostname: "%"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), `SHOW CREATE TABLE mysql.user`) + _, err := se.ExecuteInternal(context.Background(), `SHOW CREATE TABLE mysql.user`) c.Assert(terror.ErrorEqual(err, core.ErrTableaccessDenied), IsTrue) // should pass @@ -905,25 +905,25 @@ func (s *testPrivilegeSuite) TestAnalyzeTable(c *C) { mustExec(c, se, "analyze table mysql.user") // low privileged user c.Assert(se.Auth(&auth.UserIdentity{Username: "anobody", Hostname: "localhost", AuthUsername: "anobody", AuthHostname: "%"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), "analyze table t1") + _, err := se.ExecuteInternal(context.Background(), "analyze table t1") c.Assert(terror.ErrorEqual(err, core.ErrTableaccessDenied), IsTrue) c.Assert(err.Error(), Equals, "[planner:1142]INSERT command denied to user 'anobody'@'%' for table 't1'") - _, err = se.Execute(context.Background(), "select * from t1") + _, err = se.ExecuteInternal(context.Background(), "select * from t1") c.Assert(err.Error(), Equals, "[planner:1142]SELECT command denied to user 'anobody'@'%' for table 't1'") // try again after SELECT privilege granted c.Assert(se.Auth(&auth.UserIdentity{Username: "asuper", Hostname: "localhost", AuthUsername: "asuper", AuthHostname: "%"}, nil, nil), IsTrue) mustExec(c, se, "GRANT SELECT ON atest.* TO 'anobody'") c.Assert(se.Auth(&auth.UserIdentity{Username: "anobody", Hostname: "localhost", AuthUsername: "anobody", AuthHostname: "%"}, nil, nil), IsTrue) - _, err = se.Execute(context.Background(), "analyze table t1") + _, err = se.ExecuteInternal(context.Background(), "analyze table t1") c.Assert(terror.ErrorEqual(err, core.ErrTableaccessDenied), IsTrue) c.Assert(err.Error(), Equals, "[planner:1142]INSERT command denied to user 'anobody'@'%' for table 't1'") // Add INSERT privilege and it should work. c.Assert(se.Auth(&auth.UserIdentity{Username: "asuper", Hostname: "localhost", AuthUsername: "asuper", AuthHostname: "%"}, nil, nil), IsTrue) mustExec(c, se, "GRANT INSERT ON atest.* TO 'anobody'") c.Assert(se.Auth(&auth.UserIdentity{Username: "anobody", Hostname: "localhost", AuthUsername: "anobody", AuthHostname: "%"}, nil, nil), IsTrue) - _, err = se.Execute(context.Background(), "analyze table t1") + _, err = se.ExecuteInternal(context.Background(), "analyze table t1") c.Assert(err, IsNil) } @@ -935,34 +935,34 @@ func (s *testPrivilegeSuite) TestSystemSchema(c *C) { c.Assert(se.Auth(&auth.UserIdentity{Username: "u1", Hostname: "localhost"}, nil, nil), IsTrue) mustExec(c, se, `select * from information_schema.tables`) mustExec(c, se, `select * from information_schema.key_column_usage`) - _, err := se.Execute(context.Background(), "create table information_schema.t(a int)") + _, err := se.ExecuteInternal(context.Background(), "create table information_schema.t(a int)") c.Assert(strings.Contains(err.Error(), "denied to user"), IsTrue) - _, err = se.Execute(context.Background(), "drop table information_schema.tables") + _, err = se.ExecuteInternal(context.Background(), "drop table information_schema.tables") c.Assert(strings.Contains(err.Error(), "denied to user"), IsTrue) - _, err = se.Execute(context.Background(), "update information_schema.tables set table_name = 'tst' where table_name = 'mysql'") + _, err = se.ExecuteInternal(context.Background(), "update information_schema.tables set table_name = 'tst' where table_name = 'mysql'") c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue) // Test performance_schema. mustExec(c, se, `select * from performance_schema.events_statements_summary_by_digest`) - _, err = se.Execute(context.Background(), "drop table performance_schema.events_statements_summary_by_digest") + _, err = se.ExecuteInternal(context.Background(), "drop table performance_schema.events_statements_summary_by_digest") c.Assert(strings.Contains(err.Error(), "denied to user"), IsTrue) - _, err = se.Execute(context.Background(), "update performance_schema.events_statements_summary_by_digest set schema_name = 'tst'") + _, err = se.ExecuteInternal(context.Background(), "update performance_schema.events_statements_summary_by_digest set schema_name = 'tst'") c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue) - _, err = se.Execute(context.Background(), "delete from performance_schema.events_statements_summary_by_digest") + _, err = se.ExecuteInternal(context.Background(), "delete from performance_schema.events_statements_summary_by_digest") c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue) - _, err = se.Execute(context.Background(), "create table performance_schema.t(a int)") + _, err = se.ExecuteInternal(context.Background(), "create table performance_schema.t(a int)") c.Assert(err, NotNil) c.Assert(strings.Contains(err.Error(), "CREATE command denied"), IsTrue, Commentf(err.Error())) // Test metric_schema. mustExec(c, se, `select * from metrics_schema.tidb_query_duration`) - _, err = se.Execute(context.Background(), "drop table metrics_schema.tidb_query_duration") + _, err = se.ExecuteInternal(context.Background(), "drop table metrics_schema.tidb_query_duration") c.Assert(strings.Contains(err.Error(), "denied to user"), IsTrue) - _, err = se.Execute(context.Background(), "update metrics_schema.tidb_query_duration set instance = 'tst'") + _, err = se.ExecuteInternal(context.Background(), "update metrics_schema.tidb_query_duration set instance = 'tst'") c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue) - _, err = se.Execute(context.Background(), "delete from metrics_schema.tidb_query_duration") + _, err = se.ExecuteInternal(context.Background(), "delete from metrics_schema.tidb_query_duration") c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue) - _, err = se.Execute(context.Background(), "create table metric_schema.t(a int)") + _, err = se.ExecuteInternal(context.Background(), "create table metric_schema.t(a int)") c.Assert(err, NotNil) c.Assert(strings.Contains(err.Error(), "CREATE command denied"), IsTrue, Commentf(err.Error())) } @@ -974,13 +974,13 @@ func (s *testPrivilegeSuite) TestAdminCommand(c *C) { mustExec(c, se, `CREATE TABLE t(a int)`) c.Assert(se.Auth(&auth.UserIdentity{Username: "test_admin", Hostname: "localhost"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), "ADMIN SHOW DDL JOBS") + _, err := se.ExecuteInternal(context.Background(), "ADMIN SHOW DDL JOBS") c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue) - _, err = se.Execute(context.Background(), "ADMIN CHECK TABLE t") + _, err = se.ExecuteInternal(context.Background(), "ADMIN CHECK TABLE t") c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue) c.Assert(se.Auth(&auth.UserIdentity{Username: "root", Hostname: "localhost"}, nil, nil), IsTrue) - _, err = se.Execute(context.Background(), "ADMIN SHOW DDL JOBS") + _, err = se.ExecuteInternal(context.Background(), "ADMIN SHOW DDL JOBS") c.Assert(err, IsNil) } @@ -1013,8 +1013,8 @@ func (s *testPrivilegeSuite) TestTableNotExistNoPermissions(c *C) { for _, t := range tests { - _, err1 := se.Execute(context.Background(), fmt.Sprintf(t.stmt, "dbexists", "t1")) - _, err2 := se.Execute(context.Background(), fmt.Sprintf(t.stmt, "dbnotexists", "t1")) + _, err1 := se.ExecuteInternal(context.Background(), fmt.Sprintf(t.stmt, "dbexists", "t1")) + _, err2 := se.ExecuteInternal(context.Background(), fmt.Sprintf(t.stmt, "dbnotexists", "t1")) // Check the error is the same whether table exists or not. c.Assert(terror.ErrorEqual(err1, err2), IsTrue) @@ -1046,12 +1046,12 @@ func (s *testPrivilegeSuite) TestLoadDataPrivilege(c *C) { mustExec(c, se, `CREATE TABLE t_load(a int)`) mustExec(c, se, `GRANT SELECT on *.* to 'test_load'@'localhost'`) c.Assert(se.Auth(&auth.UserIdentity{Username: "test_load", Hostname: "localhost"}, nil, nil), IsTrue) - _, err = se.Execute(context.Background(), "LOAD DATA LOCAL INFILE '/tmp/load_data_priv.csv' INTO TABLE t_load") + _, err = se.ExecuteInternal(context.Background(), "LOAD DATA LOCAL INFILE '/tmp/load_data_priv.csv' INTO TABLE t_load") c.Assert(strings.Contains(err.Error(), "INSERT command denied to user 'test_load'@'localhost' for table 't_load'"), IsTrue) c.Assert(se.Auth(&auth.UserIdentity{Username: "root", Hostname: "localhost"}, nil, nil), IsTrue) mustExec(c, se, `GRANT INSERT on *.* to 'test_load'@'localhost'`) c.Assert(se.Auth(&auth.UserIdentity{Username: "test_load", Hostname: "localhost"}, nil, nil), IsTrue) - _, err = se.Execute(context.Background(), "LOAD DATA LOCAL INFILE '/tmp/load_data_priv.csv' INTO TABLE t_load") + _, err = se.ExecuteInternal(context.Background(), "LOAD DATA LOCAL INFILE '/tmp/load_data_priv.csv' INTO TABLE t_load") c.Assert(err, IsNil) } @@ -1059,7 +1059,7 @@ func (s *testPrivilegeSuite) TestSelectIntoNoPremissions(c *C) { se := newSession(c, s.store, s.dbName) mustExec(c, se, `CREATE USER 'nofile'@'localhost';`) c.Assert(se.Auth(&auth.UserIdentity{Username: "nofile", Hostname: "localhost"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), `select 1 into outfile '/tmp/doesntmatter-no-permissions'`) + _, err := se.ExecuteInternal(context.Background(), `select 1 into outfile '/tmp/doesntmatter-no-permissions'`) message := "Access denied; you need (at least one of) the FILE privilege(s) for this operation" c.Assert(strings.Contains(err.Error(), message), IsTrue) } @@ -1082,7 +1082,7 @@ func (s *testPrivilegeSuite) TestAuthHost(c *C) { mustExec(c, se, "GRANT SELECT ON *.* TO 'test_auth_host'@'192.168.%';") c.Assert(se.Auth(&auth.UserIdentity{Username: "test_auth_host", Hostname: "192.168.0.10"}, nil, nil), IsTrue) - _, err := se.Execute(context.Background(), "create user test_auth_host_a") + _, err := se.ExecuteInternal(context.Background(), "create user test_auth_host_a") c.Assert(err, NotNil) mustExec(c, rootSe, "DROP USER 'test_auth_host'@'192.168.%';") @@ -1148,7 +1148,7 @@ func (s *testPrivilegeSuite) TestFieldList(c *C) { // Issue #14237 List fields R } func mustExec(c *C, se session.Session, sql string) { - _, err := se.Execute(context.Background(), sql) + _, err := se.ExecuteInternal(context.Background(), sql) c.Assert(err, IsNil) }