From 375e166d6034838e47a4258b920bce47047988d6 Mon Sep 17 00:00:00 2001 From: Zijie Lu Date: Wed, 6 Oct 2021 23:16:50 +0800 Subject: [PATCH 1/2] privilege: add Create Temporary Tables privilege on db level (#28547) --- go.mod | 2 +- go.sum | 4 ++-- planner/core/logical_plan_test.go | 2 ++ privilege/privileges/cache.go | 2 +- privilege/privileges/privileges_test.go | 24 ++++++++++++++++++++++++ 5 files changed, 30 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 7787e47638e2a..af31eb026ff06 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( github.com/pingcap/fn v0.0.0-20200306044125-d5540d389059 github.com/pingcap/kvproto v0.0.0-20210806074406-317f69fb54b4 github.com/pingcap/log v0.0.0-20210906054005-afc726e70354 - github.com/pingcap/parser v0.0.0-20210917114242-ac711116bdff + github.com/pingcap/parser v0.0.0-20211004011848-db58bac78f2a github.com/pingcap/sysutil v0.0.0-20210730114356-fcd8a63f68c5 github.com/pingcap/tidb-tools v5.0.3+incompatible github.com/pingcap/tipb v0.0.0-20210802080519-94b831c6db55 diff --git a/go.sum b/go.sum index 145d1d5ecbdf5..de9977a6177a3 100644 --- a/go.sum +++ b/go.sum @@ -603,8 +603,8 @@ github.com/pingcap/log v0.0.0-20210625125904-98ed8e2eb1c7/go.mod h1:8AanEdAHATuR github.com/pingcap/log v0.0.0-20210906054005-afc726e70354 h1:SvWCbCPh1YeHd9yQLksvJYAgft6wLTY1aNG81tpyscQ= github.com/pingcap/log v0.0.0-20210906054005-afc726e70354/go.mod h1:DWQW5jICDR7UJh4HtxXSM20Churx4CQL0fwL/SoOSA4= github.com/pingcap/parser v0.0.0-20210525032559-c37778aff307/go.mod h1:xZC8I7bug4GJ5KtHhgAikjTfU4kBv1Sbo3Pf1MZ6lVw= -github.com/pingcap/parser v0.0.0-20210917114242-ac711116bdff h1:LiwvvutmyeSkFkdVM09mH6KK+OeDVJzX7WKy9Lf0ri0= -github.com/pingcap/parser v0.0.0-20210917114242-ac711116bdff/go.mod h1:+xcMiiZzdIktT/Nqdfm81dkECJ2EPuoAYywd57py4Pk= +github.com/pingcap/parser v0.0.0-20211004011848-db58bac78f2a h1:W3BnzcjP9j7EsRHEwRb0zMLSHTjFW14zB/GMk7tlIhg= +github.com/pingcap/parser v0.0.0-20211004011848-db58bac78f2a/go.mod h1:+xcMiiZzdIktT/Nqdfm81dkECJ2EPuoAYywd57py4Pk= github.com/pingcap/sysutil v0.0.0-20200206130906-2bfa6dc40bcd/go.mod h1:EB/852NMQ+aRKioCpToQ94Wl7fktV+FNnxf3CX/TTXI= github.com/pingcap/sysutil v0.0.0-20210315073920-cc0985d983a3/go.mod h1:tckvA041UWP+NqYzrJ3fMgC/Hw9wnmQ/tUkp/JaHly8= github.com/pingcap/sysutil v0.0.0-20210730114356-fcd8a63f68c5 h1:7rvAtZe/ZUzOKzgriNPQoBNvleJXBk4z7L3Z47+tS98= diff --git a/planner/core/logical_plan_test.go b/planner/core/logical_plan_test.go index 2ee4991f28609..eaa731ba04fdd 100644 --- a/planner/core/logical_plan_test.go +++ b/planner/core/logical_plan_test.go @@ -1072,6 +1072,7 @@ func (s *testPlanSuite) TestVisitInfo(c *C) { {mysql.GrantPriv, "test", "", "", nil, false, "", false}, {mysql.ReferencesPriv, "test", "", "", nil, false, "", false}, {mysql.LockTablesPriv, "test", "", "", nil, false, "", false}, + {mysql.CreateTMPTablePriv, "test", "", "", nil, false, "", false}, {mysql.AlterPriv, "test", "", "", nil, false, "", false}, {mysql.ExecutePriv, "test", "", "", nil, false, "", false}, {mysql.IndexPriv, "test", "", "", nil, false, "", false}, @@ -1142,6 +1143,7 @@ func (s *testPlanSuite) TestVisitInfo(c *C) { {mysql.GrantPriv, "test", "", "", nil, false, "", false}, {mysql.ReferencesPriv, "test", "", "", nil, false, "", false}, {mysql.LockTablesPriv, "test", "", "", nil, false, "", false}, + {mysql.CreateTMPTablePriv, "test", "", "", nil, false, "", false}, {mysql.AlterPriv, "test", "", "", nil, false, "", false}, {mysql.ExecutePriv, "test", "", "", nil, false, "", false}, {mysql.IndexPriv, "test", "", "", nil, false, "", false}, diff --git a/privilege/privileges/cache.go b/privilege/privileges/cache.go index be55f4afade08..c8682684b2489 100644 --- a/privilege/privileges/cache.go +++ b/privilege/privileges/cache.go @@ -53,7 +53,7 @@ const globalDBVisible = mysql.CreatePriv | mysql.SelectPriv | mysql.InsertPriv | const ( sqlLoadRoleGraph = "SELECT HIGH_PRIORITY FROM_USER, FROM_HOST, TO_USER, TO_HOST FROM mysql.role_edges" sqlLoadGlobalPrivTable = "SELECT HIGH_PRIORITY Host,User,Priv FROM mysql.global_priv" - sqlLoadDBTable = "SELECT HIGH_PRIORITY Host,DB,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,Index_priv,References_priv,Lock_tables_priv,Alter_priv,Execute_priv,Create_view_priv,Show_view_priv FROM mysql.db ORDER BY host, db, user" + sqlLoadDBTable = "SELECT HIGH_PRIORITY Host,DB,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,Index_priv,References_priv,Lock_tables_priv,Create_tmp_table_priv,Alter_priv,Execute_priv,Create_view_priv,Show_view_priv FROM mysql.db ORDER BY host, db, user" sqlLoadTablePrivTable = "SELECT HIGH_PRIORITY Host,DB,User,Table_name,Grantor,Timestamp,Table_priv,Column_priv FROM mysql.tables_priv" sqlLoadColumnsPrivTable = "SELECT HIGH_PRIORITY Host,DB,User,Table_name,Column_name,Timestamp,Column_priv FROM mysql.columns_priv" sqlLoadDefaultRoles = "SELECT HIGH_PRIORITY HOST, USER, DEFAULT_ROLE_HOST, DEFAULT_ROLE_USER FROM mysql.default_roles" diff --git a/privilege/privileges/privileges_test.go b/privilege/privileges/privileges_test.go index cf42d0fdbf5e6..1f66a2cf25217 100644 --- a/privilege/privileges/privileges_test.go +++ b/privilege/privileges/privileges_test.go @@ -2492,3 +2492,27 @@ func TestDBNameCaseSensitivityInTableLevel(t *testing.T) { mustExec(t, se, "CREATE USER test_user") mustExec(t, se, "grant select on metrics_schema.up to test_user;") } + +func TestGrantCreateTmpTables(t *testing.T) { + t.Parallel() + store, clean := newStore(t) + defer clean() + + tk := testkit.NewTestKit(t, store) + tk.MustExec("CREATE DATABASE create_tmp_table_db") + tk.MustExec("USE create_tmp_table_db") + tk.MustExec("CREATE USER u1") + tk.MustExec("CREATE TABLE create_tmp_table_table (a int)") + tk.MustExec("GRANT CREATE TEMPORARY TABLES on create_tmp_table_db.* to u1") + tk.MustExec("GRANT CREATE TEMPORARY TABLES on *.* to u1") + // Must set a session user to avoid null pointer dereferencing + tk.Session().Auth(&auth.UserIdentity{ + Username: "root", + Hostname: "localhost", + }, nil, nil) + tk.MustQuery("SHOW GRANTS FOR u1").Check(testkit.Rows( + `GRANT CREATE TEMPORARY TABLES ON *.* TO 'u1'@'%'`, + `GRANT CREATE TEMPORARY TABLES ON create_tmp_table_db.* TO 'u1'@'%'`)) + tk.MustExec("DROP USER u1") + tk.MustExec("DROP DATABASE create_tmp_table_db") +} From 6eb02fbe5ed448a2c814dd5563414fb733274329 Mon Sep 17 00:00:00 2001 From: unconsolable Date: Thu, 7 Oct 2021 12:23:22 +0800 Subject: [PATCH 2/2] session: support references on column (#28546) --- go.mod | 2 +- go.sum | 4 ++-- session/bootstrap.go | 16 +++++++++++++--- session/bootstrap_test.go | 18 ++++++++++++++++++ 4 files changed, 34 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index af31eb026ff06..845066625d50e 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( github.com/pingcap/fn v0.0.0-20200306044125-d5540d389059 github.com/pingcap/kvproto v0.0.0-20210806074406-317f69fb54b4 github.com/pingcap/log v0.0.0-20210906054005-afc726e70354 - github.com/pingcap/parser v0.0.0-20211004011848-db58bac78f2a + github.com/pingcap/parser v0.0.0-20211004012448-687005894c4e github.com/pingcap/sysutil v0.0.0-20210730114356-fcd8a63f68c5 github.com/pingcap/tidb-tools v5.0.3+incompatible github.com/pingcap/tipb v0.0.0-20210802080519-94b831c6db55 diff --git a/go.sum b/go.sum index de9977a6177a3..8e438145e44d6 100644 --- a/go.sum +++ b/go.sum @@ -603,8 +603,8 @@ github.com/pingcap/log v0.0.0-20210625125904-98ed8e2eb1c7/go.mod h1:8AanEdAHATuR github.com/pingcap/log v0.0.0-20210906054005-afc726e70354 h1:SvWCbCPh1YeHd9yQLksvJYAgft6wLTY1aNG81tpyscQ= github.com/pingcap/log v0.0.0-20210906054005-afc726e70354/go.mod h1:DWQW5jICDR7UJh4HtxXSM20Churx4CQL0fwL/SoOSA4= github.com/pingcap/parser v0.0.0-20210525032559-c37778aff307/go.mod h1:xZC8I7bug4GJ5KtHhgAikjTfU4kBv1Sbo3Pf1MZ6lVw= -github.com/pingcap/parser v0.0.0-20211004011848-db58bac78f2a h1:W3BnzcjP9j7EsRHEwRb0zMLSHTjFW14zB/GMk7tlIhg= -github.com/pingcap/parser v0.0.0-20211004011848-db58bac78f2a/go.mod h1:+xcMiiZzdIktT/Nqdfm81dkECJ2EPuoAYywd57py4Pk= +github.com/pingcap/parser v0.0.0-20211004012448-687005894c4e h1:dPMDpj+7ng9qEWoT3n6qjpB1ohz79uTLVM6ILW+ZMT0= +github.com/pingcap/parser v0.0.0-20211004012448-687005894c4e/go.mod h1:+xcMiiZzdIktT/Nqdfm81dkECJ2EPuoAYywd57py4Pk= github.com/pingcap/sysutil v0.0.0-20200206130906-2bfa6dc40bcd/go.mod h1:EB/852NMQ+aRKioCpToQ94Wl7fktV+FNnxf3CX/TTXI= github.com/pingcap/sysutil v0.0.0-20210315073920-cc0985d983a3/go.mod h1:tckvA041UWP+NqYzrJ3fMgC/Hw9wnmQ/tUkp/JaHly8= github.com/pingcap/sysutil v0.0.0-20210730114356-fcd8a63f68c5 h1:7rvAtZe/ZUzOKzgriNPQoBNvleJXBk4z7L3Z47+tS98= diff --git a/session/bootstrap.go b/session/bootstrap.go index 73c7e23967282..8a1044e59a20a 100644 --- a/session/bootstrap.go +++ b/session/bootstrap.go @@ -132,7 +132,7 @@ const ( Grantor CHAR(77), Timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP, Table_priv SET('Select','Insert','Update','Delete','Create','Drop','Grant','Index','Alter','Create View','Show View','Trigger','References'), - Column_priv SET('Select','Insert','Update'), + Column_priv SET('Select','Insert','Update','References'), PRIMARY KEY (Host, DB, User, Table_name));` // CreateColumnPrivTable is the SQL statement creates column scope privilege table in system db. CreateColumnPrivTable = `CREATE TABLE IF NOT EXISTS mysql.columns_priv( @@ -142,7 +142,7 @@ const ( Table_name CHAR(64), Column_name CHAR(64), Timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - Column_priv SET('Select','Insert','Update'), + Column_priv SET('Select','Insert','Update','References'), PRIMARY KEY (Host, DB, User, Table_name, Column_name));` // CreateGlobalVariablesTable is the SQL statement creates global variable table in system db. // TODO: MySQL puts GLOBAL_VARIABLES table in INFORMATION_SCHEMA db. @@ -513,11 +513,13 @@ const ( version74 = 74 // version75 update mysql.*.host from char(60) to char(255) version75 = 75 + // version76 update mysql.columns_priv from SET('Select','Insert','Update') to SET('Select','Insert','Update','References') + version76 = 76 ) // currentBootstrapVersion is defined as a variable, so we can modify its value for testing. // please make sure this is the largest version -var currentBootstrapVersion int64 = version75 +var currentBootstrapVersion int64 = version76 var ( bootstrapVersion = []func(Session, int64){ @@ -596,6 +598,7 @@ var ( upgradeToVer73, upgradeToVer74, upgradeToVer75, + upgradeToVer76, } ) @@ -1571,6 +1574,13 @@ func upgradeToVer75(s Session, ver int64) { doReentrantDDL(s, "ALTER TABLE mysql.columns_priv MODIFY COLUMN Host CHAR(255)") } +func upgradeToVer76(s Session, ver int64) { + if ver >= version76 { + return + } + doReentrantDDL(s, "ALTER TABLE mysql.columns_priv MODIFY COLUMN Column_priv SET('Select','Insert','Update','References')") +} + func writeOOMAction(s Session) { comment := "oom-action is `log` by default in v3.0.x, `cancel` by default in v4.0.11+" mustExecute(s, `INSERT HIGH_PRIORITY INTO %n.%n VALUES (%?, %?, %?) ON DUPLICATE KEY UPDATE VARIABLE_VALUE= %?`, diff --git a/session/bootstrap_test.go b/session/bootstrap_test.go index 68b46e75c98ab..23c31c78bf30a 100644 --- a/session/bootstrap_test.go +++ b/session/bootstrap_test.go @@ -845,3 +845,21 @@ func (s *testBootstrapSuite) TestForIssue23387(c *C) { c.Assert(len(rows), Equals, 1) c.Assert(rows[0][0], Equals, "GRANT USAGE ON *.* TO 'quatest'@'%'") } + +func (s *testBootstrapSuite) TestReferencesPrivOnCol(c *C) { + defer testleak.AfterTest(c)() + store, dom := newStoreWithBootstrap(c, s.dbName) + defer store.Close() + defer dom.Close() + se := newSession(c, store, s.dbName) + + defer func() { + mustExecSQL(c, se, "drop user if exists issue28531") + mustExecSQL(c, se, "drop table if exists t1") + }() + + mustExecSQL(c, se, "create user if not exists issue28531") + mustExecSQL(c, se, "drop table if exists t1") + mustExecSQL(c, se, "create table t1 (a int)") + mustExecSQL(c, se, "GRANT select (a), update (a),insert(a), references(a) on t1 to issue28531") +}