From 58e7cf593807fb171b9378619235af36b21c4326 Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Sun, 24 Mar 2019 14:36:57 +0800 Subject: [PATCH 01/13] ALTER TABLE PRIV Enables use of the ALTER TABLE statement to change the structure of tables. ALTER TABLE also requires the CREATE and INSERT privileges. --- planner/core/logical_plan_test.go | 8 ++++++++ planner/core/planbuilder.go | 11 +++++++++++ 2 files changed, 19 insertions(+) diff --git a/planner/core/logical_plan_test.go b/planner/core/logical_plan_test.go index 99f4b468721f1..1a62f226409e8 100644 --- a/planner/core/logical_plan_test.go +++ b/planner/core/logical_plan_test.go @@ -1640,6 +1640,14 @@ func (s *testPlanSuite) TestVisitInfo(c *C) { {mysql.AllPrivMask, "test", "ttt", "", nil}, }, }, + { + sql: "alter table t add column a int(4)", + ans: []visitInfo{ + {mysql.AlterPriv, "test", "t", "", nil}, + {mysql.InsertPriv, "test", "t", "", nil}, + {mysql.CreatePriv, "test", "", "", nil}, + }, + }, } for _, tt := range tests { diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index f2e27f94fb50f..50bca745efa07 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1500,6 +1500,17 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { table: v.Table.Name.L, err: nil, }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.InsertPriv, + db: v.Table.Schema.L, + table: v.Table.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.CreatePriv, + db: v.Table.Schema.L, + err: nil, + }) case *ast.CreateDatabaseStmt: b.visitInfo = append(b.visitInfo, visitInfo{ privilege: mysql.CreatePriv, From ab0107043e873fd0fc5ac285c43dd1a7bc968d0a Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Sun, 24 Mar 2019 14:52:29 +0800 Subject: [PATCH 02/13] Create database priv same with MySQL. From 4028a79238fa990aa54d6c1af79e23b09be52f37 Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Sun, 24 Mar 2019 15:25:48 +0800 Subject: [PATCH 03/13] Rename priv Renaming a table requires ALTER and DROP on the old table, CREATE, and INSERT on the new table. --- planner/core/logical_plan_test.go | 9 +++++++++ planner/core/planbuilder.go | 14 +++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/planner/core/logical_plan_test.go b/planner/core/logical_plan_test.go index 1a62f226409e8..05aca88af3c88 100644 --- a/planner/core/logical_plan_test.go +++ b/planner/core/logical_plan_test.go @@ -1648,6 +1648,15 @@ func (s *testPlanSuite) TestVisitInfo(c *C) { {mysql.CreatePriv, "test", "", "", nil}, }, }, + { + sql: "rename table t_old to t_new", + ans: []visitInfo{ + {mysql.AlterPriv, "test", "t_old", "", nil}, + {mysql.DropPriv, "test", "t_old", "", nil}, + {mysql.CreatePriv, "test", "t_new", "", nil}, + {mysql.InsertPriv, "test", "t_new", "", nil}, + }, + }, } for _, tt := range tests { diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index 50bca745efa07..6dbba64a5650c 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1606,7 +1606,19 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { err: nil, }) b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.AlterPriv, + privilege: mysql.DropPriv, + db: v.OldTable.Schema.L, + table: v.OldTable.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.CreatePriv, + db: v.NewTable.Schema.L, + table: v.NewTable.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.InsertPriv, db: v.NewTable.Schema.L, table: v.NewTable.Name.L, err: nil, From 22da92cb961cfba34f18b48a011c48d678950629 Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Sun, 24 Mar 2019 15:26:37 +0800 Subject: [PATCH 04/13] buildDDL Finsh From 458fc0a5e073e60a87e966fd52e41080b8865ab9 Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Sun, 24 Mar 2019 18:51:25 +0800 Subject: [PATCH 05/13] alter table rename ( ugly ) --- planner/core/logical_plan_test.go | 9 +++++ planner/core/planbuilder.go | 61 ++++++++++++++++++++++--------- 2 files changed, 53 insertions(+), 17 deletions(-) diff --git a/planner/core/logical_plan_test.go b/planner/core/logical_plan_test.go index 05aca88af3c88..bec6ade06e81b 100644 --- a/planner/core/logical_plan_test.go +++ b/planner/core/logical_plan_test.go @@ -1657,6 +1657,15 @@ func (s *testPlanSuite) TestVisitInfo(c *C) { {mysql.InsertPriv, "test", "t_new", "", nil}, }, }, + { + sql: "alter table t_old rename to t_new", + ans: []visitInfo{ + {mysql.AlterPriv, "test", "t_old", "", nil}, + {mysql.DropPriv, "test", "t_old", "", nil}, + {mysql.CreatePriv, "test", "t_new", "", nil}, + {mysql.InsertPriv, "test", "t_new", "", nil}, + }, + }, } for _, tt := range tests { diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index 6dbba64a5650c..f7d6dd1a6525c 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1494,23 +1494,50 @@ func (b *PlanBuilder) buildLoadStats(ld *ast.LoadStatsStmt) Plan { func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { switch v := node.(type) { case *ast.AlterTableStmt: - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.AlterPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.InsertPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.CreatePriv, - db: v.Table.Schema.L, - err: nil, - }) + if len(v.Specs) == 1 && v.Specs[0].Tp == ast.AlterTableRenameTable { + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.AlterPriv, + db: v.Table.Schema.L, + table: v.Table.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.DropPriv, + db: v.Table.Schema.L, + table: v.Table.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.CreatePriv, + db: v.Specs[0].NewTable.Schema.L, + table: v.Specs[0].NewTable.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.InsertPriv, + db: v.Specs[0].NewTable.Schema.L, + table: v.Specs[0].NewTable.Name.L, + err: nil, + }) + } else { + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.AlterPriv, + db: v.Table.Schema.L, + table: v.Table.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.InsertPriv, + db: v.Table.Schema.L, + table: v.Table.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.CreatePriv, + db: v.Table.Schema.L, + err: nil, + }) + } case *ast.CreateDatabaseStmt: b.visitInfo = append(b.visitInfo, visitInfo{ privilege: mysql.CreatePriv, From 30554f51808394b857d16b69f724355c138268d8 Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Mon, 25 Mar 2019 10:30:34 +0800 Subject: [PATCH 06/13] apply comment --- planner/core/planbuilder.go | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index f7d6dd1a6525c..ce11988414cd0 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1494,13 +1494,13 @@ func (b *PlanBuilder) buildLoadStats(ld *ast.LoadStatsStmt) Plan { func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { switch v := node.(type) { case *ast.AlterTableStmt: + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.AlterPriv, + db: v.Table.Schema.L, + table: v.Table.Name.L, + err: nil, + }) if len(v.Specs) == 1 && v.Specs[0].Tp == ast.AlterTableRenameTable { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.AlterPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) b.visitInfo = append(b.visitInfo, visitInfo{ privilege: mysql.DropPriv, db: v.Table.Schema.L, @@ -1520,12 +1520,6 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { err: nil, }) } else { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.AlterPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) b.visitInfo = append(b.visitInfo, visitInfo{ privilege: mysql.InsertPriv, db: v.Table.Schema.L, From 4003b215fe1cfcaff9509357ce2d837aac670c3f Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Mon, 25 Mar 2019 12:02:12 +0800 Subject: [PATCH 07/13] alter table drop partition --- planner/core/logical_plan_test.go | 7 +++++++ planner/core/planbuilder.go | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/planner/core/logical_plan_test.go b/planner/core/logical_plan_test.go index bec6ade06e81b..f31f621e74ea3 100644 --- a/planner/core/logical_plan_test.go +++ b/planner/core/logical_plan_test.go @@ -1666,6 +1666,13 @@ func (s *testPlanSuite) TestVisitInfo(c *C) { {mysql.InsertPriv, "test", "t_new", "", nil}, }, }, + { + sql: "alter table t drop partition p0;", + ans: []visitInfo{ + {mysql.AlterPriv, "test", "t", "", nil}, + {mysql.DropPriv, "test", "t", "", nil}, + }, + }, } for _, tt := range tests { diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index ce11988414cd0..117816a4f8369 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1519,6 +1519,13 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { table: v.Specs[0].NewTable.Name.L, err: nil, }) + } else if len(v.Specs) == 1 && v.Specs[0].Tp == ast.AlterTableDropPartition { + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.DropPriv, + db: v.Table.Schema.L, + table: v.Table.Name.L, + err: nil, + }) } else { b.visitInfo = append(b.visitInfo, visitInfo{ privilege: mysql.InsertPriv, From 0f8049ee20b33713f9a22e5f70118bd8061c1bfa Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Wed, 27 Mar 2019 11:18:21 +0800 Subject: [PATCH 08/13] use iter --- planner/core/planbuilder.go | 78 +++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 38 deletions(-) diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index 2c400d8d14022..516ba1a89f1f4 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1521,44 +1521,46 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { table: v.Table.Name.L, err: nil, }) - if len(v.Specs) == 1 && v.Specs[0].Tp == ast.AlterTableRenameTable { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.DropPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.CreatePriv, - db: v.Specs[0].NewTable.Schema.L, - table: v.Specs[0].NewTable.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.InsertPriv, - db: v.Specs[0].NewTable.Schema.L, - table: v.Specs[0].NewTable.Name.L, - err: nil, - }) - } else if len(v.Specs) == 1 && v.Specs[0].Tp == ast.AlterTableDropPartition { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.DropPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) - } else { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.InsertPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.CreatePriv, - db: v.Table.Schema.L, - err: nil, - }) + for _, spec := range v.Specs { + if spec.Tp == ast.AlterTableRenameTable { + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.DropPriv, + db: v.Table.Schema.L, + table: v.Table.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.CreatePriv, + db: spec.NewTable.Schema.L, + table: spec.NewTable.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.InsertPriv, + db: spec.NewTable.Schema.L, + table: spec.NewTable.Name.L, + err: nil, + }) + } else if v.Specs[0].Tp == ast.AlterTableDropPartition { + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.DropPriv, + db: v.Table.Schema.L, + table: v.Table.Name.L, + err: nil, + }) + } else { + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.InsertPriv, + db: v.Table.Schema.L, + table: v.Table.Name.L, + err: nil, + }) + b.visitInfo = append(b.visitInfo, visitInfo{ + privilege: mysql.CreatePriv, + db: v.Table.Schema.L, + err: nil, + }) + } } case *ast.CreateDatabaseStmt: b.visitInfo = append(b.visitInfo, visitInfo{ From abd0b462f2bb7f20bc4677f4e915dc6780273959 Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Sun, 31 Mar 2019 15:22:38 +0800 Subject: [PATCH 09/13] replace to appendVisitinfo --- planner/core/planbuilder.go | 169 ++++++++++-------------------------- 1 file changed, 44 insertions(+), 125 deletions(-) diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index 33561bbccaa69..431a5bea8be84 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1201,12 +1201,8 @@ func (b *PlanBuilder) buildInsert(insert *ast.InsertStmt) (Plan, error) { IsReplace: insert.IsReplace, }.Init(b.ctx) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.InsertPriv, - db: tn.DBInfo.Name.L, - table: tableInfo.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, tn.DBInfo.Name.L, + tableInfo.Name.L, "", nil) mockTablePlan := LogicalTableDual{}.Init(b.ctx) mockTablePlan.SetSchema(insertPlan.tableSchema) @@ -1512,80 +1508,38 @@ func (b *PlanBuilder) buildLoadStats(ld *ast.LoadStatsStmt) Plan { func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { switch v := node.(type) { case *ast.AlterTableStmt: - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.AlterPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.AlterPriv, v.Table.Schema.L, + v.Table.Name.L, "", nil) for _, spec := range v.Specs { if spec.Tp == ast.AlterTableRenameTable { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.DropPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.CreatePriv, - db: spec.NewTable.Schema.L, - table: spec.NewTable.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.InsertPriv, - db: spec.NewTable.Schema.L, - table: spec.NewTable.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L, + v.Table.Name.L, "", nil) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, spec.NewTable.Schema.L, + spec.NewTable.Name.L, "", nil) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, spec.NewTable.Schema.L, + spec.NewTable.Name.L, "", nil) } else if v.Specs[0].Tp == ast.AlterTableDropPartition { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.DropPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L, + v.Table.Name.L, "", nil) } else { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.InsertPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.CreatePriv, - db: v.Table.Schema.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, v.Table.Schema.L, + v.Table.Name.L, "", nil) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Table.Schema.L, + "", "", nil) } } case *ast.CreateDatabaseStmt: - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.CreatePriv, - db: v.Name, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Name, + "", "", nil) case *ast.CreateIndexStmt: - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.IndexPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.IndexPriv, v.Table.Schema.L, + v.Table.Name.L, "", nil) case *ast.CreateTableStmt: - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.CreatePriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Table.Schema.L, + v.Table.Name.L, "", nil) if v.ReferTable != nil { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.SelectPriv, - db: v.ReferTable.Schema.L, - table: v.ReferTable.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SelectPriv, v.ReferTable.Schema.L, + v.ReferTable.Name.L, "", nil) } case *ast.CreateViewStmt: plan, err := b.Build(v.Select) @@ -1603,76 +1557,41 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { } v.Select.(*ast.SelectStmt).Fields.Fields = fieldList if _, ok := plan.(LogicalPlan); ok { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.CreateViewPriv, - db: v.ViewName.Schema.L, - table: v.ViewName.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreateViewPriv, v.ViewName.Schema.L, + v.ViewName.Name.L, "", nil) } if v.Definer.CurrentUser { v.Definer = b.ctx.GetSessionVars().User } if b.ctx.GetSessionVars().User != nil && v.Definer.String() != b.ctx.GetSessionVars().User.String() { err = ErrSpecificAccessDenied.GenWithStackByArgs("SUPER") - b.visitInfo = append(b.visitInfo, visitInfo{privilege: mysql.SuperPriv, db: "", table: "", err: err}) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SuperPriv, "", + "", "", err) } case *ast.DropDatabaseStmt: - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.DropPriv, - db: v.Name, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Name, + "", "", nil) case *ast.DropIndexStmt: - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.IndexPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.IndexPriv, v.Table.Schema.L, + v.Table.Name.L, "", nil) case *ast.DropTableStmt: for _, tableVal := range v.Tables { - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.DropPriv, - db: tableVal.Schema.L, - table: tableVal.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, tableVal.Schema.L, + tableVal.Name.L, "", nil) } case *ast.TruncateTableStmt: - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.DropPriv, - db: v.Table.Schema.L, - table: v.Table.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L, + v.Table.Name.L, "", nil) case *ast.RenameTableStmt: - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.AlterPriv, - db: v.OldTable.Schema.L, - table: v.OldTable.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.DropPriv, - db: v.OldTable.Schema.L, - table: v.OldTable.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.CreatePriv, - db: v.NewTable.Schema.L, - table: v.NewTable.Name.L, - err: nil, - }) - b.visitInfo = append(b.visitInfo, visitInfo{ - privilege: mysql.InsertPriv, - db: v.NewTable.Schema.L, - table: v.NewTable.Name.L, - err: nil, - }) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.AlterPriv, v.OldTable.Schema.L, + v.OldTable.Name.L, "", nil) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.OldTable.Schema.L, + v.OldTable.Name.L, "", nil) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.NewTable.Schema.L, + v.NewTable.Name.L, "", nil) + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, v.NewTable.Schema.L, + v.NewTable.Name.L, "", nil) } - p := &DDL{Statement: node} return p, nil } From 32fd19f35ba6f75ab7c50c31ebedbc95c68afeb7 Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Sun, 31 Mar 2019 17:21:17 +0800 Subject: [PATCH 10/13] add error --- planner/core/planbuilder.go | 110 +++++++++++++++++++++++++++++++----- 1 file changed, 97 insertions(+), 13 deletions(-) diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index 431a5bea8be84..9cffb21927b5c 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1201,8 +1201,14 @@ func (b *PlanBuilder) buildInsert(insert *ast.InsertStmt) (Plan, error) { IsReplace: insert.IsReplace, }.Init(b.ctx) + var authErr error + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("INSERT", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, tableInfo.Name.L) + } + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, tn.DBInfo.Name.L, - tableInfo.Name.L, "", nil) + tableInfo.Name.L, "", authErr) mockTablePlan := LogicalTableDual{}.Init(b.ctx) mockTablePlan.SetSchema(insertPlan.tableSchema) @@ -1506,38 +1512,80 @@ func (b *PlanBuilder) buildLoadStats(ld *ast.LoadStatsStmt) Plan { } func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { + var authErr error switch v := node.(type) { case *ast.AlterTableStmt: + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("ALTER", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.Table.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.AlterPriv, v.Table.Schema.L, - v.Table.Name.L, "", nil) + v.Table.Name.L, "", authErr) for _, spec := range v.Specs { if spec.Tp == ast.AlterTableRenameTable { + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.Table.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L, - v.Table.Name.L, "", nil) + v.Table.Name.L, "", authErr) + + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, spec.NewTable.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, spec.NewTable.Schema.L, - spec.NewTable.Name.L, "", nil) + spec.NewTable.Name.L, "", authErr) + + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("INSERT", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, spec.NewTable.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, spec.NewTable.Schema.L, - spec.NewTable.Name.L, "", nil) - } else if v.Specs[0].Tp == ast.AlterTableDropPartition { + spec.NewTable.Name.L, "", authErr) + } else if spec.Tp == ast.AlterTableDropPartition { + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.Table.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L, - v.Table.Name.L, "", nil) + v.Table.Name.L, "", authErr) } else { + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("INSERT", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.Table.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, v.Table.Schema.L, - v.Table.Name.L, "", nil) + v.Table.Name.L, "", authErr) + + // TODO: Add authErr b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Table.Schema.L, "", "", nil) } } case *ast.CreateDatabaseStmt: + // TODO: Add authErr b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Name, "", "", nil) case *ast.CreateIndexStmt: + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("INDEX", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.Table.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.IndexPriv, v.Table.Schema.L, - v.Table.Name.L, "", nil) + v.Table.Name.L, "", authErr) case *ast.CreateTableStmt: + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.Table.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Table.Schema.L, - v.Table.Name.L, "", nil) + v.Table.Name.L, "", authErr) if v.ReferTable != nil { + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.ReferTable.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SelectPriv, v.ReferTable.Schema.L, v.ReferTable.Name.L, "", nil) } @@ -1557,8 +1605,12 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { } v.Select.(*ast.SelectStmt).Fields.Fields = fieldList if _, ok := plan.(LogicalPlan); ok { + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE VIEW", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.ViewName.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreateViewPriv, v.ViewName.Schema.L, - v.ViewName.Name.L, "", nil) + v.ViewName.Name.L, "", authErr) } if v.Definer.CurrentUser { v.Definer = b.ctx.GetSessionVars().User @@ -1569,26 +1621,58 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { "", "", err) } case *ast.DropDatabaseStmt: + // TODO: add authErr b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Name, "", "", nil) case *ast.DropIndexStmt: + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("INDEx", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.Table.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.IndexPriv, v.Table.Schema.L, - v.Table.Name.L, "", nil) + v.Table.Name.L, "", authErr) case *ast.DropTableStmt: for _, tableVal := range v.Tables { + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, tableVal.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, tableVal.Schema.L, - tableVal.Name.L, "", nil) + tableVal.Name.L, "", authErr) } case *ast.TruncateTableStmt: + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.Table.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L, v.Table.Name.L, "", nil) case *ast.RenameTableStmt: + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("ALTER", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.OldTable.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.AlterPriv, v.OldTable.Schema.L, v.OldTable.Name.L, "", nil) + + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.OldTable.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.OldTable.Schema.L, v.OldTable.Name.L, "", nil) + + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.NewTable.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.NewTable.Schema.L, v.NewTable.Name.L, "", nil) + + if b.ctx.GetSessionVars().User != nil { + authErr = ErrTableaccessDenied.GenWithStackByArgs("INSERT", b.ctx.GetSessionVars().User.Hostname, + b.ctx.GetSessionVars().User.Username, v.NewTable.Name.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, v.NewTable.Schema.L, v.NewTable.Name.L, "", nil) } From 2595458e909300c4d80f09dad194396283a867cf Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Sun, 31 Mar 2019 17:25:30 +0800 Subject: [PATCH 11/13] fix CI --- planner/core/planbuilder.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index 9cffb21927b5c..37b902ef12c55 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1587,7 +1587,7 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { b.ctx.GetSessionVars().User.Username, v.ReferTable.Name.L) } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SelectPriv, v.ReferTable.Schema.L, - v.ReferTable.Name.L, "", nil) + v.ReferTable.Name.L, "", authErr) } case *ast.CreateViewStmt: plan, err := b.Build(v.Select) @@ -1646,35 +1646,35 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { b.ctx.GetSessionVars().User.Username, v.Table.Name.L) } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L, - v.Table.Name.L, "", nil) + v.Table.Name.L, "", authErr) case *ast.RenameTableStmt: if b.ctx.GetSessionVars().User != nil { authErr = ErrTableaccessDenied.GenWithStackByArgs("ALTER", b.ctx.GetSessionVars().User.Hostname, b.ctx.GetSessionVars().User.Username, v.OldTable.Name.L) } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.AlterPriv, v.OldTable.Schema.L, - v.OldTable.Name.L, "", nil) + v.OldTable.Name.L, "", authErr) if b.ctx.GetSessionVars().User != nil { authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname, b.ctx.GetSessionVars().User.Username, v.OldTable.Name.L) } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.OldTable.Schema.L, - v.OldTable.Name.L, "", nil) + v.OldTable.Name.L, "", authErr) if b.ctx.GetSessionVars().User != nil { authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE", b.ctx.GetSessionVars().User.Hostname, b.ctx.GetSessionVars().User.Username, v.NewTable.Name.L) } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.NewTable.Schema.L, - v.NewTable.Name.L, "", nil) + v.NewTable.Name.L, "", authErr) if b.ctx.GetSessionVars().User != nil { authErr = ErrTableaccessDenied.GenWithStackByArgs("INSERT", b.ctx.GetSessionVars().User.Hostname, b.ctx.GetSessionVars().User.Username, v.NewTable.Name.L) } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, v.NewTable.Schema.L, - v.NewTable.Name.L, "", nil) + v.NewTable.Name.L, "", authErr) } p := &DDL{Statement: node} return p, nil From 9f251e622fb82d33c9e955aa9ff45edab8a8e78d Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Mon, 1 Apr 2019 10:52:26 +0800 Subject: [PATCH 12/13] add Err DBaccessDenied --- planner/core/errors.go | 3 +++ planner/core/planbuilder.go | 21 +++++++++++++++------ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/planner/core/errors.go b/planner/core/errors.go index 308c30a71443c..d3ff18f10988d 100644 --- a/planner/core/errors.go +++ b/planner/core/errors.go @@ -63,6 +63,7 @@ const ( codeWindowDuplicateName = mysql.ErrWindowDuplicateName codeErrTooBigPrecision = mysql.ErrTooBigPrecision codePartitionClauseOnNonpartitioned = mysql.ErrPartitionClauseOnNonpartitioned + codeDBaccessDenied = mysql.ErrDBaccessDenied codeTableaccessDenied = mysql.ErrTableaccessDenied codeSpecificAccessDenied = mysql.ErrSpecificAccessDenied codeWindowFrameStartIllegal = mysql.ErrWindowFrameStartIllegal @@ -123,6 +124,7 @@ var ( ErrWindowDuplicateName = terror.ClassOptimizer.New(codeWindowDuplicateName, mysql.MySQLErrName[mysql.ErrWindowDuplicateName]) ErrPartitionClauseOnNonpartitioned = terror.ClassOptimizer.New(codePartitionClauseOnNonpartitioned, mysql.MySQLErrName[mysql.ErrPartitionClauseOnNonpartitioned]) errTooBigPrecision = terror.ClassExpression.New(mysql.ErrTooBigPrecision, mysql.MySQLErrName[mysql.ErrTooBigPrecision]) + ErrDBaccessDenied = terror.ClassOptimizer.New(mysql.ErrDBaccessDenied, mysql.MySQLErrName[mysql.ErrDBaccessDenied]) ErrTableaccessDenied = terror.ClassOptimizer.New(mysql.ErrTableaccessDenied, mysql.MySQLErrName[mysql.ErrTableaccessDenied]) ErrSpecificAccessDenied = terror.ClassOptimizer.New(mysql.ErrSpecificAccessDenied, mysql.MySQLErrName[mysql.ErrSpecificAccessDenied]) ErrWindowFrameStartIllegal = terror.ClassOptimizer.New(codeWindowFrameStartIllegal, mysql.MySQLErrName[mysql.ErrWindowFrameStartIllegal]) @@ -173,6 +175,7 @@ func init() { codeWindowDuplicateName: mysql.ErrWindowDuplicateName, codePartitionClauseOnNonpartitioned: mysql.ErrPartitionClauseOnNonpartitioned, codeErrTooBigPrecision: mysql.ErrTooBigPrecision, + codeDBaccessDenied: mysql.ErrDBaccessDenied, codeTableaccessDenied: mysql.ErrTableaccessDenied, codeSpecificAccessDenied: mysql.ErrSpecificAccessDenied, codeWindowFrameStartIllegal: mysql.ErrWindowFrameStartIllegal, diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index 37b902ef12c55..88eba93636114 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1558,15 +1558,21 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, v.Table.Schema.L, v.Table.Name.L, "", authErr) - // TODO: Add authErr + if b.ctx.GetSessionVars().User != nil { + authErr = ErrDBaccessDenied.GenWithStackByArgs(b.ctx.GetSessionVars().User.Username, + b.ctx.GetSessionVars().User.Hostname, v.Table.Schema.L) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Table.Schema.L, - "", "", nil) + "", "", authErr) } } case *ast.CreateDatabaseStmt: - // TODO: Add authErr + if b.ctx.GetSessionVars().User != nil { + authErr = ErrDBaccessDenied.GenWithStackByArgs(b.ctx.GetSessionVars().User.Username, + b.ctx.GetSessionVars().User.Hostname, v.Name) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Name, - "", "", nil) + "", "", authErr) case *ast.CreateIndexStmt: if b.ctx.GetSessionVars().User != nil { authErr = ErrTableaccessDenied.GenWithStackByArgs("INDEX", b.ctx.GetSessionVars().User.Hostname, @@ -1621,9 +1627,12 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { "", "", err) } case *ast.DropDatabaseStmt: - // TODO: add authErr + if b.ctx.GetSessionVars().User != nil { + authErr = ErrDBaccessDenied.GenWithStackByArgs(b.ctx.GetSessionVars().User.Username, + b.ctx.GetSessionVars().User.Hostname, v.Name) + } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Name, - "", "", nil) + "", "", authErr) case *ast.DropIndexStmt: if b.ctx.GetSessionVars().User != nil { authErr = ErrTableaccessDenied.GenWithStackByArgs("INDEx", b.ctx.GetSessionVars().User.Hostname, From 7ced1f04af5714f006f0ae6fb8c36c33b05802bf Mon Sep 17 00:00:00 2001 From: Keyi Xie Date: Mon, 1 Apr 2019 13:34:07 +0800 Subject: [PATCH 13/13] delete CREATE INSERT when ALTER --- planner/core/planbuilder.go | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index 88eba93636114..8fbe4706a438f 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -1550,20 +1550,6 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) { } b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L, v.Table.Name.L, "", authErr) - } else { - if b.ctx.GetSessionVars().User != nil { - authErr = ErrTableaccessDenied.GenWithStackByArgs("INSERT", b.ctx.GetSessionVars().User.Hostname, - b.ctx.GetSessionVars().User.Username, v.Table.Name.L) - } - b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, v.Table.Schema.L, - v.Table.Name.L, "", authErr) - - if b.ctx.GetSessionVars().User != nil { - authErr = ErrDBaccessDenied.GenWithStackByArgs(b.ctx.GetSessionVars().User.Username, - b.ctx.GetSessionVars().User.Hostname, v.Table.Schema.L) - } - b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Table.Schema.L, - "", "", authErr) } } case *ast.CreateDatabaseStmt: