database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[fix](auth)Fix use encryptkey should check auth (#41791) (#42105)

Browse Source 
pick from master #41791
This commit is contained in:
zhangdong
2024-10-25 14:32:42 +08:00
committed by GitHub
parent 120bf28d1e
commit b88d4db6e7
3 changed files with 80 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
fe/fe-core/src/main/java/org/apache/doris/analysis/EncryptKeyRef.java
View File

@ -19,10 +19,14 @@ package org.apache.doris.analysis;
import org.apache.doris.catalog.Database;
import org.apache.doris.catalog.EncryptKey;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Type;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.thrift.TExprNode;
import com.google.common.base.Strings;
@ -55,6 +59,13 @@ public class EncryptKeyRef extends Expr {
if ("".equals(dbName)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_NO_DB_ERROR);
} else {
if (!Env.getCurrentEnv().getAccessManager()
.checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME,
dbName, PrivPredicate.SHOW)) {
String message = ErrorCode.ERR_DB_ACCESS_DENIED_ERROR.formatErrorMsg(
PrivPredicate.SHOW.getPrivs().toString(), dbName);
throw new AnalysisException(message);
}
Database database = analyzer.getEnv().getInternalCatalog().getDbOrAnalysisException(dbName);
EncryptKey encryptKey = database.getEncryptKey(encryptKeyName.getKeyName());

10
fe/fe-core/src/main/java/org/apache/doris/nereids/rules/expression/rules/FoldConstantRuleOnFE.java
View File

@ -20,7 +20,10 @@ package org.apache.doris.nereids.rules.expression.rules;
import org.apache.doris.catalog.EncryptKey;
import org.apache.doris.catalog.Env;
import org.apache.doris.cluster.ClusterNamespace;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.util.DebugUtil;
import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.nereids.exceptions.AnalysisException;
import org.apache.doris.nereids.rules.expression.AbstractExpressionRewriteRule;
import org.apache.doris.nereids.rules.expression.ExpressionListenerMatcher;
@ -216,6 +219,13 @@ public class FoldConstantRuleOnFE extends AbstractExpressionRewriteRule
if ("".equals(dbName)) {
throw new AnalysisException("DB " + dbName + "not found");
}
if (!Env.getCurrentEnv().getAccessManager()
.checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME,
dbName, PrivPredicate.SHOW)) {
String message = ErrorCode.ERR_DB_ACCESS_DENIED_ERROR.formatErrorMsg(
PrivPredicate.SHOW.getPrivs().toString(), dbName);
throw new AnalysisException(message);
}
org.apache.doris.catalog.Database database =
Env.getCurrentEnv().getInternalCatalog().getDbNullable(dbName);
if (database == null) {