database/tidb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

planner, privilege: check user priv on SET GLOBAL (#8837)

Browse Source 
* planner, privilege: check user priv on SET GLOBAL
This commit is contained in:
Morgan Tocker
2019-01-04 19:32:10 -07:00
committed by GitHub
parent cfff96555e
commit 081a2c5ccc
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
planner/core/planbuilder.go
View File

@ -248,6 +248,9 @@ func (b *PlanBuilder) buildDo(v *ast.DoStmt) (Plan, error) {
func (b *PlanBuilder) buildSet(v *ast.SetStmt) (Plan, error) {
p := &Set{}
for _, vars := range v.Variables {
if vars.IsGlobal {
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SuperPriv, "", "", "", nil)
}
assign := &expression.VarAssignment{
Name: vars.Name,
IsGlobal: vars.IsGlobal,

15
privilege/privileges/privileges_test.go
View File

@ -326,6 +326,21 @@ func (s *testPrivilegeSuite) TestUseDb(c *C) {
}
func (s *testPrivilegeSuite) TestSetGlobal(c *C) {
se := newSession(c, s.store, s.dbName)
mustExec(c, se, `CREATE USER setglobal_a@localhost`)
mustExec(c, se, `CREATE USER setglobal_b@localhost`)
mustExec(c, se, `GRANT SUPER ON *.* to setglobal_a@localhost`)
mustExec(c, se, `FLUSH PRIVILEGES`)
c.Assert(se.Auth(&auth.UserIdentity{Username: "setglobal_a", Hostname: "localhost"}, nil, nil), IsTrue)
mustExec(c, se, `set global innodb_commit_concurrency=16`)
c.Assert(se.Auth(&auth.UserIdentity{Username: "setglobal_b", Hostname: "localhost"}, nil, nil), IsTrue)
_, err := se.Execute(context.Background(), `set global innodb_commit_concurrency=16`)
c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue)
}
func (s *testPrivilegeSuite) TestAnalyzeTable(c *C) {
se := newSession(c, s.store, s.dbName)