From 081a2c5cccf4d82ca2ad33cdc9f2f21d3319e2d5 Mon Sep 17 00:00:00 2001 From: Morgan Tocker Date: Fri, 4 Jan 2019 19:32:10 -0700 Subject: [PATCH] planner, privilege: check user priv on SET GLOBAL (#8837) * planner, privilege: check user priv on SET GLOBAL --- planner/core/planbuilder.go | 3 +++ privilege/privileges/privileges_test.go | 15 +++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index 11b11cb50c..ee723274ff 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -248,6 +248,9 @@ func (b *PlanBuilder) buildDo(v *ast.DoStmt) (Plan, error) { func (b *PlanBuilder) buildSet(v *ast.SetStmt) (Plan, error) { p := &Set{} for _, vars := range v.Variables { + if vars.IsGlobal { + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SuperPriv, "", "", "", nil) + } assign := &expression.VarAssignment{ Name: vars.Name, IsGlobal: vars.IsGlobal, diff --git a/privilege/privileges/privileges_test.go b/privilege/privileges/privileges_test.go index a827e04124..9f412715ed 100644 --- a/privilege/privileges/privileges_test.go +++ b/privilege/privileges/privileges_test.go @@ -326,6 +326,21 @@ func (s *testPrivilegeSuite) TestUseDb(c *C) { } +func (s *testPrivilegeSuite) TestSetGlobal(c *C) { + se := newSession(c, s.store, s.dbName) + mustExec(c, se, `CREATE USER setglobal_a@localhost`) + mustExec(c, se, `CREATE USER setglobal_b@localhost`) + mustExec(c, se, `GRANT SUPER ON *.* to setglobal_a@localhost`) + mustExec(c, se, `FLUSH PRIVILEGES`) + + c.Assert(se.Auth(&auth.UserIdentity{Username: "setglobal_a", Hostname: "localhost"}, nil, nil), IsTrue) + mustExec(c, se, `set global innodb_commit_concurrency=16`) + + c.Assert(se.Auth(&auth.UserIdentity{Username: "setglobal_b", Hostname: "localhost"}, nil, nil), IsTrue) + _, err := se.Execute(context.Background(), `set global innodb_commit_concurrency=16`) + c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue) +} + func (s *testPrivilegeSuite) TestAnalyzeTable(c *C) { se := newSession(c, s.store, s.dbName)