hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

add 'WITH mysql_native_password' grammar

Browse Source
This commit is contained in:
jingtaoye35
2023-10-11 12:13:26 +00:00
committed by ob-robot
parent 212b6f89c1
commit 07082136a1
9 changed files with 166 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/sql/resolver/dcl/ob_create_user_resolver.cpp
View File

@ -93,7 +93,8 @@ int ObCreateUserResolver::resolve(const ParseNode &parse_tree)
if (OB_ISNULL(user_pass)) {
ret = OB_ERR_PARSE_SQL;
LOG_WARN("The child of parseNode should not be NULL", K(ret), K(i));
} else if (4 != user_pass->num_child_) {
} else if (OB_UNLIKELY(lib::is_oracle_mode() && 4 != user_pass->num_child_) ||
OB_UNLIKELY(lib::is_mysql_mode() && 5 != user_pass->num_child_ )) {
ret = OB_ERR_PARSE_SQL;
LOG_WARN("sql_parser parse user_identification error", K(ret));
} else if (OB_ISNULL(user_pass->children_[0])) {
@ -117,35 +118,50 @@ int ObCreateUserResolver::resolve(const ParseNode &parse_tree)
host_name.assign_ptr(user_pass->children_[3]->str_value_,
static_cast<int32_t>(user_pass->children_[3]->str_len_));
}
if (lib::is_oracle_mode() && 0 != host_name.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_SUCC(ret) && lib::is_mysql_mode() && NULL != user_pass->children_[4]) {
/* here code is to mock a auth plugin check. */
ObString auth_plugin(static_cast<int32_t>(user_pass->children_[4]->str_len_),
user_pass->children_[4]->str_value_);
ObString default_auth_plugin;
if (OB_FAIL(session_info_->get_sys_variable(SYS_VAR_DEFAULT_AUTHENTICATION_PLUGIN,
default_auth_plugin))) {
LOG_WARN("fail to get block encryption variable", K(ret));
} else if (0 != auth_plugin.compare(default_auth_plugin)) {
ret = OB_ERR_PLUGIN_IS_NOT_LOADED;
LOG_USER_ERROR(OB_ERR_PLUGIN_IS_NOT_LOADED, auth_plugin.length(), auth_plugin.ptr());
} else {/* do nothing */}
}
if (OB_SUCC(ret) && lib::is_oracle_mode() && 0 != host_name.compare(OB_DEFAULT_HOST_NAME)) {
ret = OB_NOT_SUPPORTED;
LOG_USER_ERROR(OB_NOT_SUPPORTED, "create user with hostname");
LOG_WARN("create user should not use hostname in oracle mode", K(ret));
}
ObString password;
ObString need_enc_str = ObString::make_string("NO");
if (user_name.empty()) {
ret = OB_CANNOT_USER;
LOG_WARN("user name is empty", K(ret));
ObString create_user = ObString::make_string("CREATE USER");
LOG_USER_ERROR(OB_CANNOT_USER, create_user.length(), create_user.ptr(), host_name.length(), host_name.ptr());
} else if (OB_ISNULL(user_pass->children_[1])) {
password = ObString::make_string("");
//no enc
} else if (OB_ISNULL(user_pass->children_[2])) {
ret = OB_ERR_PARSE_SQL;
LOG_WARN("Child 2 of user_pass should not be NULL here", K(ret));
} else {
password.assign_ptr(user_pass->children_[1]->str_value_,
static_cast<int32_t>(user_pass->children_[1]->str_len_));
bool need_enc = (1 == user_pass->children_[2]->value_);
if (need_enc) {
need_enc_str = ObString::make_string("YES");
} else {
if (OB_SUCC(ret)) {
if (user_name.empty()) {
ret = OB_CANNOT_USER;
LOG_WARN("user name is empty", K(ret));
ObString create_user = ObString::make_string("CREATE USER");
LOG_USER_ERROR(OB_CANNOT_USER, create_user.length(), create_user.ptr(), host_name.length(), host_name.ptr());
} else if (OB_ISNULL(user_pass->children_[1])) {
password = ObString::make_string("");
//no enc
if (!ObSetPasswordResolver::is_valid_mysql41_passwd(password)) {
ret = OB_ERR_PASSWORD_FORMAT;
LOG_WARN("Wrong password format", K(user_name), K(password), K(ret));
} else if (OB_ISNULL(user_pass->children_[2])) {
ret = OB_ERR_PARSE_SQL;
LOG_WARN("Child 2 of user_pass should not be NULL here", K(ret));
} else {
password.assign_ptr(user_pass->children_[1]->str_value_,
static_cast<int32_t>(user_pass->children_[1]->str_len_));
bool need_enc = (1 == user_pass->children_[2]->value_);
if (need_enc) {
need_enc_str = ObString::make_string("YES");
} else {
//no enc
if (!ObSetPasswordResolver::is_valid_mysql41_passwd(password)) {
ret = OB_ERR_PASSWORD_FORMAT;
LOG_WARN("Wrong password format", K(user_name), K(password), K(ret));
}
}
}
}

72
src/sql/resolver/dcl/ob_grant_resolver.cpp
View File

@ -33,6 +33,7 @@ ObGrantResolver::~ObGrantResolver()
int ObGrantResolver::resolve_grantee_clause(
const ParseNode *grantee_clause,
ObSQLSessionInfo *session_info,
ObIArray<ObString> &user_name_array,
ObIArray<ObString> &host_name_array)
{
@ -61,7 +62,7 @@ int ObGrantResolver::resolve_grantee_clause(
} else {
ObString user_name;
ObString host_name(OB_DEFAULT_HOST_NAME);
if (OB_FAIL(resolve_grant_user(grant_user, user_name, host_name))) {
if (OB_FAIL(resolve_grant_user(grant_user, session_info, user_name, host_name))) {
LOG_WARN("failed to resolve grant_user", K(ret), K(grant_user));
} else {
OZ(user_name_array.push_back(user_name));
@ -77,7 +78,7 @@ int ObGrantResolver::resolve_grantee_clause(
} else {
ObString user_name;
ObString host_name(OB_DEFAULT_HOST_NAME);
if (OB_FAIL(resolve_grant_user(grant_user, user_name, host_name))) {
if (OB_FAIL(resolve_grant_user(grant_user, session_info, user_name, host_name))) {
LOG_WARN("failed to resolve grant_user", K(ret), K(grant_user));
} else {
OZ(user_name_array.push_back(user_name));
@ -91,17 +92,18 @@ int ObGrantResolver::resolve_grantee_clause(
int ObGrantResolver::resolve_grant_user(
const ParseNode *grant_user,
ObSQLSessionInfo *session_info,
ObString &user_name,
ObString &host_name)
{
int ret = OB_SUCCESS;
if (OB_ISNULL(grant_user)) {
if (OB_ISNULL(grant_user) || OB_ISNULL(session_info)) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("resolve grant_user error", K(ret));
} else {
if (grant_user->type_ == T_CREATE_USER_SPEC) {
if (grant_user->num_child_ != 4) {
if (OB_UNLIKELY(lib::is_oracle_mode() && 4 != grant_user->num_child_) ||
OB_UNLIKELY(lib::is_mysql_mode() && 5 != grant_user->num_child_)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("Parse node error in grentee ", K(ret));
} else {
@ -112,6 +114,19 @@ int ObGrantResolver::resolve_grant_user(
host_name.assign_ptr(const_cast<char *>(grant_user->children_[3]->str_value_),
static_cast<int32_t>(grant_user->children_[3]->str_len_));
}
if (lib::is_mysql_mode() && NULL != grant_user->children_[4]) {
/* here code is to mock a auth plugin check. */
ObString auth_plugin(static_cast<int32_t>(grant_user->children_[4]->str_len_),
grant_user->children_[4]->str_value_);
ObString default_auth_plugin;
if (OB_FAIL(session_info->get_sys_variable(share::SYS_VAR_DEFAULT_AUTHENTICATION_PLUGIN,
default_auth_plugin))) {
LOG_WARN("fail to get block encryption variable", K(ret));
} else if (0 != auth_plugin.compare(default_auth_plugin)) {
ret = OB_ERR_PLUGIN_IS_NOT_LOADED;
LOG_USER_ERROR(OB_ERR_PLUGIN_IS_NOT_LOADED, auth_plugin.length(), auth_plugin.ptr());
} else {/* do nothing */}
}
}
} else {
user_name.assign_ptr(const_cast<char *>(grant_user->str_value_),
@ -164,7 +179,8 @@ int ObGrantResolver::resolve_grant_role_to_ur(
grant_stmt->set_masked_sql(masked_sql);
}
if (OB_FAIL(ret)) {
} else if (OB_FAIL(resolve_grantee_clause(grantee_clause, user_name_array, host_name_array))) {
} else if (OB_FAIL(resolve_grantee_clause(grantee_clause, params_.session_info_,
user_name_array, host_name_array))) {
LOG_WARN("resolve grentee fail", K(ret));
} else {
if (user_name_array.count() != host_name_array.count()) {
@ -412,7 +428,8 @@ int ObGrantResolver::resolve_grant_sys_priv_to_ur(
}
ObSArray<ObString> user_name_array;
ObSArray<ObString> host_name_array;
if (OB_FAIL(resolve_grantee_clause(grantee_clause, user_name_array, host_name_array))){
if (OB_FAIL(resolve_grantee_clause(grantee_clause, params_.session_info_,
user_name_array, host_name_array))){
LOG_WARN("resolve grantee_clause failed", K(ret));
} else {
if (user_name_array.count() != host_name_array.count()) {
@ -692,7 +709,8 @@ int ObGrantResolver::resolve_grantee_clause(
}
// resolve grantee_clause to get user_name_array and host_name_array
if (OB_SUCC(ret)) {
if (OB_FAIL(resolve_grantee_clause(grantee_clause, user_name_array, host_name_array))) {
if (OB_FAIL(resolve_grantee_clause(grantee_clause, params_.session_info_, user_name_array,
host_name_array))) {
LOG_WARN("resolve_grantee_clause fail", K(ret));
} else {
CK (user_name_array.count() == host_name_array.count());
@ -1069,7 +1087,8 @@ int ObGrantResolver::resolve_grant_obj_privileges(
host_name.assign_ptr(OB_DEFAULT_HOST_NAME,
static_cast<int32_t>(STRLEN(OB_DEFAULT_HOST_NAME)));
pwd = ObString("");
} else if (4 != user_node->num_child_) {
} else if (OB_UNLIKELY(lib::is_oracle_mode() && 4 != user_node->num_child_) ||
OB_UNLIKELY(lib::is_mysql_mode() && 5 != user_node->num_child_)) {
ret = OB_ERR_PARSE_SQL;
LOG_WARN("User specification's child node num error", K(ret));
} else if (OB_ISNULL(user_node->children_[0])) {
@ -1085,7 +1104,21 @@ int ObGrantResolver::resolve_grant_obj_privileges(
host_name.assign_ptr(user_node->children_[3]->str_value_,
static_cast<int32_t>(user_node->children_[3]->str_len_));
}
if (user_node->children_[1] != NULL) {
if (lib::is_mysql_mode() && NULL != user_node->children_[4]) {
/* here code is to mock a auth plugin check. */
ObString auth_plugin(static_cast<int32_t>(user_node->children_[4]->str_len_),
user_node->children_[4]->str_value_);
ObString default_auth_plugin;
if (OB_FAIL(params_.session_info_->get_sys_variable(
share::SYS_VAR_DEFAULT_AUTHENTICATION_PLUGIN,
default_auth_plugin))) {
LOG_WARN("fail to get block encryption variable", K(ret));
} else if (0 != auth_plugin.compare(default_auth_plugin)) {
ret = OB_ERR_PLUGIN_IS_NOT_LOADED;
LOG_USER_ERROR(OB_ERR_PLUGIN_IS_NOT_LOADED, auth_plugin.length(), auth_plugin.ptr());
} else {/* do nothing */}
}
if (OB_SUCC(ret) && user_node->children_[1] != NULL) {
if (0 != user_name.compare(session_info_->get_user_name())) {
grant_stmt->set_need_create_user_priv(true);
}
@ -1313,7 +1346,8 @@ int ObGrantResolver::resolve_mysql(const ParseNode &parse_tree)
if (OB_ISNULL(user_node)) {
ret = OB_ERR_PARSE_SQL;
LOG_WARN("Parse SQL error, user node should not be NULL", K(user_node), K(ret));
} else if (4 != user_node->num_child_) {
} else if (OB_UNLIKELY(lib::is_oracle_mode() && 4 != user_node->num_child_) ||
OB_UNLIKELY(lib::is_mysql_mode() && 5 != user_node->num_child_)) {
ret = OB_ERR_PARSE_SQL;
LOG_WARN("User specification's child node num error", K(ret));
} else if (OB_ISNULL(user_node->children_[0])) {
@ -1328,7 +1362,21 @@ int ObGrantResolver::resolve_mysql(const ParseNode &parse_tree)
host_name.assign_ptr(user_node->children_[3]->str_value_,
static_cast<int32_t>(user_node->children_[3]->str_len_));
}
if (user_node->children_[1] != NULL) {
if (lib::is_mysql_mode() && NULL != user_node->children_[4]) {
/* here code is to mock a auth plugin check. */
ObString auth_plugin(static_cast<int32_t>(user_node->children_[4]->str_len_),
user_node->children_[4]->str_value_);
ObString default_auth_plugin;
if (OB_FAIL(params_.session_info_->get_sys_variable(
share::SYS_VAR_DEFAULT_AUTHENTICATION_PLUGIN,
default_auth_plugin))) {
LOG_WARN("fail to get block encryption variable", K(ret));
} else if (0 != auth_plugin.compare(default_auth_plugin)) {
ret = OB_ERR_PLUGIN_IS_NOT_LOADED;
LOG_USER_ERROR(OB_ERR_PLUGIN_IS_NOT_LOADED, auth_plugin.length(), auth_plugin.ptr());
} else {/* do nothing */}
}
if (OB_SUCC(ret) && user_node->children_[1] != NULL) {
if (0 != user_name.compare(session_info_->get_user_name())) {
grant_stmt->set_need_create_user_priv(true);
}

2
src/sql/resolver/dcl/ob_grant_resolver.h
View File

@ -30,11 +30,13 @@ public:
static int resolve_grant_user(
const ParseNode *grant_user,
ObSQLSessionInfo *session_info,
ObString &user_name,
ObString &host_name);
static int resolve_grantee_clause(
const ParseNode *grantee_clause,
ObSQLSessionInfo *session_info,
ObIArray<ObString> &user_name_array,
ObIArray<ObString> &host_name_array);

5
src/sql/resolver/dcl/ob_revoke_resolver.cpp
View File

@ -95,6 +95,7 @@ int ObRevokeResolver::resolve_revoke_role_inner(
ObSArray<ObString> user_name_array;
ObSArray<ObString> host_name_array;
OZ (ObGrantResolver::resolve_grantee_clause(revoke_role->children_[1],
params_.session_info_,
user_name_array,
host_name_array));
CK (user_name_array.count() == host_name_array.count());
@ -184,6 +185,7 @@ int ObRevokeResolver::resolve_revoke_sysprivs_inner(
ObSArray<ObString> user_name_array;
ObSArray<ObString> host_name_array;
OZ (ObGrantResolver::resolve_grantee_clause(revoke_role->children_[1],
params_.session_info_,
user_name_array,
host_name_array));
CK (user_name_array.count() == host_name_array.count());
@ -611,7 +613,8 @@ int ObRevokeResolver::resolve_revoke_role_and_sysprivs_inner(const ParseNode *no
const ObUserInfo *user_info = NULL;
ObSArray<ObString> user_name_array;
ObSArray<ObString> host_name_array;
OZ (ObGrantResolver::resolve_grantee_clause(node->children_[1],
OZ (ObGrantResolver::resolve_grantee_clause(node->children_[1],
params_.session_info_,
user_name_array,
host_name_array));
CK (user_name_array.count() == host_name_array.count());

19
src/sql/resolver/dcl/ob_set_password_resolver.cpp
View File

@ -64,7 +64,9 @@ int ObSetPasswordResolver::resolve(const ParseNode &parse_tree)
if (OB_ISNULL(session_info_) || OB_ISNULL(node)) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("Session info and nodeshould not be NULL", KP(session_info_), KP(node), K(ret));
} else if (OB_UNLIKELY(T_SET_PASSWORD != node->type_) || OB_UNLIKELY(4 != node->num_child_)) {
} else if (OB_UNLIKELY(T_SET_PASSWORD != node->type_) ||
OB_UNLIKELY(lib::is_oracle_mode() && 4 != node->num_child_) ||
OB_UNLIKELY(lib::is_mysql_mode() && 5 != node->num_child_)) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("Set password ParseNode error", K(node->type_), K(node->num_child_), K(ret));
} else {
@ -79,7 +81,20 @@ int ObSetPasswordResolver::resolve(const ParseNode &parse_tree)
const ObString &session_user_name = session_info_->get_user_name();
const ObString &session_host_name = session_info_->get_host_name();
bool is_valid = false;
if (NULL != node->children_[0]) {
if (lib::is_mysql_mode() && NULL != node->children_[4]) {
/* here code is to mock a auth plugin check. */
ObString auth_plugin(static_cast<int32_t>(node->children_[4]->str_len_),
node->children_[4]->str_value_);
ObString default_auth_plugin;
if (OB_FAIL(session_info_->get_sys_variable(share::SYS_VAR_DEFAULT_AUTHENTICATION_PLUGIN,
default_auth_plugin))) {
LOG_WARN("fail to get block encryption variable", K(ret));
} else if (0 != auth_plugin.compare(default_auth_plugin)) {
ret = OB_ERR_PLUGIN_IS_NOT_LOADED;
LOG_USER_ERROR(OB_ERR_PLUGIN_IS_NOT_LOADED, auth_plugin.length(), auth_plugin.ptr());
} else {/* do nothing */}
}
if (OB_SUCC(ret) && NULL != node->children_[0]) {
ParseNode *user_hostname_node = node->children_[0];
if (OB_FAIL(check_role_as_user(user_hostname_node, is_valid))) {
LOG_WARN("failed to check role as user", K(ret));