Fix priv bugs
This commit is contained in:
wjhh2008
@ -767,7 +767,7 @@ int ObShowGrants::has_show_grants_priv(uint64_t show_user_id) const
|
|||||||
//FIXME@xiyu: schema_cache: master aad alloc, which is no need as we use arena for priv
|
//FIXME@xiyu: schema_cache: master aad alloc, which is no need as we use arena for priv
|
||||||
ObArenaAllocator alloc;
|
ObArenaAllocator alloc;
|
||||||
ObStmtNeedPrivs stmt_need_privs(alloc);
|
ObStmtNeedPrivs stmt_need_privs(alloc);
|
||||||
ObNeedPriv need_priv("mysql", "", OB_PRIV_DB_LEVEL, OB_PRIV_SELECT, false);
|
ObNeedPriv need_priv("mysql", "user", OB_PRIV_TABLE_LEVEL, OB_PRIV_SELECT, false);
|
||||||
if (OB_FAIL(stmt_need_privs.need_privs_.init(1))) {
|
if (OB_FAIL(stmt_need_privs.need_privs_.init(1))) {
|
||||||
SERVER_LOG(WARN, "fail to init need_privs", K(ret));
|
SERVER_LOG(WARN, "fail to init need_privs", K(ret));
|
||||||
} else if (OB_FAIL(stmt_need_privs.need_privs_.push_back(need_priv))) {
|
} else if (OB_FAIL(stmt_need_privs.need_privs_.push_back(need_priv))) {
|
||||||
|
|||||||
@ -1491,6 +1491,8 @@ int get_revoke_stmt_need_privs(
|
|||||||
stmt->get_database_name(),
|
stmt->get_database_name(),
|
||||||
stmt->get_table_name()))) {
|
stmt->get_table_name()))) {
|
||||||
LOG_WARN("Can not grant information_schema database", K(ret));
|
LOG_WARN("Can not grant information_schema database", K(ret));
|
||||||
|
} else if (lib::is_mysql_mode() && stmt->get_revoke_all()) {
|
||||||
|
//check privs at resolver
|
||||||
} else {
|
} else {
|
||||||
need_priv.db_ = stmt->get_database_name();
|
need_priv.db_ = stmt->get_database_name();
|
||||||
need_priv.table_ = stmt->get_table_name();
|
need_priv.table_ = stmt->get_table_name();
|
||||||
|
|||||||
@ -321,6 +321,23 @@ int ObRevokeResolver::resolve_mysql(const ParseNode &parse_tree)
|
|||||||
users_node = node->children_[0];
|
users_node = node->children_[0];
|
||||||
revoke_stmt->set_revoke_all(true);
|
revoke_stmt->set_revoke_all(true);
|
||||||
revoke_stmt->set_grant_level(OB_PRIV_USER_LEVEL);
|
revoke_stmt->set_grant_level(OB_PRIV_USER_LEVEL);
|
||||||
|
if (OB_SUCC(ret)) {
|
||||||
|
ObSessionPrivInfo session_priv;
|
||||||
|
ObArenaAllocator alloc;
|
||||||
|
ObStmtNeedPrivs stmt_need_privs(alloc);
|
||||||
|
ObNeedPriv need_priv("mysql", "", OB_PRIV_DB_LEVEL, OB_PRIV_UPDATE, false);
|
||||||
|
OZ (stmt_need_privs.need_privs_.init(1));
|
||||||
|
OZ (stmt_need_privs.need_privs_.push_back(need_priv));
|
||||||
|
//check CREATE USER or UPDATE privilege on mysql
|
||||||
|
params_.session_info_->get_session_priv_info(session_priv);
|
||||||
|
if (OB_SUCC(ret) && OB_FAIL(schema_checker_->check_priv(session_priv, stmt_need_privs))) {
|
||||||
|
stmt_need_privs.need_privs_.at(0) =
|
||||||
|
ObNeedPriv("", "", OB_PRIV_USER_LEVEL, OB_PRIV_CREATE_USER, false);
|
||||||
|
if (OB_FAIL(schema_checker_->check_priv(session_priv, stmt_need_privs))) {
|
||||||
|
LOG_WARN("no priv", K(ret));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
//resolve privileges
|
//resolve privileges
|
||||||
if (OB_SUCC(ret) && (NULL != privs_node)) {
|
if (OB_SUCC(ret) && (NULL != privs_node)) {
|
||||||
|
|||||||
Reference in New Issue
Block a user