From 84887df9aac071789c2a4ed54429c17e36a25509 Mon Sep 17 00:00:00 2001 From: Mattias Jonsson Date: Tue, 20 Jul 2021 07:31:34 +0200 Subject: [PATCH] privileges: use UPPER case for privileges in SHOW GRANT (#26360) --- executor/infoschema_reader_test.go | 6 +++--- privilege/privileges/cache.go | 7 ++++--- privilege/privileges/privileges_test.go | 26 ++++++++++++------------- server/tidb_test.go | 18 ++++++++--------- 4 files changed, 29 insertions(+), 28 deletions(-) diff --git a/executor/infoschema_reader_test.go b/executor/infoschema_reader_test.go index 0dd9bd9620f52..400ca848a85c3 100644 --- a/executor/infoschema_reader_test.go +++ b/executor/infoschema_reader_test.go @@ -406,13 +406,13 @@ func (s *testInfoschemaTableSuite) TestUserPrivilegesTable(c *C) { tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee="'usageuser'@'%'"`).Check(testkit.Rows("'usageuser'@'%' def USAGE NO")) // the usage row disappears when there is a non-dynamic privilege added tk1.MustExec("GRANT SELECT ON *.* to usageuser") - tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee="'usageuser'@'%'"`).Check(testkit.Rows("'usageuser'@'%' def Select NO")) + tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee="'usageuser'@'%'"`).Check(testkit.Rows("'usageuser'@'%' def SELECT NO")) // test grant privilege tk1.MustExec("GRANT SELECT ON *.* to usageuser WITH GRANT OPTION") - tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee="'usageuser'@'%'"`).Check(testkit.Rows("'usageuser'@'%' def Select YES")) + tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee="'usageuser'@'%'"`).Check(testkit.Rows("'usageuser'@'%' def SELECT YES")) // test DYNAMIC privs tk1.MustExec("GRANT BACKUP_ADMIN ON *.* to usageuser") - tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee="'usageuser'@'%'" ORDER BY privilege_type`).Check(testkit.Rows("'usageuser'@'%' def BACKUP_ADMIN NO", "'usageuser'@'%' def Select YES")) + tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee="'usageuser'@'%'" ORDER BY privilege_type`).Check(testkit.Rows("'usageuser'@'%' def BACKUP_ADMIN NO", "'usageuser'@'%' def SELECT YES")) } func (s *testInfoschemaTableSerialSuite) TestDataForTableStatsField(c *C) { diff --git a/privilege/privileges/cache.go b/privilege/privileges/cache.go index 95ec707ad6226..b457c311c57d3 100644 --- a/privilege/privileges/cache.go +++ b/privilege/privileges/cache.go @@ -1364,7 +1364,8 @@ func privOnColumnsToString(p privOnColumns) string { if idx > 0 { buf.WriteString(", ") } - fmt.Fprintf(&buf, "%s(", mysql.Priv2Str[priv]) + privStr := privToString(priv, mysql.AllColumnPrivs, mysql.Priv2Str) + fmt.Fprintf(&buf, "%s(", privStr) for i, col := range v { if i > 0 { fmt.Fprintf(&buf, ", ") @@ -1424,7 +1425,7 @@ func privToString(priv mysql.PrivilegeType, allPrivs []mysql.PrivilegeType, allP if priv&p == 0 { continue } - s := allPrivNames[p] + s := strings.ToUpper(allPrivNames[p]) pstrs = append(pstrs, s) } return strings.Join(pstrs, ",") @@ -1478,7 +1479,7 @@ func appendUserPrivilegesTableRow(rows [][]types.Datum, user UserRecord) [][]typ } for _, priv := range mysql.AllGlobalPrivs { if user.Privileges&priv > 0 { - privilegeType := mysql.Priv2Str[priv] + privilegeType := strings.ToUpper(mysql.Priv2Str[priv]) // +---------------------------+---------------+-------------------------+--------------+ // | GRANTEE | TABLE_CATALOG | PRIVILEGE_TYPE | IS_GRANTABLE | // +---------------------------+---------------+-------------------------+--------------+ diff --git a/privilege/privileges/privileges_test.go b/privilege/privileges/privileges_test.go index ef4ffd2233bd7..172a862ea27d5 100644 --- a/privilege/privileges/privileges_test.go +++ b/privilege/privileges/privileges_test.go @@ -275,20 +275,20 @@ func (s *testPrivilegeSuite) TestShowGrants(c *C) { gs, err := pc.ShowGrants(se, &auth.UserIdentity{Username: "show", Hostname: "localhost"}, nil) c.Assert(err, IsNil) c.Assert(gs, HasLen, 1) - c.Assert(gs[0], Equals, `GRANT Index ON *.* TO 'show'@'localhost'`) + c.Assert(gs[0], Equals, `GRANT INDEX ON *.* TO 'show'@'localhost'`) mustExec(c, se, `GRANT Select ON *.* TO 'show'@'localhost';`) gs, err = pc.ShowGrants(se, &auth.UserIdentity{Username: "show", Hostname: "localhost"}, nil) c.Assert(err, IsNil) c.Assert(gs, HasLen, 1) - c.Assert(gs[0], Equals, `GRANT Select,Index ON *.* TO 'show'@'localhost'`) + c.Assert(gs[0], Equals, `GRANT SELECT,INDEX ON *.* TO 'show'@'localhost'`) // The order of privs is the same with AllGlobalPrivs mustExec(c, se, `GRANT Update ON *.* TO 'show'@'localhost';`) gs, err = pc.ShowGrants(se, &auth.UserIdentity{Username: "show", Hostname: "localhost"}, nil) c.Assert(err, IsNil) c.Assert(gs, HasLen, 1) - c.Assert(gs[0], Equals, `GRANT Select,Update,Index ON *.* TO 'show'@'localhost'`) + c.Assert(gs[0], Equals, `GRANT SELECT,UPDATE,INDEX ON *.* TO 'show'@'localhost'`) // All privileges mustExec(c, se, `GRANT ALL ON *.* TO 'show'@'localhost';`) @@ -317,7 +317,7 @@ func (s *testPrivilegeSuite) TestShowGrants(c *C) { c.Assert(err, IsNil) c.Assert(gs, HasLen, 2) expected := []string{`GRANT ALL PRIVILEGES ON *.* TO 'show'@'localhost'`, - `GRANT Select ON test.* TO 'show'@'localhost'`} + `GRANT SELECT ON test.* TO 'show'@'localhost'`} c.Assert(testutil.CompareUnorderedStringSlice(gs, expected), IsTrue) mustExec(c, se, `GRANT Index ON test1.* TO 'show'@'localhost';`) @@ -325,8 +325,8 @@ func (s *testPrivilegeSuite) TestShowGrants(c *C) { c.Assert(err, IsNil) c.Assert(gs, HasLen, 3) expected = []string{`GRANT ALL PRIVILEGES ON *.* TO 'show'@'localhost'`, - `GRANT Select ON test.* TO 'show'@'localhost'`, - `GRANT Index ON test1.* TO 'show'@'localhost'`} + `GRANT SELECT ON test.* TO 'show'@'localhost'`, + `GRANT INDEX ON test1.* TO 'show'@'localhost'`} c.Assert(testutil.CompareUnorderedStringSlice(gs, expected), IsTrue) mustExec(c, se, `GRANT ALL ON test1.* TO 'show'@'localhost';`) @@ -334,7 +334,7 @@ func (s *testPrivilegeSuite) TestShowGrants(c *C) { c.Assert(err, IsNil) c.Assert(gs, HasLen, 3) expected = []string{`GRANT ALL PRIVILEGES ON *.* TO 'show'@'localhost'`, - `GRANT Select ON test.* TO 'show'@'localhost'`, + `GRANT SELECT ON test.* TO 'show'@'localhost'`, `GRANT ALL PRIVILEGES ON test1.* TO 'show'@'localhost'`} c.Assert(testutil.CompareUnorderedStringSlice(gs, expected), IsTrue) @@ -344,9 +344,9 @@ func (s *testPrivilegeSuite) TestShowGrants(c *C) { c.Assert(err, IsNil) c.Assert(gs, HasLen, 4) expected = []string{`GRANT ALL PRIVILEGES ON *.* TO 'show'@'localhost'`, - `GRANT Select ON test.* TO 'show'@'localhost'`, + `GRANT SELECT ON test.* TO 'show'@'localhost'`, `GRANT ALL PRIVILEGES ON test1.* TO 'show'@'localhost'`, - `GRANT Update ON test.test TO 'show'@'localhost'`} + `GRANT UPDATE ON test.test TO 'show'@'localhost'`} c.Assert(testutil.CompareUnorderedStringSlice(gs, expected), IsTrue) // Expected behavior: Usage still exists after revoking all privileges @@ -422,7 +422,7 @@ func (s *testPrivilegeSuite) TestShowColumnGrants(c *C) { pc := privilege.GetPrivilegeManager(se) gs, err := pc.ShowGrants(se, &auth.UserIdentity{Username: "column", Hostname: "%"}, nil) c.Assert(err, IsNil) - c.Assert(strings.Join(gs, " "), Equals, "GRANT USAGE ON *.* TO 'column'@'%' GRANT Select(a), Insert(c), Update(a, b) ON test.column_table TO 'column'@'%'") + c.Assert(strings.Join(gs, " "), Equals, "GRANT USAGE ON *.* TO 'column'@'%' GRANT SELECT(a), INSERT(c), UPDATE(a, b) ON test.column_table TO 'column'@'%'") } func (s *testPrivilegeSuite) TestDropTablePriv(c *C) { @@ -1541,7 +1541,7 @@ func (s *testPrivilegeSuite) TestClusterConfigInfoschema(c *C) { Username: "ccprocess", Hostname: "localhost", }, nil, nil) - tk.MustQuery("SHOW GRANTS").Check(testkit.Rows("GRANT Process ON *.* TO 'ccprocess'@'%'")) + tk.MustQuery("SHOW GRANTS").Check(testkit.Rows("GRANT PROCESS ON *.* TO 'ccprocess'@'%'")) // Needs Process privilege tk.MustQuery("SELECT * FROM information_schema.CLUSTER_info") tk.MustQuery("SELECT * FROM information_schema.CLUSTER_load") @@ -1847,7 +1847,7 @@ func (s *testPrivilegeSuite) TestInfoschemaUserPrivileges(c *C) { // I can see myself, but I can not see other users tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee = "'isnobody'@'%'"`).Check(testkit.Rows()) - tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee = "'isroot'@'%'"`).Check(testkit.Rows("'isroot'@'%' def Super NO")) + tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee = "'isroot'@'%'"`).Check(testkit.Rows("'isroot'@'%' def SUPER NO")) tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee = "'isselectonmysqluser'@'%'"`).Check(testkit.Rows()) // Now as isselectonmysqluser @@ -1858,6 +1858,6 @@ func (s *testPrivilegeSuite) TestInfoschemaUserPrivileges(c *C) { // Now as isselectonmysqluser tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee = "'isnobody'@'%'"`).Check(testkit.Rows("'isnobody'@'%' def USAGE NO")) - tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee = "'isroot'@'%'"`).Check(testkit.Rows("'isroot'@'%' def Super NO")) + tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee = "'isroot'@'%'"`).Check(testkit.Rows("'isroot'@'%' def SUPER NO")) tk.MustQuery(`SELECT * FROM information_schema.user_privileges WHERE grantee = "'isselectonmysqluser'@'%'"`).Check(testkit.Rows("'isselectonmysqluser'@'%' def USAGE NO")) } diff --git a/server/tidb_test.go b/server/tidb_test.go index 48741e3018ce2..2dbca5cd5a605 100644 --- a/server/tidb_test.go +++ b/server/tidb_test.go @@ -509,7 +509,7 @@ func (ts *tidbTestSuite) TestSocketAndIp(c *C) { // NOTICE: this is not compatible with MySQL! (MySQL would report user1@localhost also for 127.0.0.1) cli.checkRows(c, rows, "user1@127.0.0.1") rows = dbt.mustQuery("show grants") - cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'%'\nGRANT Select ON test.* TO 'user1'@'%'") + cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'%'\nGRANT SELECT ON test.* TO 'user1'@'%'") }) // Test with unix domain socket file connection with all hosts cli.runTests(c, func(config *mysql.Config) { @@ -522,7 +522,7 @@ func (ts *tidbTestSuite) TestSocketAndIp(c *C) { rows := dbt.mustQuery("select user()") cli.checkRows(c, rows, "user1@localhost") rows = dbt.mustQuery("show grants") - cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'%'\nGRANT Select ON test.* TO 'user1'@'%'") + cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'%'\nGRANT SELECT ON test.* TO 'user1'@'%'") }) // Setup user1@127.0.0.1 for loop back network interface access @@ -549,7 +549,7 @@ func (ts *tidbTestSuite) TestSocketAndIp(c *C) { // NOTICE: this is not compatible with MySQL! (MySQL would report user1@localhost also for 127.0.0.1) cli.checkRows(c, rows, "user1@127.0.0.1") rows = dbt.mustQuery("show grants") - cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'127.0.0.1'\nGRANT Select,Insert ON test.* TO 'user1'@'127.0.0.1'") + cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'127.0.0.1'\nGRANT SELECT,INSERT ON test.* TO 'user1'@'127.0.0.1'") }) // Test with unix domain socket file connection with all hosts cli.runTests(c, func(config *mysql.Config) { @@ -562,7 +562,7 @@ func (ts *tidbTestSuite) TestSocketAndIp(c *C) { rows := dbt.mustQuery("select user()") cli.checkRows(c, rows, "user1@localhost") rows = dbt.mustQuery("show grants") - cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'%'\nGRANT Select ON test.* TO 'user1'@'%'") + cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'%'\nGRANT SELECT ON test.* TO 'user1'@'%'") }) // Setup user1@localhost for socket (and if MySQL compatible; loop back network interface access) @@ -590,7 +590,7 @@ func (ts *tidbTestSuite) TestSocketAndIp(c *C) { // NOTICE: this is not compatible with MySQL! (MySQL would report user1@localhost also for 127.0.0.1) cli.checkRows(c, rows, "user1@127.0.0.1") rows = dbt.mustQuery("show grants") - cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'127.0.0.1'\nGRANT Select,Insert ON test.* TO 'user1'@'127.0.0.1'") + cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'127.0.0.1'\nGRANT SELECT,INSERT ON test.* TO 'user1'@'127.0.0.1'") }) // Test with unix domain socket file connection with all hosts cli.runTests(c, func(config *mysql.Config) { @@ -603,7 +603,7 @@ func (ts *tidbTestSuite) TestSocketAndIp(c *C) { rows := dbt.mustQuery("select user()") cli.checkRows(c, rows, "user1@localhost") rows = dbt.mustQuery("show grants") - cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'localhost'\nGRANT Select,Insert,Update,Delete ON test.* TO 'user1'@'localhost'") + cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'localhost'\nGRANT SELECT,INSERT,UPDATE,DELETE ON test.* TO 'user1'@'localhost'") }) } @@ -683,7 +683,7 @@ func (ts *tidbTestSuite) TestOnlySocket(c *C) { rows := dbt.mustQuery("select user()") cli.checkRows(c, rows, "user1@localhost") rows = dbt.mustQuery("show grants") - cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'%'\nGRANT Select ON test.* TO 'user1'@'%'") + cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'%'\nGRANT SELECT ON test.* TO 'user1'@'%'") }) // Setup user1@127.0.0.1 for loop back network interface access @@ -713,7 +713,7 @@ func (ts *tidbTestSuite) TestOnlySocket(c *C) { rows := dbt.mustQuery("select user()") cli.checkRows(c, rows, "user1@localhost") rows = dbt.mustQuery("show grants") - cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'%'\nGRANT Select ON test.* TO 'user1'@'%'") + cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'%'\nGRANT SELECT ON test.* TO 'user1'@'%'") }) // Setup user1@localhost for socket (and if MySQL compatible; loop back network interface access) @@ -742,7 +742,7 @@ func (ts *tidbTestSuite) TestOnlySocket(c *C) { rows := dbt.mustQuery("select user()") cli.checkRows(c, rows, "user1@localhost") rows = dbt.mustQuery("show grants") - cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'localhost'\nGRANT Select,Insert,Update,Delete ON test.* TO 'user1'@'localhost'") + cli.checkRows(c, rows, "GRANT USAGE ON *.* TO 'user1'@'localhost'\nGRANT SELECT,INSERT,UPDATE,DELETE ON test.* TO 'user1'@'localhost'") }) }