Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privileges: add SkipWithGrant check for RBAC methods (#10681) #10738

Merged
merged 2 commits into from
Jun 6, 2019
Merged

privileges: add SkipWithGrant check for RBAC methods (#10681) #10738

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1949335
privileges: add SkipWithGrant check for RBAC methods (#10681)
Jun 5, 2019
e416a0c
Merge branch 'release-3.0' into cherrypickrbac
zz-jason Jun 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions privilege/privileges/privileges.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,9 @@ func (p *UserPrivileges) UserPrivilegesTable() [][]types.Datum {

// ShowGrants implements privilege.Manager ShowGrants interface.
func (p *UserPrivileges) ShowGrants(ctx sessionctx.Context, user *auth.UserIdentity, roles []*auth.RoleIdentity) (grants []string, err error) {
if SkipWithGrant {
return nil, errNonexistingGrant.GenWithStackByArgs("root", "%")
}
mysqlPrivilege := p.Handle.Get()
u := user.Username
h := user.Hostname
Expand All @@ -202,6 +205,9 @@ func (p *UserPrivileges) ShowGrants(ctx sessionctx.Context, user *auth.UserIdent

// ActiveRoles implements privilege.Manager ActiveRoles interface.
func (p *UserPrivileges) ActiveRoles(ctx sessionctx.Context, roleList []*auth.RoleIdentity) (bool, string) {
if SkipWithGrant {
return true, ""
}
mysqlPrivilege := p.Handle.Get()
u := p.user
h := p.host
Expand All @@ -218,6 +224,9 @@ func (p *UserPrivileges) ActiveRoles(ctx sessionctx.Context, roleList []*auth.Ro

// FindEdge implements privilege.Manager FindRelationship interface.
func (p *UserPrivileges) FindEdge(ctx sessionctx.Context, role *auth.RoleIdentity, user *auth.UserIdentity) bool {
if SkipWithGrant {
return false
}
mysqlPrivilege := p.Handle.Get()
ok := mysqlPrivilege.FindRole(user.Username, user.Hostname, role)
if !ok {
Expand All @@ -229,13 +238,20 @@ func (p *UserPrivileges) FindEdge(ctx sessionctx.Context, role *auth.RoleIdentit

// GetDefaultRoles returns all default roles for certain user.
func (p *UserPrivileges) GetDefaultRoles(user, host string) []*auth.RoleIdentity {
if SkipWithGrant {
return make([]*auth.RoleIdentity, 0, 10)
}
mysqlPrivilege := p.Handle.Get()
ret := mysqlPrivilege.getDefaultRoles(user, host)
return ret
}

// GetAllRoles return all roles of user.
func (p *UserPrivileges) GetAllRoles(user, host string) []*auth.RoleIdentity {
if SkipWithGrant {
return make([]*auth.RoleIdentity, 0, 10)
}

mysqlPrivilege := p.Handle.Get()
return mysqlPrivilege.getAllRoles(user, host)
}
5 changes: 4 additions & 1 deletion session/session_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -702,7 +702,10 @@ func (s *testSessionSuite) TestSkipWithGrant(c *C) {
c.Assert(tk.Se.Auth(&auth.UserIdentity{Username: "xxx", Hostname: `%`}, []byte("yyy"), []byte("zzz")), IsTrue)
c.Assert(tk.Se.Auth(&auth.UserIdentity{Username: "root", Hostname: `%`}, []byte(""), []byte("")), IsTrue)
tk.MustExec("create table t (id int)")

tk.MustExec("create role r_1")
tk.MustExec("grant r_1 to root")
tk.MustExec("set role all")
tk.MustExec("show grants for root")
privileges.SkipWithGrant = save2
}

Expand Down