From 1b561e3cdcd2e4e409c099b8745f2853cdb80a79 Mon Sep 17 00:00:00 2001 From: morningman Date: Sun, 13 Aug 2023 18:35:52 +0800 Subject: [PATCH 1/2] [fix](show-table-status) fix priv error on show table status stmt --- fe/fe-core/src/main/cup/sql_parser.cup | 4 +- .../doris/analysis/ShowTableStatusStmt.java | 16 +++---- .../org/apache/doris/qe/ShowExecutor.java | 2 +- .../doris/datasource/ColumnPrivTest.java | 42 ++++++++++++++++++- 4 files changed, 52 insertions(+), 12 deletions(-) diff --git a/fe/fe-core/src/main/cup/sql_parser.cup b/fe/fe-core/src/main/cup/sql_parser.cup index d589ff393774b7..686cf30b5ab688 100644 --- a/fe/fe-core/src/main/cup/sql_parser.cup +++ b/fe/fe-core/src/main/cup/sql_parser.cup @@ -3822,12 +3822,12 @@ show_param ::= /* show table status */ | KW_TABLE KW_STATUS opt_db:db opt_wild_where {: - RESULT = new ShowTableStatusStmt(db, null, parser.wild, parser.where); + RESULT = new ShowTableStatusStmt(null, db, parser.wild, parser.where); :} /* show table status */ | KW_TABLE KW_STATUS from_or_in ident:ctl DOT ident:db opt_wild_where {: - RESULT = new ShowTableStatusStmt(db, ctl, parser.wild, parser.where); + RESULT = new ShowTableStatusStmt(ctl, db, parser.wild, parser.where); :} /* show tables */ | opt_full KW_TABLES opt_db:db opt_wild_where diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatusStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatusStmt.java index 2144ba5413f061..c9e91576672c1c 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatusStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatusStmt.java @@ -59,27 +59,27 @@ public class ShowTableStatusStmt extends ShowStmt { .addColumn(new Column("Comment", ScalarType.createVarchar(64))) .build(); - private String db; private String catalog; + private String db; private String wild; private Expr where; private SelectStmt selectStmt; - public ShowTableStatusStmt(String db, String catalog, String wild, Expr where) { + public ShowTableStatusStmt(String catalog, String db, String wild, Expr where) { + this.catalog = catalog; this.db = db; this.wild = wild; this.where = where; - this.catalog = catalog; - } - - public String getDb() { - return db; } public String getCatalog() { return catalog; } + public String getDb() { + return db; + } + public String getPattern() { return wild; } @@ -101,7 +101,7 @@ public void analyze(Analyzer analyzer) throws AnalysisException { } } - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), db, PrivPredicate.SHOW)) { + if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), catalog, db, PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, analyzer.getQualifiedUser(), db); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java index 4bfc6c61b1993b..24d520a1ddcecc 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java +++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java @@ -871,7 +871,7 @@ private void handleShowTableStatus() throws AnalysisException { // check tbl privs if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), db.getFullName(), table.getName(), PrivPredicate.SHOW)) { + .checkTblPriv(ConnectContext.get(), showStmt.getCatalog(), db.getFullName(), table.getName(), PrivPredicate.SHOW)) { continue; } List row = Lists.newArrayList(); diff --git a/fe/fe-core/src/test/java/org/apache/doris/datasource/ColumnPrivTest.java b/fe/fe-core/src/test/java/org/apache/doris/datasource/ColumnPrivTest.java index 9bda2d25c5c876..360ae32595fd4b 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/datasource/ColumnPrivTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/datasource/ColumnPrivTest.java @@ -26,6 +26,8 @@ import org.apache.doris.analysis.DropCatalogStmt; import org.apache.doris.analysis.GrantStmt; import org.apache.doris.analysis.ShowCatalogStmt; +import org.apache.doris.analysis.ShowCreateFunctionStmt; +import org.apache.doris.analysis.ShowTableStatusStmt; import org.apache.doris.analysis.UserIdentity; import org.apache.doris.catalog.Column; import org.apache.doris.catalog.Env; @@ -39,6 +41,7 @@ import org.apache.doris.mysql.privilege.CatalogAccessController; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; +import org.apache.doris.qe.ShowExecutor; import org.apache.doris.qe.ShowResultSet; import org.apache.doris.utframe.TestWithFeService; @@ -80,6 +83,17 @@ protected void runBeforeAll() throws Exception { rootCtx); env.getCatalogMgr().createCatalog(testCatalog); + CreateCatalogStmt testCatalog2 = (CreateCatalogStmt) parseAndAnalyzeStmt( + "create catalog test2 properties(\n" + + " \"type\" = \"test\",\n" + + " \"catalog_provider.class\" " + + "= \"org.apache.doris.datasource.ColumnPrivTest$MockedCatalogProvider\",\n" + + " \"access_controller.properties.key1\" = \"val1\",\n" + + " \"access_controller.properties.key2\" = \"val2\"\n" + + ");", + rootCtx); + env.getCatalogMgr().createCatalog(testCatalog2); + // 2. create internal db and tbl CreateDbStmt createDbStmt = (CreateDbStmt) parseAndAnalyzeStmt("create database innerdb1"); env.createDb(createDbStmt); @@ -132,7 +146,7 @@ public void testColumnPrivs() throws Exception { String showCatalogSql = "SHOW CATALOGS"; ShowCatalogStmt showStmt = (ShowCatalogStmt) parseAndAnalyzeStmt(showCatalogSql); ShowResultSet showResultSet = mgr.showCatalogs(showStmt); - Assertions.assertEquals(2, showResultSet.getResultRows().size()); + Assertions.assertEquals(3, showResultSet.getResultRows().size()); CreateRoleStmt createRole1 = (CreateRoleStmt) parseAndAnalyzeStmt("create role role1;", rootCtx); auth.createRole(createRole1); @@ -197,12 +211,38 @@ public void testColumnPrivs() throws Exception { testSql(user1Ctx, "select * from numbers(\"number\" = \"1\");", "0:VDataGenScanNode"); } + @Test + public void testShowTableStatusPrivs() throws Exception { + ConnectContext root = createCtx(UserIdentity.ROOT, "127.0.0.1"); + CreateUserStmt createUserStmt = (CreateUserStmt) parseAndAnalyzeStmt("create user show_table_status" + + " identified by '123456'", root); + auth.createUser(createUserStmt); + GrantStmt grant = (GrantStmt) parseAndAnalyzeStmt( + "grant select_priv on test2.*.* to show_table_status;", root); + auth.grant(grant); + + UserIdentity user = UserIdentity.createAnalyzedUserIdentWithIp("default_cluster:show_table_status", "%"); + ConnectContext userCtx = createCtx(user, "127.0.0.1"); + + ShowTableStatusStmt stmt = (ShowTableStatusStmt) parseAndAnalyzeStmt( + "show table status from test2.db1 LIKE \"%tbl%\";"); + ShowExecutor executor = new ShowExecutor(userCtx, stmt); + ShowResultSet resultSet = executor.execute(); + Assert.assertEquals(2, resultSet.getResultRows().size()); + } + private void testSql(ConnectContext ctx, String sql, String expectedMsg) throws Exception { String res = getSQLPlanOrErrorMsg(ctx, "explain " + sql, false); System.out.println(res); Assert.assertTrue(res.contains(expectedMsg)); } + private void testShow(ConnectContext ctx, String sql, String expectedMsg) throws Exception { + String res = getSQLPlanOrErrorMsg(ctx, "explain " + sql, false); + System.out.println(res); + Assert.assertTrue(res.contains(expectedMsg)); + } + public static class TestAccessControllerFactory implements AccessControllerFactory { @Override public CatalogAccessController createAccessController(Map prop) { From 634cae3e958644425242bf6850b9411b87f6e2fc Mon Sep 17 00:00:00 2001 From: morningman Date: Sun, 13 Aug 2023 18:51:24 +0800 Subject: [PATCH 2/2] 2 --- .../java/org/apache/doris/analysis/ShowTableStatusStmt.java | 3 ++- fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java | 3 ++- .../test/java/org/apache/doris/datasource/ColumnPrivTest.java | 1 - 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatusStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatusStmt.java index c9e91576672c1c..d9f438a642a936 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatusStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatusStmt.java @@ -101,7 +101,8 @@ public void analyze(Analyzer analyzer) throws AnalysisException { } } - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), catalog, db, PrivPredicate.SHOW)) { + if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), + catalog, db, PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, analyzer.getQualifiedUser(), db); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java index 24d520a1ddcecc..11190edc8b307f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java +++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java @@ -871,7 +871,8 @@ private void handleShowTableStatus() throws AnalysisException { // check tbl privs if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), showStmt.getCatalog(), db.getFullName(), table.getName(), PrivPredicate.SHOW)) { + .checkTblPriv(ConnectContext.get(), showStmt.getCatalog(), + db.getFullName(), table.getName(), PrivPredicate.SHOW)) { continue; } List row = Lists.newArrayList(); diff --git a/fe/fe-core/src/test/java/org/apache/doris/datasource/ColumnPrivTest.java b/fe/fe-core/src/test/java/org/apache/doris/datasource/ColumnPrivTest.java index 360ae32595fd4b..151532aee7fe8e 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/datasource/ColumnPrivTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/datasource/ColumnPrivTest.java @@ -26,7 +26,6 @@ import org.apache.doris.analysis.DropCatalogStmt; import org.apache.doris.analysis.GrantStmt; import org.apache.doris.analysis.ShowCatalogStmt; -import org.apache.doris.analysis.ShowCreateFunctionStmt; import org.apache.doris.analysis.ShowTableStatusStmt; import org.apache.doris.analysis.UserIdentity; import org.apache.doris.catalog.Column;