From cd7e1224ad125d21aca1c529b218ecda3e208021 Mon Sep 17 00:00:00 2001 From: Ti Chi Robot Date: Thu, 16 Mar 2023 16:38:39 +0800 Subject: [PATCH] executor: fix revoke USAGE (#41774) (#41782) close pingcap/tidb#41773 --- executor/grant.go | 13 +++---------- executor/revoke.go | 3 +++ executor/revoke_test.go | 14 ++++++++++++++ 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/executor/grant.go b/executor/grant.go index 18ed4baf4a851..62c56661948ed 100644 --- a/executor/grant.go +++ b/executor/grant.go @@ -430,6 +430,9 @@ func (e *GrantExec) grantLevelPriv(priv *ast.PrivElem, user *ast.UserSpec, inter if priv.Priv == mysql.ExtendedPriv { return e.grantDynamicPriv(priv.Name, user, internalSession) } + if priv.Priv == mysql.UsagePriv { + return nil + } switch e.Level.Level { case ast.GrantLevelGlobal: return e.grantGlobalLevel(priv, user, internalSession) @@ -467,10 +470,6 @@ func (e *GrantExec) grantDynamicPriv(privName string, user *ast.UserSpec, intern // grantGlobalLevel manipulates mysql.user table. func (e *GrantExec) grantGlobalLevel(priv *ast.PrivElem, user *ast.UserSpec, internalSession sessionctx.Context) error { - if priv.Priv == 0 || priv.Priv == mysql.UsagePriv { - return nil - } - sql := new(strings.Builder) sqlexec.MustFormatSQL(sql, `UPDATE %n.%n SET `, mysql.SystemDB, mysql.UserTable) err := composeGlobalPrivUpdate(sql, priv.Priv, "Y") @@ -485,9 +484,6 @@ func (e *GrantExec) grantGlobalLevel(priv *ast.PrivElem, user *ast.UserSpec, int // grantDBLevel manipulates mysql.db table. func (e *GrantExec) grantDBLevel(priv *ast.PrivElem, user *ast.UserSpec, internalSession sessionctx.Context) error { - if priv.Priv == mysql.UsagePriv { - return nil - } for _, v := range mysql.StaticGlobalOnlyPrivs { if v == priv.Priv { return ErrWrongUsage.GenWithStackByArgs("DB GRANT", "GLOBAL PRIVILEGES") @@ -520,9 +516,6 @@ func (e *GrantExec) grantDBLevel(priv *ast.PrivElem, user *ast.UserSpec, interna // grantTableLevel manipulates mysql.tables_priv table. func (e *GrantExec) grantTableLevel(priv *ast.PrivElem, user *ast.UserSpec, internalSession sessionctx.Context) error { - if priv.Priv == mysql.UsagePriv { - return nil - } dbName := e.Level.DBName if len(dbName) == 0 { dbName = e.ctx.GetSessionVars().CurrentDB diff --git a/executor/revoke.go b/executor/revoke.go index 29f2cf33dd643..2c743cae7de14 100644 --- a/executor/revoke.go +++ b/executor/revoke.go @@ -177,6 +177,9 @@ func (e *RevokeExec) revokeOneUser(internalSession sessionctx.Context, user, hos } func (e *RevokeExec) revokePriv(internalSession sessionctx.Context, priv *ast.PrivElem, user, host string) error { + if priv.Priv == mysql.UsagePriv { + return nil + } switch e.Level.Level { case ast.GrantLevelGlobal: return e.revokeGlobalPriv(internalSession, priv, user, host) diff --git a/executor/revoke_test.go b/executor/revoke_test.go index 2b45f53120a0b..1e3c892eaed92 100644 --- a/executor/revoke_test.go +++ b/executor/revoke_test.go @@ -222,3 +222,17 @@ func (s *testSuite1) TestRevokeOnNonExistTable(c *C) { tk.MustExec("DROP TABLE t1;") tk.MustExec("REVOKE ALTER ON d1.t1 FROM issue28533;") } + +// Check https://github.com/pingcap/tidb/issues/41773. +func (s *testSuite1) TestIssue41773(c *C) { + tk := testkit.NewTestKit(c, s.store) + tk.MustExec("use test") + tk.MustExec("create table if not exists xx (id int)") + tk.MustExec("CREATE USER 't1234'@'%' IDENTIFIED BY 'sNGNQo12fEHe0n3vU';") + tk.MustExec("GRANT USAGE ON * TO 't1234'@'%';") + tk.MustExec("GRANT USAGE ON test.* TO 't1234'@'%';") + tk.MustExec("GRANT USAGE ON test.xx TO 't1234'@'%';") + tk.MustExec("REVOKE USAGE ON * FROM 't1234'@'%';") + tk.MustExec("REVOKE USAGE ON test.* FROM 't1234'@'%';") + tk.MustExec("REVOKE USAGE ON test.xx FROM 't1234'@'%';") +}