From ed6586570d32bdc85b365dfbed2bf708763ddf9c Mon Sep 17 00:00:00 2001 From: Null not nil <67764674+nullnotnil@users.noreply.github.com> Date: Fri, 28 Aug 2020 02:43:03 -0600 Subject: [PATCH] cherry pick #19553 to release-4.0 Signed-off-by: ti-srebot --- planner/core/errors.go | 2 +- planner/core/planbuilder.go | 1 + privilege/privileges/privileges_test.go | 9 +++++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/planner/core/errors.go b/planner/core/errors.go index 63d0e747c99a7..7e659ff646142 100644 --- a/planner/core/errors.go +++ b/planner/core/errors.go @@ -80,6 +80,6 @@ var ( ErrCartesianProductUnsupported = terror.ClassOptimizer.New(mysql.ErrCartesianProductUnsupported, mysql.MySQLErrName[mysql.ErrCartesianProductUnsupported]) ErrStmtNotFound = terror.ClassOptimizer.New(mysql.ErrPreparedStmtNotFound, mysql.MySQLErrName[mysql.ErrPreparedStmtNotFound]) ErrAmbiguous = terror.ClassOptimizer.New(mysql.ErrNonUniq, mysql.MySQLErrName[mysql.ErrNonUniq]) - // Since we cannot know if user loggined with a password, use message of ErrAccessDeniedNoPassword instead + // Since we cannot know if user logged in with a password, use message of ErrAccessDeniedNoPassword instead ErrAccessDenied = terror.ClassOptimizer.New(mysql.ErrAccessDenied, mysql.MySQLErrName[mysql.ErrAccessDeniedNoPassword]) ) diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index ea0b980f63b99..f18ce890efbbb 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -2895,6 +2895,7 @@ func (b *PlanBuilder) buildSelectInto(ctx context.Context, sel *ast.SelectStmt) if err != nil { return nil, err } + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.FilePriv, "", "", "", ErrSpecificAccessDenied.GenWithStackByArgs("FILE")) return &SelectInto{ TargetPlan: targetPlan, IntoOpt: selectIntoInfo, diff --git a/privilege/privileges/privileges_test.go b/privilege/privileges/privileges_test.go index bf191c7a6e4b3..2f8c417428b37 100644 --- a/privilege/privileges/privileges_test.go +++ b/privilege/privileges/privileges_test.go @@ -994,6 +994,15 @@ func (s *testPrivilegeSuite) TestLoadDataPrivilege(c *C) { c.Assert(err, IsNil) } +func (s *testPrivilegeSuite) TestSelectIntoNoPremissions(c *C) { + se := newSession(c, s.store, s.dbName) + mustExec(c, se, `CREATE USER 'nofile'@'localhost';`) + c.Assert(se.Auth(&auth.UserIdentity{Username: "nofile", Hostname: "localhost"}, nil, nil), IsTrue) + _, err := se.Execute(context.Background(), `select 1 into outfile '/tmp/doesntmatter-no-permissions'`) + message := "Access denied; you need (at least one of) the FILE privilege(s) for this operation" + c.Assert(strings.Contains(err.Error(), message), IsTrue) +} + func (s *testPrivilegeSuite) TestGetEncodedPassword(c *C) { se := newSession(c, s.store, s.dbName) mustExec(c, se, `CREATE USER 'test_encode_u'@'localhost' identified by 'root';`)