Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

executor, privileges: fix infoschema.user_privileges privilege requirements #26070

Merged
merged 10 commits into from
Jul 16, 2021
Merged

executor, privileges: fix infoschema.user_privileges privilege requirements #26070

merged 10 commits into from
Jul 16, 2021

Conversation

morgo
Copy link
Contributor

@morgo morgo commented Jul 8, 2021

What problem does this PR solve?

Issue Number: #26069

Problem Summary:

The infoschema table showed the same results for everyone. That is not expected results. It is supposed to depend on the user's credentials.

What is changed and how it works?

What's Changed:

Accessing information_schema.user_privileges will now requires the SELECT privilege on mysql.user in order to show other user's privileges.

Related changes

  • Need to cherry-pick to the release branch

Check List

Tests

  • Unit test

Side effects

  • Breaking backward compatibility (for security reasons)

Release note

  • Accessing information_schema.user_privileges will now requires the SELECT privilege on mysql.user in order to show other user's privileges.

@ti-chi-bot ti-chi-bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jul 8, 2021
@morgo morgo force-pushed the fix-infoschema-user-privs branch from b932ddb to d4cb1d4 Compare July 8, 2021 18:25
@github-actions github-actions bot added sig/execution SIG execution sig/sql-infra SIG: SQL Infra labels Jul 8, 2021
@djshow832
Copy link
Contributor

I tried it on MySQL, but why can I only see myself even if I have the select privilege on mysql.user?

mysql -h127.1 -P3306 -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 32
Server version: 8.0.25 Homebrew

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> grant select on mysql.user to 'test_user'@'localhost';
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

mysql> exit
Bye

mysql -h127.1 -P3306 -utest_user
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 33
Server version: 8.0.25 Homebrew

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select * from information_schema.user_privileges;
+-------------------------+---------------+----------------+--------------+
| GRANTEE                 | TABLE_CATALOG | PRIVILEGE_TYPE | IS_GRANTABLE |
+-------------------------+---------------+----------------+--------------+
| 'test_user'@'localhost' | def           | USAGE          | NO           |
+-------------------------+---------------+----------------+--------------+
1 row in set (0.00 sec)

@morgo
Copy link
Contributor Author

morgo commented Jul 9, 2021

@djshow832 can you paste the output of SHOW CREATE USER test_user?

MySQL expands 127.0.0.1 to localhost, but in your example you have 127.1 and a grant to 'test_user'@'localhost';. But the grant would have failed if the user didn't exist as @localhost too.

I think it might be because I check for a match against ctx.GetSessionVars().User.Hostname and not ctx.GetSessionVars().User.AuthHostname if it is specified.

@djshow832 djshow832 mentioned this pull request Jul 12, 2021
Closed
10 tasks
@djshow832
Copy link
Contributor 

mysql -hlocalhost -P3306 -utest_user
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 37
Server version: 8.0.25 Homebrew

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select * from information_schema.user_privileges;
+-------------------------+---------------+----------------+--------------+
| GRANTEE                 | TABLE_CATALOG | PRIVILEGE_TYPE | IS_GRANTABLE |
+-------------------------+---------------+----------------+--------------+
| 'test_user'@'localhost' | def           | USAGE          | NO           |
+-------------------------+---------------+----------------+--------------+
1 row in set (0.00 sec)

mysql> select * from mysql.user where user='root' limit 1\G
*************************** 1. row ***************************
                    Host: 127.0.0.1
                    User: root
             Select_priv: Y
             Insert_priv: Y
             Update_priv: Y
             Delete_priv: Y
             Create_priv: Y
               Drop_priv: Y
             Reload_priv: Y
           Shutdown_priv: Y
            Process_priv: Y
               File_priv: Y
              Grant_priv: Y
         References_priv: Y
              Index_priv: Y
              Alter_priv: Y
            Show_db_priv: Y
              Super_priv: Y
   Create_tmp_table_priv: Y
        Lock_tables_priv: Y
            Execute_priv: Y
         Repl_slave_priv: Y
        Repl_client_priv: Y
        Create_view_priv: Y
          Show_view_priv: Y
     Create_routine_priv: Y
      Alter_routine_priv: Y
        Create_user_priv: Y
              Event_priv: Y
            Trigger_priv: Y
  Create_tablespace_priv: Y
                ssl_type:
              ssl_cipher: NULL
             x509_issuer: NULL
            x509_subject: NULL
           max_questions: 0
             max_updates: 0
         max_connections: 0
    max_user_connections: 0
                  plugin: caching_sha2_password
   authentication_string:
        password_expired: N
   password_last_changed: 2020-03-27 16:27:34
       password_lifetime: NULL
          account_locked: N
        Create_role_priv: Y
          Drop_role_priv: Y
  Password_reuse_history: NULL
     Password_reuse_time: NULL
Password_require_current: NULL
         User_attributes: NULL
1 row in set (0.00 sec)

AilinKid
AilinKid reviewed Jul 12, 2021
View reviewed changes
Copy link
Contributor

@AilinKid AilinKid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same to Ming, mysql -h127.0.0.1 -P3306 -umy -p seem whether granting the SELECT or not, the user 'my' here can only see themselves in MySQL8

@morgo
Copy link
Contributor Author

morgo commented Jul 13, 2021

same to Ming, mysql -h127.0.0.1 -P3306 -umy -p seem whether granting the SELECT or not, the user 'my' here can only see themselves in MySQL8

OK, I've confirmed it is a bug. It requires SELECT, but on mysql.* not mysql.user. This makes sense, there are over privilege tables that need to be read in order to create a full dump of privileges.

@ti-chi-bot ti-chi-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 13, 2021
@morgo
Copy link
Contributor Author

morgo commented Jul 13, 2021

@AilinKid @djshow832 This has been addressed in 2522c40

@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Jul 13, 2021
AilinKid
AilinKid approved these changes Jul 16, 2021
View reviewed changes
Copy link
Contributor

@AilinKid AilinKid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot
Copy link
Member

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • AilinKid
  • djshow832

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Jul 16, 2021
@AilinKid
Copy link
Contributor

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 0da4dcf

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Jul 16, 2021
@ti-chi-bot ti-chi-bot merged commit 723e2bc into pingcap:master Jul 16, 2021
ti-srebot pushed a commit to ti-srebot/tidb that referenced this pull request Jul 16, 2021
@morgo @ti-srebot
cherry pick pingcap#26070 to release-4.0
0e83ae7 
Signed-off-by: ti-srebot <[email protected]>
@ti-srebot ti-srebot mentioned this pull request Jul 16, 2021
Closed
@ti-srebot
Copy link
Contributor

cherry pick to release-4.0 in PR #26309

ti-srebot pushed a commit to ti-srebot/tidb that referenced this pull request Jul 16, 2021
@morgo @ti-srebot
cherry pick pingcap#26070 to release-5.0
9a79a53 
Signed-off-by: ti-srebot <[email protected]>
@ti-srebot ti-srebot mentioned this pull request Jul 16, 2021
Closed
@ti-srebot
Copy link
Contributor

cherry pick to release-5.0 in PR #26310

ti-srebot pushed a commit to ti-srebot/tidb that referenced this pull request Jul 16, 2021
@morgo @ti-srebot
cherry pick pingcap#26070 to release-5.1
c04381b 
Signed-off-by: ti-srebot <[email protected]>
@ti-srebot ti-srebot mentioned this pull request Jul 16, 2021
Merged
@ti-srebot
Copy link
Contributor

cherry pick to release-5.1 in PR #26311

ti-chi-bot pushed a commit that referenced this pull request Jul 19, 2021
@ti-srebot
executor, privileges: fix infoschema.user_privileges privilege requir…
2f01a5c 
…ements (#26070) (#26311)
@djshow832 djshow832 mentioned this pull request Jul 20, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djshow832 djshow832 djshow832 approved these changes

@AilinKid AilinKid AilinKid approved these changes

Assignees
No one assigned
Labels
needs-cherry-pick-release-5.0 needs-cherry-pick-release-5.1 sig/execution SIG execution sig/sql-infra SIG: SQL Infra size/L Denotes a PR that changes 100-499 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@morgo @djshow832 @ti-chi-bot @AilinKid @ti-srebot