*: support Super_priv

bootstrap.go

@@ -47,6 +47,7 @@ const (
 		Grant_priv		ENUM('N','Y') NOT NULL  DEFAULT 'N',
 		Alter_priv		ENUM('N','Y') NOT NULL  DEFAULT 'N',
 		Show_db_priv		ENUM('N','Y') NOT NULL  DEFAULT 'N',
+		Super_priv		ENUM('N','Y') NOT NULL  DEFAULT 'N',
 		Execute_priv		ENUM('N','Y') NOT NULL  DEFAULT 'N',
 		Index_priv		ENUM('N','Y') NOT NULL  DEFAULT 'N',
 		Create_user_priv	ENUM('N','Y') NOT NULL  DEFAULT 'N',
@@ -180,6 +181,7 @@ const (
 	version3 = 3
 	version4 = 4
 	version5 = 5
+	version6 = 6
 )
 
 func checkBootstrapped(s Session) (bool, error) {
@@ -219,6 +221,7 @@ func getTiDBVar(s Session, name string) (types.Datum, error) {
 		return types.Datum{}, errors.New("Wrong number of Recordset")
 	}
 	r := rs[0]
+	defer r.Close()
 	row, err := r.Next()
 	if err != nil || row == nil {
 		return types.Datum{}, errors.Trace(err)
@@ -235,10 +238,6 @@ func upgrade(s Session) {
 	}
 	if ver >= currentBootstrapVersion {
 		// It is already bootstrapped/upgraded by a higher version TiDB server.
-		if err1 := s.CommitTxn(); err1 != nil {
-			// Make sure that doesn't affect the following operations.
-			log.Fatal(errors.Trace(err1))
-		}
 		return
 	}
 	// Do upgrade works then update bootstrap version.
@@ -257,6 +256,10 @@ func upgrade(s Session) {
 		upgradeToVer5(s)
 	}
 
+	if ver < version6 {
+		upgradeToVer6(s)
+	}
+
 	updateBootstrapVer(s)
 	_, err = s.Execute("COMMIT")
 
@@ -269,10 +272,6 @@ func upgrade(s Session) {
 		}
 		if v >= currentBootstrapVersion {
 			// It is already bootstrapped/upgraded by a higher version TiDB server.
-			if err1 := s.CommitTxn(); err1 != nil {
-				// Make sure that doesn't affect the following operations.
-				log.Fatal(errors.Trace(err1))
-			}
 			return
 		}
 		log.Errorf("[Upgrade] upgrade from %d to %d error", ver, currentBootstrapVersion)
@@ -315,6 +314,12 @@ func upgradeToVer5(s Session) {
 	mustExecute(s, CreateStatsBucketsTable)
 }
 
+func upgradeToVer6(s Session) {
+	s.Execute("ALTER TABLE mysql.user ADD COLUMN `Super_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N' AFTER `Show_db_priv`")
+	// For reasons of compatibility, set the non-exists privilege column value to 'Y', as TiDB doesn't check them in older versions.
+	s.Execute("UPDATE mysql.user SET Super_priv='Y'")
+}
+
 // Update boostrap version variable in mysql.TiDB table.
 func updateBootstrapVer(s Session) {
 	// Update bootstrap version.
@@ -368,7 +373,7 @@ func doDMLWorks(s Session) {
 
 	// Insert a default user with empty password.
 	mustExecute(s, `INSERT INTO mysql.user VALUES
-		("%", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y")`)
+		("%", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y")`)
 
 	// Init global system variables table.
 	values := make([]string, 0, len(variable.SysVars))

bootstrap_test.go

@@ -48,7 +48,7 @@ func (s *testBootstrapSuite) TestBootstrap(c *C) {
 	row, err := r.Next()
 	c.Assert(err, IsNil)
 	c.Assert(row, NotNil)
-	match(c, row.Data, []byte("%"), []byte("root"), []byte(""), "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y")
+	match(c, row.Data, []byte("%"), []byte("root"), []byte(""), "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y")
 
 	c.Assert(se.Auth("root@anyhost", []byte(""), []byte("")), IsTrue)
 	mustExecSQL(c, se, "USE test;")

executor/aggregate_test.go

@@ -270,7 +270,7 @@ func (s *testSuite) TestAggregation(c *C) {
 
 	result = tk.MustQuery("select count(*) from information_schema.columns")
 	// When adding new memory table in information_schema, please update this variable.
-	columnCountOfAllInformationSchemaTables := "586"
+	columnCountOfAllInformationSchemaTables := "587"
 	result.Check(testkit.Rows(columnCountOfAllInformationSchemaTables))
 
 	tk.MustExec("drop table if exists t1")

mysql/const.go

@@ -166,6 +166,8 @@ const (
 	DeletePriv
 	// ShowDBPriv is the privilege to run show databases statement.
 	ShowDBPriv
+	// SuperPriv enables many operations and server behaviors.
+	SuperPriv
 	// CreateUserPriv is the privilege to create user.
 	CreateUserPriv
 	// DropPriv is the privilege to drop schema/table.
@@ -193,6 +195,7 @@ var Priv2UserCol = map[PrivilegeType]string{
 	UpdatePriv:     "Update_priv",
 	DeletePriv:     "Delete_priv",
 	ShowDBPriv:     "Show_db_priv",
+	SuperPriv:      "Super_priv",
 	CreateUserPriv: "Create_user_priv",
 	DropPriv:       "Drop_priv",
 	GrantPriv:      "Grant_priv",
@@ -209,6 +212,7 @@ var Col2PrivType = map[string]PrivilegeType{
 	"Update_priv":      UpdatePriv,
 	"Delete_priv":      DeletePriv,
 	"Show_db_priv":     ShowDBPriv,
+	"Super_priv":       SuperPriv,
 	"Create_user_priv": CreateUserPriv,
 	"Drop_priv":        DropPriv,
 	"Grant_priv":       GrantPriv,
@@ -218,7 +222,7 @@ var Col2PrivType = map[string]PrivilegeType{
 }
 
 // AllGlobalPrivs is all the privileges in global scope.
-var AllGlobalPrivs = []PrivilegeType{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, GrantPriv, AlterPriv, ShowDBPriv, ExecutePriv, IndexPriv, CreateUserPriv}
+var AllGlobalPrivs = []PrivilegeType{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, GrantPriv, AlterPriv, ShowDBPriv, SuperPriv, ExecutePriv, IndexPriv, CreateUserPriv}
 
 // Priv2Str is the map for privilege to string.
 var Priv2Str = map[PrivilegeType]string{
@@ -228,6 +232,7 @@ var Priv2Str = map[PrivilegeType]string{
 	UpdatePriv:     "Update",
 	DeletePriv:     "Delete",
 	ShowDBPriv:     "Show Databases",
+	SuperPriv:      "Super",
 	CreateUserPriv: "Create User",
 	DropPriv:       "Drop",
 	GrantPriv:      "Grant Option",

parser/misc.go

@@ -433,6 +433,7 @@ var tokenMap = map[string]int{
 	"SUBSTRING":                  substring,
 	"SUBSTRING_INDEX":            substringIndex,
 	"SUM":                        sum,
+	"SUPER":                      super,
 	"SYSDATE":                    sysDate,
 	"TIDB":                       tidb,
 	"TABLE":                      tableKwd,

parser/parser.y

@@ -484,6 +484,7 @@ import (
 	sqlNoCache	"SQL_NO_CACHE"
 	start		"START"
 	status		"STATUS"
+	super		"SUPER"
 	some 		"SOME"
 	global		"GLOBAL"
 	tables		"TABLES"
@@ -2256,7 +2257,7 @@ UnReservedKeyword:
 | "MIN_ROWS" | "NATIONAL" | "ROW" | "ROW_FORMAT" | "QUARTER" | "GRANTS" | "TRIGGERS" | "DELAY_KEY_WRITE" | "ISOLATION"
 | "REPEATABLE" | "COMMITTED" | "UNCOMMITTED" | "ONLY" | "SERIALIZABLE" | "LEVEL" | "VARIABLES" | "SQL_CACHE" | "INDEXES" | "PROCESSLIST"
 | "SQL_NO_CACHE" | "DISABLE"  | "ENABLE" | "REVERSE" | "SPACE" | "PRIVILEGES" | "NO" | "BINLOG" | "FUNCTION" | "VIEW" | "MODIFY" | "EVENTS" | "PARTITIONS"
-| "TIMESTAMPDIFF" | "NONE"
+| "TIMESTAMPDIFF" | "NONE" | "SUPER"
 
 ReservedKeyword:
 "ADD" | "ALL" | "ALTER" | "ANALYZE" | "AND" | "AS" | "ASC" | "BETWEEN" | "BIGINT"
@@ -6388,6 +6389,10 @@ PrivType:
 	{
 		$$ = mysql.SelectPriv
 	}
+|	"SUPER"
+	{
+		$$ = mysql.SuperPriv
+	}
 |	"SHOW" "DATABASES"
 	{
 		$$ = mysql.ShowDBPriv

parser/parser_test.go

@@ -90,7 +90,7 @@ func (s *testParserSuite) TestSimple(c *C) {
 		"compact", "redundant", "sql_no_cache sql_no_cache", "sql_cache sql_cache", "action", "round",
 		"enable", "disable", "reverse", "space", "privileges", "get_lock", "release_lock", "sleep", "no", "greatest", "least",
 		"binlog", "hex", "unhex", "function", "indexes", "from_unixtime", "processlist", "events", "less", "than", "timediff",
-		"ln", "log", "log2", "log10", "timestampdiff", "pi", "quote", "none",
+		"ln", "log", "log2", "log10", "timestampdiff", "pi", "quote", "none", "super",
 	}
 	for _, kw := range unreservedKws {
 		src := fmt.Sprintf("SELECT %s FROM tbl;", kw)

plan/logical_plan_test.go

@@ -1550,15 +1550,13 @@ func (s *testPlanSuite) TestVisitInfo(c *C) {
 		{
 			sql: `revoke all privileges on *.* from 'test'@'%'`,
 			ans: []visitInfo{
-				// TODO: This should be SUPER privilege.
-				{mysql.CreateUserPriv, "", "", ""},
+				{mysql.SuperPriv, "", "", ""},
 			},
 		},
 		{
 			sql: `set password for 'root'@'%' = 'xxxxx'`,
 			ans: []visitInfo{
-				// TODO: This should be SUPER privilege.
-				{mysql.CreateUserPriv, "", "", ""},
+				{mysql.SuperPriv, "", "", ""},
 			},
 		},
 	}

plan/planbuilder.go

@@ -541,9 +541,8 @@ func (b *planBuilder) buildSimple(node ast.StmtNode) Plan {
 		b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreateUserPriv, "", "", "")
 	case *ast.GrantStmt:
 		b.visitInfo = collectVisitInfoFromGrantStmt(b.visitInfo, raw)
-	case *ast.SetPwdStmt, *ast.RevokeStmt:
-		// TODO: Require SUPER privilege, it's a temporary solution here.
-		b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreateUserPriv, "", "", "")
+	case *ast.SetPwdStmt, *ast.RevokeStmt, *ast.KillStmt:
+		b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SuperPriv, "", "", "")
 	}
 	return p
 }

privilege/privileges/cache.go

@@ -141,7 +141,7 @@ func noSuchTable(err error) bool {
 
 // LoadUserTable loads the mysql.user table from database.
 func (p *MySQLPrivilege) LoadUserTable(ctx context.Context) error {
-	return p.loadTable(ctx, "select Host,User,Password,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,Alter_priv,Show_db_priv,Execute_priv,Index_priv,Create_user_priv from mysql.user order by host, user;", p.decodeUserTableRow)
+	return p.loadTable(ctx, "select Host,User,Password,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,Alter_priv,Show_db_priv,Super_priv,Execute_priv,Index_priv,Create_user_priv from mysql.user order by host, user;", p.decodeUserTableRow)
 }
 
 // LoadDBTable loads the mysql.db table from database.

privilege/privileges/cache_test.go

@@ -53,11 +53,11 @@ func (s *testCacheSuite) TestLoadUserTable(c *C) {
 	c.Assert(err, IsNil)
 	c.Assert(len(p.User), Equals, 0)
 
-	// Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Grant_priv | Alter_priv | Show_db_priv | Execute_priv | Index_priv | Create_user_priv
-	mustExec(c, se, `INSERT INTO mysql.user VALUES ("%", "root", "", "Y", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N")`)
-	mustExec(c, se, `INSERT INTO mysql.user VALUES ("%", "root1", "admin", "N", "Y", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N")`)
-	mustExec(c, se, `INSERT INTO mysql.user VALUES ("%", "root11", "", "N", "N", "Y", "N", "N", "N", "N", "N", "Y", "N", "N", "N")`)
-	mustExec(c, se, `INSERT INTO mysql.user VALUES ("%", "root111", "", "N", "N", "N", "N", "N", "N", "N", "N", "Y", "Y", "Y", "Y")`)
+	// Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Grant_priv | Alter_priv | Show_db_priv | Super_priv | Execute_priv | Index_priv | Create_user_priv
+	mustExec(c, se, `INSERT INTO mysql.user VALUES ("%", "root", "", "Y", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N")`)
+	mustExec(c, se, `INSERT INTO mysql.user VALUES ("%", "root1", "admin", "N", "Y", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N")`)
+	mustExec(c, se, `INSERT INTO mysql.user VALUES ("%", "root11", "", "N", "N", "Y", "N", "N", "N", "N", "N", "Y", "N", "N", "N", "N")`)
+	mustExec(c, se, `INSERT INTO mysql.user VALUES ("%", "root111", "", "N", "N", "N", "N", "N", "N", "N", "N", "Y", "Y", "Y", "Y", "Y")`)
 
 	p = privileges.MySQLPrivilege{}
 	err = p.LoadUserTable(se)
@@ -67,7 +67,7 @@ func (s *testCacheSuite) TestLoadUserTable(c *C) {
 	c.Assert(user[0].Privileges, Equals, mysql.SelectPriv)
 	c.Assert(user[1].Privileges, Equals, mysql.InsertPriv)
 	c.Assert(user[2].Privileges, Equals, mysql.UpdatePriv|mysql.ShowDBPriv)
-	c.Assert(user[3].Privileges, Equals, mysql.CreateUserPriv|mysql.IndexPriv|mysql.ExecutePriv|mysql.ShowDBPriv)
+	c.Assert(user[3].Privileges, Equals, mysql.CreateUserPriv|mysql.IndexPriv|mysql.ExecutePriv|mysql.ShowDBPriv|mysql.SuperPriv)
 }
 
 func (s *testCacheSuite) TestLoadDBTable(c *C) {
@@ -136,7 +136,7 @@ func (s *testCacheSuite) TestPatternMatch(c *C) {
 	defer se.Close()
 	mustExec(c, se, "USE MYSQL;")
 	mustExec(c, se, "TRUNCATE TABLE mysql.user")
-	mustExec(c, se, `INSERT INTO mysql.user VALUES ("10.0.%", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y")`)
+	mustExec(c, se, `INSERT INTO mysql.user VALUES ("10.0.%", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y")`)
 	var p privileges.MySQLPrivilege
 	err = p.LoadUserTable(se)
 	c.Assert(err, IsNil)
@@ -147,7 +147,7 @@ func (s *testCacheSuite) TestPatternMatch(c *C) {
 	c.Assert(p.RequestVerification("root", "114.114.114.114", "test", "", "", mysql.SelectPriv), IsFalse)
 
 	mustExec(c, se, "TRUNCATE TABLE mysql.user")
-	mustExec(c, se, `INSERT INTO mysql.user VALUES ("", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y")`)
+	mustExec(c, se, `INSERT INTO mysql.user VALUES ("", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y")`)
 	p = privileges.MySQLPrivilege{}
 	err = p.LoadUserTable(se)
 	c.Assert(err, IsNil)

privilege/privileges/privileges.go

@@ -356,7 +356,7 @@ const userTablePrivColumnStartIndex = 3
 const dbTablePrivColumnStartIndex = 3
 
 func (p *UserPrivileges) loadGlobalPrivileges(ctx context.Context) error {
-	sql := fmt.Sprintf(`SELECT Host,User,Password,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,Alter_priv,Show_db_priv,Execute_priv,Index_priv,Create_user_priv FROM %s.%s WHERE User="%s" AND (Host="%s" OR Host="%%");`,
+	sql := fmt.Sprintf(`SELECT Host,User,Password,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,Alter_priv,Show_db_priv,Super_priv,Execute_priv,Index_priv,Create_user_priv FROM %s.%s WHERE User="%s" AND (Host="%s" OR Host="%%");`,
 		mysql.SystemDB, mysql.UserTable, p.privs.User, p.privs.Host)
 	rows, fs, err := ctx.(sqlexec.RestrictedSQLExecutor).ExecRestrictedSQL(ctx, sql)
 	if err != nil {

session.go

@@ -892,7 +892,7 @@ func createSession(store kv.Storage) (*session, error) {
 
 const (
 	notBootstrapped         = 0
-	currentBootstrapVersion = 5
+	currentBootstrapVersion = 6
 )
 
 func getStoreBootstrapVersion(store kv.Storage) int64 {