executor: fix revoke USAGE (pingcap#41774) (pingcap#41782)

close pingcap#41773
ti-chi-bot · Mar 16, 2023 · cd7e122 · cd7e122
1 parent 25555a8
commit cd7e122
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 10 deletions.
diff --git a/executor/grant.go b/executor/grant.go
@@ -430,6 +430,9 @@ func (e *GrantExec) grantLevelPriv(priv *ast.PrivElem, user *ast.UserSpec, inter
 	if priv.Priv == mysql.ExtendedPriv {
 		return e.grantDynamicPriv(priv.Name, user, internalSession)
 	}
+	if priv.Priv == mysql.UsagePriv {
+		return nil
+	}
 	switch e.Level.Level {
 	case ast.GrantLevelGlobal:
 		return e.grantGlobalLevel(priv, user, internalSession)
@@ -467,10 +470,6 @@ func (e *GrantExec) grantDynamicPriv(privName string, user *ast.UserSpec, intern
 
 // grantGlobalLevel manipulates mysql.user table.
 func (e *GrantExec) grantGlobalLevel(priv *ast.PrivElem, user *ast.UserSpec, internalSession sessionctx.Context) error {
-	if priv.Priv == 0 || priv.Priv == mysql.UsagePriv {
-		return nil
-	}
-
 	sql := new(strings.Builder)
 	sqlexec.MustFormatSQL(sql, `UPDATE %n.%n SET `, mysql.SystemDB, mysql.UserTable)
 	err := composeGlobalPrivUpdate(sql, priv.Priv, "Y")
@@ -485,9 +484,6 @@ func (e *GrantExec) grantGlobalLevel(priv *ast.PrivElem, user *ast.UserSpec, int
 
 // grantDBLevel manipulates mysql.db table.
 func (e *GrantExec) grantDBLevel(priv *ast.PrivElem, user *ast.UserSpec, internalSession sessionctx.Context) error {
-	if priv.Priv == mysql.UsagePriv {
-		return nil
-	}
 	for _, v := range mysql.StaticGlobalOnlyPrivs {
 		if v == priv.Priv {
 			return ErrWrongUsage.GenWithStackByArgs("DB GRANT", "GLOBAL PRIVILEGES")
@@ -520,9 +516,6 @@ func (e *GrantExec) grantDBLevel(priv *ast.PrivElem, user *ast.UserSpec, interna
 
 // grantTableLevel manipulates mysql.tables_priv table.
 func (e *GrantExec) grantTableLevel(priv *ast.PrivElem, user *ast.UserSpec, internalSession sessionctx.Context) error {
-	if priv.Priv == mysql.UsagePriv {
-		return nil
-	}
 	dbName := e.Level.DBName
 	if len(dbName) == 0 {
 		dbName = e.ctx.GetSessionVars().CurrentDB

diff --git a/executor/revoke.go b/executor/revoke.go
@@ -177,6 +177,9 @@ func (e *RevokeExec) revokeOneUser(internalSession sessionctx.Context, user, hos
 }
 
 func (e *RevokeExec) revokePriv(internalSession sessionctx.Context, priv *ast.PrivElem, user, host string) error {
+	if priv.Priv == mysql.UsagePriv {
+		return nil
+	}
 	switch e.Level.Level {
 	case ast.GrantLevelGlobal:
 		return e.revokeGlobalPriv(internalSession, priv, user, host)

diff --git a/executor/revoke_test.go b/executor/revoke_test.go
@@ -222,3 +222,17 @@ func (s *testSuite1) TestRevokeOnNonExistTable(c *C) {
 	tk.MustExec("DROP TABLE t1;")
 	tk.MustExec("REVOKE ALTER ON d1.t1 FROM issue28533;")
 }
+
+// Check https://github.com/pingcap/tidb/issues/41773.
+func (s *testSuite1) TestIssue41773(c *C) {
+	tk := testkit.NewTestKit(c, s.store)
+	tk.MustExec("use test")
+	tk.MustExec("create table if not exists xx (id int)")
+	tk.MustExec("CREATE USER 't1234'@'%' IDENTIFIED BY 'sNGNQo12fEHe0n3vU';")
+	tk.MustExec("GRANT USAGE ON * TO 't1234'@'%';")
+	tk.MustExec("GRANT USAGE ON test.* TO 't1234'@'%';")
+	tk.MustExec("GRANT USAGE ON test.xx TO 't1234'@'%';")
+	tk.MustExec("REVOKE USAGE ON * FROM 't1234'@'%';")
+	tk.MustExec("REVOKE USAGE ON test.* FROM 't1234'@'%';")
+	tk.MustExec("REVOKE USAGE ON test.xx FROM 't1234'@'%';")
+}