From 04576a023882e02afd4099288a4d6aa94741b601 Mon Sep 17 00:00:00 2001 From: tiancaiamao Date: Fri, 28 Jun 2019 19:51:44 +0800 Subject: [PATCH 1/2] executor: let flush privileges do nothing when `skip-grant-table` is configured When skip-grant-table is enabled, privilege handle is not initialized, calling flush privileges would meet nil pointer panic --- executor/simple.go | 7 +++++++ executor/simple_test.go | 8 ++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/executor/simple.go b/executor/simple.go index d4f42b0bceb89..81181033a7136 100644 --- a/executor/simple.go +++ b/executor/simple.go @@ -812,6 +812,13 @@ func (e *SimpleExec) executeFlush(s *ast.FlushStmt) error { return errors.New("FLUSH TABLES WITH READ LOCK is not supported. Please use @@tidb_snapshot") } case ast.FlushPrivileges: + // If skip-grant-table is configured, do not flush privileges. + // Because LoadPrivilegeLoop does not run and the privilege Handle is nil, + // Call dom.PrivilegeHandle().Update would panic. + if config.GetGlobalConfig().Security.SkipGrantTable { + return nil + } + dom := domain.GetDomain(e.ctx) sysSessionPool := dom.SysSessionPool() ctx, err := sysSessionPool.Get() diff --git a/executor/simple_test.go b/executor/simple_test.go index 7997b060b74e0..2bf9ed5b6062b 100644 --- a/executor/simple_test.go +++ b/executor/simple_test.go @@ -16,15 +16,15 @@ package executor_test import ( "context" - "github.com/pingcap/tidb/planner/core" - . "github.com/pingcap/check" "github.com/pingcap/parser/auth" "github.com/pingcap/parser/model" "github.com/pingcap/parser/mysql" "github.com/pingcap/parser/terror" + "github.com/pingcap/tidb/config" "github.com/pingcap/tidb/domain" "github.com/pingcap/tidb/executor" + "github.com/pingcap/tidb/planner/core" "github.com/pingcap/tidb/session" "github.com/pingcap/tidb/sessionctx" "github.com/pingcap/tidb/util/testkit" @@ -394,6 +394,10 @@ func (s *testSuite3) TestFlushPrivileges(c *C) { // After flush. _, err = se.Execute(ctx, `SELECT Password FROM mysql.User WHERE User="testflush" and Host="localhost"`) c.Check(err, IsNil) + + config.GetGlobalConfig().Security.SkipGrantTable = true + tk.MustExec("FLUSH PRIVILEGES") + config.GetGlobalConfig().Security.SkipGrantTable = false } func (s *testSuite3) TestDropStats(c *C) { From 8a022d42cae5f0da336ab94c3aea9925886b2e66 Mon Sep 17 00:00:00 2001 From: tiancaiamao Date: Mon, 1 Jul 2019 21:23:58 +0800 Subject: [PATCH 2/2] adderss comment --- executor/executor_test.go | 1 + executor/simple_test.go | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/executor/executor_test.go b/executor/executor_test.go index b02fbadbabbbd..aaed7cb5f6172 100644 --- a/executor/executor_test.go +++ b/executor/executor_test.go @@ -96,6 +96,7 @@ var _ = Suite(&testUpdateSuite{}) var _ = Suite(&testOOMSuite{}) var _ = Suite(&testPointGetSuite{}) var _ = Suite(&testRecoverTable{}) +var _ = Suite(&testFlushSuite{}) type testSuite struct { cluster *mocktikv.Cluster diff --git a/executor/simple_test.go b/executor/simple_test.go index 2bf9ed5b6062b..440224cc494e5 100644 --- a/executor/simple_test.go +++ b/executor/simple_test.go @@ -27,6 +27,8 @@ import ( "github.com/pingcap/tidb/planner/core" "github.com/pingcap/tidb/session" "github.com/pingcap/tidb/sessionctx" + "github.com/pingcap/tidb/store/mockstore" + "github.com/pingcap/tidb/store/mockstore/mocktikv" "github.com/pingcap/tidb/util/testkit" "github.com/pingcap/tidb/util/testutil" ) @@ -395,7 +397,28 @@ func (s *testSuite3) TestFlushPrivileges(c *C) { _, err = se.Execute(ctx, `SELECT Password FROM mysql.User WHERE User="testflush" and Host="localhost"`) c.Check(err, IsNil) +} + +type testFlushSuite struct{} + +func (s *testFlushSuite) TestFlushPrivilegesPanic(c *C) { + // Run in a separate suite because this test need to set SkipGrantTable config. + cluster := mocktikv.NewCluster() + mocktikv.BootstrapWithSingleStore(cluster) + mvccStore := mocktikv.MustNewMVCCStore() + store, err := mockstore.NewMockTikvStore( + mockstore.WithCluster(cluster), + mockstore.WithMVCCStore(mvccStore), + ) + c.Assert(err, IsNil) + defer store.Close() + config.GetGlobalConfig().Security.SkipGrantTable = true + dom, err := session.BootstrapSession(store) + c.Assert(err, IsNil) + defer dom.Close() + + tk := testkit.NewTestKit(c, store) tk.MustExec("FLUSH PRIVILEGES") config.GetGlobalConfig().Security.SkipGrantTable = false }