This is an automated email from the ASF dual-hosted git repository.
panjuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 01cbeff fix #9724 (#9743)
01cbeff is described below
commit 01cbeff22a69437234bc0fbe55b2c4c0d7118b3a
Author: JingShang Lu <[email protected]>
AuthorDate: Tue Mar 23 13:52:53 2021 +0800
fix #9724 (#9743)
* fix #9724
* fix
* fix
* fix
* fix
* fix
* fix
* fix
---
.../auth/model/privilege/ShardingSpherePrivilege.java | 11 +++++++++++
.../text/admin/mysql/executor/ShowDatabasesExecutor.java | 11 +++++++----
.../text/admin/mysql/executor/UseDatabaseExecutor.java | 4 +---
.../proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java | 9 +++------
.../mysql/command/admin/initdb/MySQLComInitDbExecutor.java | 3 +--
5 files changed, 23 insertions(+), 15 deletions(-)
diff --git
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/ShardingSpherePrivilege.java
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/ShardingSpherePrivilege.java
index 27ad1a2..3ef4bfe 100644
---
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/ShardingSpherePrivilege.java
+++
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/ShardingSpherePrivilege.java
@@ -74,6 +74,17 @@ public final class ShardingSpherePrivilege {
}
/**
+ * Has privilege for login and use db.
+ *
+ * @param schema schema
+ * @return has or not
+ */
+ public boolean hasPrivileges(final String schema) {
+ return
administrativePrivilege.getPrivileges().contains(PrivilegeType.SUPER) ||
!databasePrivilege.getGlobalPrivileges().isEmpty()
+ ||
databasePrivilege.getSpecificPrivileges().containsKey(schema);
+ }
+
+ /**
* Has privileges.
*
* @param schema schema
diff --git
a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
index 7a19a53..3693600 100644
---
a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
+++
b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
@@ -54,10 +54,13 @@ public final class ShowDatabasesExecutor implements
DatabaseAdminQueryExecutor {
return Collections.emptyList();
}
Collection<Object> result = new LinkedList<>();
- for (String each : ProxyContext.getInstance().getAllSchemaNames()) {
- // TODO : Need to check whether PrivilegeType.SHOW_DB is correct
or enough?
- if (privilege.get().hasPrivileges(each,
Collections.singletonList(PrivilegeType.SHOW_DB))) {
- result.add(each);
+ if
(privilege.get().hasPrivileges(Collections.singletonList(PrivilegeType.SHOW_DB)))
{
+ result.addAll(ProxyContext.getInstance().getAllSchemaNames());
+ } else {
+ for (String each : ProxyContext.getInstance().getAllSchemaNames())
{
+ if (privilege.get().hasPrivileges(each)) {
+ result.add(each);
+ }
}
}
return result;
diff --git
a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
index 15d0f83..16813b8 100644
---
a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
+++
b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
@@ -26,7 +26,6 @@ import
org.apache.shardingsphere.proxy.backend.text.admin.executor.DatabaseAdmin
import
org.apache.shardingsphere.sql.parser.sql.common.statement.dal.UseStatement;
import org.apache.shardingsphere.sql.parser.sql.common.util.SQLUtil;
-import java.util.Collections;
import java.util.Optional;
/**
@@ -48,7 +47,6 @@ public final class UseDatabaseExecutor implements
DatabaseAdminExecutor {
private boolean isAuthorizedSchema(final BackendConnection
backendConnection, final String schema) {
Optional<ShardingSpherePrivilege> privilege =
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(backendConnection.getGrantee());
- // TODO : Need to check whether PrivilegeType.USAGE is correct or
enough?
- return privilege.isPresent() && privilege.get().hasPrivileges(schema,
Collections.emptyList());
+ return privilege.isPresent() && privilege.get().hasPrivileges(schema);
}
}
diff --git
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
index 0e17d5c..511d430 100644
---
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
+++
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
@@ -22,14 +22,12 @@ import lombok.Getter;
import org.apache.commons.codec.digest.DigestUtils;
import
org.apache.shardingsphere.db.protocol.mysql.constant.MySQLServerErrorCode;
import
org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthPluginData;
-import
org.apache.shardingsphere.infra.metadata.auth.model.privilege.PrivilegeType;
import
org.apache.shardingsphere.infra.metadata.auth.model.privilege.ShardingSpherePrivilege;
import org.apache.shardingsphere.infra.metadata.auth.model.user.Grantee;
import
org.apache.shardingsphere.infra.metadata.auth.model.user.ShardingSphereUser;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import java.util.Arrays;
-import java.util.Collections;
import java.util.Optional;
/**
@@ -57,11 +55,10 @@ public final class MySQLAuthenticationHandler {
return Optional.of(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR);
}
ShardingSpherePrivilege privilege =
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().getAuthentication().get(user.get());
- // TODO :
privilege.getDataPrivilege().getSpecificPrivileges().containsKey(database) is
bound to be replaced with privilege.hasPrivileges(schema, xxx) (xxx means the
privileges needed here)
- if
(!privilege.hasPrivileges(Collections.singletonList(PrivilegeType.SUPER)) &&
!privilege.getDatabasePrivilege().getSpecificPrivileges().containsKey(database))
{
- return Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
+ if (null != privilege && privilege.hasPrivileges(database)) {
+ return Optional.empty();
}
- return Optional.empty();
+ return Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
}
private boolean isPasswordRight(final String password, final byte[]
authResponse) {
diff --git
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
index 3d8dba3..7ab414a 100644
---
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
+++
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
@@ -54,7 +54,6 @@ public final class MySQLComInitDbExecutor implements
CommandExecutor {
private boolean isAuthorizedSchema(final String schema) {
Optional<ShardingSpherePrivilege> privilege =
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(backendConnection.getGrantee());
- // TODO : privilege.hasPrivileges(schema, xxx) (xxx means the
privileges needed here), rather than Collections.emptyList()
- return privilege.isPresent() && privilege.get().hasPrivileges(schema,
Collections.emptyList());
+ return privilege.map(shardingSpherePrivilege ->
shardingSpherePrivilege.hasPrivileges(schema)).orElse(false);
}
}
