diff --git a/executor/simple.go b/executor/simple.go index 4442ab9bbed76..43bbc72733f60 100644 --- a/executor/simple.go +++ b/executor/simple.go @@ -16,6 +16,7 @@ package executor import ( "context" "fmt" + "os" "strings" "time" @@ -126,6 +127,8 @@ func (e *SimpleExec) Next(ctx context.Context, req *chunk.Chunk) (err error) { err = e.executeRevokeRole(x) case *ast.SetDefaultRoleStmt: err = e.executeSetDefaultRole(x) + case *ast.ShutdownStmt: + err = e.executeShutdown(x) } e.done = true return err @@ -1057,3 +1060,13 @@ func (e *SimpleExec) autoNewTxn() bool { } return false } + +func (e *SimpleExec) executeShutdown(s *ast.ShutdownStmt) error { + sessVars := e.ctx.GetSessionVars() + logutil.Logger(context.Background()).Info("execute shutdown statement", zap.Uint64("conn", sessVars.ConnectionID)) + p, err := os.FindProcess(os.Getpid()) + if err != nil { + return err + } + return p.Kill() +} diff --git a/go.mod b/go.mod index 86d948ce64ddf..f8db4b13ad607 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( github.com/pingcap/goleveldb v0.0.0-20171020122428-b9ff6c35079e github.com/pingcap/kvproto v0.0.0-20191106014506-c5d88d699a8d github.com/pingcap/log v0.0.0-20190715063458-479153f07ebd - github.com/pingcap/parser v0.0.0-20191217103835-701d0da815ab + github.com/pingcap/parser v0.0.0-20191218055518-56b91dae84dc github.com/pingcap/pd v1.1.0-beta.0.20190912093418-dc03c839debd github.com/pingcap/tidb-tools v3.0.6-0.20191119150227-ff0a3c6e5763+incompatible github.com/pingcap/tipb v0.0.0-20191120045257-1b9900292ab6 diff --git a/go.sum b/go.sum index 4e64fc2e6d7b2..5c5bd4976ef42 100644 --- a/go.sum +++ b/go.sum @@ -153,8 +153,8 @@ github.com/pingcap/kvproto v0.0.0-20191106014506-c5d88d699a8d h1:zTHgLr8+0LTEJmj github.com/pingcap/kvproto v0.0.0-20191106014506-c5d88d699a8d/go.mod h1:QMdbTAXCHzzygQzqcG9uVUgU2fKeSN1GmfMiykdSzzY= github.com/pingcap/log v0.0.0-20190715063458-479153f07ebd h1:hWDol43WY5PGhsh3+8794bFHY1bPrmu6bTalpssCrGg= github.com/pingcap/log v0.0.0-20190715063458-479153f07ebd/go.mod h1:WpHUKhNZ18v116SvGrmjkA9CBhYmuUTKL+p8JC9ANEw= -github.com/pingcap/parser v0.0.0-20191217103835-701d0da815ab h1:U0lKTYjmd2Kgz2DfVaaoSKPdiMyp6h2MHOZl/4gQT1U= -github.com/pingcap/parser v0.0.0-20191217103835-701d0da815ab/go.mod h1:1FNvfp9+J0wvc4kl8eGNh7Rqrxveg15jJoWo/a0uHwA= +github.com/pingcap/parser v0.0.0-20191218055518-56b91dae84dc h1:QRKjvChXjiiyQsAIr4jqoK3GBhnG34dXVmdUHaIP56E= +github.com/pingcap/parser v0.0.0-20191218055518-56b91dae84dc/go.mod h1:1FNvfp9+J0wvc4kl8eGNh7Rqrxveg15jJoWo/a0uHwA= github.com/pingcap/pd v1.1.0-beta.0.20190912093418-dc03c839debd h1:bKj6hodu/ro78B0oN2yicdGn0t4yd9XjnyoW95qmWic= github.com/pingcap/pd v1.1.0-beta.0.20190912093418-dc03c839debd/go.mod h1:I7TEby5BHTYIxgHszfsOJSBsk8b2Qt8QrSIgdv5n5QQ= github.com/pingcap/tidb-tools v3.0.6-0.20191119150227-ff0a3c6e5763+incompatible h1:I8HirWsu1MZp6t9G/g8yKCEjJJxtHooKakEgccvdJ4M= diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go index 28a2e8985fff4..a843022fdf557 100644 --- a/planner/core/planbuilder.go +++ b/planner/core/planbuilder.go @@ -284,7 +284,7 @@ func (b *PlanBuilder) Build(ctx context.Context, node ast.Node) (Plan, error) { case *ast.BinlogStmt, *ast.FlushStmt, *ast.UseStmt, *ast.BeginStmt, *ast.CommitStmt, *ast.RollbackStmt, *ast.CreateUserStmt, *ast.SetPwdStmt, *ast.GrantStmt, *ast.DropUserStmt, *ast.AlterUserStmt, *ast.RevokeStmt, *ast.KillStmt, *ast.DropStatsStmt, - *ast.GrantRoleStmt, *ast.RevokeRoleStmt, *ast.SetRoleStmt, *ast.SetDefaultRoleStmt: + *ast.GrantRoleStmt, *ast.RevokeRoleStmt, *ast.SetRoleStmt, *ast.SetDefaultRoleStmt, *ast.ShutdownStmt: return b.buildSimple(node.(ast.StmtNode)) case ast.DDLNode: return b.buildDDL(ctx, x) @@ -1389,6 +1389,8 @@ func (b *PlanBuilder) buildSimple(node ast.StmtNode) (Plan, error) { if raw.DBName == "" { return nil, ErrNoDB } + case *ast.ShutdownStmt: + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.ShutdownPriv, "", "", "", nil) } return p, nil } diff --git a/privilege/privileges/cache_test.go b/privilege/privileges/cache_test.go index b89d4c85f5e28..3681c63f6f168 100644 --- a/privilege/privileges/cache_test.go +++ b/privilege/privileges/cache_test.go @@ -161,7 +161,7 @@ func (s *testCacheSuite) TestPatternMatch(c *C) { defer se.Close() mustExec(c, se, "USE MYSQL;") mustExec(c, se, "TRUNCATE TABLE mysql.user") - mustExec(c, se, `INSERT INTO mysql.user VALUES ("10.0.%", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "N")`) + mustExec(c, se, `INSERT INTO mysql.user VALUES ("10.0.%", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "N", "Y")`) var p privileges.MySQLPrivilege err = p.LoadUserTable(se) c.Assert(err, IsNil) @@ -171,14 +171,16 @@ func (s *testCacheSuite) TestPatternMatch(c *C) { c.Assert(p.RequestVerification(activeRoles, "root", "127.0.0.1", "test", "", "", mysql.SelectPriv), IsFalse) c.Assert(p.RequestVerification(activeRoles, "root", "114.114.114.114", "test", "", "", mysql.SelectPriv), IsFalse) c.Assert(p.RequestVerification(activeRoles, "root", "114.114.114.114", "test", "", "", mysql.PrivilegeType(0)), IsTrue) + c.Assert(p.RequestVerification(activeRoles, "root", "10.0.1.118", "test", "", "", mysql.ShutdownPriv), IsTrue) mustExec(c, se, "TRUNCATE TABLE mysql.user") - mustExec(c, se, `INSERT INTO mysql.user VALUES ("", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "N")`) + mustExec(c, se, `INSERT INTO mysql.user VALUES ("", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "N", "N")`) p = privileges.MySQLPrivilege{} err = p.LoadUserTable(se) c.Assert(err, IsNil) c.Assert(p.RequestVerification(activeRoles, "root", "", "test", "", "", mysql.SelectPriv), IsTrue) c.Assert(p.RequestVerification(activeRoles, "root", "notnull", "test", "", "", mysql.SelectPriv), IsFalse) + c.Assert(p.RequestVerification(activeRoles, "root", "", "test", "", "", mysql.ShutdownPriv), IsFalse) // Pattern match for DB. mustExec(c, se, "TRUNCATE TABLE mysql.user") diff --git a/session/bootstrap.go b/session/bootstrap.go index 894c991a3de94..aed6c02474921 100644 --- a/session/bootstrap.go +++ b/session/bootstrap.go @@ -72,6 +72,7 @@ const ( Create_role_priv ENUM('N','Y') NOT NULL DEFAULT 'N', Drop_role_priv ENUM('N','Y') NOT NULL DEFAULT 'N', Account_locked ENUM('N','Y') NOT NULL DEFAULT 'N', + Shutdown_priv ENUM('N','Y') NOT NULL DEFAULT 'N', PRIMARY KEY (Host, User));` // CreateDBPrivTable is the SQL statement creates DB scope privilege table in system db. CreateDBPrivTable = `CREATE TABLE if not exists mysql.db ( @@ -349,6 +350,7 @@ const ( version33 = 33 version34 = 34 version35 = 35 + version36 = 36 ) func checkBootstrapped(s Session) (bool, error) { @@ -549,6 +551,10 @@ func upgrade(s Session) { upgradeToVer35(s) } + if ver < version36 { + upgradeToVer36(s) + } + updateBootstrapVer(s) _, err = s.Execute(context.Background(), "COMMIT") @@ -865,6 +871,12 @@ func upgradeToVer35(s Session) { mustExecute(s, sql) } +func upgradeToVer36(s Session) { + doReentrantDDL(s, "ALTER TABLE mysql.user ADD COLUMN `Shutdown_priv` ENUM('N','Y') DEFAULT 'N'", infoschema.ErrColumnExists) + // A root user will have those privileges after upgrading. + mustExecute(s, "UPDATE HIGH_PRIORITY mysql.user SET Shutdown_priv='Y' where Super_priv = 'Y'") +} + // updateBootstrapVer updates bootstrap version variable in mysql.TiDB table. func updateBootstrapVer(s Session) { // Update bootstrap version. @@ -936,7 +948,7 @@ func doDMLWorks(s Session) { // Insert a default user with empty password. mustExecute(s, `INSERT HIGH_PRIORITY INTO mysql.user VALUES - ("%", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "N")`) + ("%", "root", "", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "N", "Y")`) // Init global system variables table. values := make([]string, 0, len(variable.SysVars)) diff --git a/session/bootstrap_test.go b/session/bootstrap_test.go index 2c2cef919bcfe..d46cfa5b1fb1d 100644 --- a/session/bootstrap_test.go +++ b/session/bootstrap_test.go @@ -56,7 +56,7 @@ func (s *testBootstrapSuite) TestBootstrap(c *C) { c.Assert(err, IsNil) c.Assert(req.NumRows() == 0, IsFalse) datums := statistics.RowToDatums(req.GetRow(0), r.Fields()) - match(c, datums, []byte(`%`), []byte("root"), []byte(""), "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "N") + match(c, datums, []byte(`%`), []byte("root"), []byte(""), "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "N", "Y") c.Assert(se.Auth(&auth.UserIdentity{Username: "root", Hostname: "anyhost"}, []byte(""), []byte("")), IsTrue) mustExecSQL(c, se, "USE test;") @@ -160,7 +160,7 @@ func (s *testBootstrapSuite) TestBootstrapWithError(c *C) { c.Assert(req.NumRows() == 0, IsFalse) row := req.GetRow(0) datums := statistics.RowToDatums(row, r.Fields()) - match(c, datums, []byte(`%`), []byte("root"), []byte(""), "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "N") + match(c, datums, []byte(`%`), []byte("root"), []byte(""), "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "Y", "N", "Y") c.Assert(r.Close(), IsNil) mustExecSQL(c, se, "USE test;") diff --git a/session/session.go b/session/session.go index 2d763458556e9..6b00af7dd5f6f 100644 --- a/session/session.go +++ b/session/session.go @@ -1625,7 +1625,7 @@ func createSessionWithDomain(store kv.Storage, dom *domain.Domain) (*session, er const ( notBootstrapped = 0 - currentBootstrapVersion = 35 + currentBootstrapVersion = version36 ) func getStoreBootstrapVersion(store kv.Storage) int64 {