(doris) branch master updated: [fix](auth)Auth support case insensitive (#36381)

Wed, 19 Jun 2024 03:41:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/master by this push:
     new 5b6d04aac08 [fix](auth)Auth support case insensitive (#36381)
5b6d04aac08 is described below

commit 5b6d04aac08acc6a2bfd1aeaaac26a22f1257566
Author: zhangdong <493738...@qq.com>
AuthorDate: Wed Jun 19 18:41:35 2024 +0800

    [fix](auth)Auth support case insensitive (#36381)
    
    when `lower_case_table_names ` != 0, check table auth ignore case
---
 .../main/java/org/apache/doris/catalog/Env.java    |  4 ++
 .../doris/mysql/privilege/TablePrivEntry.java      |  3 +-
 .../org/apache/doris/mysql/privilege/AuthTest.java | 50 ++++++++++++++++++++++
 3 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java 
b/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
index 69d0f05892e..44deac6d1fd 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
@@ -6072,6 +6072,10 @@ public class Env {
         return GlobalVariable.lowerCaseTableNames == 2;
     }
 
+    public static boolean isTableNamesCaseSensitive() {
+        return GlobalVariable.lowerCaseTableNames == 0;
+    }
+
     private static void getTableMeta(OlapTable olapTable, TGetMetaDBMeta 
dbMeta) {
         if (LOG.isDebugEnabled()) {
             LOG.debug("get table meta. table: {}", olapTable.getName());
diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/TablePrivEntry.java 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/TablePrivEntry.java
index c89104cde1c..27693bbf6a3 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/TablePrivEntry.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/TablePrivEntry.java
@@ -17,6 +17,7 @@
 
 package org.apache.doris.mysql.privilege;
 
+import org.apache.doris.catalog.Env;
 import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.CaseSensibility;
 import org.apache.doris.common.PatternMatcher;
@@ -58,7 +59,7 @@ public class TablePrivEntry extends DbPrivEntry {
                 ctl, CaseSensibility.CATALOG.getCaseSensibility(), 
ctl.equals(ANY_CTL));
 
         PatternMatcher tblPattern = PatternMatcher.createFlatPattern(
-                tbl, CaseSensibility.TABLE.getCaseSensibility(), 
tbl.equals(ANY_TBL));
+                tbl, Env.isTableNamesCaseSensitive(), tbl.equals(ANY_TBL));
 
         if (privs.containsNodePriv() || privs.containsResourcePriv()) {
             throw new AnalysisException("Table privilege can not contains 
global or resource privileges: " + privs);
diff --git 
a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java 
b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
index 8f9e46a9394..1c7c2a6c655 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
@@ -2378,6 +2378,56 @@ public class AuthTest {
         revoke(revokeStmt);
     }
 
+    @Test
+    public void testTableNamesCaseSensitive() throws UserException {
+        new Expectations() {
+            {
+                Env.isTableNamesCaseSensitive();
+                minTimes = 0;
+                result = true;
+            }
+        };
+        UserIdentity userIdentity = new UserIdentity("sensitiveUser", "%");
+        createUser(userIdentity);
+        // `load_priv` and `select_priv` can not `show create view`
+        GrantStmt grantStmt = new GrantStmt(userIdentity, null, new 
TablePattern("sensitivedb", "sensitiveTable"),
+                Lists.newArrayList(new 
AccessPrivilegeWithCols(AccessPrivilege.SELECT_PRIV)));
+        grant(grantStmt);
+        Assert.assertTrue(accessManager
+                .checkTblPriv(userIdentity, 
InternalCatalog.INTERNAL_CATALOG_NAME, "sensitivedb", "sensitiveTable",
+                        PrivPredicate.SELECT));
+
+        Assert.assertFalse(accessManager
+                .checkTblPriv(userIdentity, 
InternalCatalog.INTERNAL_CATALOG_NAME, "sensitivedb", "sensitivetable",
+                        PrivPredicate.SELECT));
+        dropUser(userIdentity);
+    }
+
+    @Test
+    public void testTableNamesCaseInsensitive() throws UserException {
+        new Expectations() {
+            {
+                Env.isTableNamesCaseSensitive();
+                minTimes = 0;
+                result = false;
+            }
+        };
+        UserIdentity userIdentity = new UserIdentity("sensitiveUser1", "%");
+        createUser(userIdentity);
+        // `load_priv` and `select_priv` can not `show create view`
+        GrantStmt grantStmt = new GrantStmt(userIdentity, null, new 
TablePattern("sensitivedb1", "sensitiveTable"),
+                Lists.newArrayList(new 
AccessPrivilegeWithCols(AccessPrivilege.SELECT_PRIV)));
+        grant(grantStmt);
+        Assert.assertTrue(accessManager
+                .checkTblPriv(userIdentity, 
InternalCatalog.INTERNAL_CATALOG_NAME, "sensitivedb1", "sensitiveTable",
+                        PrivPredicate.SELECT));
+
+        Assert.assertTrue(accessManager
+                .checkTblPriv(userIdentity, 
InternalCatalog.INTERNAL_CATALOG_NAME, "sensitivedb1", "sensitivetable",
+                        PrivPredicate.SELECT));
+        dropUser(userIdentity);
+    }
+
     @Test
     public void testSetInitialRootPassword() {
         // Skip set root password if `initial_root_password` set to empty 
string


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to