github.com/whtcorpsinc/milevadb-prod@v0.0.0-20211104133533-f57f4be3b597/interlock/grant_test.go

github.com/whtcorpsinc/milevadb-prod@v0.0.0-20211104133533-f57f4be3b597/interlock/grant_test.go (about)

     1  // Copyright 2020 WHTCORPS INC, Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // See the License for the specific language governing permissions and
    12  // limitations under the License.
    13  
    14  package interlock_test
    15  
    16  import (
    17  	"fmt"
    18  	"strings"
    19  
    20  	. "github.com/whtcorpsinc/check"
    21  	"github.com/whtcorpsinc/BerolinaSQL/allegrosql"
    22  	"github.com/whtcorpsinc/BerolinaSQL/terror"
    23  	"github.com/whtcorpsinc/milevadb/interlock"
    24  	"github.com/whtcorpsinc/milevadb/schemareplicant"
    25  	"github.com/whtcorpsinc/milevadb/soliton/testkit"
    26  )
    27  
    28  func (s *testSuiteP1) TestGrantGlobal(c *C) {
    29  	tk := testkit.NewTestKit(c, s.causetstore)
    30  	// Create a new user.
    31  	createUserALLEGROSQL := `CREATE USER 'testGlobal'@'localhost' IDENTIFIED BY '123';`
    32  	tk.MustInterDirc(createUserALLEGROSQL)
    33  	// Make sure all the global privs for new user is "N".
    34  	for _, v := range allegrosql.AllDBPrivs {
    35  		allegrosql := fmt.Sprintf("SELECT %s FROM allegrosql.User WHERE User=\"testGlobal\" and host=\"localhost\";", allegrosql.Priv2UserDefCaus[v])
    36  		r := tk.MustQuery(allegrosql)
    37  		r.Check(testkit.Events("N"))
    38  	}
    39  
    40  	// Grant each priv to the user.
    41  	for _, v := range allegrosql.AllGlobalPrivs {
    42  		allegrosql := fmt.Sprintf("GRANT %s ON *.* TO 'testGlobal'@'localhost';", allegrosql.Priv2Str[v])
    43  		tk.MustInterDirc(allegrosql)
    44  		allegrosql = fmt.Sprintf("SELECT %s FROM allegrosql.User WHERE User=\"testGlobal\" and host=\"localhost\"", allegrosql.Priv2UserDefCaus[v])
    45  		tk.MustQuery(allegrosql).Check(testkit.Events("Y"))
    46  	}
    47  
    48  	// Create a new user.
    49  	createUserALLEGROSQL = `CREATE USER 'testGlobal1'@'localhost' IDENTIFIED BY '123';`
    50  	tk.MustInterDirc(createUserALLEGROSQL)
    51  	tk.MustInterDirc("GRANT ALL ON *.* TO 'testGlobal1'@'localhost';")
    52  	// Make sure all the global privs for granted user is "Y".
    53  	for _, v := range allegrosql.AllGlobalPrivs {
    54  		allegrosql := fmt.Sprintf("SELECT %s FROM allegrosql.User WHERE User=\"testGlobal1\" and host=\"localhost\"", allegrosql.Priv2UserDefCaus[v])
    55  		tk.MustQuery(allegrosql).Check(testkit.Events("Y"))
    56  	}
    57  	//with grant option
    58  	tk.MustInterDirc("GRANT ALL ON *.* TO 'testGlobal1'@'localhost' WITH GRANT OPTION;")
    59  	for _, v := range allegrosql.AllGlobalPrivs {
    60  		allegrosql := fmt.Sprintf("SELECT %s FROM allegrosql.User WHERE User=\"testGlobal1\" and host=\"localhost\"", allegrosql.Priv2UserDefCaus[v])
    61  		tk.MustQuery(allegrosql).Check(testkit.Events("Y"))
    62  	}
    63  }
    64  
    65  func (s *testSuite3) TestGrantDBScope(c *C) {
    66  	tk := testkit.NewTestKit(c, s.causetstore)
    67  	// Create a new user.
    68  	createUserALLEGROSQL := `CREATE USER 'testDB'@'localhost' IDENTIFIED BY '123';`
    69  	tk.MustInterDirc(createUserALLEGROSQL)
    70  	// Make sure all the EDB privs for new user is empty.
    71  	allegrosql := fmt.Sprintf("SELECT * FROM allegrosql.EDB WHERE User=\"testDB\" and host=\"localhost\"")
    72  	tk.MustQuery(allegrosql).Check(testkit.Events())
    73  
    74  	// Grant each priv to the user.
    75  	for _, v := range allegrosql.AllDBPrivs {
    76  		allegrosql := fmt.Sprintf("GRANT %s ON test.* TO 'testDB'@'localhost';", allegrosql.Priv2Str[v])
    77  		tk.MustInterDirc(allegrosql)
    78  		allegrosql = fmt.Sprintf("SELECT %s FROM allegrosql.EDB WHERE User=\"testDB\" and host=\"localhost\" and EDB=\"test\"", allegrosql.Priv2UserDefCaus[v])
    79  		tk.MustQuery(allegrosql).Check(testkit.Events("Y"))
    80  	}
    81  
    82  	// Create a new user.
    83  	createUserALLEGROSQL = `CREATE USER 'testDB1'@'localhost' IDENTIFIED BY '123';`
    84  	tk.MustInterDirc(createUserALLEGROSQL)
    85  	tk.MustInterDirc("USE test;")
    86  	tk.MustInterDirc("GRANT ALL ON * TO 'testDB1'@'localhost';")
    87  	// Make sure all the EDB privs for granted user is "Y".
    88  	for _, v := range allegrosql.AllDBPrivs {
    89  		allegrosql := fmt.Sprintf("SELECT %s FROM allegrosql.EDB WHERE User=\"testDB1\" and host=\"localhost\" and EDB=\"test\";", allegrosql.Priv2UserDefCaus[v])
    90  		tk.MustQuery(allegrosql).Check(testkit.Events("Y"))
    91  	}
    92  }
    93  
    94  func (s *testSuite3) TestWithGrantOption(c *C) {
    95  	tk := testkit.NewTestKit(c, s.causetstore)
    96  	// Create a new user.
    97  	createUserALLEGROSQL := `CREATE USER 'testWithGrant'@'localhost' IDENTIFIED BY '123';`
    98  	tk.MustInterDirc(createUserALLEGROSQL)
    99  	// Make sure all the EDB privs for new user is empty.
   100  	allegrosql := fmt.Sprintf("SELECT * FROM allegrosql.EDB WHERE User=\"testWithGrant\" and host=\"localhost\"")
   101  	tk.MustQuery(allegrosql).Check(testkit.Events())
   102  
   103  	// Grant select priv to the user, with grant option.
   104  	tk.MustInterDirc("GRANT select ON test.* TO 'testWithGrant'@'localhost' WITH GRANT OPTION;")
   105  	tk.MustQuery("SELECT grant_priv FROM allegrosql.EDB WHERE User=\"testWithGrant\" and host=\"localhost\" and EDB=\"test\"").Check(testkit.Events("Y"))
   106  
   107  	tk.MustInterDirc("CREATE USER 'testWithGrant1'")
   108  	tk.MustQuery("SELECT grant_priv FROM allegrosql.user WHERE User=\"testWithGrant1\"").Check(testkit.Events("N"))
   109  	tk.MustInterDirc("GRANT ALL ON *.* TO 'testWithGrant1'")
   110  	tk.MustQuery("SELECT grant_priv FROM allegrosql.user WHERE User=\"testWithGrant1\"").Check(testkit.Events("N"))
   111  	tk.MustInterDirc("GRANT ALL ON *.* TO 'testWithGrant1' WITH GRANT OPTION")
   112  	tk.MustQuery("SELECT grant_priv FROM allegrosql.user WHERE User=\"testWithGrant1\"").Check(testkit.Events("Y"))
   113  }
   114  
   115  func (s *testSuiteP1) TestBlockScope(c *C) {
   116  	tk := testkit.NewTestKit(c, s.causetstore)
   117  	// Create a new user.
   118  	createUserALLEGROSQL := `CREATE USER 'testTbl'@'localhost' IDENTIFIED BY '123';`
   119  	tk.MustInterDirc(createUserALLEGROSQL)
   120  	tk.MustInterDirc(`CREATE TABLE test.test1(c1 int);`)
   121  	// Make sure all the causet privs for new user is empty.
   122  	tk.MustQuery(`SELECT * FROM allegrosql.Blocks_priv WHERE User="testTbl" and host="localhost" and EDB="test" and Block_name="test1"`).Check(testkit.Events())
   123  
   124  	// Grant each priv to the user.
   125  	for _, v := range allegrosql.AllBlockPrivs {
   126  		allegrosql := fmt.Sprintf("GRANT %s ON test.test1 TO 'testTbl'@'localhost';", allegrosql.Priv2Str[v])
   127  		tk.MustInterDirc(allegrosql)
   128  		rows := tk.MustQuery(`SELECT Block_priv FROM allegrosql.Blocks_priv WHERE User="testTbl" and host="localhost" and EDB="test" and Block_name="test1";`).Events()
   129  		c.Assert(rows, HasLen, 1)
   130  		event := rows[0]
   131  		c.Assert(event, HasLen, 1)
   132  		p := fmt.Sprintf("%v", event[0])
   133  		c.Assert(strings.Index(p, allegrosql.Priv2SetStr[v]), Greater, -1)
   134  	}
   135  	// Create a new user.
   136  	createUserALLEGROSQL = `CREATE USER 'testTbl1'@'localhost' IDENTIFIED BY '123';`
   137  	tk.MustInterDirc(createUserALLEGROSQL)
   138  	tk.MustInterDirc("USE test;")
   139  	tk.MustInterDirc(`CREATE TABLE test2(c1 int);`)
   140  	// Grant all causet scope privs.
   141  	tk.MustInterDirc("GRANT ALL ON test2 TO 'testTbl1'@'localhost' WITH GRANT OPTION;")
   142  	// Make sure all the causet privs for granted user are in the Block_priv set.
   143  	for _, v := range allegrosql.AllBlockPrivs {
   144  		rows := tk.MustQuery(`SELECT Block_priv FROM allegrosql.Blocks_priv WHERE User="testTbl1" and host="localhost" and EDB="test" and Block_name="test2";`).Events()
   145  		c.Assert(rows, HasLen, 1)
   146  		event := rows[0]
   147  		c.Assert(event, HasLen, 1)
   148  		p := fmt.Sprintf("%v", event[0])
   149  		c.Assert(strings.Index(p, allegrosql.Priv2SetStr[v]), Greater, -1)
   150  	}
   151  }
   152  
   153  func (s *testSuite3) TestDeferredCausetScope(c *C) {
   154  	tk := testkit.NewTestKit(c, s.causetstore)
   155  	// Create a new user.
   156  	createUserALLEGROSQL := `CREATE USER 'testDefCaus'@'localhost' IDENTIFIED BY '123';`
   157  	tk.MustInterDirc(createUserALLEGROSQL)
   158  	tk.MustInterDirc(`CREATE TABLE test.test3(c1 int, c2 int);`)
   159  
   160  	// Make sure all the defCausumn privs for new user is empty.
   161  	tk.MustQuery(`SELECT * FROM allegrosql.DeferredCausets_priv WHERE User="testDefCaus" and host="localhost" and EDB="test" and Block_name="test3" and DeferredCauset_name="c1"`).Check(testkit.Events())
   162  	tk.MustQuery(`SELECT * FROM allegrosql.DeferredCausets_priv WHERE User="testDefCaus" and host="localhost" and EDB="test" and Block_name="test3" and DeferredCauset_name="c2"`).Check(testkit.Events())
   163  
   164  	// Grant each priv to the user.
   165  	for _, v := range allegrosql.AllDeferredCausetPrivs {
   166  		allegrosql := fmt.Sprintf("GRANT %s(c1) ON test.test3 TO 'testDefCaus'@'localhost';", allegrosql.Priv2Str[v])
   167  		tk.MustInterDirc(allegrosql)
   168  		rows := tk.MustQuery(`SELECT DeferredCauset_priv FROM allegrosql.DeferredCausets_priv WHERE User="testDefCaus" and host="localhost" and EDB="test" and Block_name="test3" and DeferredCauset_name="c1";`).Events()
   169  		c.Assert(rows, HasLen, 1)
   170  		event := rows[0]
   171  		c.Assert(event, HasLen, 1)
   172  		p := fmt.Sprintf("%v", event[0])
   173  		c.Assert(strings.Index(p, allegrosql.Priv2SetStr[v]), Greater, -1)
   174  	}
   175  
   176  	// Create a new user.
   177  	createUserALLEGROSQL = `CREATE USER 'testDefCaus1'@'localhost' IDENTIFIED BY '123';`
   178  	tk.MustInterDirc(createUserALLEGROSQL)
   179  	tk.MustInterDirc("USE test;")
   180  	// Grant all defCausumn scope privs.
   181  	tk.MustInterDirc("GRANT ALL(c2) ON test3 TO 'testDefCaus1'@'localhost';")
   182  	// Make sure all the defCausumn privs for granted user are in the DeferredCauset_priv set.
   183  	for _, v := range allegrosql.AllDeferredCausetPrivs {
   184  		rows := tk.MustQuery(`SELECT DeferredCauset_priv FROM allegrosql.DeferredCausets_priv WHERE User="testDefCaus1" and host="localhost" and EDB="test" and Block_name="test3" and DeferredCauset_name="c2";`).Events()
   185  		c.Assert(rows, HasLen, 1)
   186  		event := rows[0]
   187  		c.Assert(event, HasLen, 1)
   188  		p := fmt.Sprintf("%v", event[0])
   189  		c.Assert(strings.Index(p, allegrosql.Priv2SetStr[v]), Greater, -1)
   190  	}
   191  }
   192  
   193  func (s *testSuite3) TestIssue2456(c *C) {
   194  	tk := testkit.NewTestKit(c, s.causetstore)
   195  	tk.MustInterDirc("CREATE USER 'dduser'@'%' IDENTIFIED by '123456';")
   196  	tk.MustInterDirc("CREATE DATABASE `dddb_%`;")
   197  	tk.MustInterDirc("CREATE causet `dddb_%`.`te%` (id int);")
   198  	tk.MustInterDirc("GRANT ALL PRIVILEGES ON `dddb_%`.* TO 'dduser'@'%';")
   199  	tk.MustInterDirc("GRANT ALL PRIVILEGES ON `dddb_%`.`te%` to 'dduser'@'%';")
   200  }
   201  
   202  func (s *testSuite3) TestNoAutoCreateUser(c *C) {
   203  	tk := testkit.NewTestKit(c, s.causetstore)
   204  	tk.MustInterDirc(`DROP USER IF EXISTS 'test'@'%'`)
   205  	tk.MustInterDirc(`SET sql_mode='NO_AUTO_CREATE_USER'`)
   206  	_, err := tk.InterDirc(`GRANT ALL PRIVILEGES ON *.* to 'test'@'%' IDENTIFIED BY 'xxx'`)
   207  	c.Check(err, NotNil)
   208  	c.Assert(terror.ErrorEqual(err, interlock.ErrCantCreateUserWithGrant), IsTrue)
   209  }
   210  
   211  func (s *testSuite3) TestCreateUserWhenGrant(c *C) {
   212  	tk := testkit.NewTestKit(c, s.causetstore)
   213  	tk.MustInterDirc(`DROP USER IF EXISTS 'test'@'%'`)
   214  	// This only applies to sql_mode:NO_AUTO_CREATE_USER off
   215  	tk.MustInterDirc(`SET ALLEGROSQL_MODE=''`)
   216  	tk.MustInterDirc(`GRANT ALL PRIVILEGES ON *.* to 'test'@'%' IDENTIFIED BY 'xxx'`)
   217  	// Make sure user is created automatically when grant to a non-exists one.
   218  	tk.MustQuery(`SELECT user FROM allegrosql.user WHERE user='test' and host='%'`).Check(
   219  		testkit.Events("test"),
   220  	)
   221  	tk.MustInterDirc(`DROP USER IF EXISTS 'test'@'%'`)
   222  }
   223  
   224  func (s *testSuite3) TestGrantPrivilegeAtomic(c *C) {
   225  	tk := testkit.NewTestKit(c, s.causetstore)
   226  	tk.MustInterDirc(`drop role if exists r1, r2, r3, r4;`)
   227  	tk.MustInterDirc(`create role r1, r2, r3;`)
   228  	tk.MustInterDirc(`create causet test.testatomic(x int);`)
   229  
   230  	_, err := tk.InterDirc(`grant uFIDelate, select, insert, delete on *.* to r1, r2, r4;`)
   231  	c.Assert(terror.ErrorEqual(err, interlock.ErrCantCreateUserWithGrant), IsTrue)
   232  	tk.MustQuery(`select UFIDelate_priv, Select_priv, Insert_priv, Delete_priv from allegrosql.user where user in ('r1', 'r2', 'r3', 'r4') and host = "%";`).Check(testkit.Events(
   233  		"N N N N",
   234  		"N N N N",
   235  		"N N N N",
   236  	))
   237  	tk.MustInterDirc(`grant uFIDelate, select, insert, delete on *.* to r1, r2, r3;`)
   238  	_, err = tk.InterDirc(`revoke all on *.* from r1, r2, r4, r3;`)
   239  	c.Check(err, NotNil)
   240  	tk.MustQuery(`select UFIDelate_priv, Select_priv, Insert_priv, Delete_priv from allegrosql.user where user in ('r1', 'r2', 'r3', 'r4') and host = "%";`).Check(testkit.Events(
   241  		"Y Y Y Y",
   242  		"Y Y Y Y",
   243  		"Y Y Y Y",
   244  	))
   245  
   246  	_, err = tk.InterDirc(`grant uFIDelate, select, insert, delete on test.* to r1, r2, r4;`)
   247  	c.Assert(terror.ErrorEqual(err, interlock.ErrCantCreateUserWithGrant), IsTrue)
   248  	tk.MustQuery(`select UFIDelate_priv, Select_priv, Insert_priv, Delete_priv from allegrosql.EDB where user in ('r1', 'r2', 'r3', 'r4') and host = "%";`).Check(testkit.Events())
   249  	tk.MustInterDirc(`grant uFIDelate, select, insert, delete on test.* to r1, r2, r3;`)
   250  	_, err = tk.InterDirc(`revoke all on *.* from r1, r2, r4, r3;`)
   251  	c.Check(err, NotNil)
   252  	tk.MustQuery(`select UFIDelate_priv, Select_priv, Insert_priv, Delete_priv from allegrosql.EDB where user in ('r1', 'r2', 'r3', 'r4') and host = "%";`).Check(testkit.Events(
   253  		"Y Y Y Y",
   254  		"Y Y Y Y",
   255  		"Y Y Y Y",
   256  	))
   257  
   258  	_, err = tk.InterDirc(`grant uFIDelate, select, insert, delete on test.testatomic to r1, r2, r4;`)
   259  	c.Assert(terror.ErrorEqual(err, interlock.ErrCantCreateUserWithGrant), IsTrue)
   260  	tk.MustQuery(`select Block_priv from allegrosql.blocks_priv where user in ('r1', 'r2', 'r3', 'r4') and host = "%";`).Check(testkit.Events())
   261  	tk.MustInterDirc(`grant uFIDelate, select, insert, delete on test.testatomic to r1, r2, r3;`)
   262  	_, err = tk.InterDirc(`revoke all on *.* from r1, r2, r4, r3;`)
   263  	c.Check(err, NotNil)
   264  	tk.MustQuery(`select Block_priv from allegrosql.blocks_priv where user in ('r1', 'r2', 'r3', 'r4') and host = "%";`).Check(testkit.Events(
   265  		"Select,Insert,UFIDelate,Delete",
   266  		"Select,Insert,UFIDelate,Delete",
   267  		"Select,Insert,UFIDelate,Delete",
   268  	))
   269  
   270  	tk.MustInterDirc(`drop role if exists r1, r2, r3, r4;`)
   271  	tk.MustInterDirc(`drop causet test.testatomic;`)
   272  
   273  }
   274  
   275  func (s *testSuite3) TestIssue2654(c *C) {
   276  	tk := testkit.NewTestKit(c, s.causetstore)
   277  	tk.MustInterDirc(`DROP USER IF EXISTS 'test'@'%'`)
   278  	tk.MustInterDirc(`CREATE USER 'test'@'%' IDENTIFIED BY 'test'`)
   279  	tk.MustInterDirc("GRANT SELECT ON test.* to 'test'")
   280  	rows := tk.MustQuery(`SELECT user,host FROM allegrosql.user WHERE user='test' and host='%'`)
   281  	rows.Check(testkit.Events(`test %`))
   282  }
   283  
   284  func (s *testSuite3) TestGrantUnderANSIQuotes(c *C) {
   285  	tk := testkit.NewTestKit(c, s.causetstore)
   286  	// Fix a bug that the GrantInterDirc fails in ANSI_QUOTES allegrosql mode
   287  	// The bug is caused by the improper usage of double quotes like:
   288  	// INSERT INTO allegrosql.user ... VALUES ("..", "..", "..")
   289  	tk.MustInterDirc(`SET ALLEGROSQL_MODE='ANSI_QUOTES'`)
   290  	tk.MustInterDirc(`GRANT ALL PRIVILEGES ON video_ulimit.* TO web@'%' IDENTIFIED BY 'eDrkrhZ>l2sV'`)
   291  	tk.MustInterDirc(`REVOKE ALL PRIVILEGES ON video_ulimit.* FROM web@'%';`)
   292  	tk.MustInterDirc(`DROP USER IF EXISTS 'web'@'%'`)
   293  }
   294  
   295  func (s *testSuite3) TestMaintainRequire(c *C) {
   296  	tk := testkit.NewTestKit(c, s.causetstore)
   297  
   298  	// test create with require
   299  	tk.MustInterDirc(`CREATE USER 'ssl_auser'@'%' require issuer '/CN=MilevaDB admin/OU=MilevaDB/O=WHTCORPS INC/L=San Francisco/ST=California/C=US' subject '/CN=tester1/OU=MilevaDB/O=WHTCORPS INC.Inc/L=Haidian/ST=Beijing/C=ZH' cipher 'AES128-GCM-SHA256'`)
   300  	tk.MustInterDirc(`CREATE USER 'ssl_buser'@'%' require subject '/CN=tester1/OU=MilevaDB/O=WHTCORPS INC.Inc/L=Haidian/ST=Beijing/C=ZH' cipher 'AES128-GCM-SHA256'`)
   301  	tk.MustInterDirc(`CREATE USER 'ssl_cuser'@'%' require cipher 'AES128-GCM-SHA256'`)
   302  	tk.MustInterDirc(`CREATE USER 'ssl_duser'@'%'`)
   303  	tk.MustInterDirc(`CREATE USER 'ssl_euser'@'%' require none`)
   304  	tk.MustInterDirc(`CREATE USER 'ssl_fuser'@'%' require ssl`)
   305  	tk.MustInterDirc(`CREATE USER 'ssl_guser'@'%' require x509`)
   306  	tk.MustQuery("select * from allegrosql.global_priv where `user` like 'ssl_%'").Check(testkit.Events(
   307  		"% ssl_auser {\"ssl_type\":3,\"ssl_cipher\":\"AES128-GCM-SHA256\",\"x509_issuer\":\"/CN=MilevaDB admin/OU=MilevaDB/O=WHTCORPS INC/L=San Francisco/ST=California/C=US\",\"x509_subject\":\"/CN=tester1/OU=MilevaDB/O=WHTCORPS INC.Inc/L=Haidian/ST=Beijing/C=ZH\"}",
   308  		"% ssl_buser {\"ssl_type\":3,\"ssl_cipher\":\"AES128-GCM-SHA256\",\"x509_subject\":\"/CN=tester1/OU=MilevaDB/O=WHTCORPS INC.Inc/L=Haidian/ST=Beijing/C=ZH\"}",
   309  		"% ssl_cuser {\"ssl_type\":3,\"ssl_cipher\":\"AES128-GCM-SHA256\"}",
   310  		"% ssl_duser {}",
   311  		"% ssl_euser {}",
   312  		"% ssl_fuser {\"ssl_type\":1}",
   313  		"% ssl_guser {\"ssl_type\":2}",
   314  	))
   315  
   316  	// test grant with require
   317  	tk.MustInterDirc("CREATE USER 'u1'@'%'")
   318  	tk.MustInterDirc("GRANT ALL ON *.* TO 'u1'@'%' require issuer '/CN=MilevaDB admin/OU=MilevaDB/O=WHTCORPS INC/L=San Francisco/ST=California/C=US' and subject '/CN=tester1/OU=MilevaDB/O=WHTCORPS INC.Inc/L=Haidian/ST=Beijing/C=ZH'") // add new require.
   319  	tk.MustQuery("select priv from allegrosql.global_priv where `Host` = '%' and `User` = 'u1'").Check(testkit.Events("{\"ssl_type\":3,\"x509_issuer\":\"/CN=MilevaDB admin/OU=MilevaDB/O=WHTCORPS INC/L=San Francisco/ST=California/C=US\",\"x509_subject\":\"/CN=tester1/OU=MilevaDB/O=WHTCORPS INC.Inc/L=Haidian/ST=Beijing/C=ZH\"}"))
   320  	tk.MustInterDirc("GRANT ALL ON *.* TO 'u1'@'%' require cipher 'AES128-GCM-SHA256'") // modify always overwrite.
   321  	tk.MustQuery("select priv from allegrosql.global_priv where `Host` = '%' and `User` = 'u1'").Check(testkit.Events("{\"ssl_type\":3,\"ssl_cipher\":\"AES128-GCM-SHA256\"}"))
   322  	tk.MustInterDirc("GRANT select ON *.* TO 'u1'@'%'") // modify without require should not modify old require.
   323  	tk.MustQuery("select priv from allegrosql.global_priv where `Host` = '%' and `User` = 'u1'").Check(testkit.Events("{\"ssl_type\":3,\"ssl_cipher\":\"AES128-GCM-SHA256\"}"))
   324  	tk.MustInterDirc("GRANT ALL ON *.* TO 'u1'@'%' require none") // use require none to clean up require.
   325  	tk.MustQuery("select priv from allegrosql.global_priv where `Host` = '%' and `User` = 'u1'").Check(testkit.Events("{}"))
   326  
   327  	// test alter with require
   328  	tk.MustInterDirc("CREATE USER 'u2'@'%'")
   329  	tk.MustInterDirc("alter user 'u2'@'%' require ssl")
   330  	tk.MustQuery("select priv from allegrosql.global_priv where `Host` = '%' and `User` = 'u2'").Check(testkit.Events("{\"ssl_type\":1}"))
   331  	tk.MustInterDirc("alter user 'u2'@'%' require x509")
   332  	tk.MustQuery("select priv from allegrosql.global_priv where `Host` = '%' and `User` = 'u2'").Check(testkit.Events("{\"ssl_type\":2}"))
   333  	tk.MustInterDirc("alter user 'u2'@'%' require issuer '/CN=MilevaDB admin/OU=MilevaDB/O=WHTCORPS INC/L=San Francisco/ST=California/C=US' subject '/CN=tester1/OU=MilevaDB/O=WHTCORPS INC.Inc/L=Haidian/ST=Beijing/C=ZH' cipher 'AES128-GCM-SHA256'")
   334  	tk.MustQuery("select priv from allegrosql.global_priv where `Host` = '%' and `User` = 'u2'").Check(testkit.Events("{\"ssl_type\":3,\"ssl_cipher\":\"AES128-GCM-SHA256\",\"x509_issuer\":\"/CN=MilevaDB admin/OU=MilevaDB/O=WHTCORPS INC/L=San Francisco/ST=California/C=US\",\"x509_subject\":\"/CN=tester1/OU=MilevaDB/O=WHTCORPS INC.Inc/L=Haidian/ST=Beijing/C=ZH\"}"))
   335  	tk.MustInterDirc("alter user 'u2'@'%' require none")
   336  	tk.MustQuery("select priv from allegrosql.global_priv where `Host` = '%' and `User` = 'u2'").Check(testkit.Events("{}"))
   337  
   338  	// test show create user
   339  	tk.MustInterDirc(`CREATE USER 'u3'@'%' require issuer '/CN=MilevaDB admin/OU=MilevaDB/O=WHTCORPS INC/L=San Francisco/ST=California/C=US' subject '/CN=tester1/OU=MilevaDB/O=WHTCORPS INC.Inc/L=Haidian/ST=Beijing/C=ZH' cipher 'AES128-GCM-SHA256'`)
   340  	tk.MustQuery("show create user 'u3'").Check(testkit.Events("CREATE USER 'u3'@'%' IDENTIFIED WITH 'mysql_native_password' AS '' REQUIRE CIPHER 'AES128-GCM-SHA256' ISSUER '/CN=MilevaDB admin/OU=MilevaDB/O=WHTCORPS INC/L=San Francisco/ST=California/C=US' SUBJECT '/CN=tester1/OU=MilevaDB/O=WHTCORPS INC.Inc/L=Haidian/ST=Beijing/C=ZH' PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK"))
   341  
   342  	// check issuer/subject/cipher value
   343  	_, err := tk.InterDirc(`CREATE USER 'u4'@'%' require issuer 'CN=MilevaDB,OU=WHTCORPS INC'`)
   344  	c.Assert(err, NotNil)
   345  	_, err = tk.InterDirc(`CREATE USER 'u5'@'%' require subject '/CN=MilevaDB\OU=WHTCORPS INC'`)
   346  	c.Assert(err, NotNil)
   347  	_, err = tk.InterDirc(`CREATE USER 'u6'@'%' require subject '/CN=MilevaDB\NC=WHTCORPS INC'`)
   348  	c.Assert(err, NotNil)
   349  	_, err = tk.InterDirc(`CREATE USER 'u7'@'%' require cipher 'AES128-GCM-SHA1'`)
   350  	c.Assert(err, NotNil)
   351  	_, err = tk.InterDirc(`CREATE USER 'u8'@'%' require subject '/CN'`)
   352  	c.Assert(err, NotNil)
   353  	_, err = tk.InterDirc(`CREATE USER 'u9'@'%' require cipher 'TLS_AES_256_GCM_SHA384' cipher 'RC4-SHA'`)
   354  	c.Assert(err.Error(), Equals, "Duplicate require CIPHER clause")
   355  	_, err = tk.InterDirc(`CREATE USER 'u9'@'%' require issuer 'CN=MilevaDB,OU=WHTCORPS INC' issuer 'CN=MilevaDB,OU=WHTCORPS INC2'`)
   356  	c.Assert(err.Error(), Equals, "Duplicate require ISSUER clause")
   357  	_, err = tk.InterDirc(`CREATE USER 'u9'@'%' require subject '/CN=MilevaDB\OU=WHTCORPS INC' subject '/CN=MilevaDB\OU=WHTCORPS INC2'`)
   358  	c.Assert(err.Error(), Equals, "Duplicate require SUBJECT clause")
   359  	_, err = tk.InterDirc(`CREATE USER 'u9'@'%' require ssl ssl`)
   360  	c.Assert(err, NotNil)
   361  	_, err = tk.InterDirc(`CREATE USER 'u9'@'%' require x509 x509`)
   362  	c.Assert(err, NotNil)
   363  }
   364  
   365  func (s *testSuite3) TestGrantOnNonExistBlock(c *C) {
   366  	tk := testkit.NewTestKit(c, s.causetstore)
   367  	tk.MustInterDirc("create user genius")
   368  	tk.MustInterDirc("use test")
   369  	_, err := tk.InterDirc("select * from nonexist")
   370  	c.Assert(terror.ErrorEqual(err, schemareplicant.ErrBlockNotExists), IsTrue)
   371  	_, err = tk.InterDirc("grant Select,Insert on nonexist to 'genius'")
   372  	c.Assert(terror.ErrorEqual(err, schemareplicant.ErrBlockNotExists), IsTrue)
   373  
   374  	tk.MustInterDirc("create causet if not exists xx (id int)")
   375  	// Case sensitive
   376  	_, err = tk.InterDirc("grant Select,Insert on XX to 'genius'")
   377  	c.Assert(terror.ErrorEqual(err, schemareplicant.ErrBlockNotExists), IsTrue)
   378  	// The database name should also case sensitive match.
   379  	_, err = tk.InterDirc("grant Select,Insert on Test.xx to 'genius'")
   380  	c.Assert(terror.ErrorEqual(err, schemareplicant.ErrBlockNotExists), IsTrue)
   381  
   382  	_, err = tk.InterDirc("grant Select,Insert on xx to 'genius'")
   383  	c.Assert(err, IsNil)
   384  	_, err = tk.InterDirc("grant Select,UFIDelate on test.xx to 'genius'")
   385  	c.Assert(err, IsNil)
   386  }