*: kill one's own connection doesn't require SUPER privilege (#6954) (#7003)

tiancaiamao · zz-jason · commit 383584530ea5 · 2018-07-06T13:30:58.000+08:00
diff --git a/executor/executor_pkg_test.go b/executor/executor_pkg_test.go
@@ -41,8 +41,12 @@ type mockSessionManager struct {
 }
 
 // ShowProcessList implements the SessionManager.ShowProcessList interface.
-func (msm *mockSessionManager) ShowProcessList() []util.ProcessInfo {
-	return msm.PS
+func (msm *mockSessionManager) ShowProcessList() map[uint64]util.ProcessInfo {
+	ret := make(map[uint64]util.ProcessInfo)
+	for _, item := range msm.PS {
+		ret[item.ID] = item
+	}
+	return ret
 }
 
 // Kill implements the SessionManager.Kill interface.
diff --git a/executor/show_test.go b/executor/show_test.go
@@ -386,8 +386,9 @@ type mockSessionManager struct {
 }
 
 // ShowProcessList implements the SessionManager.ShowProcessList interface.
-func (msm *mockSessionManager) ShowProcessList() []util.ProcessInfo {
-	return []util.ProcessInfo{msm.ShowProcess()}
+func (msm *mockSessionManager) ShowProcessList() map[uint64]util.ProcessInfo {
+	ps := msm.ShowProcess()
+	return map[uint64]util.ProcessInfo{ps.ID: ps}
 }
 
 // Kill implements the SessionManager.Kill interface.
diff --git a/plan/planbuilder.go b/plan/planbuilder.go
@@ -773,8 +773,21 @@ func (b *planBuilder) buildSimple(node ast.StmtNode) Plan {
 		b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreateUserPriv, "", "", "")
 	case *ast.GrantStmt:
 		b.visitInfo = collectVisitInfoFromGrantStmt(b.visitInfo, raw)
-	case *ast.SetPwdStmt, *ast.RevokeStmt, *ast.KillStmt:
+	case *ast.SetPwdStmt, *ast.RevokeStmt:
 		b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SuperPriv, "", "", "")
+	case *ast.KillStmt:
+		// If you have the SUPER privilege, you can kill all threads and statements.
+		// Otherwise, you can kill only your own threads and statements.
+		sm := b.ctx.GetSessionManager()
+		if sm != nil {
+			processList := sm.ShowProcessList()
+			if pi, ok := processList[raw.ConnectionID]; ok {
+				loginUser := b.ctx.GetSessionVars().User
+				if pi.User != loginUser.Username {
+					b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SuperPriv, "", "", "")
+				}
+			}
+		}
 	}
 	return p
 }
diff --git a/server/server.go b/server/server.go
@@ -314,14 +314,15 @@ func (s *Server) onConn(c net.Conn) {
 }
 
 // ShowProcessList implements the SessionManager interface.
-func (s *Server) ShowProcessList() []util.ProcessInfo {
-	var rs []util.ProcessInfo
+func (s *Server) ShowProcessList() map[uint64]util.ProcessInfo {
 	s.rwlock.RLock()
+	rs := make(map[uint64]util.ProcessInfo, len(s.clients))
 	for _, client := range s.clients {
 		if atomic.LoadInt32(&client.status) == connStatusWaitShutdown {
 			continue
 		}
-		rs = append(rs, client.ctx.ShowProcess())
+		pi := client.ctx.ShowProcess()
+		rs[pi.ID] = pi
 	}
 	s.rwlock.RUnlock()
 	return rs
diff --git a/util/processinfo.go b/util/processinfo.go
@@ -33,6 +33,7 @@ type ProcessInfo struct {
 // SessionManager is an interface for session manage. Show processlist and
 // kill statement rely on this interface.
 type SessionManager interface {
-	ShowProcessList() []ProcessInfo
+	// ShowProcessList returns map[connectionID]ProcessInfo.
+	ShowProcessList() map[uint64]ProcessInfo
 	Kill(connectionID uint64, query bool)
 }

Original file line number	Diff line number	Diff line change
`@@ -41,8 +41,12 @@ type mockSessionManager struct {`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`// ShowProcessList implements the SessionManager.ShowProcessList interface.`
`44`		`-func (msm *mockSessionManager) ShowProcessList() []util.ProcessInfo {`
`45`		`- return msm.PS`
	`44`	`+func (msm *mockSessionManager) ShowProcessList() map[uint64]util.ProcessInfo {`
	`45`	`+ ret := make(map[uint64]util.ProcessInfo)`
	`46`	`+ for _, item := range msm.PS {`
	`47`	`+ ret[item.ID] = item`
	`48`	`+ }`
	`49`	`+ return ret`
`46`	`50`	`}`
`47`	`51`
`48`	`52`	`// Kill implements the SessionManager.Kill interface.`
Original file line number	Diff line number	Diff line change
`@@ -386,8 +386,9 @@ type mockSessionManager struct {`
`386`	`386`	`}`
`387`	`387`
`388`	`388`	`// ShowProcessList implements the SessionManager.ShowProcessList interface.`
`389`		`-func (msm *mockSessionManager) ShowProcessList() []util.ProcessInfo {`
`390`		`- return []util.ProcessInfo{msm.ShowProcess()}`
	`389`	`+func (msm *mockSessionManager) ShowProcessList() map[uint64]util.ProcessInfo {`
	`390`	`+ ps := msm.ShowProcess()`
	`391`	`+ return map[uint64]util.ProcessInfo{ps.ID: ps}`
`391`	`392`	`}`
`392`	`393`
`393`	`394`	`// Kill implements the SessionManager.Kill interface.`
Original file line number	Diff line number	Diff line change
`@@ -314,14 +314,15 @@ func (s *Server) onConn(c net.Conn) {`
`314`	`314`	`}`
`315`	`315`
`316`	`316`	`// ShowProcessList implements the SessionManager interface.`
`317`		`-func (s *Server) ShowProcessList() []util.ProcessInfo {`
`318`		`- var rs []util.ProcessInfo`
	`317`	`+func (s *Server) ShowProcessList() map[uint64]util.ProcessInfo {`
`319`	`318`	`s.rwlock.RLock()`
	`319`	`+ rs := make(map[uint64]util.ProcessInfo, len(s.clients))`
`320`	`320`	`for _, client := range s.clients {`
`321`	`321`	`if atomic.LoadInt32(&client.status) == connStatusWaitShutdown {`
`322`	`322`	`continue`
`323`	`323`	`}`
`324`		`- rs = append(rs, client.ctx.ShowProcess())`
	`324`	`+ pi := client.ctx.ShowProcess()`
	`325`	`+ rs[pi.ID] = pi`
`325`	`326`	`}`
`326`	`327`	`s.rwlock.RUnlock()`
`327`	`328`	`return rs`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ type ProcessInfo struct {`
`33`	`33`	`// SessionManager is an interface for session manage. Show processlist and`
`34`	`34`	`// kill statement rely on this interface.`
`35`	`35`	`type SessionManager interface {`
`36`		`- ShowProcessList() []ProcessInfo`
	`36`	`+ // ShowProcessList returns map[connectionID]ProcessInfo.`
	`37`	`+ ShowProcessList() map[uint64]ProcessInfo`
`37`	`38`	`Kill(connectionID uint64, query bool)`
`38`	`39`	`}`