You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by es...@apache.org on 2017/02/19 23:08:00 UTC

[25/35] incubator-hawq git commit: HAWQ-1325. Allow queries related to pg_temp if ranger is enable

HAWQ-1325. Allow queries related to pg_temp if ranger is enable


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/d5238532
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/d5238532
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/d5238532

Branch: refs/heads/2.1.0.0-incubating
Commit: d5238532e65f6b79dfcedf631d4138a109d32087
Parents: 946fe58
Author: Wen Lin <wl...@pivotal.io>
Authored: Thu Feb 16 14:20:53 2017 +0800
Committer: Wen Lin <wl...@pivotal.io>
Committed: Thu Feb 16 15:28:13 2017 +0800

----------------------------------------------------------------------
 src/backend/catalog/aclchk.c | 63 ++++++++++++++++++++++++++++++++-------
 src/include/utils/acl.h      |  1 +
 2 files changed, 53 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/d5238532/src/backend/catalog/aclchk.c
----------------------------------------------------------------------
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 6712cc8..f6ac590 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -2551,6 +2551,28 @@ char *getNamespaceNameFromOid(Oid object_oid)
 
   return tname.data;
 }
+char *getNamespaceNameByOid(Oid object_oid)
+{
+
+  StringInfoData tname;
+  initStringInfo(&tname);
+
+  Assert(OidIsValid(object_oid));
+  char* schema_name = caql_getcstring(
+                   NULL,
+                   cql("SELECT nspname FROM pg_namespace "
+                     " WHERE oid = :1",
+                     ObjectIdGetDatum(object_oid)));
+  if (schema_name == NULL)
+  {
+    return NULL;
+  }
+
+  appendStringInfo(&tname, "%s", schema_name);
+  pfree(schema_name);
+
+  return tname.data;
+}
 char *getConversionNameFromOid(Oid object_oid)
 {
   Assert(OidIsValid(object_oid));
@@ -2707,8 +2729,27 @@ List *getActionName(AclMode mask)
   return actions;
 }
 
-#define FALLBACK_IS_TRUE(x)        x == PG_CATALOG_NAMESPACE || x == information_schema_namespcace_oid \
-                                || x == PG_AOSEGMENT_NAMESPACE || x == PG_TOAST_NAMESPACE || x == PG_BITMAPINDEX_NAMESPACE
+bool checkNamespaceFallback(Oid x)
+{
+  if (x == PG_CATALOG_NAMESPACE || x == information_schema_namespcace_oid
+     || x == PG_AOSEGMENT_NAMESPACE || x == PG_TOAST_NAMESPACE || x == PG_BITMAPINDEX_NAMESPACE)
+  {
+    return true;
+  }
+  else
+  {
+    char* name = getNamespaceNameByOid(x);
+    if (name != NULL && pg_strncasecmp(name, "pg_temp", strlen("pg_temp")) == 0)
+    {
+      /* fall back pg_temp_XX check to native*/
+      return true;
+    }
+    else
+    {
+      return false;
+    }
+  }
+}
 
 bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid)
 {
@@ -2717,23 +2758,23 @@ bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid)
    */
   if (information_schema_namespcace_oid == 0)
   {
-      information_schema_namespcace_oid = (int)get_namespace_oid("information_schema");
+    information_schema_namespcace_oid = (int)get_namespace_oid("information_schema");
   }
   /* for heap table, we fall back to native check. */
   if (objkind == ACL_KIND_CLASS)
   {
-      Oid namespaceid = get_rel_namespace(obj_oid);
-      if(FALLBACK_IS_TRUE(namespaceid))
-      {
-          return true;
-      }
+    Oid namespaceid = get_rel_namespace(obj_oid);
+    if(checkNamespaceFallback(namespaceid))
+    {
+      return true;
+    }
   }
   else if (objkind == ACL_KIND_NAMESPACE)
   {
     /* native check build-in schemas. */
-    if(FALLBACK_IS_TRUE(obj_oid))
+    if(checkNamespaceFallback(obj_oid))
     {
-        return true;
+      return true;
     }
     else if (obj_oid == PG_PUBLIC_NAMESPACE && superuser())
     {
@@ -2745,7 +2786,7 @@ bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid)
   {
     /* native check functions under build-in schemas. */
     Oid namespaceid = get_func_namespace(obj_oid);
-    if (FALLBACK_IS_TRUE(namespaceid))
+    if (checkNamespaceFallback(namespaceid))
     {
       return true;
     }

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/d5238532/src/include/utils/acl.h
----------------------------------------------------------------------
diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index 863f5ae..d476e4d 100644
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -327,6 +327,7 @@ extern char *getOperNameFromOid(Oid object_oid);
 extern char *getTypeNameFromOid(Oid object_oid);
 extern char *getLanguageNameFromOid(Oid object_oid);
 extern char *getNamespaceNameFromOid(Oid object_oid);
+extern char *getNamespaceNameByOid(Oid object_oid);
 extern char *getConversionNameFromOid(Oid object_oid);
 extern char *getTablespaceNameFromOid(Oid object_oid);
 extern char *getFilespaceNameFromOid(Oid object_oid);