You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by hu...@apache.org on 2017/02/28 03:00:49 UTC

incubator-hawq git commit: HAWQ-1360. Check privilege of sequence pass the wrong type to RPS.

Repository: incubator-hawq
Updated Branches:
  refs/heads/master c7717d438 -> 8f4d0f522


HAWQ-1360. Check privilege of sequence pass the wrong type to RPS.

Signed-off-by: Chuling Wang <wa...@126.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/8f4d0f52
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/8f4d0f52
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/8f4d0f52

Branch: refs/heads/master
Commit: 8f4d0f522dbf837bc9a5708b5270dd3c00a0d299
Parents: c7717d4
Author: Hubert Zhang <hu...@apache.org>
Authored: Tue Feb 28 10:59:40 2017 +0800
Committer: Chuling Wang <wa...@126.com>
Committed: Tue Feb 28 10:59:40 2017 +0800

----------------------------------------------------------------------
 src/backend/catalog/aclchk.c | 71 +++++++++++----------------------------
 src/include/utils/acl.h      |  1 -
 2 files changed, 20 insertions(+), 52 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8f4d0f52/src/backend/catalog/aclchk.c
----------------------------------------------------------------------
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index b968a2f..b361beb 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -82,6 +82,8 @@ static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions,
 static AclMode pg_aclmask(AclObjectKind objkind, Oid table_oid, Oid roleid,
 		   AclMode mask, AclMaskHow how);
 
+static bool is_sequence(Oid object_oid);
+
 
 #ifdef ACLDEBUG
 static void
@@ -2359,54 +2361,6 @@ char *getClassNameFromOid(Oid object_oid)
   return tname.data;
 }
 
-char *getSequenceNameFromOid(Oid object_oid)
-{
-  StringInfoData tname;
-  initStringInfo(&tname);
-
-  Assert(OidIsValid(object_oid));
-  char* seq_name = caql_getcstring(
-                  NULL,
-                  cql("SELECT relname FROM pg_class "
-                    " WHERE oid = :1",
-                    ObjectIdGetDatum(object_oid)));
-  if (seq_name == NULL)
-   elog(ERROR, "oid [%u] not found in table pg_class", object_oid);
-
-  int fetchCount=0;
-  Oid schema_name_oid = caql_getoid_plus(
-                    NULL,
-                    &fetchCount,
-                    NULL,
-                    cql("SELECT relnamespace FROM pg_class "
-                      " WHERE oid = :1",
-                      ObjectIdGetDatum(object_oid)));
-  if (schema_name_oid == InvalidOid)
-     elog(ERROR, "oid [%u] not found in table pg_class", object_oid);
-
-  char* schema_name= caql_getcstring(
-     NULL,
-     cql("select nspname from pg_namespace "
-       " WHERE oid = :1",
-       ObjectIdGetDatum(schema_name_oid)));
-  if (schema_name == NULL)
-     elog(ERROR, "oid [%u] not found in table pg_namespace", object_oid);
-
-  char* database_name = get_database_name(MyDatabaseId);
-  if (database_name == NULL)
-      elog(ERROR, "oid [%u] not found current database", object_oid);
-
-  appendStringInfo(&tname, "%s", database_name);
-  appendStringInfoChar(&tname, '.');
-  appendStringInfo(&tname, "%s", schema_name);
-  appendStringInfoChar(&tname, '.');
-  appendStringInfo(&tname, "%s", seq_name);
-  pfree(seq_name);
-  pfree(schema_name);
-  pfree(database_name);
-
-  return tname.data;
-}
 char *getDatabaseNameFromOid(Oid object_oid)
 {
   Assert(OidIsValid(object_oid));
@@ -2671,9 +2625,8 @@ char *getNameFromOid(AclObjectKind objkind, Oid object_oid)
   switch (objkind)
   {
     case ACL_KIND_CLASS:
-      return getClassNameFromOid(object_oid);
     case ACL_KIND_SEQUENCE:
-      return getSequenceNameFromOid(object_oid);
+      return getClassNameFromOid(object_oid);
     case ACL_KIND_DATABASE:
       return getDatabaseNameFromOid(object_oid);
     case ACL_KIND_PROC:
@@ -2817,6 +2770,18 @@ bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid)
 }
 
 /*
+ * 	check whether rte is a sequence.
+ */
+bool is_sequence(Oid object_oid) {
+	char relkind = get_rel_relkind(object_oid);
+	if(relkind == 's' || relkind == 'S')
+	{
+		return true;
+	}
+	return false;
+}
+
+/*
  * return: List of RangerPrivilegeResults 
  * arg_list: List of RangerPrivilegeArgs
  */
@@ -3940,7 +3905,11 @@ pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
 
   if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_CLASS, table_oid, roleid, mode))
   {
-    return pg_rangercheck(ACL_KIND_CLASS, table_oid, roleid, mode, ACLMASK_ANY);
+	AclObjectKind objkind = ACL_KIND_CLASS;
+	if (is_sequence(table_oid)) {
+		objkind = ACL_KIND_SEQUENCE;
+	}
+    return pg_rangercheck(objkind, table_oid, roleid, mode, ACLMASK_ANY);
   }
   else
   {

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8f4d0f52/src/include/utils/acl.h
----------------------------------------------------------------------
diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index e4aa4c9..9f2407f 100644
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -320,7 +320,6 @@ extern bool fallBackToNativeCheck(AclObjectKind objkind, Oid table_oid, Oid role
 extern bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid);
 extern char *getNameFromOid(AclObjectKind objkind, Oid object_oid);
 extern char *getClassNameFromOid(Oid object_oid);
-extern char *getSequenceNameFromOid(Oid object_oid);
 extern char *getDatabaseNameFromOid(Oid object_oid);
 extern char *getProcNameFromOid(Oid object_oid);
 extern char *getOperNameFromOid(Oid object_oid);