You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by wl...@apache.org on 2017/03/24 10:10:02 UTC
incubator-hawq git commit: HAWQ-1396. Fix the bug when query hcatalog
via PXF, hawq sends wrong request to Ranger admin.
Repository: incubator-hawq
Updated Branches:
refs/heads/master e4ac99c7a -> 32e3e215a
HAWQ-1396. Fix the bug when query hcatalog via PXF, hawq sends wrong request to Ranger admin.
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/32e3e215
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/32e3e215
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/32e3e215
Branch: refs/heads/master
Commit: 32e3e215af6575042818afc2814aa79e4662134e
Parents: e4ac99c
Author: Wen Lin <wl...@pivotal.io>
Authored: Tue Mar 21 18:28:41 2017 +0800
Committer: Wen Lin <wl...@pivotal.io>
Committed: Fri Mar 24 18:02:20 2017 +0800
----------------------------------------------------------------------
src/backend/catalog/aclchk.c | 1211 ++++++++++++++++++-------------------
1 file changed, 595 insertions(+), 616 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/32e3e215/src/backend/catalog/aclchk.c
----------------------------------------------------------------------
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index e3d4d61..77c70fa 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -2276,10 +2276,10 @@ has_rolcatupdate(Oid roleid)
/* XXX XXX: SELECT rolcatupdate */
pcqCtx = caql_beginscan(
- NULL,
- cql("SELECT * FROM pg_authid "
- " WHERE oid = :1 ",
- ObjectIdGetDatum(roleid)));
+ NULL,
+ cql("SELECT * FROM pg_authid "
+ " WHERE oid = :1 ",
+ ObjectIdGetDatum(roleid)));
tuple = caql_getnext(pcqCtx);
@@ -2297,465 +2297,432 @@ has_rolcatupdate(Oid roleid)
char *getRoleName(Oid role_id)
{
- Assert(OidIsValid(role_id));
- int fetchCount;
- char* role_name = caql_getcstring_plus(
- NULL,
- &fetchCount,
- NULL,
- cql("SELECT rolname FROM pg_authid "
- " WHERE oid = :1 ",
- ObjectIdGetDatum(role_id)));
-
- if (role_name == NULL)
- elog(ERROR, "oid [%u] not found in table pg_authid", role_id);
- return role_name;
+ Assert(OidIsValid(role_id));
+ int fetchCount;
+ char* role_name = caql_getcstring_plus(
+ NULL,
+ &fetchCount,
+ NULL,
+ cql("SELECT rolname FROM pg_authid WHERE oid = :1 ",
+ ObjectIdGetDatum(role_id)));
+
+ if (role_name == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_authid", role_id);
+ return role_name;
}
char *getClassNameFromOid(Oid object_oid)
{
- StringInfoData tname;
- initStringInfo(&tname);
-
- Assert(OidIsValid(object_oid));
- char* rel_name = caql_getcstring(
- NULL,
- cql("SELECT relname FROM pg_class "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (rel_name == NULL)
- elog(ERROR, "oid [%u] not found in table pg_class", object_oid);
-
- int fetchCount=0;
- Oid schema_name_oid = caql_getoid_plus(
- NULL,
- &fetchCount,
- NULL,
- cql("SELECT relnamespace FROM pg_class "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (schema_name_oid == InvalidOid)
- elog(ERROR, "oid [%u] not found in table pg_class", object_oid);
-
- char* schema_name= caql_getcstring(
- NULL,
- cql("select nspname from pg_namespace "
- " WHERE oid = :1",
- ObjectIdGetDatum(schema_name_oid)));
- if (schema_name == NULL)
- elog(ERROR, "oid [%u] not found in table pg_namespace", object_oid);
-
- char* database_name = get_database_name(MyDatabaseId);
- if (database_name == NULL)
- elog(ERROR, "oid [%u] not found current database", object_oid);
-
- appendStringInfo(&tname, "%s", database_name);
- appendStringInfoChar(&tname, '.');
- appendStringInfo(&tname, "%s", schema_name);
- appendStringInfoChar(&tname, '.');
- appendStringInfo(&tname, "%s", rel_name);
- pfree(rel_name);
- pfree(schema_name);
- pfree(database_name);
-
- return tname.data;
+ StringInfoData tname;
+ initStringInfo(&tname);
+ HeapTuple tup;
+ cqContext *pCtx;
+ Assert(OidIsValid(object_oid));
+
+ pCtx = caql_beginscan(
+ NULL,
+ cql("SELECT * FROM pg_class "
+ " WHERE oid = :1 ",
+ ObjectIdGetDatum(object_oid)));
+
+ tup = caql_getnext(pCtx);
+ if (!HeapTupleIsValid(tup))
+ elog(ERROR, "oid [%u] not found in table pg_class", object_oid);
+
+ char* schema_name = getNamespaceNameFromOid(((Form_pg_class)GETSTRUCT(tup))->relnamespace);
+ appendStringInfo(&tname, "%s", schema_name);
+ appendStringInfoChar(&tname, '.');
+ appendStringInfo(&tname, "%s", NameStr(((Form_pg_class)GETSTRUCT(tup))->relname));
+
+ pfree(schema_name);
+ caql_endscan(pCtx);
+ return tname.data;
}
char *getDatabaseNameFromOid(Oid object_oid)
{
- Assert(OidIsValid(object_oid));
- char* dbname = caql_getcstring(
- NULL,
- cql("SELECT datname FROM pg_database "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (dbname == NULL)
- elog(ERROR, "oid [%u] not found in table pg_database", object_oid);
-
- return dbname;
+ Assert(OidIsValid(object_oid));
+ char* dbname = caql_getcstring(
+ NULL,
+ cql("SELECT datname FROM pg_database "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+
+ if (dbname == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_database", object_oid);
+
+ return dbname;
}
+
char *getProcNameFromOid(Oid object_oid)
{
- StringInfoData tname;
- initStringInfo(&tname);
-
- Assert(OidIsValid(object_oid));
- char* proc_name = caql_getcstring(
- NULL,
- cql("SELECT proname FROM pg_proc "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (proc_name == NULL)
- elog(ERROR, "oid [%u] not found in table pg_proc", object_oid);
-
- int fetchCount=0;
- Oid schema_name_oid = caql_getoid_plus(
- NULL,
- &fetchCount,
- NULL,
- cql("SELECT pronamespace FROM pg_proc "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (schema_name_oid == InvalidOid)
- elog(ERROR, "oid [%u] not found in table pg_class", object_oid);
-
- char* schema_name= caql_getcstring(
- NULL,
- cql("select nspname from pg_namespace "
- " WHERE oid = :1",
- ObjectIdGetDatum(schema_name_oid)));
- if (schema_name == NULL)
- elog(ERROR, "oid [%u] not found in table pg_namespace", object_oid);
-
- char* database_name = get_database_name(MyDatabaseId);
- if (database_name == NULL)
- elog(ERROR, "oid [%u] not found current database", object_oid);
-
- appendStringInfo(&tname, "%s", database_name);
- appendStringInfoChar(&tname, '.');
- appendStringInfo(&tname, "%s", schema_name);
- appendStringInfoChar(&tname, '.');
- appendStringInfo(&tname, "%s", proc_name);
- pfree(proc_name);
- pfree(schema_name);
- pfree(database_name);
-
- return tname.data;
+ StringInfoData tname;
+ initStringInfo(&tname);
+ HeapTuple tup;
+ cqContext *pCtx;
+
+ Assert(OidIsValid(object_oid));
+
+ pCtx = caql_beginscan(
+ NULL,
+ cql("SELECT * FROM pg_proc "
+ " WHERE oid = :1 ",
+ ObjectIdGetDatum(object_oid)));
+
+ tup = caql_getnext(pCtx);
+ if (!HeapTupleIsValid(tup))
+ elog(ERROR, "oid [%u] not found in table pg_class", object_oid);
+
+ char* schema_name = getNamespaceNameFromOid(((Form_pg_proc)GETSTRUCT(tup))->pronamespace);
+ appendStringInfo(&tname, "%s", schema_name);
+ appendStringInfoChar(&tname, '.');
+ appendStringInfo(&tname, "%s", NameStr(((Form_pg_proc)GETSTRUCT(tup))->proname));
+
+ pfree(schema_name);
+ caql_endscan(pCtx);
+ return tname.data;
}
+
char *getOperNameFromOid(Oid object_oid)
{
- Assert(OidIsValid(object_oid));
- char* typename = caql_getcstring(
- NULL,
- cql("SELECT oprname FROM pg_operator "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (typename == NULL)
- elog(ERROR, "oid [%u] not found in table pg_operator", object_oid);
-
- return typename;
+ Assert(OidIsValid(object_oid));
+ char* typename = caql_getcstring(
+ NULL,
+ cql("SELECT oprname FROM pg_operator "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+ if (typename == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_operator", object_oid);
+
+ return typename;
}
+
char *getTypeNameFromOid(Oid object_oid)
{
- Assert(OidIsValid(object_oid));
- char* typename = caql_getcstring(
- NULL,
- cql("SELECT typname FROM pg_type "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (typename == NULL)
- elog(ERROR, "oid [%u] not found in table pg_type", object_oid);
-
- return typename;
+ Assert(OidIsValid(object_oid));
+ char* typename = caql_getcstring(
+ NULL,
+ cql("SELECT typname FROM pg_type "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+ if (typename == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_type", object_oid);
+
+ return typename;
}
+
char *getLanguageNameFromOid(Oid object_oid)
{
- StringInfoData tname;
- initStringInfo(&tname);
-
- Assert(OidIsValid(object_oid));
- char* lang_name = caql_getcstring(
- NULL,
- cql("SELECT lanname FROM pg_language "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (lang_name == NULL)
- elog(ERROR, "oid [%u] not found in table pg_language", object_oid);
+ StringInfoData tname;
+ initStringInfo(&tname);
+ Assert(OidIsValid(object_oid));
+ char* lang_name = caql_getcstring(
+ NULL,
+ cql("SELECT lanname FROM pg_language "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+ if (lang_name == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_language", object_oid);
- char* database_name = get_database_name(MyDatabaseId);
- if (database_name == NULL)
- elog(ERROR, "oid [%u] not found current database", object_oid);
+ char* database_name = get_database_name(MyDatabaseId);
+ if (database_name == NULL)
+ elog(ERROR, "cannot find database by oid [%u]", MyDatabaseId);
- appendStringInfo(&tname, "%s", database_name);
- appendStringInfoChar(&tname, '.');
- appendStringInfo(&tname, "%s", lang_name);
+ appendStringInfo(&tname, "%s", database_name);
+ appendStringInfoChar(&tname, '.');
+ appendStringInfo(&tname, "%s", lang_name);
- pfree(lang_name);
- pfree(database_name);
+ pfree(lang_name);
+ pfree(database_name);
- return tname.data;
+ return tname.data;
}
+
+/**
+ * Given a namespace oid, return its database name and namespace name: XX.XX
+ */
char *getNamespaceNameFromOid(Oid object_oid)
{
+ StringInfoData tname;
+ initStringInfo(&tname);
+ HeapTuple tup;
+ cqContext *pCtx;
+ bool isnull;
- StringInfoData tname;
- initStringInfo(&tname);
-
- Assert(OidIsValid(object_oid));
- char* schema_name = caql_getcstring(
- NULL,
- cql("SELECT nspname FROM pg_namespace "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (schema_name == NULL)
- elog(ERROR, "oid [%u] not found in table pg_namespace", object_oid);
-
-
- char* database_name = get_database_name(MyDatabaseId);
- if (database_name == NULL)
- elog(ERROR, "oid [%u] not found current database", object_oid);
-
- appendStringInfo(&tname, "%s", database_name);
- appendStringInfoChar(&tname, '.');
- appendStringInfo(&tname, "%s", schema_name);
-
- pfree(schema_name);
- pfree(database_name);
-
- return tname.data;
+ pCtx = caql_beginscan(
+ NULL,
+ cql("SELECT * FROM pg_namespace "
+ " WHERE oid = :1 ",
+ ObjectIdGetDatum(object_oid)));
+
+ tup = caql_getnext(pCtx);
+ if (!HeapTupleIsValid(tup))
+ elog(ERROR, "oid [%u] not found in table pg_namespace", object_oid);
+
+ Oid dboid = DatumGetObjectId(caql_getattr(pCtx, Anum_pg_namespace_nspdboid, &isnull));
+ if (isnull)
+ elog(ERROR, "null nspdboid in pg_namespace by oid [%u]", object_oid);
+ if (dboid == InvalidOid)
+ dboid = MyDatabaseId;
+ char* database_name = get_database_name(dboid);
+ if (database_name == NULL)
+ elog(ERROR, "cannot find database by oid [%u]", dboid);
+
+ appendStringInfo(&tname, "%s", database_name);
+ appendStringInfoChar(&tname, '.');
+ appendStringInfo(&tname, "%s", NameStr(((Form_pg_namespace)GETSTRUCT(tup))->nspname));
+
+ pfree(database_name);
+ caql_endscan(pCtx);
+ return tname.data;
}
+
char *getNamespaceNameByOid(Oid object_oid)
{
-
- StringInfoData tname;
- initStringInfo(&tname);
-
- Assert(OidIsValid(object_oid));
- char* schema_name = caql_getcstring(
- NULL,
- cql("SELECT nspname FROM pg_namespace "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (schema_name == NULL)
- {
- return NULL;
- }
-
- appendStringInfo(&tname, "%s", schema_name);
- pfree(schema_name);
-
- return tname.data;
+ Assert(OidIsValid(object_oid));
+ return caql_getcstring(
+ NULL,
+ cql("SELECT nspname FROM pg_namespace "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
}
+
char *getConversionNameFromOid(Oid object_oid)
{
- Assert(OidIsValid(object_oid));
- char* typename = caql_getcstring(
- NULL,
- cql("SELECT conname FROM pg_conversion "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (typename == NULL)
- elog(ERROR, "oid [%u] not found in table pg_conversion", object_oid);
-
- return typename;
+ Assert(OidIsValid(object_oid));
+ char* typename = caql_getcstring(
+ NULL,
+ cql("SELECT conname FROM pg_conversion "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+ if (typename == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_conversion", object_oid);
+
+ return typename;
}
+
char *getTablespaceNameFromOid(Oid object_oid)
{
- Assert(OidIsValid(object_oid));
- char* typename = caql_getcstring(
- NULL,
- cql("SELECT spcname FROM pg_tablespace "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (typename == NULL)
- elog(ERROR, "oid [%u] not found in table pg_tablespace", object_oid);
-
- return typename;
+ Assert(OidIsValid(object_oid));
+ char* typename = caql_getcstring(
+ NULL,
+ cql("SELECT spcname FROM pg_tablespace "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+ if (typename == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_tablespace", object_oid);
+
+ return typename;
}
+
char *getFilespaceNameFromOid(Oid object_oid)
{
- Assert(OidIsValid(object_oid));
- char* typename = caql_getcstring(
- NULL,
- cql("SELECT fsname FROM pg_filespace "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (typename == NULL)
- elog(ERROR, "oid [%u] not found in table pg_filespace", object_oid);
-
- return typename;
+ Assert(OidIsValid(object_oid));
+ char* typename = caql_getcstring(
+ NULL,
+ cql("SELECT fsname FROM pg_filespace "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+ if (typename == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_filespace", object_oid);
+
+ return typename;
}
+
char *getFilesystemNameFromOid(Oid object_oid)
{
- Assert(OidIsValid(object_oid));
- char* typename = caql_getcstring(
- NULL,
- cql("SELECT fsysname FROM pg_filesystem "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (typename == NULL)
- elog(ERROR, "oid [%u] not found in table pg_filesystem", object_oid);
-
- return typename;
+ Assert(OidIsValid(object_oid));
+ char* typename = caql_getcstring(
+ NULL,
+ cql("SELECT fsysname FROM pg_filesystem "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+ if (typename == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_filesystem", object_oid);
+
+ return typename;
}
+
char *getFDWNameFromOid(Oid object_oid)
{
- Assert(OidIsValid(object_oid));
- char* typename = caql_getcstring(
- NULL,
- cql("SELECT fdwname FROM pg_foreign_data_wrapper "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (typename == NULL)
- elog(ERROR, "oid [%u] not found in table pg_foreign_data_wrapper", object_oid);
-
- return typename;
+ Assert(OidIsValid(object_oid));
+ char* typename = caql_getcstring(
+ NULL,
+ cql("SELECT fdwname FROM pg_foreign_data_wrapper "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+ if (typename == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_foreign_data_wrapper", object_oid);
+
+ return typename;
}
+
char *getForeignServerNameFromOid(Oid object_oid)
{
- Assert(OidIsValid(object_oid));
- char* typename = caql_getcstring(
- NULL,
- cql("SELECT srvname FROM pg_foreign_server "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (typename == NULL)
- elog(ERROR, "oid [%u] not found in table pg_foreign_server", object_oid);
-
- return typename;
+ Assert(OidIsValid(object_oid));
+ char* typename = caql_getcstring(
+ NULL,
+ cql("SELECT srvname FROM pg_foreign_server "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+ if (typename == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_foreign_server", object_oid);
+
+ return typename;
}
+
char *getExtprotocolNameFromOid(Oid object_oid)
{
- Assert(OidIsValid(object_oid));
- char* typename = caql_getcstring(
- NULL,
- cql("SELECT ptcname FROM pg_extprotocol "
- " WHERE oid = :1",
- ObjectIdGetDatum(object_oid)));
- if (typename == NULL)
- elog(ERROR, "oid [%u] not found in table pg_extprotocol", object_oid);
-
- return typename;
+ Assert(OidIsValid(object_oid));
+ char* typename = caql_getcstring(
+ NULL,
+ cql("SELECT ptcname FROM pg_extprotocol "
+ " WHERE oid = :1",
+ ObjectIdGetDatum(object_oid)));
+ if (typename == NULL)
+ elog(ERROR, "oid [%u] not found in table pg_extprotocol", object_oid);
+
+ return typename;
}
char *getNameFromOid(AclObjectKind objkind, Oid object_oid)
{
- switch (objkind)
- {
- case ACL_KIND_CLASS:
- case ACL_KIND_SEQUENCE:
- return getClassNameFromOid(object_oid);
- case ACL_KIND_DATABASE:
- return getDatabaseNameFromOid(object_oid);
- case ACL_KIND_PROC:
- return getProcNameFromOid(object_oid);
- case ACL_KIND_OPER:
- return getOperNameFromOid(object_oid);
- case ACL_KIND_TYPE:
- return getTypeNameFromOid(object_oid);
- case ACL_KIND_CONVERSION:
- return getConversionNameFromOid(object_oid);
- case ACL_KIND_LANGUAGE:
- return getLanguageNameFromOid(object_oid);
- case ACL_KIND_NAMESPACE:
- return getNamespaceNameFromOid(object_oid);
- case ACL_KIND_TABLESPACE:
- return getTablespaceNameFromOid(object_oid);
- case ACL_KIND_FILESPACE:
- return getFilespaceNameFromOid(object_oid);
- case ACL_KIND_FILESYSTEM:
- return getFilesystemNameFromOid(object_oid);
- case ACL_KIND_FDW:
- return getFDWNameFromOid(object_oid);
- case ACL_KIND_FOREIGN_SERVER:
- return getForeignServerNameFromOid(object_oid);
- case ACL_KIND_EXTPROTOCOL:
- return getExtprotocolNameFromOid(object_oid);
- default:
- elog(ERROR, "unrecognized objkind: %d",
- (int) objkind);
- /* not reached, but keep compiler quiet */
- return NULL;
- }
+ switch (objkind)
+ {
+ case ACL_KIND_CLASS:
+ case ACL_KIND_SEQUENCE:
+ return getClassNameFromOid(object_oid);
+ case ACL_KIND_DATABASE:
+ return getDatabaseNameFromOid(object_oid);
+ case ACL_KIND_PROC:
+ return getProcNameFromOid(object_oid);
+ case ACL_KIND_OPER:
+ return getOperNameFromOid(object_oid);
+ case ACL_KIND_TYPE:
+ return getTypeNameFromOid(object_oid);
+ case ACL_KIND_CONVERSION:
+ return getConversionNameFromOid(object_oid);
+ case ACL_KIND_LANGUAGE:
+ return getLanguageNameFromOid(object_oid);
+ case ACL_KIND_NAMESPACE:
+ return getNamespaceNameFromOid(object_oid);
+ case ACL_KIND_TABLESPACE:
+ return getTablespaceNameFromOid(object_oid);
+ case ACL_KIND_FILESPACE:
+ return getFilespaceNameFromOid(object_oid);
+ case ACL_KIND_FILESYSTEM:
+ return getFilesystemNameFromOid(object_oid);
+ case ACL_KIND_FDW:
+ return getFDWNameFromOid(object_oid);
+ case ACL_KIND_FOREIGN_SERVER:
+ return getForeignServerNameFromOid(object_oid);
+ case ACL_KIND_EXTPROTOCOL:
+ return getExtprotocolNameFromOid(object_oid);
+ default:
+ elog(ERROR, "unrecognized objkind: %d",
+ (int) objkind);
+ /* not reached, but keep compiler quiet */
+ return NULL;
+ }
}
char actionName[12][12] = {"INSERT","SELECT","UPDATE", "DELETE",
- "TRUNCATE", "REFERENCES", "TRIGGER", "EXECUTE", "USAGE",
- "CREATE", "TEMP", "CONNECT"};
+ "TRUNCATE", "REFERENCES", "TRIGGER", "EXECUTE", "USAGE",
+ "CREATE", "TEMP", "CONNECT"};
List *getActionName(AclMode mask)
{
- List* actions = NIL;
- int i = 0;
- while(mask > 0)
- {
- if((mask & 1) > 0)
- {
- char* action = palloc(sizeof(char) * ACTION_LENGTH);
- strncpy(action, actionName[i], ACTION_LENGTH);
- actions = lappend(actions, action);
- }
- mask = mask >> 1;
- i++;
- }
- return actions;
+ List* actions = NIL;
+ int i = 0;
+ while(mask > 0)
+ {
+ if((mask & 1) > 0)
+ {
+ char* action = palloc(sizeof(char) * ACTION_LENGTH);
+ strncpy(action, actionName[i], ACTION_LENGTH);
+ actions = lappend(actions, action);
+ }
+ mask = mask >> 1;
+ i++;
+ }
+ return actions;
}
bool checkNamespaceFallback(Oid x)
{
- if (x == PG_CATALOG_NAMESPACE
- || x == PG_AOSEGMENT_NAMESPACE
- || x == PG_TOAST_NAMESPACE
- || x == PG_BITMAPINDEX_NAMESPACE
- || x == information_schema_namespace_oid
- || x == hawq_toolkit_schema_namespace_oid )
- {
- return true;
- }
- else
- {
- char* name = getNamespaceNameByOid(x);
- if (name != NULL && pg_strncasecmp(name, "pg_temp", strlen("pg_temp")) == 0)
- {
- /* fall back pg_temp_XX check to native*/
- return true;
- }
- else
- {
- return false;
- }
- }
+ if (x == PG_CATALOG_NAMESPACE
+ || x == PG_AOSEGMENT_NAMESPACE
+ || x == PG_TOAST_NAMESPACE
+ || x == PG_BITMAPINDEX_NAMESPACE
+ || x == information_schema_namespace_oid
+ || x == hawq_toolkit_schema_namespace_oid )
+ {
+ return true;
+ }
+ else
+ {
+ char* name = getNamespaceNameByOid(x);
+ if (name != NULL && pg_strncasecmp(name, "pg_temp", strlen("pg_temp")) == 0)
+ {
+ /* fall back pg_temp_XX check to native*/
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
}
bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid, AclMode mode)
{
- /* get the latest information_schema_namespace_oid and hawq_toolkit_schema_namespace_oid.
- * Since caql access heap table directly without aclcheck, this function will not be called recursively
- */
- if (information_schema_namespace_oid == 0)
- {
- information_schema_namespace_oid = (int)get_namespace_oid("information_schema");
- }
- if (hawq_toolkit_schema_namespace_oid == 0)
- {
- hawq_toolkit_schema_namespace_oid = (int)get_namespace_oid("hawq_toolkit");
- }
-
- /* for heap table, we fall back to native check. */
- if (objkind == ACL_KIND_CLASS)
- {
- Oid namespaceid = get_rel_namespace(obj_oid);
- if(checkNamespaceFallback(namespaceid))
- {
- return true;
- }
- }
- else if (objkind == ACL_KIND_NAMESPACE)
- {
- /* native check build-in schemas. */
- if(checkNamespaceFallback(obj_oid))
- {
- return true;
- }
- else if (obj_oid == PG_PUBLIC_NAMESPACE && superuser() && mode == ACL_USAGE)
- {
- /* superuser's access to PUBLIC */
- return true;
- }
- }
- else if (objkind == ACL_KIND_PROC)
- {
- /* native check functions under build-in schemas. */
- Oid namespaceid = get_func_namespace(obj_oid);
- if (checkNamespaceFallback(namespaceid))
- {
- return true;
- }
- }
-
- return false;
+ /* get the latest information_schema_namespace_oid and hawq_toolkit_schema_namespace_oid.
+ * Since caql access heap table directly without aclcheck, this function will not be called recursively
+ */
+ if (information_schema_namespace_oid == 0)
+ {
+ information_schema_namespace_oid = (int) get_namespace_oid("information_schema");
+ }
+ if (hawq_toolkit_schema_namespace_oid == 0)
+ {
+ hawq_toolkit_schema_namespace_oid = (int) get_namespace_oid("hawq_toolkit");
+ }
+
+ /* for heap table, we fall back to native check. */
+ if (objkind == ACL_KIND_CLASS)
+ {
+ Oid namespaceid = get_rel_namespace(obj_oid);
+ if(checkNamespaceFallback(namespaceid))
+ {
+ return true;
+ }
+ }
+ else if (objkind == ACL_KIND_NAMESPACE)
+ {
+ /* native check build-in schemas. */
+ if(checkNamespaceFallback(obj_oid))
+ {
+ return true;
+ }
+ else if (obj_oid == PG_PUBLIC_NAMESPACE && superuser() && mode == ACL_USAGE)
+ {
+ /* superuser's access to PUBLIC */
+ return true;
+ }
+ }
+ else if (objkind == ACL_KIND_PROC)
+ {
+ /* native check functions under build-in schemas. */
+ Oid namespaceid = get_func_namespace(obj_oid);
+ if (checkNamespaceFallback(namespaceid))
+ {
+ return true;
+ }
+ }
+
+ return false;
}
/*
@@ -2776,66 +2743,68 @@ bool is_sequence(Oid object_oid) {
*/
List *pg_rangercheck_batch(List *arg_list)
{
- List *aclresults = NIL;
- List *requestargs = NIL;
- ListCell *arg;
- elog(DEBUG3, "ranger acl batch check, acl list length: %d\n", arg_list->length);
- foreach(arg, arg_list) {
- RangerPrivilegeArgs *arg_ptr = (RangerPrivilegeArgs *) lfirst(arg);
-
- AclObjectKind objkind = arg_ptr->objkind;
- Oid object_oid = arg_ptr->object_oid;
- char *objectname = getNameFromOid(objkind, object_oid);
- char *rolename = getRoleName(arg_ptr->roleid);
- List* actions = getActionName(arg_ptr->mask);
- bool isAll = (arg_ptr->how == ACLMASK_ALL) ? true: false;
-
- RangerPrivilegeResults *aclresult = (RangerPrivilegeResults *) palloc(sizeof(RangerPrivilegeResults));
- aclresult->result = RANGERCHECK_NO_PRIV;
- aclresult->relOid = object_oid;
- /* this two sign fields will be set in function create_ranger_request_json */
- aclresult->resource_sign = 0;
- aclresult->privilege_sign = 0;
- aclresults = lappend(aclresults, aclresult);
-
- RangerRequestJsonArgs *requestarg = (RangerRequestJsonArgs *) palloc(sizeof(RangerRequestJsonArgs));
- requestarg->user = rolename;
- requestarg->kind = objkind;
- requestarg->object = objectname;
- requestarg->actions = actions;
- requestarg->isAll = isAll;
- requestargs = lappend(requestargs, requestarg);
-
- } // foreach
-
- int ret = check_privilege_from_ranger(requestargs, aclresults);
- if (ret < 0)
- {
- ListCell *result;
- foreach(result, aclresults) {
- RangerPrivilegeResults *result_ptr = (RangerPrivilegeResults *) lfirst(result);
- result_ptr->result = RANGERCHECK_NO_PRIV;
- }
- }
-
- if(requestargs) {
- ListCell *cell = list_head(requestargs);
- while (cell != NULL)
- {
- ListCell *tmp = cell;
- cell = lnext(cell);
- RangerRequestJsonArgs* requestarg =
- (RangerRequestJsonArgs*)lfirst(tmp);
- pfree(requestarg->user);
- pfree(requestarg->object);
- list_free_deep(requestarg->actions);
- }
-
- list_free_deep(requestargs);
- requestargs = NULL;
- }
-
- return aclresults;
+ List *aclresults = NIL;
+ List *requestargs = NIL;
+ ListCell *arg;
+ elog(DEBUG3, "ranger acl batch check, acl list length: %d\n", arg_list->length);
+ foreach(arg, arg_list)
+ {
+ RangerPrivilegeArgs *arg_ptr = (RangerPrivilegeArgs *) lfirst(arg);
+
+ AclObjectKind objkind = arg_ptr->objkind;
+ Oid object_oid = arg_ptr->object_oid;
+ char *objectname = getNameFromOid(objkind, object_oid);
+ char *rolename = getRoleName(arg_ptr->roleid);
+ List* actions = getActionName(arg_ptr->mask);
+ bool isAll = (arg_ptr->how == ACLMASK_ALL) ? true: false;
+
+ RangerPrivilegeResults *aclresult = (RangerPrivilegeResults *) palloc(sizeof(RangerPrivilegeResults));
+ aclresult->result = RANGERCHECK_NO_PRIV;
+ aclresult->relOid = object_oid;
+ /* this two sign fields will be set in function create_ranger_request_json */
+ aclresult->resource_sign = 0;
+ aclresult->privilege_sign = 0;
+ aclresults = lappend(aclresults, aclresult);
+
+ RangerRequestJsonArgs *requestarg = (RangerRequestJsonArgs *) palloc(sizeof(RangerRequestJsonArgs));
+ requestarg->user = rolename;
+ requestarg->kind = objkind;
+ requestarg->object = objectname;
+ requestarg->actions = actions;
+ requestarg->isAll = isAll;
+ requestargs = lappend(requestargs, requestarg);
+ } // foreach
+
+ int ret = check_privilege_from_ranger(requestargs, aclresults);
+ if (ret < 0)
+ {
+ ListCell *result;
+ foreach(result, aclresults)
+ {
+ RangerPrivilegeResults *result_ptr = (RangerPrivilegeResults *) lfirst(result);
+ result_ptr->result = RANGERCHECK_NO_PRIV;
+ }
+ }
+
+ if(requestargs)
+ {
+ ListCell *cell = list_head(requestargs);
+ while (cell != NULL)
+ {
+ ListCell *tmp = cell;
+ cell = lnext(cell);
+ RangerRequestJsonArgs* requestarg =
+ (RangerRequestJsonArgs*)lfirst(tmp);
+ pfree(requestarg->user);
+ pfree(requestarg->object);
+ list_free_deep(requestarg->actions);
+ }
+
+ list_free_deep(requestargs);
+ requestargs = NULL;
+ }
+
+ return aclresults;
}
AclResult
@@ -2933,8 +2902,7 @@ pg_aclmask(AclObjectKind objkind, Oid table_oid, Oid roleid,
case ACL_KIND_EXTPROTOCOL:
return pg_extprotocol_aclmask(table_oid, roleid, mask, how);
default:
- elog(ERROR, "unrecognized object kind : %d",
- (int) objkind);
+ elog(ERROR, "unrecognized object kind : %d",(int) objkind);
/* not reached, but keep compiler quiet */
return ACL_NO_RIGHTS;
}
@@ -3760,10 +3728,10 @@ pg_filesystem_aclmask(Oid fsysOid, Oid roleid,
AclResult
pg_class_nativecheck(Oid table_oid, Oid roleid, AclMode mode)
{
- if (pg_class_aclmask(table_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
+ if (pg_class_aclmask(table_oid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
}
/*
@@ -3772,10 +3740,10 @@ pg_class_nativecheck(Oid table_oid, Oid roleid, AclMode mode)
AclResult
pg_database_nativecheck(Oid db_oid, Oid roleid, AclMode mode)
{
- if (pg_database_aclmask(db_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
+ if (pg_database_aclmask(db_oid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
}
/*
@@ -3784,10 +3752,10 @@ pg_database_nativecheck(Oid db_oid, Oid roleid, AclMode mode)
AclResult
pg_proc_nativecheck(Oid proc_oid, Oid roleid, AclMode mode)
{
- if (pg_proc_aclmask(proc_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
+ if (pg_proc_aclmask(proc_oid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
}
/*
@@ -3796,10 +3764,10 @@ pg_proc_nativecheck(Oid proc_oid, Oid roleid, AclMode mode)
AclResult
pg_language_nativecheck(Oid lang_oid, Oid roleid, AclMode mode)
{
- if (pg_language_aclmask(lang_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
+ if (pg_language_aclmask(lang_oid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
}
/*
@@ -3808,10 +3776,10 @@ pg_language_nativecheck(Oid lang_oid, Oid roleid, AclMode mode)
AclResult
pg_namespace_nativecheck(Oid nsp_oid, Oid roleid, AclMode mode)
{
- if (pg_namespace_aclmask(nsp_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
+ if (pg_namespace_aclmask(nsp_oid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
}
/*
@@ -3820,10 +3788,10 @@ pg_namespace_nativecheck(Oid nsp_oid, Oid roleid, AclMode mode)
AclResult
pg_tablespace_nativecheck(Oid spc_oid, Oid roleid, AclMode mode)
{
- if (pg_tablespace_aclmask(spc_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
+ if (pg_tablespace_aclmask(spc_oid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
}
/*
@@ -3833,10 +3801,10 @@ pg_tablespace_nativecheck(Oid spc_oid, Oid roleid, AclMode mode)
AclResult
pg_foreign_data_wrapper_nativecheck(Oid fdw_oid, Oid roleid, AclMode mode)
{
- if (pg_foreign_data_wrapper_aclmask(fdw_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
+ if (pg_foreign_data_wrapper_aclmask(fdw_oid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
}
/*
@@ -3846,10 +3814,10 @@ pg_foreign_data_wrapper_nativecheck(Oid fdw_oid, Oid roleid, AclMode mode)
AclResult
pg_foreign_server_nativecheck(Oid srv_oid, Oid roleid, AclMode mode)
{
- if (pg_foreign_server_aclmask(srv_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
+ if (pg_foreign_server_aclmask(srv_oid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
}
/*
@@ -3859,10 +3827,10 @@ pg_foreign_server_nativecheck(Oid srv_oid, Oid roleid, AclMode mode)
AclResult
pg_extprotocol_nativecheck(Oid ptcid, Oid roleid, AclMode mode)
{
- if (pg_extprotocol_aclmask(ptcid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
+ if (pg_extprotocol_aclmask(ptcid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
}
/*
@@ -3871,10 +3839,10 @@ pg_extprotocol_nativecheck(Oid ptcid, Oid roleid, AclMode mode)
AclResult
pg_filesystem_nativecheck(Oid fsysid, Oid roleid, AclMode mode)
{
- if (pg_filesystem_aclmask(fsysid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
+ if (pg_filesystem_aclmask(fsysid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
}
@@ -3888,22 +3856,24 @@ pg_filesystem_nativecheck(Oid fsysid, Oid roleid, AclMode mode)
AclResult
pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
{
- /* Bypass all permission checking on QE. */
- if (Gp_role == GP_ROLE_EXECUTE)
- return ACLCHECK_OK;
-
- if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_CLASS, table_oid, roleid, mode))
- {
- AclObjectKind objkind = ACL_KIND_CLASS;
- if (is_sequence(table_oid)) {
- objkind = ACL_KIND_SEQUENCE;
+ /* Bypass all permission checking on QE. */
+ if (Gp_role == GP_ROLE_EXECUTE)
+ return ACLCHECK_OK;
+
+ if (aclType == HAWQ_ACL_RANGER &&
+ !fallBackToNativeCheck(ACL_KIND_CLASS, table_oid, roleid, mode))
+ {
+ AclObjectKind objkind = ACL_KIND_CLASS;
+ if (is_sequence(table_oid))
+ {
+ objkind = ACL_KIND_SEQUENCE;
+ }
+ return pg_rangercheck(objkind, table_oid, roleid, mode, ACLMASK_ANY);
+ }
+ else
+ {
+ return pg_class_nativecheck(table_oid, roleid, mode);
}
- return pg_rangercheck(objkind, table_oid, roleid, mode, ACLMASK_ANY);
- }
- else
- {
- return pg_class_nativecheck(table_oid, roleid, mode);
- }
}
/*
@@ -3912,18 +3882,19 @@ pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
AclResult
pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode)
{
- /* Bypass all permission checking on QE. */
- if (Gp_role == GP_ROLE_EXECUTE)
- return ACLCHECK_OK;
-
- if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_DATABASE, db_oid, roleid, mode))
- {
- return pg_rangercheck(ACL_KIND_DATABASE, db_oid, roleid, mode, ACLMASK_ANY);
- }
- else
- {
- return pg_database_nativecheck(db_oid, roleid, mode);
- }
+ /* Bypass all permission checking on QE. */
+ if (Gp_role == GP_ROLE_EXECUTE)
+ return ACLCHECK_OK;
+
+ if (aclType == HAWQ_ACL_RANGER &&
+ !fallBackToNativeCheck(ACL_KIND_DATABASE, db_oid, roleid, mode))
+ {
+ return pg_rangercheck(ACL_KIND_DATABASE, db_oid, roleid, mode, ACLMASK_ANY);
+ }
+ else
+ {
+ return pg_database_nativecheck(db_oid, roleid, mode);
+ }
}
/*
@@ -3932,18 +3903,19 @@ pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode)
AclResult
pg_proc_aclcheck(Oid proc_oid, Oid roleid, AclMode mode)
{
- /* Bypass all permission checking on QE. */
- if (Gp_role == GP_ROLE_EXECUTE)
- return ACLCHECK_OK;
-
- if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_PROC, proc_oid, roleid, mode))
- {
- return pg_rangercheck(ACL_KIND_PROC, proc_oid, roleid, mode, ACLMASK_ANY);
- }
- else
- {
- return pg_proc_nativecheck(proc_oid, roleid, mode);
- }
+ /* Bypass all permission checking on QE. */
+ if (Gp_role == GP_ROLE_EXECUTE)
+ return ACLCHECK_OK;
+
+ if (aclType == HAWQ_ACL_RANGER &&
+ !fallBackToNativeCheck(ACL_KIND_PROC, proc_oid, roleid, mode))
+ {
+ return pg_rangercheck(ACL_KIND_PROC, proc_oid, roleid, mode, ACLMASK_ANY);
+ }
+ else
+ {
+ return pg_proc_nativecheck(proc_oid, roleid, mode);
+ }
}
/*
@@ -3952,18 +3924,19 @@ pg_proc_aclcheck(Oid proc_oid, Oid roleid, AclMode mode)
AclResult
pg_language_aclcheck(Oid lang_oid, Oid roleid, AclMode mode)
{
- /* Bypass all permission checking on QE. */
- if (Gp_role == GP_ROLE_EXECUTE)
- return ACLCHECK_OK;
-
- if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_LANGUAGE, lang_oid, roleid, mode))
- {
- return pg_rangercheck(ACL_KIND_LANGUAGE, lang_oid, roleid, mode, ACLMASK_ANY);
- }
- else
- {
- return pg_language_nativecheck(lang_oid, roleid, mode);
- }
+ /* Bypass all permission checking on QE. */
+ if (Gp_role == GP_ROLE_EXECUTE)
+ return ACLCHECK_OK;
+
+ if (aclType == HAWQ_ACL_RANGER &&
+ !fallBackToNativeCheck(ACL_KIND_LANGUAGE, lang_oid, roleid, mode))
+ {
+ return pg_rangercheck(ACL_KIND_LANGUAGE, lang_oid, roleid, mode, ACLMASK_ANY);
+ }
+ else
+ {
+ return pg_language_nativecheck(lang_oid, roleid, mode);
+ }
}
/*
@@ -3972,18 +3945,19 @@ pg_language_aclcheck(Oid lang_oid, Oid roleid, AclMode mode)
AclResult
pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode)
{
- /* Bypass all permission checking on QE. */
- if (Gp_role == GP_ROLE_EXECUTE)
- return ACLCHECK_OK;
-
- if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_NAMESPACE, nsp_oid, roleid, mode))
- {
- return pg_rangercheck(ACL_KIND_NAMESPACE, nsp_oid, roleid, mode, ACLMASK_ANY);
- }
- else
- {
- return pg_namespace_nativecheck(nsp_oid, roleid, mode);
- }
+ /* Bypass all permission checking on QE. */
+ if (Gp_role == GP_ROLE_EXECUTE)
+ return ACLCHECK_OK;
+
+ if(aclType == HAWQ_ACL_RANGER &&
+ !fallBackToNativeCheck(ACL_KIND_NAMESPACE, nsp_oid, roleid, mode))
+ {
+ return pg_rangercheck(ACL_KIND_NAMESPACE, nsp_oid, roleid, mode, ACLMASK_ANY);
+ }
+ else
+ {
+ return pg_namespace_nativecheck(nsp_oid, roleid, mode);
+ }
}
/*
@@ -3992,18 +3966,19 @@ pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode)
AclResult
pg_tablespace_aclcheck(Oid spc_oid, Oid roleid, AclMode mode)
{
- /* Bypass all permission checking on QE. */
- if (Gp_role == GP_ROLE_EXECUTE)
- return ACLCHECK_OK;
-
- if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_TABLESPACE, spc_oid, roleid, mode))
- {
- return pg_rangercheck(ACL_KIND_TABLESPACE, spc_oid, roleid, mode, ACLMASK_ANY);
- }
- else
- {
- return pg_tablespace_nativecheck(spc_oid, roleid, mode);
- }
+ /* Bypass all permission checking on QE. */
+ if (Gp_role == GP_ROLE_EXECUTE)
+ return ACLCHECK_OK;
+
+ if(aclType == HAWQ_ACL_RANGER &&
+ !fallBackToNativeCheck(ACL_KIND_TABLESPACE, spc_oid, roleid, mode))
+ {
+ return pg_rangercheck(ACL_KIND_TABLESPACE, spc_oid, roleid, mode, ACLMASK_ANY);
+ }
+ else
+ {
+ return pg_tablespace_nativecheck(spc_oid, roleid, mode);
+ }
}
/*
@@ -4013,18 +3988,19 @@ pg_tablespace_aclcheck(Oid spc_oid, Oid roleid, AclMode mode)
AclResult
pg_foreign_data_wrapper_aclcheck(Oid fdw_oid, Oid roleid, AclMode mode)
{
- /* Bypass all permission checking on QE. */
- if (Gp_role == GP_ROLE_EXECUTE)
- return ACLCHECK_OK;
-
- if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_FDW, fdw_oid, roleid, mode))
- {
- return pg_rangercheck(ACL_KIND_FDW, fdw_oid, roleid, mode, ACLMASK_ANY);
- }
- else
- {
- return pg_foreign_data_wrapper_nativecheck(fdw_oid, roleid, mode);
- }
+ /* Bypass all permission checking on QE. */
+ if (Gp_role == GP_ROLE_EXECUTE)
+ return ACLCHECK_OK;
+
+ if(aclType == HAWQ_ACL_RANGER &&
+ !fallBackToNativeCheck(ACL_KIND_FDW, fdw_oid, roleid, mode))
+ {
+ return pg_rangercheck(ACL_KIND_FDW, fdw_oid, roleid, mode, ACLMASK_ANY);
+ }
+ else
+ {
+ return pg_foreign_data_wrapper_nativecheck(fdw_oid, roleid, mode);
+ }
}
/*
@@ -4034,18 +4010,19 @@ pg_foreign_data_wrapper_aclcheck(Oid fdw_oid, Oid roleid, AclMode mode)
AclResult
pg_foreign_server_aclcheck(Oid srv_oid, Oid roleid, AclMode mode)
{
- /* Bypass all permission checking on QE. */
- if (Gp_role == GP_ROLE_EXECUTE)
- return ACLCHECK_OK;
-
- if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_FOREIGN_SERVER, srv_oid, roleid, mode))
- {
- return pg_rangercheck(ACL_KIND_FOREIGN_SERVER, srv_oid, roleid, mode, ACLMASK_ANY);
- }
- else
- {
- return pg_foreign_server_nativecheck(srv_oid, roleid, mode);
- }
+ /* Bypass all permission checking on QE. */
+ if (Gp_role == GP_ROLE_EXECUTE)
+ return ACLCHECK_OK;
+
+ if(aclType == HAWQ_ACL_RANGER &&
+ !fallBackToNativeCheck(ACL_KIND_FOREIGN_SERVER, srv_oid, roleid, mode))
+ {
+ return pg_rangercheck(ACL_KIND_FOREIGN_SERVER, srv_oid, roleid, mode, ACLMASK_ANY);
+ }
+ else
+ {
+ return pg_foreign_server_nativecheck(srv_oid, roleid, mode);
+ }
}
/*
@@ -4055,18 +4032,19 @@ pg_foreign_server_aclcheck(Oid srv_oid, Oid roleid, AclMode mode)
AclResult
pg_extprotocol_aclcheck(Oid ptcid, Oid roleid, AclMode mode)
{
- /* Bypass all permission checking on QE. */
- if (Gp_role == GP_ROLE_EXECUTE)
- return ACLCHECK_OK;
-
- if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_EXTPROTOCOL, ptcid, roleid, mode))
- {
- return pg_rangercheck(ACL_KIND_EXTPROTOCOL, ptcid, roleid, mode, ACLMASK_ANY);
- }
- else
- {
- return pg_extprotocol_nativecheck(ptcid, roleid, mode);
- }
+ /* Bypass all permission checking on QE. */
+ if (Gp_role == GP_ROLE_EXECUTE)
+ return ACLCHECK_OK;
+
+ if (aclType == HAWQ_ACL_RANGER &&
+ !fallBackToNativeCheck(ACL_KIND_EXTPROTOCOL, ptcid, roleid, mode))
+ {
+ return pg_rangercheck(ACL_KIND_EXTPROTOCOL, ptcid, roleid, mode, ACLMASK_ANY);
+ }
+ else
+ {
+ return pg_extprotocol_nativecheck(ptcid, roleid, mode);
+ }
}
/*
@@ -4075,18 +4053,19 @@ pg_extprotocol_aclcheck(Oid ptcid, Oid roleid, AclMode mode)
AclResult
pg_filesystem_aclcheck(Oid fsysid, Oid roleid, AclMode mode)
{
- /* Bypass all permission checking on QE. */
- if (Gp_role == GP_ROLE_EXECUTE)
- return ACLCHECK_OK;
-
- if(aclType == HAWQ_ACL_RANGER && !fallBackToNativeCheck(ACL_KIND_FILESYSTEM, fsysid, roleid, mode))
- {
- return pg_rangercheck(ACL_KIND_FILESYSTEM, fsysid, roleid, mode, ACLMASK_ANY);
- }
- else
- {
- return pg_filesystem_nativecheck(fsysid, roleid, mode);
- }
+ /* Bypass all permission checking on QE. */
+ if (Gp_role == GP_ROLE_EXECUTE)
+ return ACLCHECK_OK;
+
+ if (aclType == HAWQ_ACL_RANGER &&
+ !fallBackToNativeCheck(ACL_KIND_FILESYSTEM, fsysid, roleid, mode))
+ {
+ return pg_rangercheck(ACL_KIND_FILESYSTEM, fsysid, roleid, mode, ACLMASK_ANY);
+ }
+ else
+ {
+ return pg_filesystem_nativecheck(fsysid, roleid, mode);
+ }
}
/*