You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by da...@apache.org on 2008/05/13 18:58:04 UTC
svn commit: r655948 - in /db/derby/code/trunk/java:
engine/org/apache/derby/impl/sql/execute/ engine/org/apache/derby/loc/
shared/org/apache/derby/shared/common/reference/
testing/org/apache/derbyTesting/functionTests/tests/lang/
Author: dag
Date: Tue May 13 09:58:04 2008
New Revision: 655948
URL: http://svn.apache.org/viewvc?rev=655948&view=rev
Log:
DERBY-3333 User name corresponding to authentication identifier PUBLIC must be rejected
Patch DERBY-3333-roles.
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/GrantRoleConstantAction.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RevokeRoleConstantAction.java
db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RolesTest.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java?rev=655948&r1=655947&r2=655948&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java Tue May 13 09:58:04 2008
@@ -75,6 +75,11 @@
TransactionController tc = lcc.getTransactionExecute();
DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
+ if (roleName.equals(Authorizer.PUBLIC_AUTHORIZATION_ID)) {
+ throw StandardException.
+ newException(SQLState.AUTH_PUBLIC_ILLEGAL_AUTHORIZATION_ID);
+ }
+
// currentAuthId is currently always the database owner since
// role definition is a database owner power. This may change
// in the future since this SQL is more liberal.
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/GrantRoleConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/GrantRoleConstantAction.java?rev=655948&r1=655947&r2=655948&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/GrantRoleConstantAction.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/GrantRoleConstantAction.java Tue May 13 09:58:04 2008
@@ -28,6 +28,7 @@
import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.iapi.sql.Activation;
import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
+import org.apache.derby.iapi.sql.conn.Authorizer;
import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
import org.apache.derby.iapi.sql.dictionary.RoleDescriptor;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
@@ -88,6 +89,11 @@
for (Iterator rIter = roleNames.iterator(); rIter.hasNext();) {
String role = (String)rIter.next();
+ if (role.equals(Authorizer.PUBLIC_AUTHORIZATION_ID)) {
+ throw StandardException.
+ newException(SQLState.AUTH_PUBLIC_ILLEGAL_AUTHORIZATION_ID);
+ }
+
for (Iterator gIter = grantees.iterator(); gIter.hasNext();) {
String grantee = (String)gIter.next();
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RevokeRoleConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RevokeRoleConstantAction.java?rev=655948&r1=655947&r2=655948&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RevokeRoleConstantAction.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RevokeRoleConstantAction.java Tue May 13 09:58:04 2008
@@ -28,6 +28,7 @@
import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.iapi.sql.Activation;
import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
+import org.apache.derby.iapi.sql.conn.Authorizer;
import org.apache.derby.iapi.sql.dictionary.RoleDescriptor;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
import org.apache.derby.iapi.store.access.TransactionController;
@@ -83,6 +84,11 @@
for (Iterator rIter = roleNames.iterator(); rIter.hasNext();) {
String role = (String)rIter.next();
+ if (role.equals(Authorizer.PUBLIC_AUTHORIZATION_ID)) {
+ throw StandardException.
+ newException(SQLState.AUTH_PUBLIC_ILLEGAL_AUTHORIZATION_ID);
+ }
+
for (Iterator gIter = grantees.iterator(); gIter.hasNext();) {
String grantee = (String)gIter.next();
Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml?rev=655948&r1=655947&r2=655948&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml Tue May 13 09:58:04 2008
@@ -1144,6 +1144,11 @@
</msg>
<msg>
+ <name>4251B</name>
+ <text>PUBLIC is reserved and cannot be used as a user identifier or role name.</text>
+ </msg>
+
+ <msg>
<name>42601</name>
<text>In an ALTER TABLE statement, the column '{0}' has been specified as NOT NULL and either the DEFAULT clause was not specified or was specified as DEFAULT NULL.</text>
<arg>columnName</arg>
Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java?rev=655948&r1=655947&r2=655948&view=diff
==============================================================================
--- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java (original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java Tue May 13 09:58:04 2008
@@ -759,6 +759,7 @@
String AUTH_DUPLICATE_USERS = "4250D";
String AUTH_INTERNAL_BAD_UUID = "4250E";
String AUTH_ROLE_DBO_ONLY = "4251A";
+ String AUTH_PUBLIC_ILLEGAL_AUTHORIZATION_ID = "4251B";
String LANG_DB2_NOT_NULL_COLUMN_INVALID_DEFAULT = "42601";
String LANG_DB2_INVALID_HEXADECIMAL_CONSTANT = "42606";
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RolesTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RolesTest.java?rev=655948&r1=655947&r2=655948&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RolesTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RolesTest.java Tue May 13 09:58:04 2008
@@ -71,6 +71,7 @@
private final static String revokeWarn = "01007";
private final static String notIdle = "25001";
private final static String invalidRoleName = "4293A";
+ private final static String invalidPUBLIC = "4251B";
private final static String userException = "38000";
private int MAX_IDENTIFIER_LENGTH = 128;
@@ -231,6 +232,14 @@
sqlAuthorizationRequired, invalidRoleName, invalidRoleName);
doStmt("create role \"SYSROLE\"",
sqlAuthorizationRequired, invalidRoleName, invalidRoleName);
+ doStmt("create role public",
+ syntaxError, syntaxError, syntaxError);
+ doStmt("create role \"PUBLIC\"",
+ sqlAuthorizationRequired, invalidPUBLIC, roleDboOnly);
+ doStmt("grant \"PUBLIC\" to " + users[1],
+ sqlAuthorizationRequired, invalidPUBLIC, invalidPUBLIC);
+ doStmt("revoke \"PUBLIC\" from " + users[1],
+ sqlAuthorizationRequired, invalidPUBLIC, invalidPUBLIC);
_stm.close();
}