You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hawq.apache.org by "Xiang Sheng (JIRA)" <ji...@apache.org> on 2017/02/14 08:12:41 UTC

[jira] [Assigned] (HAWQ-1329) pg_catalog view fallback failed

     [ https://issues.apache.org/jira/browse/HAWQ-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Xiang Sheng reassigned HAWQ-1329:
---------------------------------

    Assignee: Xiang Sheng  (was: Ed Espino)

> pg_catalog view fallback failed 
> --------------------------------
>
>                 Key: HAWQ-1329
>                 URL: https://issues.apache.org/jira/browse/HAWQ-1329
>             Project: Apache HAWQ
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Xiang Sheng
>            Assignee: Xiang Sheng
>             Fix For: 2.2.0.0-incubating
>
>
> in current code
> {code}
> if (objkind == ACL_KIND_CLASS)
>   {
>     char relstorage = get_rel_relstorage(obj_oid);
>     if (relstorage == 'h')
>     {
>       return true;
>     }
>   }
> {code}
> This just fallback pg_catalog.tables, does not fallback pg_catalog.views. Because the relstorage of pg_catalog.view is 'v', not 'h'. So we should fix it to fallback the privileges request use the following condition.
> {code}
> if (namespaceid == PG_CATALOG_NAMESPACE || namespaceid == information_schema_namespcace_oid
>             || namespaceid == PG_AOSEGMENT_NAMESPACE || namespaceid == PG_TOAST_NAMESPACE
>             || namespaceid == PG_BITMAPINDEX_NAMESPACE)
> {code}
> reproduce:
> 1. psql -d postgres
> 2. set log_min_messages='DEBUG3';
> 3. SELECT setting FROM pg_settings WHERE name='client_min_messages';
> Can see the json request:
> {code}
> 2017-02-13 16:43:37.908980 CST,"xsheng","postgres",p21556,th2021810176,"[local]",,2017-02-13 15:07:36 CST,25538,con13,cmd92,seg-10000,,,x25538,sx1,"DEBUG3","00000","send json request to ranger : { ""requestId"": ""40"", ""user"    ": ""xsheng"", ""clientIp"": ""127.0.0.1"", ""context"": ""SELECT setting FROM pg_settings WHERE name='client_min_messages'\n;"", ""access"": [ { ""resource"": { ""database"": ""postgres"", ""schema"": ""pg_catalog"", ""table""    : ""pg_settings"" }, ""privileges"": [ ""select"" ] }, { ""resource"": { ""database"": ""postgres"", ""schema"": ""pg_catalog"", ""table"": ""pg_settings_gpsql"" }, ""privileges"": [ ""select"" ] } ] }",,,,,,"SELECT setting FRO    M pg_settings WHERE name='client_min_messages';",0,,"rangerrest.c",454,
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)