Repository: incubator-hawq Updated Branches: refs/heads/ran5 bbf897bcf -> 0edc300de
fix some bugs Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/0edc300d Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/0edc300d Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/0edc300d Branch: refs/heads/ran5 Commit: 0edc300de896b03a99af800f3a0527d4cead921c Parents: bbf897b Author: hzhang2 <[email protected]> Authored: Fri Dec 16 10:51:55 2016 +0800 Committer: hzhang2 <[email protected]> Committed: Fri Dec 16 10:51:55 2016 +0800 ---------------------------------------------------------------------- src/backend/catalog/aclchk.c | 68 +++++++++++++++++++++----------- src/backend/libpq/rangerrest.c | 27 ++++++------- src/backend/parser/parse_relation.c | 2 +- src/include/utils/acl.h | 1 + 4 files changed, 59 insertions(+), 39 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/0edc300d/src/backend/catalog/aclchk.c ---------------------------------------------------------------------- diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index ac9ac30..f13502e 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -2303,11 +2303,11 @@ char *getClassNameFromOid(Oid object_oid) if (database_name == NULL) elog(ERROR, "oid [%u] not found current database", object_oid); - appendStringInfo(&tname, database_name); - appendStringInfo(&tname, "."); - appendStringInfo(&tname, schema_name); - appendStringInfo(&tname, "."); - appendStringInfo(&tname, rel_name); + appendStringInfo(&tname, "%s", database_name); + appendStringInfoChar(&tname, '.'); + appendStringInfo(&tname, "%s", schema_name); + appendStringInfoChar(&tname, '.'); + appendStringInfo(&tname, "%s", rel_name); pfree(rel_name); pfree(schema_name); pfree(database_name); @@ -2352,11 +2352,11 @@ char *getSequenceNameFromOid(Oid object_oid) if (database_name == NULL) elog(ERROR, "oid [%u] not found current database", object_oid); - appendStringInfo(&tname, database_name); - appendStringInfo(&tname, "."); - appendStringInfo(&tname, schema_name); - appendStringInfo(&tname, "."); - appendStringInfo(&tname, seq_name); + appendStringInfo(&tname, "%s", database_name); + appendStringInfoChar(&tname, '.'); + appendStringInfo(&tname, "%s", schema_name); + appendStringInfoChar(&tname, '.'); + appendStringInfo(&tname, "%s", seq_name); pfree(seq_name); pfree(schema_name); pfree(database_name); @@ -2413,11 +2413,11 @@ char *getProcNameFromOid(Oid object_oid) if (database_name == NULL) elog(ERROR, "oid [%u] not found current database", object_oid); - appendStringInfo(&tname, database_name); - appendStringInfo(&tname, "."); - appendStringInfo(&tname, schema_name); - appendStringInfo(&tname, "."); - appendStringInfo(&tname, proc_name); + appendStringInfo(&tname, "%s", database_name); + appendStringInfoChar(&tname, '.'); + appendStringInfo(&tname, "%s", schema_name); + appendStringInfoChar(&tname, '.'); + appendStringInfo(&tname, "%s", proc_name); pfree(proc_name); pfree(schema_name); pfree(database_name); @@ -2470,9 +2470,9 @@ char *getLanguageNameFromOid(Oid object_oid) if (database_name == NULL) elog(ERROR, "oid [%u] not found current database", object_oid); - appendStringInfo(&tname, database_name); - appendStringInfo(&tname, "."); - appendStringInfo(&tname, lang_name); + appendStringInfo(&tname, "%s", database_name); + appendStringInfoChar(&tname, '.'); + appendStringInfo(&tname, "%s", lang_name); pfree(lang_name); pfree(database_name); @@ -2499,9 +2499,9 @@ char *getNamespaceNameFromOid(Oid object_oid) if (database_name == NULL) elog(ERROR, "oid [%u] not found current database", object_oid); - appendStringInfo(&tname, database_name); - appendStringInfo(&tname, "."); - appendStringInfo(&tname, schema_name); + appendStringInfo(&tname, "%s", database_name); + appendStringInfoChar(&tname, '.'); + appendStringInfo(&tname, "%s", schema_name); pfree(schema_name); pfree(database_name); @@ -2678,6 +2678,27 @@ bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid) } return false; } + +bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid) +{ + //for heap table, we fall back to native check. + if(objkind == ACL_KIND_CLASS) + { + ListCell *l; + foreach(l, table_list) + { + RangeTblEntry *rte=(RangeTblEntry *) lfirst(l); + char relstorage = get_rel_relstorage(rte->relid); + if(relstorage == 'h') + { + return true; + } + } + + } + return false; +} + /* * return: List of RangerPrivilegeResults * arg_list: List of RangerPrivilegeArgs @@ -2737,6 +2758,9 @@ List *pg_rangercheck_batch(List *arg_list) requestargs = NULL; } + if(ret != RANGERCHECK_OK){ + elog(ERROR, "ACL check failed\n"); + } elog(LOG, "oids%d\n", arg_list->length); return aclresults; } @@ -2765,7 +2789,7 @@ pg_rangercheck(AclObjectKind objkind, Oid object_oid, Oid roleid, list_free_deep(actions); actions = NIL; } - return ACLCHECK_OK; + return ret; } /* http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/0edc300d/src/backend/libpq/rangerrest.c ---------------------------------------------------------------------- diff --git a/src/backend/libpq/rangerrest.c b/src/backend/libpq/rangerrest.c index 22d69ba..2d38449 100644 --- a/src/backend/libpq/rangerrest.c +++ b/src/backend/libpq/rangerrest.c @@ -59,33 +59,28 @@ RangerACLResult parse_ranger_response(char* buffer) if (strlen(buffer) == 0) return RANGERCHECK_UNKNOWN; - elog(LOG, "RRRRRRRRRRread from Ranger Restful API: %s", buffer); + elog(LOG, "read from Ranger Restful API: %s", buffer); struct json_object *response = json_tokener_parse(buffer); struct json_object *accessObj = json_object_object_get(response, "access"); - //json_object * jobj = json_object_object_get(jobj, key); int arraylen = json_object_array_length(accessObj); elog(LOG, "Array Length: %dn",arraylen); json_object * jvalue; + json_object * jallow; + json_bool result; + // here should return which table's acl check failed in future. for (int i=0; i< arraylen; i++){ jvalue = json_object_array_get_idx(accessObj, i); - //elog(LOG,"value[%d]: %sn",i, json_object_get_boolean(jvalue)); - } - json_object * jallow = json_object_object_get(jvalue, "allowed"); - json_bool result = json_object_get_boolean(jallow); - - //char* szResult = json_object_get_boolean(result); - //elog(LOG, "parse Ranger response, result:%s.", szResult); - elog(LOG, "parFFFFse Ranger response, result:%d.", result); - //if (strcmp(szResult, "true") == 0) - if(result == 1) - { - return RANGERCHECK_OK; - } else { + jallow = json_object_object_get(jvalue, "allowed"); + result = json_object_get_boolean(jallow); + if(result != 1){ return RANGERCHECK_NO_PRIV; + } } + return RANGERCHECK_OK; + } /* @@ -287,7 +282,7 @@ json_object* create_ranger_request_json(char* user, AclObjectKind kind, char* ob elog(LOG, "build json for ranger request, user:%s, kind:%s, object:%s", user, AclObjectKindStr[kind], object); json_object *jrequest = json_object_new_object(); - json_object *juser = json_object_new_string("hubert");//user); + json_object *juser = json_object_new_string(user); json_object *jaccess = json_object_new_array(); json_object *jelement = json_object_new_object(); http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/0edc300d/src/backend/parser/parse_relation.c ---------------------------------------------------------------------- diff --git a/src/backend/parser/parse_relation.c b/src/backend/parser/parse_relation.c index 5ee7857..176ed0b 100644 --- a/src/backend/parser/parse_relation.c +++ b/src/backend/parser/parse_relation.c @@ -2712,7 +2712,7 @@ warnAutoRange(ParseState *pstate, RangeVar *relation, int location) void ExecCheckRTPerms(List *rangeTable) { - if (enable_ranger) + if (enable_ranger && !fallBackToNativeChecks(ACL_KIND_CLASS,rangeTable,GetUserId())) { if(rangeTable!=NULL) ExecCheckRTPermsWithRanger(rangeTable); http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/0edc300d/src/include/utils/acl.h ---------------------------------------------------------------------- diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h index 62a13a2..a8c9e64 100644 --- a/src/include/utils/acl.h +++ b/src/include/utils/acl.h @@ -305,6 +305,7 @@ extern AclResult pg_rangercheck(AclObjectKind objkind, Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how); extern bool fallBackToNativeCheck(AclObjectKind objkind, Oid table_oid, Oid roleid); +extern bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid); extern char *getNameFromOid(AclObjectKind objkind, Oid object_oid); extern char *getClassNameFromOid(Oid object_oid); extern char *getSequenceNameFromOid(Oid object_oid);
