Repository: incubator-hawq Updated Branches: refs/heads/master 0bc2c8c01 -> cf54c4180
HAWQ-1275. Check build-in catalogs, tables and functions in native aclcheck. Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/cf54c418 Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/cf54c418 Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/cf54c418 Branch: refs/heads/master Commit: cf54c41809627f5b9b38eb6322947ef12439b0af Parents: 0bc2c8c Author: hubertzhang <[email protected]> Authored: Mon Jan 16 16:01:39 2017 +0800 Committer: hubertzhang <[email protected]> Committed: Mon Jan 16 16:01:39 2017 +0800 ---------------------------------------------------------------------- src/backend/catalog/aclchk.c | 43 ++++++++++++++++++++++++++------ src/backend/utils/cache/lsyscache.c | 24 ++++++++++++++++++ src/backend/utils/misc/guc.c | 13 +++++++++- src/include/catalog/pg_namespace.h | 1 - src/include/utils/guc.h | 3 +++ src/include/utils/lsyscache.h | 1 + 6 files changed, 76 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/cf54c418/src/backend/catalog/aclchk.c ---------------------------------------------------------------------- diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index 73de11b..200d9cb 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -2669,29 +2669,58 @@ List *getActionName(AclMode mask) bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid) { - //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + /* get the latest information_schema_namespcace_oid. Since caql access heap table + * directly without aclcheck, this function will not be called recursively + */ + if (information_schema_namespcace_oid == 0) + { + information_schema_namespcace_oid = (int)get_namespace_oid("information_schema"); + } + /*for heap table, we fall back to native check.*/ + if (objkind == ACL_KIND_CLASS) { char relstorage = get_rel_relstorage(obj_oid); - if(relstorage == 'h') + if (relstorage == 'h') + { + return true; + } + } + else if (objkind == ACL_KIND_NAMESPACE) + { + /*native check build-in schemas.*/ + if (obj_oid == PG_CATALOG_NAMESPACE || obj_oid == information_schema_namespcace_oid + || obj_oid == PG_AOSEGMENT_NAMESPACE || obj_oid == PG_TOAST_NAMESPACE + || obj_oid == PG_BITMAPINDEX_NAMESPACE) { return true; } } + else if (objkind == ACL_KIND_PROC) + { + /*native check functions under build-in schemas.*/ + Oid namespaceid = get_func_namespace(obj_oid); + if (namespaceid == PG_CATALOG_NAMESPACE || namespaceid == information_schema_namespcace_oid + || namespaceid == PG_AOSEGMENT_NAMESPACE || namespaceid == PG_TOAST_NAMESPACE + || namespaceid == PG_BITMAPINDEX_NAMESPACE) + { + return true; + } + } + return false; } bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid) { - //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + /*we only have range table here*/ + if (objkind == ACL_KIND_CLASS) { ListCell *l; foreach(l, table_list) { RangeTblEntry *rte=(RangeTblEntry *) lfirst(l); - char relstorage = get_rel_relstorage(rte->relid); - if(relstorage == 'h') + bool ret = fallBackToNativeCheck(ACL_KIND_CLASS, rte->relid, roleid); + if(ret) { return true; } http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/cf54c418/src/backend/utils/cache/lsyscache.c ---------------------------------------------------------------------- diff --git a/src/backend/utils/cache/lsyscache.c b/src/backend/utils/cache/lsyscache.c index fa8fde5..3ccf847 100644 --- a/src/backend/utils/cache/lsyscache.c +++ b/src/backend/utils/cache/lsyscache.c @@ -3248,6 +3248,30 @@ get_namespace_name(Oid nspid) return result; } +/* + * get_namespace_oid + * Returns the oid of a namespace given its name + * + */ +Oid +get_namespace_oid(const char* npname) +{ + Oid result; + int fetchCount; + + result = caql_getoid_plus( + NULL, + &fetchCount, + NULL, + cql("SELECT oid FROM pg_namespace " + " WHERE nspname = :1 ", + PointerGetDatum((char *) npname))); + + if (!fetchCount) + return InvalidOid; + + return result; +} /* ---------- PG_AUTHID CACHE ---------- */ /* http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/cf54c418/src/backend/utils/misc/guc.c ---------------------------------------------------------------------- diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index fbf19cf..21d705a 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -769,6 +769,8 @@ bool optimizer_prefer_scalar_dqa_multistage_agg; bool optimizer_parallel_union; bool optimizer_array_constraints; +int information_schema_namespcace_oid; + /* Security */ bool gp_reject_internal_tcp_conn = true; @@ -6195,6 +6197,15 @@ static struct config_int ConfigureNamesInt[] = }, { + {"information_schema_namespcace_oid", PGC_USERSET, DEVELOPER_OPTIONS, + gettext_noop("the oid of information_schema namespace"), + NULL + }, + &information_schema_namespcace_oid, + 0, 0, INT_MAX, NULL, NULL + }, + + { {"memory_profiler_dataset_size", PGC_USERSET, DEVELOPER_OPTIONS, gettext_noop("Set the size in GB"), NULL, @@ -6269,7 +6280,7 @@ static struct config_int ConfigureNamesInt[] = NULL }, &rps_addr_port, - 8080, 1, 65535, NULL, NULL + 8432, 1, 65535, NULL, NULL }, { http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/cf54c418/src/include/catalog/pg_namespace.h ---------------------------------------------------------------------- diff --git a/src/include/catalog/pg_namespace.h b/src/include/catalog/pg_namespace.h index a91e2ea..1bedc70 100644 --- a/src/include/catalog/pg_namespace.h +++ b/src/include/catalog/pg_namespace.h @@ -124,7 +124,6 @@ DATA(insert OID = 6104 ( "pg_aoseg" PGUID _null_ 0)); DESCR("Reserved schema for Append Only segment list and eof tables"); #define PG_AOSEGMENT_NAMESPACE 6104 - #define IsBuiltInNameSpace(namespaceId) \ (namespaceId == PG_CATALOG_NAMESPACE || \ namespaceId == PG_TOAST_NAMESPACE || \ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/cf54c418/src/include/utils/guc.h ---------------------------------------------------------------------- diff --git a/src/include/utils/guc.h b/src/include/utils/guc.h index cb45a7c..2315778 100644 --- a/src/include/utils/guc.h +++ b/src/include/utils/guc.h @@ -445,6 +445,9 @@ extern bool optimizer_prefer_scalar_dqa_multistage_agg; extern bool optimizer_parallel_union; extern bool optimizer_array_constraints; + +extern int information_schema_namespcace_oid; + /** * Enable logging of DPE match in optimizer. */ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/cf54c418/src/include/utils/lsyscache.h ---------------------------------------------------------------------- diff --git a/src/include/utils/lsyscache.h b/src/include/utils/lsyscache.h index 21a38cf..6ee99be 100644 --- a/src/include/utils/lsyscache.h +++ b/src/include/utils/lsyscache.h @@ -148,6 +148,7 @@ extern void free_attstatsslot(Oid atttype, Datum *values, int nvalues, float4 *numbers, int nnumbers); extern char *get_namespace_name(Oid nspid); +extern Oid get_namespace_oid(const char* npname); extern Oid get_roleid(const char *rolname); extern char *get_rolname(Oid roleid); extern char get_relation_storage_type(Oid relid);
