HAWQ-1256. non-superuser connect to db will do aclcheck through ranger and curl handle haven't been initialized.
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/aa5792d8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/aa5792d8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/aa5792d8 Branch: refs/heads/2.1.0.0-incubating Commit: aa5792d858f545815361c8247cdbb22eec9dd3f1 Parents: 2a7c20f Author: stanlyxiang <[email protected]> Authored: Wed Jan 11 18:10:11 2017 +0800 Committer: stanlyxiang <[email protected]> Committed: Wed Jan 11 18:16:54 2017 +0800 ---------------------------------------------------------------------- src/backend/libpq/rangerrest.c | 1 + src/backend/tcop/postgres.c | 38 ++++++++++++++++++------------------- 2 files changed, 19 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/aa5792d8/src/backend/libpq/rangerrest.c ---------------------------------------------------------------------- diff --git a/src/backend/libpq/rangerrest.c b/src/backend/libpq/rangerrest.c index fd8937a..5406251 100644 --- a/src/backend/libpq/rangerrest.c +++ b/src/backend/libpq/rangerrest.c @@ -384,6 +384,7 @@ int check_privilege_from_ranger(List *arg_list) Assert(request != NULL); /* call GET method to send request*/ + Assert(curl_context_ranger.hasInited); if (call_ranger_rest(&curl_context_ranger, request) < 0) { return RANGERCHECK_NO_PRIV; http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/aa5792d8/src/backend/tcop/postgres.c ---------------------------------------------------------------------- diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c index c8d7e33..e1bfb1d 100644 --- a/src/backend/tcop/postgres.c +++ b/src/backend/tcop/postgres.c @@ -4391,7 +4391,24 @@ PostgresMain(int argc, char *argv[], const char *username) BuildFlatFiles(true); } - + /* for enable ranger*/ + if (enable_ranger && !curl_context_ranger.hasInited) + { + memset(&curl_context_ranger, 0, sizeof(curl_context_t)); + curl_global_init(CURL_GLOBAL_ALL); + /* init the curl session */ + curl_context_ranger.curl_handle = curl_easy_init(); + if (curl_context_ranger.curl_handle == NULL) { + /* cleanup curl stuff */ + /* no need to cleanup curl_handle since it's null. just cleanup curl global.*/ + curl_global_cleanup(); + } + curl_context_ranger.hasInited = true; + curl_context_ranger.response.buffer = palloc0(CURL_RES_BUFFER_SIZE); + curl_context_ranger.response.buffer_size = CURL_RES_BUFFER_SIZE; + elog(DEBUG3, "when enable ranger, init global struct for privileges check."); + on_proc_exit(curl_finalize, 0); + } /* * Create a per-backend PGPROC struct in shared memory, except in the * EXEC_BACKEND case where this was done in SubPostmasterMain. We must do @@ -4630,25 +4647,6 @@ PostgresMain(int argc, char *argv[], const char *username) if (!ignore_till_sync) send_ready_for_query = true; /* initially, or after error */ - /* for enable ranger*/ - if (AmIMaster() && enable_ranger && !curl_context_ranger.hasInited) - { - memset(&curl_context_ranger, 0, sizeof(curl_context_t)); - curl_global_init(CURL_GLOBAL_ALL); - /* init the curl session */ - curl_context_ranger.curl_handle = curl_easy_init(); - if (curl_context_ranger.curl_handle == NULL) { - /* cleanup curl stuff */ - /* no need to cleanup curl_handle since it's null. just cleanup curl global.*/ - curl_global_cleanup(); - elog(ERROR, "initialize global curl context failed."); - } - curl_context_ranger.hasInited = true; - curl_context_ranger.response.buffer = palloc0(CURL_RES_BUFFER_SIZE); - curl_context_ranger.response.buffer_size = CURL_RES_BUFFER_SIZE; - elog(DEBUG3, "initialize global curl context for privileges check."); - on_proc_exit(curl_finalize, 0); - } /* * Non-error queries loop here. */
