Repository: incubator-trafodion Updated Branches: refs/heads/master 6b07d620e -> 9e5f36cd3
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/079ea00a/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp b/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp index 70d37d1..cc1e4a5 100644 --- a/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp +++ b/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp @@ -7167,15 +7167,12 @@ short CmpSeabaseDDL::updateSeabaseAuths( Int64 initTime = NA_JulianTimestamp(); - str_sprintf(buf, "insert into %s.\"%s\".%s values (%d, 'DB__ROOT', 'TRAFODION', 'U', %d, 'Y', %ld,%ld, 0) ", - sysCat, SEABASE_MD_SCHEMA, SEABASE_AUTHS, - SUPER_USER, SUPER_USER, initTime, initTime); - cliRC = cliInterface->executeImmediate(buf); - if (cliRC < 0) - { - cliInterface->retrieveSQLDiagnostics(CmpCommon::diags()); - return -1; - } + NAString mdLocation; + CONCAT_CATSCH(mdLocation, getSystemCatalog(), SEABASE_MD_SCHEMA); + CmpSeabaseDDLuser authOperation(sysCat, mdLocation.data()); + authOperation.registerStandardUser(DB__ROOT, ROOT_USER_ID); + if (CmpCommon::diags()->getNumber(DgSqlCode::ERROR_)) + return -1; return 0; } http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/079ea00a/core/sql/sqlcomp/PrivMgrComponentDefs.h ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrComponentDefs.h b/core/sql/sqlcomp/PrivMgrComponentDefs.h new file mode 100644 index 0000000..8986dd9 --- /dev/null +++ b/core/sql/sqlcomp/PrivMgrComponentDefs.h @@ -0,0 +1,284 @@ +//***************************************************************************** +// @@@ START COPYRIGHT @@@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +//// @@@ END COPYRIGHT @@@ +//***************************************************************************** + +#ifndef PRIVMGR_COMPONENTS_DEFS_H +#define PRIVMGR_COMPONENTS_DEFS_H + +// ***************************************************************************** +// * +// * Component definition section +// * +// * Several system components are created and managed by the database. +// * They are managed by two main structures: +// * ComponentListStruct - the list of components +// * ComponentOpStruct - the list of operations for each component +// * +// * To add a new component (assume xxx is component name): +// * Assign a UID (in enum ComponentOp add xxx_COMPONENT_UID) +// * Generate a component name (add new define called xxx_NAME) +// * Define component operations (add enum xxxOperation) +// * Define operation attributes (add ComponentOpStruct xxxOpStruct) +// * Add component to list (add component to componentList) +// * +// * To add a new operation to an existing component, see comments associated +// * with the component. +// * +// ***************************************************************************** + +// The ComponentOpStruct describes a component +// operationID - a number from xxxOperation representing the operation +// operationCode - unique 2 charater value that represents the operation +// operationName - unique name for the operation +// isRootRoleOp - grant DB__ROOTROLE this operation +// isAdminOp - grant DB__ADMIN/DB__ADMINROLE this operation +// isDMLOp - this is a DML operation +// isPublicOp - grant PUBLIC this operation +struct ComponentOpStruct +{ + int32_t operationID; + const char * operationCode; + const char * operationName; + const bool isRootRoleOp; + const bool isAdminOp; + const bool isDMLOp; + const bool isPublicOp; +}; + +// The ComponentListStruct describes the relationship between a component UID, +// its name, the number of operations for the component, and a pointer to the +// list of operations. +// componentUID - the UID for the component +// componentName - the component name +// numOps - the number of operations in the component +// componentOps - pointer the ComponentOpStruct describing the operations +struct ComponentListStruct +{ + int64_t componentUID; + const char * componentName; + int32_t numOps; + const ComponentOpStruct * componentOps; +}; + +// UID's for system component +// USER_COMPONENT_START_UID begins user defined components +enum ComponentOp{ INVALID_COMPONENT_UID = 0, + SQL_OPERATIONS_COMPONENT_UID = 1, + DBMGR_COMPONENT_UID = 2, + WMS_COMPONENT_UID = 3, + USER_COMPONENT_START_UID = 1000}; + +// List of components +#define SQL_OPERATIONS_NAME "SQL_OPERATIONS" +#define DBMGR_NAME "DBMGR" +#define WMS_NAME "WMS" + +// Defines component operations for SQL_OPERATIONS: +// to add a new operation, add an entry to this list (in alphebetic order) +// and add a corresponding entry to the sqlOpList. +enum class SQLOperation { + ALTER = 2, + ALTER_LIBRARY, + ALTER_ROUTINE, + ALTER_ROUTINE_ACTION, + ALTER_SCHEMA, + ALTER_SEQUENCE, + ALTER_SYNONYM, + ALTER_TABLE, + ALTER_TRIGGER, + ALTER_VIEW, + CREATE, + CREATE_CATALOG, + CREATE_INDEX, + CREATE_LIBRARY, + CREATE_PROCEDURE, + CREATE_ROUTINE, + CREATE_ROUTINE_ACTION, + CREATE_SCHEMA, + CREATE_SEQUENCE, + CREATE_SYNONYM, + CREATE_TABLE, + CREATE_TRIGGER, + CREATE_VIEW, + DML_DELETE, + DML_EXECUTE, + DML_INSERT, + DML_REFERENCES, + DML_SELECT, + DML_SELECT_METADATA, + DML_UPDATE, + DML_USAGE, + DROP, + DROP_CATALOG, + DROP_INDEX, + DROP_LIBRARY, + DROP_PROCEDURE, + DROP_ROUTINE, + DROP_ROUTINE_ACTION, + DROP_SCHEMA, + DROP_SEQUENCE, + DROP_SYNONYM, + DROP_TABLE, + DROP_TRIGGER, + DROP_VIEW, + MANAGE, + MANAGE_COMPONENTS, + MANAGE_LIBRARY, + MANAGE_LOAD, + MANAGE_PRIVILEGES, + MANAGE_ROLES, + MANAGE_STATISTICS, + MANAGE_TENANTS, + MANAGE_USERS, + QUERY_ACTIVATE, + QUERY_CANCEL, + QUERY_SUSPEND, + REGISTER_HIVE_OBJECT, + REMAP_USER, + SHOW, + UNREGISTER_HIVE_OBJECT, + USE_ALTERNATE_SCHEMA, + FIRST_OPERATION = ALTER, + LAST_OPERATION = USE_ALTERNATE_SCHEMA, + NUMBER_OF_OPERATIONS = LAST_OPERATION - FIRST_OPERATION + 1, + UNKNOWN, + FIRST_DML_PRIV = DML_DELETE, + LAST_DML_PRIV = DML_USAGE +}; + +// Assign initial privileges for SQL_OPERATIONS (based on ComponentOpStruct): +// recommend that DB__ROOTROLE granted all non DML privileges +// recommend that DB__ADMIN and DB__ADMINROLE granted all non DML privileges +// recommend that PUBLIC granted only a small subset of privileges +static const ComponentOpStruct sqlOpList[] = +{ + {(int32_t)SQLOperation::ALTER, "A0","ALTER",true,true,false,false}, + {(int32_t)SQLOperation::ALTER_LIBRARY, "AL","ALTER_LIBRARY",true,false,false,false}, + {(int32_t)SQLOperation::ALTER_ROUTINE, "AR","ALTER_ROUTINE",true,false,false,false}, + {(int32_t)SQLOperation::ALTER_ROUTINE_ACTION,"AA","ALTER_ROUTINE_ACTION",true,false,false,false}, + {(int32_t)SQLOperation::ALTER_SCHEMA, "AH","ALTER_SCHEMA",true,false,false,false}, + {(int32_t)SQLOperation::ALTER_SEQUENCE, "AQ","ALTER_SEQUENCE",true,false,false,false}, + {(int32_t)SQLOperation::ALTER_SYNONYM, "AY","ALTER_SYNONYM",true,false,false,false}, + {(int32_t)SQLOperation::ALTER_TABLE, "AT","ALTER_TABLE",true,false,false,false}, + {(int32_t)SQLOperation::ALTER_TRIGGER, "AG","ALTER_TRIGGER",true,false,false,false}, + {(int32_t)SQLOperation::ALTER_VIEW, "AV","ALTER_VIEW",true,false,false,false}, + + {(int32_t)SQLOperation::CREATE, "C0","CREATE",true,true,false,false }, + {(int32_t)SQLOperation::CREATE_CATALOG, "CC","CREATE_CATALOG",true,false,false,false}, + {(int32_t)SQLOperation::CREATE_INDEX, "CI","CREATE_INDEX",true,false,false,false}, + {(int32_t)SQLOperation::CREATE_LIBRARY, "CL","CREATE_LIBRARY",true,false,false,false}, + {(int32_t)SQLOperation::CREATE_PROCEDURE, "CP","CREATE_PROCEDURE",true,false,false,false}, + {(int32_t)SQLOperation::CREATE_ROUTINE, "CR","CREATE_ROUTINE",true,false,false,false}, + {(int32_t)SQLOperation::CREATE_ROUTINE_ACTION,"CA","CREATE_ROUTINE_ACTION",true,false,false,false}, + {(int32_t)SQLOperation::CREATE_SCHEMA, "CH","CREATE_SCHEMA",true,false,false,true}, + {(int32_t)SQLOperation::CREATE_SEQUENCE, "CQ","CREATE_SEQUENCE",true,false,false,false}, + {(int32_t)SQLOperation::CREATE_SYNONYM, "CY","CREATE_SYNONYM",true,false,false,false}, + {(int32_t)SQLOperation::CREATE_TABLE, "CT","CREATE_TABLE",true,false,false,false}, + {(int32_t)SQLOperation::CREATE_TRIGGER, "CG","CREATE_TRIGGER",true,false,false,false}, + {(int32_t)SQLOperation::CREATE_VIEW, "CV","CREATE_VIEW",true,false,false,false}, + + {(int32_t)SQLOperation::DML_DELETE, "PD","DML_DELETE",false,false,true,false}, + {(int32_t)SQLOperation::DML_EXECUTE, "PE","DML_EXECUTE",false,false,true,false}, + {(int32_t)SQLOperation::DML_INSERT, "PI","DML_INSERT",false,false,true,false}, + {(int32_t)SQLOperation::DML_REFERENCES, "PR","DML_REFERENCES",false,false,true,false}, + {(int32_t)SQLOperation::DML_SELECT, "PS","DML_SELECT",false,false,true,false}, + {(int32_t)SQLOperation::DML_SELECT_METADATA,"PM","DML_SELECT_METADATA",true,true,true,false}, + {(int32_t)SQLOperation::DML_UPDATE, "PU","DML_UPDATE",false,false,true,false}, + {(int32_t)SQLOperation::DML_USAGE, "PG","DML_USAGE",false,false,true,false}, + + {(int32_t)SQLOperation::DROP, "D0","DROP",true,true,false,false }, + {(int32_t)SQLOperation::DROP_CATALOG, "DC","DROP_CATALOG",true,false,false,false}, + {(int32_t)SQLOperation::DROP_INDEX, "DI","DROP_INDEX",true,false,false,false}, + {(int32_t)SQLOperation::DROP_LIBRARY, "DL","DROP_LIBRARY",true,false,false,false}, + {(int32_t)SQLOperation::DROP_PROCEDURE, "DP","DROP_PROCEDURE",true,false,false,false}, + {(int32_t)SQLOperation::DROP_ROUTINE, "DR","DROP_ROUTINE",true,false,false,false}, + {(int32_t)SQLOperation::DROP_ROUTINE_ACTION,"DA","DROP_ROUTINE_ACTION",true,false,false,false}, + {(int32_t)SQLOperation::DROP_SCHEMA, "DH","DROP_SCHEMA",true,false,false,false}, + {(int32_t)SQLOperation::DROP_SEQUENCE, "DQ","DROP_SEQUENCE",true,false,false,false}, + {(int32_t)SQLOperation::DROP_SYNONYM, "DY","DROP_SYNONYM",true,false,false,false}, + {(int32_t)SQLOperation::DROP_TABLE, "DT","DROP_TABLE",true,false,false,false}, + {(int32_t)SQLOperation::DROP_TRIGGER, "DG","DROP_TRIGGER",true,false,false,false}, + {(int32_t)SQLOperation::DROP_VIEW, "DV","DROP_VIEW",true,false,false,false}, + + {(int32_t)SQLOperation::MANAGE, "M0","MANAGE",true,true,false,false}, + {(int32_t)SQLOperation::MANAGE_COMPONENTS, "MC","MANAGE_COMPONENTS",true,false,false,false}, + {(int32_t)SQLOperation::MANAGE_LIBRARY, "ML","MANAGE_LIBRARY",true,false,false,false}, + {(int32_t)SQLOperation::MANAGE_LOAD, "MT","MANAGE_LOAD",true,false,false,false}, + {(int32_t)SQLOperation::MANAGE_PRIVILEGES, "MP","MANAGE_PRIVILEGES",true,false,false,false}, + {(int32_t)SQLOperation::MANAGE_ROLES, "MR","MANAGE_ROLES",true,false,false,false}, + {(int32_t)SQLOperation::MANAGE_STATISTICS, "MS","MANAGE_STATISTICS",true,false,false,false}, + {(int32_t)SQLOperation::MANAGE_TENANTS, "MX","MANAGE_TENANTS",true,false,false,false}, + {(int32_t)SQLOperation::MANAGE_USERS, "MU","MANAGE_USERS",true,false,false,false}, + + {(int32_t)SQLOperation::QUERY_ACTIVATE, "QA","QUERY_ACTIVATE",true,true,false,false}, + {(int32_t)SQLOperation::QUERY_CANCEL, "QC","QUERY_CANCEL",true,true,false,false}, + {(int32_t)SQLOperation::QUERY_SUSPEND, "QS","QUERY_SUSPEND",true,true,false,false}, + {(int32_t)SQLOperation::REGISTER_HIVE_OBJECT, "RH","REGISTER_HIVE_OBJECT",true,true,false,false}, + + {(int32_t)SQLOperation::REMAP_USER, "RU","REMAP_USER",true,true,false,false}, + {(int32_t)SQLOperation::SHOW, "SW","SHOW",true,true,false,false}, + {(int32_t)SQLOperation::UNREGISTER_HIVE_OBJECT, "UH","UNREGISTER_HIVE_OBJECT",true,true,false,false}, + {(int32_t)SQLOperation::USE_ALTERNATE_SCHEMA, "UA","USE_ALTERNATE_SCHEMA",true,true,false,false} +}; + +// Defines the component operations for DBMGR: +// add an entry to this list for new DBMGR operations(in alphabetic order) +// and to the corresponding dbmgrOpList +enum class DBMGROperation { + MANAGE_ALERTS = 2, + MANAGE_SESSIONS, + SHOW_ACTIVE_QUERIES, + SHOW_EVENT_LOGS, + SHOW_REPOS_QUERIES +}; + +// Assign initial privileges for DBMGROperation (based on ComponentOpStruct): +static const ComponentOpStruct dbmgrOpList[] = +{ + {(int32_t)DBMGROperation::MANAGE_ALERTS, "MA","MANAGE_ALERTS",true,true,false,false}, + {(int32_t)DBMGROperation::MANAGE_SESSIONS, "MS","MANAGE_SESSIONS",true,true,false,false}, + {(int32_t)DBMGROperation::SHOW_ACTIVE_QUERIES, "AQ","SHOW_ACTIVE_QUERIES",true,true,false,false}, + {(int32_t)DBMGROperation::SHOW_EVENT_LOGS, "EL","SHOW_EVENT_LOGS",true,true,false,false}, + {(int32_t)DBMGROperation::SHOW_REPOS_QUERIES, "RQ","SHOW_REPOS_QUERIES",true,true,false,false} +}; + +// Defines the component operations for WMS: +// add an entry to this list for new WMS operations (in alphabetic order) +// and to the corresponding wmsOpList +enum class WMSOperation { + MANAGE_WMS = 2 +}; + +// Assign initial privileges for DBMGROperation (based on ComponentOpStruct): +static const ComponentOpStruct wmsOpList[] = +{ + {(int32_t)WMSOperation::MANAGE_WMS, "MW","MANAGE_WMS",true,true,false,false}, +}; + + +// List of components +static const ComponentListStruct componentList[] +{ { (int64_t)SQL_OPERATIONS_COMPONENT_UID, SQL_OPERATIONS_NAME, sizeof(sqlOpList)/sizeof(ComponentOpStruct), (ComponentOpStruct *)&sqlOpList }, + { (int64_t)DBMGR_COMPONENT_UID, DBMGR_NAME, sizeof(dbmgrOpList)/sizeof(ComponentOpStruct), (ComponentOpStruct *)&dbmgrOpList }, + { (int64_t)WMS_COMPONENT_UID, WMS_NAME, sizeof(wmsOpList)/sizeof(ComponentOpStruct), (ComponentOpStruct *)&wmsOpList } }; + +#endif http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/079ea00a/core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp b/core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp index be6de56..ecee04e 100644 --- a/core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp +++ b/core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp @@ -74,10 +74,12 @@ public: // ------------------------------------------------------------------- MyRow(std::string tableName) : PrivMgrMDRow(tableName, COMPONENT_PRIVILEGES_ENUM), - componentUID_(0) + componentUID_(0), + visited_(false) { }; MyRow(const MyRow &other) - : PrivMgrMDRow(other) + : PrivMgrMDRow(other), + visited_(false) { componentUID_ = other.componentUID_; operationCode_ = other.operationCode_; @@ -88,6 +90,15 @@ public: grantDepth_ = other.grantDepth_; }; virtual ~MyRow() {}; + + bool operator==(const MyRow & other) const + { + return ( ( componentUID_ == other.componentUID_ ) && + ( operationCode_ == other.operationCode_ ) && + ( granteeID_ == other.granteeID_ ) && + ( grantorID_ == other.grantorID_ ) ); + } + inline void clear() {componentUID_ = 0;}; void describeGrant( @@ -107,6 +118,7 @@ public: int32_t grantorID_; std::string grantorName_; int32_t grantDepth_; + bool visited_; private: MyRow(); @@ -141,6 +153,11 @@ public: const std::string & operationCode, int32_t & grantee); + void getRowsForGrantee( + const MyRow &baseRow, + std::vector<MyRow> &masterRowList, + std::set<size_t> &rowsToDelete); + virtual PrivStatus insert(const PrivMgrMDRow & row); PrivStatus selectAllWhere( @@ -442,6 +459,120 @@ std::string whereClause("WHERE "); +// ***************************************************************************** +// * * +// * Function: PrivMgrComponentPrivileges::dropAllForGrantee * +// * * +// * This function drops all component privileges that have been granted * +// * to the user specified as "granteeID". If the grantee had the WGO then * +// * the branch of privileges started by granteeID are removed. * +// * * +// * This code assumes that all roles have been revoked from the granteeID * +// * prior to being called. * +// ***************************************************************************** +// * * +// * Parameters: * +// * * +// * <granteeID> const int32_t In * +// * * +// ***************************************************************************** +// * * +// * Returns: bool * +// * * +// * true: grantees were dropped * +// * false: unexpected error occurred. Error is put into the diags area. * +// * * +// ***************************************************************************** +bool PrivMgrComponentPrivileges::dropAllForGrantee( + const int32_t granteeID) +{ + // Get the list of all privileges from component_privileges table + // Skip rows granted by the system (-2) + std::string whereClause (" WHERE GRANTOR_ID > 0"); + std::string orderByClause= " ORDER BY COMPONENT_UID, GRANTOR_ID, GRANTEE_ID, OPERATION_CODE, GRANT_DEPTH"; + + MyTable &myTable = static_cast<MyTable &>(myTable_); + std::vector<MyRow> masterRowList; + + PrivStatus privStatus = myTable.selectAllWhere(whereClause,orderByClause,masterRowList); + if (privStatus == STATUS_ERROR) + return false; + + // Create a list of indexes into the masterRowList where the granteeID is + // the target of one or more privileges + std::vector<size_t> granteeRowList; + for (size_t i = 0; i < masterRowList.size(); i++) + { + if (masterRowList[i].granteeID_ == granteeID) + granteeRowList.push_back(i); + } + + // if the granteeID has not been granted any privileges, we are done + if (granteeRowList.size() == 0) + return true; + + // Add the rows from granteeRowList to rowsToDelete list + // If any privileges were granted WGO, also remove the branch. + std::set<size_t> rowsToDelete; + for (size_t i = 0; i < granteeRowList.size(); i++) + { + size_t baseIdx = granteeRowList[i]; + MyRow baseRow = masterRowList[baseIdx]; + + // If grantDepth < 0, then WGO was specified, remove branch + if (baseRow.grantDepth_ < 0) + myTable.getRowsForGrantee(baseRow, masterRowList, rowsToDelete); + masterRowList[baseIdx].visited_ = true; + rowsToDelete.insert(baseIdx); + } + + // delete all the rows in affected list into statements of 10 rows + if (rowsToDelete.size() > 0) + { + whereClause = "WHERE "; + bool isFirst = true; + size_t count = 0; + for (std::set<size_t>::iterator it = rowsToDelete.begin(); it!= rowsToDelete.end(); ++it) + { + if (count > 20) + { + privStatus == myTable.deleteWhere(whereClause); + if (privStatus == STATUS_ERROR) + return false; + whereClause = "WHERE "; + isFirst = true; + count = 0; + } + if (isFirst) + isFirst = false; + else + whereClause += " OR "; + size_t masterIdx = *it; + MyRow row = masterRowList[masterIdx]; + + const std::string componentUIDString = to_string((long long int)row.componentUID_); + whereClause += "(component_uid = "; + whereClause += componentUIDString.c_str(); + whereClause += " AND grantor_name = '"; + whereClause += row.grantorName_; + whereClause += "' AND grantee_name = '"; + whereClause += row.granteeName_; + whereClause += "' AND operation_code = '"; + whereClause += row.operationCode_; + whereClause += "')"; + count++; + } + privStatus == myTable.deleteWhere(whereClause); + if (privStatus == STATUS_ERROR) + return false; + } + + return true; +} + + + + // ***************************************************************************** // * * @@ -2168,6 +2299,111 @@ PrivStatus privStatus = selectWhereUnique(whereClause,row); +// ***************************************************************************** +// * * +// * Function: MyTable::getRowsForGrantee * +// * * +// * Finds the list of rows (branch) that need to be removed if the * +// * grantee no longer has WGO. * +// * * +// ***************************************************************************** +// * * +// * Parameters: * +// * * +// * <baseRow> const MyRow & In * +// * contains the starting point for the branch * +// * * +// * <masterRowList> std::vector<MyRow> & In/Out * +// * contains the master list of privileges * +// * this list is updated to set the "visited_" flag for performance * +// * * +// * <rowsToDelete> std::set<size_t> & Out * +// * returns the list of privileges to be removed * +// * * +// ***************************************************************************** +// * * +// * Returns: No errors are generated * +// * * +// ***************************************************************************** +void MyTable::getRowsForGrantee( + const MyRow &baseRow, + std::vector<MyRow> &masterRowList, + std::set<size_t> &rowsToDelete) +{ + for (size_t i = 0; i < masterRowList.size(); i++) + { + // master list is ordered by component ID, grantorID, granteeID and operationCode + // If done checking rows for the grantorID_ from the baseRow, just return + if ((masterRowList[i].componentUID_ == baseRow.componentUID_) && + (masterRowList[i].grantorID_ > baseRow.granteeID_)) + break; + + // If we have already processed the row or it is a row we are not + // interested in - continue + if (masterRowList[i].visited_ || (masterRowList[i].grantorID_ < baseRow.granteeID_)) + continue; + + // If this is a row we are interested in, add to rowsToDelete + if ((masterRowList[i].componentUID_ == baseRow.componentUID_) && + (masterRowList[i].grantorID_ == baseRow.granteeID_) && + (masterRowList[i].operationCode_ == baseRow.operationCode_)) + { + // no more leaves, done with the branch + if (masterRowList[i].grantDepth_ == 0) + { + masterRowList[i].visited_ = true; + rowsToDelete.insert(i); + continue; + } + + // Privilege was granted WITH GRANT OPTION, see if there is anything + // left on the branch to remove. If there are more leaves, check to + // see if grantee gets the priv from other grantors (WGO). If so, then + // no need to remove rest of branch + std::vector<size_t> grantList; + for (size_t g = 0; g < masterRowList.size(); g++) + { + // see if this is a row we are interested in + if ((masterRowList[g].visited_ == false) && + (masterRowList[g].componentUID_ == baseRow.componentUID_) && + (masterRowList[g].granteeID_ == baseRow.granteeID_) && + (masterRowList[g].operationCode_ == baseRow.operationCode_)) + { + // If this is the base row, skip + if (masterRowList[g] == baseRow) + continue; + + // we are interested, save it + grantList.push_back(g); + } + } + + // See if privilege has been granted by another grantor + if (grantList.size() > 0) + { + for (size_t j = 0; j < grantList.size(); j++) + { + size_t grantNdx = grantList[j]; + if (masterRowList[grantNdx].grantDepth_ < 0) + { + // this authID has been granted WGO privilege from another user + // no need to remove branch + masterRowList[i].visited_ = true; + break; + } + } + } + + // Check the next branch of privileges + getRowsForGrantee(masterRowList[i], masterRowList, rowsToDelete); + + // found a leaf to remove + masterRowList[i].visited_; + rowsToDelete.insert(i); + } + } +} + // ***************************************************************************** // * * http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/079ea00a/core/sql/sqlcomp/PrivMgrComponentPrivileges.h ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrComponentPrivileges.h b/core/sql/sqlcomp/PrivMgrComponentPrivileges.h index 566b051..2081a0f 100644 --- a/core/sql/sqlcomp/PrivMgrComponentPrivileges.h +++ b/core/sql/sqlcomp/PrivMgrComponentPrivileges.h @@ -74,6 +74,8 @@ public: const std::string & componentUID, const std::string & operationCode); + bool dropAllForGrantee(const int32_t granteeID); + bool findByNames( const std::string & componentName, const std::string & operationName); http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/079ea00a/core/sql/sqlcomp/PrivMgrMD.cpp ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrMD.cpp b/core/sql/sqlcomp/PrivMgrMD.cpp index e50ff93..91047e7 100644 --- a/core/sql/sqlcomp/PrivMgrMD.cpp +++ b/core/sql/sqlcomp/PrivMgrMD.cpp @@ -559,16 +559,16 @@ PrivStatus PrivMgrMDAdmin::dropMetadata ( CmpSeabaseDDLrole role; std::vector<std::string> rolesCreated; - int32_t numberRoles = sizeof(systemRoles)/sizeof(SystemRolesStruct); + int32_t numberRoles = sizeof(systemRoles)/sizeof(SystemAuthsStruct); for (int32_t i = 0; i < numberRoles; i++) { - const SystemRolesStruct &roleDefinition = systemRoles[i]; + const SystemAuthsStruct &roleDefinition = systemRoles[i]; // special Auth includes roles that are not registered in the metadata if (roleDefinition.isSpecialAuth) continue; - role.dropStandardRole(roleDefinition.roleName); + role.dropStandardRole(roleDefinition.authName); } int32_t actualSize = 0; @@ -1630,18 +1630,18 @@ PrivStatus PrivMgrMDAdmin::updatePrivMgrMetadata( // operation, than all system roles are created. CmpSeabaseDDLrole role; std::vector<std::string> rolesCreated; - int32_t numberRoles = sizeof(systemRoles)/sizeof(SystemRolesStruct); + int32_t numberRoles = sizeof(systemRoles)/sizeof(SystemAuthsStruct); for (int32_t i = 0; i < numberRoles; i++) { - const SystemRolesStruct &roleDefinition = systemRoles[i]; + const SystemAuthsStruct &roleDefinition = systemRoles[i]; // special Auth includes roles that are not registered in the metadata if (roleDefinition.isSpecialAuth) continue; // returns true is role was created, false if it already existed - if (role.createStandardRole(roleDefinition.roleName, roleDefinition.roleID)) - rolesCreated.push_back(roleDefinition.roleName); + if (role.createStandardRole(roleDefinition.authName, roleDefinition.authID)) + rolesCreated.push_back(roleDefinition.authName); } // Report the number roles created http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/079ea00a/core/sql/sqlcomp/PrivMgrRoles.cpp ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrRoles.cpp b/core/sql/sqlcomp/PrivMgrRoles.cpp index 04f0d87..6d610d5 100644 --- a/core/sql/sqlcomp/PrivMgrRoles.cpp +++ b/core/sql/sqlcomp/PrivMgrRoles.cpp @@ -1371,7 +1371,7 @@ PrivStatus PrivMgrRoles::populateCreatorGrants( MyTable &myTable = static_cast<MyTable &>(myTable_); - int32_t numberRoles = sizeof(systemRoles)/sizeof(SystemRolesStruct) - + int32_t numberRoles = sizeof(systemRoles)/sizeof(SystemAuthsStruct) - NUMBER_SPECIAL_SYSTEM_ROLES; // Calculate the number of roles that have already been created
