Security fixes for 144553, 1414125, and 1393529 1445583: showstats command performance slow with security enabled
Several changes were made to improve performance:
Performance optimization: NATable.cpp: NATable::setupPrivs - If the current user is the object owner, then default the privilege bitmap to object Owner values - no need to call PrivMgr to get privileges
Caching optimization: We are now caching privmgr metadata tables in compiler cache when the compiler context is instantiated. This avoids a metadata lookup for these tables.
- Added new methods that return if the table is part of the PrivMgr schema - Adjusted CmpSeabaseDDL::createMDdescs to include privmgr metadata in the cached entries - Adjusted CmpSeabaseDDL::getMDtableInfo to check for privmgr metadata tables from the cached entries - Removed obsolete code CmpSeabaseDDL::alterSeabaseDropColumn - changed CmpSeabaseDDL::getSeabaseTableDesc to check for both system and privmgr metadata from compiler cache - added new method CmpSeabaseDDL::getPKeyInfoForTable that returns the primary key name and UID for a table. This is needed when dropping privmgr metadata tables
Removed extraneous recompilations of HISTOGRAM structures: Today, update statistics and showstats are reloading NATable entries for HISTOGRAM tables on every access. This is because the parserflag ALLOW_SPECIALTABLETYPE is turned on. When this flag is turned, the compiler always reloads the cache entries - see code from CmpMain::sqlcomp:
//if using special tables e.g. using index as base table //select * from table (index_table T018ibc); //then refresh metadata cache if(Get_SqlParser_Flags(ALLOW_SPECIALTABLETYPE) && CmpCommon::context()->schemaDB_->getNATableDB()->cachingMetaData()) CmpCommon::context()->schemaDB_->getNATableDB()->refreshCacheInThisStatement();
Changed code to not set ALLOW_SPECIALTABLETYPE and ALLOW_PHONYCHARACTERS parserflags by default. Individual statements are setting these flags as needed.
1414125: User without priv can view data in metadata tables
The problem is that a user with priv cannot view data in metadata tables. Even when a user had SELECT privilege on a system or privmgr metadata table, the request failed.
The problem is that parameter 2 sent to CmpDescribeIsAuthorized in hs_globals.cpp is NULL so SELECT priv is not checked. If the user has SHOW component privilege, it works. A call was added to getPrivileges for metadata tables before calling CmpDescribeIsAuthorized.
1393529: Core dump accessing MD table descriptors
When "UPDATE STATISTICS LOG [ON, OFF, CLEAR]" is specified by a non DB__ROOT user, a core dump occurred. This happens because the isAuthorized check is performed expecting a NATable structure. This command does not need any special security checks.
Updated traf_authentication_setup script to support a new installation option
Fix for bug 1446043 SPJ's can contain duplicate column names coming from different tables which will be resolved later by renaming the columns. so there is no need to check for duplicates at the beginning of bind node for SPJ's.