Roberta Marton <>
on 26 Mar 15
Miscellaneous DDL and security bug fixes
Fixed a testware issue with fullstack2/TEST062 that occurred during
release testing

Bug 1415196 - … Show more
Miscellaneous DDL and security bug fixes

Fixed a testware issue with fullstack2/TEST062 that occurred during

release testing

Bug 1415196 - Alter volatile table add column cores at CmpSeabaseDDL::alterSeabaseTableAddColumn()

 Added a check to not allow add or drop column for volatile tables:

 - sqlcomp/CmpSeabaseDDLtable.cpp

Bug 1415232 - A failed create view causes a volatile table to disappear

 The code to bind a view does not correctly reset the volatile schema in use

 session parameter in case of an error.  Subsequent calls do not check for

 volatile objects.


Bug 1371265 - should not allow grants to DB__ROOT or current user

 Added a check at grant to prevent this

 - sqlcomp/PrivMgrPrivileges.cpp

Bug 1392491 - Unavailability of privmgr metadata error is incomplete

 If not all the privmgr metadata is available, then a new Compile context

 flag called IS_AUTHORIZATION_READY is set.  This flag is adjusted when

 a new compiler context is started, and when authorization is enabled and


 When isAuthorizationEnabled is called and authorization is incomplete,

 error 1234 is now returned by default.

 After coding changes were added, a request to not check all privmgr metadata

 table at context startup was requseted - a performance concern.  Fix was

 changed to check all tables for debug builds but check only one table for

 release builds.  If the performance problem is fixed, then we can go back

 and check for all privmgr tables.

 - arkcmp/CmpContext.h

 - arkcmp/CmpContext.cpp

 - sqlcomp/CmpSeabaseDDLcommon.cpp

 - sqlcomp/nadefaults.cpp

Bug 1402009 - DB__ROOT is unable to grant privilege on object in private schema

 When DB__ROOT executes a grant or revoke on objects it does not own, need to

 change the grantor from DB__ROOT to the object owner.  This matches the same

 behavior for other DDL operations such as CREATE.

 As part of this fix, the GRANTED BY clause is now allowed for GRANT

 statements but it won't be complete until LP bug 1414225 is done.

 - sqlcomp/CmpSeabaseDDLtable.cpp (seabaseGrantRevoke)

 - sqlcomp/PrivMgrCommands.h

 - sqlcomp/PrivMgrCommands.cpp

 - sqlcomp/PrivMgrPrivileges.h

 - sqlcomp/PrivMgrPrivileges.cpp

 - sqlcomp/PrivMgrMD.h

Bug 1414125 - User without priv can view data in metadata tables

 Fixes were in place for all metadata tables except the privmgr metadata

 tables.  The priv information was always being set to none in setupPrivInfo

 (NATable) and revoking a privilege was not correctly removing privilege

 information from object_privileges.

 - optimizer/NATable.cpp

 - sqlcomp/PrivMgrCommands.cpp

Bug - create library checking privileges when authorization is not enabled

 - CmpSeabaseDDLroutine.cpp

Enhanced the sqlci env command:

 - alphabetize the output

 - add the following information

    -- authentication status

    -- authorization status

    -- external (LDAP) user connected

 A new session parameter called SESSION_EXTERNAL_USER_NAME was added to return

 the external user name connected.

 A new cli request called SQL_EXEC_GetAuthState_Internal was written to return

 the authentication & authorization status.  Code was also added, but not yet

 supported, for auditing status.

 Renamed member/methods that use ldap to external

 Changed sqlci env command to return new format

 - cli/sqlcli.h

 - cli/SQLCLIdev.h

 - cli/CliExtern.cpp

 - cli/Cli.h

 - cli/Cli.cpp

 - cli/Context.h

 - cli/Context.cpp

 - qmscommon/QRQueries.cpp

 - sqlci/SqlciEnv.h

 - sqlci/SqlciEnv.cpp

 - regress/fullstack2/EXPECTED062.SB

 - regress/funnstack2/DIFF062.KNOWN.SB.OS

Change-Id: I04627435a0e644c6b14bbf6bd8aa1162d81224fb

Show less

default + 9 more