CmpSeabaseDDLauth.cpp

Clone Tools
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
TRAFODION - 3218 User still has privilege after user's role has been revoked ...

Partial support for column level privileges with QI support for:

column select

column insert

column references

column update

Also, as part of this, updated privilege code in a couple of areas:

Changed object caching code in NATable and NARoutine to store all privileges

assigned to the object when the object is cached (privDescs_). During the load

operation, the code creates bitmaps (privInfo_) for the current user. Privilege

checks are performed against the user bitmaps (privInfo_). This is in

anticipation for some performance updates when connecting to Trafodion (mxosrvr)

with different users.

Change getRoleList to include the roleID and the granteeID that granted the

privilege. The grantee can be a user or a role.

When a privilege is revoked from a role, send QI keys for every user that has

been granted to role.

  1. … 40 more files in changeset.
TRAFODION-1573: Additional GET commands for privileges TRAFODION-3074: Failed to register/unregister user when security disabled

TRAFODION-1573 changes:

- Added support for the following commands:

get privileges on <object>

<object>: [LIBRARY | PROCEDURE | FUNCTION | TABLE_MAPPING FUNCTION | SEQUENCE]

- Added support for the FOR CLAUSE on all supported objects

Removed the need to specify keyword 'USER" before username. If USER is

included, then it is ignored.

get privileges on <object> FOR [USER] <user or role name>

<objects>: [TABLES, VIEWS, LIBRARIES, PROCEDURES, FUNCTIONS,

TABLE_MAPPING FUNCTIONS, SEQUENCES]

- The following get command can only be run by DB__ROOT or a user that has been

granted the DB__ROOTROLE or DB__HIVEROLE role

get <objects> in schema hive.xx.xx;

<objects>: [TABLES, OBJECTS, VIEWS]

- The following get command can only be run by DB__ROOT or a user that has been

granted the DB__ROOTROLE or DB__HBASEROLE role

get external hbase objects;

- The following get commands retrieve privilege details from Trafodion metadata;

users can only see objects where they have been granted at least one privilege

get hive registered tables in catalog trafodion;

get hbase registered tables in catalog trafodion;

- get privileges commands now return owner's privileges in output

- Cleaned up code in the parser.

TRAFODION-3074 changes

- register user - fixed query to find next available authID

- unregister user - added checks to not read privilege metadata if authorization

is not enabled

  1. … 17 more files in changeset.
[TRAFODION-3009] Streamline error handling in Executor utility commands

ComDiagsArea is now allocated only when there are warnings or errors in

all the utility commands.

This requires all the executor utility commands to use a new version of

ExRaiseSqlError to populate diagnostics area.

  1. … 14 more files in changeset.
Trafodion-2705 user has "SHOW" privilege can't do 'showddl user'

Showddl code now checks to see if current user matches the user name specified

in the showddl command. It also verifies that the user has SHOW component

privilege.

Simplified privs1/TEST141 as part of goal to make privilege tests run faster.

  1. … 5 more files in changeset.
Miscellaneous authorization changes:

- Unregister user does not remove component privileges

- Reuse unused entries from the authID ranges

- Add "changeuser" command to update user credentials in place instead of

requiring a new sqlci session to be started. Changed privs1/TEST132 to use

this change and cut about 5 minutes off the test time.

  1. … 18 more files in changeset.
[TRAFODION-2768] Make Trafodion code base to compile in RH7

  1. … 126 more files in changeset.
[TRAFODION-2754] Get statistics cores sqlci or mxosrvr at str_sprintf()

Switched str_sprinf to use the standard sprintf function to ensure

that the format specification and the passed in parameters are consistent

  1. … 65 more files in changeset.
TRAFODION-2441 user has only select privilege on a table can do ... TRAFODION-2409 support privilege control(column privileges) for hive tables TRAFODION-2423 any user can perform 'initialize trafodion, drop' TRAFODION-2435 Any user can perform TRUNCATE on native Hive tables. TRAFODION-2463 Hive: Any user can do update statistics for hive tables

Fixed issues found while testing privileges with native Hive.

TRAFODION-2441:

changed code that initializes owner privileges for views.

TRAFODION-2409:

returning error message 1328 during attempt to grant unsupported column level

privilege on hive table.

TRAFODION 2423:

added privilege checks for all initialize commands, error 1017 is returned if

not DB__ROOT

TRAFODION-2435:

Returning error 1051 if TRUNCATE is attempted on a hive table where the

current user has no privilege

TRAFODION-2463:

Privilege checks added for Hive table during update statistics

  1. … 25 more files in changeset.
TRAFODION-2327 Reduce I/O when loading objects into caches

For each authorization ID (user, role, or PUBLIC), a bitmap containing the

accumulated privileges (across all grantors) is stored with the object desc.

When the object desc is loaded into cache, the privilege bitmaps associated

with the current user, PUBLIC, and the current users' roles are extracted and

unioned together to calculate the final set of privileges. This unioned list

is used during privilege checking.

Today, an I/O is performed to retrieve the list of roles granted to the current

user for each object loaded into NATable and NARoutine cache. Since this list

does not change unless the current user changes (a new session with a different

user) or a grant/revoke role for the current user is performed, these extra

I/O's are not needed.

To remove the extra I/O's for each object, the list of roles will be stored in

the ContextCli. Therefore, this in-memory role list can be used instead of

rereading metadata.

This checkin creates two new CLI requests:

- GetRoleList - returns the list of roles associated with the user

If the list exists in ContextCli, it returns the stored values

If the list does not exist, it retrieves them from Metadata, stores

them and returns the values

- ResetRoleList - removes the list of roles from ContextCli

The first time GetRoleList is called in a session, the users' roles are

stored in ContextCli. They remain in memory until the session ends and

restarts as a different user, or another process grants or revokes a role

from the current user.

If another process revokes a role from the current user, a query invalidation

key is created. When the revoke role query invalidation key for the current

user is detected, ResetRoleList is called. The next time GetRoleList is called

an updated role list is retrieved from metadata and stored in ContextCli.

If another process grants a role to the current user, there could be two

outcomes. If the current user already has the privilege from another source

then nothing happens. If the current user does not have the privilege, then

one recompilation is attempted. Prior to performing the retry, code was

added to ResetRoleList. The recompilation then gets the latest role list and

either succeeds or fails depending on the granted privileges.

  1. … 16 more files in changeset.
TRAFODION [2025] Initialize authorization cannot be run in a DDL transaction

As part of DDL transaction work, there is a goal to run all DDL and DDL like

operations in a single DDL transaction. This delivery changes initialize

trafodion and initialize authorization to make this happen.

Prior to DDL transactions, initialize authorization would either add or drop

authorization support. Part of this required that all compiler processes

associated with the master process be killed to clear out information stored

in memory. When DDL transactions were added, killing the compiler processes

caused the DDL transaction to abort. This means that initialize authorization

could not be run in DDL transation. Initialize trafodion calls initialize

authorization when security is enabled, so initialize trafodion was not able

to run in DDL transactions.

A change was made to send a CmpMessageDatabaseUser request to the child arkcmp

processes after authorization was initialized or dropped. This request is

reponsible for setting appropriate memory attributes so we no longer require

arkcmps to be terminated. Changes were piggy backed on current support that

sends usernames and IDs to child arkcmps.

A new method called ContextCli::updateMxcmpSession is called during initialize

and drop requests. This calls send a message to associated arkcmp process to

update session attributes for user information. It then propagates the message

to other child arkcmp processes.

To make this work, the following code was changed to generate and recognize the

new message format:

CmpStatement.cpp (process - CmpMessageDatabaseUser)

Context.cpp (createMxcmpSession & updateMxcmpSession)

ExSqlComp.cpp (resendControls)

The following was changed to support DDL transactions:

CmpSeabaseDDLcommon.cpp (initSeabaseAuthorization & dropSeabaseAuthorization)

GenPreCode.cpp (allow DDL transaction for initialize trafodion)

SqlciErrors.txt (allow initialize authorization to succeed with warnings)

This also includes a change on how Trafodion processes alter user operations

that allow predefined users to be modified by someone with the correct

privileges.

  1. … 10 more files in changeset.
update

  1. … 298 more files in changeset.
TRAFODION [1696] - drop authorization doesn't drop all roles, and create role will run into internal error

A while back a change was made in the PrivMgr constructors to assume that

authorization is enabled by default instead of the unknown state. If the state

is unknown, privilege manager performs I/O to determine its state, otherwise

no additional checking is performed. This was changed because one, the

authorization check in PrivMgr is expensive and two, the majority of the callers

already perform the authorization check by looking in the compile context set up

during process startup. Role code was not updated to handle this change

correctly as described in TRAFODION-1696. Changes were made to check compiler

context to verify that authorization is enabled for role commands.

Fixed a comment related to queryBuf size for internal library management

operations.

  1. … 1 more file in changeset.
TRAFODION [1879] - Integrate Library Management into Trafodion Metadata

The initial release of library management has been delivered to Trafodion. This

is follow-on work that integrates library management operations into the

existing Trafodion infrastructure. Currently, with the initial release of

library management, the consumer needs to run a special script to set up

everything. This delivery incorporates the steps into existing SQL commands and

removes the need for the script.

This delivery contains:

-> Support for three new INITIALIZE TRAFODION options

-> Support for a new role (plus infrastructure to make it easier to add roles)

-> Change initialize authorization to handle upgrade better

-> Fixed couple issues found while testing

-> New regression test (udr/TEST102)

*** Support for three new INITIALIZE TRAFODION options:

Three new INITIALIZE TRAFODION options have been added:

CREATE LIBRARY MANAGEMENT - create and populates the libmgr schema

DROP LIBRARY MANAGEMENT - drops the libmgr schema

UPGRADE LIBRARY MANAGEMENT - adds new procedures to the libmgr library

Parser was changed to support these new options, a new keyword - MANAGEMENT

was added.

(parser/ParKeyWords.cpp/sqlparser.y)

DDL compiler was changed to recognize the new options and call implementation

methods.

(optimizer/RelExeUtil, sqlcomp/CmpSeabaseDDLcommon.cpp)

The following implementation methods were added:

createSeabaseLibmgr (code for create library management)

dropSeabaseLibmgr (code for drop library management)

upgradeSeabaseLibmgr(code for upgrade library management)

createLibmgrProcs – a helper method called by create and upgrade code to

create libmgr procedures

grantLibmgrPrivs – a helper method called by createLibmgrProcs and

initialize authorization that add grants to procedures for

the new DB__LIBMGRROLE role.

(CmpSeabaseDDL.h/CmpSeabaseDDLroutine.cpp)

Changes were made to define the new schema, library and procedures.

(common/ComSmallDefs.h, CmpSeabaseDDLroutine.h)

All procedures are defined in a new file called sqlcomp/CmpSeabaseDDLroutine.h.

This file is based on similar support for system metadata tables

(CmpSeabaseDDLmd.h). It contains the text of all the procedures. During

"create library management" and "upgrade library management" operations, this

list is used to create/add procedures.

*** Support for a new role:

Initialize authorization code was changed to create the new DB__LIBMGRROLE role.

As part of this change, role infrastructure was modified to make it easier to

add system roles in the future. The initialize code checks to see what roles

have not been added, and adds them.

(common/NAUserId.h, common/ComUser, sqlcomp/PrivMgrMD,

sqlcomp/CmpSeabaseDDLauth, sqlcomp/PrivMgrRoles)

In addition, a check is made – if the SEABASE_LIBMGR_SCHEMA exists, then

grants are performed on the procedures to allow DB__LIBMGRROLE execute

privilege.

(sqlcomp/CmpSeabaseDDLcommon.cpp)

*** Change initialize authorization to handle upgrade better:

Changes were made so initialize authorization performs an upgrade operation if

called and component privileges already exists.

(sqlcomp/PrivMgrComponentOperations, sqlcomp/PrivMgrComponentPrivileges,

sqlcomp/PrivMgrMD)

*** Fixed couple of issues found while testing:

Invalid role ID generation. Role ID generation code was using the wrong range

to determine the next role ID.

(CmpSeabaseDDLauth.cpp)

Drop schema issues with libraries. Drop library cascade fails when the order

of libraries and functions is incorrect. If you drop function, drop library it

fails with missing procedure.

(CmpSeabaseDDLschema.cpp)

  1. … 26 more files in changeset.
TRAFODION-1754 Showddl component does not display grants correctly

Showddl should be displaying grants on an operation in a manner that allows

the privileges to be recreated. Currently, they are returned in the order

in which they are read from the metadata.

While working on this JIRA, several issues were fixed including:

- Consolidated privilege values into one location - NAUserId.h. They used to be

stored in NAUserId.h, ComSmallDefs.h, and PrivMgrDefs.h

- The check for getting the next available role ID was not correct.

- PrivMgrPrivileges::hasColWGO has incorrect indexing

- PrivMgrComponentPrivileges::selectAllWhere has incorrect error checking

  1. … 16 more files in changeset.
TRAFODION-1031: PUBLIC" is not recognized in some statements

Fixed a couple of issues where PUBLIC was not returned. With this check-in we

will treat PUBLIC as a special role.

  1. … 5 more files in changeset.
Part 1 of updates to licensing info in Trafodion source

Added NOTICE.txt file in root directory per ASF guidelines.

Updated copyright text in one directory (core/sql/sqlcomp)

as a test of a tool to update such text. One or more later

check-ins will take care of the remaining directories.

  1. … 63 more files in changeset.
Move core into subdir to combine repos

    • -0
    • +1866
    ./CmpSeabaseDDLauth.cpp
  1. … 10768 more files in changeset.
Move core into subdir to combine repos

    • -0
    • +1867
    ./CmpSeabaseDDLauth.cpp
  1. … 10622 more files in changeset.
Move core into subdir to combine repos

Use: git log --follow -- <file>

to view file history thru renames.

    • -0
    • +1866
    ./CmpSeabaseDDLauth.cpp
  1. … 10837 more files in changeset.