Clone Tools
Constraints: committers
Constraints: files
Constraints: dates
Security fixes for 144553, 1414125, and 1393529

1445583: showstats command performance slow with security enabled

Several changes were made to improve performance:

Performance optimization:

NATable.cpp: NATable::setupPrivs

- If the current user is the object owner, then default the privilege bitmap

to object Owner values - no need to call PrivMgr to get privileges

Caching optimization:

We are now caching privmgr metadata tables in compiler cache when the compiler

context is instantiated. This avoids a metadata lookup for these tables.

- Added new methods that return if the table is part of the PrivMgr schema

- Adjusted CmpSeabaseDDL::createMDdescs to include privmgr metadata in the

cached entries

- Adjusted CmpSeabaseDDL::getMDtableInfo to check for privmgr metadata tables

from the cached entries

- Removed obsolete code CmpSeabaseDDL::alterSeabaseDropColumn

- changed CmpSeabaseDDL::getSeabaseTableDesc to check for both system and

privmgr metadata from compiler cache

- added new method CmpSeabaseDDL::getPKeyInfoForTable that returns the

primary key name and UID for a table. This is needed when dropping privmgr

metadata tables

Removed extraneous recompilations of HISTOGRAM structures:

Today, update statistics and showstats are reloading NATable entries

for HISTOGRAM tables on every access. This is because the parserflag

ALLOW_SPECIALTABLETYPE is turned on. When this flag is turned, the compiler

always reloads the cache entries - see code from CmpMain::sqlcomp:

//if using special tables e.g. using index as base table

//select * from table (index_table T018ibc);

//then refresh metadata cache





parserflags by default. Individual statements are setting these flags as needed.

1414125: User without priv can view data in metadata tables

The problem is that a user with priv cannot view data in metadata tables.

Even when a user had SELECT privilege on a system or privmgr metadata table,

the request failed.

The problem is that parameter 2 sent to CmpDescribeIsAuthorized in

hs_globals.cpp is NULL so SELECT priv is not checked. If the user has SHOW

component privilege, it works. A call was added to getPrivileges for metadata

tables before calling CmpDescribeIsAuthorized.

1393529: Core dump accessing MD table descriptors

When "UPDATE STATISTICS LOG [ON, OFF, CLEAR]" is specified by a non DB__ROOT

user, a core dump occurred. This happens because the isAuthorized check is

performed expecting a NATable structure. This command does not need any

special security checks.

Updated traf_authentication_setup script to support a new installation option

Change-Id: If7dbf3ec66e5beb7d88bda61ef32611401dd97b9

  1. … 10 more files in changeset.
Automated collection of necessary statistics

When the optimizer requests a histogram for a given column, and that

histogram does not exist, it may (depending on the cqds in effect) register

a request for the histogram to be created at a later time, or utilize a

small sample to generate a rudimentary histogram on the fly. In either

case, when a subsequent Update Statistics statements specifies the ON

NECESSARY COLUMNS clause, any column of the target table that has been

the subject of one of these actions will have a bona fide histogram


blueprint ustat-automation

Change-Id: Ieceac3e1d84bf8091a5bf340dc1739a447ad2436

  1. … 6 more files in changeset.
Fix histograms for primary key of salted tables

Users attempting to use Update Statistics to create a multi-column

histogram (MC) corresponding to the primary key of a salted table may be

unaware that the "_SALT_" column is implicitly prepended to the key as

stated in the Create Table statement, and omit it. This fix will cause

Update Stats to detect a request for a multi-column histograms that

specifies the primary key columns (or a prefix of the full key), and

add _SALT_ to it if missing, and order the MC to match the order of the

columns in the primary key.

The change only affects salted tables, and is only applied if neither

the ON EVERY KEY nor ON EVERY COLUMN clauses is present, because an MC

matching the full primary key is automatically generated in those cases.

A second part of this fix applies to cases where ON EVERY KEY or ON

EVERY COLUMN is specified in an Update Statistics statement on a salted

table. By default, MCs corresponding to subsets of the primary key will

no longer be generated automatically in this case. The cqd

USTAT_ADD_SALTED_KEY_PREFIXES_FOR_MC may be set to 'ON' to cause MCs

for subsets of the primary key to be generated.

Closes-Bug #1336983

Change-Id: I930fef13371d5d773a0df44601cf99a8a4dc8322

  1. … 8 more files in changeset.
Initial code drop of Trafodion

  1. … 4886 more files in changeset.