Google Git
Sign in
apache / trafodion / 2.1.0rc2 / . / core / sql / sqlcomp / PrivMgrCommands.h
blob: 3ca851044a6c6b97219a2d3025f88a45b7800022 [file] [log] [blame]
//*****************************************************************************
// @@@ START COPYRIGHT @@@
//
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
//
//// @@@ END COPYRIGHT @@@
//*****************************************************************************
#ifndef PRIVMGR_COMMANDS_H
#define PRIVMGR_COMMANDS_H
#include <string>
#include <vector>
#include <bitset>
#include <iterator>
#include "PrivMgrMD.h"
#include "PrivMgrDefs.h"
#include "TrafDDLdesc.h"
#include "ComSecurityKey.h"
class ComDiagsArea;
class ComSecurityKey;
struct TrafDesc;
// *****************************************************************************
// This file contains classes used by callers of privilege manager
//
// Privilege manager (PrivMgr) is a component that manages metadata associated
// with privileges. This includes granting/revoking object and component (and
// eventually column) privileges, returning privilege descriptions in the form
// of grant statements for SHOWDDL, returning privileges on objects for
// specific users, and commands to support components
// *****************************************************************************
// Contents of file
class PrivMgrObjectInfo;
class ObjectPrivsRow;
class PrivMgrUserPrivs;
class PrivMgrCommands;
// Forward references
class PrivMgrPrivileges;
class NATable;
// ****************************************************************************
// *
// * Class: PrivMgrObjectInfo
// * Description: This class describes object details needed to perform
// * describe requests
// *
// ****************************************************************************
class PrivMgrObjectInfo
{
public:
PrivMgrObjectInfo( const int64_t objectUID,
const std::string objectName,
const int32_t objectOwner,
const int32_t schemaOwner,
const ComObjectType objectType)
: objectOwner_ (objectOwner),
objectName_ (objectName),
schemaOwner_ (schemaOwner),
objectUID_ (objectUID),
objectType_ (objectType)
{}
PrivMgrObjectInfo(const NATable *naTable);
const int32_t getObjectOwner() { return objectOwner_; }
const std::string getObjectName() { return objectName_; }
const int32_t getSchemaOwner() { return schemaOwner_; }
const int64_t getObjectUID() { return objectUID_; }
const ComObjectType getObjectType() { return objectType_; }
const std::vector<std::string> &getColumnList() { return columnList_; }
private:
int64_t objectUID_;
std::string objectName_;
int32_t objectOwner_;
int32_t schemaOwner_;
ComObjectType objectType_;
std::vector<std::string> columnList_;
};
// ****************************************************************************
// class: ObjectPrivsRow
//
// ****************************************************************************
class ObjectPrivsRow
{
public:
char objectName[(MAX_SQL_IDENTIFIER_NAME_LEN*3) + 2 + 1];
ComObjectType objectType;
int32_t granteeID;
char granteeName[MAX_USERNAME_LEN * 2 + 1];
ComGranteeType granteeType;
int32_t grantorID;
char grantorName[MAX_USERNAME_LEN * 2 + 1];
ComGrantorType grantorType;
int64_t privilegesBitmap;
int64_t grantableBitmap;
};
// *****************************************************************************
// *
// * Class: PrivMgrUserPrivs
// * Description: This class encapsulates privileges associated with an object
// * for a user.
// *
// *****************************************************************************
class PrivMgrUserPrivs
{
public:
PrivMgrUserPrivs()
: hasPublicPriv_(false)
{}
static std::string convertPrivTypeToLiteral(PrivType which)
{
std::string privilege;
switch (which)
{
case SELECT_PRIV:
privilege = "SELECT";
break;
case INSERT_PRIV:
privilege = "INSERT";
break;
case DELETE_PRIV:
privilege = "DELETE";
break;
case UPDATE_PRIV:
privilege = "UPDATE";
break;
case USAGE_PRIV:
privilege = "USAGE";
break;
case REFERENCES_PRIV:
privilege = "REFERENCES";
break;
case EXECUTE_PRIV:
privilege = "EXECUTE";
break;
case CREATE_PRIV:
privilege = "CREATE";
break;
case ALTER_PRIV:
privilege = "ALTER";
break;
case DROP_PRIV:
privilege = "DROP";
break;
case ALL_DML:
privilege = "ALL_DML";
break;
case ALL_DDL:
privilege = "ALL_DDL";
break;
case ALL_PRIVS:
privilege = "ALL";
break;
default:
privilege = "UNKNOWN";
}
return privilege;
}
// Object level
bool hasObjectSelectPriv() const {return objectBitmap_.test(SELECT_PRIV);}
bool hasObjectInsertPriv() const {return objectBitmap_.test(INSERT_PRIV);}
bool hasObjectDeletePriv() const {return objectBitmap_.test(DELETE_PRIV);}
bool hasObjectUpdatePriv() const {return objectBitmap_.test(UPDATE_PRIV);}
bool hasObjectUsagePriv() const {return objectBitmap_.test(USAGE_PRIV);}
bool hasObjectReferencePriv() const {return objectBitmap_.test(REFERENCES_PRIV);}
bool hasObjectExecutePriv() const {return objectBitmap_.test(EXECUTE_PRIV);}
bool hasObjectAlterPriv() const {return objectBitmap_.test(ALTER_PRIV);}
bool hasObjectDropPriv() const {return objectBitmap_.test(DROP_PRIV);}
bool hasSelectPriv() const {return schemaPrivBitmap_.test(SELECT_PRIV) || objectBitmap_.test(SELECT_PRIV);}
bool hasInsertPriv() const {return schemaPrivBitmap_.test(INSERT_PRIV) || objectBitmap_.test(INSERT_PRIV);}
bool hasDeletePriv() const {return schemaPrivBitmap_.test(DELETE_PRIV) || objectBitmap_.test(DELETE_PRIV);}
bool hasUpdatePriv() const {return schemaPrivBitmap_.test(UPDATE_PRIV) || objectBitmap_.test(UPDATE_PRIV);}
bool hasUsagePriv() const {return schemaPrivBitmap_.test(USAGE_PRIV) || objectBitmap_.test(USAGE_PRIV);}
bool hasReferencePriv() const {return schemaPrivBitmap_.test(REFERENCES_PRIV) || objectBitmap_.test(REFERENCES_PRIV);}
bool hasExecutePriv() const {return schemaPrivBitmap_.test(EXECUTE_PRIV) || objectBitmap_.test(EXECUTE_PRIV);}
bool hasCreatePriv() const {return schemaPrivBitmap_.test(CREATE_PRIV);}
bool hasAlterPriv() const {return schemaPrivBitmap_.test(ALTER_PRIV) || objectBitmap_.test(ALTER_PRIV);}
bool hasDropPriv() const {return schemaPrivBitmap_.test(DROP_PRIV) || objectBitmap_.test(DROP_PRIV);}
bool hasAllObjectPriv() const {return objectBitmap_.all();}
bool hasAnyObjectPriv() const {return objectBitmap_.any();}
bool hasPriv(PrivType which) const
{
bool hasPriv = false;
switch (which)
{
case SELECT_PRIV:
hasPriv = hasSelectPriv();
break;
case INSERT_PRIV:
hasPriv = hasInsertPriv();
break;
case DELETE_PRIV:
hasPriv = hasDeletePriv();
break;
case UPDATE_PRIV:
hasPriv = hasUpdatePriv();
break;
case USAGE_PRIV:
hasPriv = hasUsagePriv();
break;
case REFERENCES_PRIV:
hasPriv = hasReferencePriv();
break;
case EXECUTE_PRIV:
hasPriv = hasExecutePriv();
break;
// other privileges defined in the PrivType enum are not yet supported
default:
hasPriv = false;
}
return hasPriv;
}
bool hasObjectPriv(PrivType which) const
{
bool hasPriv = false;
switch (which)
{
case SELECT_PRIV:
hasPriv = hasObjectSelectPriv();
break;
case INSERT_PRIV:
hasPriv = hasObjectInsertPriv();
break;
case DELETE_PRIV:
hasPriv = hasObjectDeletePriv();
break;
case UPDATE_PRIV:
hasPriv = hasObjectUpdatePriv();
break;
case USAGE_PRIV:
hasPriv = hasObjectUsagePriv();
break;
case REFERENCES_PRIV:
hasPriv = hasObjectReferencePriv();
break;
case EXECUTE_PRIV:
hasPriv = hasObjectExecutePriv();
break;
// other privileges defined in the PrivType enum are not yet supported
default:
hasPriv = false;
}
return hasPriv;
}
bool hasAllDMLPriv() const
{
return (hasSelectPriv() &&
hasInsertPriv() &&
hasDeletePriv() &&
hasUpdatePriv() &&
hasReferencePriv());
}
bool hasAllLibraryPriv() const
{ return (hasUpdatePriv() && hasUsagePriv()); }
bool hasAllUdrPriv() const
{ return hasExecutePriv(); }
bool hasAllDDLPriv() const
{return (hasCreatePriv() && hasAlterPriv() && hasDropPriv());}
bool hasWGOOption(PrivType privType) const
{return grantableBitmap_.test(privType);}
bool hasColSelectPriv(const int32_t ordinal) const {return hasColPriv(SELECT_PRIV,ordinal);}
bool hasColInsertPriv(const int32_t ordinal) const {return hasColPriv(INSERT_PRIV,ordinal);}
bool hasColUpdatePriv(const int32_t ordinal) const {return hasColPriv(UPDATE_PRIV,ordinal);}
bool hasColReferencePriv(const int32_t ordinal) const {return hasColPriv(REFERENCES_PRIV,ordinal);}
bool hasAnyColPriv() const
{
return (!colPrivsList_.empty());
}
bool hasAnyColPriv(const PrivType privType) const
{
PrivColIterator columnIterator;
for (columnIterator = colPrivsList_.begin();
columnIterator != colPrivsList_.end(); ++columnIterator)
{
if (columnIterator->second.test(privType))
return true;
}
return false;
}
bool hasColPriv(PrivType privType,const int32_t ordinal) const
{
// If no privileges for that column, return false.
if (colPrivsList_.count(ordinal) <= 0)
return false;
switch (privType)
{
case SELECT_PRIV:
case INSERT_PRIV:
case REFERENCES_PRIV:
case UPDATE_PRIV:
{
PrivColIterator columnIterator = colPrivsList_.find(ordinal);
if (columnIterator == colPrivsList_.end())
return false;
return columnIterator->second.test(privType);
break;
}
// other privileges not column privs
default:
return false;
}
return false;
}
PrivColList & getColPrivList() {return colPrivsList_;}
void setColPrivList(PrivColList colPrivsList)
{colPrivsList_ = colPrivsList;}
PrivColList & getColGrantableList() {return colGrantableList_;}
void setColGrantableList(PrivColList colGrantableList)
{colGrantableList_ = colGrantableList;}
PrivColumnBitmap getColumnPrivBitmap(const int32_t ordinal)
{
if (colPrivsList_.empty() || colPrivsList_.count(ordinal) == 0)
return emptyBitmap_;
return colPrivsList_[ordinal];
}
PrivColumnBitmap getColumnGrantableBitmap(const int32_t ordinal)
{
if (colGrantableList_.empty() || colGrantableList_.count(ordinal) == 0)
return emptyBitmap_;
return colGrantableList_[ordinal];
}
PrivMgrBitmap getObjectBitmap() {return objectBitmap_;}
void setObjectBitmap (PrivMgrBitmap objectBitmap)
{objectBitmap_ = objectBitmap;}
PrivMgrBitmap getGrantableBitmap() {return grantableBitmap_;}
void setGrantableBitmap (PrivMgrBitmap grantableBitmap)
{grantableBitmap_ = grantableBitmap;}
void setOwnerDefaultPrivs()
{ objectBitmap_.set(); grantableBitmap_.set(); }
PrivSchemaBitmap getSchemaPrivBitmap() {return schemaPrivBitmap_;}
void setSchemaPrivBitmap (PrivSchemaBitmap schemaPrivBitmap)
{schemaPrivBitmap_ = schemaPrivBitmap;}
PrivSchemaBitmap getSchemaGrantableBitmap() {return schemaGrantableBitmap_;}
void setSchemaGrantableBitmap (PrivSchemaBitmap schemaGrantableBitmap)
{schemaGrantableBitmap_ = schemaGrantableBitmap;}
bool getHasPublicPriv() { return hasPublicPriv_; }
void setHasPublicPriv(bool hasPublicPriv) {hasPublicPriv_ = hasPublicPriv;}
void initUserPrivs (PrivMgrDesc &privsOfTheGrantor);
bool initUserPrivs ( const std::vector<int32_t> &roleIDs,
const TrafDesc *priv_desc,
const int32_t userID,
const int64_t objectUID,
NASet<ComSecurityKey> & secKeySet);
private:
PrivObjectBitmap objectBitmap_;
PrivObjectBitmap grantableBitmap_;
PrivColList colPrivsList_;
PrivColList colGrantableList_;
PrivSchemaBitmap schemaPrivBitmap_;
PrivSchemaBitmap schemaGrantableBitmap_;
PrivColumnBitmap emptyBitmap_;
bool hasPublicPriv_;
};
// *****************************************************************************
// *
// * Class: PrivMgrCommands
// * Description: This class represents the commands that can be performed
// * through the privilege manager component
// *
// *****************************************************************************
class PrivMgrCommands : public PrivMgr
{
public:
// ---------------------------------------------------------------------
// Constructors/Destructor
// ---------------------------------------------------------------------
PrivMgrCommands ();
PrivMgrCommands (
const std::string trafMetadataLocation,
const std::string &metadataLocation,
ComDiagsArea *pDiags,
PrivMDStatus authorizationEnabled = PRIV_INITIALIZE_UNKNOWN );
PrivMgrCommands ( const std::string &metadataLocation
, ComDiagsArea *pDiags
, PrivMDStatus authorizationEnabled = PRIV_INITIALIZE_UNKNOWN );
PrivMgrCommands ( const PrivMgrCommands &rhs );
virtual ~PrivMgrCommands ( void );
// ------------------------------------------------------------------------
// Operations:
// ------------------------------------------------------------------------
bool authorizationEnabled();
PrivStatus createComponentOperation(
const std::string & componentName,
const std::string & operationName,
const std::string & operationCode,
bool isSystem,
const std::string & operationDescription);
bool describeComponents(const std::string & componentName,
std::vector<std::string> & outlines);
bool describePrivileges(
const PrivMgrObjectInfo &objectInfo,
std::string &privilegeText);
PrivStatus dropAuthorizationMetadata(bool doCleanup);
PrivStatus dropComponentOperation(
const std::string & componentName,
const std::string & operationName,
PrivDropBehavior dropBehavior);
PrivStatus getGrantorDetailsForObject(
const bool isGrantedBySpecified,
const std::string grantedByName,
const int_32 objectOwner,
int_32 &effectiveGrantorID,
std::string &effectiveGrantorName);
PrivStatus getPrivileges(
NATable *naTable,
const int32_t granteeUID,
PrivMgrUserPrivs &userPrivileges,
std::vector <ComSecurityKey *>* secKeySet = NULL);
PrivStatus getPrivileges(
const int64_t objectUID,
ComObjectType objectType,
std::vector<PrivMgrDesc> &userPrivileges);
PrivStatus getPrivileges(
const int64_t objectUID,
ComObjectType objectType,
const int32_t granteeUID,
PrivMgrUserPrivs &userPrivileges,
std::vector <ComSecurityKey *>* secKeySet = NULL);
PrivStatus getPrivRowsForObject(
const int64_t objectUID,
std::vector<ObjectPrivsRow> & objectPrivsRows);
PrivStatus getRoles(
const int32_t grantee,
std::vector<int32_t> &roleIDs);
PrivStatus givePrivForObjects(
const int32_t currentOwnerID,
const int32_t newOwnerID,
const std::string &newOwnerName,
const std::vector<int64_t> &objectUIDs);
PrivStatus grantComponentPrivilege(
const std::string & componentName,
const std::vector<std::string> & operationNamesList,
const int32_t grantorID,
const std::string & grantorName,
const int32_t granteeID,
const std::string & granteeName,
const int32_t grantDepth);
PrivStatus grantObjectPrivilege(
const int64_t objectUID,
const std::string &objectName,
const ComObjectType objectType,
const int32_t granteeUID,
const std::string &granteeName,
const int32_t grantorUID,
const std::string &grantorName,
const std::vector<PrivType> &privs,
const std::vector<ColPrivSpec> & colPrivsArray,
const bool isAllSpecified,
const bool isWGOSpecified);
PrivStatus grantObjectPrivilege(
const int64_t objectUID,
const std::string &objectName,
const ComObjectType objectType,
const int32_t grantorUID,
const int32_t granteeUID,
const PrivMgrBitmap &objectPrivs,
const PrivMgrBitmap &grantablePrivs);
PrivStatus grantRole(
const std::vector<int32_t> & roleIDs,
const std::vector<std::string> & roleNames,
const std::vector<int32_t> & grantorIDs,
const std::vector<std::string> & grantorNames,
PrivAuthClass grantorClass,
const std::vector<int32_t> & granteeIDs,
const std::vector<std::string> & granteeNames,
const std::vector<PrivAuthClass> & granteeClasses,
const int32_t grantDepth);
PrivStatus initializeAuthorizationMetadata(
const std::string &objectsLocation,
const std::string &authsLocation,
const std::string &colsLocation,
std::vector<std::string> &tablesCreated,
std::vector<std::string> &tablesUpgraded);
PrivStatus insertPrivRowsForObject(
const int64_t objectUID,
const std::vector<ObjectPrivsRow> & objectPrivsRows);
bool isPrivMgrTable(const std::string &objectName);
PrivStatus registerComponent(
const std::string &componentName,
const bool isSystem,
const std::string &componentDetails);
PrivStatus revokeComponentPrivilege(
const std::string & componentName,
const std::vector<std::string> & operationNamesList,
const int32_t grantorID,
const int32_t granteeID,
const bool isGOFSpecified,
PrivDropBehavior dropBehavior);
PrivStatus revokeObjectPrivilege(
const int64_t objectUID,
const std::string &objectName,
const ComObjectType objectType,
const int32_t granteeUID,
const std::string &granteeName,
const int32_t grantorUID,
const std::string &grantorName,
const std::vector<PrivType> &privs,
const std::vector<ColPrivSpec> & colPrivsArray,
const bool isAllSpecified,
const bool isGOFSpecified);
PrivStatus revokeObjectPrivilege(
const int64_t objectUID,
const std::string &objectName,
const int32_t grantorUID);
PrivStatus revokeRole(
const std::vector<int32_t> & roleIDs,
const std::vector<int32_t> & granteeIDs,
const std::vector<PrivAuthClass> & granteeClasses,
const std::vector<int32_t> & grantorIDs,
const bool isGOFSpecified,
const int32_t newGrantDepth,
PrivDropBehavior dropBehavior);
PrivStatus unregisterComponent(
const std::string & componentName,
PrivDropBehavior dropBehavior);
// -------------------------------------------------------------------
// Accessors:
// -------------------------------------------------------------------
inline ComDiagsArea * getDiags (void) {return pDiags_;}
inline const std::string getMetadataLocation (void) {return metadataLocation_;}
inline const std::string getTrafMetadataLocation (void) { return trafMetadataLocation_;}
protected:
// -------------------------------------------------------------------
// Mutators:
// -------------------------------------------------------------------
inline void setDiags (ComDiagsArea *pDiags) {pDiags_ = pDiags;}
inline void setMetadataLocation (std::string &metadataLocation)
{ metadataLocation_ = metadataLocation; }
inline void setTrafMetadataLocation (std::string &trafMetadataLocation)
{ trafMetadataLocation_ = trafMetadataLocation; }
private:
// -------------------------------------------------------------------
// Private accessors:
// -------------------------------------------------------------------
PrivMgrCommands& operator=(const PrivMgrCommands& other);
}; // class PrivMgrCommands
#endif