core/sql/common/ComSecurityKey.h - trafodion - Git at Google

 //*****************************************************************************
 // @@@ START COPYRIGHT @@@
 //
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 //
 // @@@ END COPYRIGHT @@@
 //*****************************************************************************

 #ifndef COMSECURITYKEY_H
 #define COMSECURITYKEY_H

 #include "PrivMgrDefs.h"
 #include "ComSmallDefs.h"
 #include "Collections.h"
 #include "sqlcli.h"
 #include "PrivMgrCommands.h"
 #include "PrivMgrDesc.h"

 class PrivMgrUserPrivs;

 class ComSecurityKey;

 typedef NASet<ComSecurityKey>  ComSecurityKeySet;

 bool buildSecurityKeys( const int32_t userID,
                         const int32_t granteeID,
                         const int64_t objectUID,
                         const PrivMgrCoreDesc &privs,
                         ComSecurityKeySet &secKeySet);

 NABoolean qiCheckForInvalidObject (const Int32 numInvalidationKeys,
                                    const SQL_QIKEY* invalidationKeys,
                                    const Int64 objectUID,
                                    const ComSecurityKeySet & objectKeys);

 void qiInvalidationType (const Int32 numInvalidationKeys,
                          const SQL_QIKEY* invalidationKeys,
                          const Int32 userID,
                          bool &resetRoleList,
                          bool &updateCaches);

 NABoolean qiSubjectMatchesRole(uint32_t subjectKey);

 // ****************************************************************************
 // Class:  ComSecurityKey
 //   Represents a key describing a change that will effect query and compiler
 //   cache
 //
 // members:
 //   subject = hash value describing the effected user or role
 //   object = hash value describing the effected object
 //   action type = type of operation
 //*****************************************************************************


 class ComSecurityKey
 {
 public:

   // QIType indicates the type of entity
   enum QIType {
     INVALID_TYPE = 0,
     OBJECT_IS_SCHEMA,
     OBJECT_IS_OBJECT,
     OBJECT_IS_COLUMN,
     SUBJECT_IS_USER,
     SUBJECT_IS_ROLE,
     OBJECT_IS_SPECIAL_ROLE,
     SUBJECT_IS_GRANT_ROLE
   };

   // QISpecialHashValues are used for security keys for special roles
   enum QISpecialHashValues {
     SPECIAL_SUBJECT_HASH = -1,
     SPECIAL_OBJECT_HASH = -1
   };

   // Constructor for privilege grant on a SQL object to an authID
   ComSecurityKey(
     const int32_t subjectUserID,
     const int64_t objectUID,
     const PrivType which,
     const QIType typeOfObject);

   // Constructor for a role grant to an authID.  Currently only supporting grants of roles to users.
   ComSecurityKey(
    const int32_t subjectUserID,
    const int64_t objectUserID,
    const QIType typeOfSubject = SUBJECT_IS_USER);

   // Constructor for a special role grant to an authID.
   ComSecurityKey(
     const int32_t subjectUserID,
     const QIType typeOfObject);

   ComSecurityKey();  // do not use
   bool operator == (const ComSecurityKey &other) const;

  // Accessors

   uint32_t getSubjectHashValue() const
   {return subjectHash_;}
   uint32_t getObjectHashValue() const
   {return objectHash_;}
   ComQIActionType getSecurityKeyType() const
   {return actionType_;}

   void getSecurityKeyTypeAsLit (std::string &actionString) const;
   bool isValid() const
  {
     if (actionType_ == COM_QI_INVALID_ACTIONTYPE)
       return false;

     return true;
   }

   ComQIActionType convertBitmapToQIActionType(const PrivType which, const QIType inputType) const;

   // Basic method to generate hash values
   static uint32_t generateHash(int64_t hashInput);
   // Generate hash value based on authorization ID
   static uint32_t generateHash(int32_t hashID);

   // For debugging purposes
   NAString print(Int32 subject, Int64 object);

 private:
   uint32_t subjectHash_ ;
   uint32_t objectHash_;
   ComQIActionType actionType_;

 }; // class ComSecurityKey

 #endif
	//*****************************************************************************
	// @@@ START COPYRIGHT @@@
	//
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	//
	// @@@ END COPYRIGHT @@@
	//*****************************************************************************

	#ifndef COMSECURITYKEY_H
	#define COMSECURITYKEY_H

	#include "PrivMgrDefs.h"
	#include "ComSmallDefs.h"
	#include "Collections.h"
	#include "sqlcli.h"
	#include "PrivMgrCommands.h"
	#include "PrivMgrDesc.h"

	class PrivMgrUserPrivs;

	class ComSecurityKey;

	typedef NASet<ComSecurityKey> ComSecurityKeySet;

	bool buildSecurityKeys( const int32_t userID,
	const int32_t granteeID,
	const int64_t objectUID,
	const PrivMgrCoreDesc &privs,
	ComSecurityKeySet &secKeySet);

	NABoolean qiCheckForInvalidObject (const Int32 numInvalidationKeys,
	const SQL_QIKEY* invalidationKeys,
	const Int64 objectUID,
	const ComSecurityKeySet & objectKeys);

	void qiInvalidationType (const Int32 numInvalidationKeys,
	const SQL_QIKEY* invalidationKeys,
	const Int32 userID,
	bool &resetRoleList,
	bool &updateCaches);

	NABoolean qiSubjectMatchesRole(uint32_t subjectKey);

	// ****************************************************************************
	// Class: ComSecurityKey
	// Represents a key describing a change that will effect query and compiler
	// cache
	//
	// members:
	// subject = hash value describing the effected user or role
	// object = hash value describing the effected object
	// action type = type of operation
	//*****************************************************************************


	class ComSecurityKey
	{
	public:

	// QIType indicates the type of entity
	enum QIType {
	INVALID_TYPE = 0,
	OBJECT_IS_SCHEMA,
	OBJECT_IS_OBJECT,
	OBJECT_IS_COLUMN,
	SUBJECT_IS_USER,
	SUBJECT_IS_ROLE,
	OBJECT_IS_SPECIAL_ROLE,
	SUBJECT_IS_GRANT_ROLE
	};

	// QISpecialHashValues are used for security keys for special roles
	enum QISpecialHashValues {
	SPECIAL_SUBJECT_HASH = -1,
	SPECIAL_OBJECT_HASH = -1
	};

	// Constructor for privilege grant on a SQL object to an authID
	ComSecurityKey(
	const int32_t subjectUserID,
	const int64_t objectUID,
	const PrivType which,
	const QIType typeOfObject);

	// Constructor for a role grant to an authID. Currently only supporting grants of roles to users.
	ComSecurityKey(
	const int32_t subjectUserID,
	const int64_t objectUserID,
	const QIType typeOfSubject = SUBJECT_IS_USER);

	// Constructor for a special role grant to an authID.
	ComSecurityKey(
	const int32_t subjectUserID,
	const QIType typeOfObject);

	ComSecurityKey(); // do not use
	bool operator == (const ComSecurityKey &other) const;

	// Accessors

	uint32_t getSubjectHashValue() const
	{return subjectHash_;}
	uint32_t getObjectHashValue() const
	{return objectHash_;}
	ComQIActionType getSecurityKeyType() const
	{return actionType_;}

	void getSecurityKeyTypeAsLit (std::string &actionString) const;
	bool isValid() const
	{
	if (actionType_ == COM_QI_INVALID_ACTIONTYPE)
	return false;

	return true;
	}

	ComQIActionType convertBitmapToQIActionType(const PrivType which, const QIType inputType) const;

	// Basic method to generate hash values
	static uint32_t generateHash(int64_t hashInput);
	// Generate hash value based on authorization ID
	static uint32_t generateHash(int32_t hashID);

	// For debugging purposes
	NAString print(Int32 subject, Int64 object);

	private:
	uint32_t subjectHash_ ;
	uint32_t objectHash_;
	ComQIActionType actionType_;

	}; // class ComSecurityKey

	#endif