Google Git
Sign in
apache / trafodion / refs/tags/2.3.0rc1 / . / core / sql / sqlcomp / PrivMgrUserPrivs.cpp
blob: fcdf247e2a41435325b79fd18904f0e3157be9e8 [file] [log] [blame]
//*****************************************************************************
// @@@ START COPYRIGHT @@@
//
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
//
// @@@ END COPYRIGHT @@@
//*****************************************************************************
// ==========================================================================
// Contains non inline methods in the following classes
// PrivMgrObjectInfo
// PrivMgrCommands
// ==========================================================================
#include "PrivMgrCommands.h"
#include "PrivMgrMD.h"
#include "DgBaseType.h"
#include "NATable.h"
#include "NAColumn.h"
#include "ComSecurityKey.h"
#include "ComUser.h"
#include "ComMisc.h"
#include "CmpSeabaseDDL.h"
#include <cstdio>
#include <algorithm>
// ****************************************************************************
// Class: PrivMgrObjectInfo
// ****************************************************************************
PrivMgrObjectInfo::PrivMgrObjectInfo(
const NATable *naTable)
: objectOwner_ (naTable->getOwner()),
schemaOwner_ (naTable->getSchemaOwner()),
objectUID_ (naTable->objectUid().get_value()),
objectType_ (naTable->getObjectType())
{
// Map hbase map table to external name
if (ComIsHBaseMappedIntFormat(naTable->getTableName().getCatalogName(),
naTable->getTableName().getSchemaName()))
{
NAString newCatName;
NAString newSchName;
ComConvertHBaseMappedIntToExt(naTable->getTableName().getCatalogName(),
naTable->getTableName().getSchemaName(),
newCatName, newSchName);
CONCAT_CATSCH(objectName_, newCatName, newSchName);
objectName_ += std::string(".") +
naTable->getTableName().getUnqualifiedObjectNameAsAnsiString().data();
}
else
objectName_ = naTable->getTableName().getQualifiedNameAsAnsiString().data();
const NAColumnArray &colNameArray = naTable->getNAColumnArray();
for (size_t i = 0; i < colNameArray.entries(); i++)
{
const NAColumn * naCol = colNameArray.getColumn(i);
std::string columnName(naCol->getColName().data());
columnList_.push_back( columnName);
}
}
// ****************************************************************************
// Class: PrivMgrUserPrivs
// ****************************************************************************
bool PrivMgrUserPrivs::initUserPrivs(
const std::vector<int32_t> & roleIDs,
const TrafDesc *priv_desc,
const int32_t userID,
const int64_t objectUID,
ComSecurityKeySet & secKeySet)
{
hasPublicPriv_ = false;
// generate PrivMgrUserPrivs from the priv_desc structure
TrafDesc *priv_grantees_desc = priv_desc->privDesc()->privGrantees;
NAList<PrivMgrDesc> descList(NULL);
// Find relevant descs for the user
while (priv_grantees_desc)
{
Int32 grantee = priv_grantees_desc->privGranteeDesc()->grantee;
bool addDesc = false;
if (grantee == userID)
addDesc = true;
if (PrivMgr::isRoleID(grantee))
{
if ((std::find(roleIDs.begin(), roleIDs.end(), grantee)) != roleIDs.end())
addDesc = true;
}
if (ComUser::isPublicUserID(grantee))
{
addDesc = true;
hasPublicPriv_ = true;
}
// Create a list of PrivMgrDesc contain privileges for user, user's roles,
// and public
if (addDesc)
{
TrafDesc *objectPrivs = priv_grantees_desc->privGranteeDesc()->objectBitmap;
PrivMgrCoreDesc objectDesc(objectPrivs->privBitmapDesc()->privBitmap,
objectPrivs->privBitmapDesc()->privWGOBitmap);
TrafDesc *priv_grantee_desc = priv_grantees_desc->privGranteeDesc();
TrafDesc *columnPrivs = priv_grantee_desc->privGranteeDesc()->columnBitmaps;
NAList<PrivMgrCoreDesc> columnDescs(NULL);
while (columnPrivs)
{
PrivMgrCoreDesc columnDesc(columnPrivs->privBitmapDesc()->privBitmap,
columnPrivs->privBitmapDesc()->privWGOBitmap,
columnPrivs->privBitmapDesc()->columnOrdinal);
columnDescs.insert(columnDesc);
columnPrivs = columnPrivs->next;
}
PrivMgrDesc privs(priv_grantees_desc->privGranteeDesc()->grantee);
privs.setTablePrivs(objectDesc);
privs.setColumnPrivs(columnDescs);
privs.setHasPublicPriv(hasPublicPriv_);
descList.insert(privs);
}
priv_grantees_desc = priv_grantees_desc->next;
}
// Union privileges from all grantees together to create a single set of
// bitmaps. Create security invalidation keys
for (int i = 0; i < descList.entries(); i++)
{
PrivMgrDesc privs = descList[i];
// Set up object level privileges
objectBitmap_ |= privs.getTablePrivs().getPrivBitmap();
grantableBitmap_ |= privs.getTablePrivs().getWgoBitmap();
// Set up column level privileges
NAList<PrivMgrCoreDesc> columnPrivs = privs.getColumnPrivs();
std::map<size_t,PrivColumnBitmap>::iterator it;
for (int j = 0; j < columnPrivs.entries(); j++)
{
PrivMgrCoreDesc colDesc = columnPrivs[j];
Int32 columnOrdinal = colDesc.getColumnOrdinal();
it = colPrivsList_.find(columnOrdinal);
if (it == colPrivsList_.end())
{
colPrivsList_[columnOrdinal] = colDesc.getPrivBitmap();
colGrantableList_[columnOrdinal] = colDesc.getWgoBitmap();
}
else
{
colPrivsList_[columnOrdinal] |= colDesc.getPrivBitmap();
colGrantableList_[columnOrdinal] |= colDesc.getWgoBitmap();
}
}
// set up security invalidation keys
if (!buildSecurityKeys(userID, privs.getGrantee(), objectUID, privs.getTablePrivs(), secKeySet))
return false;
for (int k = 0; k < colPrivsList_.size(); k++)
{
PrivMgrCoreDesc colDesc(colPrivsList_[k], colGrantableList_[k]);
if (!buildSecurityKeys(userID, privs.getGrantee(), objectUID, colDesc, secKeySet))
return false;
}
}
// TBD - add schema privilege bitmaps
return true;
}
// ----------------------------------------------------------------------------
// method: initUserPrivs
//
// Creates a PrivMgrUserPrivs object from a PrivMgrDesc object
// ----------------------------------------------------------------------------
void PrivMgrUserPrivs::initUserPrivs(PrivMgrDesc &privsOfTheUser)
{
objectBitmap_ = privsOfTheUser.getTablePrivs().getPrivBitmap();
grantableBitmap_ = privsOfTheUser.getTablePrivs().getWgoBitmap();
for (int32_t i = 0; i < privsOfTheUser.getColumnPrivs().entries(); i++)
{
const int32_t columnOrdinal = privsOfTheUser.getColumnPrivs()[i].getColumnOrdinal();
colPrivsList_[columnOrdinal] = privsOfTheUser.getColumnPrivs()[i].getPrivBitmap();
colGrantableList_[columnOrdinal] = privsOfTheUser.getColumnPrivs()[i].getWgoBitmap();
}
hasPublicPriv_ = privsOfTheUser.getHasPublicPriv();
}