Changeset: 60d51145a716 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/60d51145a716
Modified Files:
sql/backends/monet5/sql_user.c
sql/server/sql_privileges.c
Branch: iso
Log Message:
Detecting more transaction conflicts on user authentication
diffs (155 lines):
diff --git a/sql/backends/monet5/sql_user.c b/sql/backends/monet5/sql_user.c
--- a/sql/backends/monet5/sql_user.c
+++ b/sql/backends/monet5/sql_user.c
@@ -150,9 +150,10 @@ monet5_create_user(ptr _mvc, str user, s
str ret, pwd;
sqlid user_id;
sql_schema *s = find_sql_schema(m->session->tr, "sys");
- sql_table *db_user_info, *auths;
+ sql_table *db_user_info = find_sql_table(m->session->tr, s,
"db_user_info"), *auths = find_sql_table(m->session->tr, s, "auths");
Client c = MCgetClient(m->clientid);
sqlstore *store = m->session->tr->store;
+ int log_res = 0;
if (!schema_path)
schema_path = default_schema_path;
@@ -165,6 +166,13 @@ monet5_create_user(ptr _mvc, str user, s
} else {
pwd = passwd;
}
+
+ user_id = store_next_oid(m->session->tr->store);
+ if ((log_res = store->table_api.table_insert(m->session->tr,
db_user_info, &user, &fullname, &schema_id, &schema_path)))
+ throw(SQL, "sql.create_user", SQLSTATE(42000) "Create user
failed%s", log_res == LOG_CONFLICT ? " due to conflict with another
transaction" : "");
+ if ((log_res = store->table_api.table_insert(m->session->tr, auths,
&user_id, &user, &grantorid)))
+ throw(SQL, "sql.create_user", SQLSTATE(42000) "Create user
failed%s", log_res == LOG_CONFLICT ? " due to conflict with another
transaction" : "");
+
/* add the user to the M5 authorisation administration */
oid grant_user = c->user;
c->user = MAL_ADMIN;
@@ -172,15 +180,7 @@ monet5_create_user(ptr _mvc, str user, s
c->user = grant_user;
if (!enc)
free(pwd);
- if (ret != MAL_SUCCEED)
- return ret;
-
- user_id = store_next_oid(m->session->tr->store);
- db_user_info = find_sql_table(m->session->tr, s, "db_user_info");
- auths = find_sql_table(m->session->tr, s, "auths");
- store->table_api.table_insert(m->session->tr, db_user_info, &user,
&fullname, &schema_id, &schema_path);
- store->table_api.table_insert(m->session->tr, auths, &user_id, &user,
&grantorid);
- return NULL;
+ return ret;
}
static int
diff --git a/sql/server/sql_privileges.c b/sql/server/sql_privileges.c
--- a/sql/server/sql_privileges.c
+++ b/sql/server/sql_privileges.c
@@ -48,24 +48,28 @@ priv2string(int priv)
return "UNKNOWN PRIV";
}
-static void
+static int
sql_insert_priv(mvc *sql, sqlid auth_id, sqlid obj_id, int privilege, sqlid
grantor, int grantable)
{
sql_schema *ss = mvc_bind_schema(sql, "sys");
sql_table *pt = find_sql_table(sql->session->tr, ss, "privileges");
sqlstore *store = sql->session->tr->store;
- store->table_api.table_insert(sql->session->tr, pt, &obj_id, &auth_id,
&privilege, &grantor, &grantable);
+ return store->table_api.table_insert(sql->session->tr, pt, &obj_id,
&auth_id, &privilege, &grantor, &grantable);
}
-static void
+static int
sql_insert_all_privs(mvc *sql, sqlid auth_id, sqlid obj_id, int grantor, int
grantable)
{
- sql_insert_priv(sql, auth_id, obj_id, PRIV_SELECT, grantor, grantable);
- sql_insert_priv(sql, auth_id, obj_id, PRIV_UPDATE, grantor, grantable);
- sql_insert_priv(sql, auth_id, obj_id, PRIV_INSERT, grantor, grantable);
- sql_insert_priv(sql, auth_id, obj_id, PRIV_DELETE, grantor, grantable);
- sql_insert_priv(sql, auth_id, obj_id, PRIV_TRUNCATE, grantor,
grantable);
+ int log_res = 0;
+
+ if ((log_res = sql_insert_priv(sql, auth_id, obj_id, PRIV_SELECT,
grantor, grantable)) ||
+ (log_res = sql_insert_priv(sql, auth_id, obj_id, PRIV_UPDATE,
grantor, grantable)) ||
+ (log_res = sql_insert_priv(sql, auth_id, obj_id, PRIV_INSERT,
grantor, grantable)) ||
+ (log_res = sql_insert_priv(sql, auth_id, obj_id, PRIV_DELETE,
grantor, grantable)) ||
+ (log_res = sql_insert_priv(sql, auth_id, obj_id, PRIV_TRUNCATE,
grantor, grantable)))
+ return log_res;
+ return 0;
}
static bool
@@ -106,6 +110,7 @@ sql_grant_global_privs( mvc *sql, char *
{
bool allowed;
sqlid grantee_id;
+ int log_res;
allowed = admin_privs(grantor);
@@ -121,7 +126,8 @@ sql_grant_global_privs( mvc *sql, char *
/* first check if privilege isn't already given */
if ((sql_privilege(sql, grantee_id, GLOBAL_OBJID, privs) >= 0))
throw(SQL,"sql.grant_global",SQLSTATE(01007) "GRANT: User/role
'%s' already has this privilege", grantee);
- sql_insert_priv(sql, grantee_id, GLOBAL_OBJID, privs, grantor, grant);
+ if ((log_res = sql_insert_priv(sql, grantee_id, GLOBAL_OBJID, privs,
grantor, grant)))
+ throw(SQL,"sql.grant_global",SQLSTATE(42000) "GRANT: failed%s",
log_res == LOG_CONFLICT ? " due to conflict with another transaction" : "");
return MAL_SUCCEED;
}
@@ -132,7 +138,7 @@ sql_grant_table_privs( mvc *sql, char *g
sql_column *c = NULL;
bool allowed;
sqlid grantee_id;
- int all = PRIV_SELECT | PRIV_UPDATE | PRIV_INSERT | PRIV_DELETE |
PRIV_TRUNCATE;
+ int all = PRIV_SELECT | PRIV_UPDATE | PRIV_INSERT | PRIV_DELETE |
PRIV_TRUNCATE, log_res;
if (!(t = find_table_or_view_on_scope(sql, NULL, sname, tname, "GRANT",
false)))
throw(SQL,"sql.grant_table", "%s", sql->errstr);
@@ -172,14 +178,17 @@ sql_grant_table_privs( mvc *sql, char *g
sql_privilege(sql, grantee_id, t->base.id, PRIV_TRUNCATE) >= 0)) ||
(privs != all && !c && sql_privilege(sql, grantee_id, t->base.id,
privs) >= 0) ||
(privs != all && c && sql_privilege(sql, grantee_id, c->base.id,
privs) >= 0)) {
- throw(SQL, "sql.grant", SQLSTATE(01007) "GRANT: User/role '%s'
already has this privilege", grantee);
+ throw(SQL, "sql.grant_table", SQLSTATE(01007) "GRANT: User/role
'%s' already has this privilege", grantee);
}
if (privs == all) {
- sql_insert_all_privs(sql, grantee_id, t->base.id, grantor,
grant);
+ if ((log_res = sql_insert_all_privs(sql, grantee_id,
t->base.id, grantor, grant)))
+ throw(SQL, "sql.grant_table", SQLSTATE(42000) "GRANT:
failed%s", log_res == LOG_CONFLICT ? " due to conflict with another
transaction" : "");
} else if (!c) {
- sql_insert_priv(sql, grantee_id, t->base.id, privs, grantor,
grant);
+ if ((log_res = sql_insert_priv(sql, grantee_id, t->base.id,
privs, grantor, grant)))
+ throw(SQL, "sql.grant_table", SQLSTATE(42000) "GRANT:
failed%s", log_res == LOG_CONFLICT ? " due to conflict with another
transaction" : "");
} else {
- sql_insert_priv(sql, grantee_id, c->base.id, privs, grantor,
grant);
+ if ((log_res = sql_insert_priv(sql, grantee_id, c->base.id,
privs, grantor, grant)))
+ throw(SQL, "sql.grant_table", SQLSTATE(42000) "GRANT:
failed%s", log_res == LOG_CONFLICT ? " due to conflict with another
transaction" : "");
}
return NULL;
}
@@ -190,6 +199,7 @@ sql_grant_func_privs( mvc *sql, char *gr
sql_schema *s = NULL;
bool allowed;
sqlid grantee_id;
+ int log_res;
assert(sname);
if (!(s = mvc_bind_schema(sql, sname)))
@@ -210,8 +220,9 @@ sql_grant_func_privs( mvc *sql, char *gr
throw(SQL, "sql.grant_func", SQLSTATE(01007) "GRANT: User/role
'%s' unknown", grantee);
/* first check if privilege isn't already given */
if (sql_privilege(sql, grantee_id, f->base.id, privs) >= 0)
- throw(SQL,"sql.grant", SQLSTATE(01007) "GRANT: User/role '%s'
already has this privilege", grantee);
- sql_insert_priv(sql, grantee_id, f->base.id, privs, grantor, grant);
+ throw(SQL,"sql.grant_func", SQLSTATE(01007) "GRANT: User/role
'%s' already has this privilege", grantee);
+ if ((log_res = sql_insert_priv(sql, grantee_id, f->base.id, privs,
grantor, grant)))
+ throw(SQL,"sql.grant_func", SQLSTATE(42000) "GRANT: failed%s",
log_res == LOG_CONFLICT ? " due to conflict with another transaction" : "");
return NULL;
}
_______________________________________________
checkin-list mailing list
[email protected]
https://www.monetdb.org/mailman/listinfo/checkin-list
