Xiang Sheng created HAWQ-1329:
---------------------------------
Summary: pg_catalog view fallback failed
Key: HAWQ-1329
URL: https://issues.apache.org/jira/browse/HAWQ-1329
Project: Apache HAWQ
Issue Type: Sub-task
Components: Security
Reporter: Xiang Sheng
Assignee: Ed Espino
Fix For: 2.2.0.0-incubating
in current code
{code}
if (objkind == ACL_KIND_CLASS)
{
char relstorage = get_rel_relstorage(obj_oid);
if (relstorage == 'h')
{
return true;
}
}
{code}
This just fallback pg_catalog.tables, does not fallback pg_catalog.views.
Because the relstorage of pg_catalog.view is 'v', not 'h'. So we should fix it
to fallback the privileges request use the following condition.
{code}
if (namespaceid == PG_CATALOG_NAMESPACE || namespaceid ==
information_schema_namespcace_oid
|| namespaceid == PG_AOSEGMENT_NAMESPACE || namespaceid ==
PG_TOAST_NAMESPACE
|| namespaceid == PG_BITMAPINDEX_NAMESPACE)
{code}
reproduce:
1. psql -d postgres
2. set log_min_messages='DEBUG3';
3. SELECT setting FROM pg_settings WHERE name='client_min_messages';
Can see the json request:
{code}
2017-02-13 16:43:37.908980
CST,"xsheng","postgres",p21556,th2021810176,"[local]",,2017-02-13 15:07:36
CST,25538,con13,cmd92,seg-10000,,,x25538,sx1,"DEBUG3","00000","send json
request to ranger : { ""requestId"": ""40"", ""user" ": ""xsheng"",
""clientIp"": ""127.0.0.1"", ""context"": ""SELECT setting FROM pg_settings
WHERE name='client_min_messages'\n;"", ""access"": [ { ""resource"": {
""database"": ""postgres"", ""schema"": ""pg_catalog"", ""table"" :
""pg_settings"" }, ""privileges"": [ ""select"" ] }, { ""resource"": {
""database"": ""postgres"", ""schema"": ""pg_catalog"", ""table"":
""pg_settings_gpsql"" }, ""privileges"": [ ""select"" ] } ] }",,,,,,"SELECT
setting FRO M pg_settings WHERE
name='client_min_messages';",0,,"rangerrest.c",454,
{code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
