[1/2] trafodion git commit: Fixed regression test issue for privs1/TEST120
Repository: trafodion Updated Branches: refs/heads/master 8e38189d4 -> 06b648612 Fixed regression test issue for privs1/TEST120 Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/480e07ef Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/480e07ef Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/480e07ef Branch: refs/heads/master Commit: 480e07ef2f3798007144baae0d011240790d6b1f Parents: 8e38189 Author: Roberta Marton Authored: Fri Oct 26 18:51:32 2018 + Committer: Roberta Marton Committed: Fri Oct 26 18:51:32 2018 + -- core/sql/regress/privs1/EXPECTED120 | 13 - core/sql/regress/privs1/TEST120 | 11 +-- 2 files changed, 13 insertions(+), 11 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/480e07ef/core/sql/regress/privs1/EXPECTED120 -- diff --git a/core/sql/regress/privs1/EXPECTED120 b/core/sql/regress/privs1/EXPECTED120 index 45713b9..08379f8 100644 --- a/core/sql/regress/privs1/EXPECTED120 +++ b/core/sql/regress/privs1/EXPECTED120 @@ -583,16 +583,12 @@ End of MXCI Session >>-- AR - role involved, check query plans that rely on roles during revoke >>log; Query_Invalidation_Keys explain output for select_games, select_teams, insert_teams, update_teams, select_players, select_standings: -Query_Invalidation_Keys{,,CS}{,, -UR}{,,CS}{, -,UR} +Query_Invalidation_Keys{,,CS}{,,UR}{,,CS}{,,UR} Query_Invalidation_Keys{,,OS} Query_Invalidation_Keys{,,OI}{,,UR} -Query_Invalidation_Keys{,,OS}{,, -CU}{,,UR} +Query_Invalidation_Keys{,,OS}{,,CU}{,,UR} Query_Invalidation_Keys{,,OS} -Query_Invalidation_Keys{,,OS}{,, -OG}{,,UR} +Query_Invalidation_Keys{,,OS}{,,OG}{,,UR} >> >>-- Verify that sql_user9 can select from games >>sh sqlci -i "TEST120(select_queries)" -u sql_user9; @@ -1280,8 +1276,7 @@ End of MXCI Session --- SQL command prepared. >>log; Query_Invalidation_Keys explain output for select_stats: -Query_Invalidation_Keys{,,CS}{,, -UR}{,,UZ} +Query_Invalidation_Keys{,,CS}{,,UR}{,,UZ} >>shecho"Query_Invalidation_Keysexplainoutputforselect_stats:">>LOG; >> >>execute select_stats; http://git-wip-us.apache.org/repos/asf/trafodion/blob/480e07ef/core/sql/regress/privs1/TEST120 -- diff --git a/core/sql/regress/privs1/TEST120 b/core/sql/regress/privs1/TEST120 index 632202c..f451dc8 100755 --- a/core/sql/regress/privs1/TEST120 +++ b/core/sql/regress/privs1/TEST120 @@ -235,7 +235,14 @@ explain select_standings; log; sh echo "Query_Invalidation_Keys explain output for select_games, select_teams, insert_teams, update_teams, select_players, select_standings: " >> LOG120; -sh sed '/Query_Invalidation_Keys/,/ObjectUIDs/!d;/ObjectUIDs/d' EXPLAIN120 | sed -e 's/[0-9 \t]*//g' >> LOG120; +-- Explanation of next command: +-- Extract rows between Query_Invalidation_Keys and ObjectUIDs from explain plan +---> sed '/Query_Invalidation_Keys/,/ObjectUIDs/!d;/ObjectUIDs/d' +-- Remove numeric invalidation key hashes +---> sed -e 's/[0-9 \t]*//g' +-- Join rows for each invalidation key set +---> awk '/Query_Invalidation_Keys/{if (NR!=1)print ""}{printf $0}END{print "";}' +sh sed '/Query_Invalidation_Keys/,/ObjectUIDs/!d;/ObjectUIDs/d' EXPLAIN120 | sed -e 's/[0-9 \t]*//g' | awk '/Query_Invalidation_Keys/{if (NR!=1)print ""}{printf $0}END{print "";}' >> LOG120; log; log LOG120; @@ -297,7 +304,7 @@ log; log EXPLAIN120 clear; explain select_stats; sh echo "Query_Invalidation_Keys explain output for select_stats: " >> LOG120; -sh sed '/Query_Invalidation_Keys/,/ObjectUIDs/!d;/ObjectUIDs/d' EXPLAIN120 | sed -e 's/[0-9 \t]*//g' >> LOG120; +sh sed '/Query_Invalidation_Keys/,/ObjectUIDs/!d;/ObjectUIDs/d' EXPLAIN120 | sed -e 's/[0-9 \t]*//g' | awk '/Query_Invalidation_Keys/{if (NR!=1)print ""}{printf $0}END{print "";}' >> LOG120; log; log LOG120;
[2/2] trafodion git commit: PR 1732 Fixed regression testware issue
PR 1732 Fixed regression testware issue Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/06b64861 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/06b64861 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/06b64861 Branch: refs/heads/master Commit: 06b6486126da788376758900f9b19ac6065b3881 Parents: 8e38189 480e07e Author: Roberta Marton Authored: Fri Oct 26 23:59:34 2018 + Committer: Roberta Marton Committed: Fri Oct 26 23:59:34 2018 + -- core/sql/regress/privs1/EXPECTED120 | 13 - core/sql/regress/privs1/TEST120 | 11 +-- 2 files changed, 13 insertions(+), 11 deletions(-) --
[2/3] trafodion git commit: TRAFODION - 3218 User still has privilege after user's role has been revoked ...
TRAFODION - 3218 User still has privilege after user's role has been revoked ... Partial support for column level privileges with QI support for: column select column insert column references column update Also, as part of this, updated privilege code in a couple of areas: Changed object caching code in NATable and NARoutine to store all privileges assigned to the object when the object is cached (privDescs_). During the load operation, the code creates bitmaps (privInfo_) for the current user. Privilege checks are performed against the user bitmaps (privInfo_). This is in anticipation for some performance updates when connecting to Trafodion (mxosrvr) with different users. Change getRoleList to include the roleID and the granteeID that granted the privilege. The grantee can be a user or a role. When a privilege is revoked from a role, send QI keys for every user that has been granted to role. Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/adf2b8f2 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/adf2b8f2 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/adf2b8f2 Branch: refs/heads/master Commit: adf2b8f23d87bd3bdcccf64523b730a4c9b57843 Parents: c52b07c Author: Roberta Marton Authored: Wed Oct 3 17:54:39 2018 + Committer: Roberta Marton Committed: Wed Oct 3 17:54:39 2018 + -- core/sql/cli/Cli.cpp| 7 +- core/sql/cli/Cli.h | 7 +- core/sql/cli/CliExtern.cpp | 10 +- core/sql/cli/Context.cpp| 63 -- core/sql/cli/Context.h | 8 +- core/sql/cli/SQLCLIdev.h| 5 +- core/sql/comexe/ComTdb.h| 2 +- core/sql/common/ComDistribution.cpp | 4 + core/sql/common/ComSecurityKey.cpp | 125 +++ core/sql/common/ComSecurityKey.h| 16 +- core/sql/common/ComSmallDefs.h | 9 + core/sql/common/ComUser.cpp | 62 - core/sql/common/ComUser.h | 5 +- core/sql/executor/ExExeUtilGet.cpp | 7 +- core/sql/generator/Generator.cpp| 15 +- core/sql/optimizer/BindRelExpr.cpp | 144 core/sql/optimizer/NARoutine.cpp| 96 core/sql/optimizer/NARoutine.h | 11 +- core/sql/optimizer/NATable.cpp | 104 ++--- core/sql/optimizer/NATable.h| 21 +- core/sql/optimizer/RelMisc.h| 3 +- core/sql/regress/privs1/EXPECTED120 | 15 +- core/sql/regress/privs1/TEST120 | 2 +- core/sql/regress/privs2/EXPECTED129 | 218 +- core/sql/regress/privs2/TEST129 | 32 ++- core/sql/sqlcomp/CmpSeabaseDDLauth.cpp | 40 +++- core/sql/sqlcomp/CmpSeabaseDDLauth.h| 3 +- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 15 +- core/sql/sqlcomp/PrivMgr.cpp| 37 +++ core/sql/sqlcomp/PrivMgr.h | 5 + core/sql/sqlcomp/PrivMgrCommands.cpp| 124 +- core/sql/sqlcomp/PrivMgrCommands.h | 15 +- core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp | 12 +- core/sql/sqlcomp/PrivMgrDesc.cpp| 1 + core/sql/sqlcomp/PrivMgrDesc.h | 30 +++ core/sql/sqlcomp/PrivMgrPrivileges.cpp | 224 ++- core/sql/sqlcomp/PrivMgrPrivileges.h| 21 +- core/sql/sqlcomp/PrivMgrRoles.cpp | 92 core/sql/sqlcomp/PrivMgrRoles.h | 18 +- core/sql/sqlcomp/PrivMgrUserPrivs.cpp | 174 -- core/sql/sqlcomp/PrivMgrUserPrivs.h | 15 +- 41 files changed, 1128 insertions(+), 689 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/adf2b8f2/core/sql/cli/Cli.cpp -- diff --git a/core/sql/cli/Cli.cpp b/core/sql/cli/Cli.cpp index 3d5f033..9318fa5 100644 --- a/core/sql/cli/Cli.cpp +++ b/core/sql/cli/Cli.cpp @@ -6240,8 +6240,9 @@ Int32 SQLCLI_GetAuthState ( Lng32 SQLCLI_GetRoleList( CliGlobals * cliGlobals, - Int32 , - Int32 *) + Int32 , + Int32 *& roleIDs, + Int32 *& granteeIDs) { Lng32 retcode = 0; @@ -6254,7 +6255,7 @@ Lng32 SQLCLI_GetRoleList( ContextCli = *(cliGlobals->currContext()); ComDiagsArea = currContext.diags(); - retcode = currContext.getRoleList(numRoles,roleIDs); + retcode = currContext.getRoleList(numEntries,roleIDs,granteeIDs); return CliEpilogue(cliGlobals, NULL, retcode);
[1/3] trafodion git commit: TRAFODION - 3218 User still has privilege after user's role has been revoked ...
Repository: trafodion Updated Branches: refs/heads/master 659f59a13 -> 8e38189d4 http://git-wip-us.apache.org/repos/asf/trafodion/blob/adf2b8f2/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp -- diff --git a/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp b/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp index a620624..cd785f6 100644 --- a/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp +++ b/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp @@ -12540,23 +12540,20 @@ ComTdbVirtTablePrivInfo * CmpSeabaseDDL::getSeabasePrivInfo( // Summarize privileges for object PrivStatus privStatus = STATUS_GOOD; - std::vector privDescs; + ComTdbVirtTablePrivInfo *privInfo = new (heap_) ComTdbVirtTablePrivInfo(); + privInfo->privmgr_desc_list = new (STMTHEAP) PrivMgrDescList(STMTHEAP); + + // Summarize privileges for object PrivMgrCommands command(std::string(MDLoc.data()), std::string(privMgrMDLoc.data()), CmpCommon::diags()); - if (command.getPrivileges(objUID, objType, privDescs) != STATUS_GOOD) + if (command.getPrivileges(objUID, objType, +*privInfo->privmgr_desc_list) != STATUS_GOOD) { *CmpCommon::diags() << DgSqlCode(-CAT_UNABLE_TO_RETRIEVE_PRIVS); return NULL; } - ComTdbVirtTablePrivInfo *privInfo = new (STMTHEAP) ComTdbVirtTablePrivInfo(); - - // PrivMgrDesc operator= is a deep copy - privInfo->privmgr_desc_list = new (STMTHEAP) NAList(STMTHEAP); - for (size_t i = 0; i < privDescs.size(); i++) -privInfo->privmgr_desc_list->insert(privDescs[i]); - return privInfo; } http://git-wip-us.apache.org/repos/asf/trafodion/blob/adf2b8f2/core/sql/sqlcomp/PrivMgr.cpp -- diff --git a/core/sql/sqlcomp/PrivMgr.cpp b/core/sql/sqlcomp/PrivMgr.cpp index 0a5f265..2429b9d 100644 --- a/core/sql/sqlcomp/PrivMgr.cpp +++ b/core/sql/sqlcomp/PrivMgr.cpp @@ -36,6 +36,7 @@ #include "PrivMgrComponentOperations.h" #include "PrivMgrComponentPrivileges.h" #include "PrivMgrPrivileges.h" +#include "PrivMgrRoles.h" // Trafodion includes #include "ComDistribution.h" @@ -154,6 +155,42 @@ PrivMgr::~PrivMgr() resetFlags(); } +// * +// * Method: getGranteeIDsForRoleIDs +// * +// *Returns the grantees assigned to the passed in roles +// *role list +// * +// * Parameters: +// * +// * list of roles to check +// * passed back the list (potentially empty) of users granted to +// * the roleIDs +// * +// * Returns: PrivStatus +// * +// * STATUS_GOOD: Role list returned +// * *: Unable to fetch granted roles, see diags. +// * +// * +PrivStatus PrivMgr::getGranteeIDsForRoleIDs( + const std::vector & roleIDs, + std::vector & granteeIDs, + bool includeSysGrantor) +{ + std::vector granteeIDsForRoleIDs; + PrivMgrRoles roles(" ",metadataLocation_,pDiags_); + if (roles.fetchGranteesForRoles(roleIDs, granteeIDsForRoleIDs, includeSysGrantor) == STATUS_ERROR) +return STATUS_ERROR; + for (size_t i = 0; i < granteeIDsForRoleIDs.size(); i++) + { + int32_t authID = granteeIDsForRoleIDs[i]; + if (std::find(granteeIDs.begin(), granteeIDs.end(), authID) == granteeIDs.end()) + granteeIDs.insert( std::upper_bound( granteeIDs.begin(), granteeIDs.end(), authID ), authID); + } + return STATUS_GOOD; +} + // // method: authorizationEnabled // http://git-wip-us.apache.org/repos/asf/trafodion/blob/adf2b8f2/core/sql/sqlcomp/PrivMgr.h -- diff --git a/core/sql/sqlcomp/PrivMgr.h b/core/sql/sqlcomp/PrivMgr.h index fd6b8bd..0cd52ce 100644 --- a/core/sql/sqlcomp/PrivMgr.h +++ b/core/sql/sqlcomp/PrivMgr.h @@ -168,6 +168,11 @@ class PrivMgr // --- // Accessors and destructors: // --- +PrivStatus getGranteeIDsForRoleIDs( + const std::vector & roleIDs, + std::vector & userIDs, + bool includeSysGrantor = true); + inline std::string getMetadataLocation (void) {return metadataLocation_;} inline const std::string & getMetadataLocation (void) const {return
[3/3] trafodion git commit: Merge [TRAFODION-3218] pr 1723 user still has privilege after user's role revoked
Merge [TRAFODION-3218] pr 1723 user still has privilege after user's role revoked Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/8e38189d Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/8e38189d Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/8e38189d Branch: refs/heads/master Commit: 8e38189d43d6abe57f6a2c992ebaeaf79ce92408 Parents: 659f59a adf2b8f Author: Roberta Marton Authored: Wed Oct 24 16:19:42 2018 + Committer: Roberta Marton Committed: Wed Oct 24 16:19:42 2018 + -- core/sql/cli/Cli.cpp| 7 +- core/sql/cli/Cli.h | 7 +- core/sql/cli/CliExtern.cpp | 10 +- core/sql/cli/Context.cpp| 63 -- core/sql/cli/Context.h | 8 +- core/sql/cli/SQLCLIdev.h| 5 +- core/sql/comexe/ComTdb.h| 2 +- core/sql/common/ComDistribution.cpp | 4 + core/sql/common/ComSecurityKey.cpp | 125 +++ core/sql/common/ComSecurityKey.h| 16 +- core/sql/common/ComSmallDefs.h | 9 + core/sql/common/ComUser.cpp | 62 - core/sql/common/ComUser.h | 5 +- core/sql/executor/ExExeUtilGet.cpp | 7 +- core/sql/generator/Generator.cpp| 15 +- core/sql/optimizer/BindRelExpr.cpp | 144 core/sql/optimizer/NARoutine.cpp| 96 core/sql/optimizer/NARoutine.h | 11 +- core/sql/optimizer/NATable.cpp | 104 ++--- core/sql/optimizer/NATable.h| 21 +- core/sql/optimizer/RelMisc.h| 3 +- core/sql/regress/privs1/EXPECTED120 | 15 +- core/sql/regress/privs1/TEST120 | 2 +- core/sql/regress/privs2/EXPECTED129 | 218 +- core/sql/regress/privs2/TEST129 | 32 ++- core/sql/sqlcomp/CmpSeabaseDDLauth.cpp | 40 +++- core/sql/sqlcomp/CmpSeabaseDDLauth.h| 3 +- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 15 +- core/sql/sqlcomp/PrivMgr.cpp| 37 +++ core/sql/sqlcomp/PrivMgr.h | 5 + core/sql/sqlcomp/PrivMgrCommands.cpp| 124 +- core/sql/sqlcomp/PrivMgrCommands.h | 15 +- core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp | 12 +- core/sql/sqlcomp/PrivMgrDesc.cpp| 1 + core/sql/sqlcomp/PrivMgrDesc.h | 30 +++ core/sql/sqlcomp/PrivMgrPrivileges.cpp | 224 ++- core/sql/sqlcomp/PrivMgrPrivileges.h| 21 +- core/sql/sqlcomp/PrivMgrRoles.cpp | 92 core/sql/sqlcomp/PrivMgrRoles.h | 18 +- core/sql/sqlcomp/PrivMgrUserPrivs.cpp | 174 -- core/sql/sqlcomp/PrivMgrUserPrivs.h | 15 +- 41 files changed, 1128 insertions(+), 689 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/8e38189d/core/sql/cli/Cli.cpp -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/8e38189d/core/sql/optimizer/RelMisc.h -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/8e38189d/core/sql/sqlcomp/PrivMgr.cpp --
[2/2] trafodion git commit: Merge TRAFODION-3194 pr 1720 fix update
Merge TRAFODION-3194 pr 1720 fix update Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/9536c5e3 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/9536c5e3 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/9536c5e3 Branch: refs/heads/master Commit: 9536c5e38d78e633dcedda6fccd8c91fceada188 Parents: 8b19ee7 66b854f Author: Roberta Marton Authored: Sat Sep 29 18:54:56 2018 + Committer: Roberta Marton Committed: Sat Sep 29 18:54:56 2018 + -- core/sql/regress/privs2/EXPECTED135| 4 +++- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 29 + core/sql/sqlcomp/PrivMgrPrivileges.h | 1 - 3 files changed, 20 insertions(+), 14 deletions(-) --
[1/2] trafodion git commit: TRAFODION-3194 update
Repository: trafodion Updated Branches: refs/heads/master 8b19ee7b6 -> 9536c5e38 TRAFODION-3194 update Fixed issue where revoke all on object did not actually revoke the privilege. Also fixed an issue where setting up default privileges did not set the correct default bits for object type. Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/66b854f7 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/66b854f7 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/66b854f7 Branch: refs/heads/master Commit: 66b854f765d06a1ee49bce75450021daf22198ea Parents: 8b19ee7 Author: Roberta Marton Authored: Fri Sep 28 19:05:29 2018 + Committer: Roberta Marton Committed: Fri Sep 28 19:05:29 2018 + -- core/sql/regress/privs2/EXPECTED135| 4 +++- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 29 + core/sql/sqlcomp/PrivMgrPrivileges.h | 1 - 3 files changed, 20 insertions(+), 14 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/66b854f7/core/sql/regress/privs2/EXPECTED135 -- diff --git a/core/sql/regress/privs2/EXPECTED135 b/core/sql/regress/privs2/EXPECTED135 index 055e89a..744b645 100644 --- a/core/sql/regress/privs2/EXPECTED135 +++ b/core/sql/regress/privs2/EXPECTED135 @@ -568,7 +568,9 @@ End of MXCI Session --- SQL operation failed with errors. >>revoke all on t135_t1 from sql_user3; SQL operation complete. +*** ERROR[1025] Request failed. Dependent object TRAFODION.T135SCH_USER3.T135_V1_USER3 exists. + +--- SQL operation failed with errors. >> >>sh sqlci -i "TEST135(user3_drops)" -u sql_user3; >>drop table t135_t3 cascade; http://git-wip-us.apache.org/repos/asf/trafodion/blob/66b854f7/core/sql/sqlcomp/PrivMgrPrivileges.cpp -- diff --git a/core/sql/sqlcomp/PrivMgrPrivileges.cpp b/core/sql/sqlcomp/PrivMgrPrivileges.cpp index 451b32a..fe2c8d1 100644 --- a/core/sql/sqlcomp/PrivMgrPrivileges.cpp +++ b/core/sql/sqlcomp/PrivMgrPrivileges.cpp @@ -1741,7 +1741,6 @@ PrivStatus PrivMgrPrivileges::initGrantRevoke( // Generate the list of privilege descriptors that were requested PrivStatus retcode = convertPrivsToDesc(objectType, isAllSpecified, - isGrant, (isGrant) ? isGOSpecified : true, // WGO (isGrant) ? false : isGOSpecified, // GOF privList, @@ -4973,7 +4972,6 @@ bool PrivMgrPrivileges::isAuthIDGrantedPrivs( PrivStatus PrivMgrPrivileges::convertPrivsToDesc( const ComObjectType objectType, const bool isAllSpecified, - const bool isGrant, const bool isWgoSpecified, const bool isGofSpecified, const std::vector privsList, @@ -5014,7 +5012,14 @@ PrivStatus PrivMgrPrivileges::convertPrivsToDesc( // If all is specified, set bits appropriate for the object type and return if (isAllSpecified) { -privsToProcess.setAllObjectPrivileges(objectType, isGrant, isWgoSpecified); +// For grant: +//WGO is set if WITH GRANT OPTION specified in syntax +//GOF is false, so always turn on the priv bits +// For revoke: +//WGO is always true, so always remove the WGO bits +//GOF is set if GRANT OPTION FOR specified in syntax, so don't set privs +// bit if only removing the grant option (JIRA 3194) +privsToProcess.setAllObjectPrivileges(objectType, !isGofSpecified, isWgoSpecified); return STATUS_GOOD; } @@ -6249,18 +6254,18 @@ PrivStatus ObjectPrivsMDTable::insertSelect( } // Create bitmaps for all supported object types; - PrivMgrCoreDesc privCoreDesc; - privCoreDesc.setAllTableGrantPrivileges(true, true); - int64_t tableBits = privCoreDesc.getPrivBitmap().to_ulong(); + PrivMgrDesc privDesc; + privDesc.setAllTableGrantPrivileges(true, true); + int64_t tableBits = privDesc.getTablePrivs().getPrivBitmap().to_ulong(); - privCoreDesc.setAllLibraryGrantPrivileges(true, true); - int64_t libraryBits = privCoreDesc.getPrivBitmap().to_ulong(); + privDesc.setAllLibraryGrantPrivileges(true, true); + int64_t libraryBits = privDesc.getTablePrivs().getPrivBitmap().to_ulong(); - privCoreDesc.setAllUdrGrantPrivileges(true, true); - int64_t udrBits = privCoreDesc.getPrivBitmap().to_ulong(); + privDesc.setAllUdrGrantPrivileges(true, true); + int64_t udrBits = privDesc.getTablePrivs().getPrivBitmap().to_ulong(); - privCoreDesc.setAllSequenceGrantPrivileges(true, true); - int64_t sequenceBits = privCoreDesc.getPrivBitmap().to_ulong(); + privDesc.setAllSequenceGrantPrivileges(true, true); + int64_t sequenceBits =
[4/4] trafodion git commit: Merge [TRAFODION-3194] [TRAFODION-3195] pr 1717 privilege fixes
Merge [TRAFODION-3194] [TRAFODION-3195] pr 1717 privilege fixes Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/1fd06515 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/1fd06515 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/1fd06515 Branch: refs/heads/master Commit: 1fd06515194937a12c1a22ff17adc930dce92089 Parents: fb269de afff993 Author: Roberta Marton Authored: Wed Sep 26 18:19:57 2018 + Committer: Roberta Marton Committed: Wed Sep 26 18:19:57 2018 + -- core/sql/bin/SqlciErrors.txt |2 +- core/sql/executor/ExExeUtilGet.cpp | 1026 ++- core/sql/regress/privs1/EXPECTED123| 815 ++--- core/sql/regress/privs1/EXPECTED125| 251 ++- core/sql/regress/privs1/EXPECTED141| 143 +++- core/sql/regress/privs1/TEST123| 24 +- core/sql/regress/privs1/TEST125|9 +- core/sql/regress/privs1/TEST141| 22 +- core/sql/regress/privs2/EXPECTED135|4 +- core/sql/regress/privs2/EXPECTED144| 858 +- core/sql/regress/privs2/EXPECTED146| 16 +- core/sql/regress/privs2/LOG144 | Bin 17980 -> 140175 bytes core/sql/regress/privs2/TEST144| 120 +++- core/sql/sqlcomp/PrivMgrCommands.cpp |2 +- core/sql/sqlcomp/PrivMgrDesc.cpp | 122 +--- core/sql/sqlcomp/PrivMgrDesc.h | 97 ++- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 39 +- core/sql/sqlcomp/PrivMgrPrivileges.h |1 + 18 files changed, 2515 insertions(+), 1036 deletions(-) --
[3/4] trafodion git commit: Fixes for TRAFODION-3194 && TRAFODION-3195
Fixes for TRAFODION-3194 && TRAFODION-3195 TRAFODION-3194 Revoke grant option on objects revokes more that grant option changed Privilege Manager to set bitmaps correctly removed unused methods from PrivMgrDesc TRAFODION-3195: Fixes for get commands: get schemas for user : returns schemas owned by the specified user if current user does not have elevated privilege, returns error if current user does not match . get schemas for role : returns schemas owned by the role, if current user does not have elevated privilege, returns error if current user has not been granted get [tables | views | indexes | libraries ] for user : get [functions | table_mapping_functions | procedures] for user : get [privileges | roles] for user : returns objects where has at least one privilege if current user does not have eleveted privilege returns error if current user does not match . get [tables | views | indexes | libraries ] for role : get [functions | table_mapping_functions | procedures] for role : get [privileges | users] for : returns objects where has at least one privilege if current user does not have eleveted privilege returns error if current user has not been granted Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/afff9935 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/afff9935 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/afff9935 Branch: refs/heads/master Commit: afff9935ecd40b0beef8156c773110b40025721f Parents: 1bc3d1a Author: Roberta Marton Authored: Fri Sep 21 22:29:01 2018 + Committer: Roberta Marton Committed: Fri Sep 21 22:29:01 2018 + -- core/sql/bin/SqlciErrors.txt |2 +- core/sql/executor/ExExeUtilGet.cpp | 1026 ++- core/sql/regress/privs1/EXPECTED123| 815 ++--- core/sql/regress/privs1/EXPECTED125| 251 ++- core/sql/regress/privs1/EXPECTED141| 143 +++- core/sql/regress/privs1/TEST123| 24 +- core/sql/regress/privs1/TEST125|9 +- core/sql/regress/privs1/TEST141| 22 +- core/sql/regress/privs2/EXPECTED135|4 +- core/sql/regress/privs2/EXPECTED144| 858 +- core/sql/regress/privs2/EXPECTED146| 16 +- core/sql/regress/privs2/LOG144 | Bin 17980 -> 140175 bytes core/sql/regress/privs2/TEST144| 120 +++- core/sql/sqlcomp/PrivMgrCommands.cpp |2 +- core/sql/sqlcomp/PrivMgrDesc.cpp | 122 +--- core/sql/sqlcomp/PrivMgrDesc.h | 97 ++- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 39 +- core/sql/sqlcomp/PrivMgrPrivileges.h |1 + 18 files changed, 2515 insertions(+), 1036 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/afff9935/core/sql/bin/SqlciErrors.txt -- diff --git a/core/sql/bin/SqlciErrors.txt b/core/sql/bin/SqlciErrors.txt index 7032bf7..0de8a4e 100644 --- a/core/sql/bin/SqlciErrors.txt +++ b/core/sql/bin/SqlciErrors.txt @@ -334,7 +334,7 @@ 1336 Z 9 ADVANCED MAJOR DBADMIN INITIALIZE SQL must specify a $0~String0 statement for the $1~String1. INITIALIZE SQL fails. 1337 Z 9 BEGINNER MINOR DBADMIN $0~String0 is a reserved authorization identifier. 1338 Z 9 ADVANCED MAJOR DBADMIN Role $0~string0 is not defined in the database. -1339 Z 9 BEGINNER MINOR DBADMIN $0~string0 is not a grantable role. +1339 Z 9 BEGINNER MINOR DBADMIN $0~string0 is not a role. 1340 Z 9 BEGINNER MINOR DBADMIN $0~string0 is not a user. 1341 Z 9 BEGINNER MINOR DBADMIN --- unused --- 1342 Z 9 BEGINNER MINOR DBADMIN --- unused --- http://git-wip-us.apache.org/repos/asf/trafodion/blob/afff9935/core/sql/executor/ExExeUtilGet.cpp -- diff --git a/core/sql/executor/ExExeUtilGet.cpp b/core/sql/executor/ExExeUtilGet.cpp index b9d4c68..590b068 100644 --- a/core/sql/executor/ExExeUtilGet.cpp +++ b/core/sql/executor/ExExeUtilGet.cpp @@ -177,7 +177,7 @@ static const QueryString getRolesForUserQuery[] = {" select translate(rtrim(RU.role_name) using ucs2toutf8) "}, {" from %s.\"%s\".%s RU "}, {" where (RU.grantor_ID != -2) and "}, - {" (RU.grantee_name='%s') %s "}, + {" (RU.grantee_name='%s') "}, {" union select * from (values ('PUBLIC')) "}, {" order by 1 "}, {" ; "} @@ -348,7 +348,7 @@ static const QueryString getTrafIndexesOnTableQuery[] = {" ; "} }; -static const QueryString getTrafIndexesForUser[] = +static const QueryString getTrafIndexesForAuth[] = { {" select trim(T2.catalog_name) || '.\"' || trim(T2.schema_name) || '\".' || trim(T2.object_name) "}, {" from %s.\"%s\".%s I, "},
[2/4] trafodion git commit: Fixes for TRAFODION-3194 && TRAFODION-3195
http://git-wip-us.apache.org/repos/asf/trafodion/blob/afff9935/core/sql/regress/privs1/EXPECTED123 -- diff --git a/core/sql/regress/privs1/EXPECTED123 b/core/sql/regress/privs1/EXPECTED123 index dd8211b..ffc42d4 100644 --- a/core/sql/regress/privs1/EXPECTED123 +++ b/core/sql/regress/privs1/EXPECTED123 @@ -324,6 +324,9 @@ SQL_USER5 1 row(s) returned --- SQL operation complete. +>>get users for role "PUBLIC"; + +--- SQL operation complete. >> >>get privileges for user sql_user1; @@ -565,6 +568,34 @@ TRAFODION."T123SCH".TEAMS 6 row(s) returned --- SQL operation complete. +>>get tables for role t123_adminrole; + +Tables for Role T123_ADMINROLE +== + +TRAFODION."T123SCH".GAMES +TRAFODION."T123SCH".TEAMS + +=== + 2 row(s) returned + +--- SQL operation complete. +>>get tables for role t123_ownerrole; + +Tables for Role T123_OWNERROLE +== + +TRAFODION."T123SCH".GAMES +TRAFODION."T123SCH".PLAYERS +TRAFODION."T123SCH".SB_HISTOGRAMS +TRAFODION."T123SCH".SB_HISTOGRAM_INTERVALS +TRAFODION."T123SCH".SB_PERSISTENT_SAMPLES +TRAFODION."T123SCH".TEAMS + +=== + 6 row(s) returned + +--- SQL operation complete. >> >>get indexes for user sql_user1; @@ -613,6 +644,28 @@ TRAFODION."T123SCH".GAMES_VISITOR 1 row(s) returned --- SQL operation complete. +>>get indexes for role t123_adminrole; + +Indexes for Role T123_ADMINROLE +=== + +TRAFODION."T123SCH".GAMES_VISITOR + +=== + 1 row(s) returned + +--- SQL operation complete. +>>get indexes for role t123_ownerrole; + +Indexes for Role T123_OWNERROLE +=== + +TRAFODION."T123SCH".GAMES_VISITOR + +=== + 1 row(s) returned + +--- SQL operation complete. >> >>get views for user sql_user1; @@ -639,65 +692,20 @@ TRAFODION."T123SCH".PLAYERS_ON_TEAM 3 row(s) returned --- SQL operation complete. ->> ->>get libraries for user sql_user1; - -Libraries for User SQL_USER1 - - -DB__LIBMGRNAME -DB__LIBMGR_LIB_CPP - -=== - 2 row(s) returned - SQL operation complete. ->>get libraries for user sql_user2; - -Libraries for User SQL_USER2 - - -DB__LIBMGRNAME -DB__LIBMGR_LIB_CPP - -=== - 2 row(s) returned - SQL operation complete. ->>get libraries for user sql_user3; - -Libraries for User SQL_USER3 - - -DB__LIBMGRNAME -DB__LIBMGR_LIB_CPP - -=== - 2 row(s) returned - SQL operation complete. ->>get libraries for user sql_user4; - -Libraries for User SQL_USER4 - - -DB__LIBMGRNAME -DB__LIBMGR_LIB_CPP - -=== - 2 row(s) returned +>>get views for role t123_adminrole; --- SQL operation complete. ->>get libraries for user sql_user5; +>>get views for role t123_ownerrole; -Libraries for User SQL_USER5 - +Views for Role T123_OWNERROLE += -DB__LIBMGRNAME -DB__LIBMGR_LIB_CPP +TRAFODION."T123SCH".GAMES_BY_PLAYER +TRAFODION."T123SCH".HOME_TEAMS_GAMES +TRAFODION."T123SCH".PLAYERS_ON_TEAM === - 2 row(s) returned + 3 row(s) returned --- SQL operation complete. >> @@ -754,48 +762,24 @@ T123_PLANNERROLE --- SQL operation complete. >>get roles for user sql_user2; -Roles for User SQL_USER2 - - -PUBLIC - -=== - 1 row(s) returned +*** ERROR[1017] You are not authorized to perform this operation. SQL operation complete. +--- SQL operation failed with errors. >>get roles for user sql_user3; -Roles for User SQL_USER3 - - -PUBLIC - -=== - 1 row(s) returned +*** ERROR[1017] You are not authorized to perform this operation. SQL operation complete. +--- SQL operation failed with errors. >>get roles for user sql_user4; -Roles for User SQL_USER4 - - -PUBLIC - -=== - 1 row(s) returned +*** ERROR[1017] You are not authorized to perform this operation. SQL operation complete. +--- SQL operation failed with errors. >>get roles for user sql_user5; -Roles for User SQL_USER5 - - -PUBLIC - -=== - 1 row(s) returned +*** ERROR[1017] You are not authorized to perform this operation. SQL operation complete. +--- SQL operation failed with errors. >> >>get users for role t123_adminrole; @@ -821,9 +805,16 @@ SQL_USER1 --- SQL operation complete. >>get users for role t123_dummyrole; SQL operation complete. +*** ERROR[1017] You are not authorized to perform this operation. + +--- SQL operation failed with errors. >>get users for role t123_ownerrole; +*** ERROR[1017] You are not authorized to perform this operation. + +--- SQL operation failed with
[1/4] trafodion git commit: Fixes for TRAFODION-3194 && TRAFODION-3195
Repository: trafodion Updated Branches: refs/heads/master fb269de14 -> 1fd065151 http://git-wip-us.apache.org/repos/asf/trafodion/blob/afff9935/core/sql/regress/privs2/EXPECTED144 -- diff --git a/core/sql/regress/privs2/EXPECTED144 b/core/sql/regress/privs2/EXPECTED144 index f3127e0..2c225b4 100644 --- a/core/sql/regress/privs2/EXPECTED144 +++ b/core/sql/regress/privs2/EXPECTED144 @@ -130,6 +130,13 @@ CREATE TABLE TRAFODION.T144USER1.CUSTOMERS --- SQL operation complete. >> +>>grant update, usage on library t144_l1 to sql_user2; + +--- SQL operation complete. +>>grant usage on library t144_l2 to t144role1; + +--- SQL operation complete. +>> >>revoke component privilege "SHOW" on sql_operations from "PUBLIC"; --- SQL operation complete. @@ -146,16 +153,13 @@ CREATE_SCHEMA --- SQL operation complete. >> >>obey TEST144(set_up); ->>set schema "_PRIVMGR_MD_"; - SQL operation complete. >>prepare get_privs from +>select distinct +> trim(substring (o.object_name,1,15)) as object_name, +> grantor_id, grantee_id, +> t144user1.t144_translatePrivsBitmap(privileges_bitmap) as granted_privs, +> t144user1.t144_translatePrivsBitmap(grantable_bitmap) as grantable_privs -+>from object_privileges p, "_MD_".objects o ++>from "_PRIVMGR_MD_".object_privileges p, "_MD_".objects o +>where p.object_uid in +> (select object_uid +> from "_MD_".objects @@ -185,12 +189,14 @@ GEN_PHONE GEN_RANDOM -2 4 --E --E GEN_TIME -2 4 --E --E T144_L1 -2 4 ---UG-- ---UG-- +T144_L1 4 5 ---UG-- NONE T144_L2 -2 4 ---UG-- ---UG-- +T144_L2 4 102 G-- NONE T144_TRANSLATEP -2 4 --E --E T144_TRANSLATEP 4-1 --E NONE _TRAFODION_T144 -2 4 G-- G-- 10 row(s) selected. +--- 12 row(s) selected. >>get privileges on function gen_phone; Privileges on Routine T144USER1.GEN_PHONE @@ -276,7 +282,67 @@ Privileges on Routine _LIBMGR_.EVENT_LOG_READER 1 row(s) returned --- SQL operation complete. ->>sh sqlci -i "TEST144(cmds)" -u sql_user1; +>> +>>get functions for user sql_user1; + +Functions for User SQL_USER1 + + +TRAFODION."T144USER1".GEN_PHONE +TRAFODION."T144USER1".GEN_RANDOM +TRAFODION."T144USER1".GEN_TIME +TRAFODION."T144USER1".T144_TRANSLATEPRIVSBITMAP + +=== + 4 row(s) returned + +--- SQL operation complete. +>>get table_mapping functions for user sql_user1; + +Table mapping functions for User SQL_USER1 +== + +TRAFODION."_LIBMGR_".EVENT_LOG_READER +TRAFODION."_LIBMGR_".JDBC + +=== + 2 row(s) returned + +--- SQL operation complete. +>>get procedures for user sql_user1; + +--- SQL operation complete. +>> +>>get libraries for user sql_user2; + +Libraries for User SQL_USER2 + + +TRAFODION."T144USER1".T144_L1 + +=== + 1 row(s) returned + +--- SQL operation complete. +>>get libraries for user sql_user3; + +--- SQL operation complete. +>>get libraries for user sql_user4; + +--- SQL operation complete. +>>get libraries for role t144role1; + +Libraries for Role T144ROLE1 + + +TRAFODION."T144USER1".T144_L2 + +=== + 1 row(s) returned + +--- SQL operation complete. +>> +>>sh sqlci -i "TEST144(cmds_user1)" -u sql_user1; >>values (user); (EXPR) @@ -288,6 +354,44 @@ SQL_USER1 >>set schema t144user1; --- SQL operation complete. +>>get functions for user sql_user1; + +Functions for User SQL_USER1 + + +TRAFODION."T144USER1".GEN_PHONE +TRAFODION."T144USER1".GEN_RANDOM +TRAFODION."T144USER1".GEN_TIME +TRAFODION."T144USER1".T144_TRANSLATEPRIVSBITMAP + +=== + 4 row(s) returned + +--- SQL operation complete. +>>get table_mapping functions for user sql_user1; + +Table mapping functions for User SQL_USER1
[1/4] trafodion git commit: Only expose supported component operations
Repository: trafodion Updated Branches: refs/heads/master 1650c784e -> 8697d9262 http://git-wip-us.apache.org/repos/asf/trafodion/blob/88ed0582/core/sql/sqlcomp/PrivMgrComponentOperations.cpp -- diff --git a/core/sql/sqlcomp/PrivMgrComponentOperations.cpp b/core/sql/sqlcomp/PrivMgrComponentOperations.cpp index bcbfa6b..280710a 100644 --- a/core/sql/sqlcomp/PrivMgrComponentOperations.cpp +++ b/core/sql/sqlcomp/PrivMgrComponentOperations.cpp @@ -58,6 +58,7 @@ namespace ComponentOperations class MyRow : public PrivMgrMDRow { public: + // --- // Constructors and destructors: // --- @@ -71,7 +72,7 @@ public: componentUID_ = other.componentUID_; operationCode_ = other.operationCode_; operationName_ = other.operationName_; - isSystem_ = other.isSystem_; + operationType_ = other.operationType_; operationDescription_ = other.operationDescription_; }; virtual ~MyRow() {}; @@ -82,14 +83,14 @@ public: const int64_t componentUID, const std::string & operationCode, std::string & operationName, - bool & isSystem, + PrivMgrComponentOperations::OperationType & operationType, std::string & operationDescription); bool lookupByName( const int64_t componentUID, const std::string & operationName, std::string & operationCode, - bool & isSystem, + PrivMgrComponentOperations::OperationType & operationType, std::string & operationDescription); // --- @@ -100,7 +101,7 @@ public: int64_tcomponentUID_; std::stringoperationCode_; std::stringoperationName_; -boolisSystem_; +PrivMgrComponentOperations::OperationType operationType_; std::stringoperationDescription_; private: @@ -155,6 +156,10 @@ public: const std::string & whereClause, std::vector ); + PrivStatus update( + const std::string , + const std::string ); + private: MyTable(); void setRow(OutputInfo *pCliRow, MyRow ); @@ -284,7 +289,7 @@ PrivStatus privStatus = myTable.fetchByCode(componentUID,operationCode,row); // *is a 2 character code associated with the operation unique to the * // *component. * // * * -// * boolIn * +// *boolIn * // *is true if the operation is a system operation. * // * * // *const std::string & In * @@ -305,14 +310,12 @@ PrivStatus PrivMgrComponentOperations::createOperation( const std::string & componentName, const std::string & operationName, const std::string & operationCode, - bool isSystemOperation, + bool isSystem, const std::string & operationDescription, const bool existsErrorOK) { -//TODO: Related, could check for setting isSystem, could be separate -// privilege, or restricted to DB__ROOT. PrivMgrComponentPrivileges componentPrivileges(metadataLocation_, pDiags_); if (!ComUser::isRootUserID()&& @@ -379,7 +382,7 @@ std::string tempStr; // An operation can only be a system operation if its component is a // system component. - if (isSystemOperation && !isSystemComponent) + if (isSystem && !isSystemComponent) { *pDiags_ << DgSqlCode(-CAT_COMPONENT_NOT_SYSTEM); return STATUS_ERROR; @@ -391,7 +394,7 @@ MyRow row(fullTableName_); row.componentUID_ = componentUID; row.operationCode_ = operationCode; row.operationName_ = operationName; - row.isSystem_ = isSystemOperation; + row.operationType_ = (isSystem ? OP_TYPE_SYSTEM : OP_TYPE_USER); row.operationDescription_ = operationDescription; MyTable = static_cast(myTable_); @@ -434,8 +437,8 @@ PrivMgrComponentPrivileges componentPrivilege(metadataLocation_,pDiags_); // *is a 2 character code associated with the operation unique to the * // *component. * // * * -// * const bool In * -// *is true if the operation is a system operation. * +// * const bool In * +// *type of component, user, system, or unused. * // *
[2/4] trafodion git commit: Only expose supported component operations
Only expose supported component operations There is a set of component operations and many are about features that we do not support such as CREATE_TRIGGER. This checkin no longer returns these privileges through get privileges on component sql_operations showddl component sql_operations The is_system metadata column in the component_operations table now supports three values: Y - it is a system operation N - it is a user operation U - it is an unsupported (unused) operation (new) An "initialize authorization" or fresh installation is required to make these changes available. Installating this code version calls initialize authorization Running regrinit.sql also calls initialize authorization Some performance enhancements were made to make "initialize authorization" run faster. Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/88ed0582 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/88ed0582 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/88ed0582 Branch: refs/heads/master Commit: 88ed0582c7e09c51acc924735031806210968675 Parents: c8ffae3 Author: Roberta Marton Authored: Fri Aug 24 22:29:06 2018 + Committer: Roberta Marton Committed: Fri Aug 24 22:29:06 2018 + -- core/sql/executor/ExExeUtilGet.cpp | 29 +- core/sql/regress/privs1/EXPECTED132 | 26 +- core/sql/regress/privs1/EXPECTED137 | 468 --- core/sql/regress/privs1/TEST132 | 6 +- core/sql/sqlcomp/CmpSeabaseDDL.h| 1 + core/sql/sqlcomp/CmpSeabaseDDLauth.h| 1 + core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp| 49 +- core/sql/sqlcomp/CmpSeabaseDDLupgrade.cpp | 2 +- core/sql/sqlcomp/PrivMgr.cpp| 58 +++ core/sql/sqlcomp/PrivMgr.h | 5 +- core/sql/sqlcomp/PrivMgrComponentDefs.h | 182 +++- core/sql/sqlcomp/PrivMgrComponentOperations.cpp | 277 --- core/sql/sqlcomp/PrivMgrComponentOperations.h | 38 +- core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp | 181 +++ core/sql/sqlcomp/PrivMgrComponentPrivileges.h | 12 +- core/sql/sqlcomp/PrivMgrDefs.h | 88 +--- core/sql/sqlcomp/PrivMgrMD.cpp | 256 +- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 19 +- 18 files changed, 786 insertions(+), 912 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/88ed0582/core/sql/executor/ExExeUtilGet.cpp -- diff --git a/core/sql/executor/ExExeUtilGet.cpp b/core/sql/executor/ExExeUtilGet.cpp index b54674e..b9d4c68 100644 --- a/core/sql/executor/ExExeUtilGet.cpp +++ b/core/sql/executor/ExExeUtilGet.cpp @@ -298,6 +298,7 @@ static const QueryString getComponentPrivileges[] = {" where (c.component_uid=o.component_uid) "}, {" and (o.component_uid=p.component_uid) "}, {" and (o.operation_code=p.operation_code) "}, + {" and (o.is_system <> 'U') "}, {" and (c.component_name='%s') %s "}, {" order by 1 "}, {" ; "} @@ -1716,34 +1717,6 @@ NABoolean ExExeUtilGetMetadataInfoTcb::checkUserPrivs( break; } - // if user has DML_SELECT, can perform object operations - case ComTdbExeUtilGetMetadataInfo::CATALOGS_: - case ComTdbExeUtilGetMetadataInfo::SCHEMAS_IN_CATALOG_: - case ComTdbExeUtilGetMetadataInfo::VIEWS_IN_CATALOG_: - case ComTdbExeUtilGetMetadataInfo::SEQUENCES_IN_CATALOG_: - case ComTdbExeUtilGetMetadataInfo::TABLES_IN_SCHEMA_: - case ComTdbExeUtilGetMetadataInfo::INDEXES_IN_SCHEMA_: - case ComTdbExeUtilGetMetadataInfo::VIEWS_IN_SCHEMA_: - case ComTdbExeUtilGetMetadataInfo::LIBRARIES_IN_SCHEMA_: - case ComTdbExeUtilGetMetadataInfo::PROCEDURES_IN_SCHEMA_: - case ComTdbExeUtilGetMetadataInfo::SEQUENCES_IN_SCHEMA_: - case ComTdbExeUtilGetMetadataInfo::FUNCTIONS_IN_SCHEMA_: - case ComTdbExeUtilGetMetadataInfo::TABLE_FUNCTIONS_IN_SCHEMA_: - case ComTdbExeUtilGetMetadataInfo::OBJECTS_IN_SCHEMA_: - case ComTdbExeUtilGetMetadataInfo::INDEXES_ON_TABLE_: - case ComTdbExeUtilGetMetadataInfo::VIEWS_ON_TABLE_: - case ComTdbExeUtilGetMetadataInfo::VIEWS_ON_VIEW_: - case ComTdbExeUtilGetMetadataInfo::OBJECTS_ON_TABLE_: - case ComTdbExeUtilGetMetadataInfo::PARTITIONS_FOR_TABLE_: - case ComTdbExeUtilGetMetadataInfo::PARTITIONS_FOR_INDEX_: - case ComTdbExeUtilGetMetadataInfo::TABLES_IN_VIEW_: - case ComTdbExeUtilGetMetadataInfo::VIEWS_IN_VIEW_: - case ComTdbExeUtilGetMetadataInfo::OBJECTS_IN_VIEW_: -{ - if (componentPrivileges.hasSQLPriv(ComUser::getCurrentUser(),SQLOperation::DML_SELECT,true)) -return FALSE; - break; -} default: break; }
[4/4] trafodion git commit: merge pr 1703 Only expose supported component operations
merge pr 1703 Only expose supported component operations Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/8697d926 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/8697d926 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/8697d926 Branch: refs/heads/master Commit: 8697d926249c621160fb5cea45dc8bf6208f4df9 Parents: 1650c78 dfddd00 Author: Roberta Marton Authored: Tue Aug 28 16:50:06 2018 + Committer: Roberta Marton Committed: Tue Aug 28 16:50:06 2018 + -- core/sql/executor/ExExeUtilGet.cpp | 29 +- core/sql/regress/compGeneral/EXPECTED042| 48 +- core/sql/regress/privs1/EXPECTED132 | 26 +- core/sql/regress/privs1/EXPECTED137 | 468 --- core/sql/regress/privs1/TEST132 | 6 +- core/sql/sqlcomp/CmpSeabaseDDL.h| 1 + core/sql/sqlcomp/CmpSeabaseDDLauth.h| 1 + core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp| 49 +- core/sql/sqlcomp/CmpSeabaseDDLupgrade.cpp | 2 +- core/sql/sqlcomp/PrivMgr.cpp| 58 +++ core/sql/sqlcomp/PrivMgr.h | 5 +- core/sql/sqlcomp/PrivMgrComponentDefs.h | 182 +++- core/sql/sqlcomp/PrivMgrComponentOperations.cpp | 277 --- core/sql/sqlcomp/PrivMgrComponentOperations.h | 38 +- core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp | 181 +++ core/sql/sqlcomp/PrivMgrComponentPrivileges.h | 12 +- core/sql/sqlcomp/PrivMgrDefs.h | 88 +--- core/sql/sqlcomp/PrivMgrMD.cpp | 256 +- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 19 +- 19 files changed, 810 insertions(+), 936 deletions(-) --
[2/4] trafodion git commit: Fix for TRAFODION-3112
Fix for TRAFODION-3112 Internal error: get ... for user/role Heading incorrect for libraries Parser error: get procedures/table_mapping functions/functions for user/role Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/3d013bc2 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/3d013bc2 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/3d013bc2 Branch: refs/heads/master Commit: 3d013bc2adb46d139ee027a6c878e8ec2c4d5f5a Parents: ce62bc5 Author: Roberta Marton Authored: Mon Jul 30 22:51:13 2018 + Committer: Roberta Marton Committed: Mon Jul 30 22:51:13 2018 + -- core/sql/bin/SqlciErrors.txt |2 +- core/sql/comexe/ComTdbExeUtil.h | 110 +-- core/sql/executor/ExExeUtilGet.cpp| 1024 ++-- core/sql/generator/GenRelExeUtil.cpp | 31 +- core/sql/parser/ParKeyWords.cpp |2 +- core/sql/parser/sqlparser.y | 51 +- core/sql/parser/ulexer.cpp| 18 + core/sql/regress/compGeneral/EXPECTEDTOK |5 +- core/sql/regress/compGeneral/EXPECTEDTOK2 |5 +- core/sql/regress/privs1/EXPECTED125 | 325 +++- core/sql/regress/privs1/TEST125 |9 + core/sql/sqlcomp/CmpDDLCatErrorCodes.h|1 + 12 files changed, 863 insertions(+), 720 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/3d013bc2/core/sql/bin/SqlciErrors.txt -- diff --git a/core/sql/bin/SqlciErrors.txt b/core/sql/bin/SqlciErrors.txt index 3437cef..75abfab 100644 --- a/core/sql/bin/SqlciErrors.txt +++ b/core/sql/bin/SqlciErrors.txt @@ -85,7 +85,7 @@ 1083 Z 9 BEGINNER MAJOR DBADMIN Validation for constraint $0~ConstraintName failed; incompatible data exists in table. 1084 Z 9 BEGINNER MINOR DBADMIN An invalid default value was specified for column $0~ColumnName. 1085 Z 9 BEGINNER MAJOR DBADMIN --- unused --- -1086 Z 9 U UUU --- unused --- +1086 Z 9 BEGINNER MAJOR DBADMIN $0~string0 is not a $1~string1. 1087 Z 9 BEGINNER MAJOR DBADMIN --- unused --- 1088 Z 9 BEGINNER MINOR DBADMIN --- unused --- 1089 Z 9 BEGINNER MINOR DBADMIN The system generated column SYSKEY must be specified last or not specified at all in the index column list. http://git-wip-us.apache.org/repos/asf/trafodion/blob/3d013bc2/core/sql/comexe/ComTdbExeUtil.h -- diff --git a/core/sql/comexe/ComTdbExeUtil.h b/core/sql/comexe/ComTdbExeUtil.h index 39cd249..afb29fb 100644 --- a/core/sql/comexe/ComTdbExeUtil.h +++ b/core/sql/comexe/ComTdbExeUtil.h @@ -2381,90 +2381,106 @@ public: HIVE_EXT_TABLES_IN_CATALOG_, HBASE_REG_TABLES_IN_CATALOG_, -TABLES_IN_SCHEMA_, +FUNCTIONS_IN_SCHEMA_, INDEXES_IN_SCHEMA_, -VIEWS_IN_SCHEMA_, +INVALID_VIEWS_IN_SCHEMA_, LIBRARIES_IN_SCHEMA_, -MVS_IN_SCHEMA_, -MVGROUPS_IN_SCHEMA_, -PRIVILEGES_ON_SCHEMA_, +OBJECTS_IN_SCHEMA_, PROCEDURES_IN_SCHEMA_, SEQUENCES_IN_SCHEMA_, -SYNONYMS_IN_SCHEMA_, -FUNCTIONS_IN_SCHEMA_, TABLE_FUNCTIONS_IN_SCHEMA_, - -OBJECTS_IN_SCHEMA_, -INVALID_VIEWS_IN_SCHEMA_, +TABLES_IN_SCHEMA_, +VIEWS_IN_SCHEMA_, INDEXES_ON_TABLE_, -INDEXES_ON_MV_, +OBJECTS_ON_TABLE_, VIEWS_ON_TABLE_, VIEWS_ON_VIEW_, -MVS_ON_TABLE_, -MVS_ON_VIEW_, -MVS_ON_MV_, -MVGROUPS_ON_TABLE_, -PRIVILEGES_ON_TABLE_, -PRIVILEGES_ON_MV_, -PRIVILEGES_ON_VIEW_, -PRIVILEGES_ON_SEQUENCE_, -SYNONYMS_ON_TABLE_, -OBJECTS_ON_TABLE_, -PARTITIONS_FOR_TABLE_, +FUNCTIONS_FOR_LIBRARY_, PARTITIONS_FOR_INDEX_, +PARTITIONS_FOR_TABLE_, +PROCEDURES_FOR_LIBRARY_, +TABLE_FUNCTIONS_FOR_LIBRARY_, +OBJECTS_IN_VIEW_, TABLES_IN_VIEW_, VIEWS_IN_VIEW_, -OBJECTS_IN_VIEW_, -TABLES_IN_MV_, -MVS_IN_MV_, -OBJECTS_IN_MV_, ROLES_, - ROLES_FOR_ROLE_, +ROLES_FOR_USER_, +USERS_, USERS_FOR_ROLE_, -PRIVILEGES_FOR_ROLE_, -USERS_, +FUNCTIONS_FOR_ROLE_, +INDEXES_FOR_ROLE_, +LIBRARIES_FOR_ROLE_, +PRIVILEGES_FOR_ROLE_, +PROCEDURES_FOR_ROLE_, +SCHEMAS_FOR_ROLE_, +TABLES_FOR_ROLE_, +TABLE_FUNCTIONS_FOR_ROLE_, +VIEWS_FOR_ROLE_, +FUNCTIONS_FOR_USER_, INDEXES_FOR_USER_, LIBRARIES_FOR_USER_, -MVGROUPS_FOR_USER_, -MVS_FOR_USER_, PRIVILEGES_FOR_USER_, PROCEDURES_FOR_USER_, -ROLES_FOR_USER_, SCHEMAS_FOR_USER_, -SYNONYMS_FOR_USER_, TABLES_FOR_USER_, -TRIGGERS_FOR_USER_, +TABLE_FUNCTIONS_FOR_USER_, VIEWS_FOR_USER_, - -PROCEDURES_FOR_LIBRARY_, -FUNCTIONS_FOR_LIBRARY_, -
[1/4] trafodion git commit: Fix for TRAFODION-3112
Repository: trafodion Updated Branches: refs/heads/master f4a072170 -> 4ec0da84b http://git-wip-us.apache.org/repos/asf/trafodion/blob/3d013bc2/core/sql/regress/privs1/EXPECTED125 -- diff --git a/core/sql/regress/privs1/EXPECTED125 b/core/sql/regress/privs1/EXPECTED125 index 47a5921..49b5283 100644 --- a/core/sql/regress/privs1/EXPECTED125 +++ b/core/sql/regress/privs1/EXPECTED125 @@ -673,8 +673,8 @@ S--SQL_USER2 --- SQL operation complete. >>get privileges on library t125_l1; -Privileges on Sequence T125SCH1.T125_L1 -=== +Privileges on Library T125SCH1.T125_L1 +== ---UG--DB__ROOT G--T125_ROLE1 @@ -688,8 +688,8 @@ Privileges on Sequence T125SCH1.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for sql_user2; -Privileges on Sequence T125SCH1.T125_L1 -=== +Privileges on Library T125SCH1.T125_L1 +== G--T125_ROLE1 @@ -699,8 +699,8 @@ Privileges on Sequence T125SCH1.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for sql_user7; -Privileges on Sequence T125SCH1.T125_L1 -=== +Privileges on Library T125SCH1.T125_L1 +== G--T125_ROLE1 @@ -713,8 +713,8 @@ Privileges on Sequence T125SCH1.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for t125_role1; -Privileges on Sequence T125SCH1.T125_L1 -=== +Privileges on Library T125SCH1.T125_L1 +== G--T125_ROLE1 @@ -855,8 +855,8 @@ S--SQL_USER2 --- SQL operation complete. >>get privileges on library t125_l1; -Privileges on Sequence T125SCH2.T125_L1 -=== +Privileges on Library T125SCH2.T125_L1 +== ---UG--DB__ROOT G--T125_ROLE1 @@ -870,8 +870,8 @@ Privileges on Sequence T125SCH2.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for sql_user2; -Privileges on Sequence T125SCH2.T125_L1 -=== +Privileges on Library T125SCH2.T125_L1 +== G--T125_ROLE1 @@ -881,8 +881,8 @@ Privileges on Sequence T125SCH2.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for sql_user7; -Privileges on Sequence T125SCH2.T125_L1 -=== +Privileges on Library T125SCH2.T125_L1 +== G--T125_ROLE1 @@ -895,8 +895,8 @@ Privileges on Sequence T125SCH2.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for t125_role1; -Privileges on Sequence T125SCH2.T125_L1 -=== +Privileges on Library T125SCH2.T125_L1 +== G--T125_ROLE1 @@ -1078,8 +1078,8 @@ SR-T125_ADMINROLE --- SQL operation complete. >>get privileges on library t125_l1; -Privileges on Sequence T125SCH3.T125_L1 -=== +Privileges on Library T125SCH3.T125_L1 +== ---UG--T125_ADMINROLE G--T125_ROLE1 @@ -1093,8 +1093,8 @@ Privileges on Sequence T125SCH3.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for sql_user2; -Privileges on Sequence T125SCH3.T125_L1 -=== +Privileges on Library T125SCH3.T125_L1 +== G--T125_ROLE1 @@ -1104,8 +1104,8 @@ Privileges on Sequence T125SCH3.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for sql_user7; -Privileges on Sequence T125SCH3.T125_L1 -=== +Privileges on Library T125SCH3.T125_L1 +== G--T125_ROLE1 @@ -1115,8 +1115,8 @@ Privileges on Sequence T125SCH3.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for sql_user8; -Privileges on Sequence T125SCH3.T125_L1 -=== +Privileges on Library T125SCH3.T125_L1 +== ---UG--T125_ADMINROLE @@ -1126,8 +1126,8 @@ Privileges on Sequence T125SCH3.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for t125_role1; -Privileges on Sequence T125SCH3.T125_L1 -=== +Privileges on Library T125SCH3.T125_L1 +== G--T125_ROLE1 @@ -1137,8 +1137,8 @@ Privileges on Sequence T125SCH3.T125_L1 --- SQL operation complete. >>get privileges on library t125_l1 for t125_adminrole; -Privileges on Sequence T125SCH3.T125_L1 -===
[4/4] trafodion git commit: Merge [TRAFODION-3112] pr 1669 get command updates
Merge [TRAFODION-3112] pr 1669 get command updates Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/4ec0da84 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/4ec0da84 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/4ec0da84 Branch: refs/heads/master Commit: 4ec0da84bc9341622bfcbbf5be98bcf5417574a5 Parents: f4a0721 a666773 Author: Roberta Marton Authored: Fri Aug 3 23:03:05 2018 + Committer: Roberta Marton Committed: Fri Aug 3 23:03:05 2018 + -- core/sql/bin/SqlciErrors.txt|2 +- core/sql/comexe/ComTdbExeUtil.h | 110 +- core/sql/executor/ExExeUtilGet.cpp | 1024 -- core/sql/generator/GenRelExeUtil.cpp| 31 +- core/sql/parser/ParKeyWords.cpp |2 +- core/sql/parser/sqlparser.y | 51 +- core/sql/parser/ulexer.cpp | 18 + core/sql/regress/compGeneral/EXPECTEDTOK|5 +- core/sql/regress/compGeneral/EXPECTEDTOK2 |5 +- core/sql/regress/privs1/EXPECTED125 | 325 +- core/sql/regress/privs1/TEST125 |9 + core/sql/sqlcomp/CmpDDLCatErrorCodes.h |1 + .../src/asciidoc/_chapters/ddl_msgs.adoc| 20 + 13 files changed, 883 insertions(+), 720 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/4ec0da84/core/sql/bin/SqlciErrors.txt -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/4ec0da84/core/sql/parser/ParKeyWords.cpp -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/4ec0da84/core/sql/parser/sqlparser.y --
[3/4] trafodion git commit: Updated messages manual
Updated messages manual Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/a666773f Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/a666773f Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/a666773f Branch: refs/heads/master Commit: a666773f92cfdc5d6ece66c288d78ec61fc362da Parents: 3d013bc Author: Roberta Marton Authored: Fri Aug 3 18:58:48 2018 + Committer: Roberta Marton Committed: Fri Aug 3 18:58:48 2018 + -- .../src/asciidoc/_chapters/ddl_msgs.adoc| 20 1 file changed, 20 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/a666773f/docs/messages_guide/src/asciidoc/_chapters/ddl_msgs.adoc -- diff --git a/docs/messages_guide/src/asciidoc/_chapters/ddl_msgs.adoc b/docs/messages_guide/src/asciidoc/_chapters/ddl_msgs.adoc index 6c8d5d8..f6cb4db 100644 --- a/docs/messages_guide/src/asciidoc/_chapters/ddl_msgs.adoc +++ b/docs/messages_guide/src/asciidoc/_chapters/ddl_msgs.adoc @@ -1075,6 +1075,26 @@ for . *Recovery:* Specify a valid default value for the column and resubmit. <<< +[[SQL-1086]] +== SQL 1086 + +``` + is not a . +``` + +Where is the name of a user or role. + +Where
[2/3] trafodion git commit: TRAFODION-1573: Additional GET commands for privileges TRAFODION-3074: Failed to register/unregister user when security disabled
TRAFODION-1573: Additional GET commands for privileges TRAFODION-3074: Failed to register/unregister user when security disabled TRAFODION-1573 changes: - Added support for the following commands: get privileges on : [LIBRARY | PROCEDURE | FUNCTION | TABLE_MAPPING FUNCTION | SEQUENCE] - Added support for the FOR CLAUSE on all supported objects Removed the need to specify keyword 'USER" before username. If USER is included, then it is ignored. get privileges on FOR [USER] : [TABLES, VIEWS, LIBRARIES, PROCEDURES, FUNCTIONS, TABLE_MAPPING FUNCTIONS, SEQUENCES] - The following get command can only be run by DB__ROOT or a user that has been granted the DB__ROOTROLE or DB__HIVEROLE role get in schema hive.xx.xx; : [TABLES, OBJECTS, VIEWS] - The following get command can only be run by DB__ROOT or a user that has been granted the DB__ROOTROLE or DB__HBASEROLE role get external hbase objects; - The following get commands retrieve privilege details from Trafodion metadata; users can only see objects where they have been granted at least one privilege get hive registered tables in catalog trafodion; get hbase registered tables in catalog trafodion; - get privileges commands now return owner's privileges in output - Cleaned up code in the parser. TRAFODION-3074 changes - register user - fixed query to find next available authID - unregister user - added checks to not read privilege metadata if authorization is not enabled Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/88e2a742 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/88e2a742 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/88e2a742 Branch: refs/heads/master Commit: 88e2a742b019dd8d22c22c79d1b64048395cfdb1 Parents: 609d7a4 Author: Roberta MartonAuthored: Fri May 18 16:45:06 2018 + Committer: Roberta Marton Committed: Fri May 18 16:45:06 2018 + -- core/sql/comexe/ComTdbExeUtil.h | 4 + core/sql/executor/ExExeUtilGet.cpp| 244 ++--- core/sql/generator/GenRelExeUtil.cpp | 14 +- core/sql/parser/ParKeyWords.cpp | 2 - core/sql/parser/sqlparser.y | 353 +++- core/sql/regress/compGeneral/EXPECTEDTOK | 3 +- core/sql/regress/compGeneral/EXPECTEDTOK2 | 3 +- core/sql/regress/core/EXPECTED116 | 197 +-- core/sql/regress/privs1/EXPECTED125 | 729 + core/sql/regress/privs1/TEST125 | 51 ++ core/sql/regress/privs2/EXPECTED144 | 301 +- core/sql/regress/privs2/EXPECTED146 | 125 - core/sql/regress/privs2/TEST144 | 39 +- core/sql/regress/privs2/TEST146 | 7 + core/sql/sqlci/sqlci_lex.ll | 2 - core/sql/sqlci/sqlci_yacc.y | 11 - core/sql/sqlcomp/CmpSeabaseDDLauth.cpp| 69 ++- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 2 + 18 files changed, 1708 insertions(+), 448 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/88e2a742/core/sql/comexe/ComTdbExeUtil.h -- diff --git a/core/sql/comexe/ComTdbExeUtil.h b/core/sql/comexe/ComTdbExeUtil.h index 4716460..ef48954 100644 --- a/core/sql/comexe/ComTdbExeUtil.h +++ b/core/sql/comexe/ComTdbExeUtil.h @@ -2522,6 +2522,7 @@ public: PRIVILEGES_ON_TABLE_, PRIVILEGES_ON_MV_, PRIVILEGES_ON_VIEW_, +PRIVILEGES_ON_SEQUENCE_, SYNONYMS_ON_TABLE_, OBJECTS_ON_TABLE_, @@ -2559,6 +2560,9 @@ public: PROCEDURES_FOR_LIBRARY_, FUNCTIONS_FOR_LIBRARY_, TABLE_FUNCTIONS_FOR_LIBRARY_, +PRIVILEGES_ON_LIBRARY_, +PRIVILEGES_ON_PROCEDURE_, +PRIVILEGES_ON_ROUTINE_, COMPONENTS_, COMPONENT_OPERATIONS_, http://git-wip-us.apache.org/repos/asf/trafodion/blob/88e2a742/core/sql/executor/ExExeUtilGet.cpp -- diff --git a/core/sql/executor/ExExeUtilGet.cpp b/core/sql/executor/ExExeUtilGet.cpp index 33865fa..163b190 100644 --- a/core/sql/executor/ExExeUtilGet.cpp +++ b/core/sql/executor/ExExeUtilGet.cpp @@ -558,8 +558,7 @@ static const QueryString getTrafPrivsOnObject[] = {" case when bitextract(privileges_bitmap,58,1) = 1 then 'R' else '-' end || "}, {" case when bitextract(privileges_bitmap,57,1) = 1 then 'E' else '-' end as privs "}, {" from %s.\"%s\".%s "}, - {" where grantor_id <> -2 "}, - {" and object_uid = "}, + {" where object_uid = "}, {" (select object_uid from %s.\"%s\".%s "}, {" where catalog_name = '%s' and schema_name = '%s' and object_name = '%s' "}, {" and object_type = '%s') %s "}, @@ -573,11 +572,11 @@ static const QueryString
[1/3] trafodion git commit: TRAFODION-1573: Additional GET commands for privileges TRAFODION-3074: Failed to register/unregister user when security disabled
Repository: trafodion Updated Branches: refs/heads/master 2c5f48018 -> 1b9cb1b85 http://git-wip-us.apache.org/repos/asf/trafodion/blob/88e2a742/core/sql/regress/privs1/EXPECTED125 -- diff --git a/core/sql/regress/privs1/EXPECTED125 b/core/sql/regress/privs1/EXPECTED125 index 8473a1c..d464042 100644 --- a/core/sql/regress/privs1/EXPECTED125 +++ b/core/sql/regress/privs1/EXPECTED125 @@ -98,6 +98,9 @@ >>create library t125_l1 file $$QUOTE$$ $$REGRRUNDIR$$/$$DLL$$ $$QUOTE$$ ; --- SQL operation complete. +>>grant usage on library t125_l1 to t125_role1; + +--- SQL operation complete. >>create function translateBitmap(bitmap largeint) returns (bitmap_string char >>(20)) +>language c parameter style sql external name 'translateBitmap' +>library t125_l1 @@ -127,6 +130,9 @@ +> file $$QUOTE$$ $$REGRRUNDIR$$/$$JARF$$ $$QUOTE$$; --- SQL operation complete. +>>grant all on library t125_l2 to sql_user8; + +--- SQL operation complete. >> >>create procedure TestHive( +> IN operation char(20), @@ -230,6 +236,9 @@ >>create library t125_l1 file $$QUOTE$$ $$REGRRUNDIR$$/$$DLL$$ $$QUOTE$$ ; --- SQL operation complete. +>>grant usage on library t125_l1 to t125_role1; + +--- SQL operation complete. >>create function translateBitmap(bitmap largeint) returns (bitmap_string char >>(20)) +>language c parameter style sql external name 'translateBitmap' +>library t125_l1 @@ -259,6 +268,9 @@ +> file $$QUOTE$$ $$REGRRUNDIR$$/$$JARF$$ $$QUOTE$$; --- SQL operation complete. +>>grant all on library t125_l2 to sql_user8; + +--- SQL operation complete. >> >>create procedure TestHive( +> IN operation char(20), @@ -362,6 +374,9 @@ >>create library t125_l1 file $$QUOTE$$ $$REGRRUNDIR$$/$$DLL$$ $$QUOTE$$ ; --- SQL operation complete. +>>grant usage on library t125_l1 to t125_role1; + +--- SQL operation complete. >>create function translateBitmap(bitmap largeint) returns (bitmap_string char >>(20)) +>language c parameter style sql external name 'translateBitmap' +>library t125_l1 @@ -391,6 +406,9 @@ +> file $$QUOTE$$ $$REGRRUNDIR$$/$$JARF$$ $$QUOTE$$; --- SQL operation complete. +>>grant all on library t125_l2 to sql_user8; + +--- SQL operation complete. >> >>create procedure TestHive( +> IN operation char(20), @@ -471,9 +489,12 @@ Privileges for Role T125_ROLE1 == +G--TRAFODION.T125SCH1.T125_L1 S--TRAFODION.T125SCH2.GAMES GAME_NUMBER +G--TRAFODION.T125SCH2.T125_L1 S--TRAFODION.T125SCH2.TEAMS TEAM_NUMBER SIDU-R-TRAFODION.T125SCH3.PLAYERS +G--TRAFODION.T125SCH3.T125_L1 --ETRAFODION.T125SCH3.TRANSLATEBITMAP --- SQL operation complete. @@ -500,13 +521,16 @@ Privileges for User SQL_USER2 --ETRAFODION."_LIBMGR_".JDBC SIDU-R-TRAFODION.T125SCH1.GAMES S--TRAFODION.T125SCH1.GAMES_BY_PLAYER +G--TRAFODION.T125SCH1.T125_L1 SIDU-R-TRAFODION.T125SCH2.GAMES S--TRAFODION.T125SCH2.GAMES GAME_NUMBER S--TRAFODION.T125SCH2.GAMES_BY_PLAYER +G--TRAFODION.T125SCH2.T125_L1 S--TRAFODION.T125SCH2.TEAMS TEAM_NUMBER SIDU-R-TRAFODION.T125SCH3.GAMES S--TRAFODION.T125SCH3.GAMES_BY_PLAYER SIDU-R-TRAFODION.T125SCH3.PLAYERS +G--TRAFODION.T125SCH3.T125_L1 --ETRAFODION.T125SCH3.TRANSLATEBITMAP --- SQL operation complete. @@ -517,9 +541,12 @@ Privileges for User SQL_USER7 --ETRAFODION."_LIBMGR_".EVENT_LOG_READER --ETRAFODION."_LIBMGR_".JDBC +G--TRAFODION.T125SCH1.T125_L1 S--TRAFODION.T125SCH2.GAMES GAME_NUMBER +G--TRAFODION.T125SCH2.T125_L1 S--TRAFODION.T125SCH2.TEAMS TEAM_NUMBER SIDU-R-TRAFODION.T125SCH3.PLAYERS +G--TRAFODION.T125SCH3.T125_L1 --ETRAFODION.T125SCH3.TRANSLATEBITMAP --- SQL operation complete. @@ -530,6 +557,8 @@ Privileges for User SQL_USER8 --ETRAFODION."_LIBMGR_".EVENT_LOG_READER --ETRAFODION."_LIBMGR_".JDBC +---UG--TRAFODION.T125SCH1.T125_L2 +---UG--TRAFODION.T125SCH2.T125_L2 SIDU-R-TRAFODION.T125SCH3.GAMES SR-TRAFODION.T125SCH3.GAMES_BY_PLAYER SR-TRAFODION.T125SCH3.HOME_TEAMS_GAMES @@ -547,6 +576,488 @@ SIDU-R-TRAFODION.T125SCH3.TEAMS --- SQL operation complete. >> +>>set schema t125sch1; + +--- SQL operation complete. +>>obey TEST125(get_privs); +>>get privileges on table games; + +Privileges on Table T125SCH1.GAMES +== + +SIDU-R-DB__ROOT +SIDU-R-SQL_USER2 + +--- SQL operation complete. +>>get privileges on table games for sql_user1; + +--- SQL operation complete. +>>get privileges on table games for sql_user2; + +Privileges on Table T125SCH1.GAMES +== + +SIDU-R-SQL_USER2 + +--- SQL operation complete. +>>get privileges on table games for sql_user7; + +--- SQL operation complete. +>>get privileges on table games for
[3/3] trafodion git commit: merge [TRAFODION-1573] [TRAFODION-3075] pr 1568 get command updates and [un]register user fixes
merge [TRAFODION-1573] [TRAFODION-3075] pr 1568 get command updates and [un]register user fixes Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/1b9cb1b8 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/1b9cb1b8 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/1b9cb1b8 Branch: refs/heads/master Commit: 1b9cb1b859502fbed5fbf8c6ed4ad25e060605a1 Parents: 2c5f480 88e2a74 Author: Roberta MartonAuthored: Mon May 21 15:57:36 2018 + Committer: Roberta Marton Committed: Mon May 21 15:57:36 2018 + -- core/sql/comexe/ComTdbExeUtil.h | 4 + core/sql/executor/ExExeUtilGet.cpp| 244 ++--- core/sql/generator/GenRelExeUtil.cpp | 14 +- core/sql/parser/ParKeyWords.cpp | 2 - core/sql/parser/sqlparser.y | 353 +++- core/sql/regress/compGeneral/EXPECTEDTOK | 3 +- core/sql/regress/compGeneral/EXPECTEDTOK2 | 3 +- core/sql/regress/core/EXPECTED116 | 197 +-- core/sql/regress/privs1/EXPECTED125 | 729 + core/sql/regress/privs1/TEST125 | 51 ++ core/sql/regress/privs2/EXPECTED144 | 301 +- core/sql/regress/privs2/EXPECTED146 | 125 - core/sql/regress/privs2/TEST144 | 39 +- core/sql/regress/privs2/TEST146 | 7 + core/sql/sqlci/sqlci_lex.ll | 2 - core/sql/sqlci/sqlci_yacc.y | 11 - core/sql/sqlcomp/CmpSeabaseDDLauth.cpp| 69 ++- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 2 + 18 files changed, 1708 insertions(+), 448 deletions(-) --
[2/4] trafodion git commit: TRAFODION-3046: Privilege support for native HBase tables
TRAFODION-3046: Privilege support for native HBase tables -- Grants and revokes against native HBase tables are enforced similar to hive -- Privilege checking added when creating and dropping native HBase tables -- Removing dependent Trafodion metadata when native HBase tables are dropped -- Added regression test (privs2/TEST146) -- Reorg - split PrivMgrComponents into 2 files: PrivMgrComponents and PrivMgrUserPrivs An hbase table can be referenced using one of the following types: "_CELL_" - references cell data "_ROW_" - references row data "_MAP_" - references data defined by the mapped (external) table Privileges are granted against each of these types, so if you: select * from hbase."_CELL_".hbase1; You must have the select privileges on this table For example: "grant select on hbase."_CELL_".hbase1 to user1" Likewise for other hbase types, grants are required to gain accessibility grant select on hbase."_MAP_".hbase1 to user1 grant select on hbase."_ROW_".hbase1 to role1 Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/b178915d Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/b178915d Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/b178915d Branch: refs/heads/master Commit: b178915d214d6bbdd5f7de49900f61a26abf652b Parents: dd051ea Author: Roberta MartonAuthored: Thu May 10 15:15:50 2018 + Committer: Roberta Marton Committed: Thu May 10 15:15:50 2018 + -- core/sql/nskgmake/sqlcomp/Makefile |1 + core/sql/optimizer/NATable.cpp | 15 +- core/sql/regress/privs1/EXPECTED137 |7 - core/sql/regress/privs1/TEST137 |3 - core/sql/regress/privs2/EXPECTED146 | 1656 ++ core/sql/regress/privs2/FILTER146 | 38 + core/sql/regress/privs2/TEST146 | 248 +++ core/sql/regress/seabase/EXPECTED022| 124 +- core/sql/regress/seabase/EXPECTED026| 25 +- core/sql/regress/seabase/TEST022| 10 + core/sql/regress/seabase/TEST026|3 +- core/sql/regress/seabase/TEST026_drop_hbase | 26 + core/sql/sqlcomp/CmpDDLCatErrorCodes.h |2 +- core/sql/sqlcomp/CmpDescribe.cpp| 26 +- core/sql/sqlcomp/CmpSeabaseDDL.h| 10 +- core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp|4 +- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 132 +- core/sql/sqlcomp/PrivMgr.cpp|9 + core/sql/sqlcomp/PrivMgr.h |4 + core/sql/sqlcomp/PrivMgrCommands.cpp| 160 +- core/sql/sqlcomp/PrivMgrCommands.h | 360 +--- core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp |6 + core/sql/sqlcomp/PrivMgrComponentPrivileges.h |4 +- core/sql/sqlcomp/PrivMgrUserPrivs.cpp | 208 +++ core/sql/sqlcomp/PrivMgrUserPrivs.h | 400 + core/sql/ustat/hs_globals.cpp |5 +- 26 files changed, 2876 insertions(+), 610 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/b178915d/core/sql/nskgmake/sqlcomp/Makefile -- diff --git a/core/sql/nskgmake/sqlcomp/Makefile b/core/sql/nskgmake/sqlcomp/Makefile index c579ea6..0205ebd 100755 --- a/core/sql/nskgmake/sqlcomp/Makefile +++ b/core/sql/nskgmake/sqlcomp/Makefile @@ -35,6 +35,7 @@ CPPSRC := CmpDescribe.cpp \ CmpSeabaseDDLview.cpp \ CmpSeabaseDDLcommentOn.cpp \ PrivMgr.cpp \ +PrivMgrUserPrivs.cpp \ PrivMgrCommands.cpp \ PrivMgrDesc.cpp \ PrivMgrComponents.cpp \ http://git-wip-us.apache.org/repos/asf/trafodion/blob/b178915d/core/sql/optimizer/NATable.cpp -- diff --git a/core/sql/optimizer/NATable.cpp b/core/sql/optimizer/NATable.cpp index 6a959ec..327fcd7 100644 --- a/core/sql/optimizer/NATable.cpp +++ b/core/sql/optimizer/NATable.cpp @@ -5081,7 +5081,6 @@ NABoolean NATable::fetchObjectUIDForNativeTable(const CorrName& corrName, setHbaseDataFormatString(TRUE); break; } - if (table_desc->tableDesc()->isInMemoryObject()) { setInMemoryObjectDefn( TRUE ); @@ -6771,10 +6770,11 @@ void NATable::getPrivileges(TrafDesc * priv_desc) // If current user is root, object owner, or this is a volatile table // automatically have owner default privileges. - if ((!isSeabaseTable() && !isHiveTable()) || - !CmpCommon::context()->isAuthorizationEnabled() || - isVolatileTable() || - (ComUser::isRootUserID() && !isHiveTable()) ) + if
[4/4] trafodion git commit: merge [TRAFODION-3046] pr 1561 Privilege support for native HBase tables
merge [TRAFODION-3046] pr 1561 Privilege support for native HBase tables Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/a5b67c9e Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/a5b67c9e Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/a5b67c9e Branch: refs/heads/master Commit: a5b67c9e918b8eab1ce818587b25a01199f3b856 Parents: 5fa28f3 66dec0a Author: Roberta MartonAuthored: Fri May 11 18:32:33 2018 + Committer: Roberta Marton Committed: Fri May 11 18:32:33 2018 + -- core/sql/nskgmake/sqlcomp/Makefile |1 + core/sql/optimizer/NATable.cpp | 15 +- core/sql/regress/privs1/EXPECTED137 |7 - core/sql/regress/privs1/TEST137 |3 - core/sql/regress/privs2/EXPECTED146 | 1656 ++ core/sql/regress/privs2/FILTER146 | 38 + core/sql/regress/privs2/TEST146 | 248 +++ core/sql/regress/seabase/EXPECTED022| 126 +- core/sql/regress/seabase/EXPECTED026| 25 +- core/sql/regress/seabase/TEST022| 11 + core/sql/regress/seabase/TEST026|3 +- core/sql/regress/seabase/TEST026_drop_hbase | 26 + core/sql/sqlcomp/CmpDDLCatErrorCodes.h |2 +- core/sql/sqlcomp/CmpDescribe.cpp| 26 +- core/sql/sqlcomp/CmpSeabaseDDL.h| 10 +- core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp|4 +- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 132 +- core/sql/sqlcomp/PrivMgr.cpp|9 + core/sql/sqlcomp/PrivMgr.h |4 + core/sql/sqlcomp/PrivMgrCommands.cpp| 160 +- core/sql/sqlcomp/PrivMgrCommands.h | 360 +--- core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp |6 + core/sql/sqlcomp/PrivMgrComponentPrivileges.h |4 +- core/sql/sqlcomp/PrivMgrUserPrivs.cpp | 208 +++ core/sql/sqlcomp/PrivMgrUserPrivs.h | 400 + core/sql/ustat/hs_globals.cpp |5 +- 26 files changed, 2879 insertions(+), 610 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/a5b67c9e/core/sql/optimizer/NATable.cpp -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/a5b67c9e/core/sql/ustat/hs_globals.cpp --
[3/4] trafodion git commit: Fixed regression test
Fixed regression test Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/66dec0ad Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/66dec0ad Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/66dec0ad Branch: refs/heads/master Commit: 66dec0adefa820b8660a93393463a3384c01838c Parents: b178915 Author: Roberta MartonAuthored: Thu May 10 21:33:21 2018 + Committer: Roberta Marton Committed: Thu May 10 21:33:21 2018 + -- core/sql/regress/seabase/EXPECTED022 | 94 --- core/sql/regress/seabase/TEST022 | 1 + 2 files changed, 49 insertions(+), 46 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/66dec0ad/core/sql/regress/seabase/EXPECTED022 -- diff --git a/core/sql/regress/seabase/EXPECTED022 b/core/sql/regress/seabase/EXPECTED022 index bbdb252..f7f10d4 100644 --- a/core/sql/regress/seabase/EXPECTED022 +++ b/core/sql/regress/seabase/EXPECTED022 @@ -430,7 +430,7 @@ ROW_ID (EXPR) >>invoke hbase."_CELL_".t022hbt2; -- Definition of Trafodion table HBASE."_CELL_".T022HBT2 --- Definition current Wed May 9 21:08:44 2018 +-- Definition current Thu May 10 20:58:57 2018 ( ROW_ID VARCHAR(100) CHARACTER SET ISO88591 @@ -449,7 +449,7 @@ ROW_ID (EXPR) >>invoke hbase."_ROW_".t022hbt2; -- Definition of Trafodion table HBASE."_ROW_".T022HBT2 --- Definition current Wed May 9 21:08:44 2018 +-- Definition current Thu May 10 20:58:58 2018 ( ROW_ID VARCHAR(100) CHARACTER SET ISO88591 @@ -469,7 +469,7 @@ ROW_ID (EXPR) >>invoke hbase."_CELL_".t022hbt2; -- Definition of Trafodion table HBASE."_CELL_".T022HBT2 --- Definition current Wed May 9 21:08:45 2018 +-- Definition current Thu May 10 20:58:58 2018 ( ROW_ID VARCHAR(100) CHARACTER SET ISO88591 @@ -488,7 +488,7 @@ ROW_ID (EXPR) >>invoke hbase."_ROW_".t022hbt2; -- Definition of Trafodion table HBASE."_ROW_".T022HBT2 --- Definition current Wed May 9 21:08:45 2018 +-- Definition current Thu May 10 20:58:59 2018 ( ROW_ID VARCHAR(100) CHARACTER SET ISO88591 @@ -609,7 +609,7 @@ ROW_ID (EXPR) >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Wed May 9 21:09:03 2018 +-- Definition current Thu May 10 20:59:13 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -625,7 +625,7 @@ ROW_ID (EXPR) >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Wed May 9 21:09:04 2018 +-- Definition current Thu May 10 20:59:14 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -642,7 +642,7 @@ ROW_ID (EXPR) >>invoke t022hbm1; -- Definition of Trafodion table TRAFODION.SCH.T022HBM1 --- Definition current Wed May 9 21:09:09 2018 +-- Definition current Thu May 10 20:59:20 2018 ( SYSKEY LARGEINT NO DEFAULT NOT NULL NOT DROPPABLE @@ -673,7 +673,7 @@ LC RC OP OPERATOR OPT DESCRIPTION CARD >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Wed May 9 21:09:18 2018 +-- Definition current Thu May 10 20:59:30 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -733,7 +733,7 @@ a2 ? >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Wed May 9 21:09:27 2018 +-- Definition current Thu May 10 20:59:39 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -756,7 +756,7 @@ a2 ? >>invoke t022hbm1_like; -- Definition of Trafodion table TRAFODION.SCH.T022HBM1_LIKE --- Definition current Wed May 9 21:09:36 2018 +-- Definition current Thu May 10 20:59:49 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -818,7 +818,7 @@ a2? ? >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Wed May 9 21:10:05 2018 +-- Definition current Thu May 10 21:00:16 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -835,7 +835,7 @@ a2? ? >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Wed May 9 21:10:14 2018 +-- Definition current Thu May 10 21:00:24 2018 ( "cf".A VARCHAR(4) CHARACTER SET
[1/4] trafodion git commit: TRAFODION-3046: Privilege support for native HBase tables
Repository: trafodion Updated Branches: refs/heads/master 5fa28f37b -> a5b67c9e9 http://git-wip-us.apache.org/repos/asf/trafodion/blob/b178915d/core/sql/regress/seabase/EXPECTED022 -- diff --git a/core/sql/regress/seabase/EXPECTED022 b/core/sql/regress/seabase/EXPECTED022 index b1efc0f..bbdb252 100644 --- a/core/sql/regress/seabase/EXPECTED022 +++ b/core/sql/regress/seabase/EXPECTED022 @@ -8,6 +8,8 @@ >> >>drop hbase table T022HBT1; +*** WARNING[1004] Object T022HBT1 does not exist or object type is invalid for the current operation. + --- SQL operation complete. >>create hbase table T022HBT1 (column family 'cf'); @@ -15,6 +17,8 @@ >> >>drop hbase table T022HBT2; +*** WARNING[1004] Object T022HBT2 does not exist or object type is invalid for the current operation. + --- SQL operation complete. >>create hbase table T022HBT2 (column family 'cf'); @@ -406,7 +410,7 @@ ROW_ID (EXPR) >>insert into hbase."_ROW_".t022hbt1 values ('2', column_create(':b', '201')); -*** ERROR[1426] An invalid HBase column name :b was specified. A valid name must be of the format: : +*** ERROR[1426] An invalid HBase column name :b was specified. A valid name must be of the format: : --- 0 row(s) inserted. >>insert into hbase."_ROW_".t022hbt1 values ('2', '100'); @@ -426,7 +430,7 @@ ROW_ID (EXPR) >>invoke hbase."_CELL_".t022hbt2; -- Definition of Trafodion table HBASE."_CELL_".T022HBT2 --- Definition current Mon May 15 01:28:23 2017 +-- Definition current Wed May 9 21:08:44 2018 ( ROW_ID VARCHAR(100) CHARACTER SET ISO88591 @@ -445,7 +449,7 @@ ROW_ID (EXPR) >>invoke hbase."_ROW_".t022hbt2; -- Definition of Trafodion table HBASE."_ROW_".T022HBT2 --- Definition current Mon May 15 01:28:24 2017 +-- Definition current Wed May 9 21:08:44 2018 ( ROW_ID VARCHAR(100) CHARACTER SET ISO88591 @@ -465,7 +469,7 @@ ROW_ID (EXPR) >>invoke hbase."_CELL_".t022hbt2; -- Definition of Trafodion table HBASE."_CELL_".T022HBT2 --- Definition current Mon May 15 01:28:24 2017 +-- Definition current Wed May 9 21:08:45 2018 ( ROW_ID VARCHAR(100) CHARACTER SET ISO88591 @@ -484,7 +488,7 @@ ROW_ID (EXPR) >>invoke hbase."_ROW_".t022hbt2; -- Definition of Trafodion table HBASE."_ROW_".T022HBT2 --- Definition current Mon May 15 01:28:25 2017 +-- Definition current Wed May 9 21:08:45 2018 ( ROW_ID VARCHAR(100) CHARACTER SET ISO88591 @@ -576,6 +580,8 @@ ROW_ID (EXPR) >> >>drop hbase table t022hbm1; +*** WARNING[1004] Object T022HBM1 does not exist or object type is invalid for the current operation. + --- SQL operation complete. >>create hbase table t022hbm1 (column family 'cf'); @@ -603,7 +609,7 @@ ROW_ID (EXPR) >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Mon May 15 01:28:41 2017 +-- Definition current Wed May 9 21:09:03 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -619,7 +625,7 @@ ROW_ID (EXPR) >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Mon May 15 01:28:41 2017 +-- Definition current Wed May 9 21:09:04 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -636,7 +642,7 @@ ROW_ID (EXPR) >>invoke t022hbm1; -- Definition of Trafodion table TRAFODION.SCH.T022HBM1 --- Definition current Mon May 15 01:28:44 2017 +-- Definition current Wed May 9 21:09:09 2018 ( SYSKEY LARGEINT NO DEFAULT NOT NULL NOT DROPPABLE @@ -667,7 +673,7 @@ LC RC OP OPERATOR OPT DESCRIPTION CARD >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Mon May 15 01:28:50 2017 +-- Definition current Wed May 9 21:09:18 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -727,7 +733,7 @@ a2 ? >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Mon May 15 01:28:55 2017 +-- Definition current Wed May 9 21:09:27 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -750,7 +756,7 @@ a2 ? >>invoke t022hbm1_like; -- Definition of Trafodion table TRAFODION.SCH.T022HBM1_LIKE --- Definition current Mon May 15 01:29:01 2017 +-- Definition current Wed May 9 21:09:36 2018 ( "cf".A VARCHAR(4) CHARACTER SET ISO88591 COLLATE @@ -812,7 +818,7 @@ a2? ? >>invoke t022hbm1; -- Definition of Trafodion HBase mapped table T022HBM1 --- Definition current Mon May 15 01:29:22 2017 +-- Definition current Wed May 9 21:10:05 2018 ( "cf".A
[3/3] trafodion git commit: Merge [TRAFODION-2542] pr 1536 Grantor is not correct when granting privileges
Merge [TRAFODION-2542] pr 1536 Grantor is not correct when granting privileges Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/dd051ea6 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/dd051ea6 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/dd051ea6 Branch: refs/heads/master Commit: dd051ea60bd2881627f7d324dc5ed84236688626 Parents: 9a90338 c04fc45 Author: Roberta MartonAuthored: Wed Apr 25 15:25:16 2018 + Committer: Roberta Marton Committed: Wed Apr 25 15:25:16 2018 + -- core/sql/bin/SqlciErrors.txt| 4 +- core/sql/regress/core/EXPECTED131 | 8 +- core/sql/regress/core/TEST131 | 4 +- core/sql/regress/privs1/EXPECTED120 | 47 +++-- core/sql/regress/privs1/EXPECTED137 | 30 +-- core/sql/regress/privs1/TEST120 | 23 +-- core/sql/regress/privs1/TEST137 | 22 ++- core/sql/regress/privs2/EXPECTED140 | 16 +- core/sql/regress/privs2/EXPECTED143 | 16 +- core/sql/regress/privs2/EXPECTED144 | 4 +- core/sql/regress/privs2/TEST143 | 3 + core/sql/regress/privs2/TEST144 | 2 +- core/sql/sqlcomp/CmpDDLCatErrorCodes.h | 1 + core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp| 184 --- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 33 core/sql/sqlcomp/DefaultConstants.h | 3 + core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp | 7 +- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 140 -- core/sql/sqlcomp/PrivMgrPrivileges.h| 7 + core/sql/sqlcomp/nadefaults.cpp | 3 + .../src/asciidoc/_chapters/ddl_msgs.adoc| 38 +++- 21 files changed, 376 insertions(+), 219 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/dd051ea6/core/sql/regress/privs1/EXPECTED137 -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/dd051ea6/core/sql/regress/privs1/TEST137 -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/dd051ea6/core/sql/sqlcomp/DefaultConstants.h -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/dd051ea6/core/sql/sqlcomp/nadefaults.cpp --
[1/3] trafodion git commit: [TRAFODION-2542] Grantor is not correct when granting privileges for a role
ers; @@ -342,7 +343,7 @@ cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; cqd AUTO_QUERY_RETRY_WARNINGS 'ON'; set schema t120sch; -revoke insert, delete on teams from t120role2; +revoke insert, delete on teams from t120role2 by t120role1; ?section grant_t120role2p log LOG120; @@ -351,7 +352,7 @@ cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; cqd AUTO_QUERY_RETRY_WARNINGS 'ON'; set schema t120sch; -grant insert, delete on teams to t120role2; +grant insert, delete on teams to t120role2 by t120role1; ?section revoke_t120role2 log LOG120; @@ -396,7 +397,7 @@ cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; cqd AUTO_QUERY_RETRY_WARNINGS 'ON'; set schema t120sch; -revoke select (team_number, num_players) on stats from "PUBLIC"; +revoke select (team_number, num_players) on stats from "PUBLIC" by t120role1; showddl stats; select team_number, num_players from stats; http://git-wip-us.apache.org/repos/asf/trafodion/blob/03a96998/core/sql/regress/privs1/TEST137 -- diff --git a/core/sql/regress/privs1/TEST137 b/core/sql/regress/privs1/TEST137 index 9654fe4..77dae01 100755 --- a/core/sql/regress/privs1/TEST137 +++ b/core/sql/regress/privs1/TEST137 @@ -44,6 +44,8 @@ control query default SKIP_METADATA_VIEWS 'ON'; obey TEST137(clean_up); cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; +cqd ALLOW_WGO_FOR_ROLES 'on'; +grant component privilege "SHOW" on sql_operations to "PUBLIC"; log LOG137 clear; obey TEST137(set_up); obey TEST137(create_db); @@ -108,6 +110,8 @@ revoke role library_ckout_clerks from sql_user3, sql_user4, sql_user5; drop role library_ckout_clerks; revoke component privilege lib_view_checkouts on library_books from lib_role_test; +revoke component privilege "SHOW" on sql_operations from "PUBLIC"; + revoke role lib_role_test from sql_user5; revoke role db__rootrole from sql_user5; drop role lib_role_test; @@ -158,7 +162,7 @@ where c.component_uid = p.component_uid and p.operation_code = d.operation_code and p.component_uid = d.component_uid and c.component_name like 'LIBRARY%' -order by 1, 2, d.grantor_ID, d.grantee_name, grant_depth +order by 1, 2, d.grantee_name, grant_depth for read uncommitted access; ?section create_db @@ -222,7 +226,6 @@ execute get_components; -- fails with a syntax error register component user; -register component "delimited not supported"; register component abi**def; -- fails with component already registered @@ -465,8 +468,6 @@ cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; log LOG137; values (user); -- These tests should succeed --- returns 2 rows -showddl role db__rootrole; execute get_component_operations; grant component privilege lib_view_checkouts on library_books to sql_user4 with grant option; @@ -508,6 +509,7 @@ log; -- below is the setup and testing for various scenarios for revoke component privileges ?section revoke_comp_privs_setup +cqd ALLOW_WGO_FOR_ROLES 'on'; cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; log LOG137; create role library_admin; @@ -548,6 +550,7 @@ grant component privilege lib_view_repository log; ?section revoke_comp_privs_setup_user1 +cqd ALLOW_WGO_FOR_ROLES 'on'; cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; log LOG137; grant component privilege lib_view_repository @@ -555,6 +558,7 @@ on library_books to sql_user2 with grant option; log; ?section revoke_comp_privs_setup_user2 +cqd ALLOW_WGO_FOR_ROLES 'on'; cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; log LOG137; grant component privilege lib_view_repository @@ -568,6 +572,7 @@ on library_books to sql_user5; log; ?section revoke_comp_privs_setup_user3 +cqd ALLOW_WGO_FOR_ROLES 'on'; cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; log LOG137; grant component privilege lib_view_repository @@ -581,6 +586,7 @@ on library_books to sql_user4 with grant option; log; ?section revoke_comp_privs_setup_user4 +cqd ALLOW_WGO_FOR_ROLES 'on'; cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; log LOG137; grant component privilege lib_view_repository @@ -650,4 +656,14 @@ log LOG137; --create schema t137sch; log; +?section metadata_cmds +cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; +log LOG137; +select auth_id from "_MD_".auths where auth_db_name = 'DB__ROOT'; +select role_id from "_PRIVMGR_MD_".role_usage where role_name = 'DB__ROOTROLE'; +select count(*) from "_REPOS_".metric_query_table where component_id < 0; +set param ?cmd 'ls'; +-- always fails, EXECUTE privilege is require not DML_SELECT_METADATA +call "_LIBMGR_".HELP(?cmd); +log; http://git-wip-us.apache.org/repos/asf/trafodion/blob/03a96998/core/sql/regress/privs2/EXPECTED140 ------ diff --git a/core/sql/regress/privs2/EXPECTED140 b/core/sql/regress/privs2/EXPECTED140 index 62e0b5b..81c3fbc 100644 --- a/core/sql/regress/privs2/EXPECTED140 +++ b/core
[2/3] trafodion git commit: Added new/changed errors to messages guide. Fixed issue generating error text for error 1012.
Added new/changed errors to messages guide. Fixed issue generating error text for error 1012. Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/c04fc453 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/c04fc453 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/c04fc453 Branch: refs/heads/master Commit: c04fc45373802fd40a4a05f2bfa2caeda3c4450d Parents: 03a9699 Author: Roberta MartonAuthored: Tue Apr 24 22:15:08 2018 + Committer: Roberta Marton Committed: Tue Apr 24 22:15:08 2018 + -- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 2 +- .../src/asciidoc/_chapters/ddl_msgs.adoc| 38 2 files changed, 32 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/c04fc453/core/sql/sqlcomp/PrivMgrPrivileges.cpp -- diff --git a/core/sql/sqlcomp/PrivMgrPrivileges.cpp b/core/sql/sqlcomp/PrivMgrPrivileges.cpp index 46ec01c..513a2bd 100644 --- a/core/sql/sqlcomp/PrivMgrPrivileges.cpp +++ b/core/sql/sqlcomp/PrivMgrPrivileges.cpp @@ -4531,7 +4531,7 @@ PrivStatus PrivMgrPrivileges::getRolesToCheck( { // just return what getAuthNameFromAuthID returns ComUser::getAuthNameFromAuthID(roleIDs[r],roleName, sizeof(roleName),length); - if (r > 0) + if (rolesWithPrivs.size() > 0) rolesWithPrivs += ", "; rolesWithPrivs += roleName; } http://git-wip-us.apache.org/repos/asf/trafodion/blob/c04fc453/docs/messages_guide/src/asciidoc/_chapters/ddl_msgs.adoc -- diff --git a/docs/messages_guide/src/asciidoc/_chapters/ddl_msgs.adoc b/docs/messages_guide/src/asciidoc/_chapters/ddl_msgs.adoc index 5d2b6b3..6c8d5d8 100644 --- a/docs/messages_guide/src/asciidoc/_chapters/ddl_msgs.adoc +++ b/docs/messages_guide/src/asciidoc/_chapters/ddl_msgs.adoc @@ -195,9 +195,14 @@ This is currently not supported. == SQL 1012 ``` -No privileges were granted. You lack grant option on the specified privileges. +No privileges were granted. lacks grant option on the specified privileges. . ``` +Where is a {project-name} user name. + +Where suggests roles you can specify in order for the grant to succeed. +If has not been granted any relevant roles, is omitted. + *Cause:* You attempted to grant privileges for which you do not have grant options. @@ -1889,6 +1894,26 @@ overlap in meaning. {project-name} requires the former construct to match the la *Recovery:* Either remove the clause (as it is redundant) or change it to match the primary key. Then resubmit. +[[SQL-1194]] +== SQL 1194 + +``` +Component operation does not exist for component . +``` + +Where is the operation assigned to a component. + +Where is the name of a valid component. + +*Cause:* Components are assigned a set of operations that can be granted privileges. The requested +is not assigned to component . + +*Effect:* The operation fails. + +*Recovery:* Perform "get privileges on component " to get the list of valid operations (privileges) for the +component and retry the request. + +<<< [[SQL-1195]] == SQL 1195 @@ -1904,7 +1929,6 @@ Where is the name of a column specified in a SALT clause. *Recovery:* Correct the column name then resubmit. -<<< [[SQL-1196]] == SQL 1196 @@ -1923,6 +1947,7 @@ Where is the largest allowable number of salt partitions supported *Recovery:* Correct the SALT clause then resubmit. +<<< [[SQL-1197]] == SQL 1197 @@ -1941,7 +1966,6 @@ Where is the name of an internal stored procedure. *Recovery:* None. Report this error and the associated SQL operation to the {project-name} User Distribution List. -<<< [[SQL-1199]] == SQL 1199 @@ -1955,6 +1979,7 @@ The PARTITION BY clause is not allowed for a Trafodion table. *Recovery:* Remove the PARTITION BY clause from the DDL statement and resubmit. +<<< [[SQL-1200]] == SQL 1200 @@ -1973,7 +1998,6 @@ A failure occurred at the HDFS or Hive level. The diagnostics contain more infor *Recovery:* Address the indicated issue at the HDFS or Hive level, then resubmit. -<<< [[SQL-1201]] == SQL 1201 @@ -1990,6 +2014,7 @@ SALT LIKE TABLE is not allowed for unique indexes. *Recovery:* Remove either the UNIQUE keyword or the SALT LIKE TABLE clause and resubmit. +<<< [[SQL-1202]] == SQL 1202 @@ -2008,7 +2033,6 @@ a table that is not salted. *Recovery:* Remove the SALT LIKE TABLE clause and resubmit. -<<< [[SQL-1203]] == SQL 1203 @@ -2025,6 +2049,7 @@ characters of HBase options, exceeding the length limit that {project-name} supp *Recovery:* Shorten the set of options specified in
[1/2] trafodion git commit: [TRAFODION-2600] Unable to create view ... but user has SELECT privilege
Repository: trafodion Updated Branches: refs/heads/master aade2cffa -> 8c6eebffa [TRAFODION-2600] Unable to create view ... but user has SELECT privilege Query invalidation is not resetting the role list when a user is granted a role. For DML operations, we always retry the request once, and between retries, the role list is reset. So DML works on a retry. However, DDL operations are not retried, so the role list is not reset and the create view fails. An analogous issue exists when the role is revoked from a user and the role list is not reset. In this case, the user can still create views even though they no longer have the privilege. Changes: - Grant role: sends a new query invalidation key - Revoke role: forces a query invalidation check even if the key is not present - Displays query invalidation keys when debug option DBUSER_DEBUG is set, e.g: set envvar DBUSER_DEBUG 1; Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/f9820b26 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/f9820b26 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/f9820b26 Branch: refs/heads/master Commit: f9820b26144a45b7c7cbdedaeefc832f150f5d45 Parents: ad1c676 Author: Roberta MartonAuthored: Mon Apr 16 22:26:07 2018 + Committer: Roberta Marton Committed: Mon Apr 16 22:26:07 2018 + -- core/sql/common/ComDistribution.cpp | 1 + core/sql/common/ComSecurityKey.cpp | 114 ++- core/sql/common/ComSecurityKey.h| 5 +- core/sql/common/ComSmallDefs.h | 3 +- core/sql/executor/ExExeUtilGet.cpp | 4 +- core/sql/regress/privs1/EXPECTED120 | 33 - core/sql/regress/privs1/TEST120 | 5 +- core/sql/regress/privs2/EXPECTED144 | 26 ++- core/sql/regress/privs2/TEST144 | 1 + core/sql/runtimestats/sscpipc.cpp | 8 +++ core/sql/sqlcomp/PrivMgrRoles.cpp | 34 + core/sql/sqlcomp/QCache.cpp | 17 + 12 files changed, 235 insertions(+), 16 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/f9820b26/core/sql/common/ComDistribution.cpp -- diff --git a/core/sql/common/ComDistribution.cpp b/core/sql/common/ComDistribution.cpp index 1fec747..14bb378 100644 --- a/core/sql/common/ComDistribution.cpp +++ b/core/sql/common/ComDistribution.cpp @@ -298,6 +298,7 @@ Int32 literalToEnum (const literalAndEnumStruct * conversionTable, const literalAndEnumStruct qiTypeConversionTable [] = { {COM_QI_INVALID_ACTIONTYPE, COM_QI_INVALID_ACTIONTYPE_LIT}, + {COM_QI_GRANT_ROLE, COM_QI_GRANT_ROLE_LIT}, {COM_QI_USER_GRANT_ROLE, COM_QI_USER_GRANT_ROLE_LIT}, {COM_QI_ROLE_GRANT_ROLE, COM_QI_ROLE_GRANT_ROLE_LIT}, {COM_QI_OBJECT_SELECT, COM_QI_OBJECT_SELECT_LIT}, http://git-wip-us.apache.org/repos/asf/trafodion/blob/f9820b26/core/sql/common/ComSecurityKey.cpp -- diff --git a/core/sql/common/ComSecurityKey.cpp b/core/sql/common/ComSecurityKey.cpp index 76b88e7..567d9ee 100644 --- a/core/sql/common/ComSecurityKey.cpp +++ b/core/sql/common/ComSecurityKey.cpp @@ -165,11 +165,26 @@ bool buildSecurityKeys( const int32_t userID, if (privs.isNull()) return true; + NABoolean doDebug = (getenv("DBUSER_DEBUG") ? TRUE : FALSE); + std::string msg ("Method: buildSecurityKeys: "); + if (doDebug) + { +printf("[DBUSER:%d] %s\n", (int) getpid(), msg.c_str()); +fflush(stdout); + } + // If public is the grantee, generate special security key // A user cannot be revoked from public if (ComUser::isPublicUserID(granteeID)) { ComSecurityKey key(granteeID, ComSecurityKey::OBJECT_IS_SPECIAL_ROLE); +if (doDebug) +{ + NAString msg (key.print(granteeID, objectUID)); + printf("[DBUSER:%d] (public) %s\n", (int) getpid(), msg.data()); + fflush(stdout); +} + if (key.isValid()) secKeySet.insert(key); else @@ -181,6 +196,14 @@ bool buildSecurityKeys( const int32_t userID, if (PrivMgr::isRoleID(granteeID)) { ComSecurityKey key (userID, granteeID, ComSecurityKey::SUBJECT_IS_USER); +if (doDebug) +{ + NAString msg = key.print(userID, granteeID); + printf("[DBUSER:%d] (role) %s\n", + (int) getpid(), msg.data()); + fflush(stdout); +} + if (key.isValid()) secKeySet.insert(key); else @@ -195,6 +218,14 @@ bool buildSecurityKeys( const int32_t userID, { ComSecurityKey key (granteeID, objectUID, PrivType(i), ComSecurityKey::OBJECT_IS_OBJECT); + if (doDebug) + { +NAString msg = key.print(granteeID, objectUID); +printf("[DBUSER:%d]
[2/2] trafodion git commit: merge [TRAFODION-2600] pr - 1520 Unable to create view ... but user has SELECT privilege
merge [TRAFODION-2600] pr - 1520 Unable to create view ... but user has SELECT privilege Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/8c6eebff Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/8c6eebff Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/8c6eebff Branch: refs/heads/master Commit: 8c6eebffa235cc912843d10d440926cdadcd0d33 Parents: aade2cf f9820b2 Author: Roberta MartonAuthored: Tue Apr 17 23:35:01 2018 + Committer: Roberta Marton Committed: Tue Apr 17 23:35:01 2018 + -- core/sql/common/ComDistribution.cpp | 1 + core/sql/common/ComSecurityKey.cpp | 114 ++- core/sql/common/ComSecurityKey.h| 5 +- core/sql/common/ComSmallDefs.h | 3 +- core/sql/executor/ExExeUtilGet.cpp | 4 +- core/sql/regress/privs1/EXPECTED120 | 33 - core/sql/regress/privs1/TEST120 | 5 +- core/sql/regress/privs2/EXPECTED144 | 26 ++- core/sql/regress/privs2/TEST144 | 1 + core/sql/runtimestats/sscpipc.cpp | 8 +++ core/sql/sqlcomp/PrivMgrRoles.cpp | 34 + core/sql/sqlcomp/QCache.cpp | 17 + 12 files changed, 235 insertions(+), 16 deletions(-) --
[2/2] trafodion git commit: Merge [TRAFODION-2249] pr 1517 Cannot use library management SPJs after an upgrade
Merge [TRAFODION-2249] pr 1517 Cannot use library management SPJs after an upgrade Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/c826bceb Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/c826bceb Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/c826bceb Branch: refs/heads/master Commit: c826bceb5912ccd9d4aab6128f6470f72f65d214 Parents: 9247656 e3b01d4 Author: Roberta MartonAuthored: Mon Apr 16 21:57:06 2018 + Committer: Roberta Marton Committed: Mon Apr 16 21:57:06 2018 + -- core/sql/sqlcomp/CmpSeabaseDDLroutine.cpp | 65 + core/sql/sqlcomp/CmpSeabaseDDLroutine.h| 3 + install/python-installer/scripts/traf_start.py | 8 +++ 3 files changed, 76 insertions(+) --
[1/2] trafodion git commit: [TRAFODION-2205] invalid char at create schema when authorization name is long
Repository: trafodion Updated Branches: refs/heads/master 82710576e -> 3dd0eca44 [TRAFODION-2205] invalid char at create schema when authorization name is long There is code that converts the user ID to its username. The buffer size requested was not big enough to hold the return value. In addition, the buffer size check was returning an error but did not add an error to the ComDiags area; therefore the returned error was ignored. - Changed max len in calls to getAuthNameFromAuthID to the correct size. - Set up the Diags area when buffer size is too small so the error is reported correctly, returns error 20235: "Error returned while converting auth ID to auth name, status: xx ID: xx." Also removed redundant methods: - getDBUserNameFromID - calls getAuthNameFromID instead - getDBUserIDFromName - calls GetAuthIDFromName instead Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/affe1f60 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/affe1f60 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/affe1f60 Branch: refs/heads/master Commit: affe1f60ff02610d40a9d58702b12d9c9473de34 Parents: ee2cff9 Author: Roberta MartonAuthored: Thu Apr 12 16:07:02 2018 + Committer: Roberta Marton Committed: Thu Apr 12 16:07:02 2018 + -- core/sql/cli/Cli.cpp | 12 +-- core/sql/cli/Context.cpp | 125 +- core/sql/cli/Context.h | 6 -- core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp | 6 +- core/sql/sqlcomp/CmpSeabaseDDLschema.cpp | 2 +- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 2 +- 6 files changed, 14 insertions(+), 139 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/affe1f60/core/sql/cli/Cli.cpp -- diff --git a/core/sql/cli/Cli.cpp b/core/sql/cli/Cli.cpp index 4a83a14..a06aadb 100644 --- a/core/sql/cli/Cli.cpp +++ b/core/sql/cli/Cli.cpp @@ -6182,10 +6182,10 @@ Lng32 SQLCLI_GetDatabaseUserName ( ContextCli = *(cliGlobals->currContext()); ComDiagsArea = currContext.diags(); - retcode = currContext.getDBUserNameFromID(user_id, -string_value, -max_string_len, -len_of_item); + retcode = currContext.getAuthNameFromID(user_id, + string_value, + max_string_len, + *len_of_item); return CliEpilogue(cliGlobals, NULL, retcode); } @@ -6206,8 +6206,8 @@ Lng32 SQLCLI_GetDatabaseUserID ( ContextCli = *(cliGlobals->currContext()); ComDiagsArea = currContext.diags(); - retcode = currContext.getDBUserIDFromName(string_value, -numeric_value); + retcode = currContext.getAuthIDFromName(string_value, + *numeric_value); return CliEpilogue(cliGlobals, NULL, retcode); } http://git-wip-us.apache.org/repos/asf/trafodion/blob/affe1f60/core/sql/cli/Context.cpp -- diff --git a/core/sql/cli/Context.cpp b/core/sql/cli/Context.cpp index 09f1783..c4dd6c7 100644 --- a/core/sql/cli/Context.cpp +++ b/core/sql/cli/Context.cpp @@ -4359,128 +4359,6 @@ RETCODE ContextCli::getAuthNameFromID( //*** End of ContextCli::getAuthNameFromID * - - - - -// Public method to map an integer user ID to a user name -RETCODE ContextCli::getDBUserNameFromID(Int32 userID, // IN -char *userNameBuffer, // OUT -Int32 maxBufLen, // IN -Int32 *requiredLen) // OUT optional -{ - RETCODE result = SUCCESS; - char usersNameFromUsersTable[MAX_USERNAME_LEN + 1]; - Int32 userIDFromUsersTable; - std::vector roleIDs; - if (requiredLen) -*requiredLen = 0; - - // Cases to consider - // * userID is the current user ID - // * SYSTEM_USER and PUBLIC_USER have special integer user IDs and - // are not registered in the USERS table - // * other users - - NABoolean isCurrentUser = -(userID == (Int32) databaseUserID_ ? TRUE : FALSE); - - const char *currentUserName = NULL; - if (isCurrentUser) - { -currentUserName = databaseUserName_; - } - else - { -// See if the USERS row exists -result = authQuery(USERS_QUERY_BY_USER_ID, - NULL,// IN user name (ignored) - userID, // IN user ID -
[2/2] trafodion git commit: [TRAFODION-2205] PR 1516 invalid char at create schema when authorization name is long
[TRAFODION-2205] PR 1516 invalid char at create schema when authorization name is long Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/3dd0eca4 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/3dd0eca4 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/3dd0eca4 Branch: refs/heads/master Commit: 3dd0eca447ebcfbadf81c78730f64a2709652b03 Parents: 8271057 affe1f6 Author: Roberta MartonAuthored: Thu Apr 12 22:52:07 2018 + Committer: Roberta Marton Committed: Thu Apr 12 22:52:07 2018 + -- core/sql/cli/Cli.cpp | 12 +-- core/sql/cli/Context.cpp | 125 +- core/sql/cli/Context.h | 6 -- core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp | 6 +- core/sql/sqlcomp/CmpSeabaseDDLschema.cpp | 2 +- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 2 +- 6 files changed, 14 insertions(+), 139 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/3dd0eca4/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp --
[1/3] trafodion git commit: Get statement enhancements
Repository: trafodion Updated Branches: refs/heads/master d6e29337a -> ad1c67618 http://git-wip-us.apache.org/repos/asf/trafodion/blob/021faec6/core/sql/regress/privs1/EXPECTED123 -- diff --git a/core/sql/regress/privs1/EXPECTED123 b/core/sql/regress/privs1/EXPECTED123 index 0251bda..45d5db9 100644 --- a/core/sql/regress/privs1/EXPECTED123 +++ b/core/sql/regress/privs1/EXPECTED123 @@ -93,6 +93,9 @@ SHOW +> ; --- SQL operation complete. +>>create index games_visitor on games(visitor_team_number) no populate; + +--- SQL operation complete. >> >>create table players +> (player_number int not null, @@ -109,6 +112,32 @@ SHOW --- SQL operation complete. >> +>>create view home_teams_games as ++> select t.team_number, g.game_number, g.game_time ++> from "TEAMS" t, ++> "GAMES" g ++> where t.team_number = g.home_team_number ++> order by 1, game_number, game_time; + +--- SQL operation complete. +>> +>>create view players_on_team as ++> select player_name, team_name ++> from teams t, players p ++> where p.player_team_number = t.team_number ++> order by t.team_name; + +--- SQL operation complete. +>> +>>create view games_by_player as ++> select player_name, game_time ++> from players_on_team p, games g, teams t ++> where p.player_name = t.team_name and ++>t.team_number = g.home_team_number ++> order by player_name, team_number; + +--- SQL operation complete. +>> >>grant select on games to sql_user4; --- SQL operation complete. @@ -332,10 +361,13 @@ Privileges for User SQL_USER5 --ETRAFODION."_LIBMGR_".EVENT_LOG_READER --ETRAFODION."_LIBMGR_".JDBC SIDU-R-TRAFODION.T123SCH.GAMES +SR-TRAFODION.T123SCH.GAMES_BY_PLAYER +SR-TRAFODION.T123SCH.HOME_TEAMS_GAMES SIDU-R-TRAFODION.T123SCH.PLAYERS S--TRAFODION.T123SCH.PLAYERS PLAYER_NAME S--TRAFODION.T123SCH.PLAYERS PLAYER_NUMBER S--TRAFODION.T123SCH.PLAYERS PLAYER_TEAM_NUMBER +SR-TRAFODION.T123SCH.PLAYERS_ON_TEAM G--TRAFODION.T123SCH.PLAYERS_SEQUENCE SIDU-R-TRAFODION.T123SCH.SB_HISTOGRAMS SIDU-R-TRAFODION.T123SCH.SB_HISTOGRAM_INTERVALS @@ -374,7 +406,10 @@ Privileges for Role T123_OWNERROLE == SIDU-R-TRAFODION.T123SCH.GAMES +SR-TRAFODION.T123SCH.GAMES_BY_PLAYER +SR-TRAFODION.T123SCH.HOME_TEAMS_GAMES SIDU-R-TRAFODION.T123SCH.PLAYERS +SR-TRAFODION.T123SCH.PLAYERS_ON_TEAM G--TRAFODION.T123SCH.PLAYERS_SEQUENCE SIDU-R-TRAFODION.T123SCH.SB_HISTOGRAMS SIDU-R-TRAFODION.T123SCH.SB_HISTOGRAM_INTERVALS @@ -397,6 +432,164 @@ S--TRAFODION.T123SCH.TEAMS TEAM_NUMBER --- SQL operation complete. >> +>>get tables for user sql_user1; + +Tables for User SQL_USER1 += + +TRAFODION."T123SCH".GAMES +TRAFODION."T123SCH".PLAYERS +TRAFODION."T123SCH".TEAMS + +--- SQL operation complete. +>>get tables for user sql_user2; + +Tables for User SQL_USER2 += + +TRAFODION."T123SCH".GAMES +TRAFODION."T123SCH".PLAYERS +TRAFODION."T123SCH".TEAMS + +--- SQL operation complete. +>>get tables for user sql_user3; + +Tables for User SQL_USER3 += + +TRAFODION."T123SCH".PLAYERS +TRAFODION."T123SCH".TEAMS + +--- SQL operation complete. +>>get tables for user sql_user4; + +Tables for User SQL_USER4 += + +TRAFODION."T123SCH".GAMES +TRAFODION."T123SCH".PLAYERS +TRAFODION."T123SCH".TEAMS + +--- SQL operation complete. +>>get tables for user sql_user5; + +Tables for User SQL_USER5 += + +TRAFODION."T123SCH".GAMES +TRAFODION."T123SCH".PLAYERS +TRAFODION."T123SCH".SB_HISTOGRAMS +TRAFODION."T123SCH".SB_HISTOGRAM_INTERVALS +TRAFODION."T123SCH".SB_PERSISTENT_SAMPLES +TRAFODION."T123SCH".TEAMS + +--- SQL operation complete. +>> +>>get indexes for user sql_user1; + +Indexes for User SQL_USER1 +== + +TRAFODION."T123SCH".GAMES_VISITOR + +--- SQL operation complete. +>>get indexes for user sql_user2; + +Indexes for User SQL_USER2 +== + +TRAFODION."T123SCH".GAMES_VISITOR + +--- SQL operation complete. +>>get indexes for user sql_user3; + +--- SQL operation complete. +>>get indexes for user sql_user4; + +Indexes for User SQL_USER4 +== + +TRAFODION."T123SCH".GAMES_VISITOR + +--- SQL operation complete. +>>get indexes for user sql_user5; + +Indexes for User SQL_USER5 +== + +TRAFODION."T123SCH".GAMES_VISITOR + +--- SQL operation complete. +>> +>>get views for user sql_user1; + +--- SQL operation complete. +>>get views for user sql_user2; + +--- SQL operation complete. +>>get views for user sql_user3; + +--- SQL operation complete. +>>get views for user sql_user4; + +--- SQL operation complete. +>>get views for user sql_user5; + +Views for User SQL_USER5 + + +TRAFODION."T123SCH".GAMES_BY_PLAYER
[2/3] trafodion git commit: Get statement enhancements
Get statement enhancements Added support and privilege checks for the following commands: get functions for library get procedures for library get table_mapping functions for library get indexes on table get objects on table get views on table get views on view get libraries in schema get objects in view get tables in view get views in view get indexes for user get tables for user get libraries for user get views for user Changed "get libraries for schema" to include libraries where the current user has execute privilege on one of the libraries routines (functions, procedures, or table_mapping functions). Addressed a performance issue when determining if the user has column level privileges. If the user has granted privileges against native Hive tables through EsgynDB, we need to get the column name from Hive. The call to get the column, by calling hivemd, is very expensive. This change checks to see if the requested user has been granted any column level privileges on a hive table. If so, we will go ahead and do the mapping (call hivemd). If not, then we will not include the hivemd fragment for the query. Since we are scanning the column privileges table anyway, we also see if the requested user (or their roles) has been granted any privileges. If so, we include the column privileges check in the query. Commented out get statements that we do not support at this time. Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/021faec6 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/021faec6 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/021faec6 Branch: refs/heads/master Commit: 021faec6a18336cfefd11b30d100a8fe4e3da1ee Parents: ee2cff9 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Apr 10 18:35:39 2018 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Apr 10 18:35:39 2018 + -- core/sql/comexe/ComTdbExeUtil.h | 2 - core/sql/executor/ExExeUtil.h| 9 +- core/sql/executor/ExExeUtilGet.cpp | 624 ++-- core/sql/generator/GenRelExeUtil.cpp | 164 +++ core/sql/parser/sqlparser.y | 37 +- core/sql/regress/privs1/EXPECTED123 | 773 ++ core/sql/regress/privs1/EXPECTED125 | 268 ++- core/sql/regress/privs1/TEST123 | 46 ++ core/sql/regress/privs1/TEST125 | 20 +- 9 files changed, 1658 insertions(+), 285 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/021faec6/core/sql/comexe/ComTdbExeUtil.h -- diff --git a/core/sql/comexe/ComTdbExeUtil.h b/core/sql/comexe/ComTdbExeUtil.h index 9024afe..bb29172 100644 --- a/core/sql/comexe/ComTdbExeUtil.h +++ b/core/sql/comexe/ComTdbExeUtil.h @@ -2542,9 +2542,7 @@ public: PRIVILEGES_FOR_ROLE_, USERS_, -CURRENT_USER_, -CATALOGS_FOR_USER_, INDEXES_FOR_USER_, LIBRARIES_FOR_USER_, MVGROUPS_FOR_USER_, http://git-wip-us.apache.org/repos/asf/trafodion/blob/021faec6/core/sql/executor/ExExeUtil.h -- diff --git a/core/sql/executor/ExExeUtil.h b/core/sql/executor/ExExeUtil.h index 428ccdf..3615c10 100644 --- a/core/sql/executor/ExExeUtil.h +++ b/core/sql/executor/ExExeUtil.h @@ -2499,9 +2499,16 @@ private: const char *schName, const char *objName); + Int32 colPrivsFrag( +const char *authName, +const char *catName, +const NAString , +NAString ); + NAString getGrantedPrivCmd( const NAString , -const char * cat); +const char * cat, +const NAString = NAString("object_uid")); char * getRoleList( const Int32 userID, http://git-wip-us.apache.org/repos/asf/trafodion/blob/021faec6/core/sql/executor/ExExeUtilGet.cpp -- diff --git a/core/sql/executor/ExExeUtilGet.cpp b/core/sql/executor/ExExeUtilGet.cpp index 97815ef..249241f 100644 --- a/core/sql/executor/ExExeUtilGet.cpp +++ b/core/sql/executor/ExExeUtilGet.cpp @@ -182,7 +182,7 @@ static const QueryString getRolesForUserQuery[] = {" ; "} }; -static const QueryString getPrivsForAuthsQuery[] = +static const QueryString getPrivsForAuthsQuery[] = { {" select translate(rtrim(object_name) using ucs2toutf8), "}, {"case when bitextract(privileges_bitmap,63,1) = 1 then 'S' "}, @@ -201,8 +201,31 @@ static const QueryString getPrivsForAuthsQuery[] = {" else '-' end as privs "}, {" from %s.\"%s\".%s "}, {" where grantee_id %s "}, - {" union "}, + {" (select
[3/3] trafodion git commit: Merge [TRAFODION-2175] PR 1512 Get statement enhancements
Merge [TRAFODION-2175] PR 1512 Get statement enhancements Project: http://git-wip-us.apache.org/repos/asf/trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/trafodion/commit/ad1c6761 Tree: http://git-wip-us.apache.org/repos/asf/trafodion/tree/ad1c6761 Diff: http://git-wip-us.apache.org/repos/asf/trafodion/diff/ad1c6761 Branch: refs/heads/master Commit: ad1c67618de5cab9c63980f9096cd470a78559e4 Parents: d6e2933 021faec Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Wed Apr 11 22:03:24 2018 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Wed Apr 11 22:03:24 2018 + -- core/sql/comexe/ComTdbExeUtil.h | 2 - core/sql/executor/ExExeUtil.h| 9 +- core/sql/executor/ExExeUtilGet.cpp | 624 ++-- core/sql/generator/GenRelExeUtil.cpp | 164 +++ core/sql/parser/sqlparser.y | 37 +- core/sql/regress/privs1/EXPECTED123 | 773 ++ core/sql/regress/privs1/EXPECTED125 | 268 ++- core/sql/regress/privs1/TEST123 | 46 ++ core/sql/regress/privs1/TEST125 | 20 +- 9 files changed, 1658 insertions(+), 285 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/ad1c6761/core/sql/comexe/ComTdbExeUtil.h -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/ad1c6761/core/sql/executor/ExExeUtilGet.cpp -- http://git-wip-us.apache.org/repos/asf/trafodion/blob/ad1c6761/core/sql/parser/sqlparser.y --
[1/4] incubator-trafodion git commit: add regression test for COMMENT-ON statement
Repository: incubator-trafodion Updated Branches: refs/heads/master 625cd8a32 -> 7acdca64d http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/59e2f051/core/sql/regress/compGeneral/FILTER072 -- diff --git a/core/sql/regress/compGeneral/FILTER072 b/core/sql/regress/compGeneral/FILTER072 new file mode 100755 index 000..66c521d --- /dev/null +++ b/core/sql/regress/compGeneral/FILTER072 @@ -0,0 +1,17 @@ +#! /bin/sh + +# Specialized filter for project to filter out +# 1. Syskey values +# 2. "Funny names" for index columns appearing multiple times +#(done twice, since it may appear multiple times) +# 3. refreshed elapsed time + +fil=$1 +if [ "$fil" = "" ]; then + echo "Usage: $0 filename" + exit 1 +fi + +sed " +s/FILE '.*rundir\(.*\)'/FILE '\$rundir\1'/g +" $fil http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/59e2f051/core/sql/regress/compGeneral/TEST072 -- diff --git a/core/sql/regress/compGeneral/TEST072 b/core/sql/regress/compGeneral/TEST072 new file mode 100644 index 000..67342a8 --- /dev/null +++ b/core/sql/regress/compGeneral/TEST072 @@ -0,0 +1,261 @@ +-- Test: TEST072 (CompGeneral) +-- @@@ START COPYRIGHT @@@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- +-- @@@ END COPYRIGHT @@@ +-- +-- Functionality: COMMENT-ON statement +-- Expected file: EXPECTED072 +-- Filter file: FILTER072 +-- Tables created: t072t1 +-- Limitations: +-- Revision history: +-- (12/5/17) - Created for new syntax COMMENT-ON + + +set pattern $$QUOTE$$ ; -- Needed for metadata insert of DLL path + +log LOG072 clear; + +obey TEST072(clnup); +obey TEST072(compile_libs); +obey TEST072(ddl); + +obey TEST072(comment01); +obey TEST072(showcomment); +obey TEST072(showddl1); + +obey TEST072(comment02); +obey TEST072(showcomment); +obey TEST072(showddl1); + +obey TEST072(comment03); +obey TEST072(showcomment); +obey TEST072(showddl2); + +obey TEST072(comment04); +obey TEST072(showcomment); +obey TEST072(showddl2); + +obey TEST072(comment05); +obey TEST072(showcomment); +obey TEST072(showddl2); + +obey TEST072(clnup); +obey TEST072(showcomment); + +exit; + + +?section compile_libs +-- +log; + +--DLL +sh rm -f ./TEST072.dll; +sh sh $$scriptsdir$$/tools/dll-compile.ksh TEST072.cpp + 2>&1 | tee -a LOG072-SECONDARY; +set pattern $$DLL$$ TEST072.dll; + +--SPJ jar +sh sh $$scriptsdir$$/tools/java-compile.ksh TEST072.java 2>> LOG072-SECONDARY | tee -a LOG072; +sh sh $$scriptsdir$$/tools/java-archive.ksh TEST072.jar TEST072.class 2>> LOG072-SECONDARY | tee -a LOG072; +set pattern $$SPJJAR$$ TEST072.jar; + +log LOG072; + + +?section ddl +-- + +create schema t072sch_comment; + +create table t072sch_comment.t072t1 ( col1 int not null, col2 DECIMAL(10, 4) not null, col3 VARCHAR(50) not null, primary key (col1) ); + +create index t072idx1 on t072sch_comment.t072t1 (col1, col3); + +create view t072sch_comment.t072view1 as select * from t072sch_comment.t072t1; + +create library t072sch_comment.t072ddl file $$QUOTE$$ $$REGRRUNDIR$$/$$DLL$$ $$QUOTE$$; + +create library t072sch_comment.t072jar file $$QUOTE$$ $$REGRRUNDIR$$/$$SPJJAR$$ $$QUOTE$$; + + +create function t072sch_comment.t072func(int,int) returns (add2 int) +external name 'add2' library t072sch_comment.t072ddl +deterministic no sql no transaction required +; + +create procedure t072sch_comment.t072spj() +external name 'TEST072.testMoreResultSet' +library t072sch_comment.t072jar +language java +DYNAMIC RESULT SETS 5 +READS SQL DATA +; + +CREATE SEQUENCE t072sch_comment.t072seq +START WITH1 +INCREMENT BY 1 +MAXVALUE 1 +NO CYCLE +CACHE 20 +--UNSIGNED INTEGER +; + + +?section comment01 +-- + +--CREATE COMMENTS +comment on schema t072sch_comment is 'This is a new comment of
[2/4] incubator-trafodion git commit: add regression test for COMMENT-ON statement
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/59e2f051/core/sql/regress/compGeneral/EXPECTED072 -- diff --git a/core/sql/regress/compGeneral/EXPECTED072 b/core/sql/regress/compGeneral/EXPECTED072 new file mode 100644 index 000..14a4357 --- /dev/null +++ b/core/sql/regress/compGeneral/EXPECTED072 @@ -0,0 +1,1154 @@ +>> +>>obey TEST072(clnup); +>>-- +>> +>>-- CLEANUP database +>>drop schema IF EXISTS t072sch_comment cascade; + +--- SQL operation complete. +>> +>>obey TEST072(compile_libs); +>>-- +>>log; +-- +-- Compiling Java source files: TEST072.java +-- Executing: $javac -d $REGRRUNDIR $REGRTSTDIR/TEST072.java +-- $javac returned 0 +-- +-- +-- Archiving Java class files: +--TEST072.class +-- Archive will be written to: TEST072.jar +-- Executing: $jar cMf TEST072.jar TEST072.class +-- $jar returned 0 +-- +>> +>> +>>obey TEST072(ddl); +>>-- +>> +>>create schema t072sch_comment; + +--- SQL operation complete. +>> +>>create table t072sch_comment.t072t1 ( col1 int not null, col2 DECIMAL(10, 4) not null, col3 VARCHAR(50) not null, primary key (col1) ); + +--- SQL operation complete. +>> +>>create index t072idx1 on t072sch_comment.t072t1 (col1, col3); + +--- SQL operation complete. +>> +>>create view t072sch_comment.t072view1 as select * from t072sch_comment.t072t1; + +--- SQL operation complete. +>> +>>create library t072sch_comment.t072ddl file $$QUOTE$$ $$REGRRUNDIR$$/$$DLL$$ $$QUOTE$$; + +--- SQL operation complete. +>> +>>create library t072sch_comment.t072jar file $$QUOTE$$ $$REGRRUNDIR$$/$$SPJJAR$$ $$QUOTE$$; + +--- SQL operation complete. +>> +>> +>>create function t072sch_comment.t072func(int,int) returns (add2 int) ++>external name 'add2' library t072sch_comment.t072ddl ++>deterministic no sql no transaction required ++>; + +--- SQL operation complete. +>> +>>create procedure t072sch_comment.t072spj() ++>external name 'TEST072.testMoreResultSet' ++>library t072sch_comment.t072jar ++>language java ++>DYNAMIC RESULT SETS 5 ++>READS SQL DATA ++>; + +--- SQL operation complete. +>> +>>CREATE SEQUENCE t072sch_comment.t072seq ++>START WITH1 ++>INCREMENT BY 1 ++>MAXVALUE 1 ++>NO CYCLE ++>CACHE 20 ++>--UNSIGNED INTEGER ++>; + +--- SQL operation complete. +>> +>> +>> +>>obey TEST072(comment01); +>>-- +>> +>>--CREATE COMMENTS +>>comment on schema t072sch_comment is 'This is a new comment of SCHEMA.è¿æ¯ä¸ä¸ªschemaç注éã' ; + +--- SQL operation complete. +>>comment on table t072sch_comment.t072t1is 'This is a new comment of TABLE.è¿ä¸ªæ¯ä¸ä¸ªä¸æçtableç注éããããâ¦â¦' ; + +--- SQL operation complete. +>>comment on index TRAFODION.t072sch_comment.t072idx1is 'This is a new comment of INDEX.' ; + +--- SQL operation complete. +>>comment on view TRAFODION.t072sch_comment.t072view1 is 'This is a new comment of VIEW.' ; + +--- SQL operation complete. +>>comment on libraryTRAFODION.t072sch_comment.t072ddl is 'This is a new comment of C UDF library.' ; + +--- SQL operation complete. +>>comment on libraryt072sch_comment.t072jar is 'This is a new comment of Java SPJ library.' ; + +--- SQL operation complete. +>>comment on function t072sch_comment.t072func is 'This is a new comment of SCALAR UDF.' ; + +--- SQL operation complete. +>>comment on procedure t072sch_comment.t072spj is 'This is a new comment of SPJ.' ; + +--- SQL operation complete. +>>comment on sequence t072sch_comment.t072seq is 'This is a new comment of SEQUENCE.' ; + +--- SQL operation complete. +>> +>>comment on column t072sch_comment.t072t1.col1 is 'This is a T01 column new comment of table.' ; + +--- SQL operation complete. +>>comment on column t072sch_comment.t072t1.col2 is 'This is a T02 column new comment of table.' ; + +--- SQL operation complete. +>>comment on column t072sch_comment.t072t1.col3 is 'This is a T03 column new comment of table.' ; + +--- SQL operation complete. +>>comment on column t072sch_comment.t072view1.col1is 'This is a V01 column new comment of view.' ; + +--- SQL operation complete.
[4/4] incubator-trafodion git commit: Merge [2803] Add regression test for COMMENT ON pr# 1327
Merge [2803] Add regression test for COMMENT ON pr# 1327 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/7acdca64 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/7acdca64 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/7acdca64 Branch: refs/heads/master Commit: 7acdca64dfc707a8de4247eada2543c1aaea22d0 Parents: 625cd8a 59e2f05 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Thu Dec 14 01:07:48 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Thu Dec 14 01:07:48 2017 + -- core/sql/regress/compGeneral/EXPECTED072 | 1154 +++ core/sql/regress/compGeneral/FILTER072 | 17 + core/sql/regress/compGeneral/TEST072 | 261 + core/sql/regress/compGeneral/TEST072.cpp | 20 + core/sql/regress/compGeneral/TEST072.java | 32 + core/sql/regress/tools/runregr_compGeneral.ksh |5 +- 6 files changed, 1488 insertions(+), 1 deletion(-) --
[3/4] incubator-trafodion git commit: add regression test for COMMENT-ON statement
add regression test for COMMENT-ON statement Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/59e2f051 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/59e2f051 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/59e2f051 Branch: refs/heads/master Commit: 59e2f051a061435c16b19e5c11556d4ce5ce08b2 Parents: 7495377 Author: EEDYAuthored: Wed Dec 6 14:43:25 2017 +0800 Committer: EEDY Committed: Wed Dec 13 09:46:41 2017 +0800 -- core/sql/regress/compGeneral/EXPECTED072 | 1154 +++ core/sql/regress/compGeneral/FILTER072 | 17 + core/sql/regress/compGeneral/TEST072 | 261 + core/sql/regress/compGeneral/TEST072.cpp | 20 + core/sql/regress/compGeneral/TEST072.java | 32 + core/sql/regress/tools/runregr_compGeneral.ksh |5 +- 6 files changed, 1488 insertions(+), 1 deletion(-) --
[2/2] incubator-trafodion git commit: Merge [TRAFODION-2705] pr 1282 User with SHOW privilege cannot do showddl user
Merge [TRAFODION-2705] pr 1282 User with SHOW privilege cannot do showddl user Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/f42450f7 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/f42450f7 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/f42450f7 Branch: refs/heads/master Commit: f42450f75073d26f5f90468b82662b17d206b39c Parents: 4ff25d9 8f8b0e8 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Oct 31 15:22:48 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Oct 31 15:22:48 2017 + -- core/sql/regress/privs1/EXPECTED141 | Bin 102260 -> 38586 bytes core/sql/regress/privs1/TEST141 | 158 +- core/sql/regress/tools/runregr_privs1.ksh | 2 +- core/sql/sqlcomp/CmpDescribe.cpp | 10 - core/sql/sqlcomp/CmpSeabaseDDLauth.cpp| 280 - core/sql/sqlcomp/CmpSeabaseDDLauth.h | 4 +- 6 files changed, 240 insertions(+), 214 deletions(-) --
[3/3] incubator-trafodion git commit: Merge pr 1274 miscellaneous authorization changes
Merge pr 1274 miscellaneous authorization changes Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/9e5f36cd Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/9e5f36cd Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/9e5f36cd Branch: refs/heads/master Commit: 9e5f36cd36c0b77ca2b9a3f46afbd56761fa7929 Parents: 6b07d62 079ea00 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Thu Oct 26 17:23:17 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Thu Oct 26 17:23:17 2017 + -- core/sql/bin/SqlciErrors.txt| 2 +- core/sql/common/ComUser.cpp | 6 +- core/sql/common/NAUserId.h | 73 +- core/sql/regress/privs1/EXPECTED132 | 941 ++- core/sql/regress/privs1/TEST132 | 145 +-- core/sql/sqlci/SqlCmd.cpp | 1 + core/sql/sqlci/SqlciCmd.h | 9 +- core/sql/sqlci/SqlciEnv.cpp | 49 +- core/sql/sqlci/sqlci_lex.ll | 1 + core/sql/sqlci/sqlci_yacc.y | 11 + core/sql/sqlcomp/CmpDDLCatErrorCodes.h | 2 +- core/sql/sqlcomp/CmpSeabaseDDLauth.cpp | 351 --- core/sql/sqlcomp/CmpSeabaseDDLauth.h| 18 +- core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp| 15 +- core/sql/sqlcomp/PrivMgrComponentDefs.h | 284 ++ core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp | 240 - core/sql/sqlcomp/PrivMgrComponentPrivileges.h | 2 + core/sql/sqlcomp/PrivMgrMD.cpp | 14 +- core/sql/sqlcomp/PrivMgrRoles.cpp | 2 +- 19 files changed, 1238 insertions(+), 928 deletions(-) --
[2/3] incubator-trafodion git commit: Miscellaneous authorization changes:
Miscellaneous authorization changes: - Unregister user does not remove component privileges - Reuse unused entries from the authID ranges - Add "changeuser" command to update user credentials in place instead of requiring a new sqlci session to be started. Changed privs1/TEST132 to use this change and cut about 5 minutes off the test time. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/079ea00a Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/079ea00a Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/079ea00a Branch: refs/heads/master Commit: 079ea00a1710c9ca8474db06a44309e21c5a0361 Parents: 5071a20 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Oct 23 16:13:00 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Oct 23 16:13:00 2017 + -- core/sql/bin/SqlciErrors.txt| 2 +- core/sql/common/ComUser.cpp | 6 +- core/sql/common/NAUserId.h | 73 +- core/sql/regress/privs1/EXPECTED132 | 941 ++- core/sql/regress/privs1/TEST132 | 145 +-- core/sql/sqlci/SqlCmd.cpp | 1 + core/sql/sqlci/SqlciCmd.h | 9 +- core/sql/sqlci/SqlciEnv.cpp | 49 +- core/sql/sqlci/sqlci_lex.ll | 1 + core/sql/sqlci/sqlci_yacc.y | 11 + core/sql/sqlcomp/CmpDDLCatErrorCodes.h | 2 +- core/sql/sqlcomp/CmpSeabaseDDLauth.cpp | 351 --- core/sql/sqlcomp/CmpSeabaseDDLauth.h| 18 +- core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp| 15 +- core/sql/sqlcomp/PrivMgrComponentDefs.h | 284 ++ core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp | 240 - core/sql/sqlcomp/PrivMgrComponentPrivileges.h | 2 + core/sql/sqlcomp/PrivMgrMD.cpp | 14 +- core/sql/sqlcomp/PrivMgrRoles.cpp | 2 +- 19 files changed, 1238 insertions(+), 928 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/079ea00a/core/sql/bin/SqlciErrors.txt -- diff --git a/core/sql/bin/SqlciErrors.txt b/core/sql/bin/SqlciErrors.txt index d70f23d..8fdd3dc 100644 --- a/core/sql/bin/SqlciErrors.txt +++ b/core/sql/bin/SqlciErrors.txt @@ -5,7 +5,7 @@ 1003 Z 9 BEGINNER MINOR DBADMIN Schema $0~SchemaName does not exist. 1004 Z 9 BEGINNER MINOR DBADMIN Object $0~TableName does not exist or object type is invalid for the current operation. 1005 Z 9 BEGINNER MINOR DBADMIN Constraint $0~ConstraintName does not exist. -1006 Z 9 BEGINNER MINOR DBADMIN --- unused --- +1006 Z 9 BEGINNER MINOR DBADMIN Skipping authorization ID $0~Int0. 1007 Z 9 ADVANCED MAJOR DBADMIN The WITH GRANT OPTION is not supported. 1008 Z 9 BEGINNER MINOR DBADMIN Authorization identifier $0~String0 does not exist. 1009 Z 9 BEGINNER MINOR DBADMIN Column $0~ColumnName does not exist in the specified table. http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/079ea00a/core/sql/common/ComUser.cpp -- diff --git a/core/sql/common/ComUser.cpp b/core/sql/common/ComUser.cpp index b8261f4..796d94b 100644 --- a/core/sql/common/ComUser.cpp +++ b/core/sql/common/ComUser.cpp @@ -408,7 +408,7 @@ Int32 ComUser::getRoleList (char * roleList, const char separator, const bool includeSpecialAuths) { - Int32 numberRoles = sizeof(systemRoles)/sizeof(SystemRolesStruct); + Int32 numberRoles = sizeof(systemRoles)/sizeof(SystemAuthsStruct); Int32 roleListLen = (MAX_AUTHNAME_LEN*numberRoles)+(numberRoles * 4); // 4 = 2 del + 2 sep char generatedRoleList[roleListLen]; char *pRoles = generatedRoleList; @@ -416,13 +416,13 @@ Int32 ComUser::getRoleList (char * roleList, char currentSeparator = ' '; for (Int32 i = 0; i < numberRoles; i++) { -const SystemRolesStruct = systemRoles[i]; +const SystemAuthsStruct = systemRoles[i]; if (!includeSpecialAuths && roleDefinition.isSpecialAuth) continue; // str_sprintf does not support the %c format sprintf(roleName, "%c%c%s%c", -currentSeparator, delimiter, roleDefinition.roleName, delimiter); +currentSeparator, delimiter, roleDefinition.authName, delimiter); str_cpy_all(pRoles, roleName, sizeof(roleName)-1); // don't copy null terminator currentSeparator = separator; pRoles = pRoles + strlen(roleName); http://git-wip-us.apache.org/repos
[1/3] incubator-trafodion git commit: Miscellaneous authorization changes:
Repository: incubator-trafodion Updated Branches: refs/heads/master 6b07d620e -> 9e5f36cd3 http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/079ea00a/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp -- diff --git a/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp b/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp index 70d37d1..cc1e4a5 100644 --- a/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp +++ b/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp @@ -7167,15 +7167,12 @@ short CmpSeabaseDDL::updateSeabaseAuths( Int64 initTime = NA_JulianTimestamp(); - str_sprintf(buf, "insert into %s.\"%s\".%s values (%d, 'DB__ROOT', 'TRAFODION', 'U', %d, 'Y', %ld,%ld, 0) ", - sysCat, SEABASE_MD_SCHEMA, SEABASE_AUTHS, - SUPER_USER, SUPER_USER, initTime, initTime); - cliRC = cliInterface->executeImmediate(buf); - if (cliRC < 0) -{ - cliInterface->retrieveSQLDiagnostics(CmpCommon::diags()); - return -1; -} + NAString mdLocation; + CONCAT_CATSCH(mdLocation, getSystemCatalog(), SEABASE_MD_SCHEMA); + CmpSeabaseDDLuser authOperation(sysCat, mdLocation.data()); + authOperation.registerStandardUser(DB__ROOT, ROOT_USER_ID); + if (CmpCommon::diags()->getNumber(DgSqlCode::ERROR_)) +return -1; return 0; } http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/079ea00a/core/sql/sqlcomp/PrivMgrComponentDefs.h -- diff --git a/core/sql/sqlcomp/PrivMgrComponentDefs.h b/core/sql/sqlcomp/PrivMgrComponentDefs.h new file mode 100644 index 000..8986dd9 --- /dev/null +++ b/core/sql/sqlcomp/PrivMgrComponentDefs.h @@ -0,0 +1,284 @@ +//* +// @@@ START COPYRIGHT @@@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + @@@ END COPYRIGHT @@@ +//* + +#ifndef PRIVMGR_COMPONENTS_DEFS_H +#define PRIVMGR_COMPONENTS_DEFS_H + +// * +// * +// * Component definition section +// * +// * Several system components are created and managed by the database. +// * They are managed by two main structures: +// * ComponentListStruct - the list of components +// * ComponentOpStruct - the list of operations for each component +// * +// * To add a new component (assume xxx is component name): +// *Assign a UID(in enum ComponentOp add xxx_COMPONENT_UID) +// *Generate a component name (add new define called xxx_NAME) +// *Define component operations (add enum xxxOperation) +// *Define operation attributes (add ComponentOpStruct xxxOpStruct) +// *Add component to list (add component to componentList) +// * +// * To add a new operation to an existing component, see comments associated +// * with the component. +// * +// * + +// The ComponentOpStruct describes a component +// operationID - a number from xxxOperation representing the operation +// operationCode - unique 2 charater value that represents the operation +// operationName - unique name for the operation +// isRootRoleOp - grant DB__ROOTROLE this operation +// isAdminOp - grant DB__ADMIN/DB__ADMINROLE this operation +// isDMLOp - this is a DML operation +// isPublicOp- grant PUBLIC this operation +struct ComponentOpStruct +{ + int32_t operationID; + const char * operationCode; + const char * operationName; + const bool isRootRoleOp; + const bool isAdminOp; + const bool isDMLOp; + const bool isPublicOp; +}; + +// The ComponentListStruct describes the relationship between a component UID, +// its name, the number of operations for the component, and a pointer to the +// list of operations. +// componentUID - the UID for the component +// componentName - the component name +// numOps- the number of operations in the component +// componentOps - pointer the ComponentOpStruct describing the operations +struct ComponentListStruct +{ +
[2/2] incubator-trafodion git commit: Merge regress fix pr-1153
Merge regress fix pr-1153 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/2118d25a Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/2118d25a Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/2118d25a Branch: refs/heads/master Commit: 2118d25a289b8437edac4610e552b40348cf8e70 Parents: 20c459c ca026b9 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Thu Jun 29 01:07:24 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Thu Jun 29 01:07:24 2017 + -- core/sql/regress/privs1/EXPECTED125 | 10 +++--- 1 file changed, 3 insertions(+), 7 deletions(-) --
[1/2] incubator-trafodion git commit: Add java files needed for TEST125
Repository: incubator-trafodion Updated Branches: refs/heads/master 665ea9330 -> c401633eb Add java files needed for TEST125 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/e67e90f8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/e67e90f8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/e67e90f8 Branch: refs/heads/master Commit: e67e90f8bd94f8022d98904d7105f2c782f57080 Parents: 012d654 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Jun 27 15:32:39 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Jun 27 15:32:39 2017 + -- core/sql/regress/privs1/TEST125 | 4 +- core/sql/regress/privs1/TestHive.java | 91 ++ core/sql/regress/privs1/Utils.java| 279 + 3 files changed, 371 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/e67e90f8/core/sql/regress/privs1/TEST125 -- diff --git a/core/sql/regress/privs1/TEST125 b/core/sql/regress/privs1/TEST125 index 09e0d2d..0025c53 100644 --- a/core/sql/regress/privs1/TEST125 +++ b/core/sql/regress/privs1/TEST125 @@ -160,9 +160,6 @@ create view games_by_player as order by player_name, team_number; -- create function to display bitmaps as a bitmap rather than longs --- set envvar REGRRUNDIR '/mnt/rmarton/gitws/incubator-trafodion/core/sql/regress/rundir/privs1'; --- set envvar REGRTSTDIR '/mnt/rmarton/gitws/incubator-trafodion/core/sql/regress/privs1'; --- set envvar scriptsdir '/mnt/rmarton/gitws/incubator-trafodion/core/sql/regress'; sh rm -f ./etest141.dll; sh sh $$scriptsdir$$/tools/dll-compile.ksh etest141.cpp 2>&1 | tee LOG125-SECONDARY; @@ -175,6 +172,7 @@ language c parameter style sql external name 'translateBitmap' library t125_l1 deterministic no sql final call allow any parallelism state area size 1024 ; +-- create procedure that accesses hive tables sh sh $$scriptsdir$$/tools/java-compile.ksh Utils.java TestHive.java 2> LOG125-SECONDARY | tee -a LOG125; sh sh $$scriptsdir$$/tools/java-archive.ksh TEST125_procs.jar TestHive.class Utils.class 2>> LOG125-SECONDARY | tee -a LOG125; set pattern $$JARF$$ TEST125_procs.jar; http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/e67e90f8/core/sql/regress/privs1/TestHive.java -- diff --git a/core/sql/regress/privs1/TestHive.java b/core/sql/regress/privs1/TestHive.java new file mode 100644 index 000..352f226 --- /dev/null +++ b/core/sql/regress/privs1/TestHive.java @@ -0,0 +1,91 @@ +import java.io.*; +import java.sql.*; +import java.util.*; + +// === +// Class: testHive +// +// === +public class TestHive +{ + // -- + // Main code for credentials procedure + // -- + public static void accessHive ( +String operationIn, +String[] results) + + throws SQLException + { +// Initialize the Utils structure +// Utils provides connection, user, current time, and logging information +Utils util = null; + +try +{ + util = new Utils(); +} +catch(Exception e) +{ + String theError = "ERROR: unable to create the Util object"; + throw e; +} + +util.log (""); +util.log ("* Starting credentials request *"); + +// Set up the connection +Connection conn = null; +String sessionUser = null; +String currentUser = null; +String currentTime = null; +try +{ + conn = util.myConnection(); +} +catch(Exception e) +{ + String theError = "ERROR: unable to get a connection"; + throw e; +} + +sessionUser = util.getSessionUser(conn); +currentUser = util.getCurrentUser(conn); +currentTime = util.getCurrentTime(conn); + +results[0] = "External user: " + sessionUser + '\n'; +results[0] += "Current user: " + currentUser + '\n'; +results[0] += "Current time: " + currentTime + '\n'; + +util.log("Session user: " + sessionUser); +util.log("Current user: " + currentUser); +util.log("Current time: " + currentTime); + +try +{ + int numRows; + String selectQuery = "select count(*) from hive.hive."; + selectQuery += operationIn; + Statement stmt = co
[2/2] incubator-trafodion git commit: merge pr-1148 Add java files needed for TEST125
merge pr-1148 Add java files needed for TEST125 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/c401633e Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/c401633e Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/c401633e Branch: refs/heads/master Commit: c401633eb9ee93100b7cf942d058902e91731aaf Parents: 665ea93 e67e90f Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Jun 27 18:47:31 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Jun 27 18:47:31 2017 + -- core/sql/regress/privs1/TEST125 | 4 +- core/sql/regress/privs1/TestHive.java | 91 ++ core/sql/regress/privs1/Utils.java| 279 + 3 files changed, 371 insertions(+), 3 deletions(-) --
[1/3] incubator-trafodion git commit: TRAFODION [2641] User who has MANAGE_STATISTICS privilege can't do update statistics on HIVE tables
Repository: incubator-trafodion Updated Branches: refs/heads/master a5ab3d3a1 -> 498b89f74 TRAFODION [2641] User who has MANAGE_STATISTICS privilege can't do update statistics on HIVE tables TRAFODION [2175] a user should only see specific schemas/tables that he has privileges to Updated the following get commands: get schemas (in catalog) get tables, indexes (in schema) get sequences, views (in schema, in catalog) get libraries, procedures, functions, table mapping functions TRAFODION [1573] Additional GET commands for privileges get privileges on table get privileges on view New regression test privs1/TEST125 Fixed bug: user granted MANAGE privilege does not have MANAGE sub-privs Changed REGISTER_HIVE_OBJECT to be treated as a sub-priv under CREATE Changed UNREGISTER_HIVE_OBJECT to be treaed as a sub-priv under DROP Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/012d6540 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/012d6540 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/012d6540 Branch: refs/heads/master Commit: 012d65405984358044853529184967b407c55457 Parents: 5ea4af2 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Thu Jun 22 18:23:55 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Thu Jun 22 18:23:55 2017 + -- core/sql/executor/ExExeUtil.h |5 + core/sql/executor/ExExeUtilGet.cpp | 186 ++- core/sql/regress/privs1/EXPECTED125 | 1335 ++ core/sql/regress/privs1/TEST125 | 245 core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 25 +- core/sql/sqlcomp/PrivMgr.cpp|6 +- core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp |7 + 7 files changed, 1773 insertions(+), 36 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/012d6540/core/sql/executor/ExExeUtil.h -- diff --git a/core/sql/executor/ExExeUtil.h b/core/sql/executor/ExExeUtil.h index 6a86996..1567d35 100755 --- a/core/sql/executor/ExExeUtil.h +++ b/core/sql/executor/ExExeUtil.h @@ -2497,6 +2497,11 @@ private: const char *catName, const char *schName, const char *objName); + + NAString getGrantedPrivCmd( +const NAString , +const char * cat); + char * getRoleList( const Int32 userID, const char *catName, http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/012d6540/core/sql/executor/ExExeUtilGet.cpp -- diff --git a/core/sql/executor/ExExeUtilGet.cpp b/core/sql/executor/ExExeUtilGet.cpp index 524b413..b32a35a 100644 --- a/core/sql/executor/ExExeUtilGet.cpp +++ b/core/sql/executor/ExExeUtilGet.cpp @@ -310,7 +310,7 @@ static const QueryString getTrafTablesInSchemaQuery[] = {" %s.\"%s\".%s "}, {" where catalog_name = '%s' and "}, {"schema_name = '%s' and "}, - {"object_type = 'BT' "}, + {"object_type = 'BT' %s "}, {" order by 1 "}, {" ; "} }; @@ -321,7 +321,7 @@ static const QueryString getTrafIndexesInSchemaQuery[] = {" %s.\"%s\".%s "}, {" where catalog_name = '%s' and "}, {"schema_name = '%s' and "}, - {"object_type = 'IX' "}, + {"object_type = 'IX' %s "}, {" order by 1 "}, {" ; "} }; @@ -349,7 +349,7 @@ static const QueryString getTrafProceduresInSchemaQuery[] = {"T.schema_name = '%s' and "}, {"T.object_type = 'UR' and "}, {"T.object_uid = R.udr_uid and "}, - {"R.udr_type = 'P ' "}, + {"R.udr_type = 'P ' %s "}, {" order by 1 "}, {" ; "} }; @@ -360,7 +360,7 @@ static const QueryString getTrafLibrariesInSchemaQuery[] = {" %s.\"%s\".%s T "}, {" where T.catalog_name = '%s' and "}, {"T.schema_name = '%s' and "}, - {"T.object_type = 'LB' "}, + {"T.object_type = 'LB' %s "}, {" order by 1 "}, {" ; "} }; @@ -373,7 +373,7 @@ static const QueryString getTrafFunctionsInSchemaQuery[] = {"T.schema_name = '%s' and "}, {"T.object_type = 'UR' and "}, {"T.object_uid = R.udr_uid and "}, - {"R.udr_type = 'F ' "}, + {"R.udr_type = 'F ' %s "}, {" order by 1 &
[2/3] incubator-trafodion git commit: Merge [TRAFODION-2641] pr-1139 user who has MANAGE_STATISTICS privilege can't do update stats
Merge [TRAFODION-2641] pr-1139 user who has MANAGE_STATISTICS privilege can't do update stats Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/885acb72 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/885acb72 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/885acb72 Branch: refs/heads/master Commit: 885acb72fb84714c72d455379388efe841e64739 Parents: 5c0abc9 012d654 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Jun 26 14:47:48 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Jun 26 14:47:48 2017 + -- core/conn/odb/src/odb.c | 42 +- core/sqf/monitor/test/sqconfig.monitor.cluster |2 +- core/sqf/sqenvcom.sh|5 +- core/sqf/sql/scripts/bats/runseabedbats.virtual |2 +- core/sqf/sql/scripts/genms |2 +- core/sqf/sql/scripts/gensq.pl | 52 + core/sqf/sql/scripts/krb5check |2 +- core/sqf/sql/scripts/krb5functions |2 +- core/sqf/sql/scripts/krb5service|2 +- core/sqf/sql/scripts/sqconfig | 20 + core/sqf/sql/scripts/sqconfig.sample| 20 + core/sqf/sql/scripts/sqnodeipcrm|4 +- core/sqf/tools/sqdiag_core_mask |2 +- core/sqf/tools/sqtools.sh | 16 +- core/sql/comexe/ComTdbExeUtil.h |1 + core/sql/common/NAMemory.h |8 + core/sql/executor/ExExeUtil.h |5 + core/sql/executor/ExExeUtilGet.cpp | 224 ++- core/sql/executor/ExSMTrace.cpp |8 +- core/sql/executor/HBaseClient_JNI.cpp | 10 + core/sql/generator/GenPreCode.cpp | 10 +- core/sql/generator/GenRelExeUtil.cpp| 10 +- core/sql/generator/GenRelMisc.cpp |2 + core/sql/generator/GenRelScan.cpp |7 +- core/sql/generator/GenUdr.cpp |1 + core/sql/generator/Generator.cpp| 73 +- core/sql/generator/Generator.h | 20 +- core/sql/optimizer/ControlDB.cpp|7 +- core/sql/optimizer/HDFSHook.cpp |3 + core/sql/optimizer/NATable.cpp | 112 +- core/sql/optimizer/ObjectNames.h|3 +- core/sql/optimizer/RelExeUtil.cpp | 29 +- core/sql/optimizer/RelExeUtil.h | 258 ++-- core/sql/optimizer/RelScan.h|3 +- core/sql/optimizer/SynthType.cpp| 11 +- core/sql/optimizer/ValueDesc.cpp|5 +- core/sql/parser/BindStmtDDL.cpp | 10 + core/sql/parser/sqlparser.y | 237 ++-- core/sql/regress/hive/EXPECTED007 | 68 + core/sql/regress/hive/TEST007 | 16 + core/sql/regress/privs1/EXPECTED125 | 1335 ++ core/sql/regress/privs1/TEST125 | 245 core/sql/sqlcat/TrafDDLdesc.cpp |4 +- core/sql/sqlcat/TrafDDLdesc.h | 34 +- core/sql/sqlcat/readRealArk.cpp |2 +- core/sql/sqlcomp/CmpDescribe.cpp| 40 +- core/sql/sqlcomp/CmpSeabaseDDL.h|6 +- core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp|6 +- core/sql/sqlcomp/CmpSeabaseDDLindex.cpp |8 - core/sql/sqlcomp/CmpSeabaseDDLschema.cpp| 61 +- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 63 +- core/sql/sqlcomp/PrivMgr.cpp|6 +- core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp |7 + core/sql/sqlcomp/parser.cpp |3 +- .../main/java/org/trafodion/sql/HiveClient.java |9 +- core/sql/ustat/USAS.sh |2 +- core/sql/ustat/stats_profile|4 +- .../src/asciidoc/_chapters/introduction.adoc|2 +- .../src/asciidoc/_chapters/prepare.adoc |2 +- .../src/asciidoc/_chapters/script_install.adoc |4 +- docs/shared/revisions.txt |3 +- .../2.1/package/scripts/trafodionnode.py|2 +- .../configs/db_config_default.ini |2 +- install/python-installer/configs/prompt.json|2 +- install/python-installer/scripts/traf_setup.py | 12 +- install/python-installer/scripts/traf_user.py |1 + 66 files changed, 2694 insertions(+), 485 deletions(-) --
[2/3] incubator-trafodion git commit: Update statistics auth check update from code review
Update statistics auth check update from code review Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/d87f71d2 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/d87f71d2 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/d87f71d2 Branch: refs/heads/master Commit: d87f71d2db0e59883a218489af3129b28eac0e02 Parents: 63b275d Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Jun 6 16:02:25 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Jun 6 16:02:25 2017 + -- core/sql/ustat/hs_globals.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/d87f71d2/core/sql/ustat/hs_globals.cpp -- diff --git a/core/sql/ustat/hs_globals.cpp b/core/sql/ustat/hs_globals.cpp index 827304c..d78f5fc 100644 --- a/core/sql/ustat/hs_globals.cpp +++ b/core/sql/ustat/hs_globals.cpp @@ -3776,11 +3776,11 @@ NABoolean HSGlobalsClass::isAuthorized(NABoolean isShowStats) if (privs == NULL) { *CmpCommon::diags() << DgSqlCode(-1034); -return FALSE; +authorized = FALSE; } // Requester must have at least select privilege - if ( privs->hasSelectPriv() ) + else if ( privs->hasSelectPriv() ) authorized = TRUE; else { @@ -3788,7 +3788,7 @@ NABoolean HSGlobalsClass::isAuthorized(NABoolean isShowStats) << DgSqlCode( -4481 ) << DgString0( "SELECT or MANAGE_STATISTICS" ) << DgString1( objDef->getNATable()->getTableName().getQualifiedNameAsAnsiString() ); -return FALSE; +authorized = FALSE; } }
[1/3] incubator-trafodion git commit: TRAFODION - 2632 Performing update statistics on metadata tables causes issues
Repository: incubator-trafodion Updated Branches: refs/heads/master e57890a9b -> 5c0abc96e TRAFODION - 2632 Performing update statistics on metadata tables causes issues Added code to return error and cleanup code a bit: *** ERROR[9205] UPDATE STATISTICS is not supported for object Also fixed a problem where privileges on Hive tables that included external table gave false "no priv" error for the SHOWDDL command. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/63b275d4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/63b275d4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/63b275d4 Branch: refs/heads/master Commit: 63b275d406e29bcaba1ab42e57a656bb8dd8ce31 Parents: 7643e58 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Fri Jun 2 23:04:08 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Fri Jun 2 23:04:08 2017 + -- core/sql/sqlcomp/CmpDescribe.cpp | 82 ++- core/sql/sqlcomp/CmpSeabaseDDL.h | 8 ++-- core/sql/ustat/hs_globals.cpp| 4 +- core/sql/ustat/hs_globals.h | 12 ++--- core/sql/ustat/hs_parser.cpp | 77 +++- core/sql/ustat/hs_util.cpp | 10 ++--- 6 files changed, 64 insertions(+), 129 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/63b275d4/core/sql/sqlcomp/CmpDescribe.cpp -- diff --git a/core/sql/sqlcomp/CmpDescribe.cpp b/core/sql/sqlcomp/CmpDescribe.cpp index d3bd49a..5116df9 100644 --- a/core/sql/sqlcomp/CmpDescribe.cpp +++ b/core/sql/sqlcomp/CmpDescribe.cpp @@ -2982,53 +2982,57 @@ short CmpDescribeSeabaseTable ( // Verify that user can perform the describe command // No need to check privileges for create like operations (type 3) // since the create code performs authorization checks - if (type != 3) -{ - PrivMgrUserPrivs privs; - PrivMgrUserPrivs *pPrivInfo = NULL; + // Nor for hiveExternal tables - already checked + if (!isExternalHiveTable) + { +if (type != 3) + { +PrivMgrUserPrivs privs; +PrivMgrUserPrivs *pPrivInfo = NULL; - // metadata tables do not cache privilege information, go get it now - if (CmpCommon::context()->isAuthorizationEnabled() && - naTable->getPrivInfo() == NULL) -{ - std::string privMDLoc(ActiveSchemaDB()->getDefaults().getValue(SEABASE_CATALOG)); - privMDLoc += std::string(".\"") + - std::string(SEABASE_PRIVMGR_SCHEMA) + - std::string("\""); - PrivMgrCommands privInterface(privMDLoc, CmpCommon::diags(), -PrivMgr::PRIV_INITIALIZED); - - - // we should switch to another CI only if we are in an embedded CI - if (cmpSBD.switchCompiler()) +// metadata tables do not cache privilege information, go get it now +if (CmpCommon::context()->isAuthorizationEnabled() && +naTable->getPrivInfo() == NULL) { - *CmpCommon::diags() << DgSqlCode(-CAT_UNABLE_TO_RETRIEVE_PRIVS); - return -1; - } - - PrivStatus retcode = privInterface.getPrivileges((int64_t)naTable->objectUid().get_value(), - naTable->getObjectType(), - ComUser::getCurrentUser(), - privs); +std::string privMDLoc(ActiveSchemaDB()->getDefaults().getValue(SEABASE_CATALOG)); +privMDLoc += std::string(".\"") + + std::string(SEABASE_PRIVMGR_SCHEMA) + + std::string("\""); +PrivMgrCommands privInterface(privMDLoc, CmpCommon::diags(), + PrivMgr::PRIV_INITIALIZED); - // switch back the original commpiler, ignore error for now - cmpSBD.switchBackCompiler(); - if (retcode == STATUS_ERROR) +// we should switch to another CI only if we are in an embedded CI +if (cmpSBD.switchCompiler()) { - *CmpCommon::diags() << DgSqlCode(-CAT_UNABLE_TO_RETRIEVE_PRIVS); - return -1; + *CmpCommon::diags() << DgSqlCode(-CAT_UNABLE_TO_RETRIEVE_PRIVS); + return -1; } - pPrivInfo = -} - else -pPrivInfo = naTable->getPrivInfo(); + +PrivStatus retcode = privInterf
[3/3] incubator-trafodion git commit: Merge [TRAFODION 2632] pr #1106 update stats fix
Merge [TRAFODION 2632] pr #1106 update stats fix Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/5c0abc96 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/5c0abc96 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/5c0abc96 Branch: refs/heads/master Commit: 5c0abc96e7db040ce089e8c7f44d1401ca3731e8 Parents: e57890a d87f71d Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Wed Jun 7 00:08:48 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Wed Jun 7 00:08:48 2017 + -- core/sql/sqlcomp/CmpDescribe.cpp | 82 ++- core/sql/sqlcomp/CmpSeabaseDDL.h | 8 ++-- core/sql/ustat/hs_globals.cpp| 2 +- core/sql/ustat/hs_globals.h | 12 ++--- core/sql/ustat/hs_parser.cpp | 77 +++- core/sql/ustat/hs_util.cpp | 10 ++--- 6 files changed, 63 insertions(+), 128 deletions(-) --
[1/2] incubator-trafodion git commit: Change testware to always register users for priv tests
Repository: incubator-trafodion Updated Branches: refs/heads/master d14bfb5ad -> b53136f13 Change testware to always register users for priv tests Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/b93168a1 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/b93168a1 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/b93168a1 Branch: refs/heads/master Commit: b93168a1ecabb721c2c16107214ac4fa6a5c786e Parents: 0d75af1 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Fri Apr 7 15:42:50 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Fri Apr 7 15:42:50 2017 + -- core/sql/regress/tools/runregr_privs1.ksh | 10 -- core/sql/regress/tools/runregr_privs2.ksh | 10 -- 2 files changed, 20 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/b93168a1/core/sql/regress/tools/runregr_privs1.ksh -- diff --git a/core/sql/regress/tools/runregr_privs1.ksh b/core/sql/regress/tools/runregr_privs1.ksh index 0d301ca..05fd90c 100755 --- a/core/sql/regress/tools/runregr_privs1.ksh +++ b/core/sql/regress/tools/runregr_privs1.ksh @@ -286,18 +286,8 @@ for ix in $testfiles; do efile=$REGRTSTDIR/$exp fi -sqlci > $ix.tmp 2>&1 << eof -env; -eof -authDisabled=`cat $ix.tmp | grep AUTHORIZATION | grep disabled` -if [ "$authDisabled" = "" ]; then - echo "Authorization is enabled" -else - echo "Authorization is not initialized, to initialize it" sqlci -i $scriptsdir/tools/reg_users.sql; echo "Authorization has been enabled" -fi -rm -f $ix.tmp 2>$NULL #-- # Run test if the -diff option not specified -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/b93168a1/core/sql/regress/tools/runregr_privs2.ksh -- diff --git a/core/sql/regress/tools/runregr_privs2.ksh b/core/sql/regress/tools/runregr_privs2.ksh index 3e1e76b..364decd 100755 --- a/core/sql/regress/tools/runregr_privs2.ksh +++ b/core/sql/regress/tools/runregr_privs2.ksh @@ -286,18 +286,8 @@ for ix in $testfiles; do efile=$REGRTSTDIR/$exp fi -sqlci > $ix.tmp 2>&1 << eof -env; -eof -authDisabled=`cat $ix.tmp | grep AUTHORIZATION | grep disabled` -if [ "$authDisabled" = "" ]; then - echo "Authorization is enabled" -else - echo "Authorization is not initialized, to initialize it" sqlci -i $scriptsdir/tools/reg_users.sql; echo "Authorization has been enabled" -fi -rm -f $ix.tmp 2>$NULL #-- # Run test if the -diff option not specified --
[1/2] incubator-trafodion git commit: TRAFODION-2538 Revoking privileges from role not invoking query invalidation
Repository: incubator-trafodion Updated Branches: refs/heads/master 6155ff1ba -> 1b724a845 TRAFODION-2538 Revoking privileges from role not invoking query invalidation Fixed a issue where query invalidation keys were not being sent correctly when a privilege was revoked from a role. When a table is cached, a list of all the query invalidation keys for the user are stored. Later, when a query is run, the compiler picks the relevant keys and places them in the plan. When a revoke occurs, a key is sent to RMS and the executor processes check for keys at the next execution. If the key affects any caches, the cache entries are refreshed and plans recompiled. Incorrect keys were being created when privileges were revoked from roles, so queries continued to work even though the user had no more privileges. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/a78064b8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/a78064b8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/a78064b8 Branch: refs/heads/master Commit: a78064b89afce13e12cc70024ca110b17b68c792 Parents: 2aac3f7 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Mar 14 23:14:28 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Mar 14 23:14:28 2017 + -- core/sql/common/ComSecurityKey.cpp | 118 +++- core/sql/common/ComSecurityKey.h| 18 ++-- core/sql/common/ComUser.cpp | 11 +++ core/sql/common/ComUser.h | 1 + core/sql/optimizer/BindRelExpr.cpp | 31 ++- core/sql/regress/privs1/EXPECTED120 | 129 --- core/sql/regress/privs1/TEST120 | 33 ++- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 3 + core/sql/sqlcomp/PrivMgrCommands.cpp| 8 +- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 33 --- core/sql/sqlcomp/PrivMgrPrivileges.h| 1 - 11 files changed, 303 insertions(+), 83 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a78064b8/core/sql/common/ComSecurityKey.cpp -- diff --git a/core/sql/common/ComSecurityKey.cpp b/core/sql/common/ComSecurityKey.cpp index f3f52e1..76b88e7 100644 --- a/core/sql/common/ComSecurityKey.cpp +++ b/core/sql/common/ComSecurityKey.cpp @@ -37,6 +37,25 @@ #include "PrivMgrDefs.h" // +// function: qiSubjectMatchesRole +// +// This function compares the subjectKey with the list of roles the current +// user has been granted. If it matches one of the roles, return TRUE, +// otherwise it returns FALSE. +// +NABoolean qiSubjectMatchesRole(uint32_t subjectKey) +{ + NAList roleIDs(NULL); + ComUser::getCurrentUserRoles(roleIDs); + for (int i = 0; i < roleIDs.entries(); i++) + { +if (subjectKey = ComSecurityKey::generateHash(roleIDs[i])) + return TRUE; + } + return FALSE; +} + +// // function: qiCheckForInvalidObject // // This function compares the list of query invalidate keys that changed to @@ -83,6 +102,21 @@ NABoolean qiCheckForInvalidObject (const Int32 numInvalidationKeys, case COM_QI_OBJECT_USAGE: case COM_QI_OBJECT_REFERENCES: case COM_QI_OBJECT_EXECUTE: +for (Int32 j = 0; j < numObjectKeys && !found; j++ ) +{ + ComSecurityKey keyValue = objectKeys[j]; + if ( ( invalidationKeys[i].revokeKey.object == + keyValue.getObjectHashValue() ) && + ( invalidationKeyType == + keyValue.getSecurityKeyType() ) ) + { +if ( invalidationKeys[i].revokeKey.subject == + keyValue.getSubjectHashValue() || + qiSubjectMatchesRole(invalidationKeys[i].revokeKey.subject) ) + found = TRUE; + } +} +break; case COM_QI_USER_GRANT_SPECIAL_ROLE: case COM_QI_USER_GRANT_ROLE: { @@ -120,48 +154,51 @@ NABoolean qiCheckForInvalidObject (const Int32 numInvalidationKeys, // SUBJECT_IS_USER - support for granting roles to user // SUBJECT_IS_ROLE - not supported until we grant roles to roles // +// returns false is unable to build keys // -bool buildSecurityKeys( const int32_t granteeID, -const int32_t roleID, +bool buildSecurityKeys( const int32_t userID, +const int32_t gr
[2/2] incubator-trafodion git commit: Merge [TRAFODION-2538] PR-1010 Revoking privileges from role not invoking query invalidation
Merge [TRAFODION-2538] PR-1010 Revoking privileges from role not invoking query invalidation Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/1b724a84 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/1b724a84 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/1b724a84 Branch: refs/heads/master Commit: 1b724a84538b80d3e79b4bb3201812c50db945e8 Parents: 6155ff1 a78064b Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Thu Mar 16 20:43:51 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Thu Mar 16 20:43:51 2017 + -- core/sql/common/ComSecurityKey.cpp | 118 +++- core/sql/common/ComSecurityKey.h| 18 ++-- core/sql/common/ComUser.cpp | 11 +++ core/sql/common/ComUser.h | 1 + core/sql/optimizer/BindRelExpr.cpp | 31 ++- core/sql/regress/privs1/EXPECTED120 | 129 --- core/sql/regress/privs1/TEST120 | 33 ++- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 3 + core/sql/sqlcomp/PrivMgrCommands.cpp| 8 +- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 33 --- core/sql/sqlcomp/PrivMgrPrivileges.h| 1 - 11 files changed, 303 insertions(+), 83 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/1b724a84/core/sql/optimizer/BindRelExpr.cpp --
[1/2] incubator-trafodion git commit: Fix regression failures for privs1 and privs2
Repository: incubator-trafodion Updated Branches: refs/heads/release2.1 4348ce699 -> b347946df Fix regression failures for privs1 and privs2 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/ba33ebb2 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/ba33ebb2 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/ba33ebb2 Branch: refs/heads/release2.1 Commit: ba33ebb2fda6076d6eeb8510322eb135a4cbf253 Parents: 3eddda4 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Wed Mar 8 01:01:28 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Wed Mar 8 01:01:28 2017 + -- core/sql/regress/tools/runregr_privs1.ksh | 10 -- core/sql/regress/tools/runregr_privs2.ksh | 10 -- 2 files changed, 20 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/ba33ebb2/core/sql/regress/tools/runregr_privs1.ksh -- diff --git a/core/sql/regress/tools/runregr_privs1.ksh b/core/sql/regress/tools/runregr_privs1.ksh index 0f3e4a0..b9bdebf 100755 --- a/core/sql/regress/tools/runregr_privs1.ksh +++ b/core/sql/regress/tools/runregr_privs1.ksh @@ -283,18 +283,8 @@ for ix in $testfiles; do efile=$REGRTSTDIR/$exp fi -sqlci > $ix.tmp 2>&1 << eof -env; -eof -authDisabled=`cat $ix.tmp | grep AUTHORIZATION | grep disabled` -if [ "$authDisabled" = "" ]; then - echo "Authorization is enabled" -else - echo "Authorization is not initialized, to initialize it" sqlci -i $scriptsdir/tools/reg_users.sql; echo "Authorization has been enabled" -fi -rm -f $ix.tmp 2>$NULL #-- # Run test if the -diff option not specified -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/ba33ebb2/core/sql/regress/tools/runregr_privs2.ksh -- diff --git a/core/sql/regress/tools/runregr_privs2.ksh b/core/sql/regress/tools/runregr_privs2.ksh index 320295b..36a9253 100755 --- a/core/sql/regress/tools/runregr_privs2.ksh +++ b/core/sql/regress/tools/runregr_privs2.ksh @@ -283,18 +283,8 @@ for ix in $testfiles; do efile=$REGRTSTDIR/$exp fi -sqlci > $ix.tmp 2>&1 << eof -env; -eof -authDisabled=`cat $ix.tmp | grep AUTHORIZATION | grep disabled` -if [ "$authDisabled" = "" ]; then - echo "Authorization is enabled" -else - echo "Authorization is not initialized, to initialize it" sqlci -i $scriptsdir/tools/reg_users.sql; echo "Authorization has been enabled" -fi -rm -f $ix.tmp 2>$NULL #-- # Run test if the -diff option not specified --
[2/2] incubator-trafodion git commit: Merge privs1 and privs2 regress fix pr 997
Merge privs1 and privs2 regress fix pr 997 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/b347946d Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/b347946d Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/b347946d Branch: refs/heads/release2.1 Commit: b347946df9603a2e91b78d1a08678a3873299247 Parents: 4348ce6 ba33ebb Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Wed Mar 8 21:05:27 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Wed Mar 8 21:05:27 2017 + -- core/sql/regress/tools/runregr_privs1.ksh | 10 -- core/sql/regress/tools/runregr_privs2.ksh | 10 -- 2 files changed, 20 deletions(-) --
[1/2] incubator-trafodion git commit: Added FILTER144 to privs2 regression
Repository: incubator-trafodion Updated Branches: refs/heads/master 59025ccd9 -> a7a295e9b Added FILTER144 to privs2 regression Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/57729e14 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/57729e14 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/57729e14 Branch: refs/heads/master Commit: 57729e14ae92dbcb69058820d8a25f78672f6045 Parents: cc13c6c Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Thu Feb 16 16:26:22 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Thu Feb 16 16:26:22 2017 + -- core/sql/regress/privs2/FILTER144 | 31 +++ 1 file changed, 31 insertions(+) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/57729e14/core/sql/regress/privs2/FILTER144 -- diff --git a/core/sql/regress/privs2/FILTER144 b/core/sql/regress/privs2/FILTER144 new file mode 100755 index 000..91fb2b3 --- /dev/null +++ b/core/sql/regress/privs2/FILTER144 @@ -0,0 +1,31 @@ +#!/bin/sh +# @@@ START COPYRIGHT @@@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# @@@ END COPYRIGHT @@@ + +fil=$1 +if [ "$fil" = "" ]; then + echo "Usage: $0 filename" + exit 1 +fi + +sed " +s/Role T144ROLE1 has been granted privileges on [a-zA-Z0-9_.]*/Role T144ROLE1 has been granted privileges on %dependency%/g +" $fil
[2/2] incubator-trafodion git commit: Merge [TRAFODION-2441] and others pr-957 various fixes for native Hive tables and privileges
Merge [TRAFODION-2441] and others pr-957 various fixes for native Hive tables and privileges Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/cc13c6cc Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/cc13c6cc Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/cc13c6cc Branch: refs/heads/master Commit: cc13c6cc56d1f0725fdf90803808b2aeb1f4f5f2 Parents: f6f4402 db14e39 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Wed Feb 15 15:49:14 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Wed Feb 15 15:49:14 2017 + -- core/sql/bin/SqlciErrors.txt | 4 +- core/sql/common/ComUser.cpp | 27 +++ core/sql/common/ComUser.h | 2 + core/sql/optimizer/BindRelExpr.cpp| 12 +-- core/sql/optimizer/NATable.cpp| 20 +++-- core/sql/optimizer/RelExeUtil.cpp | 30 +++ core/sql/regress/privs1/EXPECTED141 | Bin 100853 -> 102260 bytes core/sql/regress/privs1/TEST123 | 2 +- core/sql/regress/privs1/TEST141 | 10 ++- core/sql/regress/privs2/EXPECTED144 | Bin 59409 -> 59453 bytes core/sql/sqlcomp/CmpDescribe.cpp | 9 ++- core/sql/sqlcomp/CmpSeabaseDDLauth.cpp| 103 ++-- core/sql/sqlcomp/CmpSeabaseDDLauth.h | 1 + core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp | 55 - core/sql/sqlcomp/CmpSeabaseDDLroutine.cpp | 18 + core/sql/sqlcomp/CmpSeabaseDDLschema.cpp | 33 +--- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 74 + core/sql/sqlcomp/CmpSeabaseDDLupgrade.cpp | 7 ++ core/sql/sqlcomp/PrivMgr.cpp | 10 +-- core/sql/sqlcomp/PrivMgr.h| 5 +- core/sql/sqlcomp/PrivMgrCommands.cpp | 65 +-- core/sql/sqlcomp/PrivMgrCommands.h| 6 ++ core/sql/sqlcomp/PrivMgrPrivileges.cpp| 26 -- core/sql/sqlcomp/PrivMgrPrivileges.h | 4 +- core/sql/sqlcomp/PrivMgrRoles.cpp | 106 + core/sql/ustat/hs_globals.cpp | 2 +- 26 files changed, 517 insertions(+), 114 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/cc13c6cc/core/sql/optimizer/BindRelExpr.cpp -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/cc13c6cc/core/sql/optimizer/NATable.cpp -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/cc13c6cc/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp --
[1/2] incubator-trafodion git commit: TRAFODION-2441 user has only select privilege on a table can do ... TRAFODION-2409 support privilege control(column privileges) for hive tables TRAFODION-2423 any
Repository: incubator-trafodion Updated Branches: refs/heads/master f6f4402b5 -> cc13c6cc5 TRAFODION-2441 user has only select privilege on a table can do ... TRAFODION-2409 support privilege control(column privileges) for hive tables TRAFODION-2423 any user can perform 'initialize trafodion, drop' TRAFODION-2435 Any user can perform TRUNCATE on native Hive tables. TRAFODION-2463 Hive: Any user can do update statistics for hive tables Fixed issues found while testing privileges with native Hive. TRAFODION-2441: changed code that initializes owner privileges for views. TRAFODION-2409: returning error message 1328 during attempt to grant unsupported column level privilege on hive table. TRAFODION 2423: added privilege checks for all initialize commands, error 1017 is returned if not DB__ROOT TRAFODION-2435: Returning error 1051 if TRUNCATE is attempted on a hive table where the current user has no privilege TRAFODION-2463: Privilege checks added for Hive table during update statistics Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/db14e392 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/db14e392 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/db14e392 Branch: refs/heads/master Commit: db14e3922cb2d0722d0885f5c248cac2af2b904d Parents: 60c0c42 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Feb 13 23:20:54 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Feb 13 23:20:54 2017 + -- core/sql/bin/SqlciErrors.txt | 4 +- core/sql/common/ComUser.cpp | 27 +++ core/sql/common/ComUser.h | 2 + core/sql/optimizer/BindRelExpr.cpp| 12 +-- core/sql/optimizer/NATable.cpp| 20 +++-- core/sql/optimizer/RelExeUtil.cpp | 30 +++ core/sql/regress/privs1/EXPECTED141 | Bin 100853 -> 102260 bytes core/sql/regress/privs1/TEST123 | 2 +- core/sql/regress/privs1/TEST141 | 10 ++- core/sql/regress/privs2/EXPECTED144 | Bin 59409 -> 59453 bytes core/sql/sqlcomp/CmpDescribe.cpp | 9 ++- core/sql/sqlcomp/CmpSeabaseDDLauth.cpp| 103 ++-- core/sql/sqlcomp/CmpSeabaseDDLauth.h | 1 + core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp | 55 - core/sql/sqlcomp/CmpSeabaseDDLroutine.cpp | 18 + core/sql/sqlcomp/CmpSeabaseDDLschema.cpp | 33 +--- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 74 + core/sql/sqlcomp/CmpSeabaseDDLupgrade.cpp | 7 ++ core/sql/sqlcomp/PrivMgr.cpp | 10 +-- core/sql/sqlcomp/PrivMgr.h| 5 +- core/sql/sqlcomp/PrivMgrCommands.cpp | 65 +-- core/sql/sqlcomp/PrivMgrCommands.h| 6 ++ core/sql/sqlcomp/PrivMgrPrivileges.cpp| 26 -- core/sql/sqlcomp/PrivMgrPrivileges.h | 4 +- core/sql/sqlcomp/PrivMgrRoles.cpp | 106 + core/sql/ustat/hs_globals.cpp | 2 +- 26 files changed, 517 insertions(+), 114 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/db14e392/core/sql/bin/SqlciErrors.txt -- diff --git a/core/sql/bin/SqlciErrors.txt b/core/sql/bin/SqlciErrors.txt index 8afa052..fe99787 100644 --- a/core/sql/bin/SqlciErrors.txt +++ b/core/sql/bin/SqlciErrors.txt @@ -222,8 +222,8 @@ 1224 Z 9 BEGINNER MAJOR DBADMIN An invalid data type was specified for routine parameter $0~String0. 1225 Z 9 BEGINNER MAJOR DBADMIN Mixing EXECUTE privilege with other privileges is not allowed. 1226 Z 9 BEGINNER MAJOR DBADMIN No valid combination of privileges was specified. -1227 Z 9 BEGINNER MAJOR DBADMIN Cannot unregister user. User has been granted privileges. -1228 Z 9 BEGINNER MAJOR DBADMIN Cannot drop role. Role has been granted privileges. +1227 Z 9 BEGINNER MAJOR DBADMIN Cannot unregister user. User $0~String0 has been granted privileges on $1~String1. +1228 Z 9 BEGINNER MAJOR DBADMIN Cannot drop role. Role $0~String0 has been granted privileges on $1~String1. 1229 Z 9 BEGINNER MAJOR DBADMIN The $0~string0 option is not supported. 1230 Z 9 BEGINNER MAJOR DBADMIN Object owner must be the schema owner in private schemas. 1231 Z 9 BEGINNER MAJOR DBADMIN User-defined routine $0~String0 could not be created. http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/db14e392/core/sql/common/ComUser.cpp -- diff --git a/core/sql/common/ComUser.cpp b/core/sql/common/ComUser.cpp index 7e
[1/4] incubator-trafodion git commit: Trafodion-2175
Repository: incubator-trafodion Updated Branches: refs/heads/master 3d215a475 -> 60c0c42c3 Trafodion-2175 Added new regression test privs1/TEST123 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/3209431d Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/3209431d Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/3209431d Branch: refs/heads/master Commit: 3209431da836b29c61229c9f4afb8810830056e7 Parents: b674558 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Jan 30 16:26:34 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Jan 30 16:26:34 2017 + -- core/sql/regress/privs1/EXPECTED123 | 1187 ++ core/sql/regress/privs1/TEST123 | 178 + 2 files changed, 1365 insertions(+) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/3209431d/core/sql/regress/privs1/EXPECTED123 -- diff --git a/core/sql/regress/privs1/EXPECTED123 b/core/sql/regress/privs1/EXPECTED123 new file mode 100644 index 000..bf848b4 --- /dev/null +++ b/core/sql/regress/privs1/EXPECTED123 @@ -0,0 +1,1187 @@ +>> +>>obey TEST123(set_up); +>>get users; + +Users += + +DB__ROOT +SQL_USER1 +SQL_USER10 +SQL_USER2 +SQL_USER3 +SQL_USER4 +SQL_USER5 +SQL_USER6 +SQL_USER7 +SQL_USER8 +SQL_USER9 + +--- SQL operation complete. +>>get roles; + +Roles += + +DB__HBASEROLE +DB__HIVEROLE +DB__LIBMGRROLE +DB__ROOTROLE +PUBLIC + +--- SQL operation complete. +>> +>>get privileges on component sql_operations for "PUBLIC"; + +Privilege information on Component SQL_OPERATIONS for PUBLIC + + +CREATE_SCHEMA +SHOW + +--- SQL operation complete. +>> +>>create role t123_adminrole; + +--- SQL operation complete. +>>create role t123_plannerrole; + +--- SQL operation complete. +>>create role t123_dummyrole; + +--- SQL operation complete. +>>create role t123_ownerrole; + +--- SQL operation complete. +>> +>>grant role t123_adminrole to sql_user1; + +--- SQL operation complete. +>>grant role t123_plannerrole to sql_user1; + +--- SQL operation complete. +>>grant role t123_plannerrole to sql_user2; + +--- SQL operation complete. +>>grant role t123_ownerrole to sql_user5; + +--- SQL operation complete. +>> +>>create schema t123sch authorization t123_ownerrole; + +--- SQL operation complete. +>>set schema t123sch; + +--- SQL operation complete. +>> +>>create table teams ++> (team_number int not null primary key, ++> team_name char(20) not null, ++> team_contact varchar(50) not null, ++> team_contact_number char (10) not null ++> ) ++> ; + +--- SQL operation complete. +>> +>>create table games ++> ( home_team_number int not null, ++> visitor_team_number int not null, ++> game_number int not null primary key, ++> game_time timestamp not null, ++> game_location varchar(50) not null) ++> ; + +--- SQL operation complete. +>> +>>create table players ++> (player_number int not null, ++> player_name varchar (50) not null, ++> player_team_number int not null, ++> player_phone_number char (10) not null, ++> player_details varchar(50), ++> primary key (player_number, player_team_number)) ++> no partition; + +--- SQL operation complete. +>> +>>create sequence players_sequence; + +--- SQL operation complete. +>> +>>grant select on games to sql_user4; + +--- SQL operation complete. +>>grant select on teams to sql_user4; + +--- SQL operation complete. +>>grant select(team_number, team_name) on teams to "PUBLIC"; + +--- SQL operation complete. +>>grant select(player_name, player_number, player_team_number) on players ++> to "PUBLIC"; + +--- SQL operation complete. +>>grant update, delete on games to t123_adminrole; + +--- SQL operation complete. +>>grant update, delete on teams to t123_adminrole; + +--- SQL operation complete. +>>grant insert on games to t123_plannerrole; + +--- SQL operation complete. +>>grant insert on teams to t123_plannerrole; + +--- SQL operation complete. +>>grant all on players to sql_user1; + +--- SQL operation complete. +>> +>>grant usage on sequence players_sequence to t123_plannerrole; + +--- SQL operation complete. +>>grant usage on sequence players_sequence to sql_user1; + +--- SQL operation complete. +>> +>>revoke component privilege "SHOW" on s
[3/4] incubator-trafodion git commit: TRAFODION-2175 a user should only see specific schemas/tables that he has privs
TRAFODION-2175 a user should only see specific schemas/tables that he has privs Fixed a problem with regression test Hive/TEST009. The failed test is showing an additional table being stored in NATable cache. If authorization is enabled, then "get tables" retrieves the list of roles assigned the current user. This causes an additional table to be cached. However, if authorization is off, the role check is not made so the number of entries in cache is less. This causes a regressions failure depending on the environment. Since this is a test for caching, removed the get table commands from the test to avoid the mismatch. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/9e925842 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/9e925842 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/9e925842 Branch: refs/heads/master Commit: 9e925842cc3d8956d2b513c4fecd5a3ac303a125 Parents: 598dc5e Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Jan 31 21:40:52 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Jan 31 21:40:52 2017 + -- core/sql/regress/hive/EXPECTED009 | 64 +++--- core/sql/regress/hive/TEST009 | 4 +-- 2 files changed, 22 insertions(+), 46 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/9e925842/core/sql/regress/hive/EXPECTED009 -- diff --git a/core/sql/regress/hive/EXPECTED009 b/core/sql/regress/hive/EXPECTED009 index 5591aaa..900ff3b 100644 --- a/core/sql/regress/hive/EXPECTED009 +++ b/core/sql/regress/hive/EXPECTED009 @@ -197,16 +197,6 @@ ABC *** ERROR[1118] Creating object TRAFODION."_HV_HIVE_".NEWTABLE3 is not allowed in a reserved system schema. --- SQL operation failed with errors. ->>get tables; - -Tables in Schema TRAFODION._HV_HIVE_ - - -CUSTOMER -ITEM -PROMOTION - SQL operation complete. >> >>-- test creates with a different default schema >>create schema hive_t009; @@ -257,17 +247,6 @@ PROMOTION --- 10 row(s) inserted. >> ->>get tables; - -Tables in Schema TRAFODION.HIVE_T009 - - -SB_HISTOGRAMS -SB_HISTOGRAM_INTERVALS -SB_PERSISTENT_SAMPLES -T009T1 - SQL operation complete. >>drop table t009t1; --- SQL operation complete. @@ -335,20 +314,11 @@ HIVE TRAFODION _HV_HIVE_ PROMOTION TRAFODION
[2/4] incubator-trafodion git commit: Merge branch 'master' into mrg-932
Merge branch 'master' into mrg-932 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/598dc5ed Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/598dc5ed Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/598dc5ed Branch: refs/heads/master Commit: 598dc5ed0aa01ece1bd09de039febaf866fec017 Parents: 3209431 c47d84f Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Jan 31 17:02:54 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Jan 31 17:02:54 2017 + -- core/sql/ustat/hs_cli.cpp | 21 +++- core/sql/ustat/hs_parser.cpp| 13 +++ install/.gitignore | 3 +- install/ambari-installer/Makefile | 26 +++-- install/ambari-installer/meta.template | 34 ++ .../mpack-install/am_install.sh | 17 ++- install/ambari-installer/mpack.json | 46 install/ambari-installer/repo.template | 2 +- .../2.1/package/scripts/trafodiondcs.py | 2 +- .../2.1/package/scripts/trafodionnode.py| 8 +- .../custom-services/TRAFODION/2.1/metainfo.xml | 34 -- install/ambari-installer/traf-mpack/mpack.json | 46 install/ambari-installer/traf_ambari.spec | 14 ++- install/python-installer/db_uninstall.py| 114 +++ install/python-installer/scripts/hadoop_mods.py | 4 + 15 files changed, 275 insertions(+), 109 deletions(-) --
[4/4] incubator-trafodion git commit: merge [TRAFODION-2175] pr 937 a user should only see specific schema/tables ...
merge [TRAFODION-2175] pr 937 a user should only see specific schema/tables ... Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/60c0c42c Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/60c0c42c Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/60c0c42c Branch: refs/heads/master Commit: 60c0c42c35267022f1907cbe5fe0f2b0a604d2eb Parents: 3d215a4 9e92584 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Wed Feb 1 01:00:07 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Wed Feb 1 01:00:07 2017 + -- core/sql/regress/hive/EXPECTED009 | 64 +- core/sql/regress/hive/TEST009 |4 +- core/sql/regress/privs1/EXPECTED123 | 1187 ++ core/sql/regress/privs1/TEST123 | 178 + 4 files changed, 1387 insertions(+), 46 deletions(-) --
[2/2] incubator-trafodion git commit: Merge [TRAFODION-2175] PR-932 a user should only see specific tables and schemas ...
Merge [TRAFODION-2175] PR-932 a user should only see specific tables and schemas ... Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/b6745583 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/b6745583 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/b6745583 Branch: refs/heads/master Commit: b67455830d50cf5e031c5d4ffe4eb162712b5cda Parents: 91c3375 60cdb45 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Jan 30 16:24:47 2017 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Jan 30 16:24:47 2017 + -- core/sql/comexe/ComTdbExeUtil.h | 1 + core/sql/executor/ExExeUtil.h| 15 +- core/sql/executor/ExExeUtilGet.cpp | 892 -- core/sql/generator/GenRelExeUtil.cpp | 2 + core/sql/regress/hive/EXPECTED009| 26 +- 5 files changed, 496 insertions(+), 440 deletions(-) --
[3/5] incubator-trafodion git commit: TRAFODION-2357 log4c++ build error - fixed typo
TRAFODION-2357 log4c++ build error - fixed typo Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/7656dd06 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/7656dd06 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/7656dd06 Branch: refs/heads/master Commit: 7656dd06f6ef3684c16d2586a69fc6bf27003efb Parents: 2ff86e8 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Nov 28 18:13:17 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Nov 28 18:13:17 2016 + -- core/sqf/build-scripts/build.id | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7656dd06/core/sqf/build-scripts/build.id -- diff --git a/core/sqf/build-scripts/build.id b/core/sqf/build-scripts/build.id index 046f049..f4a0522 100755 --- a/core/sqf/build-scripts/build.id +++ b/core/sqf/build-scripts/build.id @@ -39,6 +39,6 @@ if [[ "$USE_GIT" == "1" ]];then id=`git rev-parse --verify --short HEAD` echo $id else - id=id=`date +"%Y%m%d"` + id=`date +"%Y%m%d"` echo $id fi
[5/5] incubator-trafodion git commit: Merge [TRAFODION-2357] pr-855 log4cxx build error
Merge [TRAFODION-2357] pr-855 log4cxx build error Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/acedc3c2 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/acedc3c2 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/acedc3c2 Branch: refs/heads/master Commit: acedc3c204550e21b212d769679f6e3b88598e25 Parents: 0bbd910 d474c67 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Nov 29 16:56:45 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Nov 29 16:56:45 2016 + -- core/conn/odbc/src/odbc/nsksrvrcore/Makefile | 2 +- core/dbsecurity/auth/Makefile| 1 + core/sqf/build-scripts/build.branch | 8 +++- core/sqf/build-scripts/build.id | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) --
[2/5] incubator-trafodion git commit: Merge branch 'master' into traf-2357
Merge branch 'master' into traf-2357 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/2ff86e80 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/2ff86e80 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/2ff86e80 Branch: refs/heads/master Commit: 2ff86e80bf6b705016338e72e8084cb937ebb9dd Parents: e93d518 4e7e478 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Nov 28 17:01:42 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Nov 28 17:01:42 2016 + -- core/conn/jdbcT4/pom.xml| 79 +- core/sqf/.gitignore | 1 + core/sqf/Makefile | 4 +- core/sqf/build-scripts/genverhdr.ksh| 15 +- core/sql/bin/SqlciErrors.txt| 2 + core/sql/comexe/ComTdbExeUtil.cpp | 26 +- core/sql/comexe/ComTdbExeUtil.h | 112 ++- core/sql/common/ComSmallDefs.h | 8 + core/sql/common/NAType.cpp | 201 + core/sql/common/NAType.h| 2 + core/sql/common/OperTypeEnum.h | 8 +- core/sql/executor/ExExeUtil.h | 8 +- core/sql/executor/ExExeUtilGet.cpp | 365 - core/sql/executor/ExExeUtilLoad.cpp | 46 +- core/sql/executor/ExHbaseAccess.cpp | 30 + core/sql/executor/ExHbaseAccess.h | 1 + core/sql/executor/HBaseClient_JNI.cpp | 795 +++ core/sql/executor/HBaseClient_JNI.h | 12 + core/sql/executor/JavaObjectInterface.cpp | 14 + core/sql/executor/JavaObjectInterface.h | 4 +- core/sql/executor/SequenceFileReader.cpp| 127 --- core/sql/executor/SequenceFileReader.h | 12 - core/sql/executor/hiveHook.cpp | 168 +++- core/sql/exp/ExpHbaseDefs.h | 6 + core/sql/exp/ExpHbaseInterface.cpp | 45 ++ core/sql/exp/ExpHbaseInterface.h| 12 +- core/sql/exp/ExpLOBaccess.cpp | 2 - core/sql/exp/ExpPackDefs.cpp| 10 + core/sql/exp/exp_clause.cpp | 35 +- core/sql/exp/exp_clause.h | 4 +- core/sql/exp/exp_clause_derived.h | 169 core/sql/exp/exp_function.cpp | 204 - core/sql/exp/exp_function.h | 35 +- core/sql/exp/exp_like.cpp | 80 ++ core/sql/generator/GenItemFunc.cpp | 42 +- core/sql/generator/GenRelExeUtil.cpp| 77 +- core/sql/optimizer/BindItemExpr.cpp | 21 +- core/sql/optimizer/BindRelExpr.cpp | 8 + core/sql/optimizer/ImplRule.cpp | 2 +- core/sql/optimizer/ItemCache.cpp| 4 +- core/sql/optimizer/ItemExpr.cpp | 41 +- core/sql/optimizer/ItemFunc.h | 104 ++- core/sql/optimizer/NATable.cpp | 186 + core/sql/optimizer/NormItemExpr.cpp | 2 +- core/sql/optimizer/RelRoutine.cpp | 9 +- core/sql/optimizer/RelRoutine.h | 14 +- core/sql/optimizer/SynthType.cpp| 67 +- core/sql/optimizer/hiveHook.h | 116 +-- core/sql/parser/ParKeyWords.cpp | 2 + core/sql/parser/sqlparser.y | 72 +- core/sql/regress/compGeneral/EXPECTED006.SB | 150 core/sql/regress/compGeneral/TEST006| 40 + core/sql/regress/executor/EXPECTED002.SB| 99 ++- core/sql/regress/executor/TEST002 | 29 +- core/sql/regress/seabase/EXPECTED002| 266 +-- core/sql/regress/seabase/EXPECTED012| 52 +- core/sql/regress/seabase/TEST002| 28 + core/sql/regress/seabase/TEST012| 11 + core/sql/sqlcomp/CmpSeabaseDDLrepos.cpp | 19 +- .../java/org/trafodion/sql/HBaseClient.java | 40 + .../java/org/trafodion/sql/HBulkLoadClient.java | 2 - .../org/trafodion/sql/SequenceFileWriter.java | 70 +- core/sql/ustat/hs_globals.cpp | 14 + core/sql/ustat/hs_util.h| 3 +- 64 files changed, 2798 insertions(+), 1434 deletions(-) --
[4/5] incubator-trafodion git commit: Merge branch 'master' into traf-2357
Merge branch 'master' into traf-2357 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/d474c678 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/d474c678 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/d474c678 Branch: refs/heads/master Commit: d474c6785f438c854b243e283dcc2f74c8b9322a Parents: 7656dd0 3b31663 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Nov 28 19:00:33 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Nov 28 19:00:33 2016 + -- core/sql/parser/sqlparser.y | 51 + .../src/asciidoc/_chapters/sql_statements.adoc | 60 2 files changed, 88 insertions(+), 23 deletions(-) --
[4/4] incubator-trafodion git commit: Merge [TRAFODION-2156] pr-845 update reference manual for column level privileges
Merge [TRAFODION-2156] pr-845 update reference manual for column level privileges Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/3b316630 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/3b316630 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/3b316630 Branch: refs/heads/master Commit: 3b316630869a92709f7f84f930ba2a3985510560 Parents: bfa51f1 ebfdd3d Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Nov 28 17:12:50 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Nov 28 17:12:50 2016 + -- .../_chapters/sql_language_elements.adoc| 3 +- .../src/asciidoc/_chapters/sql_statements.adoc | 223 ++- 2 files changed, 124 insertions(+), 102 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/3b316630/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc --
[2/4] incubator-trafodion git commit: TRAFODION-2156 Update SQL reference manual for column level privileges
TRAFODION-2156 Update SQL reference manual for column level privileges Clarified some sections. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/6787ff0d Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/6787ff0d Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/6787ff0d Branch: refs/heads/master Commit: 6787ff0db6f9af23318da229fe2e26329849b848 Parents: 466048a Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Nov 22 16:23:21 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Nov 22 16:23:21 2016 + -- .../src/asciidoc/_chapters/sql_statements.adoc | 40 ++-- 1 file changed, 20 insertions(+), 20 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/6787ff0d/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc -- diff --git a/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc b/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc index 91ac2a2..359291e 100644 --- a/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc +++ b/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc @@ -135,7 +135,7 @@ Use these statements to register users, create roles, and grant and revoke privi | <<alter_user_statement,ALTER USER Statement>> | Changes attributes associated with a user who is registered in the database. | <<create_role_statement,CREATE ROLE Statement>> | Creates an SQL role. | <<drop_role_statement,DROP ROLE Statement>> | Deletes an SQL role. -| <<grant_statement,GRANT Statement>> | Grants access privileges on an SQL object or an SQL objects' columns to specified users or roles. +| <<grant_statement,GRANT Statement>> | Grants access privileges on an SQL object or an SQL object's columns to specified users or roles. | <<grant_component_privilege_statement,GRANT COMPONENT PRIVILEGE Statement>> | Grants one or more component privileges to a user or role. | <<grant_role_statement,GRANT ROLE Statement>> | Grants one or more roles to a user. | <<register_user_statement,REGISTER USER Statement>> | Registers a user in the SQL database, associating the user's login name with a database user name. @@ -4831,9 +4831,8 @@ Specifies the privileges to grant. You can specify these privileges for an objec | REFERENCES [column-list] | Can create constraints that reference the object. | SELECT [column-list] | Can use the select statement. | UPDATE [column-list] | Can use the update statement on table objects. -| USAGE| For libraries, can access a library using the create procedure or create -function statement. This privilege provides you with read access to the libraryâs underlying library -file. For sequences, can use the sequence in a SQL statement. +| USAGE| For libraries, can create procedures and functions on library objects. +For sequence generators, can use the sequence in a SQL statement. | ALL | All the applicable privileges. When you specify all for a table or view, this includes the select, delete, insert, references, and update privileges. When the object is a stored procedure or user-defined function (UDF), only the execute privilege is applied. When the @@ -4843,24 +4842,24 @@ generator, only the usage privilege is applied. * `ON [_object-type_] [_schema_.]_object_` + -Specifies an object on which to grant privileges. _object-type_ can be: +Specifies an object on which to grant privileges. If none is specified, it defaults to TABLE. See <<database_object_names,"Database Object Names>> for more details. _object-type_ can be: -** `[FUNCTION] [_schema_.]_function-name_`, where _function-name_ is the name of a user-defined function (UDF) in the database. -** `[LIBRARY] [_schema_.]_library-name_`, where _library-name_ is the name of a library object in the database. -** `[PROCEDURE] [_schema_.]_procedure-name_`, where _procedure-name_ is the name of a stored procedure in java (SPJ) +** `FUNCTION [_schema_.]_function-name_`, where _function-name_ is the name of a user-defined function (UDF) in the database. +** `LIBRARY [_schema_.]_library-name_`, where _library-name_ is the name of a library object in the database. +** `PROCEDURE [_schema_.]_procedure
[1/4] incubator-trafodion git commit: TRAFODION-2156 Update SQL reference manual for column level privileges
Repository: incubator-trafodion Updated Branches: refs/heads/master bfa51f1cc -> 3b3166308 TRAFODION-2156 Update SQL reference manual for column level privileges Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/466048a8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/466048a8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/466048a8 Branch: refs/heads/master Commit: 466048a8d52cb1cdc4c7f3546cf2fed448e4ec00 Parents: bbbd26e Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Nov 21 20:12:34 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Nov 21 20:12:34 2016 + -- .../_chapters/sql_language_elements.adoc| 3 +- .../src/asciidoc/_chapters/sql_statements.adoc | 217 ++- 2 files changed, 121 insertions(+), 99 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/466048a8/docs/sql_reference/src/asciidoc/_chapters/sql_language_elements.adoc -- diff --git a/docs/sql_reference/src/asciidoc/_chapters/sql_language_elements.adoc b/docs/sql_reference/src/asciidoc/_chapters/sql_language_elements.adoc index 4bd94e8..535286f 100644 --- a/docs/sql_reference/src/asciidoc/_chapters/sql_language_elements.adoc +++ b/docs/sql_reference/src/asciidoc/_chapters/sql_language_elements.adoc @@ -3678,7 +3678,8 @@ privilege granted to the remaining role. the role. The only way to revoke any such privilege is to revoke the role from the user. For more information, see <<roles,Roles>> . - +* Privileges granted on an object can be for all the columns of the object or just a subset of the columns. +Only the following subset of privileges is applicable at the column-level: INSERT, REFERENCES, SELECT, and UPDATE. You can manage privileges by using the GRANT and REVOKE statements. http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/466048a8/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc -- diff --git a/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc b/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc index 2bc2a6d..91ac2a2 100644 --- a/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc +++ b/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc @@ -135,7 +135,7 @@ Use these statements to register users, create roles, and grant and revoke privi | <<alter_user_statement,ALTER USER Statement>> | Changes attributes associated with a user who is registered in the database. | <<create_role_statement,CREATE ROLE Statement>> | Creates an SQL role. | <<drop_role_statement,DROP ROLE Statement>> | Deletes an SQL role. -| <<grant_statement,GRANT Statement>> | Grants access privileges on an SQL object to specified users or roles. +| <<grant_statement,GRANT Statement>> | Grants access privileges on an SQL object or an SQL objects' columns to specified users or roles. | <<grant_component_privilege_statement,GRANT COMPONENT PRIVILEGE Statement>> | Grants one or more component privileges to a user or role. | <<grant_role_statement,GRANT ROLE Statement>> | Grants one or more roles to a user. | <<register_user_statement,REGISTER USER Statement>> | Registers a user in the SQL database, associating the user's login name with a database user name. @@ -4775,7 +4775,8 @@ System Version 0.9.1. Expected Version 1.0.0. [[grant_statement]] == GRANT Statement -The GRANT statement grants access privileges on an SQL object to specified users or roles. +The GRANT statement grants access privileges on an SQL object and its columns to specified users or roles. +Privileges can be granted on the object, on one or more columns, or both. IMPORTANT: This statement works only when authentication and authorization are enabled in {project-name}. For more information, see @@ -4784,30 +4785,34 @@ authorization are enabled in {project-name}. For more information, see ``` GRANT {privilege [,privilege]... |ALL [PRIVILEGES]} ON [object-type] [schema.]object - TO {grantee [,grantee ]...} -[WITH GRANT OPTION] -[[granted] by grantor] + TO {grantee} + [WITH GRANT OPTION] + [[GRANTED] BY grantor] privilege is: -select - | delete - | insert - | references - | upda
[3/4] incubator-trafodion git commit: TRAFODION-2156 Update SQL reference manual for column level privileges
TRAFODION-2156 Update SQL reference manual for column level privileges Fixed spelling Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/ebfdd3d7 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/ebfdd3d7 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/ebfdd3d7 Branch: refs/heads/master Commit: ebfdd3d752a5602bef30d15be3ecdcc8f3829620 Parents: 6787ff0 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Nov 22 17:11:07 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Nov 22 17:11:07 2016 + -- docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/ebfdd3d7/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc -- diff --git a/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc b/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc index 359291e..cbdc2a3 100644 --- a/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc +++ b/docs/sql_reference/src/asciidoc/_chapters/sql_statements.adoc @@ -4859,7 +4859,7 @@ Specifies the _auth-name_ to which you grant privileges. + Specifies the name of an authorization id to which you grant privileges. See <<authorization_ids,authorization ids>>. The authorization id must be a registered database username, an existing role name, or public. the name is a regular -or delimited case-insensitive identifier. Dee <<case_insensitive_delimited_identifiers,case-insensitive delimited identifiers>>. +or delimited case-insensitive identifier. See <<case_insensitive_delimited_identifiers,case-insensitive delimited identifiers>>. If you grant a privilege to public, the privilege remains available to all users, unless it is later revoked from public. * `WITH GRANT OPTION`
[5/5] incubator-trafodion git commit: Merge remote branch 'apache/master' into mrg-851
Merge remote branch 'apache/master' into mrg-851 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/4e7e478f Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/4e7e478f Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/4e7e478f Branch: refs/heads/master Commit: 4e7e478fea9108b61d05907b7054189d4b420994 Parents: f4e83a3 664a2bb Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Nov 28 16:58:57 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Nov 28 16:58:57 2016 + -- core/sql/common/OperTypeEnum.h | 5 +- core/sql/exp/exp_clause.cpp | 5 +- core/sql/exp/exp_function.cpp | 82 core/sql/exp/exp_function.h | 6 +- core/sql/generator/GenItemFunc.cpp | 25 +++- core/sql/optimizer/BindItemExpr.cpp | 5 +- core/sql/optimizer/SynthType.cpp| 41 +++- core/sql/parser/sqlparser.y | 43 +++-- core/sql/regress/compGeneral/EXPECTED006.SB | 52 ++- core/sql/regress/compGeneral/TEST006| 6 ++ 10 files changed, 242 insertions(+), 28 deletions(-) --
[2/5] incubator-trafodion git commit: cleanup
cleanup Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/6723aeab Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/6723aeab Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/6723aeab Branch: refs/heads/master Commit: 6723aeab384b92e0752dfd8425c88d9d3ae80c69 Parents: c0892c3 Author: Anuradha HegdeAuthored: Wed Nov 23 06:35:52 2016 + Committer: Anuradha Hegde Committed: Wed Nov 23 06:35:52 2016 + -- core/conn/jdbcT4/pom.xml | 6 -- 1 file changed, 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/6723aeab/core/conn/jdbcT4/pom.xml -- diff --git a/core/conn/jdbcT4/pom.xml b/core/conn/jdbcT4/pom.xml index 1efa92c..b5e1bbb 100644 --- a/core/conn/jdbcT4/pom.xml +++ b/core/conn/jdbcT4/pom.xml @@ -113,12 +113,6 @@ **/Vproc.java - - ${basedir} - -buildId - -
[1/5] incubator-trafodion git commit: Eliminating use of git command in pom.xml
Repository: incubator-trafodion Updated Branches: refs/heads/master 664a2bb3e -> 4e7e478fe Eliminating use of git command in pom.xml Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/c0892c32 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/c0892c32 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/c0892c32 Branch: refs/heads/master Commit: c0892c320c7153566a9262d97a0d556506613ff0 Parents: 22f577d Author: Anuradha HegdeAuthored: Wed Nov 23 06:25:06 2016 + Committer: Anuradha Hegde Committed: Wed Nov 23 06:25:06 2016 + -- core/conn/jdbcT4/pom.xml | 85 ++- core/sqf/Makefile| 4 +- core/sqf/build-scripts/genverhdr.ksh | 15 +- 3 files changed, 65 insertions(+), 39 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/c0892c32/core/conn/jdbcT4/pom.xml -- diff --git a/core/conn/jdbcT4/pom.xml b/core/conn/jdbcT4/pom.xml index a1b5f89..1efa92c 100644 --- a/core/conn/jdbcT4/pom.xml +++ b/core/conn/jdbcT4/pom.xml @@ -29,7 +29,7 @@ 4.0.0 org.trafodion.jdbc.t4 jdbcT4 - ${TRAFODION_VER} + ${env.TRAFODION_VER} Trafodion JDBC Type4 Driver http://wiki.trafodion.org @@ -41,10 +41,10 @@ test - org.slf4j - slf4j-simple - 1.7.21 - test +org.slf4j + slf4j-simple + 1.7.21 + test @@ -62,6 +62,7 @@ maven-antrun-plugin + 1.8 generate-sources @@ -69,7 +70,7 @@ @@ -77,29 +78,49 @@ run - + + + + org.codehaus.mojo + properties-maven-plugin + 1.0.0 + + + initialize + + read-project-properties + + + +${basedir}/../../sqf/export/include/SCMBuildMan.mf +${basedir}/../../sqf/export/include/buildId + + + + + + - com.github.koraktor - mavanagaiata - 0.7.2 + maven-clean-plugin + 2.4.1 - false - false - ${project.base.dir}/../../../../.git - ddMMM - - - - git-commit - validate - - commit - branch - - - + + + src/main/java/org/trafodion/jdbc/t4 + +**/Vproc.java + + + + ${basedir} + +buildId + + + + @@ -115,10 +136,10 @@ Version ${project.version} ${TRAFODION_VER_PROD} Release ${project.version} -Build release -[${user.name}] -branch ${mvngit.commit.abbrev}-${mvngit.branch} -date ${maven.build.timestamp} + ${Implementation-Version-3} + ${Implementation-Version-4} + ${Implementation-Version-5} + ${Implementation-Version-6} ${project.name} @@ -165,10 +186,4 @@ - - ddMMMyy - ${maven.build.timestamp} - UTF-8 - - http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/c0892c32/core/sqf/Makefile -- diff --git a/core/sqf/Makefile b/core/sqf/Makefile index 21e6e8f..9ab8925 100644 --- a/core/sqf/Makefile +++ b/core/sqf/Makefile @@ -110,7 +110,7 @@ clean: setupdir_clean -cd sqevlog; $(MAKE) clean -cd hbase_utilities; $(MAKE) clean # from genverhdr.ksh - rm -f export/include/SCMBuildStr.h export/include/SCMBuildStr.java + rm -f export/include/SCMBuildStr.h export/include/SCMBuildStr.java export/include/buildId # from makemsg.ksh rm -f sql/scripts/SqlciErrors.[gm] export/bin*/mxcierrors.cat @@ -125,7 +125,7 @@ cleanall: setupdir_clean -cd sqevlog; $(MAKE) cleanall -cd hbase_utilities; $(MAKE) clean # from genverhdr.ksh - rm -f export/include/SCMBuildStr.h export/include/SCMBuildStr.java + rm -f export/include/SCMBuildStr.h export/include/SCMBuildStr.java export/include/buildId # from makemsg.ksh rm -f sql/scripts/SqlciErrors.[gm] export/bin*/mxcierrors.cat
[4/5] incubator-trafodion git commit: Merge [TRAFODION-2357] pr 851 log4cxx build error
Merge [TRAFODION-2357] pr 851 log4cxx build error Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/f4e83a3a Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/f4e83a3a Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/f4e83a3a Branch: refs/heads/master Commit: f4e83a3a920186011f6debe2064fc5e5f8d598ae Parents: f1238e0 19676c3 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Nov 28 16:47:41 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Nov 28 16:47:41 2016 + -- core/conn/jdbcT4/pom.xml | 79 +-- core/sqf/.gitignore | 1 + core/sqf/Makefile| 4 +- core/sqf/build-scripts/genverhdr.ksh | 15 +- 4 files changed, 60 insertions(+), 39 deletions(-) --
[1/2] incubator-trafodion git commit: TRAFODION-2330 Using trafci, a select from a table succeeds even if the user does not have the priv
Repository: incubator-trafodion Updated Branches: refs/heads/master 59cbda3f8 -> 9c712a4aa TRAFODION-2330 Using trafci, a select from a table succeeds even if the user does not have the priv There is a problem when the session user changes in a mxosrvr process. The existing compiler caches are not getting cleared so the new user will be accessing the previous users' caches. This could lead to allowing someone that does not have privileges to gain access to an object. The change is to clear all caches during a session user change operation. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/6cd6be85 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/6cd6be85 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/6cd6be85 Branch: refs/heads/master Commit: 6cd6be853fb1508e7b33d8e12c0fea0a0a8ef044 Parents: 1c8f25b Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Nov 1 05:22:44 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Nov 1 05:22:44 2016 + -- core/sql/arkcmp/CmpContext.cpp | 12 core/sql/arkcmp/CmpContext.h | 2 ++ core/sql/cli/Context.cpp | 14 ++ 3 files changed, 28 insertions(+) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/6cd6be85/core/sql/arkcmp/CmpContext.cpp -- diff --git a/core/sql/arkcmp/CmpContext.cpp b/core/sql/arkcmp/CmpContext.cpp index a256db0..c0ab3a4 100644 --- a/core/sql/arkcmp/CmpContext.cpp +++ b/core/sql/arkcmp/CmpContext.cpp @@ -1157,4 +1157,16 @@ void CmpContext::resetLogmxEventSqlText() delete sqlTextBuf_ ; sqlTextBuf_ = NULL ; } + +void CmpContext::clearAllCaches() +{ + qcache_->makeEmpty(); + schemaDB_->getNATableDB()->setCachingOFF(); + schemaDB_->getNATableDB()->setCachingON(); + schemaDB_->getNARoutineDB()->setCachingOFF(); + schemaDB_->getNARoutineDB()->setCachingON(); + if(histogramCache_) + histogramCache_->invalidateCache(); +} + #endif // NA_CMPDLL http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/6cd6be85/core/sql/arkcmp/CmpContext.h -- diff --git a/core/sql/arkcmp/CmpContext.h b/core/sql/arkcmp/CmpContext.h index 37d2df7..8268639 100644 --- a/core/sql/arkcmp/CmpContext.h +++ b/core/sql/arkcmp/CmpContext.h @@ -479,6 +479,8 @@ public : NAList& ddlObjsList() { return ddlObjs_; } + void clearAllCaches(); + // MV private: // Adding support for multi threaded requestor (multi transactions) handling http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/6cd6be85/core/sql/cli/Context.cpp -- diff --git a/core/sql/cli/Context.cpp b/core/sql/cli/Context.cpp index b454a3a..33b935c 100644 --- a/core/sql/cli/Context.cpp +++ b/core/sql/cli/Context.cpp @@ -2864,7 +2864,21 @@ void ContextCli::completeSetAuthID( // Recreate MXCMP if previously connected and currently connected user id's // are different. if ( recreateMXCMP ) + { + // reset rolelist in anticipation of the new user + resetRoleList(); + + // create all the caches + CmpContextInfo *cmpCntxtInfo; + for (int i = 0; i < cmpContextInfo_.entries(); i++) + { + cmpCntxtInfo = cmpContextInfo_[i]; + cmpCntxtInfo->getCmpContext()->clearAllCaches(); + } + + // clear caches in secondary arkcmps killAndRecreateMxcmp(); + } if (eraseCQDs) {
[2/2] incubator-trafodion git commit: Merge TRAFODION-2327 pull 803 Reduce I/O's when loading objects into caches
Merge TRAFODION-2327 pull 803 Reduce I/O's when loading objects into caches Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/6ce6a8ea Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/6ce6a8ea Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/6ce6a8ea Branch: refs/heads/master Commit: 6ce6a8ea93d186b599fc3811d6be73b1ce34d485 Parents: 48f20cc 1c8f25b Author: Roberta MartonAuthored: Tue Nov 1 00:18:24 2016 + Committer: Roberta Marton Committed: Tue Nov 1 00:18:24 2016 + -- core/sql/cli/Cli.cpp | 44 ++- core/sql/cli/Cli.h | 9 +- core/sql/cli/CliExtern.cpp | 81 +++- core/sql/cli/Context.cpp | 194 core/sql/cli/Context.h | 31 +++-- core/sql/cli/SQLCLIdev.h | 7 + core/sql/common/ComSecurityKey.cpp | 82 core/sql/common/ComSecurityKey.h | 5 + core/sql/optimizer/BindRelExpr.cpp | 6 +- core/sql/optimizer/NARoutine.cpp | 26 ++-- core/sql/optimizer/NATable.cpp | 67 +- core/sql/optimizer/NATable.h | 2 +- core/sql/regress/privs1/TEST120| 4 + core/sql/sqlcomp/CmpMain.cpp | 39 -- core/sql/sqlcomp/CmpMain.h | 1 - core/sql/sqlcomp/CmpSeabaseDDLauth.cpp | 18 +++ core/sql/sqlcomp/CmpSeabaseDDLauth.h | 6 +- 17 files changed, 497 insertions(+), 125 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/6ce6a8ea/core/sql/optimizer/BindRelExpr.cpp -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/6ce6a8ea/core/sql/optimizer/NATable.cpp -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/6ce6a8ea/core/sql/sqlcomp/CmpMain.cpp --
[1/2] incubator-trafodion git commit: TRAFODION-2327 Reduce I/O when loading objects into caches
Repository: incubator-trafodion Updated Branches: refs/heads/master 48f20cc52 -> 6ce6a8ea9 TRAFODION-2327 Reduce I/O when loading objects into caches For each authorization ID (user, role, or PUBLIC), a bitmap containing the accumulated privileges (across all grantors) is stored with the object desc. When the object desc is loaded into cache, the privilege bitmaps associated with the current user, PUBLIC, and the current users' roles are extracted and unioned together to calculate the final set of privileges. This unioned list is used during privilege checking. Today, an I/O is performed to retrieve the list of roles granted to the current user for each object loaded into NATable and NARoutine cache. Since this list does not change unless the current user changes (a new session with a different user) or a grant/revoke role for the current user is performed, these extra I/O's are not needed. To remove the extra I/O's for each object, the list of roles will be stored in the ContextCli. Therefore, this in-memory role list can be used instead of rereading metadata. This checkin creates two new CLI requests: - GetRoleList - returns the list of roles associated with the user If the list exists in ContextCli, it returns the stored values If the list does not exist, it retrieves them from Metadata, stores them and returns the values - ResetRoleList - removes the list of roles from ContextCli The first time GetRoleList is called in a session, the users' roles are stored in ContextCli. They remain in memory until the session ends and restarts as a different user, or another process grants or revokes a role from the current user. If another process revokes a role from the current user, a query invalidation key is created. When the revoke role query invalidation key for the current user is detected, ResetRoleList is called. The next time GetRoleList is called an updated role list is retrieved from metadata and stored in ContextCli. If another process grants a role to the current user, there could be two outcomes. If the current user already has the privilege from another source then nothing happens. If the current user does not have the privilege, then one recompilation is attempted. Prior to performing the retry, code was added to ResetRoleList. The recompilation then gets the latest role list and either succeeds or fails depending on the granted privileges. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/1c8f25b6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/1c8f25b6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/1c8f25b6 Branch: refs/heads/master Commit: 1c8f25b6e61c47383f43633a4ffa7d0bda766cd9 Parents: 2c3c7c5 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Oct 31 14:28:54 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Oct 31 14:28:54 2016 + -- core/sql/cli/Cli.cpp | 44 ++- core/sql/cli/Cli.h | 9 +- core/sql/cli/CliExtern.cpp | 81 +++- core/sql/cli/Context.cpp | 194 core/sql/cli/Context.h | 31 +++-- core/sql/cli/SQLCLIdev.h | 7 + core/sql/common/ComSecurityKey.cpp | 82 core/sql/common/ComSecurityKey.h | 5 + core/sql/optimizer/BindRelExpr.cpp | 6 +- core/sql/optimizer/NARoutine.cpp | 26 ++-- core/sql/optimizer/NATable.cpp | 67 +- core/sql/optimizer/NATable.h | 2 +- core/sql/regress/privs1/TEST120| 4 + core/sql/sqlcomp/CmpMain.cpp | 39 -- core/sql/sqlcomp/CmpMain.h | 1 - core/sql/sqlcomp/CmpSeabaseDDLauth.cpp | 18 +++ core/sql/sqlcomp/CmpSeabaseDDLauth.h | 6 +- 17 files changed, 497 insertions(+), 125 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/1c8f25b6/core/sql/cli/Cli.cpp -- diff --git a/core/sql/cli/Cli.cpp b/core/sql/cli/Cli.cpp index 9d79d90..e953c75 100644 --- a/core/sql/cli/Cli.cpp +++ b/core/sql/cli/Cli.cpp @@ -6616,7 +6616,6 @@ ComDiagsArea = currContext.diags(); } - Lng32 SQLCLI_GetAuthName ( /*IN*/CliGlobals *cliGlobals, /*IN*/Lng32 auth_id, @@ -6716,6 +6715,49 @@ Int32 SQLCLI_GetAuthState ( return CliEpilogue(cliGlobals, NULL, retcode); } +Lng32 SQLCLI_GetRoleList( + CliGlobals * cliGlobals, + Int32 , + Int32 *) + +{ + Lng32 retcode = 0; + + // create initial context, if first call, and add module, if any. + retcode = CliPrologue(cliGlobals, NULL); + if (isERROR(retcode)) +
[1/2] incubator-trafodion git commit: Fixed daily build failure related to privs2/TEST144
Repository: incubator-trafodion Updated Branches: refs/heads/master 6afbeb74a -> 2c3c7c5cc Fixed daily build failure related to privs2/TEST144 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/23841d09 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/23841d09 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/23841d09 Branch: refs/heads/master Commit: 23841d090bd27e588a4a8ca10fb63925884de816 Parents: 94d7864 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Thu Oct 27 17:36:16 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Thu Oct 27 17:36:16 2016 + -- core/sql/regress/privs2/EXPECTED144 | Bin 59186 -> 59408 bytes core/sql/regress/privs2/TEST144 | 7 --- 2 files changed, 4 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/23841d09/core/sql/regress/privs2/EXPECTED144 -- diff --git a/core/sql/regress/privs2/EXPECTED144 b/core/sql/regress/privs2/EXPECTED144 index 8b62d4a..63d458b 100644 Binary files a/core/sql/regress/privs2/EXPECTED144 and b/core/sql/regress/privs2/EXPECTED144 differ http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/23841d09/core/sql/regress/privs2/TEST144 -- diff --git a/core/sql/regress/privs2/TEST144 b/core/sql/regress/privs2/TEST144 index 42e6238..df53a42 100755 --- a/core/sql/regress/privs2/TEST144 +++ b/core/sql/regress/privs2/TEST144 @@ -46,7 +46,7 @@ drop role t144role1; revoke execute on procedure "_LIBMGR_".help from sql_user5 by sql_user3; revoke execute on procedure "_LIBMGR_".help from sql_user3 by sql_user2; -revoke execute on procedure "_LIBMGR_".help from sql_user2 with grant option; +revoke execute on procedure "_LIBMGR_".help from sql_user2; ?section create_db create schema t144user1 authorization sql_user1; @@ -89,7 +89,8 @@ library t144_l2 deterministic no sql final call allow any parallelism state area size 1024 ; drop function if exists gen_time; -create function gen_time(customer_number int) returns (timestamp_value largeint) +create function gen_time(seedValue largeint, numberDays int, startTime largeint) +returns (timestamp_value largeint) language c parameter style sql external name 'genTimestamp' library t144_l2 deterministic no sql final call allow any parallelism state area size 1024 ; @@ -229,7 +230,7 @@ select customer_id, 'NUMBER: ' || gen_random(customer_id, 10) as tenant_id from customers; select customer_name, - 'TIME: ' || cast (gen_time(customer_id) as char(30)) as customer_time_updated + 'TIME: ' || cast (gen_time(customer_id, 5, 212342970132970472) as char(30)) as customer_time_updated from customers; select customer_id, 'NUMBER: ' || gen_random(customer_id, 10) as tenant_id,
[1/2] incubator-trafodion git commit: Added regression test privs2/TEST144
Repository: incubator-trafodion Updated Branches: refs/heads/master 9c0e5ab94 -> 8d8adf141 Added regression test privs2/TEST144 Added regression test privs2/TEST144 and its helpers that contains grant and revoke tests for functions and procedures. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/94d78648 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/94d78648 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/94d78648 Branch: refs/heads/master Commit: 94d786486b8a4560e3c91ec48e8142f1944f573a Parents: de82dfb Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Oct 25 16:59:19 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Oct 25 16:59:19 2016 + -- core/sql/regress/privs2/EXPECTED144 | Bin 0 -> 59186 bytes core/sql/regress/privs2/LOG144 | Bin 0 -> 17980 bytes core/sql/regress/privs2/TEST144 | 241 +++ core/sql/regress/privs2/udfs.cpp| 174 ++ 4 files changed, 415 insertions(+) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/94d78648/core/sql/regress/privs2/EXPECTED144 -- diff --git a/core/sql/regress/privs2/EXPECTED144 b/core/sql/regress/privs2/EXPECTED144 new file mode 100644 index 000..8b62d4a Binary files /dev/null and b/core/sql/regress/privs2/EXPECTED144 differ http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/94d78648/core/sql/regress/privs2/LOG144 -- diff --git a/core/sql/regress/privs2/LOG144 b/core/sql/regress/privs2/LOG144 new file mode 100644 index 000..5738ebc Binary files /dev/null and b/core/sql/regress/privs2/LOG144 differ http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/94d78648/core/sql/regress/privs2/TEST144 -- diff --git a/core/sql/regress/privs2/TEST144 b/core/sql/regress/privs2/TEST144 new file mode 100755 index 000..42e6238 --- /dev/null +++ b/core/sql/regress/privs2/TEST144 @@ -0,0 +1,241 @@ +-- +-- TEST144 - tests grant and revoke privileges for RI constraints +-- +-- @@@ START COPYRIGHT @@@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- +-- @@@ END COPYRIGHT @@@ +-- +-- Tests grant and revoke for functions +-- + +cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; +obey TEST144(clean_up); +log LOG144 clear; +obey TEST144(create_db); +obey TEST144(set_up); +obey TEST144(test_grants); +obey TEST144(test_revokes); +log; +obey TEST144(clean_up); +exit; + +?section clean_up +-- drop database +drop schema if exists t144user1 cascade; + +revoke execute on procedure "_LIBMGR_".help from t144role1; +revoke role t144role1 from sql_user4; +drop role t144role1; + +revoke execute on procedure "_LIBMGR_".help from sql_user5 by sql_user3; +revoke execute on procedure "_LIBMGR_".help from sql_user3 by sql_user2; +revoke execute on procedure "_LIBMGR_".help from sql_user2 with grant option; + +?section create_db +create schema t144user1 authorization sql_user1; +set schema t144user1; + +-- compile cpp programs +set pattern $$QUOTE$$ ; + +sh rm -f ./etest140.dll; +sh sh $$scriptsdir$$/tools/dll-compile.ksh etest140.cpp + 2>&1 | tee LOG144_MD_OUTPUT; +set pattern $$DLL_MD$$ etest140.dll; + +sh rm -f ./udfs.dll; +sh sh $$scriptsdir$$/tools/dll-compile.ksh udfs.cpp + 2>&1 | tee LOG144_UDF_OUTPUT; +set pattern $$DLL_UDF$$ udfs.dll; + +-- create the library for metadata udf +create library t144_l1 file $$QUOTE$$ $$REGRRUNDIR$$/$$DLL_MD$$ $$QUOTE$$ ; +create function t144_translatePrivsBitmap(bitmap largeint) returns (bitmap_str
[2/2] incubator-trafodion git commit: Merge new regression test, PR 781
Merge new regression test, PR 781 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/8d8adf14 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/8d8adf14 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/8d8adf14 Branch: refs/heads/master Commit: 8d8adf141db22c3405ec6e6f544c684eaa09a623 Parents: 9c0e5ab 94d7864 Author: Roberta MartonAuthored: Wed Oct 26 14:46:12 2016 + Committer: Roberta Marton Committed: Wed Oct 26 14:46:12 2016 + -- core/sql/regress/privs2/EXPECTED144 | Bin 0 -> 59186 bytes core/sql/regress/privs2/LOG144 | Bin 0 -> 17980 bytes core/sql/regress/privs2/TEST144 | 241 +++ core/sql/regress/privs2/udfs.cpp| 174 ++ 4 files changed, 415 insertions(+) --
[1/2] incubator-trafodion git commit: [TRAFODION-2301]: Hadoop crash with logs TMUDF
Repository: incubator-trafodion Updated Branches: refs/heads/master e0f18ae8c -> c1be76352 [TRAFODION-2301]: Hadoop crash with logs TMUDF Today the UDF event_log_reader scans all logs, loads events into memory and then discards the rows that are not needed. Waiting until the end to discard rows takes too much memory and causes system issues. The immediate solution is to use predicate pushdown; that is, specify predicates on the query using the event_log_reader UDF to limit the scope of the data flow. These predicates will be pushed into the UDF so the UDF only returns the required rows instead of all the rows. Initially only comparison predicates are pushed down to the event_log_reader UDF. In addition to predicate pushdown, a new option has been added to the event_log_reader UDF - the 's' (statistics) option. This option reports how many log files were accessed, how many records were read, and how many records were returned. By specifying timestamp ranges, severity types, sql_codes, and the like, the number of returned rows can be reduced. Example output: Prior to change: select count(*) from udf(event_log_reader('s')) where severity = 'INFO' and log_ts between '2016-10-18 00:00:00' and '2016-10-18 22:22:22'; (16497) EVENT_LOG_READER results: number log files opened: 113, number log files read: 113, number rows read: 2820, number rows returned: 2736 After change: select count(*) from udf(event_log_reader('s')) where severity = 'INFO' and log_ts between '2016-10-18 00:00:00' and '2016-10-18 22:22:22'; (17046) EVENT_LOG_READER results: number log files opened: 115, number log files read: 115, number rows read: 2823, number rows returned: 109 Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/913d2337 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/913d2337 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/913d2337 Branch: refs/heads/master Commit: 913d2337e029a0f904539a1d9d6ea064f90aa6ab Parents: 1c93857 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Fri Oct 21 01:37:33 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Fri Oct 21 01:37:33 2016 + -- core/sql/regress/udr/TEST103 | 2 +- core/sql/sqludr/SqlUdrPredefLogReader.cpp | 482 + 2 files changed, 420 insertions(+), 64 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/913d2337/core/sql/regress/udr/TEST103 -- diff --git a/core/sql/regress/udr/TEST103 b/core/sql/regress/udr/TEST103 index 8043cc2..4feb957 100644 --- a/core/sql/regress/udr/TEST103 +++ b/core/sql/regress/udr/TEST103 @@ -19,7 +19,7 @@ -- -- @@@ END COPYRIGHT @@@ -- --- This script tests DDL operations associted with libraries +-- This script tests DDL operations associated with libraries -- functions, and procedures -- cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON'; http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/913d2337/core/sql/sqludr/SqlUdrPredefLogReader.cpp -- diff --git a/core/sql/sqludr/SqlUdrPredefLogReader.cpp b/core/sql/sqludr/SqlUdrPredefLogReader.cpp index 47d0e51..ab70018 100644 --- a/core/sql/sqludr/SqlUdrPredefLogReader.cpp +++ b/core/sql/sqludr/SqlUdrPredefLogReader.cpp @@ -27,6 +27,7 @@ #include #include #include +#include #include "sqludr.h" using namespace tmudr; @@ -216,9 +217,14 @@ bool validateCharsAndCopy(char *outBuf, int outBufLen, // The optional [options] argument is a character constant. The // following options are supported: // f: add file name output columns (see below) -// t: turn on tracing // p: force parallel execution on workstation environment with // virtual nodes (debug build only) +// s: displays statistics about the request including: +// number of event files opened +// number of event files read +// number of events read +// number of events returned +// t: turn on tracing // // Returned columns: // @@ -244,10 +250,10 @@ bool validateCharsAndCopy(char *outBuf, int outBufLen, // for each result row. parse_status indicates whether there were // any errors reading the information: // ' ' (two blanks): no errors +// 'C' (as first or second character): character conversion error // 'E' (as first or second character): parse error // 'T' (as first or second character): truncation or over/underflow // occurred -// 'C' (as first or second character): c
[2/2] incubator-trafodion git commit: Merge [TRAFODION-2301] pr 773 Hadoop crashes with logs TMUDF
Merge [TRAFODION-2301] pr 773 Hadoop crashes with logs TMUDF Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/c1be7635 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/c1be7635 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/c1be7635 Branch: refs/heads/master Commit: c1be76352105db922c7f9d36915282effe26a344 Parents: e0f18ae 913d233 Author: Roberta MartonAuthored: Mon Oct 24 14:42:56 2016 + Committer: Roberta Marton Committed: Mon Oct 24 14:42:56 2016 + -- core/sql/regress/udr/TEST103 | 2 +- core/sql/sqludr/SqlUdrPredefLogReader.cpp | 482 + 2 files changed, 420 insertions(+), 64 deletions(-) --
[1/2] incubator-trafodion git commit: [TRAFODION-1758]: A user has dbroot role can't grant component privilege
Repository: incubator-trafodion Updated Branches: refs/heads/master 437108f4f -> 8805eb26c [TRAFODION-1758]: A user has dbroot role can't grant component privilege Privilege checks were not handling role checks correctly. PrivMgrComponentPrivileges::hasWGO is now checking privileges against roles. privs1/TEST137 was updated to test role privileges priv1/TEST120 was added to test query invalidation with roles (forgot to add it for a previous check in) Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/1c938575 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/1c938575 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/1c938575 Branch: refs/heads/master Commit: 1c93857502acd9ef9e14154df6a6e397284acc81 Parents: b12b45e Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Mon Oct 17 20:30:59 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Mon Oct 17 20:30:59 2016 + -- core/sql/parser/sqlparser.y | 11 - core/sql/regress/privs1/EXPECTED120 | 1222 ++ core/sql/regress/privs1/EXPECTED137 | 216 +++- core/sql/regress/privs1/TEST120 | 379 ++ core/sql/regress/privs1/TEST137 | 53 +- core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp | 76 +- 6 files changed, 1910 insertions(+), 47 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/1c938575/core/sql/parser/sqlparser.y -- diff --git a/core/sql/parser/sqlparser.y b/core/sql/parser/sqlparser.y index b498108..8bd9a0b 100755 --- a/core/sql/parser/sqlparser.y +++ b/core/sql/parser/sqlparser.y @@ -27691,13 +27691,6 @@ revoke_role_statement : TOK_REVOKE optional_with_admin_option optional_drop_behavior optional_granted_by { - // revoke_role_statement ::= TOK_REVOKE optional_with_admin_option TOK_ROLE authorization_identifier_list TOK_FROM grantee_list optional_granted_by - - //if ($2 /* optional_with_admin_option */ == TRUE) - //{ - // YYERROR; - //} - $$ = new (PARSERHEAP()) StmtDDLRoleGrant( $4 , /* authorization_identifier_list - role list */ @@ -27855,10 +27848,6 @@ grant_role_statement : TOK_GRANT TOK_ROLE authorization_identifier_list TOK_TO g optional_with_admin_option optional_granted_by { - //if($6 /* optional_with_admin_option */ == TRUE) // "with admin option" specified - //{ - //YYERROR; - //} $$ = new (PARSERHEAP()) StmtDDLRoleGrant( $3 , /*role list*/ http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/1c938575/core/sql/regress/privs1/EXPECTED120 -- diff --git a/core/sql/regress/privs1/EXPECTED120 b/core/sql/regress/privs1/EXPECTED120 new file mode 100644 index 000..d60f4f5 --- /dev/null +++ b/core/sql/regress/privs1/EXPECTED120 @@ -0,0 +1,1222 @@ +>>obey TEST120(tests); +>>-- = +>>-- Design: +>>--t120role1 - owns schema t120sch +>>--t120role2 - contains grants against teams and games +>>--t120role3 - contains grants against teams, games, and standings +>>--t120role4 - control, has no privs granted, make sure revoking +>>--role does not cause recompilations +>>-- +>>--sql_user3 - is schema administrator for schema t120sch +>>--sql_user6 - is granted and revoked privileges directly and +>>--through t120role2 and t120role3 +>>--sql_user9 - control, makes sure revokes from roles does not +>>--affect sql_user9's compiled queries +>>-- +>>--games - multiple roles giving same privileges +>>--teams - multiple privileges through different roles +>>--players - control, not roles involved in privileges +>>--standings - used to test sequence privileges and revoke role +>>--stats - tests revoke PUBLIC authorization ID +>>-- ==
[2/2] incubator-trafodion git commit: merge [TRAFODION-1758] PR 765 A user has dbroot role can't grant component privilege
merge [TRAFODION-1758] PR 765 A user has dbroot role can't grant component privilege Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/8805eb26 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/8805eb26 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/8805eb26 Branch: refs/heads/master Commit: 8805eb26ce2a9cda273a6f1d19a0e48ed6b2bb6e Parents: 437108f 1c93857 Author: Roberta MartonAuthored: Tue Oct 18 15:20:07 2016 + Committer: Roberta Marton Committed: Tue Oct 18 15:20:07 2016 + -- core/sql/parser/sqlparser.y | 11 - core/sql/regress/privs1/EXPECTED120 | 1222 ++ core/sql/regress/privs1/EXPECTED137 | 216 +++- core/sql/regress/privs1/TEST120 | 379 ++ core/sql/regress/privs1/TEST137 | 53 +- core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp | 76 +- 6 files changed, 1910 insertions(+), 47 deletions(-) --
[1/5] incubator-trafodion git commit: [TRAFODION-2167]: Invalid query invalidation keys not working properly
Repository: incubator-trafodion Updated Branches: refs/heads/master ca00ea231 -> b12b45eca http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/3b437720/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp -- diff --git a/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp b/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp index 4ef16c5..d9b1423 100644 --- a/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp +++ b/core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp @@ -10356,6 +10356,27 @@ std::string commandString; SEABASEDDL_INTERNAL_ERROR(commandString.c_str()); } + // update the redef timestamp for the role in auths table + char buf[(roleIDs.size()*12) + 500]; + Int64 redefTime = NA_JulianTimestamp(); + std::string roleList; + for (size_t i = 0; i < roleIDs.size(); i++) + { + if (i > 0) + roleList += ", "; + roleList += to_string((long long int)roleIDs[i]); + } + + str_sprintf(buf, "update %s.\"%s\".%s set auth_redef_time = %Ld " +"where auth_id in (%s)", + systemCatalog.c_str(), SEABASE_MD_SCHEMA, SEABASE_AUTHS, + redefTime, roleList.c_str()); + + ExeCliInterface cliInterface(STMTHEAP); + Int32 cliRC = cliInterface.executeImmediate(buf); + if (cliRC < 0) + cliInterface.retrieveSQLDiagnostics(CmpCommon::diags()); + } //** End of grantRevokeSeabaseRole * http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/3b437720/core/sql/sqlcomp/PrivMgrCommands.cpp -- diff --git a/core/sql/sqlcomp/PrivMgrCommands.cpp b/core/sql/sqlcomp/PrivMgrCommands.cpp index 550ac64..6faf70b 100644 --- a/core/sql/sqlcomp/PrivMgrCommands.cpp +++ b/core/sql/sqlcomp/PrivMgrCommands.cpp @@ -67,96 +67,138 @@ PrivMgrObjectInfo::PrivMgrObjectInfo( // // Class: PrivMgrUserPrivs // -PrivMgrUserPrivs::PrivMgrUserPrivs( +bool PrivMgrUserPrivs::initUserPrivs( + const std::vector & roleIDs, const TrafDesc *priv_desc, - const int32_t userID) + const int32_t userID, + const int64_t objectUID, + ComSecurityKeySet & secKeySet) { - assert (priv_desc); + hasPublicPriv_ = false; // generate PrivMgrUserPrivs from the priv_desc structure TrafDesc *priv_grantees_desc = priv_desc->privDesc()->privGrantees; - TrafDesc *priv_grantee_desc = NULL; - TrafDesc *priv_public_desc = NULL; + NAList descList; - // Find relevant desc for the user + // Find relevant descs for the user while (priv_grantees_desc) { Int32 grantee = priv_grantees_desc->privGranteeDesc()->grantee; +bool addDesc = false; if (grantee == userID) - priv_grantee_desc = priv_grantees_desc->privGranteeDesc(); + addDesc = true; + +if (PrivMgr::isRoleID(grantee)) +{ + if ((std::find(roleIDs.begin(), roleIDs.end(), grantee)) != roleIDs.end()) +addDesc = true; +} if (ComUser::isPublicUserID(grantee)) - priv_public_desc = priv_grantees_desc->privGranteeDesc(); +{ + addDesc = true; + hasPublicPriv_ = true; +} -priv_grantees_desc = priv_grantees_desc->next; - } +// Create a list of PrivMgrDesc contain privileges for user, user's roles, +// and public +if (addDesc) +{ + TrafDesc *objectPrivs = priv_grantees_desc->privGranteeDesc()->objectBitmap; - // If the user has a privilege in the priv_grantees_desc list, use it to - // create the PrivMgrUserPrivs class. - if (priv_grantee_desc) - { + PrivMgrCoreDesc objectDesc(objectPrivs->privBitmapDesc()->privBitmap, + objectPrivs->privBitmapDesc()->privWGOBitmap); + + TrafDesc *priv_grantee_desc = priv_grantees_desc->privGranteeDesc(); + TrafDesc *columnPrivs = priv_grantee_desc->privGranteeDesc()->columnBitmaps; + NAList columnDescs; + while (columnPrivs) + { +PrivMgrCoreDesc columnDesc(columnPrivs->privBitmapDesc()->privBitmap, + columnPrivs->privBitmapDesc()->privWGOBitmap, + columnPrivs->privBitmapDesc()->columnOrdinal); +columnDescs.insert(columnDesc); +columnPrivs = columnPrivs->next; + } -// Set up object level privileges -TrafDesc *objectPrivs = priv_grantee_desc->privGranteeDesc()->objectBitmap; -objectBitmap_ = objectPrivs->privBitmapDesc()->privBitmap; -grantableBitmap_ = objectPrivs->privBitmapDesc()->privWGOBitmap; + PrivMgrDesc privs(priv_grantees_desc->privGranteeDesc()->grantee); + privs.setTablePrivs(objectDesc); + privs.setColumnPrivs(columnDescs); + privs.setHasPublicPriv(hasPublicPriv_); -// Set up column level privileges -// The PrivColList is a key <=> value pair
[4/5] incubator-trafodion git commit: Merge branch 'master' into trafodion-2189
Merge branch 'master' into trafodion-2189 Conflicts: core/sql/optimizer/NATable.cpp core/sql/sqlcomp/PrivMgrDesc.h Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/b10bc1b0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/b10bc1b0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/b10bc1b0 Branch: refs/heads/master Commit: b10bc1b0b03e3c13354fadcfb6fea56a6aab1f3f Parents: 3b43772 66bc826 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Wed Oct 12 23:18:05 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Wed Oct 12 23:18:05 2016 + -- .../SqlCompilerDebugger/ItemExpressionView.cpp | 4 +- core/sql/arkcmp/CmpContext.cpp | 7 +- core/sql/arkcmp/CmpStatement.cpp| 2 + core/sql/arkcmp/CmpStoredProc.cpp | 2 +- core/sql/arkcmp/cmpargs.cpp | 2 +- core/sql/bin/SqlciErrors.txt| 2 +- core/sql/cli/CliExtern.cpp | 16 +- core/sql/cli/Context.cpp| 21 +- core/sql/cli/Globals.cpp| 17 +- core/sql/comexe/ComTdbSort.h| 10 +- core/sql/common/BloomFilter.cpp | 2 +- core/sql/common/ColIndList.h| 4 +- core/sql/common/Collections.cpp | 1 - core/sql/common/Collections.h | 47 ++- core/sql/common/ComExeTrace.cpp | 1 + core/sql/common/Ipc.h | 4 +- core/sql/common/NAMemory.cpp| 2 +- core/sql/common/NATestpoint.cpp | 3 +- core/sql/common/NATraceList.h | 2 +- core/sql/executor/ExHbaseAccess.cpp | 1 + core/sql/executor/ExHbaseDDL.cpp| 2 +- core/sql/executor/ex_sort.cpp | 16 +- core/sql/exp/ExpLOB.h | 4 +- core/sql/exp/ExpPCodeOptimizations.cpp | 2 +- core/sql/exp/ExpPCodeOptsBulk.cpp | 4 +- core/sql/exp/ExpPCodeOptsNativeExpr.cpp | 2 +- core/sql/exp/exp_tuple_desc.cpp | 17 +- core/sql/export/ComDiags.cpp| 4 +- core/sql/generator/GenExplain.cpp | 2 +- core/sql/generator/GenKey.cpp | 2 +- core/sql/generator/GenRelGrby.cpp | 2 +- core/sql/generator/GenRelJoin.cpp | 2 +- core/sql/generator/GenRelMisc.cpp | 3 +- core/sql/generator/GenRelScan.cpp | 2 +- core/sql/generator/GenRelUpdate.cpp | 12 +- core/sql/generator/GenResources.cpp | 2 +- core/sql/generator/Generator.cpp| 16 +- core/sql/langman/LmRoutineJava.cpp | 3 +- core/sql/langman/LmUtility.cpp | 2 +- core/sql/nskgmake/sort/Makefile | 3 +- core/sql/optimizer/Analyzer.cpp | 15 +- core/sql/optimizer/Analyzer.h | 5 + core/sql/optimizer/BindItemExpr.cpp | 6 +- core/sql/optimizer/BindRI.cpp | 2 +- core/sql/optimizer/BindRelExpr.cpp | 11 +- core/sql/optimizer/BindWA.cpp | 1 + core/sql/optimizer/BindWA.h | 2 +- core/sql/optimizer/CacheWA.cpp | 3 + core/sql/optimizer/ColStatDesc.cpp | 20 +- core/sql/optimizer/ControlDB.cpp| 8 +- core/sql/optimizer/EncodedValue.cpp | 3 +- core/sql/optimizer/HDFSHook.cpp | 2 +- core/sql/optimizer/HbaseSearchSpec.h| 52 +-- core/sql/optimizer/ItemFuncUDF.h| 11 +- core/sql/optimizer/ItemOther.h | 2 +- core/sql/optimizer/LargeScopeRules.cpp | 4 +- core/sql/optimizer/MJVIndexBuilder.cpp | 12 +- core/sql/optimizer/MVCandidates.cpp | 10 +- core/sql/optimizer/MVInfo.cpp | 13 +- core/sql/optimizer/MVJoinGraph.cpp | 5 +- core/sql/optimizer/MjvBuilder.cpp | 2 +- core/sql/optimizer/MultiJoin.cpp| 2 +- core/sql/optimizer/MvRefreshBuilder.cpp | 4 +- core/sql/optimizer/NAClusterInfo.cpp| 2 +- core/sql/optimizer/NATable.cpp | 215 ++--- core/sql/optimizer/NATable.h| 9 +- core/sql/optimizer/NodeMap.cpp | 2 +- core/sql/optimizer/NormRelExpr.cpp | 8 +- core/sql/optimizer/NormWA.cpp | 4 +- core/sql/optimizer/NormWA.h | 8 + core/sql/optimizer/OptItemExpr.cpp | 2 +- core/sql/optimizer/OptLogRelExpr.cpp|
[2/2] incubator-trafodion git commit: Merge [TRAFODION-2281] pr 761 Unable to install Kerberos
Merge [TRAFODION-2281] pr 761 Unable to install Kerberos Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/ea16d381 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/ea16d381 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/ea16d381 Branch: refs/heads/master Commit: ea16d38184579de530808589df0b3e664d6c6622 Parents: 36fe30e 2eec584 Author: Roberta MartonAuthored: Thu Oct 13 21:26:14 2016 + Committer: Roberta Marton Committed: Thu Oct 13 21:26:14 2016 + -- core/sqf/sql/scripts/traf_authentication_setup | 2 +- install/installer/traf_config_setup| 5 - install/installer/traf_secure_setup| 25 - install/installer/trafodion_install| 13 +++ 4 files changed, 28 insertions(+), 17 deletions(-) --
[1/3] incubator-trafodion git commit: TRAFODION-2203 - a user can grant privileges that he doesn’t have ...
Repository: incubator-trafodion Updated Branches: refs/heads/master 71b1f8cb8 -> addb9b18d http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/877a8e8a/core/sql/sqlcomp/PrivMgrPrivileges.cpp -- diff --git a/core/sql/sqlcomp/PrivMgrPrivileges.cpp b/core/sql/sqlcomp/PrivMgrPrivileges.cpp index 7b96792..0dbb45b 100644 --- a/core/sql/sqlcomp/PrivMgrPrivileges.cpp +++ b/core/sql/sqlcomp/PrivMgrPrivileges.cpp @@ -44,13 +44,11 @@ #include "ComQueue.h" #include "CmpCommon.h" #include "CmpContext.h" -#include "CmpDDLCatErrorCodes.h" #include "ComSecurityKey.h" #include "NAUserId.h" #include "ComUser.h" #include "CmpSeabaseDDLutil.h" #include "logmxevent_traf.h" -class ColPrivEntry; class ColPrivGrant; class ColumnPrivsMDTable; @@ -239,7 +237,7 @@ public: void clearVisited() { visited_.setColumnOrdinal(columnOrdinal_); - visited_.getPrivDesc().setAllPrivAndWgo(false); + visited_.setAllPrivAndWgo(false); } // sets the current entry to match the original privileges @@ -248,14 +246,14 @@ public: { current_.setColumnOrdinal(columnOrdinal_); current_.setPrivBitmap(privsBitmap_); - current_.setGrantableBitmap(grantableBitmap_); + current_.setWgoBitmap(grantableBitmap_); } // compares the current privileges with the visited grant tree to // see if there are any broken branches NABoolean anyNotVisited() {return current_.getPrivBitmap() != visited_.getPrivBitmap() || - current_.getGrantableBitmap() != visited_.getGrantableBitmap();} + current_.getWgoBitmap() != visited_.getWgoBitmap();} // --- @@ -272,8 +270,8 @@ public: PrivColumnBitmap privsBitmap_; PrivColumnBitmap grantableBitmap_; - ColPrivEntry visited_; - ColPrivEntry current_; + PrivMgrCoreDescvisited_; + PrivMgrCoreDesccurrent_; }; @@ -354,8 +352,8 @@ void static closeColumnList(std::string & columnList); static void deleteRowList(std::vector & rowList); -static ColPrivEntry * findColumnEntry( - std::vector & colPrivsToGrant, +static PrivMgrCoreDesc * findColumnEntry( + NAList & colPrivsToGrant, const int32_t columnsOrdinal); static PrivStatus getColRowsForGrantee( @@ -369,41 +367,14 @@ static void getColRowsForGranteeGrantor( const std::vector & columnRowList, const int32_t granteeID, const int32_t grantorID, - std::vector ); + NAList ); static bool hasAllDMLPrivs( ComObjectType objectType, PrivObjectBitmap privBitmap); -static bool hasGrantedColumnPriv( - const std::vector & columnRowList, - int32_t grantorID, - int32_t granteeID, - const std::vector & colPrivsArray, - PrivStatus & privStatus, - std::string & privilege, - std::vector & grantedColPrivs); - static bool isDelimited( const std::string ); -// * -//ColPrivEntry constructors -// * -ColPrivEntry::ColPrivEntry ( const PrivMgrMDRow ) -{ - PrivMgrMDRow theRow = row; - ColumnPrivsMDRow = static_cast (theRow); - privDesc_.setColumnOrdinal(columnRow.columnOrdinal_); - privDesc_.setPrivBitmap(columnRow.privsBitmap_); - privDesc_.setWgoBitmap(columnRow.grantableBitmap_); - isUpdate_ = false; -} - -ColPrivEntry::ColPrivEntry ( const ColPrivEntry ) -{ - privDesc_ = other.privDesc_; - isUpdate_ = other.isUpdate_; -} // * //PrivMgrPrivileges methods @@ -591,9 +562,8 @@ PrivStatus PrivMgrPrivileges::getPrivsOnObject ( if (generateColumnRowList() == STATUS_ERROR) return STATUS_ERROR; - // Gets all the grantees from the object and column lists - // This list is affected userIDs. The public auth ID is also included if any - // privs were granted. + // Gets all the grantees (userIDs) from the object and column lists + // The public auth ID is also included in this list std::vector userIDs; if (getDistinctUserIDs(objectRowList_, columnRowList_, userIDs) == STATUS_ERROR) return STATUS_ERROR; @@ -613,26 +583,13 @@ PrivStatus PrivMgrPrivileges::getPrivsOnObject ( return STATUS_ERROR; } +// getUserPrivs returns object and column privileges summarized across +// all grantors. if (getUserPrivs(objectType, userID, roleIDs, privsOfTheUser, hasManagePrivileges, NULL ) != STATUS_GOOD) return STATUS_ERROR; - -PrivColList colPrivsList; -PrivColList colGrantableList; -if (getColPrivsForUser(userID,roleIDs,colPrivsList,colGrantableList,NULL) != STATUS_GOOD) - return STATUS_ERROR; - -// the returned list are in column ordinal order, if no privileges have -// been granted on the column,
[2/3] incubator-trafodion git commit: TRAFODION-2203 - a user can grant privileges that he doesn’t have ...
SQL_USER4 to SQL_USER3 not found, revoke request ignored. SQL operation failed with errors. +--- SQL operation complete. >>revoke select (b) on t3 from sql_user3; --- SQL operation complete. >> >>revoke grant option for select (c) on t3 from sql_user3; -*** ERROR[1018] Grant of role or privilege SELECT on TRAFODION.US4.T3 from SQL_USER4 to SQL_USER3 not found, revoke request ignored. +*** WARNING[1018] Grant of role or privilege SELECT WITH GRANT OPTION (columm number 2) on TRAFODION.US4.T3 from SQL_USER4 to SQL_USER3 not found, revoke request ignored. SQL operation failed with errors. +--- SQL operation complete. >> >>revoke grant option for select (d) on t3 from sql_user3; @@ -834,14 +834,14 @@ CREATE TABLE TRAFODION.US4.T4 >> >>revoke grant option for select (b) on t3 from sql_user3; -*** ERROR[1018] Grant of role or privilege SELECT on TRAFODION.US4.T3 from SQL_USER4 to SQL_USER3 not found, revoke request ignored. +*** WARNING[1018] Grant of role or privilege SELECT WITH GRANT OPTION (columm number 1) on TRAFODION.US4.T3 from SQL_USER4 to SQL_USER3 not found, revoke request ignored. SQL operation failed with errors. +--- SQL operation complete. >>revoke grant option for select (b) on t3 from sql_user3 cascade; -*** ERROR[1018] Grant of role or privilege SELECT on TRAFODION.US4.T3 from SQL_USER4 to SQL_USER3 not found, revoke request ignored. +*** WARNING[1018] Grant of role or privilege SELECT WITH GRANT OPTION (columm number 1) on TRAFODION.US4.T3 from SQL_USER4 to SQL_USER3 not found, revoke request ignored. SQL operation failed with errors. +--- SQL operation complete. >>showddl t3; CREATE TABLE TRAFODION.US4.T3 http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/877a8e8a/core/sql/regress/privs2/EXPECTED135 -- diff --git a/core/sql/regress/privs2/EXPECTED135 b/core/sql/regress/privs2/EXPECTED135 index 7aa3fc9..f07ad76 100644 --- a/core/sql/regress/privs2/EXPECTED135 +++ b/core/sql/regress/privs2/EXPECTED135 @@ -400,10 +400,10 @@ CREATE TABLE TRAFODION.T135SCH.T135_T1 ; -- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T135SCH.T135_T1 TO DB__ROOT WITH GRANT OPTION; - GRANT SELECT, INSERT, DELETE, UPDATE, USAGE, REFERENCES ON - TRAFODION.T135SCH.T135_T1 TO SQL_USER1; -GRANT SELECT, INSERT, DELETE, UPDATE, - USAGE, REFERENCES ON TRAFODION.T135SCH.T135_T1 TO SQL_USER2; + GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T135SCH.T135_T1 + TO SQL_USER1; +GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON + TRAFODION.T135SCH.T135_T1 TO SQL_USER2; --- SQL operation complete. >>showddl t135_t2; @@ -417,8 +417,8 @@ CREATE TABLE TRAFODION.T135SCH.T135_T2 ; -- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T135SCH.T135_T2 TO DB__ROOT WITH GRANT OPTION; - GRANT SELECT, INSERT, DELETE, UPDATE, USAGE, REFERENCES ON - TRAFODION.T135SCH.T135_T2 TO SQL_USER2; + GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T135SCH.T135_T2 + TO SQL_USER2; --- SQL operation complete. >>-- user can create view but just have select and references, it is http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/877a8e8a/core/sql/regress/privs2/EXPECTED140 -- diff --git a/core/sql/regress/privs2/EXPECTED140 b/core/sql/regress/privs2/EXPECTED140 index b31683f..72d899e 100644 --- a/core/sql/regress/privs2/EXPECTED140 +++ b/core/sql/regress/privs2/EXPECTED140 @@ -9,7 +9,7 @@ LIST_COUNT 4294967295 LOG FILE LOG140 MESSAGEFILE/mnt/rmarton/gitws/incubator-trafodion/core/sqf/export/ ... MESSAGEFILE LANG US English -MESSAGEFILE VRSN {2016-02-08 16:33 LINUX:EDEV05/rmarton} +MESSAGEFILE VRSN {2016-09-23 23:03 LINUX:EDEV05/rmarton} SQL CATALOGTRAFODION SQL SCHEMA T140_SHARED_VIEWS SQL USER CONNECTED user not connected @@ -616,6 +616,8 @@ Tom White Socks >>-- user3 can propagate select but no insert on table teams >>grant select, insert on teams to sql_user4; +*** WARNING[1013] Not all privileges were granted. You lack grant option for the INSERT privilege. + --- SQL operation complete. >> >>-- user3 can propagate insert on table players http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/877a8e8a/core/sql/sqlcomp/PrivMgrDesc.cpp -- diff --git a/core/sql/sqlcomp/PrivMgrDesc.cpp b/core/sql/sqlcomp/PrivMgrDesc.cpp index 8065f8a..0bd4679 100644 --- a/core/sql/sqlcomp/PrivMgrDesc.cpp +++ b/core/sql/sqlcomp/PrivMgrDesc.cpp @@ -61,10 +61,14 @@ void PrivMgrCoreDesc::setPriv(const PrivType which, priv_.set(SELECT_PRIV, value); priv_.set(INSERT_PRIV, value);
[3/3] incubator-trafodion git commit: Merge [TRAFODION-2203] PR 729 A user can grant a privilege he doesn't have to other users/roles successfully
Merge [TRAFODION-2203] PR 729 A user can grant a privilege he doesn't have to other users/roles successfully Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/addb9b18 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/addb9b18 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/addb9b18 Branch: refs/heads/master Commit: addb9b18d5e274d460110ea2076bdfd69c76e103 Parents: 71b1f8c 877a8e8 Author: Roberta MartonAuthored: Wed Sep 28 14:50:24 2016 + Committer: Roberta Marton Committed: Wed Sep 28 14:50:24 2016 + -- core/sql/bin/SqlciErrors.txt |4 +- core/sql/regress/privs2/EXPECTED129| 16 +- core/sql/regress/privs2/EXPECTED135| 12 +- core/sql/regress/privs2/EXPECTED140|4 +- core/sql/sqlcomp/PrivMgrDesc.cpp | 36 +- core/sql/sqlcomp/PrivMgrDesc.h | 22 +- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 1349 --- core/sql/sqlcomp/PrivMgrPrivileges.h | 78 +- 8 files changed, 668 insertions(+), 853 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/addb9b18/core/sql/bin/SqlciErrors.txt -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/addb9b18/core/sql/regress/privs2/EXPECTED129 -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/addb9b18/core/sql/regress/privs2/EXPECTED135 --
[5/6] incubator-trafodion git commit: [TRAFODION-1794]: Log authentication Information
[TRAFODION-1794]: Log authentication Information Made changes suggested by previous delivery Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/3e05c90d Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/3e05c90d Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/3e05c90d Branch: refs/heads/master Commit: 3e05c90de214174e5735aadcb0ea1232355ababf Parents: 77c6949 Author: Roberta Marton <rmarton@edev07.esgyn.local> Authored: Tue Sep 20 00:04:40 2016 + Committer: Roberta Marton <rmarton@edev07.esgyn.local> Committed: Tue Sep 20 00:04:40 2016 + -- core/conn/odbc/src/odbc/nsksrvrcore/Makefile | 2 +- core/dbsecurity/auth/Makefile| 2 - core/dbsecurity/auth/inc/auth.h | 11 - core/dbsecurity/auth/inc/authEvents.h| 28 +- core/dbsecurity/auth/inc/dbUserAuth.h| 2 + core/dbsecurity/auth/inc/ldapconfignode.h| 46 +++- core/dbsecurity/auth/src/authEvents.cpp | 52 +++- core/dbsecurity/auth/src/dbUserAuth.cpp | 100 +++ core/dbsecurity/auth/src/ldapcheck.cpp | 301 +++--- core/dbsecurity/auth/src/ldapconfignode.cpp | 260 --- 10 files changed, 457 insertions(+), 347 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/3e05c90d/core/conn/odbc/src/odbc/nsksrvrcore/Makefile -- diff --git a/core/conn/odbc/src/odbc/nsksrvrcore/Makefile b/core/conn/odbc/src/odbc/nsksrvrcore/Makefile index 5490cbe..53cb1fb 100644 --- a/core/conn/odbc/src/odbc/nsksrvrcore/Makefile +++ b/core/conn/odbc/src/odbc/nsksrvrcore/Makefile @@ -64,7 +64,7 @@ OBJS = $(OUTDIR)/CommonDiags.o \ $(OUTDIR)/srvrothers.o \ $(OUTDIR)/libmxocore_version.o -INCLUDES = -I. -I../Common -I../EventMsgs -I../SrvrMsg -I../dependencies/include -I../dependencies/linux -I../Krypton/generated_incs -I$(SQ_HOME)/export/include/sql -I$(SQ_HOME)/inc/tmf_tipapi -I$(SQ_HOME)/inc -I$(SQ_HOME)/export/include -I$(SQ_HOME)/sql/nq_w/common -I../OssCfgCl/src -I../CmdCfgDll -I$(PROTOBUFS_INC) -I$(SQ_HOME)/../sql/cli -I$(SQ_HOME)/../dbsecurity/cert/inc -I$(SQ_HOME)/../dbsecurity/auth/inc -I$(SQ_HOME)/../mpi/src/include/intern +INCLUDES = -I. -I../Common -I../EventMsgs -I../SrvrMsg -I../dependencies/include -I../dependencies/linux -I../Krypton/generated_incs -I$(SQ_HOME)/export/include/sql -I$(SQ_HOME)/inc/tmf_tipapi -I$(SQ_HOME)/inc -I$(SQ_HOME)/export/include -I$(SQ_HOME)/sql/nq_w/common -I../OssCfgCl/src -I../CmdCfgDll -I$(PROTOBUFS_INC) -I$(SQ_HOME)/../sql/cli -I$(SQ_HOME)/commonLogger -I$(SQ_HOME)/../dbsecurity/cert/inc -I$(SQ_HOME)/../dbsecurity/auth/inc -I$(SQ_HOME)/../mpi/src/include/intern DEFINES = -DNA_LINUX -DSIZEOF_LONG_INT=4 -DUSE_NEW_PHANDLE -DSQ_GUARDIAN_CALL -D_M_DG -DINC_QPID_EVENT -w http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/3e05c90d/core/dbsecurity/auth/Makefile -- diff --git a/core/dbsecurity/auth/Makefile b/core/dbsecurity/auth/Makefile index acb26f6..9bd67e6 100644 --- a/core/dbsecurity/auth/Makefile +++ b/core/dbsecurity/auth/Makefile @@ -74,8 +74,6 @@ INCLUDES = -I. -I./inc -I ../shared/inc \ LINK_OPTIONS = -L$(LIBEXPDIR) -lldap -lssl -llber -llog4cxx LINK_OPTIONS += $(LNK_FLGS) -COMMON_LIBS = -ltdm_sqlcli -larkcmp_dll - $(LIBEXPDIR)/libsqauth.so: $(OBJS) $(CXX) -fPIC $(DBG_FLAGS) -shared $(GCCMODEXX) -o $@ $(INCLUDES) $(LINK_OPTIONS) $(OBJS) http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/3e05c90d/core/dbsecurity/auth/inc/auth.h -- diff --git a/core/dbsecurity/auth/inc/auth.h b/core/dbsecurity/auth/inc/auth.h index 68d9b42..2b51371 100644 --- a/core/dbsecurity/auth/inc/auth.h +++ b/core/dbsecurity/auth/inc/auth.h @@ -49,17 +49,6 @@ enum UA_Status{ UA_STATUS_PARAM5 = 5 }; -enum AUTH_OUTCOME{ - AUTH_OK = 0, - AUTH_NOT_REGISTERED = 1, - AUTH_MD_NOT_AVAILABLE = 2, - AUTH_USER_INVALID = 3, - AUTH_TYPE_INCORRECT = 4, - AUTH_NO_PASSWORD = 5, - AUTH_REJECTED = 6, - AUTH_FAILED = 7 -}; - // Define a struct to populate the fields needed by authentication audit typedef struct client_info http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/3e05c90d/core/dbsecurity/auth/inc/authEvents.h -- diff --git a/core/dbsecurity/auth/inc/authEvents.h b/core/dbsecurity/auth/inc/authEvents.h index 8c4cefa..cd53ea5 100644 --- a/core/dbsecurity/auth/inc/authEvents.h +++ b/core/dbsecurity/auth/inc/authEvents.h @@ -31,10 +31,28 @@ // For DBSe
[2/2] incubator-trafodion git commit: Merge [TRAFODION-2177, TRAFODION-2188, TRAFODION-2197] pr 685 Various JIRA fixes related to security
Merge [TRAFODION-2177, TRAFODION-2188, TRAFODION-2197] pr 685 Various JIRA fixes related to security Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/c581a16a Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/c581a16a Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/c581a16a Branch: refs/heads/master Commit: c581a16ae27f3da570b93e68bbea5b13812eaabf Parents: 1b51c43 58e0061 Author: Roberta MartonAuthored: Thu Sep 1 22:52:57 2016 + Committer: Roberta Marton Committed: Thu Sep 1 22:52:57 2016 + -- core/sql/regress/privs1/EXPECTED132 | 177 +++--- core/sql/regress/privs1/TEST132 | 39 ++ core/sql/regress/privs2/EXPECTED139 | 155 ++ core/sql/regress/privs2/TEST139 | 34 + core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp | 74 ++- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 8 +- core/sql/ustat/hs_globals.cpp| 57 + 7 files changed, 433 insertions(+), 111 deletions(-) --
[1/2] incubator-trafodion git commit: Various JIRA fixes related to security
Repository: incubator-trafodion Updated Branches: refs/heads/master 1b51c43f5 -> c581a16ae Various JIRA fixes related to security TRAFODION-2177: Revoke combined column privileges from role failed TRAFODION-2188: Insufficient privileges on sample table TRAFODION-2197: column privilege -- mxosrvr crashed 2177: Privilege list for object generated twice causing restrict check to fail 2188: Updated to allow user without create privilege to create sample table 2197: List index was incorrectly specified In addition, relaxed rules on who can run update statistics to include anyone that has SELECT privileges on the target table. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/58e00611 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/58e00611 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/58e00611 Branch: refs/heads/master Commit: 58e006111d3a457cf61efad743f327d9d4822d8a Parents: 5d06605 Author: Roberta MartonAuthored: Thu Sep 1 17:28:20 2016 + Committer: Roberta Marton Committed: Thu Sep 1 17:28:20 2016 + -- core/sql/regress/privs1/EXPECTED132 | 177 +++--- core/sql/regress/privs1/TEST132 | 39 ++ core/sql/regress/privs2/EXPECTED139 | 155 ++ core/sql/regress/privs2/TEST139 | 34 + core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp | 74 ++- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 8 +- core/sql/ustat/hs_globals.cpp| 57 + 7 files changed, 433 insertions(+), 111 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/58e00611/core/sql/regress/privs1/EXPECTED132 -- diff --git a/core/sql/regress/privs1/EXPECTED132 b/core/sql/regress/privs1/EXPECTED132 index d84aee8..6df38e5 100644 --- a/core/sql/regress/privs1/EXPECTED132 +++ b/core/sql/regress/privs1/EXPECTED132 @@ -866,7 +866,7 @@ CREATE SEQUENCE TRAFODION.T132SCH.T132_TEAM_NUMBER_SEQUENCE >>invoke t132_games; -- Definition of Trafodion table TRAFODION.T132SCH.T132_GAMES --- Definition current Thu Feb 25 11:15:40 2016 +-- Definition current Thu Sep 1 16:41:51 2016 ( HOME_TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE @@ -883,7 +883,7 @@ CREATE SEQUENCE TRAFODION.T132SCH.T132_TEAM_NUMBER_SEQUENCE >>invoke t132_teams; -- Definition of Trafodion table TRAFODION.T132SCH.T132_TEAMS --- Definition current Thu Feb 25 11:15:42 2016 +-- Definition current Thu Sep 1 16:41:54 2016 ( TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE @@ -900,7 +900,7 @@ CREATE SEQUENCE TRAFODION.T132SCH.T132_TEAM_NUMBER_SEQUENCE >>invoke t132_giants_games; -- Definition of Trafodion view TRAFODION.T132SCH.T132_GIANTS_GAMES --- Definition current Thu Feb 25 11:15:43 2016 +-- Definition current Thu Sep 1 16:41:57 2016 ( GAME_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE @@ -914,7 +914,7 @@ CREATE SEQUENCE TRAFODION.T132SCH.T132_TEAM_NUMBER_SEQUENCE >>invoke t132_home_teams_games; -- Definition of Trafodion view TRAFODION.T132SCH.T132_HOME_TEAMS_GAMES --- Definition current Thu Feb 25 11:15:45 2016 +-- Definition current Thu Sep 1 16:41:59 2016 ( TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE @@ -984,7 +984,7 @@ ALTER TABLE TRAFODION.T132SCH.T132_GAMES ADD CONSTRAINT >>invoke t132_games; -- Definition of Trafodion table TRAFODION.T132SCH.T132_GAMES --- Definition current Thu Feb 25 11:16:00 2016 +-- Definition current Thu Sep 1 16:42:20 2016 ( HOME_TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE @@ -1179,7 +1179,7 @@ CREATE SEQUENCE TRAFODION.T132SCH.T132_TEAM_NUMBER_SEQUENCE >>invoke t132_games; -- Definition of Trafodion table TRAFODION.T132SCH.T132_GAMES --- Definition current Thu Feb 25 11:16:33 2016 +-- Definition current Thu Sep 1 16:42:56 2016 ( HOME_TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE @@ -1196,7 +1196,7 @@ CREATE SEQUENCE TRAFODION.T132SCH.T132_TEAM_NUMBER_SEQUENCE >>invoke t132_teams; -- Definition of Trafodion table TRAFODION.T132SCH.T132_TEAMS --- Definition current Thu Feb 25 11:16:33 2016 +-- Definition current Thu Sep 1 16:42:56 2016 ( TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE @@ -1213,7 +1213,7 @@ CREATE SEQUENCE TRAFODION.T132SCH.T132_TEAM_NUMBER_SEQUENCE >>invoke t132_giants_games; -- Definition of Trafodion view TRAFODION.T132SCH.T132_GIANTS_GAMES --- Definition current Thu Feb 25 11:16:33 2016 +-- Definition current Thu Sep 1 16:42:56 2016 (
[3/3] incubator-trafodion git commit: Merge TRAFODION-2137 pr 660 Improve metadata access time during query compilation
Merge TRAFODION-2137 pr 660 Improve metadata access time during query compilation Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/47d924b9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/47d924b9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/47d924b9 Branch: refs/heads/master Commit: 47d924b9b7fcdc67f11a64ef368a3f03ab74bbff Parents: d9e8233 77532ef Author: Roberta MartonAuthored: Fri Aug 19 17:42:39 2016 + Committer: Roberta Marton Committed: Fri Aug 19 17:42:39 2016 + -- core/sql/comexe/ComTdb.h| 28 core/sql/common/ComSecurityKey.cpp | 54 +++ core/sql/common/ComSecurityKey.h| 8 ++ core/sql/generator/Generator.cpp| 94 +++- core/sql/generator/Generator.h | 7 +- core/sql/optimizer/NARoutine.cpp| 66 +++-- core/sql/optimizer/NARoutine.h | 2 +- core/sql/optimizer/NATable.cpp | 93 core/sql/optimizer/NATable.h| 5 +- core/sql/regress/privs2/EXPECTED143 | Bin 59506 -> 60014 bytes core/sql/regress/privs2/TEST129 | 2 + core/sql/regress/privs2/TEST143 | 6 + core/sql/sqlcat/TrafDDLdesc.cpp | 50 +++ core/sql/sqlcat/TrafDDLdesc.h | 142 +- core/sql/sqlcomp/CmpSeabaseDDL.h| 4 + core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 71 - core/sql/sqlcomp/PrivMgrCommands.cpp| 127 core/sql/sqlcomp/PrivMgrCommands.h | 14 +- core/sql/sqlcomp/PrivMgrDesc.h | 52 +-- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 207 ++- core/sql/sqlcomp/PrivMgrPrivileges.h| 15 +- core/sql/sqlcomp/PrivMgrRoles.cpp | 59 core/sql/sqlcomp/PrivMgrRoles.h | 4 + 23 files changed, 1009 insertions(+), 101 deletions(-) --
[1/3] incubator-trafodion git commit: TRAFODION [2137] Improve metadata access time during query compilation
Repository: incubator-trafodion Updated Branches: refs/heads/master d9e8233c8 -> 47d924b9b TRAFODION [2137] Improve metadata access time during query compilation A change was made to return privilege information in the descriptor structure instead of getting it when the NATable or NARoutine object is instantiated. For tables, storing privileges in the descriptor structure allows privileges to be saved with other table attributes in the metadata. This improves metadata access time during initial query compilations. Changes: --> At create time or when the object's DDL changes (redeftime), the compiler gets the list of privs for all users. If stored descriptors is enabled, this list is stored as part of the object definition in the TEXT table. -->PrivMgr returns a list of bitmaps for all users granted any priv -->the list of privs is transformed into a VirtTable -->the VirtTable is transformed into TrafDesc -->a packed form of the TrafDesc is stored in the TEXT table --> When an NATable or NARoutine is instantiated, the current user's credentials are extracted from the TrafDesc and stored in the class thereby eliminating the need to perform I/O to get privs for the user. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/c23ad355 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/c23ad355 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/c23ad355 Branch: refs/heads/master Commit: c23ad3559622b9aed0f817db817b5caf7622911d Parents: 0a31bbb Author: Roberta MartonAuthored: Wed Aug 17 17:52:01 2016 + Committer: Roberta Marton Committed: Wed Aug 17 17:52:01 2016 + -- core/sql/comexe/ComTdb.h| 29 core/sql/common/ComSecurityKey.cpp | 54 +++ core/sql/common/ComSecurityKey.h| 8 ++ core/sql/generator/Generator.cpp| 95 +++- core/sql/generator/Generator.h | 7 +- core/sql/optimizer/NARoutine.cpp| 66 +++-- core/sql/optimizer/NARoutine.h | 2 +- core/sql/optimizer/NATable.cpp | 93 core/sql/optimizer/NATable.h| 5 +- core/sql/regress/privs2/EXPECTED143 | Bin 59506 -> 60014 bytes core/sql/regress/privs2/TEST129 | 2 + core/sql/regress/privs2/TEST143 | 6 + core/sql/sqlcat/TrafDDLdesc.cpp | 50 +++ core/sql/sqlcat/TrafDDLdesc.h | 142 +- core/sql/sqlcomp/CmpSeabaseDDL.h| 4 + core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 71 - core/sql/sqlcomp/PrivMgrCommands.cpp| 127 core/sql/sqlcomp/PrivMgrCommands.h | 14 +- core/sql/sqlcomp/PrivMgrDesc.h | 49 +-- core/sql/sqlcomp/PrivMgrPrivileges.cpp | 207 ++- core/sql/sqlcomp/PrivMgrPrivileges.h| 15 +- core/sql/sqlcomp/PrivMgrRoles.cpp | 59 core/sql/sqlcomp/PrivMgrRoles.h | 4 + 23 files changed, 1010 insertions(+), 99 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/c23ad355/core/sql/comexe/ComTdb.h -- diff --git a/core/sql/comexe/ComTdb.h b/core/sql/comexe/ComTdb.h index 03a2f4b..19819f2 100644 --- a/core/sql/comexe/ComTdb.h +++ b/core/sql/comexe/ComTdb.h @@ -44,6 +44,8 @@ #include "exp_expr.h" // subclasses of TDB contain expressions #include "sqlcli.h" #include "ComSmallDefs.h" +#include// list of privilege descriptors +#include "PrivMgrDesc.h"// Privilege descriptors // --- // Classes defined in this file @@ -1143,6 +1145,33 @@ class ComTdbVirtTableSequenceInfo : public ComTdbVirtTableBase Int64 redefTime; }; + +// This class describes object and column privileges and if they are grantable +// (WGO) for an object. Privileges are stored as a vector of PrivMgrDesc's, one +// per distinct grantee. +// +//PrivMgrDesc: +// grantee - Int32 +// objectPrivs - PrivMgrCoreDesc +// columnPrivs - list of PrivMgrCoreDesc +//PrivMgrCoreDesc: +// bitmap of granted privileges +// bitmap of associated WGO (with grant option) +// column ordinal (number) set to -1 for object privs +class ComTdbVirtTablePrivInfo : public ComTdbVirtTableBase +{ + public: + ComTdbVirtTablePrivInfo() +: ComTdbVirtTableBase() +{ + init(); +} + + virtual Int32 size() { return sizeof(ComTdbVirtTablePrivInfo);} + + std::vector *privmgr_desc_list; +}; + class ComTdbVirtTableLibraryInfo : public ComTdbVirtTableBase { public:
[2/3] incubator-trafodion git commit: Fixed review comments for TRAFODION [2137] Improve metadata access changes
Fixed review comments for TRAFODION [2137] Improve metadata access changes Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/77532ef9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/77532ef9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/77532ef9 Branch: refs/heads/master Commit: 77532ef95b9083b9ca578ba923d97b9f6c07a8c2 Parents: c23ad35 Author: Roberta MartonAuthored: Thu Aug 18 22:51:07 2016 + Committer: Roberta Marton Committed: Thu Aug 18 22:51:07 2016 + -- core/sql/comexe/ComTdb.h| 3 +-- core/sql/generator/Generator.cpp| 11 +-- core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 4 ++-- core/sql/sqlcomp/PrivMgrDesc.h | 7 +++ core/sql/sqlcomp/PrivMgrPrivileges.cpp | 8 5 files changed, 15 insertions(+), 18 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/77532ef9/core/sql/comexe/ComTdb.h -- diff --git a/core/sql/comexe/ComTdb.h b/core/sql/comexe/ComTdb.h index 19819f2..6e803d5 100644 --- a/core/sql/comexe/ComTdb.h +++ b/core/sql/comexe/ComTdb.h @@ -44,7 +44,6 @@ #include "exp_expr.h" // subclasses of TDB contain expressions #include "sqlcli.h" #include "ComSmallDefs.h" -#include// list of privilege descriptors #include "PrivMgrDesc.h"// Privilege descriptors // --- @@ -1169,7 +1168,7 @@ class ComTdbVirtTablePrivInfo : public ComTdbVirtTableBase virtual Int32 size() { return sizeof(ComTdbVirtTablePrivInfo);} - std::vector *privmgr_desc_list; + NAList *privmgr_desc_list; }; class ComTdbVirtTableLibraryInfo : public ComTdbVirtTableBase http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/77532ef9/core/sql/generator/Generator.cpp -- diff --git a/core/sql/generator/Generator.cpp b/core/sql/generator/Generator.cpp index f419c1f..77ac6d0 100644 --- a/core/sql/generator/Generator.cpp +++ b/core/sql/generator/Generator.cpp @@ -1749,7 +1749,7 @@ TrafDesc * Generator::createPrivDescs( const ComTdbVirtTablePrivInfo * privInfo, { // When authorization is enabled, each object must have at least one grantee // - the system grant to the object owner - std::vector *privGrantees = privInfo[0].privmgr_desc_list; + NAList *privGrantees = privInfo[0].privmgr_desc_list; DCMPASSERT (privGrantees.size() > 0); TrafDesc * priv_desc = TrafAllocateDDLdesc(DESC_PRIV_TYPE, space); @@ -1758,9 +1758,9 @@ TrafDesc * Generator::createPrivDescs( const ComTdbVirtTablePrivInfo * privInfo, // generate a TrafPrivGranteeDesc for each grantee and // attach to the privileges descriptor (priv_desc) - for (int i = 0; i < privGrantees->size(); i++) + for (int i = 0; i < privGrantees->entries(); i++) { - PrivMgrDesc granteeDesc = (*privGrantees)[i]; + PrivMgrDesc = (*privGrantees)[i]; TrafDesc * curr_grantee_desc = TrafAllocateDDLdesc(DESC_PRIV_GRANTEE_TYPE, space); if (! first_grantee_desc) first_grantee_desc = curr_grantee_desc; @@ -1778,15 +1778,14 @@ TrafDesc * Generator::createPrivDescs( const ComTdbVirtTablePrivInfo * privInfo, // generate a list of TrafPrivBitmapDesc, one for each column and // attach it to the TrafPrivGranteeDesc - std::vector colDescList = granteeDesc.getColumnPrivs(); - size_t numCols = colDescList.size(); + size_t numCols = granteeDesc.getColumnPrivs().entries(); if (numCols > 0) { TrafDesc * first_col_desc = NULL; TrafDesc * prev_col_desc = NULL; for (int j = 0; j < numCols; j++) { - const PrivMgrCoreDesc colBitmap = colDescList[j]; + const PrivMgrCoreDesc colBitmap = granteeDesc.getColumnPrivs()[j]; TrafDesc * curr_col_desc = TrafAllocateDDLdesc(DESC_PRIV_BITMAP_TYPE, space); if (! first_col_desc) first_col_desc = curr_col_desc; http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/77532ef9/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp -- diff --git a/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp b/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp index 59a4817..a4122ec 100644 --- a/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp +++ b/core/sql/sqlcomp/CmpSeabaseDDLtable.cpp @@ -10367,9 +10367,9 @@ ComTdbVirtTablePrivInfo * CmpSeabaseDDL::getSeabasePrivInfo( ComTdbVirtTablePrivInfo *privInfo = new (STMTHEAP)
[2/2] incubator-trafodion git commit: Merge [TRAFODION-2160] pr 656 Metadata upgrade failed with internal error
Merge [TRAFODION-2160] pr 656 Metadata upgrade failed with internal error Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/a0a63630 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/a0a63630 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/a0a63630 Branch: refs/heads/master Commit: a0a6363025d3ee7e68561401d4e0b90f95c94517 Parents: 216088d 5f1ca38 Author: Roberta MartonAuthored: Fri Aug 12 23:40:04 2016 + Committer: Roberta Marton Committed: Fri Aug 12 23:40:04 2016 + -- core/sql/regress/privs2/EXPECTED143 | Bin 59462 -> 59506 bytes core/sql/sqlcomp/PrivMgrMD.cpp | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) --