db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bryan Pendleton (JIRA)" <j...@apache.org>
Subject [jira] Reopened: (DERBY-1847) SELECT statement asserts with XJ001 when attempted to select a newly added column in SQL authorization mode
Date Wed, 27 Dec 2006 02:51:22 GMT
     [ http://issues.apache.org/jira/browse/DERBY-1847?page=all ]

Bryan Pendleton reopened DERBY-1847:
------------------------------------

      Assignee:     (was: Mamta A. Satoor)
             
I think there is a problem in this fix. I think that the problem is that
when DataDictionaryImpl.updateSYSCOLPERMSforAddColumnToUserTable
updates the SYSCOLPERMS table, it updates the table by partial
key value. That means that each time the updateRow() call is made,
the COLUMNS column in SYSCOLPERMS is updated for *all* the
SYSCOLPERMS in that particular table, not just for the particular
SYSCOLPERMS row that we are working with at that instant.

I think that the routine uses a partial key to find all the ColPermsDescriptor
entries for this table, but when it updates those rows, I think it needs
to use a full key, not a partial key.

Here's a short script which I believe demonstrates the problem. Note that
in the second fetch from SYSCOLPERMS, all the COLUMNS values have
been changed to {0}.

-bash-2.05b$ java -Dderby.database.sqlAuthorization=true org.apache.derby.tools.ij repro.sql
ij version 10.3
ij> connect 'jdbc:derby:d1847;create=true';
WARNING 01J14: SQL authorization is being used without first enabling authentication.
ij> create table t (a int, b int, c int);
0 rows inserted/updated/deleted
ij> grant select (a) on t to first_user;
0 rows inserted/updated/deleted
ij> grant update (b) on t to second_user;
0 rows inserted/updated/deleted
ij> grant select (c) on t to third_user;
0 rows inserted/updated/deleted
ij> select grantee, type, columns from sys.syscolperms;
GRANTEE                                                                                  
                                      |&|COLUMNS
--------------------------------------------------------------------------------------------------------------------------------------------------
FIRST_USER                                                                               
                                      |s|{0}
SECOND_USER                                                                              
                                      |u|{1}
THIRD_USER                                                                               
                                      |s|{2}

3 rows selected
ij> alter table t add column d int;
0 rows inserted/updated/deleted
ij> select grantee, type, columns from sys.syscolperms;
GRANTEE                                                                                  
                                      |&|COLUMNS
--------------------------------------------------------------------------------------------------------------------------------------------------
FIRST_USER                                                                               
                                      |s|{0}
SECOND_USER                                                                              
                                      |u|{0}
THIRD_USER                                                                               
                                      |s|{0}

3 rows selected
ij> quit;
-bash-2.05b$ cat repro.sql
connect 'jdbc:derby:d1847;create=true';
create table t (a int, b int, c int);
grant select (a) on t to first_user;
grant update (b) on t to second_user;
grant select (c) on t to third_user;
select grantee, type, columns from sys.syscolperms;
alter table t add column d int;
select grantee, type, columns from sys.syscolperms;
quit;


> SELECT statement asserts with XJ001 when attempted to select a newly added column in
SQL authorization mode
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1847
>                 URL: http://issues.apache.org/jira/browse/DERBY-1847
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.2.1.6, 10.3.0.0, 10.2.2.0
>         Environment: Any
>            Reporter: Yip Ng
>             Fix For: 10.3.0.0, 10.2.1.8
>
>         Attachments: DERBY1846_V1_diff_AddColumnAndGrantRevoke.txt, DERBY1846_V1_stat_AddColumnAndGrantRevoke.txt
>
>
> Following script causes the select statement below to assert in sane build. 
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (c1 int, c2 int);
> 0 rows inserted/updated/deleted
> ij> grant select(c1,c2) on t1 to user2;
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> set connection user1;
> ij(USER1)> alter table t1 add c3 int;
> 0 rows inserted/updated/deleted
> ij(USER1)> set connection user2;
> ij(USER2)> select c3 from user1.t1;
> ERROR XJ001: Java exception: 'ASSERT FAILED Attempt to get a bit position (2)that exceeds
the max length (2): org.apache.derby.shared.common.sanity.AssertFailure'.
> stack trace:
> org.apache.derby.shared.common.sanity.AssertFailure: ASSERT FAILED Attempt to get a bit
position (1)that exceeds the max length (1)
> 	at org.apache.derby.shared.common.sanity.SanityManager.THROWASSERT(SanityManager.java:149)
> 	at org.apache.derby.iapi.services.io.FormatableBitSet.isSet(FormatableBitSet.java:614)
> 	at org.apache.derby.iapi.services.io.FormatableBitSet.get(FormatableBitSet.java:643)
> 	at org.apache.derby.iapi.sql.dictionary.StatementColumnPermission.check(StatementColumnPermission.java:119)
> 	at org.apache.derby.impl.sql.conn.GenericAuthorizer.authorize(GenericAuthorizer.java:158)
> 	at org.apache.derby.exe.ac601a400fx010dxaa5bx09e8x00000013b9400.fillResultSet(Unknown
Source)
> 	at org.apache.derby.exe.ac601a400fx010dxaa5bx09e8x00000013b9400.execute(Unknown Source)
> 	at org.apache.derby.impl.sql.GenericActivationHolder.execute(GenericActivationHolder.java:327)
> 	at org.apache.derby.impl.sql.GenericPreparedStatement.execute(GenericPreparedStatement.java:356)
> 	at org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(EmbedStatement.java:1182)
> 	at org.apache.derby.impl.jdbc.EmbedStatement.execute(EmbedStatement.java:585)
> 	at org.apache.derby.impl.jdbc.EmbedStatement.execute(EmbedStatement.java:517)
> 	at org.apache.derby.impl.tools.ij.ij.executeImmediate(ij.java:321)
> 	at org.apache.derby.impl.tools.ij.utilMain.doCatch(utilMain.java:517)
> 	at org.apache.derby.impl.tools.ij.utilMain.runScriptGuts(utilMain.java:370)
> 	at org.apache.derby.impl.tools.ij.utilMain.go(utilMain.java:268)
> 	at org.apache.derby.impl.tools.ij.Main.go(Main.java:204)
> 	at org.apache.derby.impl.tools.ij.Main.mainCore(Main.java:170)
> 	at org.apache.derby.impl.tools.ij.Main14.main(Main14.java:56)
> 	at org.apache.derby.tools.ij.main(ij.java:71)
> sysinfo:
> ------------------ Java Information ------------------
> Java Version:    1.4.2_12
> Java Vendor:     Sun Microsystems Inc.
> Java home:       C:\Program Files\Java\j2re1.4.2_12
> Java classpath:  classes;.
> OS name:         Windows XP
> OS architecture: x86
> OS version:      5.1
> Java user name:  Yip
> Java user home:  C:\Documents and Settings\Yip
> Java user dir:   C:\work3\derby\trunk
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\trunk\classes] 10.3.0.0 alpha - (443080)
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale :  [English/United States [en_US]]
> Found support for locale: [de_DE]
>          version: 10.3.0.0 alpha - (443080)
> Found support for locale: [es]
>          version: 10.3.0.0 alpha - (443080)
> Found support for locale: [fr]
>          version: 10.3.0.0 alpha - (443080)
> Found support for locale: [it]
>          version: 10.3.0.0 alpha - (443080)
> Found support for locale: [ja_JP]
>          version: 10.3.0.0 alpha - (443080)
> Found support for locale: [ko_KR]
>          version: 10.3.0.0 alpha - (443080)
> Found support for locale: [pt_BR]
>          version: 10.3.0.0 alpha - (443080)
> Found support for locale: [zh_CN]
>          version: 10.3.0.0 alpha - (443080)
> Found support for locale: [zh_TW]
>          version: 10.3.0.0 alpha - (443080)
> ------------------------------------------------------

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message