hawq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From w...@apache.org
Subject incubator-hawq git commit: HAWQ-1226. HAWQ core dump due to enable ranger while RPS is down
Date Wed, 21 Dec 2016 05:35:41 GMT
Repository: incubator-hawq
Updated Branches:
  refs/heads/master b7ee35aaf -> b6a82951e


HAWQ-1226. HAWQ core dump due to enable ranger while RPS is down


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/b6a82951
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/b6a82951
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/b6a82951

Branch: refs/heads/master
Commit: b6a82951eeb5218cb4d22659281812fd7b2b98da
Parents: b7ee35a
Author: interma <interma@outlook.com>
Authored: Wed Dec 21 12:02:14 2016 +0800
Committer: interma <interma@outlook.com>
Committed: Wed Dec 21 12:02:14 2016 +0800

----------------------------------------------------------------------
 src/backend/libpq/be-secure.c  |   3 +
 src/backend/libpq/rangerrest.c | 860 +++++++++++++++++++-----------------
 src/include/utils/rangerrest.h |   6 +-
 src/test/regress/checkinc.py   |   3 +-
 4 files changed, 455 insertions(+), 417 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/b6a82951/src/backend/libpq/be-secure.c
----------------------------------------------------------------------
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c
index 06fb8d1..c3e4b91 100644
--- a/src/backend/libpq/be-secure.c
+++ b/src/backend/libpq/be-secure.c
@@ -318,6 +318,8 @@ rloop:
  * This function holds an interrupt before reporting this error to avoid
  * a self deadlock situation, see MPP-13718 for more info.
  */
+
+/* no used now, avoid compile warnning
 static void
 report_commerror(const char *err_msg)
 {
@@ -329,6 +331,7 @@ report_commerror(const char *err_msg)
 
 	RESUME_INTERRUPTS();
 }
+*/
 
 /*
  *	Write data to a secure connection.

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/b6a82951/src/backend/libpq/rangerrest.c
----------------------------------------------------------------------
diff --git a/src/backend/libpq/rangerrest.c b/src/backend/libpq/rangerrest.c
index b5260a1..e50c3e1 100644
--- a/src/backend/libpq/rangerrest.c
+++ b/src/backend/libpq/rangerrest.c
@@ -24,60 +24,72 @@
  *
  *-------------------------------------------------------------------------
  */
-
 #include "utils/rangerrest.h"
-
 /*
  * A mapping from AclObjectKind to string
  */
 char* AclObjectKindStr[] =
 {
-    "table",             /* pg_class */
-    "sequence",          /* pg_sequence */
-    "database",          /* pg_database */
-    "function",          /* pg_proc */
-    "operator",          /* pg_operator */
-    "type",              /* pg_type */
-    "language",          /* pg_language */
-    "namespace",         /* pg_namespace */
-    "oplass",            /* pg_opclass */
-    "conversion",        /* pg_conversion */
-    "tablespace",        /* pg_tablespace */
-    "filespace",         /* pg_filespace */
-    "filesystem",        /* pg_filesystem */
-    "fdw",               /* pg_foreign_data_wrapper */
-    "foreign_server",    /* pg_foreign_server */
-    "protocol",          /* pg_extprotocol */
-    "none"               /* MUST BE LAST */
+	"table",             /* pg_class */
+	"sequence",          /* pg_sequence */
+	"database",          /* pg_database */
+	"function",          /* pg_proc */
+	"operator",          /* pg_operator */
+	"type",              /* pg_type */
+	"language",          /* pg_language */
+	"namespace",         /* pg_namespace */
+	"oplass",            /* pg_opclass */
+	"conversion",        /* pg_conversion */
+	"tablespace",        /* pg_tablespace */
+	"filespace",         /* pg_filespace */
+	"filesystem",        /* pg_filesystem */
+	"fdw",               /* pg_foreign_data_wrapper */
+	"foreign_server",    /* pg_foreign_server */
+	"protocol",          /* pg_extprotocol */
+	"none"               /* MUST BE LAST */
 };
 
 RangerACLResult parse_ranger_response(char* buffer)
 {
-    Assert(buffer != NULL);
-    if (strlen(buffer) == 0)
-        return RANGERCHECK_UNKNOWN;
-
-    elog(LOG, "read from Ranger Restful API: %s", buffer);
-
-    struct json_object *response = json_tokener_parse(buffer);
-    struct json_object *accessObj = json_object_object_get(response, "access");
-
-    int arraylen = json_object_array_length(accessObj);
-    elog(LOG, "Array Length: %dn",arraylen);
-
-    json_object * jvalue;
-    json_object * jallow;
-    json_bool result;
-    // here should return which table's acl check failed in future.
-    for (int i=0; i< arraylen; i++){
-      jvalue = json_object_array_get_idx(accessObj, i);
-      jallow = json_object_object_get(jvalue, "allowed");
-      result = json_object_get_boolean(jallow);
-      if(result != 1){
-        return RANGERCHECK_NO_PRIV;
-      }
-    }
-    return RANGERCHECK_OK;
+	Assert(buffer != NULL);
+	if (strlen(buffer) == 0)
+		return RANGERCHECK_UNKNOWN;
+
+	elog(LOG, "read from Ranger Restful API: %s", buffer);
+
+	struct json_object *response = json_tokener_parse(buffer);
+	if (response == NULL) 
+	{
+		elog(WARNING, "json_tokener_parse failed");
+		return RANGERCHECK_NO_PRIV;
+	}
+
+	struct json_object *accessObj = NULL;
+	if (!json_object_object_get_ex(response, "access", &accessObj))
+	{
+		elog(WARNING, "get json access field failed");
+		return RANGERCHECK_NO_PRIV;
+	}
+
+	int arraylen = json_object_array_length(accessObj);
+	elog(LOG, "Array Length: %d",arraylen);
+
+	// here should return which table's acl check failed in future.
+	for (int i=0; i< arraylen; i++){
+		struct json_object *jvalue = NULL;
+		struct json_object *jallow = NULL;
+
+		jvalue = json_object_array_get_idx(accessObj, i);
+		if (!json_object_object_get_ex(jvalue, "allowed", &jallow))
+		{
+			return RANGERCHECK_NO_PRIV;
+		}
+		json_bool result = json_object_get_boolean(jallow);
+		if(result != 1){
+			return RANGERCHECK_NO_PRIV;
+		}
+	}
+	return RANGERCHECK_OK;
 
 }
 
@@ -86,132 +98,132 @@ RangerACLResult parse_ranger_response(char* buffer)
  */
 json_object *create_ranger_request_json_batch(List *args)
 {
-  json_object *juser = NULL;
-  json_object *jaccess = json_object_new_array();
-  json_object *jrequest = json_object_new_object();
-  char *user = NULL;
-  ListCell *arg;
-  
-  foreach(arg, args)
-  {
-    RangerRequestJsonArgs *arg_ptr = (RangerRequestJsonArgs *) lfirst(arg);
-    if (user == NULL)
-    {
-      user = arg_ptr->user;
-      juser = json_object_new_string(user);
-    }
-    AclObjectKind kind = arg_ptr->kind;
-    char* object = arg_ptr->object;
-    Assert(user != NULL && object != NULL && privilege != NULL &&
arg_ptr->isAll);
-    elog(LOG, "build json for ranger request, user:%s, kind:%s, object:%s",
-         user, AclObjectKindStr[kind], object);
-    
-    json_object *jresource = json_object_new_object();
-    json_object *jelement = json_object_new_object();
-    json_object *jactions = json_object_new_array();
-
-    switch(kind)
-    {
-        case ACL_KIND_CLASS:
-        case ACL_KIND_SEQUENCE:
-        case ACL_KIND_PROC:
-        case ACL_KIND_NAMESPACE:
-        case ACL_KIND_LANGUAGE:
-        {
-            char *ptr = NULL; char *name = NULL;
-            char *first = NULL; // could be a database or protocol or tablespace
-            char *second = NULL; // could be a schema or language
-            char *third = NULL; // could be a table or sequence or function
-            int idx = 0;
-            for (name = strtok_r(object, ".", &ptr);
-                 name;
-                 name = strtok_r(NULL, ".", &ptr), idx++)
-            {
-                if (idx == 0)
-                {
-                    first = pstrdup(name);
-                }
-                else if (idx == 1)
-                {
-                    second = pstrdup(name);
-                }
-                else
-                {
-                    third = pstrdup(name);
-                }
-            }
-
-            if (first != NULL)
-            {
-                json_object *jfirst = json_object_new_string(first);
-                json_object_object_add(jresource, "database", jfirst);
-            }
-            if (second != NULL)
-            {
-                json_object *jsecond = json_object_new_string(second);
-                json_object_object_add(jresource,
-                        (kind == ACL_KIND_LANGUAGE) ? "language" : "schema", jsecond);
-            }
-            if (third != NULL)
-            {
-                json_object *jthird = json_object_new_string(third);
-                json_object_object_add(jresource,
-                         (kind == ACL_KIND_CLASS) ? "table" :
-                         (kind == ACL_KIND_SEQUENCE) ? "sequence" : "function", jthird);
-            }
-
-            if (first != NULL)
-                pfree(first);
-            if (second != NULL)
-                pfree(second);
-            if (third != NULL)
-                pfree(third);
-            break;
-        }
-        case ACL_KIND_OPER:
-        case ACL_KIND_CONVERSION:
-        case ACL_KIND_DATABASE:
-        case ACL_KIND_TABLESPACE:
-        case ACL_KIND_TYPE:
-        case ACL_KIND_FILESYSTEM:
-        case ACL_KIND_FDW:
-        case ACL_KIND_FOREIGN_SERVER:
-        case ACL_KIND_EXTPROTOCOL:
-        {
-            json_object *jobject = json_object_new_string(object);
-            json_object_object_add(jresource, AclObjectKindStr[kind], jobject);
-            break;
-        }
-        default:
-            elog(ERROR, "unrecognized objkind: %d", (int) kind);
-    } // switch
-
-    json_object_object_add(jelement, "resource", jresource);
-    
-    //ListCell *cell;
-    //foreach(cell, arg_ptr->actions)
-    //{
-      char tmp[7] = "select";
-      json_object* jaction = json_object_new_string((char *)tmp);
-      //json_object* jaction = json_object_new_string((char *)cell->data.ptr_value);
-      json_object_array_add(jactions, jaction);
-    //}
-    json_object_object_add(jelement, "privileges", jactions);
-    json_object_array_add(jaccess, jelement);
-
-  } // foreach
-
-  json_object_object_add(jrequest, "user", juser);
-  json_object_object_add(jrequest, "access", jaccess);
-
-  json_object *jreqid = json_object_new_string("1");
-  json_object_object_add(jrequest, "requestId", jreqid);
-  json_object *jclientip = json_object_new_string("123.0.0.21");
-  json_object_object_add(jrequest, "clientIp", jclientip);
-  json_object *jcontext = json_object_new_string("SELECT * FROM DDDDDDD");
-  json_object_object_add(jrequest, "context", jcontext);
-
-  return jrequest;
+	json_object *juser = NULL;
+	json_object *jaccess = json_object_new_array();
+	json_object *jrequest = json_object_new_object();
+	char *user = NULL;
+	ListCell *arg;
+
+	foreach(arg, args)
+	{
+		RangerRequestJsonArgs *arg_ptr = (RangerRequestJsonArgs *) lfirst(arg);
+		if (user == NULL)
+		{
+			user = arg_ptr->user;
+			juser = json_object_new_string(user);
+		}
+		AclObjectKind kind = arg_ptr->kind;
+		char* object = arg_ptr->object;
+		Assert(user != NULL && object != NULL && privilege != NULL && arg_ptr->isAll);
+		elog(LOG, "build json for ranger request, user:%s, kind:%s, object:%s",
+			user, AclObjectKindStr[kind], object);
+
+		json_object *jresource = json_object_new_object();
+		json_object *jelement = json_object_new_object();
+		json_object *jactions = json_object_new_array();
+
+		switch(kind)
+		{
+		case ACL_KIND_CLASS:
+		case ACL_KIND_SEQUENCE:
+		case ACL_KIND_PROC:
+		case ACL_KIND_NAMESPACE:
+		case ACL_KIND_LANGUAGE:
+			{
+				char *ptr = NULL; char *name = NULL;
+				char *first = NULL; // could be a database or protocol or tablespace
+				char *second = NULL; // could be a schema or language
+				char *third = NULL; // could be a table or sequence or function
+				int idx = 0;
+				for (name = strtok_r(object, ".", &ptr);
+					name;
+					name = strtok_r(NULL, ".", &ptr), idx++)
+				{
+					if (idx == 0)
+					{
+						first = pstrdup(name);
+					}
+					else if (idx == 1)
+					{
+						second = pstrdup(name);
+					}
+					else
+					{
+						third = pstrdup(name);
+					}
+				}
+
+				if (first != NULL)
+				{
+					json_object *jfirst = json_object_new_string(first);
+					json_object_object_add(jresource, "database", jfirst);
+				}
+				if (second != NULL)
+				{
+					json_object *jsecond = json_object_new_string(second);
+					json_object_object_add(jresource,
+						(kind == ACL_KIND_LANGUAGE) ? "language" : "schema", jsecond);
+				}
+				if (third != NULL)
+				{
+					json_object *jthird = json_object_new_string(third);
+					json_object_object_add(jresource,
+						(kind == ACL_KIND_CLASS) ? "table" :
+						(kind == ACL_KIND_SEQUENCE) ? "sequence" : "function", jthird);
+				}
+
+				if (first != NULL)
+					pfree(first);
+				if (second != NULL)
+					pfree(second);
+				if (third != NULL)
+					pfree(third);
+				break;
+			}
+		case ACL_KIND_OPER:
+		case ACL_KIND_CONVERSION:
+		case ACL_KIND_DATABASE:
+		case ACL_KIND_TABLESPACE:
+		case ACL_KIND_TYPE:
+		case ACL_KIND_FILESYSTEM:
+		case ACL_KIND_FDW:
+		case ACL_KIND_FOREIGN_SERVER:
+		case ACL_KIND_EXTPROTOCOL:
+			{
+				json_object *jobject = json_object_new_string(object);
+				json_object_object_add(jresource, AclObjectKindStr[kind], jobject);
+				break;
+			}
+		default:
+			elog(ERROR, "unrecognized objkind: %d", (int) kind);
+		} // switch
+
+		json_object_object_add(jelement, "resource", jresource);
+
+		//ListCell *cell;
+		//foreach(cell, arg_ptr->actions)
+		//{
+		char tmp[7] = "select";
+		json_object* jaction = json_object_new_string((char *)tmp);
+		//json_object* jaction = json_object_new_string((char *)cell->data.ptr_value);
+		json_object_array_add(jactions, jaction);
+		//}
+		json_object_object_add(jelement, "privileges", jactions);
+		json_object_array_add(jaccess, jelement);
+
+	} // foreach
+
+	json_object_object_add(jrequest, "user", juser);
+	json_object_object_add(jrequest, "access", jaccess);
+
+	json_object *jreqid = json_object_new_string("1");
+	json_object_object_add(jrequest, "requestId", jreqid);
+	json_object *jclientip = json_object_new_string("123.0.0.21");
+	json_object_object_add(jrequest, "clientIp", jclientip);
+	json_object *jcontext = json_object_new_string("SELECT * FROM DDDDDDD");
+	json_object_object_add(jrequest, "context", jcontext);
+
+	return jrequest;
 }
 
 /**
@@ -245,214 +257,231 @@ json_object *create_ranger_request_json_batch(List *args)
  *   }
  */
 json_object* create_ranger_request_json(char* user, AclObjectKind kind, char* object,
-        List* actions, bool isAll)
+	List* actions, bool isAll)
 {
-    Assert(user != NULL && object != NULL && privilege != NULL
-                    && isAll);
-    ListCell *cell;
-
-    elog(LOG, "build json for ranger request, user:%s, kind:%s, object:%s",
-              user, AclObjectKindStr[kind], object);
-    json_object *jrequest = json_object_new_object();
-    json_object *juser = json_object_new_string(user);
-
-    json_object *jaccess = json_object_new_array();
-    json_object *jelement = json_object_new_object();
-
-    json_object *jresource = json_object_new_object();
-    switch(kind)
-    {
-        case ACL_KIND_CLASS:
-        case ACL_KIND_SEQUENCE:
-        case ACL_KIND_PROC:
-        case ACL_KIND_NAMESPACE:
-        case ACL_KIND_LANGUAGE:
-        {
-            char *ptr = NULL; char *name = NULL;
-            char *first = NULL; // could be a database or protocol or tablespace
-            char *second = NULL; // could be a schema or language
-            char *third = NULL; // could be a table or sequence or function
-            int idx = 0;
-            for (name = strtok_r(object, ".", &ptr);
-                 name;
-                 name = strtok_r(NULL, ".", &ptr), idx++)
-            {
-                if (idx == 0)
-                {
-                    first = pstrdup(name);
-                }
-                else if (idx == 1)
-                {
-                    second = pstrdup(name);
-                }
-                else
-                {
-                    third = pstrdup(name);
-                }
-            }
-
-            if (first != NULL)
-            {
-                json_object *jfirst = json_object_new_string(first);
-                json_object_object_add(jresource, "database", jfirst);
-            }
-            if (second != NULL)
-            {
-                json_object *jsecond = json_object_new_string(second);
-                json_object_object_add(jresource,
-                        (kind == ACL_KIND_LANGUAGE) ? "language" : "schema", jsecond);
-            }
-            if (third != NULL)
-            {
-                json_object *jthird = json_object_new_string(third);
-                json_object_object_add(jresource,
-                         (kind == ACL_KIND_CLASS) ? "table" :
-                         (kind == ACL_KIND_SEQUENCE) ? "sequence" : "function", jthird);
-            }
-
-            if (first != NULL)
-                pfree(first);
-            if (second != NULL)
-                pfree(second);
-            if (third != NULL)
-                pfree(third);
-            break;
-        }
-        case ACL_KIND_OPER:
-        case ACL_KIND_CONVERSION:
-        case ACL_KIND_DATABASE:
-        case ACL_KIND_TABLESPACE:
-        case ACL_KIND_TYPE:
-        case ACL_KIND_FILESYSTEM:
-        case ACL_KIND_FDW:
-        case ACL_KIND_FOREIGN_SERVER:
-        case ACL_KIND_EXTPROTOCOL:
-        {
-            json_object *jobject = json_object_new_string(object);
-            json_object_object_add(jresource, AclObjectKindStr[kind], jobject);
-            break;
-        }
-        default:
-            elog(ERROR, "unrecognized objkind: %d", (int) kind);
-    }
-
-    json_object *jactions = json_object_new_array();
-    foreach(cell, actions)
-    {
-        json_object* jaction = json_object_new_string((char *)cell->data.ptr_value);
-        json_object_array_add(jactions, jaction);
-    }
-    json_object_object_add(jelement, "resource", jresource);
-    json_object_object_add(jelement, "privileges", jactions);
-    json_object_array_add(jaccess, jelement);
-
-    json_object_object_add(jrequest, "user", juser);
-    json_object_object_add(jrequest, "access", jaccess);
-    json_object *jreqid = json_object_new_string("1");
-    json_object_object_add(jrequest, "requestId", jreqid);
-    json_object *jclientip = json_object_new_string("123.0.0.21");
-    json_object_object_add(jrequest, "clientIp", jclientip);
-    json_object *jcontext = json_object_new_string("SELECT * FROM DDDDDDD");
-    json_object_object_add(jrequest, "context", jcontext);
-
-
-    return jrequest;
+	Assert(user != NULL && object != NULL && privilege != NULL
+		&& isAll);
+	ListCell *cell;
+
+	elog(LOG, "build json for ranger request, user:%s, kind:%s, object:%s",
+		user, AclObjectKindStr[kind], object);
+	json_object *jrequest = json_object_new_object();
+	json_object *juser = json_object_new_string(user);
+
+	json_object *jaccess = json_object_new_array();
+	json_object *jelement = json_object_new_object();
+
+	json_object *jresource = json_object_new_object();
+	switch(kind)
+	{
+	case ACL_KIND_CLASS:
+	case ACL_KIND_SEQUENCE:
+	case ACL_KIND_PROC:
+	case ACL_KIND_NAMESPACE:
+	case ACL_KIND_LANGUAGE:
+		{
+			char *ptr = NULL; char *name = NULL;
+			char *first = NULL; // could be a database or protocol or tablespace
+			char *second = NULL; // could be a schema or language
+			char *third = NULL; // could be a table or sequence or function
+			int idx = 0;
+			for (name = strtok_r(object, ".", &ptr);
+				name;
+				name = strtok_r(NULL, ".", &ptr), idx++)
+			{
+				if (idx == 0)
+				{
+					first = pstrdup(name);
+				}
+				else if (idx == 1)
+				{
+					second = pstrdup(name);
+				}
+				else
+				{
+					third = pstrdup(name);
+				}
+			}
+
+			if (first != NULL)
+			{
+				json_object *jfirst = json_object_new_string(first);
+				json_object_object_add(jresource, "database", jfirst);
+			}
+			if (second != NULL)
+			{
+				json_object *jsecond = json_object_new_string(second);
+				json_object_object_add(jresource,
+					(kind == ACL_KIND_LANGUAGE) ? "language" : "schema", jsecond);
+			}
+			if (third != NULL)
+			{
+				json_object *jthird = json_object_new_string(third);
+				json_object_object_add(jresource,
+					(kind == ACL_KIND_CLASS) ? "table" :
+					(kind == ACL_KIND_SEQUENCE) ? "sequence" : "function", jthird);
+			}
+
+			if (first != NULL)
+				pfree(first);
+			if (second != NULL)
+				pfree(second);
+			if (third != NULL)
+				pfree(third);
+			break;
+		}
+	case ACL_KIND_OPER:
+	case ACL_KIND_CONVERSION:
+	case ACL_KIND_DATABASE:
+	case ACL_KIND_TABLESPACE:
+	case ACL_KIND_TYPE:
+	case ACL_KIND_FILESYSTEM:
+	case ACL_KIND_FDW:
+	case ACL_KIND_FOREIGN_SERVER:
+	case ACL_KIND_EXTPROTOCOL:
+		{
+			json_object *jobject = json_object_new_string(object);
+			json_object_object_add(jresource, AclObjectKindStr[kind], jobject);
+			break;
+		}
+	default:
+		elog(ERROR, "unrecognized objkind: %d", (int) kind);
+	}
+
+	json_object *jactions = json_object_new_array();
+	foreach(cell, actions)
+	{
+		json_object* jaction = json_object_new_string((char *)cell->data.ptr_value);
+		json_object_array_add(jactions, jaction);
+	}
+	json_object_object_add(jelement, "resource", jresource);
+	json_object_object_add(jelement, "privileges", jactions);
+	json_object_array_add(jaccess, jelement);
+
+	json_object_object_add(jrequest, "user", juser);
+	json_object_object_add(jrequest, "access", jaccess);
+	json_object *jreqid = json_object_new_string("1");
+	json_object_object_add(jrequest, "requestId", jreqid);
+	json_object *jclientip = json_object_new_string("123.0.0.21");
+	json_object_object_add(jrequest, "clientIp", jclientip);
+	json_object *jcontext = json_object_new_string("SELECT * FROM DDDDDDD");
+	json_object_object_add(jrequest, "context", jcontext);
+
+
+	return jrequest;
 }
 
 static size_t write_callback(char *contents, size_t size, size_t nitems,
-        void *userp)
+	void *userp)
 {
-    size_t realsize = size * nitems;
-    CURL_HANDLE curl = (curl_context_t *) userp;
-
-    curl->response.buffer = palloc0(realsize + 1);
-    memset(curl->response.buffer, 0, realsize + 1);
-    if (curl->response.buffer == NULL)
-    {
-        /* out of memory! */
-        elog(WARNING, "not enough memory for Ranger response");
-        return 0;
-    }
-
-    memcpy(curl->response.buffer, contents, realsize);
-    curl->response.size = realsize + 1;
-    elog(LOG, "read from Ranger Restful API: %s", curl->response.buffer);
-
-    return realsize;
+	size_t realsize = size * nitems;
+	CURL_HANDLE curl = (CURL_HANDLE) userp;
+	Assert(curl != NULL);
+
+	if (curl->response.buffer == NULL) 
+	{
+		curl->response.buffer = palloc0(realsize + 1);
+	}
+	else 
+	{
+		/*Note:*/
+		/*our repalloc is not same as realloc, repalloc's first param(buffer) can not be NULL*/
+		curl->response.buffer = repalloc(curl->response.buffer, curl->response.size +
realsize + 1);
+	}
+
+	if (curl->response.buffer == NULL)
+	{
+		/* out of memory! */
+		elog(WARNING, "not enough memory for Ranger response");
+		return 0;
+	}
+
+	memcpy(curl->response.buffer + curl->response.size, contents, realsize);
+	curl->response.size += realsize;
+	curl->response.buffer[curl->response.size] = '\0';
+	elog(LOG, "read from Ranger Restful API: %s", curl->response.buffer);
+
+	return realsize;
 }
 
-void call_ranger_rest(CURL_HANDLE curl_handle, const char* request)
+/**
+ * @returns: 0 curl success; -1 curl failed
+ */
+int call_ranger_rest(CURL_HANDLE curl_handle, const char* request)
 {
-    CURLcode res;
-    Assert(request != NULL);
-
-    curl_global_init(CURL_GLOBAL_ALL);
-
-    /* init the curl session */
-    curl_handle->curl_handle = curl_easy_init();
-    if (curl_handle->curl_handle == NULL)
-    {
-        goto _exit;
-    }
-
-    /* timeout */
-    // curl_easy_setopt(curl_handle, CURLOPT_TIMEOUT, 1);
-
-    /* specify URL to get */
-    //curl_easy_setopt(curl_handle->curl_handle, CURLOPT_URL, "http://localhost:8089/checkprivilege");
-    StringInfoData tname;
-    initStringInfo(&tname);
-    appendStringInfo(&tname, "http://");
-    appendStringInfo(&tname, rps_addr_host);
-    appendStringInfo(&tname, ":");
-    appendStringInfo(&tname, "%d", rps_addr_port);
-    appendStringInfo(&tname, "/rps");
-    curl_easy_setopt(curl_handle->curl_handle, CURLOPT_URL, tname.data);
-
-    /* specify format */
-    // struct curl_slist *plist = curl_slist_append(NULL, "Content-Type:application/json;charset=UTF-8");
-    // curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, plist);
-
-
-    //curl_easy_setopt(curl_handle->curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, 1000);
-    //curl_easy_setopt(curl_handle->curl_handle, CURLOPT_HTTPGET, 0);
-    //curl_easy_setopt(curl_handle->curl_handle, CURLOPT_CUSTOMREQUEST, "POST");
-
-    struct curl_slist *headers = NULL;
-    //curl_slist_append(headers, "Accept: application/json");
-    headers = curl_slist_append(headers, "Content-Type:application/json");
-    curl_easy_setopt(curl_handle->curl_handle, CURLOPT_HTTPHEADER, headers);
-
-    //curl_easy_setopt(curl_handle->curl_handle, CURLOPT_POST, 1L);
-    curl_easy_setopt(curl_handle->curl_handle, CURLOPT_POSTFIELDS,request);
-    //"{\"requestId\": 1,\"user\": \"hubert\",\"clientIp\":\"123.0.0.21\",\"context\": \"SELECT
* FROM sales\",\"access\":[{\"resource\":{\"database\":\"a-database\",\"schema\":\"a-schema\",\"table\":\"sales\"},\"privileges\":
[\"select\"]}]}");
-    /* send all data to this function  */
-    curl_easy_setopt(curl_handle->curl_handle, CURLOPT_WRITEFUNCTION, write_callback);
-    curl_easy_setopt(curl_handle->curl_handle, CURLOPT_WRITEDATA, (void *)curl_handle);
-
-    res = curl_easy_perform(curl_handle->curl_handle);
-
-    /* check for errors */
-    if(res != CURLE_OK)
-    {
-        elog(WARNING, "curl_easy_perform() failed: %s\n",
-                curl_easy_strerror(res));
-    }
-    else
-    {
-        elog(LOG, "%d bytes retrieved from Ranger Restful API.",
-                curl_handle->response.size);
-    }
+	int ret = -1;
+	CURLcode res;
+	Assert(request != NULL);
+
+	curl_global_init(CURL_GLOBAL_ALL);
+
+	/* init the curl session */
+	curl_handle->curl_handle = curl_easy_init();
+	if (curl_handle->curl_handle == NULL)
+	{
+		goto _exit;
+	}
+
+	/* timeout: hard-coded temporarily and maybe should be a guc in future */
+	curl_easy_setopt(curl_handle->curl_handle, CURLOPT_TIMEOUT, 30L);
+
+	/* specify URL to get */
+	//curl_easy_setopt(curl_handle->curl_handle, CURLOPT_URL, "http://localhost:8089/checkprivilege");
+	StringInfoData tname;
+	initStringInfo(&tname);
+	appendStringInfo(&tname, "http://");
+	appendStringInfo(&tname, "%s", rps_addr_host);
+	appendStringInfo(&tname, ":");
+	appendStringInfo(&tname, "%d", rps_addr_port);
+	appendStringInfo(&tname, "/rps");
+	curl_easy_setopt(curl_handle->curl_handle, CURLOPT_URL, tname.data);
+
+	/* specify format */
+	// struct curl_slist *plist = curl_slist_append(NULL, "Content-Type:application/json;charset=UTF-8");
+	// curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, plist);
+
+
+	//curl_easy_setopt(curl_handle->curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, 1000);
+	//curl_easy_setopt(curl_handle->curl_handle, CURLOPT_HTTPGET, 0);
+	//curl_easy_setopt(curl_handle->curl_handle, CURLOPT_CUSTOMREQUEST, "POST");
+
+	struct curl_slist *headers = NULL;
+	//curl_slist_append(headers, "Accept: application/json");
+	headers = curl_slist_append(headers, "Content-Type:application/json");
+	curl_easy_setopt(curl_handle->curl_handle, CURLOPT_HTTPHEADER, headers);
+
+	//curl_easy_setopt(curl_handle->curl_handle, CURLOPT_POST, 1L);
+	curl_easy_setopt(curl_handle->curl_handle, CURLOPT_POSTFIELDS,request);
+	//"{\"requestId\": 1,\"user\": \"hubert\",\"clientIp\":\"123.0.0.21\",\"context\": \"SELECT
* FROM sales\",\"access\":[{\"resource\":{\"database\":\"a-database\",\"schema\":\"a-schema\",\"table\":\"sales\"},\"privileges\":
[\"select\"]}]}");
+	/* send all data to this function  */
+	curl_easy_setopt(curl_handle->curl_handle, CURLOPT_WRITEFUNCTION, write_callback);
+	curl_easy_setopt(curl_handle->curl_handle, CURLOPT_WRITEDATA, (void *)curl_handle);
+
+	res = curl_easy_perform(curl_handle->curl_handle);
+
+	/* check for errors */
+	if(res != CURLE_OK)
+	{
+		elog(WARNING, "curl_easy_perform() failed: %s\n",
+			curl_easy_strerror(res));
+	}
+	else
+	{
+		ret = 0;
+		elog(LOG, "%d bytes retrieved from Ranger Restful API.",
+			curl_handle->response.size);
+	}
 
 _exit:
-    /* cleanup curl stuff */
-    if (curl_handle->curl_handle)
-    {
-        curl_easy_cleanup(curl_handle->curl_handle);
-    }
-
-    /* we're done with libcurl, so clean it up */
-    curl_global_cleanup();
+	/* cleanup curl stuff */
+	if (curl_handle->curl_handle)
+	{
+		curl_easy_cleanup(curl_handle->curl_handle);
+	}
+
+	/* we're done with libcurl, so clean it up */
+	curl_global_cleanup();
+	return ret;
 }
 
 /*
@@ -460,64 +489,69 @@ _exit:
  */
 int check_privilege_from_ranger_batch(List *arg_list)
 {
-  json_object* jrequest = create_ranger_request_json_batch(arg_list);
-  Assert(jrequest != NULL);
-  const char *request = json_object_to_json_string(jrequest);
-  elog(LOG, "Send JSON request to Ranger: %s", request);
-  Assert(request != NULL);
-  struct curl_context_t curl_context;
-  memset(&curl_context, 0, sizeof(struct curl_context_t));
-
-  /* call GET method to send request*/
-  call_ranger_rest(&curl_context, request);
-  
-  /* free the JSON object */
-  json_object_put(jrequest);
-  
-  /* parse the JSON-format result */
-  RangerACLResult ret = parse_ranger_response(curl_context.response.buffer);
-  
-  /* free response buffer */
-  if (curl_context.response.buffer != NULL)
-  {
-    pfree(curl_context.response.buffer);
-  }
-
-  return ret;
+	json_object* jrequest = create_ranger_request_json_batch(arg_list);
+	Assert(jrequest != NULL);
+	const char *request = json_object_to_json_string(jrequest);
+	elog(LOG, "Send JSON request to Ranger: %s", request);
+	Assert(request != NULL);
+	struct curl_context_t curl_context;
+	memset(&curl_context, 0, sizeof(struct curl_context_t));
+
+	/* call GET method to send request*/
+	if (call_ranger_rest(&curl_context, request) < 0)
+	{
+		return RANGERCHECK_NO_PRIV;
+	}
+
+	/* free the JSON object */
+	json_object_put(jrequest);
+
+	/* parse the JSON-format result */
+	RangerACLResult ret = parse_ranger_response(curl_context.response.buffer);
+	/* free response buffer */
+	if (curl_context.response.buffer != NULL)
+	{
+		pfree(curl_context.response.buffer);
+	}
+
+	return ret;
 }
 
 /*
  * Check the privilege from Ranger for one role
  */
 int check_privilege_from_ranger(char* user, AclObjectKind kind, char* object,
-        List* actions, bool isAll)
+	List* actions, bool isAll)
 {
-    json_object* jrequest = create_ranger_request_json(user, kind, object,
-                                                       actions, isAll);
+	json_object* jrequest = create_ranger_request_json(user, kind, object,
+		actions, isAll);
 
-    Assert(jrequest != NULL);
-    const char* request = json_object_to_json_string(jrequest);
-    elog(LOG, "send JSON request to Ranger: %s", request);
-    Assert(request != NULL);
+	Assert(jrequest != NULL);
+	const char* request = json_object_to_json_string(jrequest);
+	elog(LOG, "send JSON request to Ranger: %s", request);
+	Assert(request != NULL);
 
-    struct curl_context_t curl_context;
-    memset(&curl_context, 0, sizeof(struct curl_context_t));
+	struct curl_context_t curl_context;
+	memset(&curl_context, 0, sizeof(struct curl_context_t));
 
-    /* call GET method to send request*/
-    call_ranger_rest(&curl_context, request);
+	/* call GET method to send request*/
+	if (call_ranger_rest(&curl_context, request) < 0)
+	{
+		return RANGERCHECK_NO_PRIV;
+	}
 
-    /* free the JSON object */
-    json_object_put(jrequest);
+	/* free the JSON object */
+	json_object_put(jrequest);
 
-    /* parse the JSON-format result */
-    RangerACLResult ret = parse_ranger_response(curl_context.response.buffer);
+	/* parse the JSON-format result */
+	RangerACLResult ret = parse_ranger_response(curl_context.response.buffer);
 
-    /* free response buffer */
-    if (curl_context.response.buffer != NULL)
-    {
-        pfree(curl_context.response.buffer);
-    }
+	/* free response buffer */
+	if (curl_context.response.buffer != NULL)
+	{
+		pfree(curl_context.response.buffer);
+	}
 
-    return ret;
+	return ret;
 }
 

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/b6a82951/src/include/utils/rangerrest.h
----------------------------------------------------------------------
diff --git a/src/include/utils/rangerrest.h b/src/include/utils/rangerrest.h
index 4fc1a73..541bdbc 100644
--- a/src/include/utils/rangerrest.h
+++ b/src/include/utils/rangerrest.h
@@ -27,9 +27,9 @@
 #ifndef RANGERREST_H
 #define RANGERREST_H
 
-#include "postgres.h"
-#include <curl/curl.h>
 #include <json-c/json.h>
+#include <curl/curl.h>
+#include "postgres.h"
 #include "utils/acl.h"
 #include "utils/guc.h"
 
@@ -88,7 +88,7 @@ typedef struct RangerRequestJsonArgs {
 RangerACLResult parse_ranger_response(char *);
 json_object *create_ranger_request_json_batch(List *);
 json_object *create_ranger_request_json(char *, AclObjectKind kind, char *, List *, bool);
-void call_ranger_rest(CURL_HANDLE curl_handle, const char *request);
+int call_ranger_rest(CURL_HANDLE curl_handle, const char *request);
 extern int check_privilege_from_ranger_batch(List *);
 extern int check_privilege_from_ranger(char *, AclObjectKind kind, char *, List *, bool);
 

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/b6a82951/src/test/regress/checkinc.py
----------------------------------------------------------------------
diff --git a/src/test/regress/checkinc.py b/src/test/regress/checkinc.py
index 6f4e006..bcdb513 100755
--- a/src/test/regress/checkinc.py
+++ b/src/test/regress/checkinc.py
@@ -78,9 +78,10 @@ fileset = {
     'winsock.h':         [],
     'winsock2.h':        [],
     'ws2tcpip.h':        [],
-    'hdfs/hdfs.h': 		 [],
+    'hdfs/hdfs.h': 	 [],
     'quicklz1.h':	 [],
     'quicklz3.h':	 [],
+    'json-c/json.h':     [],
 }
 
 


Mime
View raw message