Return-Path: <commits-return-3709-archive-asf-public=cust-asf.ponee.io@hawq.incubator.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 04F4C200C44
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 20 Feb 2017 00:10:13 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 037E0160B65; Sun, 19 Feb 2017 23:10:13 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 4D041160B63
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 20 Feb 2017 00:10:12 +0100 (CET)
Received: (qmail 26517 invoked by uid 500); 19 Feb 2017 23:10:11 -0000
Mailing-List: contact commits-help@hawq.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@hawq.incubator.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@hawq.incubator.apache.org>
List-Post: <mailto:commits@hawq.incubator.apache.org>
List-Id: <commits.hawq.incubator.apache.org>
Reply-To: dev@hawq.incubator.apache.org
Delivered-To: mailing list commits@hawq.incubator.apache.org
Received: (qmail 26502 invoked by uid 99); 19 Feb 2017 23:10:11 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 19 Feb 2017 23:10:11 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 0DE0F1A0034
	for <commits@hawq.apache.org>; Sun, 19 Feb 2017 23:10:11 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -6.219
X-Spam-Level: 
X-Spam-Status: No, score=-6.219 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	RP_MATCHES_RCVD=-2.999] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id UsEOqNPERLGM for <commits@hawq.apache.org>;
	Sun, 19 Feb 2017 23:10:09 +0000 (UTC)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id 19F8E5FCD1
	for <commits@hawq.incubator.apache.org>; Sun, 19 Feb 2017 23:10:07 +0000 (UTC)
Received: (qmail 23454 invoked by uid 99); 19 Feb 2017 23:07:37 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 19 Feb 2017 23:07:37 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 0118BE038E; Sun, 19 Feb 2017 23:07:37 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: espino@apache.org
To: commits@hawq.incubator.apache.org
Date: Sun, 19 Feb 2017 23:07:42 -0000
Message-Id: <e7b892d2eb2d41ef8ef238f172916248@git.apache.org>
In-Reply-To: <2bc18e331bd9497ca39c6809c91e61ae@git.apache.org>
References: <2bc18e331bd9497ca39c6809c91e61ae@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [07/35] incubator-hawq git commit: HAWQ-1318. Fix the bug of cannot
 start/stop master successfully if ranger is enable and with a wrong RPS
 address
archived-at: Sun, 19 Feb 2017 23:10:13 -0000

HAWQ-1318. Fix the bug of cannot start/stop master successfully if ranger is enable and with a wrong RPS address


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/63c85628
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/63c85628
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/63c85628

Branch: refs/heads/2.1.0.0-incubating
Commit: 63c856280c1fea655f99a9aea2c2196116cc2ab3
Parents: 8c9b45a
Author: Wen Lin <wlin@pivotal.io>
Authored: Thu Feb 9 16:03:53 2017 +0800
Committer: Wen Lin <wlin@pivotal.io>
Committed: Fri Feb 10 10:18:19 2017 +0800

----------------------------------------------------------------------
 src/backend/catalog/aclchk.c | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/63c85628/src/backend/catalog/aclchk.c
----------------------------------------------------------------------
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 3ab3248..416e0c4 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -2715,9 +2715,9 @@ bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid)
    */
   if (information_schema_namespcace_oid == 0)
   {
-	  information_schema_namespcace_oid = (int)get_namespace_oid("information_schema");
+      information_schema_namespcace_oid = (int)get_namespace_oid("information_schema");
   }
-  /*for heap table, we fall back to native check.*/
+  /* for heap table, we fall back to native check. */
   if (objkind == ACL_KIND_CLASS)
   {
     char relstorage = get_rel_relstorage(obj_oid);
@@ -2728,21 +2728,26 @@ bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid)
   }
   else if (objkind == ACL_KIND_NAMESPACE)
   {
-	/*native check build-in schemas.*/
+    /* native check build-in schemas. */
     if (obj_oid == PG_CATALOG_NAMESPACE || obj_oid == information_schema_namespcace_oid
-    		|| obj_oid == PG_AOSEGMENT_NAMESPACE || obj_oid == PG_TOAST_NAMESPACE
-			|| obj_oid == PG_BITMAPINDEX_NAMESPACE)
+            || obj_oid == PG_AOSEGMENT_NAMESPACE || obj_oid == PG_TOAST_NAMESPACE
+            || obj_oid == PG_BITMAPINDEX_NAMESPACE)
     {
       return true;
     }
+    else if (obj_oid == PG_PUBLIC_NAMESPACE && superuser())
+    {
+      /* superuser's access to PUBLIC */
+      return true;
+    }
   }
   else if (objkind == ACL_KIND_PROC)
   {
-	/*native check functions under build-in schemas.*/
+    /* native check functions under build-in schemas. */
     Oid namespaceid = get_func_namespace(obj_oid);
     if (namespaceid == PG_CATALOG_NAMESPACE || namespaceid == information_schema_namespcace_oid
-			|| namespaceid == PG_AOSEGMENT_NAMESPACE || namespaceid == PG_TOAST_NAMESPACE
-			|| namespaceid == PG_BITMAPINDEX_NAMESPACE)
+            || namespaceid == PG_AOSEGMENT_NAMESPACE || namespaceid == PG_TOAST_NAMESPACE
+            || namespaceid == PG_BITMAPINDEX_NAMESPACE)
     {
       return true;
     }
@@ -2848,16 +2853,17 @@ pg_rangercheck(AclObjectKind objkind, Oid object_oid, Oid roleid,
 	List* actions = getActionName(mask);
 	bool isAll = (how == ACLMASK_ALL) ? true: false;
 
-	elog(DEBUG3, "ranger acl check kind: %d, object name: %s, role: %s, mask: %u\n", objkind, objectname, rolename, mask);
+	elog(DEBUG3, "ranger acl check kind: %d, object name: %s, object oid:%d, role: %s, mask: %u\n",
+			objkind, objectname, object_oid, rolename, mask);
 
 	List *resultargs = NIL;
-    RangerPrivilegeResults *aclresult = (RangerPrivilegeResults *) palloc(sizeof(RangerPrivilegeResults));
-    aclresult->result = RANGERCHECK_NO_PRIV;
-    aclresult->relOid = object_oid;
+	RangerPrivilegeResults *aclresult = (RangerPrivilegeResults *) palloc(sizeof(RangerPrivilegeResults));
+	aclresult->result = RANGERCHECK_NO_PRIV;
+	aclresult->relOid = object_oid;
 	/* this two sign fields will be set in function create_ranger_request_json */
 	aclresult->resource_sign = 0;
 	aclresult->privilege_sign = 0;
-    resultargs = lappend(resultargs, aclresult);
+	resultargs = lappend(resultargs, aclresult);
 
 	List *requestargs = NIL;
 	RangerRequestJsonArgs *requestarg = (RangerRequestJsonArgs *) palloc(sizeof(RangerRequestJsonArgs));