hawq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From w...@apache.org
Subject incubator-hawq git commit: HAWQ-1367. HAWQ can access to user tables that have no permission with fallback check table.
Date Wed, 01 Mar 2017 05:52:18 GMT
Repository: incubator-hawq
Updated Branches:
  refs/heads/master 97104833e -> 63894f061


HAWQ-1367. HAWQ can access to user tables that have no permission with fallback check table.


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/63894f06
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/63894f06
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/63894f06

Branch: refs/heads/master
Commit: 63894f061bfeb795cc252f490ff5aa8c694bf133
Parents: 9710483
Author: Chunling Wang <wangchunling14@126.com>
Authored: Tue Feb 28 18:18:22 2017 +0800
Committer: Wen Lin <wlin@pivotal.io>
Committed: Wed Mar 1 13:51:48 2017 +0800

----------------------------------------------------------------------
 src/backend/catalog/aclchk.c        | 20 --------------------
 src/backend/parser/parse_relation.c |  7 ++++++-
 src/include/utils/acl.h             |  1 -
 3 files changed, 6 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/63894f06/src/backend/catalog/aclchk.c
----------------------------------------------------------------------
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index b361beb..16e00c1 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -2749,26 +2749,6 @@ bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid
roleid, AclMo
   return false;
 }
 
-bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid)
-{
-  /*we only have range table here*/
-  if (objkind == ACL_KIND_CLASS)
-  {
-    ListCell   *l;
-    foreach(l, table_list)
-    {
-      RangeTblEntry *rte=(RangeTblEntry *) lfirst(l);
-      bool ret = fallBackToNativeCheck(ACL_KIND_CLASS, rte->relid, roleid, ACL_NO_RIGHTS);
-      if(ret)
-      {
-        return true;
-      }
-    }
-
-  }
-  return false;
-}
-
 /*
  * 	check whether rte is a sequence.
  */

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/63894f06/src/backend/parser/parse_relation.c
----------------------------------------------------------------------
diff --git a/src/backend/parser/parse_relation.c b/src/backend/parser/parse_relation.c
index d21ea01..e1be951 100644
--- a/src/backend/parser/parse_relation.c
+++ b/src/backend/parser/parse_relation.c
@@ -2714,7 +2714,7 @@ warnAutoRange(ParseState *pstate, RangeVar *relation, int location)
 void
 ExecCheckRTPerms(List *rangeTable)
 {
-	if (aclType == HAWQ_ACL_RANGER && !fallBackToNativeChecks(ACL_KIND_CLASS,rangeTable,GetUserId()))
+	if (aclType == HAWQ_ACL_RANGER)
 	{
 		if(rangeTable!=NULL)
 			ExecCheckRTPermsWithRanger(rangeTable);
@@ -2750,6 +2750,11 @@ ExecCheckRTPermsWithRanger(List *rangeTable)
 		requiredPerms = rte->requiredPerms;
 		if (requiredPerms == 0)
 			continue;
+		bool ret = fallBackToNativeCheck(ACL_KIND_CLASS, rte->relid, GetUserId(), ACL_NO_RIGHTS);
+		if (ret) {
+			ExecCheckRTEPerms((RangeTblEntry *) lfirst(l));
+			continue;
+		}
 
 		relOid = rte->relid;
 		userid = rte->checkAsUser ? rte->checkAsUser : GetUserId();

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/63894f06/src/include/utils/acl.h
----------------------------------------------------------------------
diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index 9f2407f..378b3e2 100644
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -317,7 +317,6 @@ extern AclResult
 pg_rangercheck(AclObjectKind objkind, Oid table_oid, Oid roleid,
          AclMode mask, AclMaskHow how);
 extern bool fallBackToNativeCheck(AclObjectKind objkind, Oid table_oid, Oid roleid, AclMode
mode);
-extern bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid);
 extern char *getNameFromOid(AclObjectKind objkind, Oid object_oid);
 extern char *getClassNameFromOid(Oid object_oid);
 extern char *getDatabaseNameFromOid(Oid object_oid);


Mime
View raw message