hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiang Sheng (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HAWQ-1329) pg_catalog view fallback failed
Date Tue, 14 Feb 2017 08:12:41 GMT
Xiang Sheng created HAWQ-1329:
---------------------------------

             Summary: pg_catalog view fallback failed 
                 Key: HAWQ-1329
                 URL: https://issues.apache.org/jira/browse/HAWQ-1329
             Project: Apache HAWQ
          Issue Type: Sub-task
          Components: Security
            Reporter: Xiang Sheng
            Assignee: Ed Espino
             Fix For: 2.2.0.0-incubating


in current code
{code}
if (objkind == ACL_KIND_CLASS)
  {
    char relstorage = get_rel_relstorage(obj_oid);
    if (relstorage == 'h')
    {
      return true;
    }
  }
{code}
This just fallback pg_catalog.tables, does not fallback pg_catalog.views. Because the relstorage
of pg_catalog.view is 'v', not 'h'. So we should fix it to fallback the privileges request
use the following condition.
{code}
if (namespaceid == PG_CATALOG_NAMESPACE || namespaceid == information_schema_namespcace_oid
            || namespaceid == PG_AOSEGMENT_NAMESPACE || namespaceid == PG_TOAST_NAMESPACE
            || namespaceid == PG_BITMAPINDEX_NAMESPACE)
{code}

reproduce:
1. psql -d postgres
2. set log_min_messages='DEBUG3';
3. SELECT setting FROM pg_settings WHERE name='client_min_messages';

Can see the json request:
{code}
2017-02-13 16:43:37.908980 CST,"xsheng","postgres",p21556,th2021810176,"[local]",,2017-02-13
15:07:36 CST,25538,con13,cmd92,seg-10000,,,x25538,sx1,"DEBUG3","00000","send json request
to ranger : { ""requestId"": ""40"", ""user"    ": ""xsheng"", ""clientIp"": ""127.0.0.1"",
""context"": ""SELECT setting FROM pg_settings WHERE name='client_min_messages'\n;"", ""access"":
[ { ""resource"": { ""database"": ""postgres"", ""schema"": ""pg_catalog"", ""table""    :
""pg_settings"" }, ""privileges"": [ ""select"" ] }, { ""resource"": { ""database"": ""postgres"",
""schema"": ""pg_catalog"", ""table"": ""pg_settings_gpsql"" }, ""privileges"": [ ""select""
] } ] }",,,,,,"SELECT setting FRO    M pg_settings WHERE name='client_min_messages';",0,,"rangerrest.c",454,
{code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message