Beispiel #1
0
	set<string> AccessMap::namesFromBinders(QueryResult *bindersBagResult)
	{
		set<string> out;
		QueryBagResult *r = (QueryBagResult *)bindersBagResult;
		if (!r) return out;
		unsigned bagSize = r->size();
	
		for(unsigned int i = 0; i < bagSize; i++) 
		{
			QueryResult* br;
			r->at(i, br);
			if(br->type() != QueryResult::QBINDER) 
				return out;
			else
			{
				string name = (((QueryBinderResult *) br)->getName());
				out.insert(name);
			}
		}
		return out;
	}
Beispiel #2
0
	void AccessMap::adjustEnvironment(QueryVirtualResult *r, bool add)
	{
		debug_printf(*ec, "[AccessMap::adjustEnvironment] starts");				
		set<string> names;
		vector<QueryResult *> seeds = r->seeds;
		for (vector<QueryResult *>::iterator it = seeds.begin(); it != seeds.end(); ++it)
		{
			QueryResult *seedResult = *it;
			
			if (seedResult->type() == QueryResult::QBINDER)
			{
				QueryBinderResult *seedBind = (QueryBinderResult *)seedResult;
				string name = seedBind->getName();
				names.insert(name);
			}
			else
			{
				debug_printf(*ec, "[AccessMap::adjustEnvironment] error: BINDER expected!");
				return;
			}
		}
		string parentName = r->vo_name;
		if (add)
		{
			map<string, bool> truemap;
			bool visibleThroughInterface = true;
				
			for (set<string>::iterator it = names.begin(); it != names.end(); ++it)
			{
				truemap[*it] = visibleThroughInterface;
			}
			propagateAccess(parentName, truemap);
		}
		else
		{
			removeAccess(names);
		}	
	}
Beispiel #3
0
	int AccessMap::resetForUser(string username, QueryExecutor *qe)
	{	
		debug_printf(*ec, "[AccessMap::resetForUser] starts!");	
		reset();
		m_user = username;
		m_isDba = username == "root" ? true :false;
		if (m_isDba) return 0;
		m_userValidation = true;
		
		//TODO - do bindNames zabrac to i stringi z QueryBuilder'a
		const string privNameBind = "priv_name";
		const string objectNameBind = "object_name";
		const string grantOptionBind = "grant_option";
		
		//debug_printf(*ec, "[AccessMap::resetForUser] executing..");	
		string query = QueryBuilder::getHandle()->query_for_user_priviliges(username);
		QueryResult *res;
		qe->execute_locally(query, &res);
		//debug_printf(*ec, "[AccessMap::resetForUser] executed.. resType = %d", res->type());	
		
		if (res->type() != QueryResult::QSTRUCT)
		{
			debug_printf(*ec, "[AccessMap::resetForUser] error: QSTRUCT expected!");
			m_userValidation = false;
			return (ErrQExecutor | EOtherResExp);			
		}
		QueryStructResult *currStructResult = (QueryStructResult *)res;
		string privName, objectName;
		bool canGive = false;
		while (!(currStructResult->isEmpty()))
		{
			//debug_printf(*ec, "[AccessMap::resetForUser] loops..");
			QueryResult *innerResult;
			currStructResult->getResult(innerResult);
			if (innerResult->type() != QueryResult::QBINDER)
			{
				debug_printf(*ec, "[AccessMap::resetForUser] error: QBINDER expected!");
				m_userValidation = false;
				return (ErrQExecutor | EOtherResExp);		
			}
			QueryBinderResult *innerBinderResult = (QueryBinderResult *)innerResult;
			QueryResult *item = innerBinderResult->getItem();
			string name = innerBinderResult->getName();
			if (name == privNameBind)
			{
				QueryStringResult *s = (QueryStringResult *)item;
				privName = s->getValue();
			}
			else if (name == objectNameBind)
			{
				QueryStringResult *s = (QueryStringResult *)item;
				objectName = s->getValue();
			}
			else if (name == grantOptionBind)
			{
				QueryIntResult *s = (QueryIntResult *)item;
				canGive = (s->getValue() == 1);				
			}
		}
		int crud = getCrudFromName(privName);
		debug_printf(*ec, "[AccessMap::resetForUser] Adding access %s for user %s to schema %s", privName.c_str(), username.c_str(), objectName.c_str()); 
		if (canGive) debug_printf(*ec, "[AccessMap::resetForUser] with right to give access"); 	
		addAccess(objectName, crud, canGive, true);
		if (!OuterSchemas::Instance().hasSchemaName(objectName))
		{
			debug_printf(*ec, "[AccessMap::resetForUser] no such schema (user rights invalid)!");
			m_userValidation = false;
			return (ErrQExecutor | ENoSchemaFound);		
		}
		if (!OuterSchemas::Instance().isValid(objectName))
		{
			debug_printf(*ec, "[AccessMap::resetForUser] user is not allowed to access db through this schema (schema invalid)!");		
			m_userValidation = false;
			return (ErrQExecutor | EUserHasInvalidSchema);
		}
		resetForSchema(objectName);
		
		debug_printf(*ec, "[AccessMap::resetForUser] ends!");
		m_userValidation = false;
		return 0;
	}