// *****************************************************************************
// * *
// * Function: PrivMgr::isAuthIDGrantedPrivs *
// * *
// * Determines if the specified authorization ID has been granted one or *
// * more privileges. *
// * *
// *****************************************************************************
// * *
// * Parameters: *
// * *
// * <authID> const int32_t In *
// * is the authorization ID. *
// * *
// *****************************************************************************
// * *
// * Returns: bool *
// * *
// * true: Authorization ID has been granted one or more privileges. *
// * false: Authorization ID has not been granted any privileges. *
// * *
// *****************************************************************************
bool PrivMgr::isAuthIDGrantedPrivs(
int32_t authID,
std::vector<PrivClass> privClasses)
{
// Check for empty vector.
if (privClasses.size() == 0)
return false;
// If authorization is not enabled, no privileges were granted to anyone.
if (!isAuthorizationEnabled())
return false;
// Special case of PrivClass::ALL. Caller does not need to change when
// new a new PrivClass is added.
if (privClasses.size() == 1 && privClasses[0] == PrivClass::ALL)
{
PrivMgrPrivileges objectPrivileges(metadataLocation_,pDiags_);
if (objectPrivileges.isAuthIDGrantedPrivs(authID))
return true;
PrivMgrComponentPrivileges componentPrivileges(metadataLocation_,pDiags_);
if (componentPrivileges.isAuthIDGrantedPrivs(authID))
return true;
return false;
}
// Called specified one or more specific PrivClass. Note, ALL is not valid
// in a list, only by itself.
for (size_t pc = 0; pc < privClasses.size(); pc++)
switch (privClasses[pc])
{
case PrivClass::OBJECT:
{
PrivMgrPrivileges objectPrivileges(metadataLocation_,pDiags_);
if (objectPrivileges.isAuthIDGrantedPrivs(authID))
return true;
break;
}
case PrivClass::COMPONENT:
{
PrivMgrComponentPrivileges componentPrivileges(metadataLocation_,pDiags_);
if (componentPrivileges.isAuthIDGrantedPrivs(authID))
return true;
break;
}
case PrivClass::ALL:
default:
{
PRIVMGR_INTERNAL_ERROR("Switch statement in PrivMgr::isAuthIDGrantedPrivs()");
return STATUS_ERROR;
break;
}
}
// No grants of any privileges found for this authorization ID.
return false;
}
void CmpSeabaseDDL::createSeabaseLibrary(
StmtDDLCreateLibrary * createLibraryNode,
NAString &currCatName,
NAString &currSchName)
{
Lng32 retcode = 0;
ComObjectName libraryName(createLibraryNode->getLibraryName());
ComAnsiNamePart currCatAnsiName(currCatName);
ComAnsiNamePart currSchAnsiName(currSchName);
libraryName.applyDefaults(currCatAnsiName, currSchAnsiName);
const NAString catalogNamePart =
libraryName.getCatalogNamePartAsAnsiString();
const NAString schemaNamePart =
libraryName.getSchemaNamePartAsAnsiString(TRUE);
const NAString objectNamePart =
libraryName.getObjectNamePartAsAnsiString(TRUE);
const NAString extLibraryName = libraryName.getExternalName(TRUE);
const NAString extNameForHbase = catalogNamePart + "." + schemaNamePart +
"." + objectNamePart;
// Verify that the requester has MANAGE_LIBRARY privilege.
if (isAuthorizationEnabled() && !ComUser::isRootUserID())
{
NAString privMgrMDLoc;
CONCAT_CATSCH(privMgrMDLoc, getSystemCatalog(), SEABASE_PRIVMGR_SCHEMA);
PrivMgrComponentPrivileges componentPrivileges(std::string(privMgrMDLoc.data()),CmpCommon::diags());
if (!componentPrivileges.hasSQLPriv
(ComUser::getCurrentUser(),SQLOperation::MANAGE_LIBRARY,true))
{
*CmpCommon::diags() << DgSqlCode(-CAT_NOT_AUTHORIZED);
processReturn ();
return;
}
}
// Check to see if user has the authority to create the library
ExeCliInterface cliInterface(STMTHEAP, NULL, NULL,
CmpCommon::context()->sqlSession()->getParentQid());
Int32 objectOwnerID = SUPER_USER;
Int32 schemaOwnerID = SUPER_USER;
ComSchemaClass schemaClass;
retcode = verifyDDLCreateOperationAuthorized(&cliInterface,
SQLOperation::CREATE_LIBRARY,
catalogNamePart,
schemaNamePart,
schemaClass,
objectOwnerID,
schemaOwnerID);
if (retcode != 0)
{
handleDDLCreateAuthorizationError(retcode,catalogNamePart,schemaNamePart);
return;
}
ExpHbaseInterface * ehi = NULL;
ehi = allocEHI();
if (ehi == NULL)
{
processReturn();
return;
}
retcode = existsInSeabaseMDTable(&cliInterface,
catalogNamePart, schemaNamePart,
objectNamePart, COM_LIBRARY_OBJECT,
TRUE, FALSE);
if (retcode < 0)
{
deallocEHI(ehi);
processReturn();
return;
}
if (retcode == 1) // already exists
{
*CmpCommon::diags() << DgSqlCode(-1390)
<< DgString0(extLibraryName);
deallocEHI(ehi);
processReturn();
return;
}
NAString libFileName = createLibraryNode->getFilename() ;
// strip blank spaces
libFileName = libFileName.strip(NAString::both, ' ');
if (validateLibraryFileExists(libFileName, FALSE))
{
deallocEHI(ehi);
processReturn();
return;
}
ComTdbVirtTableTableInfo * tableInfo = new(STMTHEAP) ComTdbVirtTableTableInfo[1];
tableInfo->tableName = NULL,
tableInfo->createTime = 0;
tableInfo->redefTime = 0;
tableInfo->objUID = 0;
tableInfo->objOwnerID = objectOwnerID;
tableInfo->schemaOwnerID = schemaOwnerID;
tableInfo->isAudited = 1;
tableInfo->validDef = 1;
tableInfo->hbaseCreateOptions = NULL;
tableInfo->numSaltPartns = 0;
tableInfo->rowFormat = COM_UNKNOWN_FORMAT_TYPE;
tableInfo->objectFlags = 0;
Int64 objUID = -1;
if (updateSeabaseMDTable(&cliInterface,
catalogNamePart, schemaNamePart, objectNamePart,
COM_LIBRARY_OBJECT,
"N",
tableInfo,
0,
NULL,
0,
NULL,
0, NULL,
objUID))
{
deallocEHI(ehi);
processReturn();
return;
}
if (objUID == -1)
{
deallocEHI(ehi);
processReturn();
return;
}
char * query = new(STMTHEAP) char[1000];
str_sprintf(query, "insert into %s.\"%s\".%s values (%Ld, '%s', %d)",
getSystemCatalog(), SEABASE_MD_SCHEMA, SEABASE_LIBRARIES,
objUID,
libFileName.data(),
createLibraryNode->getVersion());
Lng32 cliRC = cliInterface.executeImmediate(query);
NADELETEBASIC(query, STMTHEAP);
if (cliRC < 0)
{
cliInterface.retrieveSQLDiagnostics(CmpCommon::diags());
processReturn();
return;
}
// hope to remove this call soon by setting thevalid flag to Y sooner
if (updateObjectValidDef(&cliInterface,
catalogNamePart, schemaNamePart, objectNamePart,
COM_LIBRARY_OBJECT_LIT,
"Y"))
{
deallocEHI(ehi);
processReturn();
return;
}
processReturn();
return;
}
