// ***************************************************************************** // * * // * Function: PrivMgr::isAuthIDGrantedPrivs * // * * // * Determines if the specified authorization ID has been granted one or * // * more privileges. * // * * // ***************************************************************************** // * * // * Parameters: * // * * // * <authID> const int32_t In * // * is the authorization ID. * // * * // ***************************************************************************** // * * // * Returns: bool * // * * // * true: Authorization ID has been granted one or more privileges. * // * false: Authorization ID has not been granted any privileges. * // * * // ***************************************************************************** bool PrivMgr::isAuthIDGrantedPrivs( int32_t authID, std::vector<PrivClass> privClasses) { // Check for empty vector. if (privClasses.size() == 0) return false; // If authorization is not enabled, no privileges were granted to anyone. if (!isAuthorizationEnabled()) return false; // Special case of PrivClass::ALL. Caller does not need to change when // new a new PrivClass is added. if (privClasses.size() == 1 && privClasses[0] == PrivClass::ALL) { PrivMgrPrivileges objectPrivileges(metadataLocation_,pDiags_); if (objectPrivileges.isAuthIDGrantedPrivs(authID)) return true; PrivMgrComponentPrivileges componentPrivileges(metadataLocation_,pDiags_); if (componentPrivileges.isAuthIDGrantedPrivs(authID)) return true; return false; } // Called specified one or more specific PrivClass. Note, ALL is not valid // in a list, only by itself. for (size_t pc = 0; pc < privClasses.size(); pc++) switch (privClasses[pc]) { case PrivClass::OBJECT: { PrivMgrPrivileges objectPrivileges(metadataLocation_,pDiags_); if (objectPrivileges.isAuthIDGrantedPrivs(authID)) return true; break; } case PrivClass::COMPONENT: { PrivMgrComponentPrivileges componentPrivileges(metadataLocation_,pDiags_); if (componentPrivileges.isAuthIDGrantedPrivs(authID)) return true; break; } case PrivClass::ALL: default: { PRIVMGR_INTERNAL_ERROR("Switch statement in PrivMgr::isAuthIDGrantedPrivs()"); return STATUS_ERROR; break; } } // No grants of any privileges found for this authorization ID. return false; }
void CmpSeabaseDDL::createSeabaseLibrary( StmtDDLCreateLibrary * createLibraryNode, NAString &currCatName, NAString &currSchName) { Lng32 retcode = 0; ComObjectName libraryName(createLibraryNode->getLibraryName()); ComAnsiNamePart currCatAnsiName(currCatName); ComAnsiNamePart currSchAnsiName(currSchName); libraryName.applyDefaults(currCatAnsiName, currSchAnsiName); const NAString catalogNamePart = libraryName.getCatalogNamePartAsAnsiString(); const NAString schemaNamePart = libraryName.getSchemaNamePartAsAnsiString(TRUE); const NAString objectNamePart = libraryName.getObjectNamePartAsAnsiString(TRUE); const NAString extLibraryName = libraryName.getExternalName(TRUE); const NAString extNameForHbase = catalogNamePart + "." + schemaNamePart + "." + objectNamePart; // Verify that the requester has MANAGE_LIBRARY privilege. if (isAuthorizationEnabled() && !ComUser::isRootUserID()) { NAString privMgrMDLoc; CONCAT_CATSCH(privMgrMDLoc, getSystemCatalog(), SEABASE_PRIVMGR_SCHEMA); PrivMgrComponentPrivileges componentPrivileges(std::string(privMgrMDLoc.data()),CmpCommon::diags()); if (!componentPrivileges.hasSQLPriv (ComUser::getCurrentUser(),SQLOperation::MANAGE_LIBRARY,true)) { *CmpCommon::diags() << DgSqlCode(-CAT_NOT_AUTHORIZED); processReturn (); return; } } // Check to see if user has the authority to create the library ExeCliInterface cliInterface(STMTHEAP, NULL, NULL, CmpCommon::context()->sqlSession()->getParentQid()); Int32 objectOwnerID = SUPER_USER; Int32 schemaOwnerID = SUPER_USER; ComSchemaClass schemaClass; retcode = verifyDDLCreateOperationAuthorized(&cliInterface, SQLOperation::CREATE_LIBRARY, catalogNamePart, schemaNamePart, schemaClass, objectOwnerID, schemaOwnerID); if (retcode != 0) { handleDDLCreateAuthorizationError(retcode,catalogNamePart,schemaNamePart); return; } ExpHbaseInterface * ehi = NULL; ehi = allocEHI(); if (ehi == NULL) { processReturn(); return; } retcode = existsInSeabaseMDTable(&cliInterface, catalogNamePart, schemaNamePart, objectNamePart, COM_LIBRARY_OBJECT, TRUE, FALSE); if (retcode < 0) { deallocEHI(ehi); processReturn(); return; } if (retcode == 1) // already exists { *CmpCommon::diags() << DgSqlCode(-1390) << DgString0(extLibraryName); deallocEHI(ehi); processReturn(); return; } NAString libFileName = createLibraryNode->getFilename() ; // strip blank spaces libFileName = libFileName.strip(NAString::both, ' '); if (validateLibraryFileExists(libFileName, FALSE)) { deallocEHI(ehi); processReturn(); return; } ComTdbVirtTableTableInfo * tableInfo = new(STMTHEAP) ComTdbVirtTableTableInfo[1]; tableInfo->tableName = NULL, tableInfo->createTime = 0; tableInfo->redefTime = 0; tableInfo->objUID = 0; tableInfo->objOwnerID = objectOwnerID; tableInfo->schemaOwnerID = schemaOwnerID; tableInfo->isAudited = 1; tableInfo->validDef = 1; tableInfo->hbaseCreateOptions = NULL; tableInfo->numSaltPartns = 0; tableInfo->rowFormat = COM_UNKNOWN_FORMAT_TYPE; tableInfo->objectFlags = 0; Int64 objUID = -1; if (updateSeabaseMDTable(&cliInterface, catalogNamePart, schemaNamePart, objectNamePart, COM_LIBRARY_OBJECT, "N", tableInfo, 0, NULL, 0, NULL, 0, NULL, objUID)) { deallocEHI(ehi); processReturn(); return; } if (objUID == -1) { deallocEHI(ehi); processReturn(); return; } char * query = new(STMTHEAP) char[1000]; str_sprintf(query, "insert into %s.\"%s\".%s values (%Ld, '%s', %d)", getSystemCatalog(), SEABASE_MD_SCHEMA, SEABASE_LIBRARIES, objUID, libFileName.data(), createLibraryNode->getVersion()); Lng32 cliRC = cliInterface.executeImmediate(query); NADELETEBASIC(query, STMTHEAP); if (cliRC < 0) { cliInterface.retrieveSQLDiagnostics(CmpCommon::diags()); processReturn(); return; } // hope to remove this call soon by setting thevalid flag to Y sooner if (updateObjectValidDef(&cliInterface, catalogNamePart, schemaNamePart, objectNamePart, COM_LIBRARY_OBJECT_LIT, "Y")) { deallocEHI(ehi); processReturn(); return; } processReturn(); return; }