mirror of https://github.com/citusdata/citus.git
Fixes indentation
gurkanindibay
parent
3c73117597
commit
dfbbcce212
|
|
@ -1,24 +1,24 @@
|
||||||
#include "postgres.h"
|
#include "postgres.h"
|
||||||
|
|
||||||
|
|
||||||
#include "access/genam.h"
|
#include "access/genam.h"
|
||||||
#include "catalog/namespace.h"
|
#include "catalog/namespace.h"
|
||||||
#include "catalog/pg_parameter_acl.h"
|
#include "catalog/pg_parameter_acl.h"
|
||||||
#include "commands/defrem.h"
|
#include "commands/defrem.h"
|
||||||
#include "distributed/metadata_sync.h"
|
|
||||||
#include "distributed/deparser.h"
|
|
||||||
#include "distributed/commands.h"
|
|
||||||
#include "distributed/grant_utils.h"
|
|
||||||
#include "distributed/listutils.h"
|
|
||||||
|
|
||||||
#include "utils/acl.h"
|
#include "utils/acl.h"
|
||||||
#include "utils/builtins.h"
|
#include "utils/builtins.h"
|
||||||
#include "utils/syscache.h"
|
#include "utils/syscache.h"
|
||||||
|
|
||||||
static List *GenerateGrantOnParameterFromAclItem(char *parameterName, AclItem *aclItem);
|
#include "distributed/commands.h"
|
||||||
static bool HasAclGrantOption(AclItem *aclItem,AclMode aclMode);
|
#include "distributed/deparser.h"
|
||||||
|
#include "distributed/grant_utils.h"
|
||||||
|
#include "distributed/listutils.h"
|
||||||
|
#include "distributed/metadata_sync.h"
|
||||||
|
|
||||||
|
static List * GenerateGrantOnParameterFromAclItem(char *parameterName, AclItem *aclItem);
|
||||||
|
static bool HasAclGrantOption(AclItem *aclItem, AclMode aclMode);
|
||||||
static void CheckPermissionsAndGrants(AclItem *aclItem, AclMode modes[], int numModes);
|
static void CheckPermissionsAndGrants(AclItem *aclItem, AclMode modes[], int numModes);
|
||||||
static void CheckAndAppendQuery(List **queries, AclItem *aclItem, Oid granteeOid, char *parameterName, AclMode mode, char *modeStr);
|
static void CheckAndAppendQuery(List **queries, AclItem *aclItem, Oid granteeOid,
|
||||||
|
char *parameterName, AclMode mode, char *modeStr);
|
||||||
|
|
||||||
|
|
||||||
List *
|
List *
|
||||||
|
|
@ -51,75 +51,89 @@ GenerateGrantOnParameterFromAclItem(char *parameterName, AclItem *aclItem)
|
||||||
/*
|
/*
|
||||||
* seems unlikely but we check if there is a grant option in the list without the actual permission
|
* seems unlikely but we check if there is a grant option in the list without the actual permission
|
||||||
*/
|
*/
|
||||||
CheckPermissionsAndGrants(aclItem, (AclMode[]) {ACL_SET, ACL_ALTER_SYSTEM}, 2);
|
CheckPermissionsAndGrants(aclItem, (AclMode[]) { ACL_SET, ACL_ALTER_SYSTEM }, 2);
|
||||||
Oid granteeOid = aclItem->ai_grantee;
|
Oid granteeOid = aclItem->ai_grantee;
|
||||||
List *queries = NIL;
|
List *queries = NIL;
|
||||||
|
|
||||||
queries = lappend(queries, GenerateSetRoleQuery(aclItem->ai_grantor));
|
queries = lappend(queries, GenerateSetRoleQuery(aclItem->ai_grantor));
|
||||||
|
|
||||||
CheckAndAppendQuery(&queries, aclItem, granteeOid, parameterName, ACL_SET, "SET");
|
CheckAndAppendQuery(&queries, aclItem, granteeOid, parameterName, ACL_SET, "SET");
|
||||||
CheckAndAppendQuery(&queries, aclItem, granteeOid, parameterName, ACL_ALTER_SYSTEM, "ALTER SYSTEM");
|
CheckAndAppendQuery(&queries, aclItem, granteeOid, parameterName, ACL_ALTER_SYSTEM,
|
||||||
|
"ALTER SYSTEM");
|
||||||
|
|
||||||
queries = lappend(queries, "RESET ROLE");
|
queries = lappend(queries, "RESET ROLE");
|
||||||
|
|
||||||
return queries;
|
return queries;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void CheckAndAppendQuery(List **queries, AclItem *aclItem, Oid granteeOid, char *parameterName, AclMode mode, char *modeStr) {
|
|
||||||
AclResult aclresult = pg_parameter_aclcheck(parameterName, granteeOid, mode);
|
|
||||||
if (aclresult == ACLCHECK_OK)
|
|
||||||
{
|
|
||||||
char *query = DeparseTreeNode((Node *) GenerateGrantStmtForRightsWithObjectName(
|
|
||||||
OBJECT_PARAMETER_ACL, granteeOid, parameterName,
|
|
||||||
modeStr,
|
|
||||||
HasAclGrantOption(aclItem, mode)));
|
|
||||||
|
|
||||||
// remove the semicolon at the end of the query since it is already
|
static void
|
||||||
// appended in metadata_sync phase
|
CheckAndAppendQuery(List **queries, AclItem *aclItem, Oid granteeOid, char *parameterName,
|
||||||
|
AclMode mode, char *modeStr)
|
||||||
|
{
|
||||||
|
AclResult aclresult = pg_parameter_aclcheck(parameterName, granteeOid, mode);
|
||||||
|
if (aclresult == ACLCHECK_OK)
|
||||||
|
{
|
||||||
|
char *query = DeparseTreeNode((Node *) GenerateGrantStmtForRightsWithObjectName(
|
||||||
|
OBJECT_PARAMETER_ACL, granteeOid, parameterName,
|
||||||
|
modeStr,
|
||||||
|
HasAclGrantOption(aclItem, mode)));
|
||||||
|
|
||||||
|
/* remove the semicolon at the end of the query since it is already */
|
||||||
|
/* appended in metadata_sync phase */
|
||||||
query[strlen(query) - 1] = '\0';
|
query[strlen(query) - 1] = '\0';
|
||||||
|
|
||||||
*queries = lappend(*queries, query);
|
*queries = lappend(*queries, query);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void CheckPermissionsAndGrants(AclItem *aclItem, AclMode modes[], int numModes) {
|
|
||||||
AclMode permissions = ACLITEM_GET_PRIVS(*aclItem) & ACL_ALL_RIGHTS_PARAMETER_ACL;
|
|
||||||
AclMode grants = ACLITEM_GET_GOPTIONS(*aclItem) & ACL_ALL_RIGHTS_PARAMETER_ACL;
|
|
||||||
|
|
||||||
for (int i = 0; i < numModes; i++) {
|
static void
|
||||||
AclMode mode = modes[i];
|
CheckPermissionsAndGrants(AclItem *aclItem, AclMode modes[], int numModes)
|
||||||
Assert(!(grants & mode) || (permissions & mode));
|
{
|
||||||
}
|
AclMode permissions = ACLITEM_GET_PRIVS(*aclItem) & ACL_ALL_RIGHTS_PARAMETER_ACL;
|
||||||
|
AclMode grants = ACLITEM_GET_GOPTIONS(*aclItem) & ACL_ALL_RIGHTS_PARAMETER_ACL;
|
||||||
|
|
||||||
|
for (int i = 0; i < numModes; i++)
|
||||||
|
{
|
||||||
|
AclMode mode = modes[i];
|
||||||
|
Assert(!(grants & mode) || (permissions & mode));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool HasAclGrantOption(AclItem *aclItem,AclMode aclMode)
|
|
||||||
|
static bool
|
||||||
|
HasAclGrantOption(AclItem *aclItem, AclMode aclMode)
|
||||||
{
|
{
|
||||||
return (aclItem->ai_privs & ACL_GRANT_OPTION_FOR(aclMode)) != 0;
|
return (aclItem->ai_privs & ACL_GRANT_OPTION_FOR(aclMode)) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
List * GrantOnParameters(void)
|
|
||||||
|
List *
|
||||||
|
GrantOnParameters(void)
|
||||||
{
|
{
|
||||||
/* Open pg_shdescription catalog */
|
/* Open pg_shdescription catalog */
|
||||||
Relation paramPermissionRelation = table_open(ParameterAclRelationId, AccessShareLock);
|
Relation paramPermissionRelation = table_open(ParameterAclRelationId,
|
||||||
|
AccessShareLock);
|
||||||
|
|
||||||
|
|
||||||
int scanKeyCount = 0;
|
int scanKeyCount = 0;
|
||||||
bool indexOk = false;
|
bool indexOk = false;
|
||||||
SysScanDesc scan = systable_beginscan(paramPermissionRelation, InvalidOid,
|
SysScanDesc scan = systable_beginscan(paramPermissionRelation, InvalidOid,
|
||||||
indexOk, NULL, scanKeyCount,NULL);
|
indexOk, NULL, scanKeyCount, NULL);
|
||||||
HeapTuple tuple;
|
HeapTuple tuple;
|
||||||
List *commands = NIL;
|
List *commands = NIL;
|
||||||
while ((tuple = systable_getnext(scan)) != NULL)
|
while ((tuple = systable_getnext(scan)) != NULL)
|
||||||
{
|
{
|
||||||
|
|
||||||
bool isNull = false;
|
bool isNull = false;
|
||||||
|
|
||||||
TupleDesc tupdesc = RelationGetDescr(paramPermissionRelation);
|
TupleDesc tupdesc = RelationGetDescr(paramPermissionRelation);
|
||||||
|
|
||||||
Datum aclDatum = heap_getattr(tuple, Anum_pg_parameter_acl_paracl, tupdesc,
|
Datum aclDatum = heap_getattr(tuple, Anum_pg_parameter_acl_paracl, tupdesc,
|
||||||
&isNull);
|
&isNull);
|
||||||
Datum parameterNameDatum = heap_getattr(tuple, Anum_pg_parameter_acl_parname, tupdesc,
|
Datum parameterNameDatum = heap_getattr(tuple, Anum_pg_parameter_acl_parname,
|
||||||
&isNull);
|
tupdesc,
|
||||||
|
&isNull);
|
||||||
|
|
||||||
char *parameterName = TextDatumGetCString(parameterNameDatum);
|
char *parameterName = TextDatumGetCString(parameterNameDatum);
|
||||||
|
|
||||||
|
|
@ -128,15 +142,12 @@ List * GrantOnParameters(void)
|
||||||
int aclNum = ACL_NUM(acl);
|
int aclNum = ACL_NUM(acl);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
for (int i = 0; i < aclNum; i++)
|
for (int i = 0; i < aclNum; i++)
|
||||||
{
|
{
|
||||||
commands = list_concat(commands,
|
commands = list_concat(commands,
|
||||||
GenerateGrantOnParameterFromAclItem(
|
GenerateGrantOnParameterFromAclItem(
|
||||||
parameterName, &aclDat[i]));
|
parameterName, &aclDat[i]));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* End the scan and close the catalog */
|
/* End the scan and close the catalog */
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
* All routines to deparse parameter statements.
|
* All routines to deparse parameter statements.
|
||||||
*
|
*
|
||||||
* -------------------------------------------------------------------------
|
* -------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "postgres.h"
|
#include "postgres.h"
|
||||||
|
|
||||||
|
|
@ -33,6 +33,7 @@ AppendGrantParameters(StringInfo buf, GrantStmt *stmt)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
AppendGrantOnParameterStmt(StringInfo buf, GrantStmt *stmt)
|
AppendGrantOnParameterStmt(StringInfo buf, GrantStmt *stmt)
|
||||||
{
|
{
|
||||||
|
|
@ -59,5 +60,3 @@ DeparseGrantOnParameterStmt(Node *node)
|
||||||
|
|
||||||
return str.data;
|
return str.data;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -65,6 +65,7 @@
|
||||||
#include "distributed/coordinator_protocol.h"
|
#include "distributed/coordinator_protocol.h"
|
||||||
#include "distributed/deparser.h"
|
#include "distributed/deparser.h"
|
||||||
#include "distributed/distribution_column.h"
|
#include "distributed/distribution_column.h"
|
||||||
|
#include "distributed/grant_utils.h"
|
||||||
#include "distributed/listutils.h"
|
#include "distributed/listutils.h"
|
||||||
#include "distributed/maintenanced.h"
|
#include "distributed/maintenanced.h"
|
||||||
#include "distributed/metadata/dependency.h"
|
#include "distributed/metadata/dependency.h"
|
||||||
|
|
@ -88,7 +89,6 @@
|
||||||
#include "distributed/tenant_schema_metadata.h"
|
#include "distributed/tenant_schema_metadata.h"
|
||||||
#include "distributed/utils/array_type.h"
|
#include "distributed/utils/array_type.h"
|
||||||
#include "distributed/utils/function.h"
|
#include "distributed/utils/function.h"
|
||||||
#include "distributed/grant_utils.h"
|
|
||||||
#include "distributed/version_compat.h"
|
#include "distributed/version_compat.h"
|
||||||
#include "distributed/worker_manager.h"
|
#include "distributed/worker_manager.h"
|
||||||
#include "distributed/worker_protocol.h"
|
#include "distributed/worker_protocol.h"
|
||||||
|
|
@ -2161,30 +2161,32 @@ GenerateGrantStmtForRights(ObjectType objectType,
|
||||||
char *permission,
|
char *permission,
|
||||||
bool withGrantOption)
|
bool withGrantOption)
|
||||||
{
|
{
|
||||||
return BaseGenerateGrantStmtForRights(objectType,roleOid,objectId,NULL,permission,withGrantOption);
|
return BaseGenerateGrantStmtForRights(objectType, roleOid, objectId, NULL, permission,
|
||||||
|
withGrantOption);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
GrantStmt *
|
GrantStmt *
|
||||||
GenerateGrantStmtForRightsWithObjectName(ObjectType objectType,
|
GenerateGrantStmtForRightsWithObjectName(ObjectType objectType,
|
||||||
Oid roleOid,
|
Oid roleOid,
|
||||||
char *objectName,
|
char *objectName,
|
||||||
char *permission,
|
char *permission,
|
||||||
bool withGrantOption)
|
bool withGrantOption)
|
||||||
{
|
{
|
||||||
return BaseGenerateGrantStmtForRights(objectType,roleOid,InvalidOid,objectName,permission,withGrantOption);
|
return BaseGenerateGrantStmtForRights(objectType, roleOid, InvalidOid, objectName,
|
||||||
|
permission, withGrantOption);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
GrantStmt *
|
GrantStmt *
|
||||||
BaseGenerateGrantStmtForRights(ObjectType objectType,
|
BaseGenerateGrantStmtForRights(ObjectType objectType,
|
||||||
Oid roleOid,
|
Oid roleOid,
|
||||||
Oid objectId,
|
Oid objectId,
|
||||||
char *objectName,
|
char *objectName,
|
||||||
char *permission,
|
char *permission,
|
||||||
bool withGrantOption)
|
bool withGrantOption)
|
||||||
{
|
{
|
||||||
|
/*either objectId or objectName should be valid */
|
||||||
//either objectId or objectName should be valid
|
|
||||||
Assert(objectId != InvalidOid || objectName != NULL);
|
Assert(objectId != InvalidOid || objectName != NULL);
|
||||||
|
|
||||||
GrantStmt *stmt = makeNode(GrantStmt);
|
GrantStmt *stmt = makeNode(GrantStmt);
|
||||||
|
|
@ -2207,7 +2209,6 @@ BaseGenerateGrantStmtForRights(ObjectType objectType,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* GetObjectsForGrantStmt takes an object type and object id and returns the 'objects'
|
* GetObjectsForGrantStmt takes an object type and object id and returns the 'objects'
|
||||||
* field to be used when creating GrantStmt. We have only one object here (the one with
|
* field to be used when creating GrantStmt. We have only one object here (the one with
|
||||||
|
|
|
||||||
|
|
@ -9,26 +9,27 @@
|
||||||
#ifndef CITUS_GRANT_UTILS_H
|
#ifndef CITUS_GRANT_UTILS_H
|
||||||
#define CITUS_GRANT_UTILS_H
|
#define CITUS_GRANT_UTILS_H
|
||||||
#include "postgres.h"
|
#include "postgres.h"
|
||||||
|
|
||||||
#include "nodes/parsenodes.h"
|
#include "nodes/parsenodes.h"
|
||||||
|
|
||||||
extern List * GrantOnParameters(void);
|
extern List * GrantOnParameters(void);
|
||||||
extern char * GenerateSetRoleQuery(Oid roleOid);
|
extern char * GenerateSetRoleQuery(Oid roleOid);
|
||||||
extern GrantStmt * GenerateGrantStmtForRights(ObjectType objectType,
|
extern GrantStmt * GenerateGrantStmtForRights(ObjectType objectType,
|
||||||
Oid roleOid,
|
Oid roleOid,
|
||||||
Oid objectId,
|
Oid objectId,
|
||||||
char *permission,
|
char *permission,
|
||||||
bool withGrantOption);
|
bool withGrantOption);
|
||||||
extern GrantStmt *GenerateGrantStmtForRightsWithObjectName(ObjectType objectType,
|
extern GrantStmt * GenerateGrantStmtForRightsWithObjectName(ObjectType objectType,
|
||||||
Oid roleOid,
|
Oid roleOid,
|
||||||
char *objectName,
|
char *objectName,
|
||||||
char *permission,
|
char *permission,
|
||||||
bool withGrantOption);
|
bool withGrantOption);
|
||||||
extern GrantStmt *BaseGenerateGrantStmtForRights(ObjectType objectType,
|
extern GrantStmt * BaseGenerateGrantStmtForRights(ObjectType objectType,
|
||||||
Oid roleOid,
|
Oid roleOid,
|
||||||
Oid objectId,
|
Oid objectId,
|
||||||
char *objectName,
|
char *objectName,
|
||||||
char *permission,
|
char *permission,
|
||||||
bool withGrantOption);
|
bool withGrantOption);
|
||||||
|
|
||||||
|
|
||||||
#endif /* CITUS_GRANT_UTILS_H */
|
#endif /* CITUS_GRANT_UTILS_H */
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue