patch 4.0
This commit is contained in:
wangzelin.wzl
@ -23,21 +23,23 @@
|
||||
#include "sql/session/ob_sql_session_info.h"
|
||||
#include "sql/engine/cmd/ob_user_cmd_executor.h"
|
||||
|
||||
namespace oceanbase {
|
||||
namespace oceanbase
|
||||
{
|
||||
using namespace common;
|
||||
using namespace share::schema;
|
||||
namespace sql {
|
||||
namespace sql
|
||||
{
|
||||
|
||||
int ObGrantExecutor::execute(ObExecContext& ctx, ObGrantStmt& stmt)
|
||||
int ObGrantExecutor::execute(ObExecContext &ctx, ObGrantStmt &stmt)
|
||||
{
|
||||
int ret = OB_SUCCESS;
|
||||
ObTaskExecutorCtx* task_exec_ctx = NULL;
|
||||
obrpc::ObCommonRpcProxy* common_rpc_proxy = NULL;
|
||||
ObSQLSessionInfo* session_info = NULL;
|
||||
ObTaskExecutorCtx *task_exec_ctx = NULL;
|
||||
obrpc::ObCommonRpcProxy *common_rpc_proxy = NULL;
|
||||
ObSQLSessionInfo *session_info = NULL;
|
||||
const uint64_t tenant_id = stmt.get_tenant_id();
|
||||
const ObStrings& users = stmt.get_users();
|
||||
ObIAllocator& allocator = ctx.get_allocator();
|
||||
obrpc::ObGrantArg& arg = static_cast<obrpc::ObGrantArg&>(stmt.get_ddl_arg());
|
||||
const ObStrings &users = stmt.get_users();
|
||||
ObIAllocator &allocator = ctx.get_allocator();
|
||||
obrpc::ObGrantArg &arg = static_cast<obrpc::ObGrantArg &>(stmt.get_ddl_arg());
|
||||
const bool is_role = arg.roles_.count() > 0;
|
||||
|
||||
if (OB_ISNULL(task_exec_ctx = GET_TASK_EXECUTOR_CTX(ctx))) {
|
||||
@ -54,20 +56,25 @@ int ObGrantExecutor::execute(ObExecContext& ctx, ObGrantStmt& stmt)
|
||||
ObString host_name;
|
||||
ObString pwd;
|
||||
ObString need_enc;
|
||||
// i += 4, each with user_name, pwd, need_enc
|
||||
//i += 4, each with user_name, pwd, need_enc
|
||||
if (OB_UNLIKELY(users.count() <= 0) || OB_UNLIKELY(0 != users.count() % 4)) {
|
||||
ret = OB_ERR_UNEXPECTED;
|
||||
LOG_WARN("Resolve users error. Users should have user and pwd", "ObStrings count", users.count(), K(ret));
|
||||
LOG_WARN("Resolve users error. Users should have user and pwd",
|
||||
"ObStrings count", users.count(), K(ret));
|
||||
}
|
||||
for (int64_t i = 0; OB_SUCC(ret) && i < users.count(); i += 4) {
|
||||
if (OB_FAIL(users.get_string(i, user_name))) {
|
||||
LOG_WARN("Get string from ObStrings error", "count", users.count(), K(i), K(ret));
|
||||
LOG_WARN("Get string from ObStrings error", "count",
|
||||
users.count(), K(i), K(ret));
|
||||
} else if (OB_FAIL(users.get_string(i + 1, host_name))) {
|
||||
LOG_WARN("Get string from ObStrings error", "count", users.count(), K(i), K(ret));
|
||||
LOG_WARN("Get string from ObStrings error", "count",
|
||||
users.count(), K(i), K(ret));
|
||||
} else if (OB_FAIL(users.get_string(i + 2, pwd))) {
|
||||
LOG_WARN("Get string from ObStrings error", "count", users.count(), K(i), K(ret));
|
||||
LOG_WARN("Get string from ObStrings error", "count",
|
||||
users.count(), K(i), K(ret));
|
||||
} else if (OB_FAIL(users.get_string(i + 3, need_enc))) {
|
||||
LOG_WARN("Get string from ObStrings error", "count", users.count(), K(i), K(ret));
|
||||
LOG_WARN("Get string from ObStrings error", "count",
|
||||
users.count(), K(i), K(ret));
|
||||
} else {
|
||||
if (OB_FAIL(arg.users_passwd_.push_back(user_name))) {
|
||||
LOG_WARN("failed to add user", K(ret));
|
||||
@ -76,20 +83,21 @@ int ObGrantExecutor::execute(ObExecContext& ctx, ObGrantStmt& stmt)
|
||||
} else if (ObString::make_string("YES") == need_enc) {
|
||||
ObString pwd_enc;
|
||||
if (pwd.length() > 0) {
|
||||
char* enc_buf = NULL;
|
||||
if (NULL == (enc_buf = static_cast<char*>(allocator.alloc(ENC_BUF_LEN)))) {
|
||||
char *enc_buf = NULL;
|
||||
if (NULL == (enc_buf = static_cast<char *>(allocator.alloc(ENC_BUF_LEN)))) {
|
||||
ret = OB_ALLOCATE_MEMORY_FAILED;
|
||||
LOG_ERROR("Failed to allocate memory", K(ret), K(ENC_BUF_LEN));
|
||||
} else if (OB_FAIL(ObCreateUserExecutor::encrypt_passwd(pwd, pwd_enc, enc_buf, ENC_BUF_LEN))) {
|
||||
} else if (OB_FAIL(ObCreateUserExecutor::encrypt_passwd(pwd,
|
||||
pwd_enc,
|
||||
enc_buf,
|
||||
ENC_BUF_LEN))) {
|
||||
LOG_WARN("Encrypt password failed", K(ret));
|
||||
} else {
|
||||
} // do nothing
|
||||
} else { }//do nothing
|
||||
}
|
||||
if (OB_FAIL(ret)) {
|
||||
} else if (OB_FAIL(arg.users_passwd_.push_back(pwd_enc))) {
|
||||
LOG_WARN("failed to add password", K(ret));
|
||||
} else {
|
||||
} // do nothing
|
||||
} else { }//do nothing
|
||||
} else {
|
||||
if (OB_FAIL(arg.users_passwd_.push_back(pwd))) {
|
||||
LOG_WARN("failed to add password", K(ret));
|
||||
@ -98,7 +106,12 @@ int ObGrantExecutor::execute(ObExecContext& ctx, ObGrantStmt& stmt)
|
||||
}
|
||||
}
|
||||
}
|
||||
if (OB_SUCC(ret)) {
|
||||
if (OB_FAIL(ret)) {
|
||||
// do nothing.
|
||||
} else if (OB_ISNULL(stmt.get_query_ctx())) {
|
||||
ret = OB_ERR_UNEXPECTED;
|
||||
LOG_WARN("query ctx is null", K(ret));
|
||||
} else {
|
||||
arg.tenant_id_ = tenant_id;
|
||||
arg.db_ = stmt.get_database_name();
|
||||
arg.table_ = stmt.get_table_name();
|
||||
@ -106,7 +119,7 @@ int ObGrantExecutor::execute(ObExecContext& ctx, ObGrantStmt& stmt)
|
||||
arg.priv_level_ = stmt.get_grant_level();
|
||||
arg.need_create_user_ = stmt.get_need_create_user();
|
||||
arg.has_create_user_priv_ = session_info->get_user_priv_set() & OB_PRIV_CREATE_USER;
|
||||
arg.ddl_stmt_str_ = stmt.get_sql_stmt();
|
||||
arg.ddl_stmt_str_ = stmt.get_query_ctx()->get_sql_stmt();
|
||||
arg.option_ = stmt.get_option();
|
||||
arg.object_type_ = stmt.get_object_type();
|
||||
arg.object_id_ = stmt.get_object_id();
|
||||
@ -122,11 +135,11 @@ int ObGrantExecutor::execute(ObExecContext& ctx, ObGrantStmt& stmt)
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ObRevokeExecutor::execute(ObExecContext& ctx, ObRevokeStmt& stmt)
|
||||
int ObRevokeExecutor::execute(ObExecContext &ctx, ObRevokeStmt &stmt)
|
||||
{
|
||||
int ret = OB_SUCCESS;
|
||||
ObTaskExecutorCtx* task_exec_ctx = NULL;
|
||||
obrpc::ObCommonRpcProxy* common_rpc_proxy = NULL;
|
||||
ObTaskExecutorCtx *task_exec_ctx = NULL;
|
||||
obrpc::ObCommonRpcProxy *common_rpc_proxy = NULL;
|
||||
|
||||
if (OB_ISNULL(task_exec_ctx = GET_TASK_EXECUTOR_CTX(ctx))) {
|
||||
ret = OB_NOT_INIT;
|
||||
@ -153,19 +166,17 @@ int ObRevokeExecutor::execute(ObExecContext& ctx, ObRevokeStmt& stmt)
|
||||
LOG_WARN("grant_revoke_user error", K(ret));
|
||||
}
|
||||
break;
|
||||
case OB_PRIV_SYS_ORACLE_LEVEL: {
|
||||
if (OB_FAIL(revoke_sys_priv(common_rpc_proxy, stmt))) {
|
||||
LOG_WARN("grant_revoke_user error", K(ret));
|
||||
}
|
||||
break;
|
||||
case OB_PRIV_SYS_ORACLE_LEVEL: { // Oracle revoke role and sys_priv
|
||||
if (OB_FAIL(revoke_sys_priv(common_rpc_proxy, stmt))) {
|
||||
LOG_WARN("grant_revoke_user error", K(ret));
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
default: {
|
||||
ret = OB_ERR_UNEXPECTED;
|
||||
LOG_WARN("Resolver may be error, invalid grant_level",
|
||||
"grant_level",
|
||||
ob_priv_level_str(stmt.get_grant_level()),
|
||||
K(ret));
|
||||
"grant_level", ob_priv_level_str(stmt.get_grant_level()), K(ret));
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -173,16 +184,16 @@ int ObRevokeExecutor::execute(ObExecContext& ctx, ObRevokeStmt& stmt)
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ObRevokeExecutor::revoke_user(obrpc::ObCommonRpcProxy* rpc_proxy, ObRevokeStmt& stmt)
|
||||
int ObRevokeExecutor::revoke_user(obrpc::ObCommonRpcProxy *rpc_proxy, ObRevokeStmt &stmt)
|
||||
{
|
||||
int ret = OB_SUCCESS;
|
||||
if (OB_ISNULL(rpc_proxy)) {
|
||||
ret = OB_INVALID_ARGUMENT;
|
||||
LOG_WARN("Input argument error", K(rpc_proxy), K(ret));
|
||||
} else {
|
||||
obrpc::ObRevokeUserArg& arg = static_cast<obrpc::ObRevokeUserArg&>(stmt.get_ddl_arg());
|
||||
obrpc::ObRevokeUserArg &arg = static_cast<obrpc::ObRevokeUserArg &>(stmt.get_ddl_arg());
|
||||
arg.tenant_id_ = stmt.get_tenant_id();
|
||||
const ObIArray<uint64_t>& user_ids = stmt.get_users();
|
||||
const ObIArray<uint64_t> &user_ids = stmt.get_users();
|
||||
const bool is_role = arg.role_ids_.count() > 0;
|
||||
if (is_role) {
|
||||
for (int i = 0; OB_SUCC(ret) && i < user_ids.count(); ++i) {
|
||||
@ -208,18 +219,18 @@ int ObRevokeExecutor::revoke_user(obrpc::ObCommonRpcProxy* rpc_proxy, ObRevokeSt
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ObRevokeExecutor::revoke_db(obrpc::ObCommonRpcProxy* rpc_proxy, ObRevokeStmt& stmt)
|
||||
int ObRevokeExecutor::revoke_db(obrpc::ObCommonRpcProxy *rpc_proxy, ObRevokeStmt &stmt)
|
||||
{
|
||||
int ret = OB_SUCCESS;
|
||||
if (OB_ISNULL(rpc_proxy)) {
|
||||
ret = OB_INVALID_ARGUMENT;
|
||||
LOG_WARN("Input argument error", K(rpc_proxy), K(ret));
|
||||
} else {
|
||||
obrpc::ObRevokeDBArg& arg = static_cast<obrpc::ObRevokeDBArg&>(stmt.get_ddl_arg());
|
||||
obrpc::ObRevokeDBArg &arg = static_cast<obrpc::ObRevokeDBArg &>(stmt.get_ddl_arg());
|
||||
arg.tenant_id_ = stmt.get_tenant_id();
|
||||
arg.priv_set_ = stmt.get_priv_set();
|
||||
arg.db_ = stmt.get_database_name();
|
||||
const ObIArray<uint64_t>& user_ids = stmt.get_users();
|
||||
const ObIArray<uint64_t> &user_ids = stmt.get_users();
|
||||
if (0 == user_ids.count()) {
|
||||
ret = OB_ERR_UNEXPECTED;
|
||||
LOG_WARN("User ids is empty, resolver may be error", K(ret));
|
||||
@ -235,14 +246,14 @@ int ObRevokeExecutor::revoke_db(obrpc::ObCommonRpcProxy* rpc_proxy, ObRevokeStmt
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ObRevokeExecutor::revoke_table(obrpc::ObCommonRpcProxy* rpc_proxy, ObRevokeStmt& stmt)
|
||||
int ObRevokeExecutor::revoke_table(obrpc::ObCommonRpcProxy *rpc_proxy, ObRevokeStmt &stmt)
|
||||
{
|
||||
int ret = OB_SUCCESS;
|
||||
if (OB_ISNULL(rpc_proxy)) {
|
||||
ret = OB_INVALID_ARGUMENT;
|
||||
LOG_WARN("Input argument error", K(rpc_proxy), K(ret));
|
||||
} else {
|
||||
obrpc::ObRevokeTableArg& arg = static_cast<obrpc::ObRevokeTableArg&>(stmt.get_ddl_arg());
|
||||
obrpc::ObRevokeTableArg &arg = static_cast<obrpc::ObRevokeTableArg &>(stmt.get_ddl_arg());
|
||||
arg.tenant_id_ = stmt.get_tenant_id();
|
||||
arg.priv_set_ = stmt.get_priv_set();
|
||||
arg.db_ = stmt.get_database_name();
|
||||
@ -252,7 +263,7 @@ int ObRevokeExecutor::revoke_table(obrpc::ObCommonRpcProxy* rpc_proxy, ObRevokeS
|
||||
arg.grantor_id_ = stmt.get_grantor_id();
|
||||
arg.revoke_all_ora_ = stmt.get_revoke_all_ora();
|
||||
|
||||
const ObIArray<uint64_t>& user_ids = stmt.get_users();
|
||||
const ObIArray<uint64_t> &user_ids = stmt.get_users();
|
||||
if (0 == user_ids.count()) {
|
||||
ret = OB_ERR_UNEXPECTED;
|
||||
LOG_WARN("User ids is empty, resolver may be error", K(ret));
|
||||
@ -268,21 +279,26 @@ int ObRevokeExecutor::revoke_table(obrpc::ObCommonRpcProxy* rpc_proxy, ObRevokeS
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ObRevokeExecutor::revoke_sys_priv(obrpc::ObCommonRpcProxy* rpc_proxy, ObRevokeStmt& stmt)
|
||||
int ObRevokeExecutor::revoke_sys_priv(obrpc::ObCommonRpcProxy *rpc_proxy, ObRevokeStmt &stmt)
|
||||
{
|
||||
int ret = OB_SUCCESS;
|
||||
if (OB_ISNULL(rpc_proxy)) {
|
||||
ret = OB_INVALID_ARGUMENT;
|
||||
LOG_WARN("Input argument error", K(rpc_proxy), K(ret));
|
||||
} else {
|
||||
obrpc::ObRevokeSysPrivArg& arg = static_cast<obrpc::ObRevokeSysPrivArg&>(stmt.get_ddl_arg());
|
||||
obrpc::ObRevokeSysPrivArg &arg = static_cast<obrpc::ObRevokeSysPrivArg &>(stmt.get_ddl_arg());
|
||||
arg.tenant_id_ = stmt.get_tenant_id();
|
||||
const ObIArray<uint64_t>& user_ids = stmt.get_users();
|
||||
// 在resolve阶段,已经设置了arg的priv_array
|
||||
// 在resolve阶段,也已经设置了arg的role_ids_
|
||||
const ObIArray<uint64_t> &user_ids = stmt.get_users();
|
||||
if (0 == user_ids.count()) {
|
||||
ret = OB_ERR_UNEXPECTED;
|
||||
LOG_WARN("User ids is empty, resolver may be error", K(ret));
|
||||
} else if (OB_ISNULL(stmt.get_query_ctx())) {
|
||||
ret = OB_ERR_UNEXPECTED;
|
||||
LOG_WARN("query ctx is null", K(ret));
|
||||
} else {
|
||||
arg.ddl_stmt_str_ = stmt.get_sql_stmt();
|
||||
arg.ddl_stmt_str_ = stmt.get_query_ctx()->get_sql_stmt();
|
||||
for (int i = 0; OB_SUCC(ret) && i < user_ids.count(); i++) {
|
||||
arg.grantee_id_ = user_ids.at(i);
|
||||
if (OB_FAIL(rpc_proxy->revoke_sys_priv(arg))) {
|
||||
@ -294,5 +310,5 @@ int ObRevokeExecutor::revoke_sys_priv(obrpc::ObCommonRpcProxy* rpc_proxy, ObRevo
|
||||
return ret;
|
||||
}
|
||||
|
||||
} // namespace sql
|
||||
} // namespace oceanbase
|
||||
}// ns sql
|
||||
}// ns oceanbase
|
||||
|
||||
Reference in New Issue
Block a user