hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[to #47948126] check pl privilege

Browse Source
This commit is contained in:
obdev
2023-04-17 03:41:52 +00:00
committed by ob-robot
parent b873dfb706
commit b3e639bbea
4 changed files with 79 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
src/pl/ob_pl.cpp
View File

@ -3184,68 +3184,84 @@ int ObPL::simple_execute(ObPLExecCtx *ctx, int64_t argc, int64_t *argv)
return ret; return ret;
} }
int ObPLExecState::check_pl_udt_priv( int ObPLExecState::check_pl_execute_priv(ObSchemaGetterGuard &guard,
const uint64_t tenant_id,
const uint64_t user_id,
const ObSchemaObjVersion &schema_obj,
const ObIArray<uint64_t> &role_id_array)
{
int ret = OB_SUCCESS;
uint64_t db_id = 0;
const ObUDTTypeInfo *udt_info = NULL;
const ObRoutineInfo *routine_info = NULL;
const ObUserInfo *user_info = NULL;
uint64_t obj_tenant_id = tenant_id;
const uint64_t fetch_tenant_id = get_tenant_id_by_object_id(schema_obj.get_object_id());
ObSchemaType schema_type = schema_obj.get_schema_type();
ObObjectType object_type = ObObjectType::INVALID;
if (UDT_SCHEMA == schema_type) {
OZ (guard.get_udt_info(fetch_tenant_id, schema_obj.get_object_id(), udt_info));
OX (object_type = ObObjectType::TYPE);
if (OB_NOT_NULL(udt_info)) {
OX (db_id = udt_info->get_database_id());
OX (obj_tenant_id = udt_info->get_tenant_id());
}
} else if (ROUTINE_SCHEMA == schema_type) {
OZ (guard.get_routine_info(fetch_tenant_id, schema_obj.get_object_id(), routine_info));
OX (object_type =
DEPENDENCY_PROCEDURE == schema_obj.object_type_ ?
ObObjectType::PROCEDURE : ObObjectType::FUNCTION);
if (OB_NOT_NULL(routine_info)) {
OX (db_id = routine_info->get_database_id());
OX (obj_tenant_id = routine_info->get_tenant_id());
}
}
if (OB_SUCC(ret) && (OB_NOT_NULL(udt_info) || OB_NOT_NULL(routine_info))) {
const ObDatabaseSchema *db_schema = NULL;
common::ObString database_name = OB_SYS_DATABASE_NAME;
uint64_t obj_owner_id = OB_SYS_USER_ID;
if (OB_SYS_TENANT_ID != obj_tenant_id) {
OZ (guard.get_database_schema(tenant_id, db_id, db_schema));
CK (db_schema != NULL);
OX(database_name = db_schema->get_database_name());
OZ (guard.get_user_info(tenant_id,
database_name,
OB_DEFAULT_HOST_NAME,
user_info));
CK (user_info != NULL);
OX (obj_owner_id = user_info->get_user_id());
}
OZ (ObOraSysChecker::check_ora_obj_priv(guard,
obj_tenant_id,
user_id,
database_name,
schema_obj.get_object_id(),
OBJ_LEVEL_FOR_TAB_PRIV,
static_cast<uint64_t>(object_type),
OBJ_PRIV_ID_EXECUTE,
CHECK_FLAG_NORMAL,
obj_owner_id,
role_id_array));
if (ROUTINE_SCHEMA == schema_type && ret == OB_TABLE_NOT_EXIST) {
ret = OB_WRONG_COLUMN_NAME;
}
}
return ret;
}
int ObPLExecState::check_pl_priv(
ObSchemaGetterGuard &guard, ObSchemaGetterGuard &guard,
const uint64_t tenant_id, const uint64_t tenant_id,
const uint64_t user_id, const uint64_t user_id,
const DependenyTableStore &dep_obj) const DependenyTableStore &dep_obj)
{ {
//const uint64_t obj_id,
//const uint64_t obj_type,
//const ObRawObjPriv raw_obj_priv
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
uint64_t db_id = 0;
for (int64_t i = 0; i < dep_obj.count() && OB_SUCC(ret); i++) { for (int64_t i = 0; i < dep_obj.count() && OB_SUCC(ret); i++) {
const ObSchemaObjVersion &schema_obj = dep_obj.at(i); const ObSchemaObjVersion &schema_obj = dep_obj.at(i);
if (UDT_SCHEMA == schema_obj.get_schema_type()) { OZ(check_pl_execute_priv(guard, tenant_id, user_id, schema_obj,
const ObUDTTypeInfo *udt_info = NULL; ctx_.exec_ctx_->get_my_session()->get_enable_role_array()));
const ObDatabaseSchema *db_schema = NULL;
const ObUserInfo *user_info = NULL;
ObString host_name(OB_DEFAULT_HOST_NAME);
const uint64_t fetch_tenant_id = get_tenant_id_by_object_id(schema_obj.get_object_id());
OZ (guard.get_udt_info(fetch_tenant_id, schema_obj.get_object_id(), udt_info));
if (OB_SUCC(ret) && udt_info != NULL) {
if (OB_SYS_TENANT_ID == udt_info->get_tenant_id()) {
CK (ctx_.exec_ctx_ != NULL);
CK (ctx_.exec_ctx_->get_my_session() != NULL);
OZ (ObOraSysChecker::check_ora_obj_priv(guard,
OB_SYS_TENANT_ID,
user_id,
OB_SYS_DATABASE_NAME,
schema_obj.get_object_id(),
OBJ_LEVEL_FOR_TAB_PRIV,
static_cast<uint64_t>(ObObjectType::TYPE),
OBJ_PRIV_ID_EXECUTE,
CHECK_FLAG_NORMAL,
OB_SYS_USER_ID,
ctx_.exec_ctx_->get_my_session()->get_enable_role_array()));
} else {
OX (db_id = udt_info->get_database_id());
OZ (guard.get_database_schema(tenant_id,
db_id,
db_schema));
CK (db_schema != NULL);
OZ (guard.get_user_info(tenant_id,
db_schema->get_database_name(),
host_name,
user_info));
CK (user_info != NULL);
CK (ctx_.exec_ctx_ != NULL);
CK (ctx_.exec_ctx_->get_my_session() != NULL);
OZ (ObOraSysChecker::check_ora_obj_priv(guard,
tenant_id,
user_id,
db_schema->get_database_name(),
schema_obj.get_object_id(),
OBJ_LEVEL_FOR_TAB_PRIV,
static_cast<uint64_t>(ObObjectType::TYPE),
OBJ_PRIV_ID_EXECUTE,
CHECK_FLAG_NORMAL,
user_info->get_user_id(),
ctx_.exec_ctx_->get_my_session()->get_enable_role_array()));
}
}
}
} }
// check func self priv // check func self priv
return ret; return ret;
@ -3271,7 +3287,7 @@ int ObPLExecState::execute()
ctx_.exec_ctx_->get_sql_ctx()->schema_guard_ != NULL) { ctx_.exec_ctx_->get_sql_ctx()->schema_guard_ != NULL) {
uint64_t user_id = ctx_.exec_ctx_->get_my_session()->get_priv_user_id(); uint64_t user_id = ctx_.exec_ctx_->get_my_session()->get_priv_user_id();
if (OB_SUCC(ret) && ObSchemaChecker::is_ora_priv_check()) { if (OB_SUCC(ret) && ObSchemaChecker::is_ora_priv_check()) {
OZ (check_pl_udt_priv(*ctx_.exec_ctx_->get_sql_ctx()->schema_guard_, OZ (check_pl_priv(*ctx_.exec_ctx_->get_sql_ctx()->schema_guard_,
ctx_.exec_ctx_->get_my_session()->get_effective_tenant_id(), ctx_.exec_ctx_->get_my_session()->get_effective_tenant_id(),
user_id, user_id,
func_.get_dependency_table())); func_.get_dependency_table()));

7
src/pl/ob_pl.h
View File

@ -838,7 +838,12 @@ public:
int get_var(int64_t var_idx, ObObjParam& result); int get_var(int64_t var_idx, ObObjParam& result);
int set_var(int64_t var_idx, const ObObjParam& value); int set_var(int64_t var_idx, const ObObjParam& value);
ObPLExecCtx& get_exec_ctx() { return ctx_; } ObPLExecCtx& get_exec_ctx() { return ctx_; }
int check_pl_udt_priv(share::schema::ObSchemaGetterGuard &guard, int check_pl_execute_priv(ObSchemaGetterGuard &guard,
const uint64_t tenant_id,
const uint64_t user_id,
const ObSchemaObjVersion &schema_obj,
const ObIArray<uint64_t> &role_id_array);
int check_pl_priv(share::schema::ObSchemaGetterGuard &guard,
const uint64_t tenant_id, const uint64_t tenant_id,
const uint64_t user_id, const uint64_t user_id,
const sql::DependenyTableStore &dep_obj); const sql::DependenyTableStore &dep_obj);

2
src/pl/ob_pl_stmt.cpp
View File

@ -2064,7 +2064,7 @@ int ObPLExternalNS::resolve_external_routine(const ObString &db_name,
// todo: dependency on udt functions // todo: dependency on udt functions
ObSchemaObjVersion obj_version; ObSchemaObjVersion obj_version;
obj_version.object_id_ = schema_routine_info->get_routine_id(); obj_version.object_id_ = schema_routine_info->get_routine_id();
obj_version.object_type_ = DEPENDENCY_PROCEDURE; obj_version.object_type_ = is_procedure(routine_type) ? DEPENDENCY_PROCEDURE : DEPENDENCY_FUNCTION;
obj_version.version_ = schema_routine_info->get_schema_version(); obj_version.version_ = schema_routine_info->get_schema_version();
if (OB_FAIL(add_dependency_object(obj_version))) { if (OB_FAIL(add_dependency_object(obj_version))) {
LOG_WARN("add dependency object failed", "package_id", schema_routine_info->get_package_id(), K(ret)); LOG_WARN("add dependency object failed", "package_id", schema_routine_info->get_package_id(), K(ret));

2
src/sql/resolver/cmd/ob_call_procedure_resolver.cpp
View File

@ -335,7 +335,7 @@ int ObCallProcedureResolver::resolve(const ParseNode &parse_tree)
if (OB_SUCC(ret)) { if (OB_SUCC(ret)) {
ObSchemaObjVersion obj_version; ObSchemaObjVersion obj_version;
obj_version.object_id_ = proc_info->get_routine_id(); obj_version.object_id_ = proc_info->get_routine_id();
obj_version.object_type_ = DEPENDENCY_PROCEDURE; obj_version.object_type_ = proc_info->is_procedure() ? DEPENDENCY_PROCEDURE : DEPENDENCY_FUNCTION;
obj_version.version_ = proc_info->get_schema_version(); obj_version.version_ = proc_info->get_schema_version();
OZ (stmt->add_global_dependency_table(obj_version)); OZ (stmt->add_global_dependency_table(obj_version));
} }