hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

init push

Browse Source
This commit is contained in:
oceanbase-admin
2021-05-31 22:56:52 +08:00
commit cea7de1475
7020 changed files with 5689869 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

779
src/rootserver/ob_ddl_sql_generator.cpp Normal file
View File

@ -0,0 +1,779 @@
/**
* Copyright (c) 2021 OceanBase
* OceanBase CE is licensed under Mulan PubL v2.
* You can use this software according to the terms and conditions of the Mulan PubL v2.
* You may obtain a copy of Mulan PubL v2 at:
* http://license.coscl.org.cn/MulanPubL-2.0
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PubL v2 for more details.
*/
#define USING_LOG_PREFIX RS
#include "rootserver/ob_ddl_sql_generator.h"
#include "lib/string/ob_sql_string.h"
#include "share/schema/ob_schema_struct.h"
#include "share/ob_rpc_struct.h"
#include "share/ob_priv_common.h"
namespace oceanbase {
using namespace common;
using namespace share::schema;
using namespace obrpc;
namespace rootserver {
static const char* IF_NOT_EXIST = "if not exists";
int ObDDLSqlGenerator::get_priv_name(const int64_t priv, const char*& name)
{
int ret = OB_SUCCESS;
name = NULL;
switch (priv) {
case 0:
name = "USAGE";
break; // usage means no privilege
case OB_PRIV_ALTER:
name = "ALTER";
break;
case OB_PRIV_CREATE:
name = "CREATE";
break;
case OB_PRIV_CREATE_USER:
name = "CREATE USER";
break;
case OB_PRIV_DELETE:
name = "DELETE";
break;
case OB_PRIV_DROP:
name = "DROP";
break;
case OB_PRIV_GRANT:
name = "GRANT OPTION";
break;
case OB_PRIV_INSERT:
name = "INSERT";
break;
case OB_PRIV_UPDATE:
name = "UPDATE";
break;
case OB_PRIV_SELECT:
name = "SELECT";
break;
case OB_PRIV_INDEX:
name = "INDEX";
break;
case OB_PRIV_CREATE_VIEW:
name = "CREATE VIEW";
break;
case OB_PRIV_SHOW_VIEW:
name = "SHOW VIEW";
break;
case OB_PRIV_SHOW_DB:
name = "SHOW DATABASES";
break;
case OB_PRIV_SUPER:
name = "SUPER";
break;
case OB_PRIV_PROCESS:
name = "PROCESS";
break;
case OB_PRIV_BOOTSTRAP:
name = "BOOSTRAP";
break;
case OB_PRIV_CREATE_SYNONYM:
name = "CREATE SYNONYM";
break;
case OB_PRIV_AUDIT:
name = "AUDIT";
break;
case OB_PRIV_COMMENT:
name = "COMMENT";
break;
case OB_PRIV_LOCK:
name = "LOCK";
break;
case OB_PRIV_RENAME:
name = "RENAME";
break;
case OB_PRIV_REFERENCES:
name = "REFERENCES";
break;
case OB_PRIV_EXECUTE:
name = "EXECUTE";
break;
case OB_PRIV_FLASHBACK:
name = "FLASHBACK";
break;
case OB_PRIV_READ:
name = "READ";
break;
case OB_PRIV_WRITE:
name = "WRITE";
break;
case OB_PRIV_FILE:
name = "FILE";
break;
case OB_PRIV_ALTER_TENANT:
name = "ALTER TENANT";
break;
case OB_PRIV_ALTER_SYSTEM:
name = "ALTER SYSTEM";
break;
case OB_PRIV_CREATE_RESOURCE_POOL:
name = "CREATE RESOURCE POOL";
break;
case OB_PRIV_CREATE_RESOURCE_UNIT:
name = "CREATE RESOURCE UNIT";
break;
default: {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("invalid priv", K(ret), K(priv));
}
}
return ret;
}
int ObDDLSqlGenerator::gen_create_user_sql(
const ObAccountArg& account, const ObString& password, ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
sql_string.reset();
if (OB_UNLIKELY(!account.is_valid())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("user_name is empty", K(account), K(password), K(ret));
} else {
if (account.is_role_) {
static const char* const CREATE_ROLE_SQL = "CREATE ROLE \"%.*s\"";
if (OB_FAIL(sql_string.append_fmt(CREATE_ROLE_SQL, account.user_name_.length(), account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(account), K(ret));
}
} else {
char CREATE_USER_SQL[] = "CREATE USER %s `%.*s`";
char NEW_CREATE_USER_SQL[] = "CREATE USER %s `%.*s`@`%.*s`";
if (0 == account.host_name_.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(CREATE_USER_SQL),
share::is_oracle_mode() ? "" : IF_NOT_EXIST,
account.user_name_.length(),
account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(account), K(password), K(ret));
}
} else {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(NEW_CREATE_USER_SQL),
share::is_oracle_mode() ? "" : IF_NOT_EXIST,
account.user_name_.length(),
account.user_name_.ptr(),
account.host_name_.length(),
account.host_name_.ptr()))) {
LOG_WARN("append sql failed", K(account), K(password), K(ret));
}
}
}
}
// mysql mode password not null
if (OB_SUCC(ret) && !share::is_oracle_mode() && !password.empty()) {
if (OB_FAIL(sql_string.append_fmt(" IDENTIFIED BY PASSWORD '%.*s'", password.length(), password.ptr()))) {
LOG_WARN("append sql failed", K(password), K(ret), K(account));
}
} else if (OB_SUCC(ret) && share::is_oracle_mode() && !password.empty() && !account.is_role_) {
// oracle mode password not null
if (OB_FAIL(sql_string.append_fmt(" IDENTIFIED BY VALUES \"%.*s\"", password.length(), password.ptr()))) {
LOG_WARN("append sql failed", K(password), K(ret), K(account));
}
} else if (OB_SUCC(ret) && share::is_oracle_mode() && password.empty() && !account.is_role_) {
// oracle mode password is null
if (OB_FAIL(sql_string.append(" IDENTIFIED BY \"\""))) {
LOG_WARN("append sql failed", K(ret), K(account));
}
}
return ret;
}
int ObDDLSqlGenerator::append_ssl_info_sql(const ObSSLType& ssl_type, const common::ObString& ssl_cipher,
const common::ObString& x509_issuer, const common::ObString& x509_subject, common::ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
static const char* const APPEND_SSL_INFO_SQL = " REQUIRE USER if not exists `%.*s`";
switch (ssl_type) {
case ObSSLType::SSL_TYPE_NOT_SPECIFIED: {
// do nothings
break;
}
case ObSSLType::SSL_TYPE_NONE: {
if (OB_FAIL(sql_string.append_fmt(" REQUIRE NONE "))) {
OB_LOG(WARN, "fail to append ssl info", K(ret));
}
break;
}
case ObSSLType::SSL_TYPE_ANY: {
if (OB_FAIL(sql_string.append_fmt(" REQUIRE SSL "))) {
OB_LOG(WARN, "fail to append ssl info", K(ret));
}
break;
}
case ObSSLType::SSL_TYPE_X509: {
if (OB_FAIL(sql_string.append_fmt(" REQUIRE X509 "))) {
OB_LOG(WARN, "fail to append ssl info", K(ret));
}
break;
}
case ObSSLType::SSL_TYPE_SPECIFIED: {
if (OB_FAIL(sql_string.append_fmt(" REQUIRE "))) {
OB_LOG(WARN, "fail to append ssl info", K(ret));
} else if (!ssl_cipher.empty() &&
OB_FAIL(sql_string.append_fmt("CIPHER '%.*s' ", ssl_cipher.length(), ssl_cipher.ptr()))) {
OB_LOG(WARN, "fail to append ssl info", K(ret));
} else if (!x509_issuer.empty() &&
OB_FAIL(sql_string.append_fmt("ISSUER '%.*s' ", x509_issuer.length(), x509_issuer.ptr()))) {
OB_LOG(WARN, "fail to append ssl info", K(ret));
} else if (!x509_subject.empty() &&
OB_FAIL(sql_string.append_fmt("SUBJECT '%.*s' ", x509_subject.length(), x509_subject.ptr()))) {
OB_LOG(WARN, "fail to append ssl info", K(ret));
}
break;
}
default: {
ret = OB_ERR_UNEXPECTED;
OB_LOG(WARN, "unknown ssl type", K(ssl_type), K(ret));
}
}
return ret;
}
int ObDDLSqlGenerator::gen_set_passwd_sql(
const ObAccountArg& account, const ObString& password, ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
char SET_PASSWD_SQL[] = "SET PASSWORD FOR `%.*s` = '%.*s'";
char NEW_SET_PASSWD_SQL[] = "SET PASSWORD FOR `%.*s`@`%.*s` = '%.*s'";
if (OB_UNLIKELY(!account.is_valid())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("username or password should not be null", K(account), K(password), K(ret));
} else {
if (0 == account.host_name_.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(SET_PASSWD_SQL),
account.user_name_.length(),
account.user_name_.ptr(),
password.length(),
password.ptr()))) {
LOG_WARN("append sql failed", K(account), K(password), K(ret));
}
} else {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(NEW_SET_PASSWD_SQL),
account.user_name_.length(),
account.user_name_.ptr(),
account.host_name_.length(),
account.host_name_.ptr(),
password.length(),
password.ptr()))) {
LOG_WARN("append sql failed", K(account), K(password), K(ret));
}
}
}
return ret;
}
int ObDDLSqlGenerator::gen_alter_user_require_sql(
const obrpc::ObAccountArg& account, const obrpc::ObSetPasswdArg& arg, common::ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
const share::schema::ObSSLType ssl_type = arg.ssl_type_;
const common::ObString& ssl_cipher = arg.ssl_cipher_;
const common::ObString& x509_issuer = arg.x509_issuer_;
const common::ObString& x509_subject = arg.x509_subject_;
static const char* const SET_SSL_SQL = "ALTER USER `%.*s`@`%.*s` ";
if (OB_UNLIKELY(!account.is_valid()) || OB_UNLIKELY(ObSSLType::SSL_TYPE_NOT_SPECIFIED == ssl_type)) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("username or ssl_type is invalid", K(account), K(ssl_type), K(ret));
} else {
if (OB_FAIL(sql_string.append_fmt(SET_SSL_SQL,
account.user_name_.length(),
account.user_name_.ptr(),
account.host_name_.length(),
account.host_name_.ptr()))) {
LOG_WARN("append sql failed", K(account), K(ret));
} else if (OB_FAIL(append_ssl_info_sql(ssl_type, ssl_cipher, x509_issuer, x509_subject, sql_string))) {
LOG_WARN("append sql failed", K(ssl_type), K(ret));
}
}
return ret;
}
int ObDDLSqlGenerator::gen_drop_user_sql(const ObAccountArg& account, ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
sql_string.reset();
if (OB_UNLIKELY(!account.is_valid())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("user_name should not be null", K(account));
} else {
if (account.is_role_) {
static const char* const DROP_USER_SQL = "DROP ROLE \"%.*s\"";
if (OB_FAIL(sql_string.append_fmt(DROP_USER_SQL, account.user_name_.length(), account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(account), K(ret));
}
} else {
char DROP_USER_SQL[] = "DROP USER `%.*s`";
char NEW_DROP_USER_SQL[] = "DROP USER `%.*s`@`%.*s`";
if (0 == account.host_name_.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_FAIL(sql_string.append_fmt(
adjust_ddl_format_str(DROP_USER_SQL), account.user_name_.length(), account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(account), K(ret));
}
} else {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(NEW_DROP_USER_SQL),
account.user_name_.length(),
account.user_name_.ptr(),
account.host_name_.length(),
account.host_name_.ptr()))) {
LOG_WARN("append sql failed", K(account), K(ret));
}
}
}
if (OB_SUCC(ret) && share::is_oracle_mode() && !account.is_role_) {
if (OB_FAIL(sql_string.append_fmt(" CASCADE"))) {
LOG_WARN("append sql failed", K(ret), K(account));
}
}
}
return ret;
}
int ObDDLSqlGenerator::gen_lock_user_sql(const obrpc::ObAccountArg& account, const bool locked, ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
char LOCK_USER_SQL[] = "ALTER USER `%.*s` ACCOUNT LOCK";
char UNLOCK_USER_SQL[] = "ALTER USER `%.*s` ACCOUNT UNLOCK";
char NEW_LOCK_USER_SQL[] = "ALTER USER `%.*s`@`%.*s` ACCOUNT LOCK";
char NEW_UNLOCK_USER_SQL[] = "ALTER USER `%.*s`@`%.*s` ACCOUNT UNLOCK";
if (OB_UNLIKELY(!account.is_valid())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("user_namae is empty", K(ret), K(account));
} else {
if (0 == account.host_name_.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(locked ? LOCK_USER_SQL : UNLOCK_USER_SQL),
account.user_name_.length(),
account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(account), K(ret), K(locked));
}
} else {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(locked ? NEW_LOCK_USER_SQL : NEW_UNLOCK_USER_SQL),
account.user_name_.length(),
account.user_name_.ptr(),
account.host_name_.length(),
account.host_name_.ptr()))) {
LOG_WARN("append sql failed", K(account), K(ret), K(locked));
}
}
}
return ret;
}
int ObDDLSqlGenerator::gen_rename_user_sql(
const ObAccountArg& old_account, const ObAccountArg& new_account, ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
char RENAME_USER_SQL[] = "RENAME USER `%.*s` to `%.*s`";
char NEW_RENAME_USER_SQL[] = "RENAME USER `%.*s`@`%.*s` to `%.*s`@`%.*s`";
if (OB_UNLIKELY(!old_account.is_valid()) || OB_UNLIKELY(!new_account.is_valid())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("old_account or new_account should not be null", K(old_account));
} else {
if (0 == old_account.host_name_.compare(OB_DEFAULT_HOST_NAME) &&
0 == new_account.host_name_.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(RENAME_USER_SQL),
old_account.user_name_.length(),
old_account.user_name_.ptr(),
new_account.user_name_.length(),
new_account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(old_account), K(new_account), K(ret));
}
} else {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(NEW_RENAME_USER_SQL),
old_account.user_name_.length(),
old_account.user_name_.ptr(),
old_account.host_name_.length(),
old_account.host_name_.ptr(),
new_account.user_name_.length(),
new_account.user_name_.ptr(),
new_account.host_name_.length(),
new_account.host_name_.ptr()))) {
LOG_WARN("append sql failed", K(old_account), K(new_account), K(ret));
}
}
}
return ret;
}
int ObDDLSqlGenerator::priv_to_name(const ObPrivSet priv, ObSqlString& priv_str)
{
int ret = OB_SUCCESS;
priv_str.reset();
if (priv == 0) {
// no privilege
const char* priv_name = NULL;
if (OB_FAIL(get_priv_name(priv, priv_name))) {
LOG_WARN("get priv name failed", K(priv), K(ret));
} else if (OB_ISNULL(priv_name)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("priv_name should not be null", K(ret), K(priv));
} else if (OB_FAIL(priv_str.append(priv_name))) {
LOG_WARN("append priv name failed", K(priv), K(priv_name), K(ret));
}
} else {
for (int i = OB_PRIV_SHIFT::OB_PRIV_INVALID_SHIFT + 1;
OB_SUCC(ret) && i < OB_PRIV_SHIFT::OB_PRIV_MAX_SHIFT_PLUS_ONE;
++i) {
if (OB_PRIV_HAS_ANY(priv, OB_PRIV_GET_TYPE(i))) {
const char* priv_name = NULL;
if (OB_FAIL(get_priv_name(OB_PRIV_GET_TYPE(i), priv_name))) {
LOG_WARN("get priv name failed", K(i), K(ret));
} else if (OB_ISNULL(priv_name)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("priv_name should not be null", K(ret), K(i));
} else {
if (priv_str.empty()) {
if (OB_FAIL(priv_str.append(priv_name))) {
LOG_WARN("append priv name failed", K(ret), K(i));
}
} else if (OB_FAIL(priv_str.append_fmt(", %s", priv_name))) {
LOG_WARN("append priv name failed", K(ret));
}
}
}
}
}
return ret;
}
const char* ObDDLSqlGenerator::ora_obj_priv_names[] = {
#define OB_OBJ_PRIV_TYPE_DEF(priv_id, priv_name) priv_name,
#include "share/schema/ob_obj_priv_type.h"
#undef OB_OBJ_PRIV_TYPE_DEF
};
int ObDDLSqlGenerator::raw_privs_to_name_ora(const share::ObRawObjPrivArray& obj_priv_array, ObSqlString& priv_str)
{
int ret = OB_SUCCESS;
share::ObRawObjPriv priv_id;
priv_str.reset();
for (int i = 0; OB_SUCC(ret) && i < obj_priv_array.count(); i++) {
priv_id = obj_priv_array.at(i);
if (i > 0) {
OZ(priv_str.append(", "));
}
OZ(priv_str.append(ora_obj_priv_names[priv_id]));
}
return ret;
}
int ObDDLSqlGenerator::gen_table_priv_sql(
const obrpc::ObAccountArg& account, const ObNeedPriv& need_priv, const bool is_grant, ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
char GRANT_TABLE_SQL[] = "GRANT %s ON `%.*s`.`%.*s` TO `%.*s`";
char REVOKE_TABLE_SQL[] = "REVOKE %s ON `%.*s`.`%.*s` FROM `%.*s`";
char NEW_GRANT_TABLE_SQL[] = "GRANT %s ON `%.*s`.`%.*s` TO `%.*s`@`%.*s`";
char NEW_REVOKE_TABLE_SQL[] = "REVOKE %s ON `%.*s`.`%.*s` FROM `%.*s`@`%.*s`";
ObSqlString priv_string;
if (OB_UNLIKELY(need_priv.db_.empty()) || OB_UNLIKELY(need_priv.table_.empty()) || OB_UNLIKELY(!account.is_valid())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("db or table or user_name is empty", K(need_priv), K(account), K(ret));
} else if (need_priv.priv_level_ != OB_PRIV_TABLE_LEVEL) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("priv level is invalid", K(need_priv), K(ret));
} else if (need_priv.priv_set_ & (~(OB_PRIV_TABLE_ACC | OB_PRIV_GRANT))) {
ret = OB_ILLEGAL_GRANT_FOR_TABLE;
LOG_WARN("Grant/Revoke privilege than can not be used", "priv_type", ObPrintPrivSet(need_priv.priv_set_), K(ret));
} else if ((need_priv.priv_set_ & OB_PRIV_TABLE_ACC) == OB_PRIV_TABLE_ACC) {
if (OB_FAIL(priv_string.append("ALL PRIVILEGES"))) {
LOG_WARN("append sql failed", K(ret));
} else if (!is_grant) {
if ((need_priv.priv_set_ & OB_PRIV_GRANT)) {
if (OB_FAIL(priv_string.append(", GRANT OPTION"))) {
LOG_WARN("append sql failed", K(ret));
}
}
}
} else if (OB_FAIL(priv_to_name(need_priv.priv_set_, priv_string))) {
LOG_WARN("get priv to name failed", K(ret));
}
if (OB_SUCC(ret)) {
if (0 == account.host_name_.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(is_grant ? GRANT_TABLE_SQL : REVOKE_TABLE_SQL),
priv_string.string().ptr(),
need_priv.db_.length(),
need_priv.db_.ptr(),
need_priv.table_.length(),
need_priv.table_.ptr(),
account.user_name_.length(),
account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(ret));
}
} else {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(is_grant ? NEW_GRANT_TABLE_SQL : NEW_REVOKE_TABLE_SQL),
priv_string.string().ptr(),
need_priv.db_.length(),
need_priv.db_.ptr(),
need_priv.table_.length(),
need_priv.table_.ptr(),
account.user_name_.length(),
account.user_name_.ptr(),
account.host_name_.length(),
account.host_name_.ptr()))) {
LOG_WARN("append sql failed", K(ret));
}
}
}
if (OB_SUCC(ret) && is_grant) {
if (need_priv.priv_set_ & OB_PRIV_GRANT) {
if (OB_FAIL(sql_string.append(" WITH GRANT OPTION"))) {
LOG_WARN("append sql failed", K(ret));
}
}
}
LOG_DEBUG(
"gen table priv sql", K(sql_string.string()), K(priv_string.string()), K(need_priv), K(is_grant), K(account));
return ret;
}
int ObDDLSqlGenerator::gen_table_priv_sql_ora(const obrpc::ObAccountArg& account,
const ObTablePrivSortKey& table_priv_key, const bool revoke_all_flag,
const share::ObRawObjPrivArray& obj_priv_array, const bool is_grant, ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
char GRANT_TABLE_SQL[] = "GRANT %s ON \"%.*s\".\"%.*s\" TO \"%.*s\"";
char REVOKE_TABLE_SQL[] = "REVOKE %s ON \"%.*s\".\"%.*s\" FROM \"%.*s\"";
char NEW_GRANT_TABLE_SQL[] = "GRANT %s ON \"%.*s\".\"%.*s\" TO \"%.*s\"@\"%.*s\"";
char NEW_REVOKE_TABLE_SQL[] = "REVOKE %s ON \"%.*s\".\"%.*s\" FROM \"%.*s\"@\"%.*s\"";
ObSqlString priv_string;
if (OB_UNLIKELY(table_priv_key.db_.empty()) || OB_UNLIKELY(table_priv_key.table_.empty()) ||
OB_UNLIKELY(!account.is_valid())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("db or table or user_name is empty", K(table_priv_key), K(account), K(ret));
} else if (true == revoke_all_flag) {
if (OB_FAIL(priv_string.append("ALL PRIVILEGES"))) {
LOG_WARN("append sql failed", K(ret));
}
} else if (OB_FAIL(raw_privs_to_name_ora(obj_priv_array, priv_string))) {
LOG_WARN("get priv to name failed", K(ret));
}
if (OB_SUCC(ret)) {
if (0 == account.host_name_.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(is_grant ? GRANT_TABLE_SQL : REVOKE_TABLE_SQL),
priv_string.string().ptr(),
table_priv_key.db_.length(),
table_priv_key.db_.ptr(),
table_priv_key.table_.length(),
table_priv_key.table_.ptr(),
account.user_name_.length(),
account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(ret));
}
} else {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(is_grant ? NEW_GRANT_TABLE_SQL : NEW_REVOKE_TABLE_SQL),
priv_string.string().ptr(),
table_priv_key.db_.length(),
table_priv_key.db_.ptr(),
table_priv_key.table_.length(),
table_priv_key.table_.ptr(),
account.user_name_.length(),
account.user_name_.ptr(),
account.host_name_.length(),
account.host_name_.ptr()))) {
LOG_WARN("append sql failed", K(ret));
}
}
}
LOG_DEBUG("gen table priv sql",
K(sql_string.string()),
K(priv_string.string()),
K(revoke_all_flag),
K(obj_priv_array),
K(account));
return ret;
}
int ObDDLSqlGenerator::gen_db_priv_sql(
const obrpc::ObAccountArg& account, const ObNeedPriv& need_priv, const bool is_grant, ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
char GRANT_DB_SQL[] = "GRANT %s ON `%.*s`.* TO `%.*s`";
char REVOKE_DB_SQL[] = "REVOKE %s ON `%.*s`.* FROM `%.*s`";
char NEW_GRANT_DB_SQL[] = "GRANT %s ON `%.*s`.* TO `%.*s`@`%.*s`";
char NEW_REVOKE_DB_SQL[] = "REVOKE %s ON `%.*s`.* FROM `%.*s`@`%.*s`";
ObSqlString priv_string;
if (OB_UNLIKELY(need_priv.db_.empty()) || OB_UNLIKELY(!account.is_valid())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("db or user_name is empty", K(ret), K(need_priv), K(account));
} else if (need_priv.priv_level_ != OB_PRIV_DB_LEVEL) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("priv level is invalid", K(need_priv), K(ret));
} else if (need_priv.priv_set_ & (~(OB_PRIV_DB_ACC | OB_PRIV_GRANT))) {
ret = OB_ILLEGAL_GRANT_FOR_TABLE;
LOG_WARN("Grant/Revoke privilege than can not be used", "priv_type", ObPrintPrivSet(need_priv.priv_set_), K(ret));
} else if ((need_priv.priv_set_ & OB_PRIV_DB_ACC) == OB_PRIV_DB_ACC) {
if (OB_FAIL(priv_string.append("ALL PRIVILEGES"))) {
LOG_WARN("append sql failed", K(ret));
} else if (!is_grant) {
if ((need_priv.priv_set_ & OB_PRIV_GRANT)) {
if (OB_FAIL(priv_string.append(", GRANT OPTION"))) {
LOG_WARN("append sql failed", K(ret));
}
}
}
} else if (OB_FAIL(priv_to_name(need_priv.priv_set_, priv_string))) {
LOG_WARN("get priv to name failed", K(ret));
}
if (OB_SUCC(ret)) {
if (0 == account.host_name_.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(is_grant ? GRANT_DB_SQL : REVOKE_DB_SQL),
priv_string.string().ptr(),
need_priv.db_.length(),
need_priv.db_.ptr(),
account.user_name_.length(),
account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(ret));
}
} else {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(is_grant ? NEW_GRANT_DB_SQL : NEW_REVOKE_DB_SQL),
priv_string.string().ptr(),
need_priv.db_.length(),
need_priv.db_.ptr(),
account.user_name_.length(),
account.user_name_.ptr(),
account.host_name_.length(),
account.host_name_.ptr()))) {
LOG_WARN("append sql failed", K(ret));
}
}
}
if (OB_SUCC(ret) && is_grant) {
if (need_priv.priv_set_ & OB_PRIV_GRANT) {
if (OB_FAIL(sql_string.append(" WITH GRANT OPTION"))) {
LOG_WARN("append sql failed", K(ret));
}
}
}
LOG_INFO("mingyin gen db priv sql", K(sql_string.string()), K(is_grant), K(need_priv));
return ret;
}
int ObDDLSqlGenerator::gen_revoke_all_sql(const obrpc::ObAccountArg& account, ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
char REVOKE_ALL_SQL[] = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM `%.*s`";
char NEW_REVOKE_ALL_SQL[] = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM `%.*s`@`%.*s`";
if (OB_UNLIKELY(!account.is_valid())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("account is empty", K(ret), K(account));
} else {
if (0 == account.host_name_.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_FAIL(sql_string.append_fmt(
adjust_ddl_format_str(REVOKE_ALL_SQL), account.user_name_.length(), account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(ret));
}
} else {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(NEW_REVOKE_ALL_SQL),
account.user_name_.length(),
account.user_name_.ptr(),
account.host_name_.length(),
account.host_name_.ptr()))) {
LOG_WARN("append sql failed", K(ret));
}
}
LOG_DEBUG("gen revoke sql finished", K(account), K(sql_string.string()), K(ret));
}
return ret;
}
int ObDDLSqlGenerator::gen_user_priv_sql(
const obrpc::ObAccountArg& account, const ObNeedPriv& need_priv, const bool is_grant, ObSqlString& sql_string)
{
int ret = OB_SUCCESS;
char GRANT_USER_SQL[] = "GRANT %s ON *.* TO `%.*s`";
char REVOKE_USER_SQL[] = "REVOKE %s ON *.* FROM `%.*s`";
char NEW_GRANT_USER_SQL[] = "GRANT %s ON *.* TO `%.*s`@`%.*s`";
char NEW_REVOKE_USER_SQL[] = "REVOKE %s ON *.* FROM `%.*s`@`%.*s`";
ObSqlString priv_string;
if (OB_UNLIKELY(!account.is_valid())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("account is empty", K(ret), K(account));
} else if (need_priv.priv_level_ != OB_PRIV_USER_LEVEL) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("priv level is invalid", K(need_priv), K(ret));
} else if (need_priv.priv_set_ & OB_PRIV_BOOTSTRAP) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("bootstrap priv is not allowed to grant", K(ret));
} else if ((need_priv.priv_set_ & OB_PRIV_ALL) == OB_PRIV_ALL) { // super set of OB_PRIV_ALL
if (OB_FAIL(priv_string.append("ALL PRIVILEGES"))) {
LOG_WARN("append sql failed", K(ret));
// } else if (!is_grant) {//revoke
// revoke all privilege, grant option on *.* from xxx;
// if (need_priv.priv_set_ & OB_PRIV_GRANT) {
// if (OB_FAIL(priv_string.append(", GRANT OPTION"))) {
// LOG_WARN("append sql failed", K(ret));
// }
// }
}
} else if (OB_FAIL(priv_to_name(need_priv.priv_set_, priv_string))) {
LOG_WARN("get priv to name failed", K(ret));
}
if (OB_SUCC(ret)) {
if (0 == account.host_name_.compare(OB_DEFAULT_HOST_NAME)) {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(is_grant ? GRANT_USER_SQL : REVOKE_USER_SQL),
priv_string.string().ptr(),
account.user_name_.length(),
account.user_name_.ptr()))) {
LOG_WARN("append sql failed", K(ret));
}
} else {
if (OB_FAIL(sql_string.append_fmt(adjust_ddl_format_str(is_grant ? NEW_GRANT_USER_SQL : NEW_REVOKE_USER_SQL),
priv_string.string().ptr(),
account.user_name_.length(),
account.user_name_.ptr(),
account.host_name_.length(),
account.host_name_.ptr()))) {
LOG_WARN("append sql failed", K(ret));
}
}
}
if (OB_SUCC(ret) && is_grant) {
if (need_priv.priv_set_ & OB_PRIV_GRANT) {
// grant all on xx.* to user with grant option
if (OB_FAIL(sql_string.append(" WITH GRANT OPTION"))) {
LOG_WARN("append sql failed", K(ret));
}
}
}
LOG_DEBUG("gen user priv sql", K(sql_string.string()), K(priv_string.string()), K(need_priv), K(is_grant), K(ret));
return ret;
}
char* ObDDLSqlGenerator::adjust_ddl_format_str(char* ori_format_str)
{
if (OB_ISNULL(ori_format_str)) {
// do nothing
} else if (share::is_oracle_mode()) {
for (int i = 0; i < strlen(ori_format_str); ++i) {
if (*(ori_format_str + i) == '`') {
*(ori_format_str + i) = '"';
}
}
} else {
// do nothing
}
return ori_format_str;
}
} // end of namespace rootserver
} // end of namespace oceanbase