hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix bugs on checking privileges of show statement

Browse Source
This commit is contained in:
obdev
2022-11-02 17:38:12 +00:00
committed by wangzelin.wzl
parent c8de32d7f2
commit d0563e8dba
5 changed files with 307 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
src/share/schema/ob_schema_getter_guard.cpp
View File

@ -3332,8 +3332,131 @@ int ObSchemaGetterGuard::check_priv(const ObSessionPrivInfo &session_priv,
return ret;
}
int ObSchemaGetterGuard::check_priv_db_or_(const ObSessionPrivInfo &session_priv,
const ObNeedPriv &need_priv,
const ObPrivMgr &priv_mgr,
const uint64_t tenant_id,
const uint64_t user_id,
bool& pass) {
int ret = OB_SUCCESS;
int64_t total_db_priv_set_role = 0;
ObString db = need_priv.db_;
ObPrivSet db_priv_set = 0;
if (session_priv.db_.length() != 0 && (session_priv.db_ == db || 0 == db.length())) {
db_priv_set = session_priv.db_priv_set_;
} else {
ObOriginalDBKey db_priv_key(tenant_id, user_id, db);
if (OB_FAIL(priv_mgr.get_db_priv_set(db_priv_key, db_priv_set))) {
LOG_WARN("get db priv set failed", K(db_priv_key), KR(ret));
}
}
/* load role db privs */
if (OB_SUCC(ret)) {
const ObUserInfo *user_info = NULL;
//bool is_grant_role = false;
if (OB_FAIL(get_user_info(tenant_id, user_id, user_info))) {
LOG_WARN("failed to get user info", KR(ret), K(tenant_id), K(user_id));
} else if (OB_ISNULL(user_info)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("user info is null", KR(ret), K(tenant_id), K(user_id));
} else {
const ObIArray<uint64_t> &role_id_array = user_info->get_role_id_array();
for (int64_t i = 0; OB_SUCC(ret) && i < role_id_array.count(); ++i) {
const ObUserInfo *role_info = NULL;
if (OB_FAIL(get_user_info(tenant_id, role_id_array.at(i), role_info))) {
LOG_WARN("failed to get role ids", KR(ret), K(tenant_id), K(role_id_array.at(i)));
} else if (OB_ISNULL(role_info)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("role info is null", KR(ret), K(role_id_array.at(i)));
} else {
ObPrivSet db_priv_set_role = OB_PRIV_SET_EMPTY;
ObOriginalDBKey db_priv_key_role(tenant_id, role_info->get_user_id(), db);
if (OB_FAIL(priv_mgr.get_db_priv_set(db_priv_key_role, db_priv_set_role))) {
LOG_WARN("get db priv set failed", KR(ret), K(db_priv_key_role));
} else {
db_priv_set |= db_priv_set_role;
}
}
}
}
}
if (OB_SUCC(ret)) {
pass = OB_PRIV_HAS_ANY(db_priv_set, need_priv.priv_set_);
}
return ret;
}
int ObSchemaGetterGuard::check_priv_table_or_(const ObNeedPriv &need_priv,
const ObPrivMgr &priv_mgr,
const uint64_t tenant_id,
const uint64_t user_id,
bool& pass) {
int ret = OB_SUCCESS;
//1. fetch table priv
const ObTablePriv *table_priv = NULL;
ObPrivSet table_priv_set = 0;
ObTablePrivSortKey table_priv_key(tenant_id,
user_id,
need_priv.db_,
need_priv.table_);
if (OB_FAIL(priv_mgr.get_table_priv(table_priv_key, table_priv))) {
LOG_WARN("get table priv failed", KR(ret), K(table_priv_key));
} else if (OB_ISNULL(table_priv)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("table priv is null", KR(ret), K(table_priv_key));
} else {
table_priv_set = table_priv->get_priv_set();
}
if (OB_SUCC(ret)) {
//2. fetch roles privs
const ObUserInfo *user_info = NULL;
if (OB_FAIL(get_user_info(tenant_id, user_id, user_info))) {
LOG_WARN("failed to get user info", KR(ret), K(tenant_id), K(user_id));
} else if (OB_ISNULL(user_info)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("user info is null", KR(ret), K(tenant_id), K(user_id));
} else {
const ObIArray<uint64_t> &role_id_array = user_info->get_role_id_array();
for (int64_t i = 0; OB_SUCC(ret) && i < role_id_array.count(); ++i) {
const ObUserInfo *role_info = NULL;
const ObTablePriv *role_table_priv = NULL;
if (OB_FAIL(get_user_info(tenant_id, role_id_array.at(i), role_info))) {
LOG_WARN("failed to get role ids", KR(ret), K(tenant_id), K(role_id_array.at(i)));
} else if (OB_ISNULL(role_info)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("role info is null", KR(ret), K(role_id_array.at(i)));
} else {
ObTablePrivSortKey role_table_priv_key(tenant_id,
role_info->get_user_id(),
need_priv.db_,
need_priv.table_);
if (OB_FAIL(priv_mgr.get_table_priv(role_table_priv_key, role_table_priv))) {
LOG_WARN("get table priv failed", KR(ret), K(role_table_priv_key) );
} else if (OB_ISNULL(role_table_priv)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("role table priv is null", KR(ret), K(role_table_priv_key));
} else {
table_priv_set |= role_table_priv->get_priv_set();
}
}
}
}
}
//3. check privs
if (OB_SUCC(ret)) {
pass = OB_PRIV_HAS_ANY(table_priv_set, need_priv.priv_set_);
}
return ret;
}
int ObSchemaGetterGuard::check_priv_or(const ObSessionPrivInfo &session_priv,
const ObStmtNeedPrivs &stmt_need_privs)
const ObStmtNeedPrivs &stmt_need_privs)
{
int ret = OB_SUCCESS;
@ -3341,13 +3464,18 @@ int ObSchemaGetterGuard::check_priv_or(const ObSessionPrivInfo &session_priv,
bool pass = false;
ObPrivLevel max_priv_level = OB_PRIV_INVALID_LEVEL;
uint64_t tenant_id = session_priv.tenant_id_;
uint64_t user_id = session_priv.user_id_;
const ObSchemaMgr *mgr = NULL;
if (OB_FAIL(check_tenant_schema_guard(tenant_id))) {
LOG_WARN("fail to check tenant schema guard", KR(ret), K(tenant_id), K_(tenant_id));
} else if (OB_FAIL(check_lazy_guard(tenant_id, mgr))) {
LOG_WARN("fail to check lazy guard", KR(ret), K(tenant_id));
} else if (OB_ISNULL(mgr)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("mgr is NULL", KR(ret), K(tenant_id));
} else if (session_priv.is_valid()) {
for (int64_t i = 0; !pass && OB_SUCCESS == ret && i < need_privs.count(); ++i) {
const ObPrivMgr &priv_mgr = mgr->priv_mgr_;
for (int64_t i = 0; !pass && OB_SUCC(ret) && i < need_privs.count(); ++i) {
const ObNeedPriv &need_priv = need_privs.at(i);
if (need_priv.priv_level_ > max_priv_level) {
max_priv_level = need_priv.priv_level_;
@ -3358,20 +3486,14 @@ int ObSchemaGetterGuard::check_priv_or(const ObSessionPrivInfo &session_priv,
break;
}
case OB_PRIV_DB_LEVEL: {
pass = OB_PRIV_HAS_ANY(session_priv.db_priv_set_, need_priv.priv_set_);
if (OB_FAIL(check_priv_db_or_(session_priv, need_priv, priv_mgr, tenant_id, user_id, pass))) {
LOG_WARN("fail to check priv db only", KR(ret), K(tenant_id), K(user_id), K(need_priv.db_));
}
break;
}
case OB_PRIV_TABLE_LEVEL: {
const ObPrivMgr &priv_mgr = mgr->priv_mgr_;
const ObTablePriv *table_priv = NULL;
ObTablePrivSortKey table_priv_key(session_priv.tenant_id_,
session_priv.user_id_,
need_priv.db_,
need_priv.table_);
if (OB_FAIL(priv_mgr.get_table_priv(table_priv_key, table_priv))) {
LOG_WARN("get table priv failed", KR(ret), K(table_priv_key));
} else if (NULL != table_priv) {
pass = OB_PRIV_HAS_ANY(table_priv->get_priv_set(), need_priv.priv_set_);
if (OB_FAIL(check_priv_table_or_(need_priv, priv_mgr, tenant_id, user_id, pass))) {
LOG_WARN("fail to check priv table only", KR(ret), K(tenant_id), K(user_id), K(need_priv.db_), K(need_priv.table_));
}
break;
}

13
src/share/schema/ob_schema_getter_guard.h
View File

@ -48,6 +48,7 @@ class ObColumnSchemaV2;
class ObDBPriv;
class ObDatabaseSchema;
class ObMultiVersionSchemaService;
class ObPrivMgr;
class ObSimpleDatabaseSchema;
class ObSimplePackageSchema;
class ObSimpleRoutineSchema;
@ -72,6 +73,7 @@ struct ObSessionPrivInfo;
struct ObStmtNeedPrivs;
struct ObUserLoginInfo;
class ObSchemaMgrInfo
{
public:
@ -1087,6 +1089,17 @@ private:
const ObIArray<uint64_t> &role_id_array);
bool ignore_tenant_not_exist_error(const uint64_t tenant_id);
int check_priv_db_or_(const ObSessionPrivInfo &session_priv,
const ObNeedPriv &need_priv,
const ObPrivMgr &priv_mgr,
const uint64_t tenant_id,
const uint64_t user_id,
bool& pass);
int check_priv_table_or_(const ObNeedPriv &need_priv,
const ObPrivMgr &priv_mgr,
const uint64_t tenant_id,
const uint64_t user_id,
bool& pass);
private:
common::ObArenaAllocator local_allocator_;
ObMultiVersionSchemaService *schema_service_;

218
src/sql/resolver/cmd/ob_show_resolver.cpp
View File

@ -135,6 +135,7 @@ int ObShowResolver::resolve(const ParseNode &parse_tree)
show_resv_ctx.condition_node_ = parse_tree.children_[1];
show_resv_ctx.stmt_type_ = stmt::T_SHOW_TABLES;
ParseNode *condition_node = show_resv_ctx.condition_node_;
ObString show_db_name;
uint64_t show_db_id = OB_INVALID_ID;
if (OB_FAIL(get_database_info(parse_tree.children_[0],
database_name,
@ -146,65 +147,76 @@ int ObShowResolver::resolve(const ParseNode &parse_tree)
ret = OB_ERR_UNEXPECTED;
LOG_WARN("database id is invalid", K(ret), K(show_db_id));
} else {
if (0 == parse_tree.children_[2]->value_) {
if (NULL != condition_node && T_LIKE_CLAUSE == condition_node->type_) {
if (OB_UNLIKELY(condition_node->num_child_ != 2
|| NULL == condition_node->children_)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("invalid like parse node",
K(ret),
K(condition_node->num_child_),
K(condition_node->children_));
} else if (OB_UNLIKELY(NULL == condition_node->children_[0]
|| NULL == condition_node->children_[1])) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("invalid like parse node",
K(ret),
K(condition_node->num_child_),
K(condition_node->children_[0]),
K(condition_node->children_[1]));
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_TABLES_LIKE,
show_resv_ctx.show_database_name_.length(),
show_resv_ctx.show_database_name_.ptr(),
static_cast<ObString::obstr_size_t>(condition_node->children_[0]->str_len_),//cast int64_t to obstr_size_t
condition_node->children_[0]->str_value_);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_TABLES_LIKE, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_TABLES_TNAME, show_db_id);
}
show_db_name = show_resv_ctx.show_database_name_;
if (OB_FAIL(schema_checker_->check_db_access(session_priv, show_db_name))) {
if (OB_ERR_NO_DB_PRIVILEGE == ret) {
LOG_USER_ERROR(OB_ERR_NO_DB_PRIVILEGE, session_priv.user_name_.length(), session_priv.user_name_.ptr(),
session_priv.host_name_.length(),session_priv.host_name_.ptr(),
show_db_name.length(), show_db_name.ptr());
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_TABLES, show_resv_ctx.show_database_name_.length(),
show_resv_ctx.show_database_name_.ptr());
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_TABLES, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_TABLES_TNAME, show_db_id);
}
} else if (1 == parse_tree.children_[2]->value_) {
if (NULL != condition_node && T_LIKE_CLAUSE == condition_node->type_) {
if (OB_UNLIKELY(condition_node->num_child_ != 2
|| NULL == condition_node->children_[0]
|| NULL == condition_node->children_[1])) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("invalid like parse node",
K(ret),
K(condition_node->num_child_),
K(condition_node->children_[0]),
K(condition_node->children_[1]));
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_FULL_TABLES_LIKE,
show_resv_ctx.show_database_name_.length(),
show_resv_ctx.show_database_name_.ptr(),
static_cast<ObString::obstr_size_t>(condition_node->children_[0]->str_len_),//cast int64_t to obstr_size_t
condition_node->children_[0]->str_value_);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_FULL_TABLES_LIKE, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_TABLES_TNAME, show_db_id);
}
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_FULL_TABLES, show_resv_ctx.show_database_name_.length(),
show_resv_ctx.show_database_name_.ptr());
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_FULL_TABLES, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_TABLES_TNAME, show_db_id);
LOG_WARN("fail to check priv", K(ret));
}
} else {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("node value unexpected", K(parse_tree.value_));
break;
if (0 == parse_tree.children_[2]->value_) {
if (NULL != condition_node && T_LIKE_CLAUSE == condition_node->type_) {
if (OB_UNLIKELY(condition_node->num_child_ != 2
|| NULL == condition_node->children_)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("invalid like parse node",
K(ret),
K(condition_node->num_child_),
K(condition_node->children_));
} else if (OB_UNLIKELY(NULL == condition_node->children_[0]
|| NULL == condition_node->children_[1])) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("invalid like parse node",
K(ret),
K(condition_node->num_child_),
K(condition_node->children_[0]),
K(condition_node->children_[1]));
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_TABLES_LIKE,
show_resv_ctx.show_database_name_.length(),
show_resv_ctx.show_database_name_.ptr(),
static_cast<ObString::obstr_size_t>(condition_node->children_[0]->str_len_),//cast int64_t to obstr_size_t
condition_node->children_[0]->str_value_);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_TABLES_LIKE, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_TABLES_TNAME, show_db_id);
}
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_TABLES, show_resv_ctx.show_database_name_.length(),
show_resv_ctx.show_database_name_.ptr());
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_TABLES, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_TABLES_TNAME, show_db_id);
}
} else if (1 == parse_tree.children_[2]->value_) {
if (NULL != condition_node && T_LIKE_CLAUSE == condition_node->type_) {
if (OB_UNLIKELY(condition_node->num_child_ != 2
|| NULL == condition_node->children_[0]
|| NULL == condition_node->children_[1])) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("invalid like parse node",
K(ret),
K(condition_node->num_child_),
K(condition_node->children_[0]),
K(condition_node->children_[1]));
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_FULL_TABLES_LIKE,
show_resv_ctx.show_database_name_.length(),
show_resv_ctx.show_database_name_.ptr(),
static_cast<ObString::obstr_size_t>(condition_node->children_[0]->str_len_),//cast int64_t to obstr_size_t
condition_node->children_[0]->str_value_);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_FULL_TABLES_LIKE, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_TABLES_TNAME, show_db_id);
}
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_FULL_TABLES, show_resv_ctx.show_database_name_.length(),
show_resv_ctx.show_database_name_.ptr());
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_FULL_TABLES, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_TABLES_TNAME, show_db_id);
}
} else {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("node value unexpected", K(parse_tree.value_));
break;
}
}
//change where condition :Tables_in_xxx=>table_name
@ -352,7 +364,41 @@ int ObShowResolver::resolve(const ParseNode &parse_tree)
show_db_name, show_db_id, show_table_name,
show_table_id, is_view, synonym_checker))) {
LOG_WARN("fail to resolve show from table", K(ret));
} else {
} else if (!is_oracle_mode) {
if (OB_FAIL(stmt_need_privs.need_privs_.init(3))) {
LOG_WARN("fail to init need privs array", K(ret));
} else {
ObNeedPriv need_priv;
//Priv check: global select || db select || table acc
need_priv.priv_level_ = OB_PRIV_USER_LEVEL;
need_priv.priv_set_ = OB_PRIV_SELECT;
stmt_need_privs.need_privs_.push_back(need_priv);
need_priv.priv_level_ = OB_PRIV_DB_LEVEL;
need_priv.priv_set_ = OB_PRIV_SELECT;
need_priv.db_ = show_db_name;
stmt_need_privs.need_privs_.push_back(need_priv);
need_priv.priv_level_ = OB_PRIV_TABLE_LEVEL;
need_priv.priv_set_ = OB_PRIV_TABLE_ACC;
need_priv.db_ = show_db_name;
need_priv.table_ = show_table_name;
stmt_need_privs.need_privs_.push_back(need_priv);
if (OB_FAIL(schema_checker_->check_priv_or(session_priv, stmt_need_privs))) {
if (OB_ERR_NO_TABLE_PRIVILEGE == ret) {
LOG_USER_ERROR(OB_ERR_NO_TABLE_PRIVILEGE, (int)strlen("SELECT"), "SELECT",
session_priv.user_name_.length(), session_priv.user_name_.ptr(),
session_priv.host_name_.length(),session_priv.host_name_.ptr(),
show_table_name.length(), show_table_name.ptr());
} else {
LOG_WARN("fail to check priv", K(ret));
}
}
}
}
if (OB_SUCC(ret)) {
if (1 == parse_tree.children_[0]->value_) {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_FULL_COLUMNS);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_FULL_COLUMNS, REAL_NAME(OB_SYS_DATABASE_NAME, OB_ORA_SYS_SCHEMA_NAME), REAL_NAME(OB_TENANT_VIRTUAL_TABLE_COLUMN_TNAME, OB_TENANT_VIRTUAL_TABLE_COLUMN_ORA_TNAME), show_table_id);
@ -387,13 +433,35 @@ int ObShowResolver::resolve(const ParseNode &parse_tree)
show_db_id,
show_db_name))) {
LOG_WARN("fail to resolve show database", K(ret), K(real_tenant_id));
} else if (OB_FAIL(stmt_need_privs.need_privs_.init(2))) {
LOG_WARN("fail to init need privs array", K(ret));
} else {
if (NULL != parse_tree.children_[0]) {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_CREATE_DATABASE_EXISTS);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_CREATE_DATABASE_EXISTS, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_CREATE_DATABASE_TNAME, show_db_id);
ObNeedPriv need_priv;
need_priv.priv_level_ = OB_PRIV_USER_LEVEL;
need_priv.priv_set_ = OB_PRIV_DB_ACC;
stmt_need_privs.need_privs_.push_back(need_priv);
need_priv.priv_level_ = OB_PRIV_DB_LEVEL;
need_priv.priv_set_ = OB_PRIV_DB_ACC;
need_priv.db_ = show_db_name;
stmt_need_privs.need_privs_.push_back(need_priv);
if (OB_FAIL(schema_checker_->check_priv_or(session_priv, stmt_need_privs))) {
if (OB_ERR_NO_DB_PRIVILEGE == ret) {
LOG_USER_ERROR(OB_ERR_NO_DB_PRIVILEGE, session_priv.user_name_.length(), session_priv.user_name_.ptr(),
session_priv.host_name_.length(),session_priv.host_name_.ptr(),
show_db_name.length(), show_db_name.ptr());
} else {
LOG_WARN("fail to check priv", K(ret));
}
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_CREATE_DATABASE);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_CREATE_DATABASE, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_CREATE_DATABASE_TNAME, show_db_id);
if (NULL != parse_tree.children_[0]) {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_CREATE_DATABASE_EXISTS);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_CREATE_DATABASE_EXISTS, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_CREATE_DATABASE_TNAME, show_db_id);
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_CREATE_DATABASE);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_CREATE_DATABASE, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_SHOW_CREATE_DATABASE_TNAME, show_db_id);
}
}
}
}
@ -565,11 +633,7 @@ int ObShowResolver::resolve(const ParseNode &parse_tree)
T_SHOW_INDEXES, real_tenant_id, show_db_name, show_db_id,
show_table_name, show_table_id, is_view, synonym_checker))) {
LOG_WARN("fail to resolve show from table", K(ret));
} else {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_INDEXES);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_INDEXES, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_TABLE_INDEX_TNAME, show_table_id);
}
if (OB_SUCC(ret)) {
} else if (!is_oracle_mode) {
if (OB_FAIL(stmt_need_privs.need_privs_.init(3))) {
LOG_WARN("fail to init need privs array", K(ret));
} else {
@ -580,6 +644,8 @@ int ObShowResolver::resolve(const ParseNode &parse_tree)
stmt_need_privs.need_privs_.push_back(need_priv);
need_priv.priv_level_ = OB_PRIV_DB_LEVEL;
need_priv.priv_set_ = OB_PRIV_SELECT;
need_priv.db_ = show_db_name;
stmt_need_privs.need_privs_.push_back(need_priv);
need_priv.priv_level_ = OB_PRIV_TABLE_LEVEL;
@ -589,14 +655,22 @@ int ObShowResolver::resolve(const ParseNode &parse_tree)
stmt_need_privs.need_privs_.push_back(need_priv);
if (OB_FAIL(schema_checker_->check_priv_or(session_priv, stmt_need_privs))) {
ret = OB_ERR_NO_TABLE_PRIVILEGE;
LOG_USER_ERROR(OB_ERR_NO_TABLE_PRIVILEGE, (int)strlen("SELECT"), "SELECT",
session_priv.user_name_.length(), session_priv.user_name_.ptr(),
session_priv.host_name_.length(),session_priv.host_name_.ptr(),
show_table_name.length(), show_table_name.ptr());
if (OB_ERR_NO_TABLE_PRIVILEGE == ret) {
LOG_USER_ERROR(OB_ERR_NO_TABLE_PRIVILEGE, (int)strlen("SELECT"), "SELECT",
session_priv.user_name_.length(), session_priv.user_name_.ptr(),
session_priv.host_name_.length(),session_priv.host_name_.ptr(),
show_table_name.length(), show_table_name.ptr());
} else {
LOG_WARN("fail to check priv", K(ret));
}
}
}
}
if (OB_SUCC(ret)) {
GEN_SQL_STEP_1(ObShowSqlSet::SHOW_INDEXES);
GEN_SQL_STEP_2(ObShowSqlSet::SHOW_INDEXES, OB_SYS_DATABASE_NAME, OB_TENANT_VIRTUAL_TABLE_INDEX_TNAME, show_table_id);
}
}
}();
break;

21
src/sql/resolver/cmd/ob_show_resolver.h
View File

@ -40,17 +40,18 @@ private:
const ObString &database_name,
bool is_sys_view);
// in oracle mode, check_desc_priv_if_ness is called inside
int resolve_show_from_table(const ParseNode *from_table_node,
const ParseNode *from_database_clause_node,
bool is_database_unselected,
ObItemType node_type,
uint64_t real_tenant_id,
common::ObString &show_database_name,
uint64_t &show_database_id,
common::ObString &show_table_name,
uint64_t &show_table_id,
bool &is_view,
ObSynonymChecker &synonym_checker);
const ParseNode *from_database_clause_node,
bool is_database_unselected,
ObItemType node_type,
uint64_t real_tenant_id,
common::ObString &show_database_name,
uint64_t &show_database_id,
common::ObString &show_table_name,
uint64_t &show_table_id,
bool &is_view,
ObSynonymChecker &synonym_checker);
int resolve_show_from_database(const ParseNode &from_db_node,
uint64_t real_tenant_id,
uint64_t &show_database_id,

4
src/sql/resolver/ob_schema_checker.h
View File

@ -73,7 +73,7 @@ public:
int init(ObSqlSchemaGuard &schema_guard, uint64_t session_id = common::OB_INVALID_ID);
ObSqlSchemaGuard *get_sql_schema_guard() { return sql_schema_mgr_; }
share::schema::ObSchemaGetterGuard *get_schema_guard() { return schema_mgr_; }
// need satifing each priv in stmt_need_privs
int check_priv(const share::schema::ObSessionPrivInfo &session_priv,
const share::schema::ObStmtNeedPrivs &stmt_need_privs) const;
@ -81,7 +81,7 @@ public:
const uint64_t uid,
const share::schema::ObStmtOraNeedPrivs &stmt_need_privs,
const ObIArray<uint64_t> &role_id_array) const;
// need satifing one of stmt_need_privs
int check_priv_or(const share::schema::ObSessionPrivInfo &session_priv,
const share::schema::ObStmtNeedPrivs &stmt_need_privs);