hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

remove the compat mode check in oracle priv check

Browse Source
This commit is contained in:
yinyj17
2023-12-20 02:13:15 +00:00
committed by ob-robot
parent d6512565b6
commit ef362efaf5
2 changed files with 231 additions and 349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pl/ob_pl.cpp
View File

@ -3716,7 +3716,6 @@ int ObPLExecState::check_pl_execute_priv(ObSchemaGetterGuard &guard,
user_info)); user_info));
CK (user_info != NULL); CK (user_info != NULL);
OX (obj_owner_id = user_info->get_user_id()); OX (obj_owner_id = user_info->get_user_id());
}
OZ (ObOraSysChecker::check_ora_obj_priv(guard, OZ (ObOraSysChecker::check_ora_obj_priv(guard,
obj_tenant_id, obj_tenant_id,
user_id, user_id,
@ -3728,6 +3727,7 @@ int ObPLExecState::check_pl_execute_priv(ObSchemaGetterGuard &guard,
CHECK_FLAG_NORMAL, CHECK_FLAG_NORMAL,
obj_owner_id, obj_owner_id,
role_id_array)); role_id_array));
}
if (ROUTINE_SCHEMA == schema_type && ret == OB_TABLE_NOT_EXIST) { if (ROUTINE_SCHEMA == schema_type && ret == OB_TABLE_NOT_EXIST) {
ret = OB_WRONG_COLUMN_NAME; ret = OB_WRONG_COLUMN_NAME;
} }

118
src/sql/privilege_check/ob_ora_priv_check.cpp
View File

@ -171,18 +171,12 @@ int ObOraSysChecker::check_plist_and(
const uint64_t option) const uint64_t option)
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
lib::Worker::CompatMode compat_mode;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
OZX1 (check_plist_and_in_single(guard, tenant_id, user_id, plist, option), OB_ERR_NO_PRIVILEGE); OZX1 (check_plist_and_in_single(guard, tenant_id, user_id, plist, option), OB_ERR_NO_PRIVILEGE);
if (ret == OB_ERR_NO_PRIVILEGE) { if (ret == OB_ERR_NO_PRIVILEGE) {
ret = OB_SUCCESS; ret = OB_SUCCESS;
OZX1 (check_plist_and_in_roles(guard, tenant_id, user_id, plist, role_id_array, option), OZX1 (check_plist_and_in_roles(guard, tenant_id, user_id, plist, role_id_array, option),
OB_ERR_NO_PRIVILEGE, tenant_id, user_id, plist); OB_ERR_NO_PRIVILEGE, tenant_id, user_id, plist);
} }
}
return ret; return ret;
} }
@ -198,18 +192,12 @@ int ObOraSysChecker::check_plist_or(
const uint64_t option) const uint64_t option)
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
lib::Worker::CompatMode compat_mode;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
OZX1 (check_plist_or_in_single(guard, tenant_id, user_id, plist, option), OB_ERR_NO_PRIVILEGE); OZX1 (check_plist_or_in_single(guard, tenant_id, user_id, plist, option), OB_ERR_NO_PRIVILEGE);
if (ret == OB_ERR_NO_PRIVILEGE) { if (ret == OB_ERR_NO_PRIVILEGE) {
ret = OB_SUCCESS; ret = OB_SUCCESS;
OZX1 (check_plist_or_in_roles(guard, tenant_id, user_id, plist, role_id_array, option), OZX1 (check_plist_or_in_roles(guard, tenant_id, user_id, plist, role_id_array, option),
OB_ERR_NO_PRIVILEGE, tenant_id, user_id, plist); OB_ERR_NO_PRIVILEGE, tenant_id, user_id, plist);
} }
}
return ret; return ret;
} }
@ -224,18 +212,12 @@ int ObOraSysChecker::check_p1(
const ObIArray<uint64_t> &role_id_array) const ObIArray<uint64_t> &role_id_array)
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
lib::Worker::CompatMode compat_mode;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
OZX1 (check_p1_in_single(guard, tenant_id, user_id, p1), OB_ERR_NO_PRIVILEGE); OZX1 (check_p1_in_single(guard, tenant_id, user_id, p1), OB_ERR_NO_PRIVILEGE);
if (ret == OB_ERR_NO_PRIVILEGE) { if (ret == OB_ERR_NO_PRIVILEGE) {
ret = OB_SUCCESS; ret = OB_SUCCESS;
OZX1 (check_p1_in_roles(guard, tenant_id, user_id, p1, role_id_array), OZX1 (check_p1_in_roles(guard, tenant_id, user_id, p1, role_id_array),
OB_ERR_NO_PRIVILEGE, tenant_id, user_id, p1); OB_ERR_NO_PRIVILEGE, tenant_id, user_id, p1);
} }
}
return ret; return ret;
} }
@ -250,11 +232,6 @@ int ObOraSysChecker::check_plist_or_in_roles(
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
bool exists; bool exists;
lib::Worker::CompatMode compat_mode;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
ObPackedPrivArray sys_packed_array; ObPackedPrivArray sys_packed_array;
OZ (get_user_sys_priv_in_roles(guard, tenant_id, user_id, sys_packed_array, OZ (get_user_sys_priv_in_roles(guard, tenant_id, user_id, sys_packed_array,
true, role_id_array), true, role_id_array),
@ -268,7 +245,6 @@ int ObOraSysChecker::check_plist_or_in_roles(
if (OB_SUCC(ret) && !exists) { if (OB_SUCC(ret) && !exists) {
ret = OB_ERR_NO_PRIVILEGE; ret = OB_ERR_NO_PRIVILEGE;
} }
}
return ret; return ret;
} }
@ -283,11 +259,6 @@ int ObOraSysChecker::check_plist_and_in_roles(
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
bool exists; bool exists;
lib::Worker::CompatMode compat_mode;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
ObPackedPrivArray sys_packed_array; ObPackedPrivArray sys_packed_array;
OZ (get_user_sys_priv_in_roles(guard, tenant_id, user_id, sys_packed_array, OZ (get_user_sys_priv_in_roles(guard, tenant_id, user_id, sys_packed_array,
true, role_id_array), true, role_id_array),
@ -301,7 +272,6 @@ int ObOraSysChecker::check_plist_and_in_roles(
if (OB_SUCC(ret) && !exists) { if (OB_SUCC(ret) && !exists) {
ret = OB_ERR_NO_PRIVILEGE; ret = OB_ERR_NO_PRIVILEGE;
} }
}
return ret; return ret;
} }
@ -315,11 +285,6 @@ int ObOraSysChecker::check_plist_and_in_single(
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
bool exists; bool exists;
lib::Worker::CompatMode compat_mode;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
ObSysPriv *sys_priv = NULL; ObSysPriv *sys_priv = NULL;
OZ (guard.get_sys_priv_with_grantee_id(tenant_id, user_id, sys_priv)); OZ (guard.get_sys_priv_with_grantee_id(tenant_id, user_id, sys_priv));
if (OB_SUCC(ret)) { if (OB_SUCC(ret)) {
@ -336,7 +301,6 @@ int ObOraSysChecker::check_plist_and_in_single(
} }
} }
} }
}
return ret; return ret;
} }
@ -350,11 +314,6 @@ int ObOraSysChecker::check_plist_or_in_single(
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
bool exists; bool exists;
lib::Worker::CompatMode compat_mode;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
ObSysPriv *sys_priv = NULL; ObSysPriv *sys_priv = NULL;
OZ (guard.get_sys_priv_with_grantee_id(tenant_id, user_id, sys_priv)); OZ (guard.get_sys_priv_with_grantee_id(tenant_id, user_id, sys_priv));
if (OB_SUCC(ret)) { if (OB_SUCC(ret)) {
@ -371,7 +330,6 @@ int ObOraSysChecker::check_plist_or_in_single(
} }
} }
} }
}
return ret; return ret;
} }
@ -490,12 +448,7 @@ int ObOraSysChecker::check_obj_plist_or(
const ObIArray<uint64_t> &role_id_array) const ObIArray<uint64_t> &role_id_array)
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
lib::Worker::CompatMode compat_mode;
int ret1; int ret1;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
OZX2 (check_obj_plist_or_in_single(guard, tenant_id, user_id, obj_type, OZX2 (check_obj_plist_or_in_single(guard, tenant_id, user_id, obj_type,
obj_id, col_id, plist), obj_id, col_id, plist),
OB_ERR_NO_PRIVILEGE, OB_ERR_EMPTY_QUERY, OB_ERR_NO_PRIVILEGE, OB_ERR_EMPTY_QUERY,
@ -511,7 +464,6 @@ int ObOraSysChecker::check_obj_plist_or(
ret = OB_ERR_NO_PRIVILEGE; ret = OB_ERR_NO_PRIVILEGE;
} }
} }
}
return ret; return ret;
} }
@ -530,16 +482,7 @@ int ObOraSysChecker::check_obj_p1(
const ObIArray<uint64_t> &role_id_array) const ObIArray<uint64_t> &role_id_array)
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
// unused
// bool exists;
lib::Worker::CompatMode compat_mode;
// unused
// ObObjPriv *obj_priv = NULL;
int ret1; int ret1;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
OZX2 (check_obj_p1_in_single(guard, tenant_id, user_id, obj_type, obj_id, col_id, p1, option), OZX2 (check_obj_p1_in_single(guard, tenant_id, user_id, obj_type, obj_id, col_id, p1, option),
OB_ERR_NO_PRIVILEGE, OB_ERR_EMPTY_QUERY, OB_ERR_NO_PRIVILEGE, OB_ERR_EMPTY_QUERY,
tenant_id, user_id, obj_type, obj_id, col_id, p1, option); tenant_id, user_id, obj_type, obj_id, col_id, p1, option);
@ -554,7 +497,6 @@ int ObOraSysChecker::check_obj_p1(
ret = OB_ERR_NO_PRIVILEGE; ret = OB_ERR_NO_PRIVILEGE;
} }
} }
}
return ret; return ret;
} }
@ -568,11 +510,6 @@ int ObOraSysChecker::check_p1_or_plist_in_single(
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
ObSysPriv *sys_priv = NULL; ObSysPriv *sys_priv = NULL;
lib::Worker::CompatMode compat_mode;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
OZ (guard.get_sys_priv_with_grantee_id(tenant_id, user_id, sys_priv)); OZ (guard.get_sys_priv_with_grantee_id(tenant_id, user_id, sys_priv));
if (OB_SUCC(ret)) { if (OB_SUCC(ret)) {
if (sys_priv == NULL) { if (sys_priv == NULL) {
@ -582,7 +519,6 @@ int ObOraSysChecker::check_p1_or_plist_in_single(
OB_ERR_NO_PRIVILEGE); OB_ERR_NO_PRIVILEGE);
} }
} }
}
return ret; return ret;
} }
@ -627,13 +563,6 @@ int ObOraSysChecker::check_p1_with_plist_info(
const ObIArray<uint64_t> &role_id_array) const ObIArray<uint64_t> &role_id_array)
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
// unused
// ObSysPriv *sys_priv = NULL;
lib::Worker::CompatMode compat_mode;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
OZX1 (check_p1_with_plist_info_in_single( OZX1 (check_p1_with_plist_info_in_single(
guard, tenant_id, user_id, p1, option, plist, has_other_priv), guard, tenant_id, user_id, p1, option, plist, has_other_priv),
OB_ERR_NO_PRIVILEGE); OB_ERR_NO_PRIVILEGE);
@ -647,7 +576,6 @@ int ObOraSysChecker::check_p1_with_plist_info(
has_other_priv, role_id_array), OB_ERR_NO_PRIVILEGE); has_other_priv, role_id_array), OB_ERR_NO_PRIVILEGE);
} }
} }
}
return ret; return ret;
} }
@ -716,11 +644,7 @@ int ObOraSysChecker::check_p1_with_plist_info_in_single(
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
ObSysPriv *sys_priv = NULL; ObSysPriv *sys_priv = NULL;
lib::Worker::CompatMode compat_mode;
has_other_priv = false; has_other_priv = false;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
OZ (guard.get_sys_priv_with_grantee_id(tenant_id, user_id, sys_priv)); OZ (guard.get_sys_priv_with_grantee_id(tenant_id, user_id, sys_priv));
if (OB_SUCC(ret)) { if (OB_SUCC(ret)) {
if (sys_priv == NULL) { if (sys_priv == NULL) {
@ -731,7 +655,6 @@ int ObOraSysChecker::check_p1_with_plist_info_in_single(
OB_ERR_NO_PRIVILEGE); OB_ERR_NO_PRIVILEGE);
} }
} }
}
return ret; return ret;
} }
@ -749,13 +672,6 @@ int ObOraSysChecker::check_p1_or_plist(
const ObIArray<uint64_t> &role_id_array) const ObIArray<uint64_t> &role_id_array)
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
// unused
// ObSysPriv *sys_priv = NULL;
lib::Worker::CompatMode compat_mode;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
OZX1 (check_p1_or_plist_in_single(guard, tenant_id, user_id, p1, option, plist), OZX1 (check_p1_or_plist_in_single(guard, tenant_id, user_id, p1, option, plist),
OB_ERR_NO_PRIVILEGE); OB_ERR_NO_PRIVILEGE);
if (ret == OB_ERR_NO_PRIVILEGE) { if (ret == OB_ERR_NO_PRIVILEGE) {
@ -763,7 +679,6 @@ int ObOraSysChecker::check_p1_or_plist(
OZ (check_p1_or_plist_in_roles(guard, tenant_id, user_id, p1, OZ (check_p1_or_plist_in_roles(guard, tenant_id, user_id, p1,
option, plist, role_id_array)); option, plist, role_id_array));
} }
}
return ret; return ret;
} }
@ -820,12 +735,7 @@ int ObOraSysChecker::check_p1_or_cond_p2_in_single(
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
ObSysPriv *sys_priv = NULL; ObSysPriv *sys_priv = NULL;
lib::Worker::CompatMode compat_mode;
bool exists = false; bool exists = false;
OZ (guard.get_tenant_compat_mode(tenant_id, compat_mode));
/* 仅在oracle模式下执行 */
if (OB_SUCC(ret) && compat_mode == lib::Worker::CompatMode::ORACLE) {
OZ (guard.get_sys_priv_with_grantee_id(tenant_id, ur_id, sys_priv)); OZ (guard.get_sys_priv_with_grantee_id(tenant_id, ur_id, sys_priv));
if (OB_SUCC(ret)) { if (OB_SUCC(ret)) {
if (sys_priv == NULL) { if (sys_priv == NULL) {
@ -841,7 +751,6 @@ int ObOraSysChecker::check_p1_or_cond_p2_in_single(
} }
} }
} }
}
return ret; return ret;
} }
@ -888,11 +797,6 @@ int ObOraSysChecker::check_p1_or_owner_and_p2(
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
bool is_owner; bool is_owner;
lib::Worker::CompatMode compat_mode;
if (OB_FAIL(guard.get_tenant_compat_mode(tenant_id, compat_mode))) {
LOG_WARN("get_tenant_compat_mode failed", K(ret));
} else if (compat_mode == lib::Worker::CompatMode::ORACLE) {
if (database_name.empty()) { if (database_name.empty()) {
is_owner = true; is_owner = true;
} else { } else {
@ -913,7 +817,6 @@ int ObOraSysChecker::check_p1_or_owner_and_p2(
is_owner, p2, role_id_array)); is_owner, p2, role_id_array));
} }
}
return ret; return ret;
} }
@ -938,11 +841,6 @@ int ObOraSysChecker::check_owner_or_p1_or_objp2(
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
bool is_owner = false; bool is_owner = false;
uint64_t obj_owner_id = OB_INVALID_ID; uint64_t obj_owner_id = OB_INVALID_ID;
lib::Worker::CompatMode compat_mode;
if (OB_FAIL(guard.get_tenant_compat_mode(tenant_id, compat_mode))) {
LOG_WARN("get_tenant_compat_mode failed", K(ret));
} else if (compat_mode == lib::Worker::CompatMode::ORACLE) {
if (database_name.empty()) { if (database_name.empty()) {
is_owner = true; is_owner = true;
obj_owner_id = user_id; obj_owner_id = user_id;
@ -975,7 +873,6 @@ int ObOraSysChecker::check_owner_or_p1_or_objp2(
tenant_id, user_id, obj_type, obj_id, OBJ_LEVEL_FOR_TAB_PRIV, obj_p2);*/ tenant_id, user_id, obj_type, obj_id, OBJ_LEVEL_FOR_TAB_PRIV, obj_p2);*/
} }
} }
}
return ret; return ret;
} }
@ -999,10 +896,6 @@ int ObOraSysChecker::check_owner_or_p1_or_access(
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
bool is_owner = false; bool is_owner = false;
lib::Worker::CompatMode compat_mode;
if (OB_FAIL(guard.get_tenant_compat_mode(tenant_id, compat_mode))) {
LOG_WARN("get_tenant_compat_mode failed", K(ret));
} else if (compat_mode == lib::Worker::CompatMode::ORACLE) {
if (database_name.empty()) { if (database_name.empty()) {
is_owner = true; is_owner = true;
} else { } else {
@ -1039,7 +932,6 @@ int ObOraSysChecker::check_owner_or_p1_or_access(
} }
} }
} }
}
return ret; return ret;
} }
@ -1404,16 +1296,7 @@ int ObOraSysChecker::check_owner_or_p1(
const ObIArray<uint64_t> &role_id_array) const ObIArray<uint64_t> &role_id_array)
{ {
int ret = OB_SUCCESS; int ret = OB_SUCCESS;
// unused
// ObSysPriv *sys_priv = NULL;
bool is_owner = false; bool is_owner = false;
lib::Worker::CompatMode compat_mode;
// unused
// bool exists = false;
if (OB_FAIL(guard.get_tenant_compat_mode(tenant_id, compat_mode))) {
LOG_WARN("get_tenant_compat_mode failed", K(ret));
} else if (compat_mode == lib::Worker::CompatMode::ORACLE) {
if (database_name.empty()) { if (database_name.empty()) {
is_owner = true; is_owner = true;
} else { } else {
@ -1429,7 +1312,6 @@ int ObOraSysChecker::check_owner_or_p1(
if (!is_owner) { if (!is_owner) {
OZ (check_p1(guard, tenant_id, user_id, p1, role_id_array), tenant_id, user_id, p1); OZ (check_p1(guard, tenant_id, user_id, p1, role_id_array), tenant_id, user_id, p1);
} }
}
return ret; return ret;
} }