trafodion-codereview mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertamarton <...@git.apache.org>
Subject [GitHub] incubator-trafodion pull request #523: TRAFODION [2025] Initialize authoriza...
Date Mon, 06 Jun 2016 17:56:41 GMT
Github user robertamarton commented on a diff in the pull request:

    https://github.com/apache/incubator-trafodion/pull/523#discussion_r65936862
  
    --- Diff: core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp ---
    @@ -7764,52 +7734,103 @@ short CmpSeabaseDDL::initSeabaseAuthorization(
         // Add an error if none yet defined in the diags area
         if ( CmpCommon::diags()->getNumber(DgSqlCode::ERROR_) == 0)
           SEABASEDDL_INTERNAL_ERROR("initialize authorization");
    -    cliRC = -1;
    +
    +    return -1;
       }
     
    -  endXnIfStartedHere(cliInterface, xnWasStartedHere, cliRC);
    +  // If DDL transactions are not enabled, commit the transaction so privmgr 
    +  // schema exists in other processes
    +  if (NOT ddlXns)
    +  {
    +    endXnIfStartedHere(cliInterface, xnWasStartedHere, 0);
    +    if (beginXnIfNotInProgress(cliInterface, xnWasStartedHere))
    +    {
    +      SEABASEDDL_INTERNAL_ERROR("initialize authorization");
    +      return -1;
    +    }
    +  }
     
    -  return cliRC;
    +  // change authorization status in compiler contexts
    +  //CmpCommon::context()->setAuthorizationState (1);
    +  GetCliGlobals()->currContext()->setAuthStateInCmpContexts(TRUE, TRUE);
    +
    +  // change authorization status in compiler processes
    +  cliRC = GetCliGlobals()->currContext()->updateMxcmpSession();
    +  if (cliRC == -1)
    +  {
    +    if ( CmpCommon::diags()->getNumber(DgSqlCode::ERROR_) == 0)
    +      SEABASEDDL_INTERNAL_ERROR("initialize authorization - updating authorization state
failed");
    +  }
    +
    +  NABoolean warnings = FALSE;
    +
    +  // Adjust hive external table ownership - if someone creates external 
    +  // tables before initializing authorization, the external schemas are 
    +  // owned by DB__ROOT -> change to DB__HIVEROLE.  
    +  // Also if you have initialized authorization and created external tables 
    +  // before the fix for JIRA 1895, rerunning initialize authorization will 
    +  // fix the metadata inconsistencies
    +  if (adjustHiveExternalSchemas(cliInterface) != 0)
    +    warnings = TRUE;
    +
    +  // If someone initializes trafodion with library management but does not 
    +  // initialize authorization, then the role DB__LIBMGRROLE has not been 
    +  // granted to LIBMGR procedures.  Do this now
    +  cliRC = existsInSeabaseMDTable(cliInterface,
    +                                 getSystemCatalog(), SEABASE_LIBMGR_SCHEMA, 
    +                                 SEABASE_LIBMGR_LIBRARY,
    +                                 COM_LIBRARY_OBJECT, TRUE, FALSE);
    +  if (cliRC == 1) // library exists
    +  {
    +    cliRC = grantLibmgrPrivs(cliInterface);
    +    if (cliRC == -1)
    +      warnings = TRUE;
    +  }
    +  if (NOT ddlXns)
    +    endXnIfStartedHere(cliInterface, xnWasStartedHere, cliRC);
    +  
    +  // If not able to adjust hive ownership or grant library management privs
    +  // allow operation to continue but return issues as warnings.
    +  if (warnings)
    +  {
    +    CmpCommon::diags()->negateAllErrors();
    +    *CmpCommon::diags() << DgSqlCode(CAT_AUTH_COMPLETED_WITH_WARNINGS); 
    +  }
    +
    +  return 0;
     }
     
     void CmpSeabaseDDL::dropSeabaseAuthorization(
       ExeCliInterface *cliInterface,
       NABoolean doCleanup)
     {
    -  Lng32 cliRC = 0;
    -  NABoolean xnWasStartedHere = FALSE;
    -
       if (!ComUser::isRootUserID())
       {
         *CmpCommon::diags() << DgSqlCode(-CAT_NOT_AUTHORIZED);
         return;
       }
     
    -  if (beginXnIfNotInProgress(cliInterface, xnWasStartedHere))
    -  {
    -    SEABASEDDL_INTERNAL_ERROR("drop authorization");
    -    return;
    -  }
    -
       NAString privMgrMDLoc;
       CONCAT_CATSCH(privMgrMDLoc, getSystemCatalog(), SEABASE_PRIVMGR_SCHEMA);
       PrivMgrCommands privInterface(std::string(privMgrMDLoc.data()), CmpCommon::diags());
       PrivStatus retcode = privInterface.dropAuthorizationMetadata(doCleanup); 
       if (retcode == STATUS_ERROR)
       {
    -    cliRC = -1; 
         if (CmpCommon::diags()->getNumber(DgSqlCode::ERROR_) == 0)
    -     SEABASEDDL_INTERNAL_ERROR("drop authorization");
    +      SEABASEDDL_INTERNAL_ERROR("drop authorization");
    +    return;
       }
    -  else
    +
    +  // Turn off authorization in compiler contexts
    +  GetCliGlobals()->currContext()->setAuthStateInCmpContexts(FALSE, FALSE);
    --- End diff --
    
    It might be.  We might want to do more things also, such as reset caches.  But for init,
drop authorization, this is a one time task and there is (in progress) a specific installation
procedure to handle this.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message