MonetDB: Nov2019 - When deleting a privileged user, look for use...

Mon, 27 Jan 2020 06:43:16 -0800 

Changeset: 4c25f517a2d8 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=4c25f517a2d8
Modified Files:
        sql/backends/monet5/sql_user.c
        sql/server/sql_privileges.c
Branch: Nov2019
Log Message:

When deleting a privileged user, look for users created by him and delete them 
recursively


diffs (135 lines):

diff --git a/sql/backends/monet5/sql_user.c b/sql/backends/monet5/sql_user.c
--- a/sql/backends/monet5/sql_user.c
+++ b/sql/backends/monet5/sql_user.c
@@ -203,7 +203,6 @@ monet5_create_privileges(ptr _mvc, sql_s
 {
        sql_table *t, *uinfo;
        mvc *m = (mvc *) _mvc;
-       char *err = NULL;
        sqlid schema_id = 0;
        str monetdbuser = "monetdb";
        list *res, *ops;
@@ -215,7 +214,6 @@ monet5_create_privileges(ptr _mvc, sql_s
        mvc_create_column_(m, t, "default_schema", "int", 9);
        uinfo = t;
 
-       (void) err;
        res = sa_list(m->sa);
        list_append(res, sql_create_arg(m->sa, "name", sql_bind_subtype(m->sa, 
"varchar", 2048, 0), ARG_OUT));  
 
diff --git a/sql/server/sql_privileges.c b/sql/server/sql_privileges.c
--- a/sql/server/sql_privileges.c
+++ b/sql/server/sql_privileges.c
@@ -805,10 +805,15 @@ sql_create_user(mvc *sql, char *user, ch
        return NULL;
 }
 
-char *
-sql_drop_user(mvc *sql, char *user)
+static int
+id_cmp(sqlid *id1, sqlid *id2)
 {
-       sqlid user_id = sql_find_auth(sql, user);
+       return *id1 == *id2;
+}
+
+static char *
+sql_drop_granted_users(mvc *sql, sqlid user_id, char *user, list 
*deleted_users)
+{
        sql_schema *ss = mvc_bind_schema(sql, "sys");
        sql_table *privs = mvc_bind_table(sql, ss, "privileges");
        sql_table *user_roles = mvc_bind_table(sql, ss, "user_role");
@@ -817,33 +822,70 @@ sql_drop_user(mvc *sql, char *user)
        rids *A;
        oid rid;
 
-       if (mvc_check_dependency(sql, user_id, OWNER_DEPENDENCY, NULL))
-               throw(SQL,"sql.drop_user",SQLSTATE(M1M05) "DROP USER: '%s' owns 
a schema", user);
-       if (backend_drop_user(sql, user) == FALSE)
-               throw(SQL,"sql.drop_user",SQLSTATE(M0M27) "%s", sql->errstr);
+       if (!list_find(deleted_users, &user_id, (fcmp) &id_cmp)) {
+               if (mvc_check_dependency(sql, user_id, OWNER_DEPENDENCY, NULL))
+                       throw(SQL,"sql.drop_user",SQLSTATE(M1M05) "DROP USER: 
'%s' owns a schema", user);
+               if (backend_drop_user(sql, user) == FALSE)
+                       throw(SQL,"sql.drop_user",SQLSTATE(M0M27) "%s", 
sql->errstr);
+
+               /* select privileges of this user_id */
+               A = table_funcs.rids_select(tr, find_sql_column(privs, 
"auth_id"), &user_id, &user_id, NULL);
+               /* remove them */
+               for(rid = table_funcs.rids_next(A); !is_oid_nil(rid); rid = 
table_funcs.rids_next(A))
+                       table_funcs.table_delete(tr, privs, rid);
+               table_funcs.rids_destroy(A);
 
-       /* select privileges of this user_id */
-       A = table_funcs.rids_select(tr, find_sql_column(privs, "auth_id"), 
&user_id, &user_id, NULL);
-       /* remove them */
-       for(rid = table_funcs.rids_next(A); !is_oid_nil(rid); rid = 
table_funcs.rids_next(A))
-               table_funcs.table_delete(tr, privs, rid);
-       table_funcs.rids_destroy(A);
+               /* select privileges granted by this user_id */
+               A = table_funcs.rids_select(tr, find_sql_column(privs, 
"grantor"), &user_id, &user_id, NULL);
+               /* remove them */
+               for(rid = table_funcs.rids_next(A); !is_oid_nil(rid); rid = 
table_funcs.rids_next(A))
+                       table_funcs.table_delete(tr, privs, rid);
+               table_funcs.rids_destroy(A);
+
+               /* delete entry from auths table */
+               rid = table_funcs.column_find_row(tr, find_sql_column(auths, 
"name"), user, NULL);
+               if (is_oid_nil(rid))
+                       throw(SQL, "sql.drop_user", SQLSTATE(0P000) "DROP USER: 
no such user role '%s'", user);
+               table_funcs.table_delete(tr, auths, rid);
 
-       /* delete entry from auths table */
-       rid = table_funcs.column_find_row(tr, find_sql_column(auths, "name"), 
user, NULL);
-       if (is_oid_nil(rid))
-               throw(SQL, "sql.drop_user", SQLSTATE(0P000) "DROP USER: no such 
user role '%s'", user);
-       table_funcs.table_delete(tr, auths, rid);
+               /* select user roles of this user_id */
+               A = table_funcs.rids_select(tr, find_sql_column(user_roles, 
"login_id"), &user_id, &user_id, NULL);
+               /* remove them */
+               for(rid = table_funcs.rids_next(A); !is_oid_nil(rid); rid = 
table_funcs.rids_next(A))
+                       table_funcs.table_delete(tr, user_roles, rid);
+               table_funcs.rids_destroy(A);
+
+               list_append(deleted_users, &user_id);
+
+               /* select users created by this user_id */
+               A = table_funcs.rids_select(tr, find_sql_column(auths, 
"grantor"), &user_id, &user_id, NULL);
+               /* remove them and continue the deletion */
+               for(rid = table_funcs.rids_next(A); !is_oid_nil(rid); rid = 
table_funcs.rids_next(A)) {
+                       sqlid nuid = *(sqlid*)table_funcs.column_find_value(tr, 
find_sql_column(auths, "id"), rid);
+                       char* nname = table_funcs.column_find_value(tr, 
find_sql_column(auths, "name"), rid);
 
-       /* select user roles of this user_id */
-       A = table_funcs.rids_select(tr, find_sql_column(user_roles, 
"login_id"), &user_id, &user_id, NULL);
-       /* remove them */
-       for(rid = table_funcs.rids_next(A); !is_oid_nil(rid); rid = 
table_funcs.rids_next(A))
-               table_funcs.table_delete(tr, user_roles, rid);
-       table_funcs.rids_destroy(A);
+                       sql_drop_granted_users(sql, nuid, nname, deleted_users);
+                       table_funcs.table_delete(tr, auths, rid);
+               }
+               table_funcs.rids_destroy(A);
+       }
+       return NULL;
+}
 
-       tr->schema_updates++;
-       return NULL;
+char *
+sql_drop_user(mvc *sql, char *user)
+{
+       sqlid user_id = sql_find_auth(sql, user);
+       list *deleted = list_create(NULL);
+       str msg = NULL;
+
+       if (!deleted)
+               throw(SQL, "sql.drop_user", SQLSTATE(HY013) MAL_MALLOC_FAIL);
+       msg = sql_drop_granted_users(sql, user_id, user, deleted);
+       list_destroy(deleted);
+
+       sql->session->tr->schema_updates++;
+       return msg;
 }
 
 char *
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list

Reply via email to