Changeset: 29704c5566ac for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=29704c5566ac
Modified Files:
sql/backends/monet5/sql_upgrades.c
sql/server/rel_select.c
sql/server/rel_updates.c
sql/server/sql_privileges.c
sql/storage/sql_catalog.c
sql/test/Users/Tests/userCallFunction.SQL.py
Branch: indirect-privs
Log Message:
Merged with default
diffs (truncated from 645 to 300 lines):
diff --git a/sql/backends/monet5/sql_upgrades.c
b/sql/backends/monet5/sql_upgrades.c
--- a/sql/backends/monet5/sql_upgrades.c
+++ b/sql/backends/monet5/sql_upgrades.c
@@ -2573,12 +2573,14 @@ sql_update_default(Client c, mvc *sql, c
pos = snprintf(buf, bufsize, "set schema \"sys\";\n");
- /* 51_sys_schema_extensions, remove stream table
entries */
+ /* 51_sys_schema_extensions, remove stream table
entries and update window function description */
pos += snprintf(buf + pos, bufsize - pos,
"ALTER TABLE sys.keywords SET READ
WRITE;\n"
"DELETE FROM sys.keywords where keyword
= 'STREAM';\n"
"ALTER TABLE sys.table_types SET READ
WRITE;\n"
- "DELETE FROM sys.table_types where
table_type_id = 4;\n");
+ "DELETE FROM sys.table_types where
table_type_id = 4;\n"
+ "ALTER TABLE sys.function_types SET
READ WRITE;\n"
+ "UPDATE sys.function_types SET
function_type_keyword = 'WINDOW' WHERE function_type_id = 6;\n");
/* scoping2 branch changes, the 'users' view has to be
re-created because of the 'schema_path' addition on 'db_user_info' table
However 'dependency_schemas_on_users' has a
dependency on 'users', so it has to be re-created as well */
@@ -2617,7 +2619,8 @@ sql_update_default(Client c, mvc *sql, c
pos = snprintf(buf, bufsize, "set schema \"sys\";\n"
"ALTER TABLE sys.keywords SET READ
ONLY;\n"
- "ALTER TABLE sys.table_types SET READ
ONLY;\n");
+ "ALTER TABLE sys.table_types SET READ
ONLY;\n"
+ "ALTER TABLE sys.function_types SET
READ ONLY;\n");
pos += snprintf(buf + pos, bufsize - pos, "set schema
\"%s\";\n", prev_schema);
assert(pos < bufsize);
printf("Running database upgrade commands:\n%s\n", buf);
diff --git a/sql/scripts/51_sys_schema_extension.sql
b/sql/scripts/51_sys_schema_extension.sql
--- a/sql/scripts/51_sys_schema_extension.sql
+++ b/sql/scripts/51_sys_schema_extension.sql
@@ -348,7 +348,7 @@ INSERT INTO sys.function_types (function
(3, 'Aggregate function', 'AGGREGATE'),
(4, 'Filter function', 'FILTER FUNCTION'),
(5, 'Function returning a table', 'FUNCTION'),
- (6, 'Analytic function', 'FUNCTION'),
+ (6, 'Analytic function', 'WINDOW'),
(7, 'Loader function', 'LOADER');
ALTER TABLE sys.function_types SET READ ONLY;
diff --git a/sql/server/rel_select.c b/sql/server/rel_select.c
--- a/sql/server/rel_select.c
+++ b/sql/server/rel_select.c
@@ -524,6 +524,14 @@ find_table_function(mvc *sql, char *snam
return sql_error(sql, ERR_NOTFOUND, SQLSTATE(42000)
"SELECT: no such %s function %s%s%s'%s'(%s)",
type == F_UNION ?
"table returning" : "loader", sname ? "'":"", sname ? sname : "", sname ?
"'.":"", fname, arg_list ? arg_list : "");
}
+ for (node *n = ff->h; n ; ) { /* Reduce on privileges */
+ sql_subfunc *sf = n->data;
+ node *nn = n->next;
+
+ if (!execute_priv(sql, sf->func))
+ list_remove_node(funcs, n);
+ n = nn;
+ }
len = list_length(ff);
if (len > 1) {
int i, score = 0;
@@ -670,7 +678,7 @@ rel_op_(mvc *sql, char *sname, char *fna
sql_ftype type = (ek.card == card_loader)?F_LOADER:((ek.card ==
card_none)?F_PROC:
((ek.card == card_relation)?F_UNION:F_FUNC));
- if ((f = sql_bind_func(sql, sname, fname, NULL, NULL, type)) &&
check_card(ek.card, f))
+ if ((f = bind_func_(sql, sname, fname, NULL, type)) &&
check_card(ek.card, f))
return exp_op(sql->sa, NULL, f);
return sql_error(sql, ERR_NOTFOUND, SQLSTATE(42000) "SELECT: no such
operator %s%s%s'%s'()", sname ? "'":"", sname ? sname : "", sname ? "'.":"",
fname);
}
@@ -1460,7 +1468,7 @@ rel_filter(mvc *sql, sql_rel *rel, list
list_append(tl, exp_subtype(e));
}
/* find filter function */
- if (!(f = sql_bind_func_(sql, sname, filter_op, tl, F_FILT))) {
+ if (!(f = bind_func_(sql, sname, filter_op, tl, F_FILT))) {
sql->session->status = 0; /* if the function was not found
clean the error */
sql->errstr[0] = '\0';
f = find_func(sql, sname, filter_op, list_length(tl), F_FILT,
NULL);
@@ -1738,6 +1746,15 @@ static sql_exp*
return sql_error(sql, ERR_NOTFOUND, SQLSTATE(42000)
"SELECT: no such operator %s%s%s'%s'(%s)",
sname ? "'":"", sname
? sname : "", sname ? "'.":"", fname, arg_list ? arg_list : "");
}
+ for (node *n = ff->h; n ; ) { /* Reduce on privileges */
+ sql_subfunc *sf = n->data;
+ node *nn = n->next;
+
+ if (!execute_priv(sql, sf->func))
+ list_remove_node(funcs, n);
+ n = nn;
+ }
+
len = list_length(ff);
if (len > 1) {
int i, score = 0;
@@ -2813,6 +2830,8 @@ rel_binop_(mvc *sql, sql_rel *rel, sql_e
/* handle param's early */
if (!t1 || !t2) {
f = sql_resolve_function_with_undefined_parameters(sql, sname,
fname, list_append(list_append(sa_list(sql->sa), t1), t2), type);
+ if (f && !execute_priv(sql, f->func))
+ f = NULL;
if (f) { /* add types using f */
if (!t1) {
sql_subtype *t =
arg_type(f->func->ops->h->data);
@@ -3639,6 +3658,8 @@ static sql_exp *
a = (sql_subfunc *) m->data;
op = a->func->ops->h;
+ if (!execute_priv(sql, a->func))
+ a = NULL;
for (n = exps->h ; a && op && n; op =
op->next, n = n->next ) {
sql_arg *arg = op->data;
sql_exp *e = n->data;
diff --git a/sql/server/rel_updates.c b/sql/server/rel_updates.c
--- a/sql/server/rel_updates.c
+++ b/sql/server/rel_updates.c
@@ -893,7 +893,7 @@ rel_update(mvc *sql, sql_rel *t, sql_rel
sql_exp *
update_check_column(mvc *sql, sql_table *t, sql_column *c, sql_exp *v, sql_rel
*r, char *cname, const char *action)
{
- if (!table_privs(sql, t, PRIV_UPDATE) && !sql_privilege(sql,
sql->user_id, c->base.id, PRIV_UPDATE))
+ if (!table_privs(sql, t, PRIV_UPDATE) && sql_privilege(sql,
sql->user_id, c->base.id, PRIV_UPDATE) < 0)
return sql_error(sql, 02, SQLSTATE(42000) "%s: insufficient
privileges for user '%s' to update table '%s' on column '%s'", action,
get_string_global_var(sql, "current_user"), t->base.name, cname);
if (!v || (v = exp_check_type(sql, &c->type, r, v, type_equal)) == NULL)
return NULL;
diff --git a/sql/server/sql_privileges.c b/sql/server/sql_privileges.c
--- a/sql/server/sql_privileges.c
+++ b/sql/server/sql_privileges.c
@@ -119,7 +119,7 @@ sql_grant_global_privs( mvc *sql, char *
if (grantee_id <= 0)
throw(SQL,"sql.grant_global",SQLSTATE(01007) "GRANT: User/role
'%s' unknown", grantee);
/* first check if privilege isn't already given */
- if ((sql_privilege(sql, grantee_id, GLOBAL_OBJID, privs)))
+ if ((sql_privilege(sql, grantee_id, GLOBAL_OBJID, privs) >= 0))
throw(SQL,"sql.grant_global",SQLSTATE(01007) "GRANT: User/role
'%s' already has this privilege", grantee);
sql_insert_priv(sql, grantee_id, GLOBAL_OBJID, privs, grantor, grant);
tr->schema_updates++;
@@ -165,13 +165,13 @@ sql_grant_table_privs( mvc *sql, char *g
throw(SQL,"sql.grant_table", SQLSTATE(01007) "GRANT: User/role
'%s' unknown", grantee);
/* first check if privilege isn't already given */
if ((privs == all &&
- (sql_privilege(sql, grantee_id, t->base.id, PRIV_SELECT) ||
- sql_privilege(sql, grantee_id, t->base.id, PRIV_UPDATE) ||
- sql_privilege(sql, grantee_id, t->base.id, PRIV_INSERT) ||
- sql_privilege(sql, grantee_id, t->base.id, PRIV_DELETE) ||
- sql_privilege(sql, grantee_id, t->base.id, PRIV_TRUNCATE))) ||
- (privs != all && !c && sql_privilege(sql, grantee_id, t->base.id,
privs)) ||
- (privs != all && c && sql_privilege(sql, grantee_id, c->base.id,
privs))) {
+ (sql_privilege(sql, grantee_id, t->base.id, PRIV_SELECT) >= 0 ||
+ sql_privilege(sql, grantee_id, t->base.id, PRIV_UPDATE) >= 0 ||
+ sql_privilege(sql, grantee_id, t->base.id, PRIV_INSERT) >= 0 ||
+ sql_privilege(sql, grantee_id, t->base.id, PRIV_DELETE) >= 0 ||
+ sql_privilege(sql, grantee_id, t->base.id, PRIV_TRUNCATE) >= 0)) ||
+ (privs != all && !c && sql_privilege(sql, grantee_id, t->base.id,
privs) >= 0) ||
+ (privs != all && c && sql_privilege(sql, grantee_id, c->base.id,
privs) >= 0)) {
throw(SQL, "sql.grant", SQLSTATE(01007) "GRANT: User/role '%s'
already has this privilege", grantee);
}
if (privs == all) {
@@ -213,7 +213,7 @@ sql_grant_func_privs( mvc *sql, char *gr
if (grantee_id <= 0)
throw(SQL, "sql.grant_func", SQLSTATE(01007) "GRANT: User/role
'%s' unknown", grantee);
/* first check if privilege isn't already given */
- if (sql_privilege(sql, grantee_id, f->base.id, privs))
+ if (sql_privilege(sql, grantee_id, f->base.id, privs) >= 0)
throw(SQL,"sql.grant", SQLSTATE(01007) "GRANT: User/role '%s'
already has this privilege", grantee);
sql_insert_priv(sql, grantee_id, f->base.id, privs, grantor, grant);
tr->schema_updates++;
@@ -424,7 +424,7 @@ int
sql_privilege(mvc *m, sqlid auth_id, sqlid obj_id, int priv)
{
oid rid = sql_privilege_rid(m, auth_id, obj_id, priv);
- int res = 0;
+ int res = -1;
if (!is_oid_nil(rid)) {
/* found priv */
@@ -509,7 +509,7 @@ role_granting_privs(mvc *m, oid role_rid
owner_id = table_funcs.column_find_sqlid(m->session->tr, auths_grantor,
role_rid);
if (owner_id == grantor_id)
return true;
- if (sql_privilege(m, grantor_id, role_id, PRIV_ROLE_ADMIN))
+ if (sql_privilege(m, grantor_id, role_id, PRIV_ROLE_ADMIN) ==
PRIV_ROLE_ADMIN)
return true;
/* check for grant rights in the privs table */
return false;
@@ -561,6 +561,7 @@ sql_revoke_role(mvc *m, str grantee, str
sql_schema *sys = find_sql_schema(m->session->tr, "sys");
sql_table *auths = find_sql_table(sys, "auths");
sql_table *roles = find_sql_table(sys, "user_role");
+ sql_table *privs = find_sql_table(sys, "privileges");
sql_column *auths_name = find_sql_column(auths, "name");
sql_column *auths_id = find_sql_column(auths, "id");
sql_column *roles_role_id = find_sql_column(roles, "role_id");
@@ -584,13 +585,12 @@ sql_revoke_role(mvc *m, str grantee, str
table_funcs.table_delete(m->session->tr, roles, rid);
else
throw(SQL,"sql.revoke_role", SQLSTATE(01006) "REVOKE:
User '%s' does not have ROLE '%s'", grantee, role);
- } else {
- rid = sql_privilege_rid(m, grantee_id, role_id,
PRIV_ROLE_ADMIN);
- if (!is_oid_nil(rid))
- table_funcs.table_delete(m->session->tr, roles, rid);
- else
- throw(SQL,"sql.revoke_role", SQLSTATE(01006) "REVOKE:
User '%s' does not have ROLE '%s'", grantee, role);
}
+ rid = sql_privilege_rid(m, grantee_id, role_id, PRIV_ROLE_ADMIN);
+ if (!is_oid_nil(rid))
+ table_funcs.table_delete(m->session->tr, privs, rid);
+ else if (admin)
+ throw(SQL,"sql.revoke_role", SQLSTATE(01006) "REVOKE: User '%s'
does not have ROLE '%s'", grantee, role);
m->session->tr->schema_updates++;
return NULL;
}
diff --git a/sql/storage/bat/bat_storage.c b/sql/storage/bat/bat_storage.c
--- a/sql/storage/bat/bat_storage.c
+++ b/sql/storage/bat/bat_storage.c
@@ -1966,6 +1966,7 @@ clear_delta(sql_trans *tr, sql_delta *ba
{
BAT *b;
BUN sz = 0;
+ int isnew = 0;
if (bat->cached) {
bat_destroy(bat->cached);
@@ -1995,6 +1996,8 @@ clear_delta(sql_trans *tr, sql_delta *ba
}
bat_destroy(b);
}
+ } else {
+ isnew = 1;
}
if (bat->uibid) {
b = temp_descriptor(bat->uibid);
@@ -2012,7 +2015,8 @@ clear_delta(sql_trans *tr, sql_delta *ba
}
bat_destroy(b);
}
- bat->cleared = 1;
+ if (!isnew)
+ bat->cleared = 1;
bat->ibase = 0;
bat->cnt = 0;
bat->ucnt = 0;
@@ -2439,6 +2443,7 @@ tr_update_delta( sql_trans *tr, sql_delt
temp_destroy(obat->ibid);
obat->ibid = cbat->bid;
obat->cnt = cbat->cnt;
+ cbat->bid = cbat->ibid = 0;
} else if (BUNlast(ins) > 0 || cbat->cleared) {
if ((!cbat->ibase && BATcount(ins) > SNAPSHOT_MINSIZE)){
/* swap cur and ins */
diff --git a/sql/storage/store.c b/sql/storage/store.c
--- a/sql/storage/store.c
+++ b/sql/storage/store.c
@@ -2363,6 +2363,11 @@ cleanup_table(sql_table *t)
for (int i = 0; i<spares; i++) {
for (node *m = spare_trans[i]->schemas.set->h; m; m =
m->next) {
sql_schema * schema = m->data;
+
+ if (schema->tables.dset) {
+ list_destroy(schema->tables.dset);
+ schema->tables.dset = NULL;
+ }
node *o = find_sql_table_node(schema,
t->base.id);
if (o) {
list_remove_node(schema->tables.set, o);
@@ -4125,6 +4130,7 @@ rollforward_changeset_updates(sql_trans
list_destroy(fs->dset);
fs->dset = NULL;
}
+ /*
if (!apply && ts->dset) {
for (n = ts->dset->h; ok == LOG_OK && n; n = n->next) {
sql_base *tb = n->data;
@@ -4133,6 +4139,7 @@ rollforward_changeset_updates(sql_trans
ok = rollforward_deletes(tr, tb, mode);
}
}
+ */
if (apply && ts->dset && !cf) {
list_destroy(ts->dset);
ts->dset = NULL;
@@ -6679,7 +6686,8 @@ sql_trans_clear_table(sql_trans *tr, sql
sql_column *c = n->data;
BUN sz = 0, nsz = 0;
- t->cleared = 1;
+ if (!isNew(t))
+ t->cleared = 1;
t->base.wtime = t->s->base.wtime = tr->wtime = tr->wstime;
c->base.wtime = tr->wstime;
diff --git a/sql/test/BugTracker-2020/Tests/All
b/sql/test/BugTracker-2020/Tests/All
--- a/sql/test/BugTracker-2020/Tests/All
+++ b/sql/test/BugTracker-2020/Tests/All
@@ -39,3 +39,5 @@ savepoints_crash_mserver5_1.Bug-7021
savepoints_crash_mserver5_2.Bug-7021
transaction_with_unreleased_savepoint.Bug-7022
view_with_aggr_column.Bug-7023
+delete-transaction-loose-inserts.Bug-7024
+revokeRoleUserLoggedIN.Bug-7026
diff --git
a/sql/test/BugTracker-2020/Tests/delete-transaction-loose-inserts.Bug-7024.sql
b/sql/test/BugTracker-2020/Tests/delete-transaction-loose-inserts.Bug-7024.sql
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list
