MonetDB: analyze-fix - Fixing privileges on the analyze call. At...

Thu, 02 Dec 2021 07:58:24 -0800 

Changeset: d90418a227a6 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/d90418a227a6
Modified Files:
        sql/scripts/80_statistics.sql
        sql/server/rel_psm.c
Branch: analyze-fix
Log Message:

Fixing privileges on the analyze call. At the moment anyone can call any 
function, then later checked the permission on individual tables and columns


diffs (53 lines):

diff --git a/sql/scripts/80_statistics.sql b/sql/scripts/80_statistics.sql
--- a/sql/scripts/80_statistics.sql
+++ b/sql/scripts/80_statistics.sql
@@ -8,17 +8,21 @@
 -- This script gives the database administrator insight in the actual
 -- value distribution over all tables in the database.
 
-create procedure sys.analyze()
-external name sql.analyze;
+create procedure sys."analyze"()
+external name sql."analyze";
+grant execute on procedure sys."analyze"() to public;
 
-create procedure sys.analyze("schema" varchar(1024))
-external name sql.analyze;
+create procedure sys."analyze"("sname" varchar(1024))
+external name sql."analyze";
+grant execute on procedure sys."analyze"(varchar(1024)) to public;
 
-create procedure sys.analyze("schema" varchar(1024), "tname" varchar(1024))
-external name sql.analyze;
+create procedure sys."analyze"("sname" varchar(1024), "tname" varchar(1024))
+external name sql."analyze";
+grant execute on procedure sys."analyze"(varchar(1024),varchar(1024)) to 
public;
 
-create procedure sys.analyze("schema" varchar(1024), "tname" varchar(1024), 
"cname" varchar(1024))
-external name sql.analyze;
+create procedure sys."analyze"("sname" varchar(1024), "tname" varchar(1024), 
"cname" varchar(1024))
+external name sql."analyze";
+grant execute on procedure 
sys."analyze"(varchar(1024),varchar(1024),varchar(1024)) to public;
 
 create function sys."statistics"()
 returns table (
diff --git a/sql/server/rel_psm.c b/sql/server/rel_psm.c
--- a/sql/server/rel_psm.c
+++ b/sql/server/rel_psm.c
@@ -1440,12 +1440,16 @@ psm_analyze(sql_query *query, dlist *qna
        if (!columns) {
                if (!(f = sql_bind_func_(sql, "sys", "analyze", tl, F_PROC)))
                        return sql_error(sql, ERR_NOTFOUND, SQLSTATE(42000) 
"Analyze procedure missing");
+               if (!execute_priv(sql, f->func))
+                       return sql_error(sql, 02, SQLSTATE(42000) "No privilege 
to call analyze procedure");
                list_append(analyze_calls, exp_op(sql->sa, exps, f));
        } else {
                if (!sname || !tname)
                        return sql_error(sql, ERR_NOTFOUND, SQLSTATE(42000) 
"Analyze schema or table name missing");
                if (!(f = sql_bind_func_(sql, "sys", "analyze", tl, F_PROC)))
                        return sql_error(sql, ERR_NOTFOUND, SQLSTATE(42000) 
"Analyze procedure missing");
+               if (!execute_priv(sql, f->func))
+                       return sql_error(sql, 02, SQLSTATE(42000) "No privilege 
to call analyze procedure");
                for(dnode *n = columns->h; n; n = n->next) {
                        const char *cname = n->data.sval;
                        list *nexps = list_dup(exps, NULL);
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list

Reply via email to