Search in sources :

Example 1 with StatementPermission

use of org.apache.derby.iapi.sql.dictionary.StatementPermission in project derby by apache.

the class SecurityUtil method authorize.

/**
 * Raise an exception if the current user does not have permission
 * to perform the indicated operation.
 */
public static void authorize(Securable operation) throws StandardException {
    LanguageConnectionContext lcc = (LanguageConnectionContext) getContextOrNull(LanguageConnectionContext.CONTEXT_ID);
    if (lcc.usesSqlAuthorization()) {
        Authorizer authorizer = lcc.getAuthorizer();
        DataDictionary dd = lcc.getDataDictionary();
        AliasDescriptor ad = dd.getRoutineList(operation.routineSchemaID, operation.routineName, operation.routineType).get(0);
        ArrayList<StatementPermission> requiredPermissions = new ArrayList<StatementPermission>();
        StatementRoutinePermission executePermission = new StatementRoutinePermission(ad.getObjectID());
        requiredPermissions.add(executePermission);
        authorizer.authorize(requiredPermissions, lcc.getLastActivation());
    }
}
Also used : StatementPermission(org.apache.derby.iapi.sql.dictionary.StatementPermission) LanguageConnectionContext(org.apache.derby.iapi.sql.conn.LanguageConnectionContext) Authorizer(org.apache.derby.iapi.sql.conn.Authorizer) AliasDescriptor(org.apache.derby.iapi.sql.dictionary.AliasDescriptor) ArrayList(java.util.ArrayList) DataDictionary(org.apache.derby.iapi.sql.dictionary.DataDictionary) StatementRoutinePermission(org.apache.derby.iapi.sql.dictionary.StatementRoutinePermission)

Example 2 with StatementPermission

use of org.apache.derby.iapi.sql.dictionary.StatementPermission in project derby by apache.

the class CompilerContextImpl method getRequiredPermissionsList.

/**
 * @return The list of required privileges.
 */
public List<StatementPermission> getRequiredPermissionsList() {
    int size = 0;
    if (requiredRoutinePrivileges != null) {
        size += requiredRoutinePrivileges.size();
    }
    if (requiredUsagePrivileges != null) {
        size += requiredUsagePrivileges.size();
    }
    if (requiredTablePrivileges != null) {
        size += requiredTablePrivileges.size();
    }
    if (requiredSchemaPrivileges != null) {
        size += requiredSchemaPrivileges.size();
    }
    if (requiredColumnPrivileges != null) {
        size += requiredColumnPrivileges.size();
    }
    if (requiredRolePrivileges != null) {
        size += requiredRolePrivileges.size();
    }
    ArrayList<StatementPermission> list = new ArrayList<StatementPermission>(size);
    if (requiredRoutinePrivileges != null) {
        for (Iterator<UUID> itr = requiredRoutinePrivileges.keySet().iterator(); itr.hasNext(); ) {
            UUID routineUUID = itr.next();
            list.add(new StatementRoutinePermission(routineUUID));
        }
    }
    if (requiredUsagePrivileges != null) {
        for (Iterator<UUID> itr = requiredUsagePrivileges.keySet().iterator(); itr.hasNext(); ) {
            UUID objectID = itr.next();
            list.add(new StatementGenericPermission(objectID, requiredUsagePrivileges.get(objectID), PermDescriptor.USAGE_PRIV));
        }
    }
    if (requiredTablePrivileges != null) {
        for (Iterator<StatementTablePermission> itr = requiredTablePrivileges.values().iterator(); itr.hasNext(); ) {
            list.add(itr.next());
        }
    }
    if (requiredSchemaPrivileges != null) {
        for (Iterator<StatementSchemaPermission> itr = requiredSchemaPrivileges.values().iterator(); itr.hasNext(); ) {
            list.add(itr.next());
        }
    }
    if (requiredColumnPrivileges != null) {
        for (Iterator<StatementColumnPermission> itr = requiredColumnPrivileges.values().iterator(); itr.hasNext(); ) {
            list.add(itr.next());
        }
    }
    if (requiredRolePrivileges != null) {
        for (Iterator<StatementRolePermission> itr = requiredRolePrivileges.values().iterator(); itr.hasNext(); ) {
            list.add(itr.next());
        }
    }
    return list;
}
Also used : ArrayList(java.util.ArrayList) StatementSchemaPermission(org.apache.derby.iapi.sql.dictionary.StatementSchemaPermission) StatementRoutinePermission(org.apache.derby.iapi.sql.dictionary.StatementRoutinePermission) StatementGenericPermission(org.apache.derby.iapi.sql.dictionary.StatementGenericPermission) StatementColumnPermission(org.apache.derby.iapi.sql.dictionary.StatementColumnPermission) StatementPermission(org.apache.derby.iapi.sql.dictionary.StatementPermission) UUID(org.apache.derby.catalog.UUID) StatementTablePermission(org.apache.derby.iapi.sql.dictionary.StatementTablePermission) StatementRolePermission(org.apache.derby.iapi.sql.dictionary.StatementRolePermission)

Example 3 with StatementPermission

use of org.apache.derby.iapi.sql.dictionary.StatementPermission in project derby by apache.

the class GenericAuthorizer method authorize.

public void authorize(List<StatementPermission> requiredPermissionsList, Activation activation) throws StandardException {
    DataDictionary dd = lcc.getDataDictionary();
    // requiredPermissionsList for Database Owner
    if (requiredPermissionsList != null && !requiredPermissionsList.isEmpty() && !lcc.getCurrentUserId(activation).equals(dd.getAuthorizationDatabaseOwner())) {
        int ddMode = dd.startReading(lcc);
        /*
             * The system may need to read the permission descriptor(s) 
             * from the system table(s) if they are not available in the 
             * permission cache.  So start an internal read-only nested 
             * transaction for this.
             * 
             * The reason to use a nested transaction here is to not hold
             * locks on system tables on a user transaction.  e.g.:  when
             * attempting to revoke an user, the statement may time out
             * since the user-to-be-revoked transaction may have acquired 
             * shared locks on the permission system tables; hence, this
             * may not be desirable.  
             * 
             * All locks acquired by StatementPermission object's check()
             * method will be released when the system ends the nested 
             * transaction.
             * 
             * In Derby, the locks from read nested transactions come from
             * the same space as the parent transaction; hence, they do not
             * conflict with parent locks.
             */
        lcc.beginNestedTransaction(true);
        try {
            try {
                // perform the permission checking
                for (StatementPermission rp : requiredPermissionsList) {
                    rp.check(lcc, false, activation);
                }
            } finally {
                dd.doneReading(ddMode, lcc);
            }
        } finally {
            // make sure we commit; otherwise, we will end up with
            // mismatch nested level in the language connection context.
            lcc.commitNestedTransaction();
        }
    }
}
Also used : StatementPermission(org.apache.derby.iapi.sql.dictionary.StatementPermission) DataDictionary(org.apache.derby.iapi.sql.dictionary.DataDictionary)

Example 4 with StatementPermission

use of org.apache.derby.iapi.sql.dictionary.StatementPermission in project derby by apache.

the class DDLConstantAction method storeConstraintDependenciesOnPrivileges.

/**
 *	This method saves dependencies of constraints on privileges in the
 *  dependency system. It gets called by CreateConstraintConstantAction.
 *  Views and triggers and constraints run with definer's privileges. If
 *  one of the required privileges is revoked from the definer, the
 *  dependent view/trigger/constraint on that privilege will be dropped
 *  automatically. In order to implement this behavior, we need to save
 *  view/trigger/constraint dependencies on required privileges in the
 *  dependency system. Following method accomplishes that part of the
 *  equation for constraints only. The dependency collection for
 *  constraints is not same as for views and triggers and hence
 *  constraints are handled by this special method.
 *
 * 	Views and triggers can depend on many different kind of privileges
 *  where as constraints only depend on REFERENCES privilege on a table
 *  (FOREIGN KEY constraints) or EXECUTE privileges on one or more
 *  functions (CHECK constraints).
 *
 *  Another difference is only one view or trigger can be defined by a
 *  sql statement and hence all the dependencies collected for the sql
 *  statement apply to the view or trigger in question. As for constraints,
 *  one sql statement can defined multiple constraints and hence the
 *  all the privileges required by the statement are not necessarily
 *  required by all the constraints defined by that sql statement. We need
 *  to identify right privileges for right constraints for a given sql
 *  statement. Because of these differences between constraints and views
 *  (and triggers), there are 2 different methods in this class to save
 *  their privileges in the dependency system.
 *
 *  For each required privilege, we now register a dependency on a role if
 *  that role was required to find an applicable privilege.
 *
 *  @param activation The execution environment for this constant action.
 *  @param dependent Make this object depend on required privileges
 *  @param refTableUUID Make sure we are looking for REFERENCES privilege
 * 		for right table
 *  @param providers set of providers for this constraint
 * @exception StandardException		Thrown on failure
 */
protected void storeConstraintDependenciesOnPrivileges(Activation activation, Dependent dependent, UUID refTableUUID, ProviderInfo[] providers) throws StandardException {
    LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
    DataDictionary dd = lcc.getDataDictionary();
    DependencyManager dm = dd.getDependencyManager();
    String currentUser = lcc.getCurrentUserId(activation);
    SettableBoolean roleDepAdded = new SettableBoolean();
    // access any objects without any restrictions
    if (!currentUser.equals(dd.getAuthorizationDatabaseOwner())) {
        PermissionsDescriptor permDesc;
        // Now, it is time to add into dependency system the FOREIGN
        // constraint's dependency on REFERENCES privilege, or, if it is a
        // CHECK constraint, any EXECUTE or USAGE privileges. If the REFERENCES is
        // revoked from the constraint owner, the constraint will get
        // dropped automatically.
        List<StatementPermission> requiredPermissionsList = activation.getPreparedStatement().getRequiredPermissionsList();
        if (requiredPermissionsList != null && !requiredPermissionsList.isEmpty()) {
            for (StatementPermission statPerm : requiredPermissionsList) {
                // are not required for a foreign key constraint.
                if (statPerm instanceof StatementTablePermission) {
                    // It is a table/column level privilege
                    StatementTablePermission statementTablePermission = (StatementTablePermission) statPerm;
                    // required privileges list
                    if (statementTablePermission.getPrivType() != Authorizer.REFERENCES_PRIV)
                        continue;
                    // privilege in the required privileges list
                    if (!statementTablePermission.getTableUUID().equals(refTableUUID))
                        continue;
                } else if (statPerm instanceof StatementSchemaPermission || statPerm instanceof StatementRolePermission || statPerm instanceof StatementGenericPermission) {
                    continue;
                } else {
                    if (SanityManager.DEBUG) {
                        SanityManager.ASSERT(statPerm instanceof StatementRoutinePermission, "only StatementRoutinePermission expected");
                    }
                    // skip if this permission concerns a function not
                    // referenced by this constraint
                    StatementRoutinePermission rp = (StatementRoutinePermission) statPerm;
                    if (!inProviderSet(providers, rp.getRoutineUUID())) {
                        continue;
                    }
                }
                // We know that we are working with a REFERENCES, EXECUTE, or USAGE
                // privilege. Find all the PermissionDescriptors for this
                // privilege and make constraint depend on it through
                // dependency manager.  The REFERENCES privilege could be
                // defined at the table level or it could be defined at
                // individual column levels. In addition, individual column
                // REFERENCES privilege could be available at the user
                // level, PUBLIC or role level.  EXECUTE and USAGE privileges could be
                // available at the user level, PUBLIC or role level.
                permDesc = statPerm.getPermissionDescriptor(currentUser, dd);
                if (permDesc == null) {
                    // No privilege exists for given user. The privilege
                    // has to exist at at PUBLIC level....
                    permDesc = statPerm.getPermissionDescriptor(Authorizer.PUBLIC_AUTHORIZATION_ID, dd);
                    // .... or at the role level. Additionally, for column
                    // level privileges, even if *some* were available at
                    // the PUBLIC level others may be still be missing,
                    // hence the call in the test below to
                    // allColumnsCoveredByUserOrPUBLIC.
                    boolean roleUsed = false;
                    if (permDesc == null || ((permDesc instanceof ColPermsDescriptor) && !((StatementColumnPermission) statPerm).allColumnsCoveredByUserOrPUBLIC(currentUser, dd))) {
                        roleUsed = true;
                        permDesc = findRoleUsage(activation, statPerm);
                    }
                    // for the owner.
                    if (!permDesc.checkOwner(currentUser)) {
                        dm.addDependency(dependent, permDesc, lcc.getContextManager());
                        if (roleUsed) {
                            // We had to rely on role, so track that
                            // dependency, too.
                            trackRoleDependency(activation, dependent, roleDepAdded);
                        }
                    }
                } else // object's privilege dependency in the dependency system
                if (!permDesc.checkOwner(currentUser)) {
                    dm.addDependency(dependent, permDesc, lcc.getContextManager());
                    if (permDesc instanceof ColPermsDescriptor) {
                        // The if statement above means we found a
                        // REFERENCES privilege at column level for the
                        // given authorizer. If this privilege doesn't
                        // cover all the column , then there has to exisit
                        // REFERENCES for the remaining columns at PUBLIC
                        // level or at role level.  Get that permission
                        // descriptor and save it in dependency system
                        StatementColumnPermission statementColumnPermission = (StatementColumnPermission) statPerm;
                        permDesc = statementColumnPermission.getPUBLIClevelColPermsDescriptor(currentUser, dd);
                        // into the dependency system
                        if (permDesc != null && permDesc.getObjectID() != null) {
                            // User did not have all required column
                            // permissions and at least one column is
                            // covered by PUBLIC.
                            dm.addDependency(dependent, permDesc, lcc.getContextManager());
                        }
                        // upon.
                        if (!statementColumnPermission.allColumnsCoveredByUserOrPUBLIC(currentUser, dd)) {
                            // Role has been relied upon, so register a
                            // dependency.
                            trackRoleDependency(activation, dependent, roleDepAdded);
                        }
                    }
                }
                if (!(statPerm instanceof StatementRoutinePermission)) {
                    // for this sql statement.
                    break;
                } else {
                // For EXECUTE privilege there may be several functions
                // referenced in the constraint, so continue looking.
                }
            }
        }
    }
}
Also used : PermissionsDescriptor(org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor) DependencyManager(org.apache.derby.iapi.sql.depend.DependencyManager) StatementSchemaPermission(org.apache.derby.iapi.sql.dictionary.StatementSchemaPermission) DataDictionary(org.apache.derby.iapi.sql.dictionary.DataDictionary) StatementRoutinePermission(org.apache.derby.iapi.sql.dictionary.StatementRoutinePermission) StatementGenericPermission(org.apache.derby.iapi.sql.dictionary.StatementGenericPermission) StatementColumnPermission(org.apache.derby.iapi.sql.dictionary.StatementColumnPermission) StatementPermission(org.apache.derby.iapi.sql.dictionary.StatementPermission) ColPermsDescriptor(org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor) LanguageConnectionContext(org.apache.derby.iapi.sql.conn.LanguageConnectionContext) StatementTablePermission(org.apache.derby.iapi.sql.dictionary.StatementTablePermission) StatementRolePermission(org.apache.derby.iapi.sql.dictionary.StatementRolePermission)

Example 5 with StatementPermission

use of org.apache.derby.iapi.sql.dictionary.StatementPermission in project derby by apache.

the class DDLConstantAction method storeViewTriggerDependenciesOnPrivileges.

/**
 *	This method saves dependencies of views and triggers on privileges in
 *  the dependency system. It gets called by CreateViewConstantAction
 *  and CreateTriggerConstantAction. Views and triggers and constraints
 *  run with definer's privileges. If one of the required privileges is
 *  revoked from the definer, the dependent view/trigger/constraint on
 *  that privilege will be dropped automatically. In order to implement
 *  this behavior, we need to save view/trigger/constraint dependencies
 *  on required privileges in the dependency system. Following method
 *  accomplishes that part of the equation for views and triggers. The
 *  dependency collection for constraints is not same as for views and
 *  triggers and hence constraints are not covered by this method.
 *  Views and triggers can depend on many different kind of privileges
 *  where as constraints only depend on REFERENCES privilege on a table.
 *  Another difference is only one view or trigger can be defined by a
 *  sql statement and hence all the dependencies collected for the sql
 *  statement apply to the view or trigger in question. As for constraints,
 *  one sql statement can defined multiple constraints and hence the
 *  all the privileges required by the statement are not necessarily
 *  required by all the constraints defined by that sql statement. We need
 *  to identify right privileges for right constraints for a given sql
 *  statement. Because of these differences between constraints and views
 *  (and triggers), there are 2 different methods in this class to save
 *  their privileges in the dependency system.
 *
 *  For each required privilege, we now register of a dependency on a role
 *  if that role was required to find an applicable privilege.
 *
 *  @param activation The execution environment for this constant action.
 *  @param dependent Make this object depend on required privileges
 *
 * @exception StandardException		Thrown on failure
 */
protected void storeViewTriggerDependenciesOnPrivileges(Activation activation, Dependent dependent) throws StandardException {
    LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
    DataDictionary dd = lcc.getDataDictionary();
    DependencyManager dm = dd.getDependencyManager();
    String dbo = dd.getAuthorizationDatabaseOwner();
    String currentUser = lcc.getCurrentUserId(activation);
    SettableBoolean roleDepAdded = new SettableBoolean();
    // access any objects without any restrictions.
    if (!currentUser.equals(dbo)) {
        PermissionsDescriptor permDesc;
        List<StatementPermission> requiredPermissionsList = activation.getPreparedStatement().getRequiredPermissionsList();
        if (requiredPermissionsList != null && !requiredPermissionsList.isEmpty()) {
            for (StatementPermission statPerm : requiredPermissionsList) {
                // Also, StatementRolePermission should not occur here.
                if (statPerm instanceof StatementSchemaPermission || statPerm instanceof StatementRolePermission) {
                    if (SanityManager.DEBUG) {
                        if (statPerm instanceof StatementRolePermission) {
                            SanityManager.THROWASSERT("Unexpected StatementRolePermission");
                        }
                    }
                    continue;
                }
                // See if we can find the required privilege for given authorizer?
                permDesc = statPerm.getPermissionDescriptor(currentUser, dd);
                if (// privilege not found for given authorizer
                permDesc == null) {
                    // The if condition above means that required privilege does
                    // not exist at the user level. The privilege has to exist at
                    // PUBLIC level... ,
                    permDesc = statPerm.getPermissionDescriptor(Authorizer.PUBLIC_AUTHORIZATION_ID, dd);
                    boolean roleUsed = false;
                    // .. or at role level
                    if (permDesc == null || ((permDesc instanceof ColPermsDescriptor) && !((StatementColumnPermission) statPerm).allColumnsCoveredByUserOrPUBLIC(currentUser, dd))) {
                        roleUsed = true;
                        permDesc = findRoleUsage(activation, statPerm);
                    }
                    // owner.
                    if (!permDesc.checkOwner(currentUser)) {
                        dm.addDependency(dependent, permDesc, lcc.getContextManager());
                        // dependency, too.
                        if (roleUsed) {
                            trackRoleDependency(activation, dependent, roleDepAdded);
                        }
                    }
                    continue;
                }
                // object's privilege dependency in the dependency system
                if (!permDesc.checkOwner(currentUser)) {
                    dm.addDependency(dependent, permDesc, lcc.getContextManager());
                    if (permDesc instanceof ColPermsDescriptor) {
                        // For a given table, the table owner can give privileges
                        // on some columns at individual user level and privileges
                        // on some columns at PUBLIC level. Hence, when looking for
                        // column level privileges, we need to look both at user
                        // level as well as PUBLIC level(only if user level column
                        // privileges do not cover all the columns accessed by this
                        // object). We have finished adding dependency for user level
                        // columns, now we are checking if some required column
                        // level privileges are at PUBLIC level.
                        // A specific eg of a view
                        // user1
                        // create table t11(c11 int, c12 int);
                        // grant select(c11) on t1 to user2;
                        // grant select(c12) on t1 to PUBLIC;
                        // user2
                        // create view v1 as select c11 from user1.t11 where c12=2;
                        // For the view above, there are 2 column level privilege
                        // depencies, one for column c11 which exists directly
                        // for user2 and one for column c12 which exists at PUBLIC level.
                        StatementColumnPermission statementColumnPermission = (StatementColumnPermission) statPerm;
                        permDesc = statementColumnPermission.getPUBLIClevelColPermsDescriptor(currentUser, dd);
                        if (permDesc != null && permDesc.getObjectID() != null) {
                            // User did not have all required column
                            // permissions and at least one column is
                            // covered by PUBLIC.
                            dm.addDependency(dependent, permDesc, lcc.getContextManager());
                        }
                        // upon?
                        if (!statementColumnPermission.allColumnsCoveredByUserOrPUBLIC(currentUser, dd)) {
                            trackRoleDependency(activation, dependent, roleDepAdded);
                        }
                    }
                }
            }
        }
    }
}
Also used : PermissionsDescriptor(org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor) DependencyManager(org.apache.derby.iapi.sql.depend.DependencyManager) StatementSchemaPermission(org.apache.derby.iapi.sql.dictionary.StatementSchemaPermission) DataDictionary(org.apache.derby.iapi.sql.dictionary.DataDictionary) StatementColumnPermission(org.apache.derby.iapi.sql.dictionary.StatementColumnPermission) StatementPermission(org.apache.derby.iapi.sql.dictionary.StatementPermission) ColPermsDescriptor(org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor) LanguageConnectionContext(org.apache.derby.iapi.sql.conn.LanguageConnectionContext) StatementRolePermission(org.apache.derby.iapi.sql.dictionary.StatementRolePermission)

Aggregations

StatementPermission (org.apache.derby.iapi.sql.dictionary.StatementPermission)5 DataDictionary (org.apache.derby.iapi.sql.dictionary.DataDictionary)4 LanguageConnectionContext (org.apache.derby.iapi.sql.conn.LanguageConnectionContext)3 StatementColumnPermission (org.apache.derby.iapi.sql.dictionary.StatementColumnPermission)3 StatementRolePermission (org.apache.derby.iapi.sql.dictionary.StatementRolePermission)3 StatementRoutinePermission (org.apache.derby.iapi.sql.dictionary.StatementRoutinePermission)3 StatementSchemaPermission (org.apache.derby.iapi.sql.dictionary.StatementSchemaPermission)3 ArrayList (java.util.ArrayList)2 DependencyManager (org.apache.derby.iapi.sql.depend.DependencyManager)2 ColPermsDescriptor (org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor)2 PermissionsDescriptor (org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor)2 StatementGenericPermission (org.apache.derby.iapi.sql.dictionary.StatementGenericPermission)2 StatementTablePermission (org.apache.derby.iapi.sql.dictionary.StatementTablePermission)2 UUID (org.apache.derby.catalog.UUID)1 Authorizer (org.apache.derby.iapi.sql.conn.Authorizer)1 AliasDescriptor (org.apache.derby.iapi.sql.dictionary.AliasDescriptor)1