use of org.apache.derby.iapi.sql.dictionary.StatementPermission in project derby by apache.
the class SecurityUtil method authorize.
/**
* Raise an exception if the current user does not have permission
* to perform the indicated operation.
*/
public static void authorize(Securable operation) throws StandardException {
LanguageConnectionContext lcc = (LanguageConnectionContext) getContextOrNull(LanguageConnectionContext.CONTEXT_ID);
if (lcc.usesSqlAuthorization()) {
Authorizer authorizer = lcc.getAuthorizer();
DataDictionary dd = lcc.getDataDictionary();
AliasDescriptor ad = dd.getRoutineList(operation.routineSchemaID, operation.routineName, operation.routineType).get(0);
ArrayList<StatementPermission> requiredPermissions = new ArrayList<StatementPermission>();
StatementRoutinePermission executePermission = new StatementRoutinePermission(ad.getObjectID());
requiredPermissions.add(executePermission);
authorizer.authorize(requiredPermissions, lcc.getLastActivation());
}
}
use of org.apache.derby.iapi.sql.dictionary.StatementPermission in project derby by apache.
the class CompilerContextImpl method getRequiredPermissionsList.
/**
* @return The list of required privileges.
*/
public List<StatementPermission> getRequiredPermissionsList() {
int size = 0;
if (requiredRoutinePrivileges != null) {
size += requiredRoutinePrivileges.size();
}
if (requiredUsagePrivileges != null) {
size += requiredUsagePrivileges.size();
}
if (requiredTablePrivileges != null) {
size += requiredTablePrivileges.size();
}
if (requiredSchemaPrivileges != null) {
size += requiredSchemaPrivileges.size();
}
if (requiredColumnPrivileges != null) {
size += requiredColumnPrivileges.size();
}
if (requiredRolePrivileges != null) {
size += requiredRolePrivileges.size();
}
ArrayList<StatementPermission> list = new ArrayList<StatementPermission>(size);
if (requiredRoutinePrivileges != null) {
for (Iterator<UUID> itr = requiredRoutinePrivileges.keySet().iterator(); itr.hasNext(); ) {
UUID routineUUID = itr.next();
list.add(new StatementRoutinePermission(routineUUID));
}
}
if (requiredUsagePrivileges != null) {
for (Iterator<UUID> itr = requiredUsagePrivileges.keySet().iterator(); itr.hasNext(); ) {
UUID objectID = itr.next();
list.add(new StatementGenericPermission(objectID, requiredUsagePrivileges.get(objectID), PermDescriptor.USAGE_PRIV));
}
}
if (requiredTablePrivileges != null) {
for (Iterator<StatementTablePermission> itr = requiredTablePrivileges.values().iterator(); itr.hasNext(); ) {
list.add(itr.next());
}
}
if (requiredSchemaPrivileges != null) {
for (Iterator<StatementSchemaPermission> itr = requiredSchemaPrivileges.values().iterator(); itr.hasNext(); ) {
list.add(itr.next());
}
}
if (requiredColumnPrivileges != null) {
for (Iterator<StatementColumnPermission> itr = requiredColumnPrivileges.values().iterator(); itr.hasNext(); ) {
list.add(itr.next());
}
}
if (requiredRolePrivileges != null) {
for (Iterator<StatementRolePermission> itr = requiredRolePrivileges.values().iterator(); itr.hasNext(); ) {
list.add(itr.next());
}
}
return list;
}
use of org.apache.derby.iapi.sql.dictionary.StatementPermission in project derby by apache.
the class GenericAuthorizer method authorize.
public void authorize(List<StatementPermission> requiredPermissionsList, Activation activation) throws StandardException {
DataDictionary dd = lcc.getDataDictionary();
// requiredPermissionsList for Database Owner
if (requiredPermissionsList != null && !requiredPermissionsList.isEmpty() && !lcc.getCurrentUserId(activation).equals(dd.getAuthorizationDatabaseOwner())) {
int ddMode = dd.startReading(lcc);
/*
* The system may need to read the permission descriptor(s)
* from the system table(s) if they are not available in the
* permission cache. So start an internal read-only nested
* transaction for this.
*
* The reason to use a nested transaction here is to not hold
* locks on system tables on a user transaction. e.g.: when
* attempting to revoke an user, the statement may time out
* since the user-to-be-revoked transaction may have acquired
* shared locks on the permission system tables; hence, this
* may not be desirable.
*
* All locks acquired by StatementPermission object's check()
* method will be released when the system ends the nested
* transaction.
*
* In Derby, the locks from read nested transactions come from
* the same space as the parent transaction; hence, they do not
* conflict with parent locks.
*/
lcc.beginNestedTransaction(true);
try {
try {
// perform the permission checking
for (StatementPermission rp : requiredPermissionsList) {
rp.check(lcc, false, activation);
}
} finally {
dd.doneReading(ddMode, lcc);
}
} finally {
// make sure we commit; otherwise, we will end up with
// mismatch nested level in the language connection context.
lcc.commitNestedTransaction();
}
}
}
use of org.apache.derby.iapi.sql.dictionary.StatementPermission in project derby by apache.
the class DDLConstantAction method storeConstraintDependenciesOnPrivileges.
/**
* This method saves dependencies of constraints on privileges in the
* dependency system. It gets called by CreateConstraintConstantAction.
* Views and triggers and constraints run with definer's privileges. If
* one of the required privileges is revoked from the definer, the
* dependent view/trigger/constraint on that privilege will be dropped
* automatically. In order to implement this behavior, we need to save
* view/trigger/constraint dependencies on required privileges in the
* dependency system. Following method accomplishes that part of the
* equation for constraints only. The dependency collection for
* constraints is not same as for views and triggers and hence
* constraints are handled by this special method.
*
* Views and triggers can depend on many different kind of privileges
* where as constraints only depend on REFERENCES privilege on a table
* (FOREIGN KEY constraints) or EXECUTE privileges on one or more
* functions (CHECK constraints).
*
* Another difference is only one view or trigger can be defined by a
* sql statement and hence all the dependencies collected for the sql
* statement apply to the view or trigger in question. As for constraints,
* one sql statement can defined multiple constraints and hence the
* all the privileges required by the statement are not necessarily
* required by all the constraints defined by that sql statement. We need
* to identify right privileges for right constraints for a given sql
* statement. Because of these differences between constraints and views
* (and triggers), there are 2 different methods in this class to save
* their privileges in the dependency system.
*
* For each required privilege, we now register a dependency on a role if
* that role was required to find an applicable privilege.
*
* @param activation The execution environment for this constant action.
* @param dependent Make this object depend on required privileges
* @param refTableUUID Make sure we are looking for REFERENCES privilege
* for right table
* @param providers set of providers for this constraint
* @exception StandardException Thrown on failure
*/
protected void storeConstraintDependenciesOnPrivileges(Activation activation, Dependent dependent, UUID refTableUUID, ProviderInfo[] providers) throws StandardException {
LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
DataDictionary dd = lcc.getDataDictionary();
DependencyManager dm = dd.getDependencyManager();
String currentUser = lcc.getCurrentUserId(activation);
SettableBoolean roleDepAdded = new SettableBoolean();
// access any objects without any restrictions
if (!currentUser.equals(dd.getAuthorizationDatabaseOwner())) {
PermissionsDescriptor permDesc;
// Now, it is time to add into dependency system the FOREIGN
// constraint's dependency on REFERENCES privilege, or, if it is a
// CHECK constraint, any EXECUTE or USAGE privileges. If the REFERENCES is
// revoked from the constraint owner, the constraint will get
// dropped automatically.
List<StatementPermission> requiredPermissionsList = activation.getPreparedStatement().getRequiredPermissionsList();
if (requiredPermissionsList != null && !requiredPermissionsList.isEmpty()) {
for (StatementPermission statPerm : requiredPermissionsList) {
// are not required for a foreign key constraint.
if (statPerm instanceof StatementTablePermission) {
// It is a table/column level privilege
StatementTablePermission statementTablePermission = (StatementTablePermission) statPerm;
// required privileges list
if (statementTablePermission.getPrivType() != Authorizer.REFERENCES_PRIV)
continue;
// privilege in the required privileges list
if (!statementTablePermission.getTableUUID().equals(refTableUUID))
continue;
} else if (statPerm instanceof StatementSchemaPermission || statPerm instanceof StatementRolePermission || statPerm instanceof StatementGenericPermission) {
continue;
} else {
if (SanityManager.DEBUG) {
SanityManager.ASSERT(statPerm instanceof StatementRoutinePermission, "only StatementRoutinePermission expected");
}
// skip if this permission concerns a function not
// referenced by this constraint
StatementRoutinePermission rp = (StatementRoutinePermission) statPerm;
if (!inProviderSet(providers, rp.getRoutineUUID())) {
continue;
}
}
// We know that we are working with a REFERENCES, EXECUTE, or USAGE
// privilege. Find all the PermissionDescriptors for this
// privilege and make constraint depend on it through
// dependency manager. The REFERENCES privilege could be
// defined at the table level or it could be defined at
// individual column levels. In addition, individual column
// REFERENCES privilege could be available at the user
// level, PUBLIC or role level. EXECUTE and USAGE privileges could be
// available at the user level, PUBLIC or role level.
permDesc = statPerm.getPermissionDescriptor(currentUser, dd);
if (permDesc == null) {
// No privilege exists for given user. The privilege
// has to exist at at PUBLIC level....
permDesc = statPerm.getPermissionDescriptor(Authorizer.PUBLIC_AUTHORIZATION_ID, dd);
// .... or at the role level. Additionally, for column
// level privileges, even if *some* were available at
// the PUBLIC level others may be still be missing,
// hence the call in the test below to
// allColumnsCoveredByUserOrPUBLIC.
boolean roleUsed = false;
if (permDesc == null || ((permDesc instanceof ColPermsDescriptor) && !((StatementColumnPermission) statPerm).allColumnsCoveredByUserOrPUBLIC(currentUser, dd))) {
roleUsed = true;
permDesc = findRoleUsage(activation, statPerm);
}
// for the owner.
if (!permDesc.checkOwner(currentUser)) {
dm.addDependency(dependent, permDesc, lcc.getContextManager());
if (roleUsed) {
// We had to rely on role, so track that
// dependency, too.
trackRoleDependency(activation, dependent, roleDepAdded);
}
}
} else // object's privilege dependency in the dependency system
if (!permDesc.checkOwner(currentUser)) {
dm.addDependency(dependent, permDesc, lcc.getContextManager());
if (permDesc instanceof ColPermsDescriptor) {
// The if statement above means we found a
// REFERENCES privilege at column level for the
// given authorizer. If this privilege doesn't
// cover all the column , then there has to exisit
// REFERENCES for the remaining columns at PUBLIC
// level or at role level. Get that permission
// descriptor and save it in dependency system
StatementColumnPermission statementColumnPermission = (StatementColumnPermission) statPerm;
permDesc = statementColumnPermission.getPUBLIClevelColPermsDescriptor(currentUser, dd);
// into the dependency system
if (permDesc != null && permDesc.getObjectID() != null) {
// User did not have all required column
// permissions and at least one column is
// covered by PUBLIC.
dm.addDependency(dependent, permDesc, lcc.getContextManager());
}
// upon.
if (!statementColumnPermission.allColumnsCoveredByUserOrPUBLIC(currentUser, dd)) {
// Role has been relied upon, so register a
// dependency.
trackRoleDependency(activation, dependent, roleDepAdded);
}
}
}
if (!(statPerm instanceof StatementRoutinePermission)) {
// for this sql statement.
break;
} else {
// For EXECUTE privilege there may be several functions
// referenced in the constraint, so continue looking.
}
}
}
}
}
use of org.apache.derby.iapi.sql.dictionary.StatementPermission in project derby by apache.
the class DDLConstantAction method storeViewTriggerDependenciesOnPrivileges.
/**
* This method saves dependencies of views and triggers on privileges in
* the dependency system. It gets called by CreateViewConstantAction
* and CreateTriggerConstantAction. Views and triggers and constraints
* run with definer's privileges. If one of the required privileges is
* revoked from the definer, the dependent view/trigger/constraint on
* that privilege will be dropped automatically. In order to implement
* this behavior, we need to save view/trigger/constraint dependencies
* on required privileges in the dependency system. Following method
* accomplishes that part of the equation for views and triggers. The
* dependency collection for constraints is not same as for views and
* triggers and hence constraints are not covered by this method.
* Views and triggers can depend on many different kind of privileges
* where as constraints only depend on REFERENCES privilege on a table.
* Another difference is only one view or trigger can be defined by a
* sql statement and hence all the dependencies collected for the sql
* statement apply to the view or trigger in question. As for constraints,
* one sql statement can defined multiple constraints and hence the
* all the privileges required by the statement are not necessarily
* required by all the constraints defined by that sql statement. We need
* to identify right privileges for right constraints for a given sql
* statement. Because of these differences between constraints and views
* (and triggers), there are 2 different methods in this class to save
* their privileges in the dependency system.
*
* For each required privilege, we now register of a dependency on a role
* if that role was required to find an applicable privilege.
*
* @param activation The execution environment for this constant action.
* @param dependent Make this object depend on required privileges
*
* @exception StandardException Thrown on failure
*/
protected void storeViewTriggerDependenciesOnPrivileges(Activation activation, Dependent dependent) throws StandardException {
LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
DataDictionary dd = lcc.getDataDictionary();
DependencyManager dm = dd.getDependencyManager();
String dbo = dd.getAuthorizationDatabaseOwner();
String currentUser = lcc.getCurrentUserId(activation);
SettableBoolean roleDepAdded = new SettableBoolean();
// access any objects without any restrictions.
if (!currentUser.equals(dbo)) {
PermissionsDescriptor permDesc;
List<StatementPermission> requiredPermissionsList = activation.getPreparedStatement().getRequiredPermissionsList();
if (requiredPermissionsList != null && !requiredPermissionsList.isEmpty()) {
for (StatementPermission statPerm : requiredPermissionsList) {
// Also, StatementRolePermission should not occur here.
if (statPerm instanceof StatementSchemaPermission || statPerm instanceof StatementRolePermission) {
if (SanityManager.DEBUG) {
if (statPerm instanceof StatementRolePermission) {
SanityManager.THROWASSERT("Unexpected StatementRolePermission");
}
}
continue;
}
// See if we can find the required privilege for given authorizer?
permDesc = statPerm.getPermissionDescriptor(currentUser, dd);
if (// privilege not found for given authorizer
permDesc == null) {
// The if condition above means that required privilege does
// not exist at the user level. The privilege has to exist at
// PUBLIC level... ,
permDesc = statPerm.getPermissionDescriptor(Authorizer.PUBLIC_AUTHORIZATION_ID, dd);
boolean roleUsed = false;
// .. or at role level
if (permDesc == null || ((permDesc instanceof ColPermsDescriptor) && !((StatementColumnPermission) statPerm).allColumnsCoveredByUserOrPUBLIC(currentUser, dd))) {
roleUsed = true;
permDesc = findRoleUsage(activation, statPerm);
}
// owner.
if (!permDesc.checkOwner(currentUser)) {
dm.addDependency(dependent, permDesc, lcc.getContextManager());
// dependency, too.
if (roleUsed) {
trackRoleDependency(activation, dependent, roleDepAdded);
}
}
continue;
}
// object's privilege dependency in the dependency system
if (!permDesc.checkOwner(currentUser)) {
dm.addDependency(dependent, permDesc, lcc.getContextManager());
if (permDesc instanceof ColPermsDescriptor) {
// For a given table, the table owner can give privileges
// on some columns at individual user level and privileges
// on some columns at PUBLIC level. Hence, when looking for
// column level privileges, we need to look both at user
// level as well as PUBLIC level(only if user level column
// privileges do not cover all the columns accessed by this
// object). We have finished adding dependency for user level
// columns, now we are checking if some required column
// level privileges are at PUBLIC level.
// A specific eg of a view
// user1
// create table t11(c11 int, c12 int);
// grant select(c11) on t1 to user2;
// grant select(c12) on t1 to PUBLIC;
// user2
// create view v1 as select c11 from user1.t11 where c12=2;
// For the view above, there are 2 column level privilege
// depencies, one for column c11 which exists directly
// for user2 and one for column c12 which exists at PUBLIC level.
StatementColumnPermission statementColumnPermission = (StatementColumnPermission) statPerm;
permDesc = statementColumnPermission.getPUBLIClevelColPermsDescriptor(currentUser, dd);
if (permDesc != null && permDesc.getObjectID() != null) {
// User did not have all required column
// permissions and at least one column is
// covered by PUBLIC.
dm.addDependency(dependent, permDesc, lcc.getContextManager());
}
// upon?
if (!statementColumnPermission.allColumnsCoveredByUserOrPUBLIC(currentUser, dd)) {
trackRoleDependency(activation, dependent, roleDepAdded);
}
}
}
}
}
}
}
Aggregations