Catalog_Namespace::SysCatalog Class Reference

#include <SysCatalog.h>

Inheritance diagram for Catalog_Namespace::SysCatalog:

Collaboration diagram for Catalog_Namespace::SysCatalog:

Public Member Functions
void	init (const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)
std::shared_ptr< Catalog >	login (std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)
std::shared_ptr< Catalog >	switchDatabase (std::string &dbname, const std::string &username)
void	createUser (const std::string &name, const std::string &passwd, bool issuper, const std::string &dbname, bool can_login)
void	dropUser (const std::string &name)
void	alterUser (const int32_t userid, const std::string *passwd, bool *issuper, const std::string *dbname, bool *can_login)
void	renameUser (std::string const &old_name, std::string const &new_name)
void	createDatabase (const std::string &dbname, int owner)
void	renameDatabase (std::string const &old_name, std::string const &new_name)
void	dropDatabase (const DBMetadata &db)
bool	getMetadataForUser (const std::string &name, UserMetadata &user)
bool	getMetadataForUserById (const int32_t idIn, UserMetadata &user)
bool	checkPasswordForUser (const std::string &passwd, std::string &name, UserMetadata &user)
bool	getMetadataForDB (const std::string &name, DBMetadata &db)
Data_Namespace::DataMgr &	getDataMgr () const
Calcite &	getCalciteMgr () const
const std::string &	getCatalogBasePath () const
SqliteConnector *	getSqliteConnector ()
std::list< DBMetadata >	getAllDBMetadata ()
std::list< UserMetadata >	getAllUserMetadata ()
std::list< UserMetadata >	getAllUserMetadata (const int64_t dbId)
DBSummaryList	getDatabaseListForUser (const UserMetadata &user)
void	createDBObject (const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)
void	renameDBObject (const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)
void	grantDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
void	grantDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void	revokeDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
void	revokeDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void	revokeDBObjectPrivilegesFromAll (DBObject object, Catalog *catalog)
void	revokeDBObjectPrivilegesFromAll_unsafe (DBObject object, Catalog *catalog)
void	revokeDBObjectPrivilegesFromAllBatch (std::vector< DBObject > &objects, Catalog *catalog)
void	revokeDBObjectPrivilegesFromAllBatch_unsafe (std::vector< DBObject > &objects, Catalog *catalog)
void	getDBObjectPrivileges (const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
bool	verifyDBObjectOwnership (const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
void	changeDBObjectOwnership (const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)
void	createRole (const std::string &roleName, const bool &userPrivateRole=false)
void	dropRole (const std::string &roleName)
void	grantRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void	grantRole (const std::string &role, const std::string &grantee)
void	revokeRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void	revokeRole (const std::string &role, const std::string &grantee)
bool	hasAnyPrivileges (const UserMetadata &user, std::vector< DBObject > &privObjects)
bool	checkPrivileges (const UserMetadata &user, const std::vector< DBObject > &privObjects) const
bool	checkPrivileges (const std::string &userName, const std::vector< DBObject > &privObjects) const
Grantee *	getGrantee (const std::string &name) const
Role *	getRoleGrantee (const std::string &name) const
User *	getUserGrantee (const std::string &name) const
std::vector < ObjectRoleDescriptor * >	getMetadataForObject (int32_t dbId, int32_t dbType, int32_t objectId) const
bool	isRoleGrantedToGrantee (const std::string &granteeName, const std::string &roleName, bool only_direct) const
std::vector< std::string >	getRoles (bool userPrivateRole, bool isSuper, const std::string &userName)
std::vector< std::string >	getRoles (const std::string &userName, const int32_t dbId)
void	revokeDashboardSystemRole (const std::string roleName, const std::vector< std::string > grantees)
bool	isAggregator () const
void	populateRoleDbObjects (const std::vector< DBObject > &objects)
std::string	name () const
void	renameObjectsInDescriptorMap (DBObject &object, const Catalog_Namespace::Catalog &cat)
void	syncUserWithRemoteProvider (const std::string &user_name, std::vector< std::string > idp_roles, bool *issuper)
std::unordered_map < std::string, std::vector < std::string > >	getGranteesOfSharedDashboards (const std::vector< std::string > &dashboard_ids)
void	check_for_session_encryption (const std::string &pki_cert, std::string &session)
std::vector< std::shared_ptr < Catalog > >	getCatalogsForAllDbs ()
std::shared_ptr< Catalog >	getDummyCatalog ()
std::shared_ptr< Catalog >	getCatalog (const std::string &dbName)
std::shared_ptr< Catalog >	getCatalog (const int32_t db_id)
std::shared_ptr< Catalog >	getCatalog (const DBMetadata &curDB, bool is_new_db)
void	removeCatalog (const std::string &dbName)
virtual	~SysCatalog ()

Static Public Member Functions
static SysCatalog &	instance ()
static void	destroy ()

Public Attributes
std::mutex	sqliteMutex_
mapd_shared_mutex	sharedMutex_
std::atomic< std::thread::id >	thread_holding_sqlite_lock
std::atomic< std::thread::id >	thread_holding_write_lock
std::shared_ptr< Catalog >	dummyCatalog_

Static Public Attributes
static thread_local bool	thread_holds_read_lock = false

Private Types
using	GranteeMap = std::map< std::string, Grantee * >
using	ObjectRoleDescriptorMap = std::multimap< std::string, ObjectRoleDescriptor * >
using	dbid_to_cat_map = tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >>

Private Member Functions
	SysCatalog ()
void	initDB ()
void	buildRoleMap ()
void	buildUserRoleMap ()
void	buildObjectDescriptorMap ()
void	checkAndExecuteMigrations ()
void	importDataFromOldMapdDB ()
void	createUserRoles ()
void	addAdminUserRole ()
void	migratePrivileges ()
void	migratePrivileged_old ()
void	updateUserSchema ()
void	updatePasswordsToHashes ()
void	updateBlankPasswordsToRandom ()
void	updateSupportUserDeactivation ()
void	migrateDBAccessPrivileges ()
void	loginImpl (std::string &username, const std::string &password, UserMetadata &user_meta)
bool	checkPasswordForUserImpl (const std::string &passwd, std::string &name, UserMetadata &user)
void	grantDefaultPrivilegesToRole_unsafe (const std::string &name, bool issuper)
void	createRole_unsafe (const std::string &roleName, const bool userPrivateRole=false)
void	dropRole_unsafe (const std::string &roleName)
void	grantRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void	grantRole_unsafe (const std::string &roleName, const std::string &granteeName)
void	revokeRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void	revokeRole_unsafe (const std::string &roleName, const std::string &granteeName)
void	updateObjectDescriptorMap (const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
void	deleteObjectDescriptorMap (const std::string &roleName)
void	deleteObjectDescriptorMap (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &cat)
void	grantDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void	grantDBObjectPrivileges_unsafe (const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void	revokeDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void	revokeDBObjectPrivileges_unsafe (const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
void	grantAllOnDatabase_unsafe (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
void	revokeAllOnDatabase_unsafe (const std::string &roleName, int32_t dbId, Grantee *grantee)
bool	isDashboardSystemRole (const std::string &roleName)
void	updateUserRoleName (const std::string &roleName, const std::string &newName)
void	getMetadataWithDefaultDB (std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
bool	getMetadataForDBById (const int32_t idIn, DBMetadata &db)
bool	allowLocalLogin () const
template<typename F , typename... Args>
void	execInTransaction (F &&f, Args &&...args)
auto	yieldTransactionStreamer ()
Private Member Functions inherited from Catalog_Namespace::CommonFileOperations
	CommonFileOperations (std::string const &base_path)
void	removeCatalogByFullPath (std::string const &full_path)
void	removeCatalogByName (std::string const &name)
auto	duplicateAndRenameCatalog (std::string const &current_name, std::string const &new_name)
auto	assembleCatalogName (std::string const &name)

Private Attributes
std::string	basePath_
GranteeMap	granteeMap_
ObjectRoleDescriptorMap	objectDescriptorMap_
std::unique_ptr< SqliteConnector >	sqliteConnector_
std::shared_ptr < Data_Namespace::DataMgr >	dataMgr_
std::unique_ptr< PkiServer >	pki_server_
const AuthMetadata *	authMetadata_
std::shared_ptr< Calcite >	calciteMgr_
std::vector< LeafHostInfo >	string_dict_hosts_
bool	aggregator_
dbid_to_cat_map	cat_map_

Static Private Attributes
static std::unique_ptr < SysCatalog >	instance_

Detailed Description

Definition at line 150 of file SysCatalog.h.

Member Typedef Documentation

using Catalog_Namespace::SysCatalog::dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>

private

Definition at line 427 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::GranteeMap = std::map<std::string, Grantee*>

private

Definition at line 324 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::ObjectRoleDescriptorMap = std::multimap<std::string, ObjectRoleDescriptor*>

private

Definition at line 325 of file SysCatalog.h.

Constructor & Destructor Documentation

Catalog_Namespace::SysCatalog::~SysCatalog ( )

virtual

Definition at line 194 of file SysCatalog.cpp.

                        {
  sys_write_lock write_lock(this);
  for (auto grantee = granteeMap_.begin(); grantee != granteeMap_.end(); ++grantee) {
    delete grantee->second;
  }
  granteeMap_.clear();
  for (ObjectRoleDescriptorMap::iterator objectIt = objectDescriptorMap_.begin();
       objectIt != objectDescriptorMap_.end();) {
    ObjectRoleDescriptorMap::iterator eraseIt = objectIt++;
    delete eraseIt->second;
  }
  objectDescriptorMap_.clear();

  cat_map_.clear();
}

Catalog_Namespace::SysCatalog::SysCatalog ( )

inlineprivate

Definition at line 327 of file SysCatalog.h.

Referenced by instance().

      : CommonFileOperations(basePath_)
      , aggregator_(false)
      , sqliteMutex_()
      , sharedMutex_()
      , thread_holding_sqlite_lock(std::thread::id())
      , thread_holding_write_lock(std::thread::id())
      , dummyCatalog_(std::make_shared<Catalog>()) {}

Here is the caller graph for this function:

Member Function Documentation

void Catalog_Namespace::SysCatalog::addAdminUserRole ( )

private

Definition at line 537 of file SysCatalog.cpp.

References OMNISCI_ROOT_USER.

                                  {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query(
        "SELECT roleName FROM mapd_object_permissions WHERE roleName = \'" +
        OMNISCI_ROOT_USER + "\'");
    if (sqliteConnector_->getNumRows() != 0) {
      // already done
      sqliteConnector_->query("END TRANSACTION");
      return;
    }

    createRole_unsafe(OMNISCI_ROOT_USER, true);
  } catch (const std::exception&) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

bool Catalog_Namespace::SysCatalog::allowLocalLogin ( ) const

private

For servers configured to use external authentication providers, determine whether users will be allowed to fallback to local login accounts. If no external providers are configured, returns true.

void Catalog_Namespace::SysCatalog::alterUser	(	const int32_t	userid,
		const std::string *	passwd,
		bool *	issuper,
		const std::string *	dbname,
		bool *	can_login
	)

Definition at line 943 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::append_with_commas, Catalog_Namespace::DBMetadata::dbId, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), and to_string().

                                            {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    string sql;
    std::vector<std::string> values;
    if (passwd != nullptr) {
      append_with_commas(sql, "passwd_hash = ?");
      values.push_back(hash_with_bcrypt(*passwd));
    }
    if (issuper != nullptr) {
      append_with_commas(sql, "issuper = ?");
      values.push_back(std::to_string(*issuper));
    }
    if (dbname != nullptr) {
      if (!dbname->empty()) {
        append_with_commas(sql, "default_db = ?");
        DBMetadata db;
        if (!SysCatalog::instance().getMetadataForDB(*dbname, db)) {
          throw runtime_error(string("DEFAULT_DB ") + *dbname + " not found.");
        }
        values.push_back(std::to_string(db.dbId));
      } else {
        append_with_commas(sql, "default_db = NULL");
      }
    }
    if (can_login != nullptr) {
      append_with_commas(sql, "can_login = ?");
      values.push_back(std::to_string(*can_login));
    }

    sql = "UPDATE mapd_users SET " + sql + " WHERE userid = ?";
    values.push_back(std::to_string(userid));

    sqliteConnector_->query_with_text_params(sql, values);
  } catch (const std::exception& e) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::buildObjectDescriptorMap ( )

private

Definition at line 2294 of file SysCatalog.cpp.

References ObjectRoleDescriptor::dbId, ObjectRoleDescriptor::objectId, ObjectRoleDescriptor::objectName, ObjectRoleDescriptor::objectOwnerId, ObjectRoleDescriptor::objectType, AccessPrivileges::privileges, ObjectRoleDescriptor::privs, test_fsi::r, ObjectRoleDescriptor::roleName, ObjectRoleDescriptor::roleType, and to_string().

                                          {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);
  string objectQuery(
      "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
      "objectPermissions, objectOwnerId, objectName "
      "from mapd_object_permissions");
  sqliteConnector_->query(objectQuery);
  size_t numRows = sqliteConnector_->getNumRows();
  for (size_t r = 0; r < numRows; ++r) {
    ObjectRoleDescriptor* od = new ObjectRoleDescriptor();
    od->roleName = sqliteConnector_->getData<string>(r, 0);
    od->roleType = sqliteConnector_->getData<bool>(r, 1);
    od->objectType = sqliteConnector_->getData<int>(r, 2);
    od->dbId = sqliteConnector_->getData<int>(r, 3);
    od->objectId = sqliteConnector_->getData<int>(r, 4);
    od->privs.privileges = sqliteConnector_->getData<int>(r, 5);
    od->objectOwnerId = sqliteConnector_->getData<int>(r, 6);
    od->objectName = sqliteConnector_->getData<string>(r, 7);
    objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
        std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
            std::to_string(od->objectId),
        od));
  }
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::buildRoleMap ( )

private

Definition at line 2176 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::fromString(), setup::name, AccessPrivileges::privileges, test_fsi::r, and to_upper().

                              {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);
  string roleQuery(
      "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
      "objectPermissions, objectOwnerId, objectName "
      "from mapd_object_permissions");
  sqliteConnector_->query(roleQuery);
  size_t numRows = sqliteConnector_->getNumRows();
  std::vector<std::string> objectKeyStr(4);
  DBObjectKey objectKey;
  AccessPrivileges privs;
  bool userPrivateRole{false};
  for (size_t r = 0; r < numRows; ++r) {
    std::string roleName = sqliteConnector_->getData<string>(r, 0);
    userPrivateRole = sqliteConnector_->getData<bool>(r, 1);
    DBObjectType permissionType =
        static_cast<DBObjectType>(sqliteConnector_->getData<int>(r, 2));
    objectKeyStr[0] = sqliteConnector_->getData<string>(r, 2);
    objectKeyStr[1] = sqliteConnector_->getData<string>(r, 3);
    objectKeyStr[2] = sqliteConnector_->getData<string>(r, 4);
    objectKey = DBObjectKey::fromString(objectKeyStr, permissionType);
    privs.privileges = sqliteConnector_->getData<int>(r, 5);
    int32_t owner = sqliteConnector_->getData<int>(r, 6);
    std::string name = sqliteConnector_->getData<string>(r, 7);

    DBObject dbObject(objectKey, privs, owner);
    dbObject.setName(name);
    if (-1 == objectKey.objectId) {
      dbObject.setObjectType(DBObjectType::DatabaseDBObjectType);
    } else {
      dbObject.setObjectType(permissionType);
    }

    auto* rl = getGrantee(roleName);
    if (!rl) {
      if (userPrivateRole) {
        rl = new User(roleName);
      } else {
        rl = new Role(roleName);
      }
      granteeMap_[to_upper(roleName)] = rl;
    }
    rl->grantPrivileges(dbObject);
  }
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::buildUserRoleMap ( )

private

Definition at line 2246 of file SysCatalog.cpp.

References i, OMNISCI_ROOT_USER, and test_fsi::r.

                                  {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);
  std::vector<std::pair<std::string, std::string>> granteeRooles;
  string userRoleQuery("SELECT roleName, userName from mapd_roles");
  sqliteConnector_->query(userRoleQuery);
  size_t numRows = sqliteConnector_->getNumRows();
  for (size_t r = 0; r < numRows; ++r) {
    std::string roleName = sqliteConnector_->getData<string>(r, 0);
    std::string userName = sqliteConnector_->getData<string>(r, 1);
    // required for declared nomenclature before v4.0.0
    if ((boost::equals(roleName, "mapd_default_suser_role") &&
         boost::equals(userName, OMNISCI_ROOT_USER)) ||
        (boost::equals(roleName, "mapd_default_user_role") &&
         !boost::equals(userName, "mapd_default_user_role"))) {
      // grouprole already exists with roleName==userName in mapd_roles table
      // ignore duplicate instances of userRole which exists before v4.0.0
      continue;
    }
    auto* rl = getGrantee(roleName);
    if (!rl) {
      throw runtime_error("Data inconsistency when building role map. Role " + roleName +
                          " from db not found in the map.");
    }
    std::pair<std::string, std::string> roleVecElem(roleName, userName);
    granteeRooles.push_back(roleVecElem);
  }

  for (size_t i = 0; i < granteeRooles.size(); i++) {
    std::string roleName = granteeRooles[i].first;
    std::string granteeName = granteeRooles[i].second;
    auto* grantee = getGrantee(granteeName);
    if (!grantee) {
      throw runtime_error("Data inconsistency when building role map. Grantee " +
                          granteeName + " not found in the map.");
    }
    if (granteeName == roleName) {
      continue;
    }
    Role* rl = dynamic_cast<Role*>(getGrantee(roleName));
    if (!rl) {
      throw runtime_error("Data inconsistency when building role map. Role " + roleName +
                          " not found in the map.");
    }
    grantee->grantRole(rl);
  }
}

void Catalog_Namespace::SysCatalog::changeDBObjectOwnership	(	const UserMetadata &	new_owner,
		const UserMetadata &	previous_owner,
		DBObject	object,
		const Catalog_Namespace::Catalog &	catalog,
		bool	revoke_privileges = true
	)

Change ownership of a DBObject

Parameters

new_owner	- new owner of DBObject
previous_owner	- previous owner of DBObject
object	- DBObject to change ownership of
catalog	- Catalog instance object exists in
revoke_privileges	- if true, revoke previous_owner's privileges

Definition at line 1740 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, Catalog_Namespace::UserMetadata::isSuper, ServerDBObjectType, TableDBObjectType, UNREACHABLE, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userName, and ViewDBObjectType.

                                                                 {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);
  object.loadKey(catalog);
  switch (object.getType()) {
    case TableDBObjectType:
      object.setPrivileges(AccessPrivileges::ALL_TABLE);
      break;
    case DashboardDBObjectType:
      object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
      break;
    case ServerDBObjectType:
      object.setPrivileges(AccessPrivileges::ALL_SERVER);
      break;
    case DatabaseDBObjectType:
      object.setPrivileges(AccessPrivileges::ALL_DATABASE);
      break;
    case ViewDBObjectType:
      object.setPrivileges(AccessPrivileges::ALL_VIEW);
      break;
    default:
      UNREACHABLE();  // unkown object type
      break;
  }
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    if (!new_owner.isSuper) {  // no need to grant to suser, has all privs by default
      grantDBObjectPrivileges_unsafe(new_owner.userName, object, catalog);
    }
    if (!previous_owner.isSuper && revoke_privileges) {  // no need to revoke from suser
      revokeDBObjectPrivileges_unsafe(previous_owner.userName, object, catalog);
    }
  } catch (std::exception& e) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
  object.setOwner(new_owner.userId);  // change owner if no exceptions happen
}

void Catalog_Namespace::SysCatalog::check_for_session_encryption	(	const std::string &	pki_cert,
		std::string &	session
	)

Definition at line 835 of file SysCatalog.cpp.

                                                                  {
  if (!pki_server_->inUse()) {
    return;
  }
  pki_server_->encrypt_session(pki_cert, session);
}

void Catalog_Namespace::SysCatalog::checkAndExecuteMigrations ( )

private

Definition at line 249 of file SysCatalog.cpp.

                                           {
  migratePrivileged_old();
  createUserRoles();
  migratePrivileges();
  migrateDBAccessPrivileges();
  updateUserSchema();  // must come before updatePasswordsToHashes()
  updatePasswordsToHashes();
  updateBlankPasswordsToRandom();  // must come after updatePasswordsToHashes()
  updateSupportUserDeactivation();
  addAdminUserRole();
}

bool Catalog_Namespace::SysCatalog::checkPasswordForUser	(	const std::string &	passwd,
		std::string &	name,
		UserMetadata &	user
	)

Definition at line 1264 of file SysCatalog.cpp.

                                                          {
  return checkPasswordForUserImpl(passwd, name, user);
}

bool Catalog_Namespace::SysCatalog::checkPasswordForUserImpl ( const std::string &  passwd, std::string &  name, UserMetadata &  user  )

private

Definition at line 1270 of file SysCatalog.cpp.

References CHECK, LOG, Catalog_Namespace::UserMetadata::passwd_hash, and logger::WARNING.

                                                              {
  sys_read_lock read_lock(this);
  if (!getMetadataForUser(name, user)) {
    // Check password against some fake hash just to waste time so that response times
    // for invalid password and invalid user are similar and a caller can't say the
    // difference
    char fake_hash[BCRYPT_HASHSIZE];
    CHECK(bcrypt_gensalt(-1, fake_hash) == 0);
    bcrypt_checkpw(passwd.c_str(), fake_hash);
    LOG(WARNING) << "Local login failed";
    return false;
  }
  int pwd_check_result = bcrypt_checkpw(passwd.c_str(), user.passwd_hash.c_str());
  // if the check fails there is a good chance that data on disc is broken
  CHECK(pwd_check_result >= 0);
  return pwd_check_result == 0;
}

bool Catalog_Namespace::SysCatalog::checkPrivileges	(	const UserMetadata &	user,
		const std::vector< DBObject > &	privObjects
	)		const

Definition at line 2035 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::SessionInfo::checkDBAccessPrivileges().

                                                                               {
  sys_read_lock read_lock(this);
  if (user.isSuper) {
    return true;
  }

  auto* user_rl = instance().getUserGrantee(user.userName);
  if (!user_rl) {
    throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
                        " does not exist.");
  }
  for (auto& object : privObjects) {
    if (!user_rl->checkPrivileges(object)) {
      return false;
    }
  }
  return true;
}

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPrivileges	(	const std::string &	userName,
		const std::vector< DBObject > &	privObjects
	)		const

Definition at line 2055 of file SysCatalog.cpp.

References Catalog_Namespace::g_log_user_id.

                                                                               {
  UserMetadata user;
  if (!instance().getMetadataForUser(userName, user)) {
    std::string const loggable = g_log_user_id ? std::string("") : userName + ' ';
    throw runtime_error("Request to check privileges for user " + loggable +
                        "failed because user with this name does not exist.");
  }
  return (checkPrivileges(user, privObjects));
}

void Catalog_Namespace::SysCatalog::createDatabase	(	const std::string &	dbname,
		int	owner
	)

Definition at line 1104 of file SysCatalog.cpp.

References cat(), CHECK, DatabaseDBObjectType, g_enable_fsi, OMNISCI_ROOT_USER_ID, OMNISCI_SYSTEM_CATALOG, to_string(), to_upper(), and Catalog_Namespace::UserMetadata::userName.

                                                             {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);

  DBMetadata db;
  if (getMetadataForDB(name, db)) {
    throw runtime_error("Database " + name + " already exists.");
  }
  if (to_upper(name) == to_upper(OMNISCI_SYSTEM_CATALOG)) {
    throw runtime_error("Database name " + name + " is reserved.");
  }

  std::unique_ptr<SqliteConnector> dbConn(
      new SqliteConnector(name, basePath_ + "/mapd_catalogs/"));
  // NOTE(max): it's okay to run this in a separate transaction. If we fail later
  // we delete the database anyways.
  // If we run it in the same transaction as SysCatalog functions, then Catalog
  // constructor won't find the tables we have just created.
  dbConn->query("BEGIN TRANSACTION");
  try {
    dbConn->query(
        "CREATE TABLE mapd_tables (tableid integer primary key, name text unique, userid "
        "integer, ncolumns integer, "
        "isview boolean, "
        "fragments text, frag_type integer, max_frag_rows integer, max_chunk_size "
        "bigint, "
        "frag_page_size integer, "
        "max_rows bigint, partitions text, shard_column_id integer, shard integer, "
        "sort_column_id integer default 0, storage_type text default '', "
        "max_rollback_epochs integer default -1, "
        "num_shards integer, key_metainfo TEXT, version_num "
        "BIGINT DEFAULT 1) ");
    dbConn->query(
        "CREATE TABLE mapd_columns (tableid integer references mapd_tables, columnid "
        "integer, name text, coltype "
        "integer, colsubtype integer, coldim integer, colscale integer, is_notnull "
        "boolean, compression integer, "
        "comp_param integer, size integer, chunks text, is_systemcol boolean, "
        "is_virtualcol boolean, virtual_expr "
        "text, is_deletedcol boolean, version_num BIGINT, "
        "primary key(tableid, columnid), unique(tableid, name))");
    dbConn->query(
        "CREATE TABLE mapd_views (tableid integer references mapd_tables, sql text)");
    dbConn->query(
        "CREATE TABLE mapd_dashboards (id integer primary key autoincrement, name text , "
        "userid integer references mapd_users, state text, image_hash text, update_time "
        "timestamp, "
        "metadata text, UNIQUE(userid, name) )");
    dbConn->query(
        "CREATE TABLE mapd_links (linkid integer primary key, userid integer references "
        "mapd_users, "
        "link text unique, view_state text, update_time timestamp, view_metadata text)");
    dbConn->query(
        "CREATE TABLE mapd_dictionaries (dictid integer primary key, name text unique, "
        "nbits int, is_shared boolean, "
        "refcount int, version_num BIGINT DEFAULT 1)");
    dbConn->query(
        "CREATE TABLE mapd_logical_to_physical(logical_table_id integer, "
        "physical_table_id "
        "integer)");
    dbConn->query("CREATE TABLE mapd_record_ownership_marker (dummy integer)");
    dbConn->query_with_text_params(
        "INSERT INTO mapd_record_ownership_marker (dummy) VALUES (?1)",
        std::vector<std::string>{std::to_string(owner)});

    if (g_enable_fsi) {
      dbConn->query(Catalog::getForeignServerSchema());
      dbConn->query(Catalog::getForeignTableSchema());
    }
    dbConn->query(Catalog::getCustomExpressionsSchema());
  } catch (const std::exception&) {
    dbConn->query("ROLLBACK TRANSACTION");
    boost::filesystem::remove(basePath_ + "/mapd_catalogs/" + name);
    throw;
  }
  dbConn->query("END TRANSACTION");

  std::shared_ptr<Catalog> cat;
  // Now update SysCatalog with privileges and the new database
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query_with_text_param(
        "INSERT INTO mapd_databases (name, owner) VALUES (?, " + std::to_string(owner) +
            ")",
        name);
    CHECK(getMetadataForDB(name, db));

    cat = getCatalog(db, true);

    if (owner != OMNISCI_ROOT_USER_ID) {
      DBObject object(name, DBObjectType::DatabaseDBObjectType);
      object.loadKey(*cat);
      UserMetadata user;
      CHECK(getMetadataForUserById(owner, user));
      grantAllOnDatabase_unsafe(user.userName, object, *cat);
    }
  } catch (const std::exception&) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    boost::filesystem::remove(basePath_ + "/mapd_catalogs/" + name);
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");

  // force a migration on the new database
  removeCatalog(name);
  cat = getCatalog(db, false);

  if (g_enable_fsi) {
    try {
      cat->createDefaultServersIfNotExists();
    } catch (...) {
      boost::filesystem::remove(basePath_ + "/mapd_catalogs/" + name);
      throw;
    }
  }
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createDBObject	(	const UserMetadata &	user,
		const std::string &	objectName,
		DBObjectType	type,
		const Catalog_Namespace::Catalog &	catalog,
		int32_t	objectId = -1
	)

Definition at line 1482 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, Catalog_Namespace::UserMetadata::isSuper, ServerDBObjectType, TableDBObjectType, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by CreateForeignServerCommand::execute(), CreateForeignTableCommand::execute(), and EmbeddedDatabase::DBEngineImpl::importArrowTable().

                                                  {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);

  DBObject object =
      objectId == -1 ? DBObject(objectName, type) : DBObject(objectId, type);
  object.loadKey(catalog);
  switch (type) {
    case TableDBObjectType:
      object.setPrivileges(AccessPrivileges::ALL_TABLE);
      break;
    case DashboardDBObjectType:
      object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
      break;
    case ServerDBObjectType:
      object.setPrivileges(AccessPrivileges::ALL_SERVER);
      break;
    default:
      object.setPrivileges(AccessPrivileges::ALL_DATABASE);
      break;
  }
  object.setOwner(user.userId);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    if (!user.isSuper) {  // no need to grant to suser, has all privs by default
      grantDBObjectPrivileges_unsafe(user.userName, object, catalog);
      auto* grantee = instance().getUserGrantee(user.userName);
      if (!grantee) {
        throw runtime_error("Cannot create DBObject. User " + user.userLoggable() +
                            " does not exist.");
      }
      grantee->grantPrivileges(object);
    }
  } catch (std::exception& e) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRole	(	const std::string &	roleName,
		const bool &	userPrivateRole = false
	)

Definition at line 2334 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

                                                                                  {
  execInTransaction(&SysCatalog::createRole_unsafe, roleName, userPrivateRole);
}

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRole_unsafe ( const std::string &  roleName, const bool  userPrivateRole = false  )

private

Definition at line 1806 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), OMNISCI_DEFAULT_DB, DBObjectKey::permissionType, DBObject::setObjectKey(), and to_upper().

                                                               {
  sys_write_lock write_lock(this);

  auto* grantee = getGrantee(roleName);
  if (grantee) {
    throw std::runtime_error("CREATE ROLE " + roleName +
                             " failed because grantee with this name already exists.");
  }
  if (userPrivateRole) {
    grantee = new User(roleName);
  } else {
    grantee = new Role(roleName);
  }
  granteeMap_[to_upper(roleName)] = grantee;

  // NOTE (max): Why create an empty privileges record for a role?
  /* grant none privileges to this role and add it to sqlite DB */
  DBObject dbObject(OMNISCI_DEFAULT_DB, DatabaseDBObjectType);
  DBObjectKey objKey;
  // 0 is an id that does not exist
  objKey.dbId = 0;
  objKey.permissionType = DatabaseDBObjectType;
  dbObject.setObjectKey(objKey);
  grantee->grantPrivileges(dbObject);

  sys_sqlite_lock sqlite_lock(this);
  insertOrUpdateObjectPrivileges(sqliteConnector_, roleName, userPrivateRole, dbObject);
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createUser	(	const std::string &	name,
		const std::string &	passwd,
		bool	issuper,
		const std::string &	dbname,
		bool	can_login
	)

Definition at line 843 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::g_log_user_id, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), setup::name, to_string(), and Catalog_Namespace::UserMetadata::userLoggable().

                                            {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);

  UserMetadata user;
  if (getMetadataForUser(name, user)) {
    throw runtime_error("User " + user.userLoggable() + " already exists.");
  }
  if (getGrantee(name)) {
    std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
    throw runtime_error(
        "User " + loggable +
        "is same as one of existing grantees. User and role names should be unique.");
  }
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    std::vector<std::string> vals;
    if (!dbname.empty()) {
      DBMetadata db;
      if (!SysCatalog::instance().getMetadataForDB(dbname, db)) {
        throw runtime_error("DEFAULT_DB " + dbname + " not found.");
      }
      vals = {name,
              hash_with_bcrypt(passwd),
              std::to_string(issuper),
              std::to_string(db.dbId),
              std::to_string(can_login)};
      sqliteConnector_->query_with_text_params(
          "INSERT INTO mapd_users (name, passwd_hash, issuper, default_db, can_login) "
          "VALUES (?, ?, ?, ?, ?)",
          vals);
    } else {
      vals = {name,
              hash_with_bcrypt(passwd),
              std::to_string(issuper),
              std::to_string(can_login)};
      sqliteConnector_->query_with_text_params(
          "INSERT INTO mapd_users (name, passwd_hash, issuper, can_login) "
          "VALUES (?, ?, ?, ?)",
          vals);
    }
    createRole_unsafe(name, true);
  } catch (const std::exception& e) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createUserRoles ( )

private

Definition at line 334 of file SysCatalog.cpp.

References i, and OMNISCI_ROOT_USER.

                                 {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query(
        "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_roles'");
    if (sqliteConnector_->getNumRows() != 0) {
      // already done
      sqliteConnector_->query("END TRANSACTION");
      return;
    }
    sqliteConnector_->query(
        "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
        "userName))");
    // need to account for old conversions where we are building and moving
    // from pre version 4.0 and 'mapd' was default superuser
    sqliteConnector_->query("SELECT name FROM mapd_users WHERE name NOT IN ( \'" +
                            OMNISCI_ROOT_USER + "\', 'mapd')");
    size_t numRows = sqliteConnector_->getNumRows();
    vector<string> user_names;
    for (size_t i = 0; i < numRows; ++i) {
      user_names.push_back(sqliteConnector_->getData<string>(i, 0));
    }
    for (const auto& user_name : user_names) {
      // for each user, create a fake role with the same name
      sqliteConnector_->query_with_text_params(
          "INSERT INTO mapd_roles(roleName, userName) VALUES (?, ?)",
          vector<string>{user_name, user_name});
    }
  } catch (const std::exception&) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string &  roleName )

private

Definition at line 1981 of file SysCatalog.cpp.

References test_fsi::d.

                                                                    {
  sys_write_lock write_lock(this);

  for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
    if (d->second->roleName == roleName) {
      delete d->second;
      d = objectDescriptorMap_.erase(d);
    } else {
      d++;
    }
  }
}

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string &  roleName, DBObject &  object, const Catalog_Namespace::Catalog &  cat  )

private

Definition at line 1995 of file SysCatalog.cpp.

References test_fsi::d, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), and to_string().

                                                                                {
  sys_write_lock write_lock(this);
  auto range = objectDescriptorMap_.equal_range(
      std::to_string(cat.getCurrentDB().dbId) + ":" +
      std::to_string(object.getObjectKey().permissionType) + ":" +
      std::to_string(object.getObjectKey().objectId));
  for (auto d = range.first; d != range.second;) {
    // remove the entry
    if (d->second->roleName == roleName) {
      delete d->second;
      d = objectDescriptorMap_.erase(d);
    } else {
      d++;
    }
  }
}

Here is the call graph for this function:

static void Catalog_Namespace::SysCatalog::destroy ( )

inlinestatic

Definition at line 299 of file SysCatalog.h.

References instance_.

Referenced by EmbeddedDatabase::DBEngineImpl::reset().

{ instance_.reset(); }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropDatabase

(

const DBMetadata &

db

)

Definition at line 1221 of file SysCatalog.cpp.

References cat(), DashboardDBObjectType, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, test_readcsv::table, TableDBObjectType, run_benchmark_import::tables, and to_string().

                                                  {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);
  auto cat = getCatalog(db, false);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    // remove this database ID from any users that have it set as their default database
    sqliteConnector_->query_with_text_param(
        "UPDATE mapd_users SET default_db = NULL WHERE default_db = ?",
        std::to_string(db.dbId));
    /* revoke object privileges to all tables of the database being dropped */
    const auto tables = cat->getAllTableMetadata();
    for (const auto table : tables) {
      if (table->shard >= 0) {
        // skip shards, they're not standalone tables
        continue;
      }
      revokeDBObjectPrivilegesFromAll_unsafe(
          DBObject(table->tableName, TableDBObjectType), cat.get());
    }
    const auto dashboards = cat->getAllDashboardsMetadata();
    for (const auto dashboard : dashboards) {
      revokeDBObjectPrivilegesFromAll_unsafe(
          DBObject(dashboard->dashboardId, DashboardDBObjectType), cat.get());
    }
    /* revoke object privileges to the database being dropped */
    for (const auto& grantee : granteeMap_) {
      if (grantee.second->hasAnyPrivilegesOnDb(db.dbId, true)) {
        revokeAllOnDatabase_unsafe(grantee.second->getName(), db.dbId, grantee.second);
      }
    }
    sqliteConnector_->query_with_text_param("DELETE FROM mapd_databases WHERE dbid = ?",
                                            std::to_string(db.dbId));
    cat->eraseDBData();
    removeCatalog(db.dbName);
  } catch (const std::exception&) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropRole

(

const std::string &

roleName

)

Definition at line 2338 of file SysCatalog.cpp.

                                                   {
  execInTransaction(&SysCatalog::dropRole_unsafe, roleName);
}

void Catalog_Namespace::SysCatalog::dropRole_unsafe ( const std::string &  roleName )

private

Definition at line 1836 of file SysCatalog.cpp.

References to_upper().

                                                          {
  sys_write_lock write_lock(this);

  // it may very well be a user "role", so keep it generic
  auto* rl = getGrantee(roleName);
  if (rl) {  // admin super user may not exist in roles
    delete rl;
  }
  granteeMap_.erase(to_upper(roleName));

  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
                                          roleName);
  sqliteConnector_->query_with_text_param(
      "DELETE FROM mapd_object_permissions WHERE roleName = ?", roleName);
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropUser

(

const std::string &

name

)

Definition at line 896 of file SysCatalog.cpp.

References Catalog_Namespace::g_log_user_id, to_string(), and Catalog_Namespace::UserMetadata::userId.

                                            {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);

  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    UserMetadata user;
    if (!getMetadataForUser(name, user)) {
      std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
      throw runtime_error("Cannot drop user. User " + loggable + "does not exist.");
    }
    dropRole_unsafe(name);
    deleteObjectDescriptorMap(name);
    const std::string& roleName(name);
    sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE userName = ?",
                                            roleName);
    sqliteConnector_->query("DELETE FROM mapd_users WHERE userid = " +
                            std::to_string(user.userId));
    sqliteConnector_->query("DELETE FROM mapd_privileges WHERE userid = " +
                            std::to_string(user.userId));
  } catch (const std::exception& e) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

Here is the call graph for this function:

template<typename F , typename... Args>

void Catalog_Namespace::SysCatalog::execInTransaction ( F &&  f, Args &&...  args  )

private

Definition at line 2321 of file SysCatalog.cpp.

References run_benchmark_import::args, and f.

                                                        {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    (this->*f)(std::forward<Args>(args)...);
  } catch (std::exception&) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

list< DBMetadata > Catalog_Namespace::SysCatalog::getAllDBMetadata

(

)

Definition at line 1331 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and test_fsi::r.

                                              {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("SELECT dbid, name, owner FROM mapd_databases");
  int numRows = sqliteConnector_->getNumRows();
  list<DBMetadata> db_list;
  for (int r = 0; r < numRows; ++r) {
    DBMetadata db;
    db.dbId = sqliteConnector_->getData<int>(r, 0);
    db.dbName = sqliteConnector_->getData<string>(r, 1);
    db.dbOwner = sqliteConnector_->getData<int>(r, 2);
    db_list.push_back(db);
  }
  return db_list;
}

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata

(

)

Definition at line 1387 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users().

                                                  {
  sys_sqlite_lock sqlite_lock(this);
  return get_users(sqliteConnector_);
}

Here is the call graph for this function:

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata

(

const int64_t

dbId

)

return the users associated with the given DB

Definition at line 1380 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users().

                                                                    {
  // this call is to return users that have some form of permissions to objects in the db
  // sadly mapd_object_permissions table is also misused to manage user roles.
  sys_sqlite_lock sqlite_lock(this);
  return get_users(sqliteConnector_, dbId);
}

Here is the call graph for this function:

Calcite& Catalog_Namespace::SysCatalog::getCalciteMgr ( ) const

inline

Definition at line 194 of file SysCatalog.h.

References calciteMgr_.

{ return *calciteMgr_; }

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog

(

const std::string &

dbName

)

Definition at line 2495 of file SysCatalog.cpp.

Referenced by foreign_storage::cache_blocks(), foreign_storage::ParquetDataWrapper::fetchChunkMetadata(), foreign_storage::ForeignTableSchema::ForeignTableSchema(), foreign_storage::csv_file_buffer_parser::ParseBufferRequest::getCatalog(), foreign_storage::ParquetDataWrapper::getColumnsToInitialize(), PersistentStorageMgr::isForeignStorage(), foreign_storage::ParquetDataWrapper::loadBuffersUsingLazyParquetChunkLoader(), foreign_storage::Csv::make_chunk_for_column(), foreign_storage::CsvDataWrapper::populateChunkBuffers(), foreign_storage::CsvDataWrapper::populateChunkMetadata(), foreign_storage::CachingForeignStorageMgr::refreshTableInCache(), and foreign_storage::CsvDataWrapper::updateMetadata().

                                                                     {
  dbid_to_cat_map::const_accessor cata;
  if (cat_map_.find(cata, dbName)) {
    return cata->second;
  } else {
    Catalog_Namespace::DBMetadata db_meta;
    if (getMetadataForDB(dbName, db_meta)) {
      return getCatalog(db_meta, false);
    } else {
      return nullptr;
    }
  }
}

Here is the caller graph for this function:

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog

(

const int32_t

db_id

)

Definition at line 2509 of file SysCatalog.cpp.

                                                                 {
  dbid_to_cat_map::const_accessor cata;
  for (dbid_to_cat_map::iterator cat_it = cat_map_.begin(); cat_it != cat_map_.end();
       ++cat_it) {
    if (cat_it->second->getDatabaseId() == db_id) {
      return cat_it->second;
    }
  }
  return nullptr;
}

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog	(	const DBMetadata &	curDB,
		bool	is_new_db
	)

Definition at line 2520 of file SysCatalog.cpp.

References cat(), and Catalog_Namespace::DBMetadata::dbName.

                                                                                     {
  {
    dbid_to_cat_map::const_accessor cata;
    if (cat_map_.find(cata, curDB.dbName)) {
      return cata->second;
    }
  }

  // Catalog doesnt exist
  // has to be made outside of lock as migration uses cat
  auto cat = std::make_shared<Catalog>(
      basePath_, curDB, dataMgr_, string_dict_hosts_, calciteMgr_, is_new_db);

  dbid_to_cat_map::accessor cata;

  if (cat_map_.find(cata, curDB.dbName)) {
    return cata->second;
  }

  cat_map_.insert(cata, curDB.dbName);
  cata->second = cat;

  return cat;
}

Here is the call graph for this function:

const std::string& Catalog_Namespace::SysCatalog::getCatalogBasePath ( ) const

inline

Definition at line 195 of file SysCatalog.h.

References basePath_.

{ return basePath_; }

std::vector< std::shared_ptr< Catalog > > Catalog_Namespace::SysCatalog::getCatalogsForAllDbs

(

)

Definition at line 923 of file SysCatalog.cpp.

                                                                   {
  std::vector<std::shared_ptr<Catalog>> catalogs{};
  const auto& db_metadata_list = getAllDBMetadata();
  for (const auto& db_metadata : db_metadata_list) {
    catalogs.emplace_back(getCatalog(db_metadata, false));
  }
  return catalogs;
}

DBSummaryList Catalog_Namespace::SysCatalog::getDatabaseListForUser

(

const UserMetadata &

user

)

Definition at line 1458 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, test_fsi::d, DatabaseDBObjectType, DBObject::loadKey(), and DBObject::setPrivileges().

Referenced by ShowDatabasesCommand::execute().

                                                                         {
  DBSummaryList ret;

  std::list<Catalog_Namespace::DBMetadata> db_list = getAllDBMetadata();
  std::list<Catalog_Namespace::UserMetadata> user_list = getAllUserMetadata();

  for (auto d : db_list) {
    DBObject dbObject(d.dbName, DatabaseDBObjectType);
    dbObject.loadKey();
    dbObject.setPrivileges(AccessPrivileges::ACCESS);
    if (!checkPrivileges(user, std::vector<DBObject>{dbObject})) {
      continue;
    }
    for (auto u : user_list) {
      if (d.dbOwner == u.userId) {
        ret.emplace_back(DBSummary{d.dbName, u.userName});
        break;
      }
    }
  }

  return ret;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Data_Namespace::DataMgr& Catalog_Namespace::SysCatalog::getDataMgr ( ) const

inline

Definition at line 193 of file SysCatalog.h.

References dataMgr_.

Referenced by Executor::clearMemory(), and Executor::interrupt().

{ return *dataMgr_; }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::getDBObjectPrivileges	(	const std::string &	granteeName,
		DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)		const

Definition at line 1784 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::isSuper.

                                                                                      {
  sys_read_lock read_lock(this);
  UserMetadata user_meta;

  if (instance().getMetadataForUser(granteeName, user_meta)) {
    if (user_meta.isSuper) {
      throw runtime_error(
          "Request to show privileges from " + granteeName +
          " failed because user is super user and has all privileges by default.");
    }
  }
  auto* grantee = instance().getGrantee(granteeName);
  if (!grantee) {
    throw runtime_error("Request to show privileges for " + granteeName +
                        " failed because role or user with this name does not exist.");
  }
  object.loadKey(catalog);
  grantee->getPrivileges(object, true);
}

std::shared_ptr<Catalog> Catalog_Namespace::SysCatalog::getDummyCatalog ( )

inline

Definition at line 313 of file SysCatalog.h.

References dummyCatalog_.

Referenced by Catalog_Namespace::Catalog::getObjForLock().

{ return dummyCatalog_; }

Here is the caller graph for this function:

Grantee * Catalog_Namespace::SysCatalog::getGrantee

(

const std::string &

name

)

const

Definition at line 2066 of file SysCatalog.cpp.

References to_upper().

Referenced by Catalog_Namespace::Catalog::renameTable().

                                                           {
  sys_read_lock read_lock(this);
  auto grantee = granteeMap_.find(to_upper(name));
  if (grantee == granteeMap_.end()) {  // check to make sure role exists
    return nullptr;
  }
  return grantee->second;  // returns pointer to role
}

Here is the call graph for this function:

Here is the caller graph for this function:

std::unordered_map< std::string, std::vector< std::string > > Catalog_Namespace::SysCatalog::getGranteesOfSharedDashboards

(

const std::vector< std::string > &

dashboard_ids

)

Definition at line 2464 of file SysCatalog.cpp.

References DashboardDBObjectType, i, and to_string().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

                                                                                   {
  sys_sqlite_lock sqlite_lock(this);
  std::unordered_map<std::string, std::vector<std::string>> active_grantees;
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    for (auto dash : dashboard_ids) {
      std::vector<std::string> grantees = {};
      sqliteConnector_->query_with_text_params(
          "SELECT roleName FROM mapd_object_permissions WHERE objectPermissions NOT IN "
          "(0,1) AND objectPermissionsType = ? AND objectId = ?",
          std::vector<std::string>{
              std::to_string(static_cast<int32_t>(DashboardDBObjectType)), dash});
      int num_rows = sqliteConnector_->getNumRows();
      if (num_rows == 0) {
        // no grantees
        continue;
      } else {
        for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
          grantees.push_back(sqliteConnector_->getData<string>(i, 0));
        }
        active_grantees[dash] = grantees;
      }
    }
  } catch (const std::exception& e) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
  return active_grantees;
}

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForDB	(	const std::string &	name,
		DBMetadata &	db
	)

Definition at line 1428 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, and Catalog_Namespace::DBMetadata::dbOwner.

                                                                    {
  sys_read_lock read_lock(this);
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query_with_text_param(
      "SELECT dbid, name, owner FROM mapd_databases WHERE name = ?", name);
  int numRows = sqliteConnector_->getNumRows();
  if (numRows == 0) {
    return false;
  }
  db.dbId = sqliteConnector_->getData<int>(0, 0);
  db.dbName = sqliteConnector_->getData<string>(0, 1);
  db.dbOwner = sqliteConnector_->getData<int>(0, 2);
  return true;
}

bool Catalog_Namespace::SysCatalog::getMetadataForDBById ( const int32_t  idIn, DBMetadata &  db  )

private

Definition at line 1443 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and to_string().

                                                                        {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query_with_text_param(
      "SELECT dbid, name, owner FROM mapd_databases WHERE dbid = ?",
      std::to_string(idIn));
  int numRows = sqliteConnector_->getNumRows();
  if (numRows == 0) {
    return false;
  }
  db.dbId = sqliteConnector_->getData<int>(0, 0);
  db.dbName = sqliteConnector_->getData<string>(0, 1);
  db.dbOwner = sqliteConnector_->getData<int>(0, 2);
  return true;
}

Here is the call graph for this function:

std::vector< ObjectRoleDescriptor * > Catalog_Namespace::SysCatalog::getMetadataForObject	(	int32_t	dbId,
		int32_t	dbType,
		int32_t	objectId
	)		const

Definition at line 2084 of file SysCatalog.cpp.

References test_fsi::d, and to_string().

Referenced by Catalog_Namespace::Catalog::renameTable().

                                                                                     {
  sys_read_lock read_lock(this);
  std::vector<ObjectRoleDescriptor*> objectsList;

  auto range = objectDescriptorMap_.equal_range(std::to_string(dbId) + ":" +
                                                std::to_string(dbType) + ":" +
                                                std::to_string(objectId));
  for (auto d = range.first; d != range.second; ++d) {
    objectsList.push_back(d->second);
  }
  return objectsList;  // return pointers to objects
}

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUser	(	const std::string &	name,
		UserMetadata &	user
	)

Definition at line 1312 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite().

                                                                          {
  sys_read_lock read_lock(this);
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query_with_text_param(
      "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
      "WHERE name = ?",
      name);
  return parseUserMetadataFromSQLite(sqliteConnector_, user);
}

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUserById	(	const int32_t	idIn,
		UserMetadata &	user
	)

Definition at line 1322 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), and to_string().

                                                                              {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query_with_text_param(
      "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
      "WHERE userid = ?",
      std::to_string(idIn));
  return parseUserMetadataFromSQLite(sqliteConnector_, user);
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::getMetadataWithDefaultDB ( std::string &  dbname, const std::string &  username, Catalog_Namespace::DBMetadata &  db_meta, UserMetadata &  user_meta  )

private

Definition at line 1392 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::UserMetadata::defaultDbId, Catalog_Namespace::g_log_user_id, OMNISCI_DEFAULT_DB, to_string(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

                                                                   {
  sys_read_lock read_lock(this);
  if (!getMetadataForUser(username, user_meta)) {
    throw std::runtime_error("Invalid credentials.");
  }

  if (!dbname.empty()) {
    if (!getMetadataForDB(dbname, db_meta)) {
      throw std::runtime_error("Database name " + dbname + " does not exist.");
    }
    // loaded the requested database
  } else {
    if (user_meta.defaultDbId != -1) {
      if (!getMetadataForDBById(user_meta.defaultDbId, db_meta)) {
        std::string loggable = g_log_user_id ? std::string("") : ' ' + user_meta.userName;
        throw std::runtime_error(
            "Server error: User #" + std::to_string(user_meta.userId) + loggable +
            " has invalid default_db #" + std::to_string(user_meta.defaultDbId) +
            " which does not exist.");
      }
      dbname = db_meta.dbName;
      // loaded the user's default database
    } else {
      if (!getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta)) {
        throw std::runtime_error(std::string("Database ") + OMNISCI_DEFAULT_DB +
                                 " does not exist.");
      }
      dbname = OMNISCI_DEFAULT_DB;
      // loaded the mapd database by default
    }
  }
}

Here is the call graph for this function:

Role * Catalog_Namespace::SysCatalog::getRoleGrantee

(

const std::string &

name

)

const

Definition at line 2075 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles(), and Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

                                                            {
  return dynamic_cast<Role*>(getGrantee(name));
}

Here is the caller graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	bool	userPrivateRole,
		bool	isSuper,
		const std::string &	userName
	)

Definition at line 2144 of file SysCatalog.cpp.

                                                                         {
  sys_read_lock read_lock(this);
  std::vector<std::string> roles;
  for (auto& grantee : granteeMap_) {
    if (!userPrivateRole && grantee.second->isUser()) {
      continue;
    }
    if (!isSuper && !isRoleGrantedToGrantee(userName, grantee.second->getName(), false)) {
      continue;
    }
    if (isDashboardSystemRole(grantee.second->getName())) {
      continue;
    }
    roles.push_back(grantee.second->getName());
  }
  return roles;
}

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	const std::string &	userName,
		const int32_t	dbId
	)

Definition at line 2123 of file SysCatalog.cpp.

References test_fsi::r, and to_string().

                                                                  {
  sys_sqlite_lock sqlite_lock(this);
  std::string sql =
      "SELECT DISTINCT roleName FROM mapd_object_permissions WHERE "
      "objectPermissions<>0 "
      "AND roleType=0 AND dbId=" +
      std::to_string(dbId);
  sqliteConnector_->query(sql);
  int numRows = sqliteConnector_->getNumRows();
  std::vector<std::string> roles(0);
  for (int r = 0; r < numRows; ++r) {
    auto roleName = sqliteConnector_->getData<string>(r, 0);
    if (isRoleGrantedToGrantee(userName, roleName, false) &&
        !isDashboardSystemRole(roleName)) {
      roles.push_back(roleName);
    }
  }
  return roles;
}

Here is the call graph for this function:

SqliteConnector* Catalog_Namespace::SysCatalog::getSqliteConnector ( )

inline

Definition at line 196 of file SysCatalog.h.

References sqliteConnector_.

{ return sqliteConnector_.get(); }

User * Catalog_Namespace::SysCatalog::getUserGrantee

(

const std::string &

name

)

const

Definition at line 2079 of file SysCatalog.cpp.

                                                            {
  return dynamic_cast<User*>(getGrantee(name));
}

void Catalog_Namespace::SysCatalog::grantAllOnDatabase_unsafe ( const std::string &  roleName, DBObject &  object, const Catalog_Namespace::Catalog &  catalog  )

private

Definition at line 1599 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, g_enable_fsi, ServerDBObjectType, DBObject::setPermissionType(), DBObject::setPrivileges(), TableDBObjectType, AccessPrivileges::VIEW_SQL_EDITOR, and ViewDBObjectType.

                                                                                    {
  // It's a separate use case because it's easier for implementation to convert ALL ON
  // DATABASE into ALL ON DASHBOARDS, ALL ON VIEWS and ALL ON TABLES
  // Add DB Access privileges
  DBObject tmp_object = object;
  tmp_object.setPrivileges(AccessPrivileges::ACCESS);
  tmp_object.setPermissionType(DatabaseDBObjectType);
  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
  tmp_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR);
  tmp_object.setPermissionType(DatabaseDBObjectType);
  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
  tmp_object.setPrivileges(AccessPrivileges::ALL_TABLE);
  tmp_object.setPermissionType(TableDBObjectType);
  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
  tmp_object.setPrivileges(AccessPrivileges::ALL_VIEW);
  tmp_object.setPermissionType(ViewDBObjectType);
  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);

  if (g_enable_fsi) {
    tmp_object.setPrivileges(AccessPrivileges::ALL_SERVER);
    tmp_object.setPermissionType(ServerDBObjectType);
    grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
  }

  tmp_object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
  tmp_object.setPermissionType(DashboardDBObjectType);
  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
  return;
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges	(	const std::string &	grantee,
		const DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2360 of file SysCatalog.cpp.

                                                                                  {
  execInTransaction(
      &SysCatalog::grantDBObjectPrivileges_unsafe, grantee, object, catalog);
}

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges_unsafe ( const std::string &  granteeName, const DBObject  object, const Catalog_Namespace::Catalog &  catalog  )

private

Definition at line 1561 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, CHECK, DatabaseDBObjectType, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), and Catalog_Namespace::UserMetadata::isSuper.

                                             {
  object.loadKey(catalog);
  CHECK(object.valid());
  if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
      object.getObjectKey().permissionType == DatabaseDBObjectType) {
    return grantAllOnDatabase_unsafe(granteeName, object, catalog);
  }

  sys_write_lock write_lock(this);

  UserMetadata user_meta;
  if (instance().getMetadataForUser(granteeName, user_meta)) {
    if (user_meta.isSuper) {
      // super doesn't have explicit privileges so nothing to do
      return;
    }
  }
  auto* grantee = instance().getGrantee(granteeName);
  if (!grantee) {
    throw runtime_error("Request to grant privileges to " + granteeName +
                        " failed because role or user with this name does not exist.");
  }
  grantee->grantPrivileges(object);

  /* apply grant privileges statement to sqlite DB */
  std::vector<std::string> objectKey = object.toString();
  object.resetPrivileges();
  grantee->getPrivileges(object, true);

  sys_sqlite_lock sqlite_lock(this);
  insertOrUpdateObjectPrivileges(
      sqliteConnector_, granteeName, grantee->isUser(), object);
  updateObjectDescriptorMap(granteeName, object, grantee->isUser(), catalog);
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch	(	const std::vector< std::string > &	grantees,
		const std::vector< DBObject > &	objects,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2367 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

                                                                                       {
  execInTransaction(
      &SysCatalog::grantDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
}

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch_unsafe ( const std::vector< std::string > &  grantees, const std::vector< DBObject > &  objects, const Catalog_Namespace::Catalog &  catalog  )

private

Definition at line 1549 of file SysCatalog.cpp.

                                             {
  for (const auto& grantee : grantees) {
    for (const auto& object : objects) {
      grantDBObjectPrivileges_unsafe(grantee, object, catalog);
    }
  }
}

void Catalog_Namespace::SysCatalog::grantDefaultPrivilegesToRole_unsafe ( const std::string &  name, bool  issuper  )

private

void Catalog_Namespace::SysCatalog::grantRole	(	const std::string &	role,
		const std::string &	grantee
	)

Definition at line 2347 of file SysCatalog.cpp.

                                                                          {
  execInTransaction(&SysCatalog::grantRole_unsafe, role, grantee);
}

void Catalog_Namespace::SysCatalog::grantRole_unsafe ( const std::string &  roleName, const std::string &  granteeName  )

private

Definition at line 1863 of file SysCatalog.cpp.

                                                                {
  auto* rl = getRoleGrantee(roleName);
  if (!rl) {
    throw runtime_error("Request to grant role " + roleName +
                        " failed because role with this name does not exist.");
  }
  auto* grantee = getGrantee(granteeName);
  if (!grantee) {
    throw runtime_error("Request to grant role " + roleName + " failed because grantee " +
                        granteeName + " does not exist.");
  }
  sys_write_lock write_lock(this);
  if (!grantee->hasRole(rl, true)) {
    grantee->grantRole(rl);
    sys_sqlite_lock sqlite_lock(this);
    sqliteConnector_->query_with_text_params(
        "INSERT INTO mapd_roles(roleName, userName) VALUES (?, ?)",
        std::vector<std::string>{rl->getName(), grantee->getName()});
  }
}

void Catalog_Namespace::SysCatalog::grantRoleBatch	(	const std::vector< std::string > &	roles,
		const std::vector< std::string > &	grantees
	)

Definition at line 2342 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

                                                                      {
  execInTransaction(&SysCatalog::grantRoleBatch_unsafe, roles, grantees);
}

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRoleBatch_unsafe ( const std::vector< std::string > &  roles, const std::vector< std::string > &  grantees  )

private

Definition at line 1853 of file SysCatalog.cpp.

                                                                             {
  for (const auto& role : roles) {
    for (const auto& grantee : grantees) {
      grantRole_unsafe(role, grantee);
    }
  }
}

bool Catalog_Namespace::SysCatalog::hasAnyPrivileges	(	const UserMetadata &	user,
		std::vector< DBObject > &	privObjects
	)

Definition at line 2014 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

                                                                    {
  sys_read_lock read_lock(this);
  if (user.isSuper) {
    return true;
  }
  auto* user_rl = instance().getUserGrantee(user.userName);
  if (!user_rl) {
    throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
                        " does not exist.");
  }
  for (std::vector<DBObject>::iterator objectIt = privObjects.begin();
       objectIt != privObjects.end();
       ++objectIt) {
    if (!user_rl->hasAnyPrivileges(*objectIt, false)) {
      return false;
    }
  }
  return true;
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::importDataFromOldMapdDB ( )

private

Definition at line 285 of file SysCatalog.cpp.

References logger::ERROR, logger::INFO, LOG, and OMNISCI_SYSTEM_CATALOG.

                                         {
  sys_sqlite_lock sqlite_lock(this);
  std::string mapd_db_path = basePath_ + "/mapd_catalogs/mapd";
  sqliteConnector_->query("ATTACH DATABASE `" + mapd_db_path + "` as old_cat");
  sqliteConnector_->query("BEGIN TRANSACTION");
  LOG(INFO) << "Moving global metadata into a separate catalog";
  try {
    auto moveTableIfExists = [conn = sqliteConnector_.get()](const std::string& tableName,
                                                             bool deleteOld = true) {
      conn->query("SELECT sql FROM old_cat.sqlite_master WHERE type='table' AND name='" +
                  tableName + "'");
      if (conn->getNumRows() != 0) {
        conn->query(conn->getData<string>(0, 0));
        conn->query("INSERT INTO " + tableName + " SELECT * FROM old_cat." + tableName);
        if (deleteOld) {
          conn->query("DROP TABLE old_cat." + tableName);
        }
      }
    };
    moveTableIfExists("mapd_users");
    moveTableIfExists("mapd_databases");
    moveTableIfExists("mapd_roles");
    moveTableIfExists("mapd_object_permissions");
    moveTableIfExists("mapd_privileges");
    moveTableIfExists("mapd_version_history", false);
  } catch (const std::exception& e) {
    LOG(ERROR) << "Failed to move global metadata into a separate catalog: " << e.what();
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    try {
      sqliteConnector_->query("DETACH DATABASE old_cat");
    } catch (const std::exception&) {
      // nothing to do here
    }
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
  const std::string sys_catalog_path =
      basePath_ + "/mapd_catalogs/" + OMNISCI_SYSTEM_CATALOG;
  LOG(INFO) << "Global metadata has been successfully moved into a separate catalog: "
            << sys_catalog_path
            << ". Using this database with an older version of omnisci_server "
               "is now impossible.";
  try {
    sqliteConnector_->query("DETACH DATABASE old_cat");
  } catch (const std::exception&) {
    // nothing to do here
  }
}

void Catalog_Namespace::SysCatalog::init	(	const std::string &	basePath,
		std::shared_ptr< Data_Namespace::DataMgr >	dataMgr,
		const AuthMetadata &	authMetadata,
		std::shared_ptr< Calcite >	calcite,
		bool	is_new_db,
		bool	aggregator,
		const std::vector< LeafHostInfo > &	string_dict_hosts
	)

Definition at line 158 of file SysCatalog.cpp.

References anonymous_namespace{SysCatalog.cpp}::copy_catalog_if_read_only(), and OMNISCI_SYSTEM_CATALOG.

                                                                        {
  {
    sys_write_lock write_lock(this);
    sys_sqlite_lock sqlite_lock(this);

    basePath_ = copy_catalog_if_read_only(basePath).string();
    dataMgr_ = dataMgr;
    authMetadata_ = &authMetadata;
    pki_server_.reset(new PkiServer(*authMetadata_));
    calciteMgr_ = calcite;
    string_dict_hosts_ = string_dict_hosts;
    aggregator_ = aggregator;
    bool db_exists =
        boost::filesystem::exists(basePath_ + "/mapd_catalogs/" + OMNISCI_SYSTEM_CATALOG);
    sqliteConnector_.reset(
        new SqliteConnector(OMNISCI_SYSTEM_CATALOG, basePath_ + "/mapd_catalogs/"));
    if (is_new_db) {
      initDB();
    } else {
      if (!db_exists) {
        importDataFromOldMapdDB();
      }
      checkAndExecuteMigrations();
    }
    buildRoleMap();
    buildUserRoleMap();
    buildObjectDescriptorMap();
  }
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::initDB ( )

private

Definition at line 210 of file SysCatalog.cpp.

References anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), OMNISCI_DEFAULT_DB, OMNISCI_ROOT_PASSWD_DEFAULT, OMNISCI_ROOT_USER, OMNISCI_ROOT_USER_ID, and OMNISCI_ROOT_USER_ID_STR.

                        {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query(
        "CREATE TABLE mapd_users (userid integer primary key, name text unique, "
        "passwd_hash text, issuper boolean, default_db integer references "
        "mapd_databases, can_login boolean)");
    sqliteConnector_->query_with_text_params(
        "INSERT INTO mapd_users VALUES (?, ?, ?, 1, NULL, 1)",
        std::vector<std::string>{OMNISCI_ROOT_USER_ID_STR,
                                 OMNISCI_ROOT_USER,
                                 hash_with_bcrypt(OMNISCI_ROOT_PASSWD_DEFAULT)});
    sqliteConnector_->query(
        "CREATE TABLE mapd_databases (dbid integer primary key, name text unique, owner "
        "integer references mapd_users)");
    sqliteConnector_->query(
        "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
        "userName))");
    sqliteConnector_->query(
        "CREATE TABLE mapd_object_permissions ("
        "roleName text, "
        "roleType bool, "
        "dbId integer references mapd_databases, "
        "objectName text, "
        "objectId integer, "
        "objectPermissionsType integer, "
        "objectPermissions integer, "
        "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
        "objectId))");
  } catch (const std::exception&) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
  createDatabase(OMNISCI_DEFAULT_DB, OMNISCI_ROOT_USER_ID);
  createRole_unsafe(OMNISCI_ROOT_USER, true);
}

Here is the call graph for this function:

static SysCatalog& Catalog_Namespace::SysCatalog::instance ( )

inlinestatic

Definition at line 292 of file SysCatalog.h.

References instance_, and SysCatalog().

Referenced by foreign_storage::cache_blocks(), AlterForeignServerCommand::changeForeignServerOwner(), Catalog_Namespace::SessionInfo::checkDBAccessPrivileges(), checkPermissionForTables(), QueryRunner::QueryRunner::clearCpuMemory(), QueryRunner::QueryRunner::clearGpuMemory(), Executor::clearMemory(), Catalog_Namespace::Catalog::createDashboardSystemRoles(), Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole(), Catalog_Namespace::Catalog::deleteMetadataForDashboards(), Catalog_Namespace::Catalog::doTruncateTable(), Catalog_Namespace::Catalog::dropTable(), CreateForeignServerCommand::execute(), DropForeignServerCommand::execute(), CreateForeignTableCommand::execute(), ShowDatabasesCommand::execute(), RefreshForeignTablesCommand::execute(), foreign_storage::ParquetDataWrapper::fetchChunkMetadata(), Catalog_Namespace::Catalog::filterTableByTypeAndUser(), foreign_storage::ForeignTableSchema::ForeignTableSchema(), foreign_storage::csv_file_buffer_parser::ParseBufferRequest::getCatalog(), foreign_storage::ParquetDataWrapper::getColumnsToInitialize(), Catalog_Namespace::Catalog::getCustomExpressionsForUser(), QueryRunner::QueryRunner::getExecutor(), Catalog_Namespace::Catalog::getForeignServersForUser(), Catalog_Namespace::Catalog::getObjForLock(), QueryRunner::QueryRunner::getParsedQueryHint(), Catalog_Namespace::Catalog::getTableNamesForUser(), Catalog_Namespace::Catalog::getTablesMetadataForUser(), Catalog_Namespace::anonymous_namespace{Catalog.cpp}::getUserFromId(), EmbeddedDatabase::DBEngineImpl::importArrowTable(), Executor::interrupt(), PersistentStorageMgr::isForeignStorage(), foreign_storage::ParquetDataWrapper::loadBuffersUsingLazyParquetChunkLoader(), DBObject::loadKey(), main(), foreign_storage::Csv::make_chunk_for_column(), foreign_storage::CsvDataWrapper::populateChunkBuffers(), foreign_storage::CsvDataWrapper::populateChunkMetadata(), QueryRunner::QueryRunner::QueryRunner(), Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions(), foreign_storage::CachingForeignStorageMgr::refreshTableInCache(), Catalog_Namespace::Catalog::removeTableFromMap(), AlterForeignServerCommand::renameForeignServer(), Catalog_Namespace::Catalog::renameTable(), QueryRunner::QueryRunner::runDDLStatement(), QueryRunner::QueryRunner::runSelectQuery(), QueryRunner::QueryRunner::runSQL(), QueryRunner::QueryRunner::runSQLWithAllowingInterrupt(), EmbeddedDatabase::DBEngineImpl::setDatabase(), foreign_storage::ForeignTableRefreshScheduler::start(), and foreign_storage::CsvDataWrapper::updateMetadata().

                                {
    if (!instance_) {
      instance_.reset(new SysCatalog());
    }
    return *instance_;
  }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::isAggregator ( ) const

inline

Definition at line 291 of file SysCatalog.h.

References aggregator_.

{ return aggregator_; }

bool Catalog_Namespace::SysCatalog::isDashboardSystemRole ( const std::string &  roleName )

private

Definition at line 2119 of file SysCatalog.cpp.

References SYSTEM_ROLE_TAG().

                                                                {
  return boost::algorithm::ends_with(roleName, SYSTEM_ROLE_TAG);
}

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::isRoleGrantedToGrantee	(	const std::string &	granteeName,
		const std::string &	roleName,
		bool	only_direct
	)		const

Definition at line 2097 of file SysCatalog.cpp.

References CHECK.

                                                                {
  sys_read_lock read_lock(this);
  if (roleName == granteeName) {
    return true;
  }
  bool is_role_granted = false;
  auto* target_role = instance().getRoleGrantee(roleName);
  auto has_role = [&](auto grantee_rl) {
    is_role_granted = target_role && grantee_rl->hasRole(target_role, only_direct);
  };
  if (auto* user_role = instance().getUserGrantee(granteeName); user_role) {
    has_role(user_role);
  } else if (auto* role = instance().getRoleGrantee(granteeName); role) {
    has_role(role);
  } else {
    CHECK(false);
  }
  return is_role_granted;
}

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::login	(	std::string &	db,
		std::string &	username,
		const std::string &	password,
		UserMetadata &	user_meta,
		bool	check_password = true
	)

logins (connects) a user against a database.

throws a std::exception in all error cases! (including wrong password)

Definition at line 779 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::can_login.

                                                                {
  // NOTE(sy): The dbname isn't const because getMetadataWithDefaultDB()
  // can reset it. The username isn't const because SamlServer's
  // login()/authenticate_user() can reset it.

  if (check_password) {
    loginImpl(username, password, user_meta);
  } else {  // not checking for password so user must exist
    if (!getMetadataForUser(username, user_meta)) {
      throw std::runtime_error("Invalid credentials.");
    }
  }
  // we should have a user and user_meta by now
  if (!user_meta.can_login) {
    throw std::runtime_error("Unauthorized Access: User " + username + " is deactivated");
  }
  Catalog_Namespace::DBMetadata db_meta;
  getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);
  return getCatalog(db_meta, false);
}

void Catalog_Namespace::SysCatalog::loginImpl ( std::string &  username, const std::string &  password, UserMetadata &  user_meta  )

private

Definition at line 805 of file SysCatalog.cpp.

                                                    {
  if (!checkPasswordForUser(password, username, user_meta)) {
    throw std::runtime_error("Authentication failure");
  }
}

void Catalog_Namespace::SysCatalog::migrateDBAccessPrivileges ( )

private

Definition at line 684 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, CHECK, DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, logger::ERROR, i, logger::INFO, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), LOG, MAPD_VERSION, OMNISCI_ROOT_USER_ID, DBObjectKey::permissionType, DBObject::setName(), DBObject::setObjectType(), to_string(), DBObject::updatePrivileges(), and AccessPrivileges::VIEW_SQL_EDITOR.

                                           {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query(
        "select name from sqlite_master WHERE type='table' AND "
        "name='mapd_version_history'");
    if (sqliteConnector_->getNumRows() == 0) {
      sqliteConnector_->query(
          "CREATE TABLE mapd_version_history(version integer, migration_history text "
          "unique)");
    } else {
      sqliteConnector_->query(
          "select * from mapd_version_history where migration_history = "
          "'db_access_privileges'");
      if (sqliteConnector_->getNumRows() != 0) {
        // both privileges migrated
        // no need for further execution
        sqliteConnector_->query("END TRANSACTION");
        return;
      }
    }
    // Insert check for migration
    sqliteConnector_->query_with_text_params(
        "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
        std::vector<std::string>{std::to_string(MAPD_VERSION), "db_access_privileges"});

    sqliteConnector_->query("select dbid, name from mapd_databases");
    std::unordered_map<int, string> databases;
    for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
      databases[sqliteConnector_->getData<int>(i, 0)] =
          sqliteConnector_->getData<string>(i, 1);
    }

    sqliteConnector_->query("select userid, name from mapd_users");
    std::unordered_map<int, string> users;
    for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
      users[sqliteConnector_->getData<int>(i, 0)] =
          sqliteConnector_->getData<string>(i, 1);
    }

    // All existing users by default will be granted DB Access permissions
    // and view sql editor privileges
    DBMetadata dbmeta;
    for (auto db_ : databases) {
      CHECK(SysCatalog::instance().getMetadataForDB(db_.second, dbmeta));
      for (auto user : users) {
        if (user.first != OMNISCI_ROOT_USER_ID) {
          {
            DBObjectKey key;
            key.permissionType = DBObjectType::DatabaseDBObjectType;
            key.dbId = dbmeta.dbId;

            // access permission;
            DBObject object_access(key, AccessPrivileges::ACCESS, dbmeta.dbOwner);
            object_access.setObjectType(DBObjectType::DatabaseDBObjectType);
            object_access.setName(dbmeta.dbName);
            // sql_editor permission
            DBObject object_editor(
                key, AccessPrivileges::VIEW_SQL_EDITOR, dbmeta.dbOwner);
            object_editor.setObjectType(DBObjectType::DatabaseDBObjectType);
            object_editor.setName(dbmeta.dbName);
            object_editor.updatePrivileges(object_access);
            insertOrUpdateObjectPrivileges(
                sqliteConnector_, user.second, true, object_editor);
          }
        }
      }
    }
  } catch (const std::exception& e) {
    LOG(ERROR) << "Failed to migrate db access privileges: " << e.what();
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
  LOG(INFO) << "Successfully migrated db access privileges";
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::migratePrivileged_old ( )

private

Definition at line 762 of file SysCatalog.cpp.

                                       {
  sys_sqlite_lock sqlite_lock(this);

  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query(
        "CREATE TABLE IF NOT EXISTS mapd_privileges (userid integer references "
        "mapd_users, dbid integer references "
        "mapd_databases, select_priv boolean, insert_priv boolean, UNIQUE(userid, "
        "dbid))");
  } catch (const std::exception& e) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

void Catalog_Namespace::SysCatalog::migratePrivileges ( )

private

Definition at line 424 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD_MIGRATE, AccessPrivileges::ALL_TABLE_MIGRATE, AccessPrivileges::ALL_VIEW_MIGRATE, DashboardDBObjectType, DatabaseDBObjectType, DBObjectKey::dbId, i, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), AccessPrivileges::NONE, OMNISCI_ROOT_USER_ID, DBObjectKey::permissionType, TableDBObjectType, and ViewDBObjectType.

                                   {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query(
        "SELECT name FROM sqlite_master WHERE type='table' AND "
        "name='mapd_object_permissions'");
    if (sqliteConnector_->getNumRows() != 0) {
      // already done
      sqliteConnector_->query("END TRANSACTION");
      return;
    }

    sqliteConnector_->query(
        "CREATE TABLE IF NOT EXISTS mapd_object_permissions ("
        "roleName text, "
        "roleType bool, "
        "dbId integer references mapd_databases, "
        "objectName text, "
        "objectId integer, "
        "objectPermissionsType integer, "
        "objectPermissions integer, "
        "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
        "objectId))");

    // get the list of databases and their grantees
    sqliteConnector_->query(
        "SELECT userid, dbid FROM mapd_privileges WHERE select_priv = 1 and insert_priv "
        "= 1");
    size_t numRows = sqliteConnector_->getNumRows();
    vector<pair<int, int>> db_grantees(numRows);
    for (size_t i = 0; i < numRows; ++i) {
      db_grantees[i].first = sqliteConnector_->getData<int>(i, 0);
      db_grantees[i].second = sqliteConnector_->getData<int>(i, 1);
    }
    // map user names to user ids
    sqliteConnector_->query("select userid, name from mapd_users");
    numRows = sqliteConnector_->getNumRows();
    std::unordered_map<int, string> users_by_id;
    std::unordered_map<int, bool> user_has_privs;
    for (size_t i = 0; i < numRows; ++i) {
      users_by_id[sqliteConnector_->getData<int>(i, 0)] =
          sqliteConnector_->getData<string>(i, 1);
      user_has_privs[sqliteConnector_->getData<int>(i, 0)] = false;
    }
    // map db names to db ids
    sqliteConnector_->query("select dbid, name from mapd_databases");
    numRows = sqliteConnector_->getNumRows();
    std::unordered_map<int, string> dbs_by_id;
    for (size_t i = 0; i < numRows; ++i) {
      dbs_by_id[sqliteConnector_->getData<int>(i, 0)] =
          sqliteConnector_->getData<string>(i, 1);
    }
    // migrate old privileges to new privileges: if user had insert access to database, he
    // was a grantee
    for (const auto& grantee : db_grantees) {
      user_has_privs[grantee.first] = true;
      auto dbName = dbs_by_id[grantee.second];
      {
        // table level permissions
        DBObjectKey key;
        key.permissionType = DBObjectType::TableDBObjectType;
        key.dbId = grantee.second;
        DBObject object(key, AccessPrivileges::ALL_TABLE_MIGRATE, OMNISCI_ROOT_USER_ID);
        object.setName(dbName);
        insertOrUpdateObjectPrivileges(
            sqliteConnector_, users_by_id[grantee.first], true, object);
      }

      {
        // dashboard level permissions
        DBObjectKey key;
        key.permissionType = DBObjectType::DashboardDBObjectType;
        key.dbId = grantee.second;
        DBObject object(
            key, AccessPrivileges::ALL_DASHBOARD_MIGRATE, OMNISCI_ROOT_USER_ID);
        object.setName(dbName);
        insertOrUpdateObjectPrivileges(
            sqliteConnector_, users_by_id[grantee.first], true, object);
      }

      {
        // view level permissions
        DBObjectKey key;
        key.permissionType = DBObjectType::ViewDBObjectType;
        key.dbId = grantee.second;
        DBObject object(key, AccessPrivileges::ALL_VIEW_MIGRATE, OMNISCI_ROOT_USER_ID);
        object.setName(dbName);
        insertOrUpdateObjectPrivileges(
            sqliteConnector_, users_by_id[grantee.first], true, object);
      }
    }
    for (auto user : user_has_privs) {
      auto dbName = dbs_by_id[0];
      if (user.second == false && user.first != OMNISCI_ROOT_USER_ID) {
        {
          DBObjectKey key;
          key.permissionType = DBObjectType::DatabaseDBObjectType;
          key.dbId = 0;
          DBObject object(key, AccessPrivileges::NONE, OMNISCI_ROOT_USER_ID);
          object.setName(dbName);
          insertOrUpdateObjectPrivileges(
              sqliteConnector_, users_by_id[user.first], true, object);
        }
      }
    }
  } catch (const std::exception&) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

Here is the call graph for this function:

std::string Catalog_Namespace::SysCatalog::name ( ) const

inline

Definition at line 302 of file SysCatalog.h.

References OMNISCI_DEFAULT_DB.

{ return OMNISCI_DEFAULT_DB; }

void Catalog_Namespace::SysCatalog::populateRoleDbObjects

(

const std::vector< DBObject > &

objects

)

Definition at line 2223 of file SysCatalog.cpp.

References CHECK, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions().

                                                                         {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    for (auto dbobject : objects) {
      UserMetadata user;
      CHECK(getMetadataForUserById(dbobject.getOwner(), user));
      auto* grantee = getUserGrantee(user.userName);
      if (grantee) {
        insertOrUpdateObjectPrivileges(
            sqliteConnector_, grantee->getName(), true, dbobject);
        grantee->grantPrivileges(dbobject);
      }
    }

  } catch (const std::exception& e) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::removeCatalog

(

const std::string &

dbName

)

Definition at line 2545 of file SysCatalog.cpp.

                                                      {
  cat_map_.erase(dbName);
}

void Catalog_Namespace::SysCatalog::renameDatabase	(	std::string const &	old_name,
		std::string const &	new_name
	)

Definition at line 1060 of file SysCatalog.cpp.

References DatabaseDBObjectType, OMNISCI_SYSTEM_CATALOG, to_string(), and to_upper().

                                                           {
  using namespace std::string_literals;
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);

  DBMetadata new_db;
  if (getMetadataForDB(new_name, new_db)) {
    throw std::runtime_error("Database " + new_name + " already exists.");
  }
  if (to_upper(new_name) == to_upper(OMNISCI_SYSTEM_CATALOG)) {
    throw std::runtime_error("Database name " + new_name + "is reserved.");
  }

  DBMetadata old_db;
  if (!getMetadataForDB(old_name, old_db)) {
    throw std::runtime_error("Database " + old_name + " does not exists.");
  }

  removeCatalog(old_db.dbName);

  std::string old_catalog_path, new_catalog_path;
  std::tie(old_catalog_path, new_catalog_path) =
      duplicateAndRenameCatalog(old_name, new_name);

  auto transaction_streamer = yieldTransactionStreamer();
  auto failure_handler = [this, new_catalog_path] {
    removeCatalogByFullPath(new_catalog_path);
  };
  auto success_handler = [this, old_catalog_path] {
    removeCatalogByFullPath(old_catalog_path);
  };

  auto q1 = {"UPDATE mapd_databases SET name=?1 WHERE name=?2;"s, new_name, old_name};
  auto q2 = {
      "UPDATE mapd_object_permissions SET objectName=?1 WHERE objectNAME=?2 and (objectPermissionsType=?3 or objectId = -1) and dbId=?4;"s,
      new_name,
      old_name,
      std::to_string(static_cast<int>(DBObjectType::DatabaseDBObjectType)),
      std::to_string(old_db.dbId)};

  transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2);
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::renameDBObject	(	const std::string &	objectName,
		const std::string &	newName,
		DBObjectType	type,
		int32_t	objectId,
		const Catalog_Namespace::Catalog &	catalog
	)

Renames an DBObject

Parameters

objectName	- original DBObject name
newName	- new name of DBObject
type	- type of DBObject
objectId	- original DBObject ID
catalog	- Catalog instance object exists in

Definition at line 1526 of file SysCatalog.cpp.

References DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), DBObjectKey::objectId, DBObjectKey::permissionType, Grantee::renameDbObject(), DBObject::setObjectKey(), and run_benchmark_import::type.

                                                                         {
  sys_write_lock write_lock(this);
  DBObject new_object(newName, type);
  DBObjectKey key;
  key.dbId = catalog.getCurrentDB().dbId;
  key.objectId = objectId;
  key.permissionType = type;
  new_object.setObjectKey(key);
  auto objdescs =
      getMetadataForObject(key.dbId, static_cast<int32_t>(type), key.objectId);
  for (auto obj : objdescs) {
    Grantee* grnt = getGrantee(obj->roleName);
    if (grnt) {
      grnt->renameDbObject(new_object);
    }
  }
  renameObjectsInDescriptorMap(new_object, catalog);
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::renameObjectsInDescriptorMap	(	DBObject &	object,
		const Catalog_Namespace::Catalog &	cat
	)

Definition at line 1952 of file SysCatalog.cpp.

References test_fsi::d, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), and to_string().

Referenced by Catalog_Namespace::Catalog::renameTable().

                                                                                   {
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);
  auto range = objectDescriptorMap_.equal_range(
      std::to_string(cat.getCurrentDB().dbId) + ":" +
      std::to_string(object.getObjectKey().permissionType) + ":" +
      std::to_string(object.getObjectKey().objectId));
  for (auto d = range.first; d != range.second; ++d) {
    // rename object
    d->second->objectName = object.getName();
  }

  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query_with_text_params(
        "UPDATE mapd_object_permissions SET objectName = ?1 WHERE "
        "dbId = ?2 AND objectId = ?3",
        std::vector<std::string>{object.getName(),
                                 std::to_string(cat.getCurrentDB().dbId),
                                 std::to_string(object.getObjectKey().objectId)});
  } catch (const std::exception& e) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameUser	(	std::string const &	old_name,
		std::string const &	new_name
	)

Definition at line 1024 of file SysCatalog.cpp.

References Catalog_Namespace::g_log_user_id.

                                                                                {
  using namespace std::string_literals;
  sys_write_lock write_lock(this);
  sys_sqlite_lock sqlite_lock(this);

  UserMetadata old_user;
  if (!getMetadataForUser(old_name, old_user)) {
    std::string const loggable = g_log_user_id ? std::string("") : old_name + ' ';
    throw std::runtime_error("User " + loggable + "doesn't exist.");
  }

  UserMetadata new_user;
  if (getMetadataForUser(new_name, new_user)) {
    throw std::runtime_error("User " + new_user.userLoggable() + " already exists.");
  }

  if (getGrantee(new_name)) {
    std::string const loggable = g_log_user_id ? std::string("") : new_name + ' ';
    throw runtime_error(
        "Username " + loggable +
        "is same as one of existing grantees. User and role names should be unique.");
  }

  auto transaction_streamer = yieldTransactionStreamer();
  auto failure_handler = [] {};
  auto success_handler = [this, &old_name, &new_name] {
    updateUserRoleName(old_name, new_name);
  };
  auto q1 = {"UPDATE mapd_users SET name=?1 where name=?2;"s, new_name, old_name};
  auto q2 = {"UPDATE mapd_object_permissions set roleName=?1 WHERE roleName=?2;"s,
             new_name,
             old_name};
  auto q3 = {"UPDATE mapd_roles set userName=?1 WHERE userName=?2;"s, new_name, old_name};
  transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2, q3);
}

void Catalog_Namespace::SysCatalog::revokeAllOnDatabase_unsafe ( const std::string &  roleName, int32_t  dbId, Grantee *  grantee  )

private

Definition at line 1689 of file SysCatalog.cpp.

References test_fsi::d, Grantee::revokeAllOnDatabase(), and to_string().

                                                              {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query_with_text_params(
      "DELETE FROM mapd_object_permissions WHERE roleName = ?1 and dbId = ?2",
      std::vector<std::string>{roleName, std::to_string(dbId)});
  grantee->revokeAllOnDatabase(dbId);
  for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
    if (d->second->roleName == roleName && d->second->dbId == dbId) {
      delete d->second;
      d = objectDescriptorMap_.erase(d);
    } else {
      d++;
    }
  }
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeDashboardSystemRole	(	const std::string	roleName,
		const std::vector< std::string >	grantees
	)

Definition at line 2164 of file SysCatalog.cpp.

                                                                                {
  auto* rl = getRoleGrantee(roleName);
  for (auto granteeName : grantees) {
    const auto* grantee = SysCatalog::instance().getGrantee(granteeName);
    if (rl && grantee->hasRole(rl, true)) {
      // Grantees existence have been already validated
      SysCatalog::instance().revokeRole(roleName, granteeName);
    }
  }
}

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivileges	(	const std::string &	grantee,
		const DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2374 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

                                                                                   {
  execInTransaction(
      &SysCatalog::revokeDBObjectPrivileges_unsafe, grantee, object, catalog);
}

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivileges_unsafe ( const std::string &  granteeName, DBObject  object, const Catalog_Namespace::Catalog &  catalog  )

private

Definition at line 1651 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, DatabaseDBObjectType, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::deleteObjectPrivileges(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), and Catalog_Namespace::UserMetadata::isSuper.

                                             {
  sys_write_lock write_lock(this);

  UserMetadata user_meta;
  if (instance().getMetadataForUser(granteeName, user_meta)) {
    if (user_meta.isSuper) {
      // super doesn't have explicit privileges so nothing to do
      return;
    }
  }
  auto* grantee = getGrantee(granteeName);
  if (!grantee) {
    throw runtime_error("Request to revoke privileges from " + granteeName +
                        " failed because role or user with this name does not exist.");
  }
  object.loadKey(catalog);

  if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
      object.getObjectKey().permissionType == DatabaseDBObjectType) {
    return revokeAllOnDatabase_unsafe(granteeName, object.getObjectKey().dbId, grantee);
  }

  auto ret_object = grantee->revokePrivileges(object);
  if (ret_object) {
    sys_sqlite_lock sqlite_lock(this);
    insertOrUpdateObjectPrivileges(
        sqliteConnector_, granteeName, grantee->isUser(), *ret_object);
    updateObjectDescriptorMap(granteeName, *ret_object, grantee->isUser(), catalog);
  } else {
    sys_sqlite_lock sqlite_lock(this);
    deleteObjectPrivileges(sqliteConnector_, granteeName, grantee->isUser(), object);
    deleteObjectDescriptorMap(granteeName, object, catalog);
  }
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesBatch	(	const std::vector< std::string > &	grantees,
		const std::vector< DBObject > &	objects,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2381 of file SysCatalog.cpp.

                                             {
  execInTransaction(
      &SysCatalog::revokeDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
}

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesBatch_unsafe ( const std::vector< std::string > &  grantees, const std::vector< DBObject > &  objects, const Catalog_Namespace::Catalog &  catalog  )

private

Definition at line 1631 of file SysCatalog.cpp.

                                             {
  for (const auto& grantee : grantees) {
    for (const auto& object : objects) {
      revokeDBObjectPrivileges_unsafe(grantee, object, catalog);
    }
  }
}

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAll	(	DBObject	object,
		Catalog *	catalog
	)

Definition at line 2389 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::dropTable(), and DropForeignServerCommand::execute().

                                                                                  {
  execInTransaction(&SysCatalog::revokeDBObjectPrivilegesFromAll_unsafe, object, catalog);
}

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAll_unsafe	(	DBObject	object,
		Catalog *	catalog
	)

Definition at line 1707 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, DBObject::getObjectKey(), DBObject::loadKey(), DBObjectKey::permissionType, DBObject::setPrivileges(), and TableDBObjectType.

                                                                          {
  sys_write_lock write_lock(this);
  dbObject.loadKey(*catalog);
  auto privs = (dbObject.getObjectKey().permissionType == TableDBObjectType)
                   ? AccessPrivileges::ALL_TABLE
                   : (dbObject.getObjectKey().permissionType == DashboardDBObjectType)
                         ? AccessPrivileges::ALL_DASHBOARD
                         : AccessPrivileges::ALL_TABLE;
  dbObject.setPrivileges(privs);
  for (const auto& grantee : granteeMap_) {
    if (grantee.second->findDbObject(dbObject.getObjectKey(), true)) {
      revokeDBObjectPrivileges_unsafe(grantee.second->getName(), dbObject, *catalog);
    }
  }
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAllBatch	(	std::vector< DBObject > &	objects,
		Catalog *	catalog
	)

Definition at line 2393 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::deleteMetadataForDashboards().

                                                                        {
  execInTransaction(
      &SysCatalog::revokeDBObjectPrivilegesFromAllBatch_unsafe, objects, catalog);
}

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAllBatch_unsafe	(	std::vector< DBObject > &	objects,
		Catalog *	catalog
	)

Definition at line 1642 of file SysCatalog.cpp.

                                       {
  for (const auto& object : objects) {
    revokeDBObjectPrivilegesFromAll_unsafe(object, catalog);
  }
}

void Catalog_Namespace::SysCatalog::revokeRole	(	const std::string &	role,
		const std::string &	grantee
	)

Definition at line 2356 of file SysCatalog.cpp.

                                                                           {
  execInTransaction(&SysCatalog::revokeRole_unsafe, role, grantee);
}

void Catalog_Namespace::SysCatalog::revokeRole_unsafe ( const std::string &  roleName, const std::string &  granteeName  )

private

Definition at line 1895 of file SysCatalog.cpp.

                                                                 {
  auto* rl = getRoleGrantee(roleName);
  if (!rl) {
    throw runtime_error("Request to revoke role " + roleName +
                        " failed because role with this name does not exist.");
  }
  auto* grantee = getGrantee(granteeName);
  if (!grantee) {
    throw runtime_error("Request to revoke role from " + granteeName +
                        " failed because grantee with this name does not exist.");
  }
  sys_write_lock write_lock(this);
  grantee->revokeRole(rl);
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query_with_text_params(
      "DELETE FROM mapd_roles WHERE roleName = ? AND userName = ?",
      std::vector<std::string>{rl->getName(), grantee->getName()});
}

void Catalog_Namespace::SysCatalog::revokeRoleBatch	(	const std::vector< std::string > &	roles,
		const std::vector< std::string > &	grantees
	)

Definition at line 2351 of file SysCatalog.cpp.

                                                                       {
  execInTransaction(&SysCatalog::revokeRoleBatch_unsafe, roles, grantees);
}

void Catalog_Namespace::SysCatalog::revokeRoleBatch_unsafe ( const std::vector< std::string > &  roles, const std::vector< std::string > &  grantees  )

private

Definition at line 1885 of file SysCatalog.cpp.

                                                                              {
  for (const auto& role : roles) {
    for (const auto& grantee : grantees) {
      revokeRole_unsafe(role, grantee);
    }
  }
}

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::switchDatabase	(	std::string &	dbname,
		const std::string &	username
	)

Definition at line 813 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, cat(), DatabaseDBObjectType, DBObject::loadKey(), DBObject::setPrivileges(), and Catalog_Namespace::UserMetadata::userLoggable().

                                                                               {
  DBMetadata db_meta;
  UserMetadata user_meta;

  getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);

  // NOTE(max): register database in Catalog that early to allow ldap
  // and saml create default user and role privileges on databases
  auto cat = getCatalog(db_meta, false);

  DBObject dbObject(dbname, DatabaseDBObjectType);
  dbObject.loadKey();
  dbObject.setPrivileges(AccessPrivileges::ACCESS);
  if (!checkPrivileges(user_meta, std::vector<DBObject>{dbObject})) {
    throw std::runtime_error("Unauthorized Access: user " + user_meta.userLoggable() +
                             " is not allowed to access database " + dbname + ".");
  }

  return cat;
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::syncUserWithRemoteProvider	(	const std::string &	user_name,
		std::vector< std::string >	idp_roles,
		bool *	issuper
	)

Definition at line 2399 of file SysCatalog.cpp.

References generate_random_string(), logger::INFO, Catalog_Namespace::UserMetadata::isSuper, join(), LOG, to_upper(), Catalog_Namespace::read_lock< T >::unlock(), Catalog_Namespace::UserMetadata::userId, and logger::WARNING.

                                                            {
  UserMetadata user_meta;
  bool is_super_user = is_super ? *is_super : false;
  // need to escalate to a write lock
  // need to unlock the read lock
  sys_read_lock read_lock(this);
  read_lock.unlock();
  sys_write_lock write_lock(this);
  if (!getMetadataForUser(user_name, user_meta)) {
    createUser(user_name, generate_random_string(72), is_super_user, "", true);
    LOG(INFO) << "User " << user_name << " has been created by remote identity provider"
              << " with IS_SUPER = " << (is_super_user ? "'TRUE'" : "'FALSE'");
  } else if (is_super && is_super_user != user_meta.isSuper) {
    alterUser(user_meta.userId, nullptr, is_super, nullptr, nullptr);
    LOG(INFO) << "IS_SUPER for user " << user_name << " has been changed to "
              << (is_super_user ? "TRUE" : "FALSE") << " by remote identity provider";
  }
  std::vector<std::string> current_roles = {};
  auto* user_rl = getUserGrantee(user_name);
  if (user_rl) {
    current_roles = user_rl->getRoles();
  }
  std::transform(
      current_roles.begin(), current_roles.end(), current_roles.begin(), to_upper);
  std::transform(idp_roles.begin(), idp_roles.end(), idp_roles.begin(), to_upper);
  std::list<std::string> roles_revoked, roles_granted;
  // first remove obsolete ones
  for (auto& current_role_name : current_roles) {
    if (std::find(idp_roles.begin(), idp_roles.end(), current_role_name) ==
        idp_roles.end()) {
      revokeRole(current_role_name, user_name);
      roles_revoked.push_back(current_role_name);
    }
  }
  for (auto& role_name : idp_roles) {
    if (std::find(current_roles.begin(), current_roles.end(), role_name) ==
        current_roles.end()) {
      auto* rl = getRoleGrantee(role_name);
      if (rl) {
        grantRole(role_name, user_name);
        roles_granted.push_back(role_name);
      } else {
        LOG(WARNING) << "Error synchronizing roles for user " << user_name << ": role "
                     << role_name << " does not exist";
      }
    }
  }
  if (roles_granted.empty() && roles_revoked.empty()) {
    LOG(INFO) << "Roles for user " << user_name
              << " are up to date with remote identity provider";
  } else {
    if (!roles_revoked.empty()) {
      LOG(INFO) << "Roles revoked during synchronization with identity provider for user "
                << user_name << ": " << join(roles_revoked, " ");
    }
    if (!roles_granted.empty()) {
      LOG(INFO) << "Roles granted during synchronization with identity provider for user "
                << user_name << ": " << join(roles_granted, " ");
    }
  }
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateBlankPasswordsToRandom ( )

private

Definition at line 610 of file SysCatalog.cpp.

References CHECK, logger::ERROR, generate_random_string(), anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), i, LOG, MAPD_VERSION, to_string(), and logger::WARNING.

                                              {
  const std::string UPDATE_BLANK_PASSWORDS_TO_RANDOM = "update_blank_passwords_to_random";
  sqliteConnector_->query_with_text_params(
      "SELECT migration_history FROM mapd_version_history WHERE migration_history = ?",
      std::vector<std::string>{UPDATE_BLANK_PASSWORDS_TO_RANDOM});
  if (sqliteConnector_->getNumRows()) {
    return;
  }

  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query(
        "SELECT userid, passwd_hash, name FROM mapd_users WHERE name <> 'mapd'");
    auto numRows = sqliteConnector_->getNumRows();
    vector<std::string> users, passwords, names;
    for (size_t i = 0; i < numRows; i++) {
      users.push_back(sqliteConnector_->getData<std::string>(i, 0));
      passwords.push_back(sqliteConnector_->getData<std::string>(i, 1));
      names.push_back(sqliteConnector_->getData<std::string>(i, 2));
    }
    for (size_t i = 0; i < users.size(); ++i) {
      int pwd_check_result = bcrypt_checkpw("", passwords[i].c_str());
      // if the check fails there is a good chance that data on disc is broken
      CHECK(pwd_check_result >= 0);
      if (pwd_check_result != 0) {
        continue;
      }
      LOG(WARNING) << "resetting blank password for user " << names[i] << " (" << users[i]
                   << ") to a random password";
      sqliteConnector_->query_with_text_params(
          "UPDATE mapd_users SET passwd_hash = ? WHERE userid = ?",
          std::vector<std::string>{hash_with_bcrypt(generate_random_string(72)),
                                   users[i]});
    }
    sqliteConnector_->query_with_text_params(
        "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
        std::vector<std::string>{std::to_string(MAPD_VERSION),
                                 UPDATE_BLANK_PASSWORDS_TO_RANDOM});
  } catch (const std::exception& e) {
    LOG(ERROR) << "Failed to fix blank passwords: " << e.what();
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateObjectDescriptorMap ( const std::string &  roleName, DBObject &  object, bool  roleType, const Catalog_Namespace::Catalog &  cat  )

private

Definition at line 1916 of file SysCatalog.cpp.

References test_fsi::d, ObjectRoleDescriptor::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), ObjectRoleDescriptor::objectId, ObjectRoleDescriptor::objectName, ObjectRoleDescriptor::objectOwnerId, ObjectRoleDescriptor::objectType, ObjectRoleDescriptor::privs, ObjectRoleDescriptor::roleName, ObjectRoleDescriptor::roleType, and to_string().

                                                                                {
  bool present = false;
  auto privs = object.getPrivileges();
  sys_write_lock write_lock(this);
  auto range = objectDescriptorMap_.equal_range(
      std::to_string(cat.getCurrentDB().dbId) + ":" +
      std::to_string(object.getObjectKey().permissionType) + ":" +
      std::to_string(object.getObjectKey().objectId));
  for (auto d = range.first; d != range.second; ++d) {
    if (d->second->roleName == roleName) {
      // overwrite permissions
      d->second->privs = privs;
      present = true;
    }
  }
  if (!present) {
    ObjectRoleDescriptor* od = new ObjectRoleDescriptor();
    od->roleName = roleName;
    od->roleType = roleType;
    od->objectType = object.getObjectKey().permissionType;
    od->dbId = object.getObjectKey().dbId;
    od->objectId = object.getObjectKey().objectId;
    od->privs = object.getPrivileges();
    od->objectOwnerId = object.getOwner();
    od->objectName = object.getName();
    objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
        std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
            std::to_string(od->objectId),
        od));
  }
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updatePasswordsToHashes ( )

private

Definition at line 558 of file SysCatalog.cpp.

References logger::ERROR, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), i, logger::INFO, and LOG.

                                         {
  sys_sqlite_lock sqlite_lock(this);
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query(
        "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_users'");
    if (sqliteConnector_->getNumRows() == 0) {
      // Nothing to update
      sqliteConnector_->query("END TRANSACTION");
      return;
    }
    sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
    for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
      const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
      if (col_name == "passwd_hash") {
        sqliteConnector_->query("END TRANSACTION");
        return;
      }
    }
    // Alas, SQLite can't drop columns so we have to recreate the table
    // (or, optionally, add the new column and reset the old one to a bunch of nulls)
    sqliteConnector_->query("SELECT userid, passwd FROM mapd_users");
    auto numRows = sqliteConnector_->getNumRows();
    vector<std::string> users, passwords;
    for (size_t i = 0; i < numRows; i++) {
      users.push_back(sqliteConnector_->getData<std::string>(i, 0));
      passwords.push_back(sqliteConnector_->getData<std::string>(i, 1));
    }
    sqliteConnector_->query(
        "CREATE TABLE mapd_users_tmp (userid integer primary key, name text unique, "
        "passwd_hash text, issuper boolean, default_db integer references "
        "mapd_databases)");
    sqliteConnector_->query(
        "INSERT INTO mapd_users_tmp(userid, name, passwd_hash, issuper, default_db) "
        "SELECT userid, name, null, issuper, default_db FROM mapd_users");
    for (size_t i = 0; i < users.size(); ++i) {
      sqliteConnector_->query_with_text_params(
          "UPDATE mapd_users_tmp SET passwd_hash = ? WHERE userid = ?",
          std::vector<std::string>{hash_with_bcrypt(passwords[i]), users[i]});
    }
    sqliteConnector_->query("DROP TABLE mapd_users");
    sqliteConnector_->query("ALTER TABLE mapd_users_tmp RENAME TO mapd_users");
  } catch (const std::exception& e) {
    LOG(ERROR) << "Failed to hash passwords: " << e.what();
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
  sqliteConnector_->query("VACUUM");  // physically delete plain text passwords
  LOG(INFO) << "Passwords were successfully hashed";
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateSupportUserDeactivation ( )

private

Definition at line 657 of file SysCatalog.cpp.

References logger::ERROR, i, LOG, MAPD_VERSION, and to_string().

                                               {
  const std::string UPDATE_SUPPORT_USER_DEACTIVATION = "update_support_user_deactivation";
  sys_sqlite_lock sqlite_lock(this);
  // check to see if the new column already exists
  sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
  for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
    const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
    if (col_name == "can_login") {
      return;  // new column already exists
    }
  }
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query("ALTER TABLE mapd_users ADD COLUMN can_login BOOLEAN");
    sqliteConnector_->query("UPDATE mapd_users SET can_login = true");
    sqliteConnector_->query_with_text_params(
        "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
        std::vector<std::string>{std::to_string(MAPD_VERSION),
                                 UPDATE_SUPPORT_USER_DEACTIVATION});
  } catch (const std::exception& e) {
    LOG(ERROR) << "Failed to add support for user deactivation: " << e.what();
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateUserRoleName ( const std::string &  roleName, const std::string &  newName  )

private

Definition at line 1012 of file SysCatalog.cpp.

References gpu_enabled::swap(), and to_upper().

                                                              {
  sys_write_lock write_lock(this);

  auto it = granteeMap_.find(to_upper(roleName));
  if (it != granteeMap_.end()) {
    it->second->setName(newName);
    std::swap(granteeMap_[to_upper(newName)], it->second);
    granteeMap_.erase(it);
  }
}

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateUserSchema ( )

private

Definition at line 261 of file SysCatalog.cpp.

References i.

                                  {
  sys_sqlite_lock sqlite_lock(this);

  // check to see if the new column already exists
  sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
  for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
    const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
    if (col_name == "default_db") {
      return;  // new column already exists
    }
  }

  // create the new column
  sqliteConnector_->query("BEGIN TRANSACTION");
  try {
    sqliteConnector_->query(
        "ALTER TABLE mapd_users ADD COLUMN default_db INTEGER REFERENCES mapd_databases");
  } catch (const std::exception& e) {
    sqliteConnector_->query("ROLLBACK TRANSACTION");
    throw;
  }
  sqliteConnector_->query("END TRANSACTION");
}

bool Catalog_Namespace::SysCatalog::verifyDBObjectOwnership	(	const UserMetadata &	user,
		DBObject	object,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 1724 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

                                                                                  {
  sys_read_lock read_lock(this);

  auto* grantee = instance().getUserGrantee(user.userName);
  if (grantee) {
    object.loadKey(catalog);
    auto* found_object = grantee->findDbObject(object.getObjectKey(), false);
    if (found_object && found_object->getOwner() == user.userId) {
      return true;
    }
  }
  return false;
}

auto Catalog_Namespace::SysCatalog::yieldTransactionStreamer ( )

private

Definition at line 989 of file SysCatalog.cpp.

                                          {
  return
      [](auto& db_connector, auto on_success, auto on_failure, auto&&... query_requests) {
        auto query_runner = [&db_connector](auto&&... query_reqs) {
          [[gnu::unused]] int throw_away[] = {
              (db_connector->query_with_text_params(
                   std::forward<decltype(query_reqs)>(query_reqs)),
               0)...};
        };

        db_connector->query("BEGIN TRANSACTION");
        try {
          query_runner(std::forward<decltype(query_requests)>(query_requests)...);
          on_success();
        } catch (std::exception&) {
          db_connector->query("ROLLBACK TRANSACTION");
          on_failure();
          throw;
        }
        db_connector->query("END TRANSACTION");
      };
}

Member Data Documentation

bool Catalog_Namespace::SysCatalog::aggregator_

private

Definition at line 421 of file SysCatalog.h.

Referenced by isAggregator().

const AuthMetadata* Catalog_Namespace::SysCatalog::authMetadata_

private

Definition at line 418 of file SysCatalog.h.

std::string Catalog_Namespace::SysCatalog::basePath_

private

Definition at line 411 of file SysCatalog.h.

Referenced by getCatalogBasePath().

std::shared_ptr<Calcite> Catalog_Namespace::SysCatalog::calciteMgr_

private

Definition at line 419 of file SysCatalog.h.

Referenced by getCalciteMgr().

dbid_to_cat_map Catalog_Namespace::SysCatalog::cat_map_

private

Definition at line 428 of file SysCatalog.h.

std::shared_ptr<Data_Namespace::DataMgr> Catalog_Namespace::SysCatalog::dataMgr_

private

Definition at line 416 of file SysCatalog.h.

Referenced by getDataMgr().

std::shared_ptr<Catalog> Catalog_Namespace::SysCatalog::dummyCatalog_

Definition at line 439 of file SysCatalog.h.

Referenced by getDummyCatalog().

GranteeMap Catalog_Namespace::SysCatalog::granteeMap_

private

Definition at line 412 of file SysCatalog.h.

std::unique_ptr< SysCatalog > Catalog_Namespace::SysCatalog::instance_

staticprivate

Definition at line 430 of file SysCatalog.h.

Referenced by destroy(), and instance().

ObjectRoleDescriptorMap Catalog_Namespace::SysCatalog::objectDescriptorMap_

private

Definition at line 413 of file SysCatalog.h.

std::unique_ptr<PkiServer> Catalog_Namespace::SysCatalog::pki_server_

private

Definition at line 417 of file SysCatalog.h.

mapd_shared_mutex Catalog_Namespace::SysCatalog::sharedMutex_

mutable

Definition at line 434 of file SysCatalog.h.

std::unique_ptr<SqliteConnector> Catalog_Namespace::SysCatalog::sqliteConnector_

private

Definition at line 414 of file SysCatalog.h.

Referenced by getSqliteConnector().

std::mutex Catalog_Namespace::SysCatalog::sqliteMutex_

mutable

Definition at line 433 of file SysCatalog.h.

std::vector<LeafHostInfo> Catalog_Namespace::SysCatalog::string_dict_hosts_

private

Definition at line 420 of file SysCatalog.h.

std::atomic<std::thread::id> Catalog_Namespace::SysCatalog::thread_holding_sqlite_lock

mutable

Definition at line 435 of file SysCatalog.h.

std::atomic<std::thread::id> Catalog_Namespace::SysCatalog::thread_holding_write_lock

mutable

Definition at line 436 of file SysCatalog.h.

thread_local bool Catalog_Namespace::SysCatalog::thread_holds_read_lock = false

static

Definition at line 437 of file SysCatalog.h.

---

The documentation for this class was generated from the following files:

• /home/jenkins-slave/workspace/core-os-doxygen/Catalog/SysCatalog.h
• /home/jenkins-slave/workspace/core-os-doxygen/Catalog/SysCatalog.cpp