Comment 1 for bug 1437078
Revision history for this message
| Roberta Marton (roberta-marton) wrote | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
This problem happens because the table definition cached in NATableCache is
not being refreshed with the new values:
Generally, when a query is compiled and the user does not have privilege(s), a
call to checkPrivileges (called during binding) returns a special privilege
error. After compilation completes, the compiler (CmpMain::sqlcomp) checks to
see if a privilege error occurred. If so, the NATable entry is removed and the
request is recompiled. If a privilege error occurs the second time, the
privilege error is reported and the latest cached NATable structure is retained.
In the case of LOAD, the privilege checks are performed in the generator;
therefore checkPrivileges is not being called, the special privilege error is
not reported and the cached NATable entry is not being refreshed.
The fix moves authorization checks from the generator into the binder -
specifically checkPrivileges. A bindNode method was added to the bulk loader
code to verify privileges. The bindNode, checks to see if the user has the
MANAGE_LOAD privilege. If so, no additional checks are required. If not
bindNode sets up the privilege structure (stoi) and saves it in the binder work
area. Later, checkPrivileges is called and privileges checked as required.