/Users/deen/code/yugabyte-db/src/yb/yql/cql/ql/ptree/pt_alter_role.cc
Line | Count | Source (jump to first uncovered line) |
1 | | //-------------------------------------------------------------------------------------------------- |
2 | | // Copyright (c) YugaByte, Inc. |
3 | | // |
4 | | // Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except |
5 | | // in compliance with the License. You may obtain a copy of the License at |
6 | | // |
7 | | // http://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software distributed under the License |
10 | | // is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express |
11 | | // or implied. See the License for the specific language governing permissions and limitations |
12 | | // under the License. |
13 | | // |
14 | | // |
15 | | // Treenode definitions for ALTER TYPE statements. |
16 | | //-------------------------------------------------------------------------------------------------- |
17 | | |
18 | | #include "yb/yql/cql/ql/ptree/pt_alter_role.h" |
19 | | |
20 | | #include "yb/util/crypt.h" |
21 | | |
22 | | #include "yb/yql/cql/ql/ptree/sem_context.h" |
23 | | #include "yb/yql/cql/ql/ptree/sem_state.h" |
24 | | #include "yb/yql/cql/ql/ptree/yb_location.h" |
25 | | |
26 | | DECLARE_bool(use_cassandra_authentication); |
27 | | |
28 | | namespace yb { |
29 | | namespace ql { |
30 | | |
31 | | using strings::Substitute; |
32 | | using yb::util::bcrypt_hashpw; |
33 | | using yb::util::kBcryptHashSize; |
34 | | |
35 | | //-------------------------------------------------------------------------------------------------- |
36 | | // Alter Role. |
37 | | |
38 | | PTAlterRole::PTAlterRole(MemoryContext* memctx, |
39 | | YBLocation::SharedPtr loc, |
40 | | const MCSharedPtr<MCString>& name, |
41 | | const PTRoleOptionListNode::SharedPtr& roleOptions) |
42 | | : TreeNode(memctx, loc), |
43 | | name_(name), |
44 | 58 | roleOptions_(roleOptions) { |
45 | 58 | } |
46 | | |
47 | 58 | PTAlterRole::~PTAlterRole() { |
48 | 58 | } |
49 | | |
50 | 58 | CHECKED_STATUS PTAlterRole::Analyze(SemContext* sem_context) { |
51 | 58 | SemState sem_state(sem_context); |
52 | | |
53 | 58 | RETURN_NOT_AUTH_ENABLED(sem_context); |
54 | 58 | RETURN_NOT_OK(sem_context->CheckHasRolePermission(loc(), PermissionType::ALTER_PERMISSION, |
55 | 58 | role_name())); |
56 | | |
57 | | // Save context state, and set "this" as current column in the context. |
58 | 58 | SymbolEntry cached_entry = *sem_context->current_processing_id(); |
59 | 58 | if (roleOptions_!= nullptr) { |
60 | 58 | RETURN_NOT_OK(roleOptions_->Analyze(sem_context)); |
61 | | |
62 | 58 | bool seen_password = false; |
63 | 58 | bool seen_superuser = false; |
64 | 58 | bool seen_login = false; |
65 | | |
66 | 68 | for (auto& roleOption : roleOptions_->node_list()) { |
67 | 68 | switch (roleOption->option_type()) { |
68 | 13 | case PTRoleOptionType::kLogin : { |
69 | 13 | if (seen_login) { |
70 | 0 | return sem_context->Error(roleOption, ErrorCode::INVALID_ROLE_DEFINITION); |
71 | 0 | } |
72 | 13 | PTRoleLogin *loginOpt = static_cast<PTRoleLogin*>(roleOption.get()); |
73 | 13 | login_ = loginOpt->login(); |
74 | 13 | seen_login = true; |
75 | 13 | break; |
76 | 13 | } |
77 | 9 | case PTRoleOptionType::kPassword : { |
78 | 9 | if (seen_password) { |
79 | 0 | return sem_context->Error(roleOption, ErrorCode::INVALID_ROLE_DEFINITION); |
80 | 0 | } |
81 | 9 | PTRolePassword *passwordOpt = static_cast<PTRolePassword*>(roleOption.get()); |
82 | | |
83 | 9 | char hash[kBcryptHashSize]; |
84 | 9 | int ret = bcrypt_hashpw(passwordOpt->password(), hash); |
85 | 9 | if (ret != 0) { |
86 | 0 | return STATUS(IllegalState, Substitute("Could not hash password, reason: $0", ret)); |
87 | 0 | } |
88 | 9 | salted_hash_ = MCMakeShared<MCString>(sem_context->PSemMem(), hash , kBcryptHashSize); |
89 | 9 | seen_password = true; |
90 | 9 | break; |
91 | 9 | } |
92 | 46 | case PTRoleOptionType::kSuperuser: { |
93 | 46 | if (seen_superuser) { |
94 | 0 | return sem_context->Error(roleOption, ErrorCode::INVALID_ROLE_DEFINITION); |
95 | 0 | } |
96 | 46 | PTRoleSuperuser *superuserOpt = static_cast<PTRoleSuperuser*>(roleOption.get()); |
97 | 46 | superuser_ = superuserOpt->superuser(); |
98 | 46 | seen_superuser = true; |
99 | 46 | break; |
100 | 46 | } |
101 | 68 | } |
102 | 68 | } |
103 | | |
104 | 58 | } |
105 | | |
106 | | // Restore the context value as we are done with this table. |
107 | 58 | sem_context->set_current_processing_id(cached_entry); |
108 | 0 | if (VLOG_IS_ON(3)) { |
109 | 0 | PrintSemanticAnalysisResult(sem_context); |
110 | 0 | } |
111 | | |
112 | 58 | return Status::OK(); |
113 | 58 | } |
114 | | |
115 | 0 | void PTAlterRole::PrintSemanticAnalysisResult(SemContext* sem_context) { |
116 | 0 | MCString sem_output("\tAlter Role ", sem_context->PTempMem()); |
117 | 0 | sem_output = sem_output + " role_name " + role_name() + " salted_hash = " + *salted_hash_; |
118 | 0 | sem_output = sem_output + " login = " + (login() ? "true" : "false"); |
119 | 0 | sem_output = sem_output + " superuser = " + (superuser() ? "true" : "false"); |
120 | 0 | VLOG(3) << "SEMANTIC ANALYSIS RESULT (" << *loc_ << "):\n" << sem_output; |
121 | 0 | } |
122 | | |
123 | | } // namespace ql |
124 | | } // namespace yb |