NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit7562103

committed

The no-updates-to-system-catalogs-unless-usecatupd restriction should

not apply to system views. It never mattered before 7.4, but it does now.

1 parent303a257 commit7562103Copy full SHA for 7562103

File tree

1 file changed

+13

-7

lines changed

src/backend/catalog
- aclchk.c

1 file changed

+13

-7

lines changed

`‎src/backend/catalog/aclchk.c`

Lines changed: 13 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.96 2003/12/19 14:21:56 petere Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.97 2004/01/14 03:44:53 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`* NOTES`
`14`	`14`	`* See acl.h.`
`@@ -1015,6 +1015,7 @@ pg_class_aclcheck(Oid table_oid, AclId userid, AclMode mode)`
`1015`	`1015`	`boolusesuper,`
`1016`	`1016`	`usecatupd;`
`1017`	`1017`	`HeapTupletuple;`
	`1018`	`+Form_pg_classclassForm;`
`1018`	`1019`	`DatumaclDatum;`
`1019`	`1020`	`boolisNull;`
`1020`	`1021`	`Acl*acl;`
`@@ -1046,16 +1047,22 @@ pg_class_aclcheck(Oid table_oid, AclId userid, AclMode mode)`
`1046`	`1047`	`ereport(ERROR,`
`1047`	`1048`	`(errcode(ERRCODE_UNDEFINED_TABLE),`
`1048`	`1049`	`errmsg("relation with OID %u does not exist",table_oid)));`
	`1050`	`+classForm= (Form_pg_class)GETSTRUCT(tuple);`
`1049`	`1051`
`1050`	`1052`	`/*`
`1051`	`1053`	`* Deny anyone permission to update a system catalog unless`
`1052`	`1054`	`* pg_shadow.usecatupd is set.(This is to let superusers protect`
`1053`		`- * themselves from themselves.)`
	`1055`	`+ * themselves from themselves.) Also allow it if allowSystemTableMods.`
	`1056`	`+ *`
	`1057`	`+ * As of 7.4 we have some updatable system views; those shouldn't`
	`1058`	`+ * be protected in this way. Assume the view rules can take care`
	`1059`	`+ * of themselves.`
`1054`	`1060`	`*/`
`1055`	`1061`	`if ((mode& (ACL_INSERT \|ACL_UPDATE \|ACL_DELETE))&&`
`1056`		`-!allowSystemTableMods&&`
`1057`		`-IsSystemClass((Form_pg_class)GETSTRUCT(tuple))&&`
`1058`		`-!usecatupd)`
	`1062`	`+IsSystemClass(classForm)&&`
	`1063`	`+classForm->relkind!=RELKIND_VIEW&&`
	`1064`	`+!usecatupd&&`
	`1065`	`+!allowSystemTableMods)`
`1059`	`1066`	`{`
`1060`	`1067`	`#ifdefACLDEBUG`
`1061`	`1068`	`elog(DEBUG2,"permission denied for system catalog update");`
`@@ -1084,9 +1091,8 @@ pg_class_aclcheck(Oid table_oid, AclId userid, AclMode mode)`
`1084`	`1091`	`if (isNull)`
`1085`	`1092`	`{`
`1086`	`1093`	`/* No ACL, so build default ACL */`
`1087`		`-AclIdownerId;`
	`1094`	`+AclIdownerId=classForm->relowner;`
`1088`	`1095`
`1089`		`-ownerId= ((Form_pg_class)GETSTRUCT(tuple))->relowner;`
`1090`	`1096`	`acl=acldefault(ACL_OBJECT_RELATION,ownerId);`
`1091`	`1097`	`aclDatum= (Datum)0;`
`1092`	`1098`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit7562103

File tree

1 file changed

1 file changed

`‎src/backend/catalog/aclchk.c`

0 commit comments