Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8bc225e

Browse files
committed
Relax permissions checks on dbsize functions, per discussion. Revert out all
checks for individual-table-size functions, since anyone in the database couldget approximate values from pg_class.relpages anyway. Allow database-size tousers with CONNECT privilege for the target database (note that this isgranted by default). Allow tablespace-size if the user has CREATE privilegeon the tablespace (which is *not* granted by default), or if the tablespace isthe default tablespace for the current database (since we treat that asimplicitly allowing use of the tablespace).
1 parent3b5f5d9 commit8bc225e

File tree

1 file changed

+21
-36
lines changed

1 file changed

+21
-36
lines changed

‎src/backend/utils/adt/dbsize.c

Lines changed: 21 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
* Copyright (c) 2002-2007, PostgreSQL Global Development Group
66
*
77
* IDENTIFICATION
8-
* $PostgreSQL: pgsql/src/backend/utils/adt/dbsize.c,v 1.13 2007/08/27 01:19:14 tgl Exp $
8+
* $PostgreSQL: pgsql/src/backend/utils/adt/dbsize.c,v 1.14 2007/08/29 17:24:29 tgl Exp $
99
*
1010
*/
1111

@@ -79,6 +79,13 @@ calculate_database_size(Oid dbOid)
7979
structdirent*direntry;
8080
chardirpath[MAXPGPATH];
8181
charpathname[MAXPGPATH];
82+
AclResultaclresult;
83+
84+
/* User must have connect privilege for target database */
85+
aclresult=pg_database_aclcheck(dbOid,GetUserId(),ACL_CONNECT);
86+
if (aclresult!=ACLCHECK_OK)
87+
aclcheck_error(aclresult,ACL_KIND_DATABASE,
88+
get_database_name(dbOid));
8289

8390
/* Shared storage in pg_global is not counted */
8491

@@ -122,10 +129,6 @@ pg_database_size_oid(PG_FUNCTION_ARGS)
122129
{
123130
OiddbOid=PG_GETARG_OID(0);
124131

125-
if (!pg_database_ownercheck(dbOid,GetUserId()))
126-
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_DATABASE,
127-
get_database_name(dbOid));
128-
129132
PG_RETURN_INT64(calculate_database_size(dbOid));
130133
}
131134

@@ -141,10 +144,6 @@ pg_database_size_name(PG_FUNCTION_ARGS)
141144
errmsg("database \"%s\" does not exist",
142145
NameStr(*dbName))));
143146

144-
if (!pg_database_ownercheck(dbOid,GetUserId()))
145-
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_DATABASE,
146-
NameStr(*dbName));
147-
148147
PG_RETURN_INT64(calculate_database_size(dbOid));
149148
}
150149

@@ -160,6 +159,19 @@ calculate_tablespace_size(Oid tblspcOid)
160159
int64totalsize=0;
161160
DIR*dirdesc;
162161
structdirent*direntry;
162+
AclResultaclresult;
163+
164+
/*
165+
* User must have CREATE privilege for target tablespace, either explicitly
166+
* granted or implicitly because it is default for current database.
167+
*/
168+
if (tblspcOid!=MyDatabaseTableSpace)
169+
{
170+
aclresult=pg_tablespace_aclcheck(tblspcOid,GetUserId(),ACL_CREATE);
171+
if (aclresult!=ACLCHECK_OK)
172+
aclcheck_error(aclresult,ACL_KIND_TABLESPACE,
173+
get_tablespace_name(tblspcOid));
174+
}
163175

164176
if (tblspcOid==DEFAULTTABLESPACE_OID)
165177
snprintf(tblspcPath,MAXPGPATH,"base");
@@ -212,11 +224,6 @@ pg_tablespace_size_oid(PG_FUNCTION_ARGS)
212224
{
213225
OidtblspcOid=PG_GETARG_OID(0);
214226

215-
if (!superuser())
216-
ereport(ERROR,
217-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
218-
(errmsg("must be superuser to use pg_tablespace_size"))));
219-
220227
PG_RETURN_INT64(calculate_tablespace_size(tblspcOid));
221228
}
222229

@@ -226,11 +233,6 @@ pg_tablespace_size_name(PG_FUNCTION_ARGS)
226233
NametblspcName=PG_GETARG_NAME(0);
227234
OidtblspcOid=get_tablespace_oid(NameStr(*tblspcName));
228235

229-
if (!superuser())
230-
ereport(ERROR,
231-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
232-
(errmsg("must be superuser to use pg_tablespace_size"))));
233-
234236
if (!OidIsValid(tblspcOid))
235237
ereport(ERROR,
236238
(errcode(ERRCODE_UNDEFINED_OBJECT),
@@ -289,10 +291,6 @@ pg_relation_size_oid(PG_FUNCTION_ARGS)
289291

290292
rel=relation_open(relOid,AccessShareLock);
291293

292-
if (!pg_class_ownercheck(RelationGetRelid(rel),GetUserId()))
293-
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_CLASS,
294-
RelationGetRelationName(rel));
295-
296294
size=calculate_relation_size(&(rel->rd_node));
297295

298296
relation_close(rel,AccessShareLock);
@@ -311,10 +309,6 @@ pg_relation_size_name(PG_FUNCTION_ARGS)
311309
relrv=makeRangeVarFromNameList(textToQualifiedNameList(relname));
312310
rel=relation_openrv(relrv,AccessShareLock);
313311

314-
if (!pg_class_ownercheck(RelationGetRelid(rel),GetUserId()))
315-
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_CLASS,
316-
RelationGetRelationName(rel));
317-
318312
size=calculate_relation_size(&(rel->rd_node));
319313

320314
relation_close(rel,AccessShareLock);
@@ -336,11 +330,6 @@ calculate_total_relation_size(Oid Relid)
336330
ListCell*cell;
337331

338332
heapRel=relation_open(Relid,AccessShareLock);
339-
340-
if (!pg_class_ownercheck(RelationGetRelid(heapRel),GetUserId()))
341-
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_CLASS,
342-
RelationGetRelationName(heapRel));
343-
344333
toastOid=heapRel->rd_rel->reltoastrelid;
345334

346335
/* Get the heap size */
@@ -380,8 +369,6 @@ pg_total_relation_size_oid(PG_FUNCTION_ARGS)
380369
{
381370
Oidrelid=PG_GETARG_OID(0);
382371

383-
/* permission check is inside calculate_total_relation_size */
384-
385372
PG_RETURN_INT64(calculate_total_relation_size(relid));
386373
}
387374

@@ -395,8 +382,6 @@ pg_total_relation_size_name(PG_FUNCTION_ARGS)
395382
relrv=makeRangeVarFromNameList(textToQualifiedNameList(relname));
396383
relid=RangeVarGetRelid(relrv, false);
397384

398-
/* permission check is inside calculate_total_relation_size */
399-
400385
PG_RETURN_INT64(calculate_total_relation_size(relid));
401386
}
402387

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp