Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd946b20

Browse files
committed
I updated the patch to use the SET AUTHORIZATION { INVOKER | DEFINER }
terminology. Also, the function owner is now determined and saved at compiletime (no gotchas here, right?)/Mark Volpe
1 parent11ac469 commitd946b20

File tree

6 files changed

+129
-8
lines changed

6 files changed

+129
-8
lines changed

‎src/pl/plpgsql/src/gram.y

Lines changed: 33 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
* procedural language
55
*
66
* IDENTIFICATION
7-
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.21 2001/06/06 18:54:41 wieck Exp $
7+
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.22 2001/07/11 18:54:18 momjian Exp $
88
*
99
* This software is copyrighted by Jan Wieck - Hamburg.
1010
*
@@ -122,11 +122,13 @@ staticPLpgSQL_expr*make_tupret_expr(PLpgSQL_row *row);
122122
%type<stmts>proc_sect,proc_stmts,stmt_else,loop_body
123123
%type<stmt>proc_stmt,pl_block
124124
%type<stmt>stmt_assign,stmt_if,stmt_loop,stmt_while,stmt_exit
125-
%type<stmt>stmt_return,stmt_raise,stmt_execsql,stmt_fori
125+
%type<stmt>stmt_return,stmt_raise,stmt_execsql,stmt_fori,stmt_setauth
126126
%type<stmt>stmt_fors,stmt_select,stmt_perform
127127
%type<stmt>stmt_dynexecute,stmt_dynfors,stmt_getdiag
128128
%type<stmt>stmt_open,stmt_fetch,stmt_close
129129

130+
%type<ival>auth_level
131+
130132
%type<intlist>raise_params
131133
%type<ival>raise_level,raise_param
132134
%type<str>raise_msg
@@ -172,6 +174,10 @@ staticPLpgSQL_expr*make_tupret_expr(PLpgSQL_row *row);
172174
%tokenK_PERFORM
173175
%tokenK_ROW_COUNT
174176
%tokenK_RAISE
177+
%tokenK_SET
178+
%tokenK_AUTHORIZATION
179+
%tokenK_INVOKER
180+
%tokenK_DEFINER
175181
%tokenK_RECORD
176182
%tokenK_RENAME
177183
%tokenK_RESULT_OID
@@ -726,6 +732,8 @@ proc_stmt: pl_block
726732
{$$ =$1; }
727733
|stmt_raise
728734
{$$ =$1; }
735+
|stmt_setauth
736+
{$$ =$1; }
729737
|stmt_execsql
730738
{$$ =$1; }
731739
|stmt_dynexecute
@@ -1243,6 +1251,29 @@ stmt_return: K_RETURN lno
12431251
}
12441252
;
12451253

1254+
stmt_setauth:K_SETK_AUTHORIZATIONauth_levellno';'
1255+
{
1256+
PLpgSQL_stmt_setauth *new;
1257+
1258+
new=malloc(sizeof(PLpgSQL_stmt_setauth));
1259+
1260+
new->cmd_type = PLPGSQL_STMT_SETAUTH;
1261+
new->auth_level =$3;
1262+
new->lineno =$4;
1263+
1264+
$$ = (PLpgSQL_stmt *)new;
1265+
}
1266+
1267+
auth_level :K_DEFINER
1268+
{
1269+
$$=PLPGSQL_AUTH_DEFINER;
1270+
}
1271+
|K_INVOKER
1272+
{
1273+
$$=PLPGSQL_AUTH_INVOKER;
1274+
}
1275+
;
1276+
12461277
stmt_raise:K_RAISElnoraise_levelraise_msgraise_params';'
12471278
{
12481279
PLpgSQL_stmt_raise*new;

‎src/pl/plpgsql/src/pl_comp.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
* procedural language
44
*
55
* IDENTIFICATION
6-
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.31 2001/05/21 14:22:18wieck Exp $
6+
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.32 2001/07/11 18:54:18momjian Exp $
77
*
88
* This software is copyrighted by Jan Wieck - Hamburg.
99
*
@@ -169,6 +169,7 @@ plpgsql_compile(Oid fn_oid, int functype)
169169

170170
function->fn_functype=functype;
171171
function->fn_oid=fn_oid;
172+
function->definer_uid=procStruct->proowner;
172173
function->fn_name=strdup(DatumGetCString(DirectFunctionCall1(nameout,
173174
NameGetDatum(&(procStruct->proname)))));
174175

‎src/pl/plpgsql/src/pl_exec.c

Lines changed: 47 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
* procedural language
44
*
55
* IDENTIFICATION
6-
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.44 2001/05/28 19:33:24 tgl Exp $
6+
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.45 2001/07/11 18:54:18 momjian Exp $
77
*
88
* This software is copyrighted by Jan Wieck - Hamburg.
99
*
@@ -47,6 +47,7 @@
4747
#include"plpgsql.h"
4848
#include"pl.tab.h"
4949

50+
#include"miscadmin.h"
5051
#include"access/heapam.h"
5152
#include"catalog/pg_proc.h"
5253
#include"catalog/pg_type.h"
@@ -105,6 +106,8 @@ static int exec_stmt_exit(PLpgSQL_execstate * estate,
105106
PLpgSQL_stmt_exit*stmt);
106107
staticintexec_stmt_return(PLpgSQL_execstate*estate,
107108
PLpgSQL_stmt_return*stmt);
109+
staticintexec_stmt_setauth(PLpgSQL_execstate*estate,
110+
PLpgSQL_stmt_setauth*stmt);
108111
staticintexec_stmt_raise(PLpgSQL_execstate*estate,
109112
PLpgSQL_stmt_raise*stmt);
110113
staticintexec_stmt_execsql(PLpgSQL_execstate*estate,
@@ -226,6 +229,9 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
226229
casePLPGSQL_STMT_RETURN:
227230
stmttype="return";
228231
break;
232+
casePLPGSQL_STMT_SETAUTH:
233+
stmttype="setauth";
234+
break;
229235
casePLPGSQL_STMT_RAISE:
230236
stmttype="raise";
231237
break;
@@ -277,7 +283,10 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
277283
estate.retistuple=func->fn_retistuple;
278284
estate.retisset=func->fn_retset;
279285
estate.exitlabel=NULL;
280-
286+
estate.invoker_uid=GetUserId();
287+
estate.definer_uid=func->definer_uid;
288+
estate.auth_level=PLPGSQL_AUTH_INVOKER;
289+
281290
estate.found_varno=func->found_varno;
282291
estate.ndatums=func->ndatums;
283292
estate.datums=palloc(sizeof(PLpgSQL_datum*)*estate.ndatums);
@@ -397,6 +406,9 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
397406
elog(ERROR,"control reaches end of function without RETURN");
398407
}
399408

409+
if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
410+
SetUserId(estate.invoker_uid);
411+
400412
/*
401413
* We got a return value - process it
402414
*/
@@ -577,6 +589,9 @@ plpgsql_exec_trigger(PLpgSQL_function * func,
577589
estate.retistuple=func->fn_retistuple;
578590
estate.retisset=func->fn_retset;
579591
estate.exitlabel=NULL;
592+
estate.invoker_uid=GetUserId();
593+
estate.definer_uid=func->definer_uid;
594+
estate.auth_level=PLPGSQL_AUTH_INVOKER;
580595

581596
estate.found_varno=func->found_varno;
582597
estate.ndatums=func->ndatums;
@@ -760,6 +775,9 @@ plpgsql_exec_trigger(PLpgSQL_function * func,
760775
elog(ERROR,"control reaches end of trigger procedure without RETURN");
761776
}
762777

778+
if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
779+
SetUserId(estate.invoker_uid);
780+
763781
/*
764782
* Check that the returned tuple structure has the same attributes,
765783
* the relation that fired the trigger has.
@@ -1022,6 +1040,10 @@ exec_stmt(PLpgSQL_execstate * estate, PLpgSQL_stmt * stmt)
10221040
rc=exec_stmt_return(estate, (PLpgSQL_stmt_return*)stmt);
10231041
break;
10241042

1043+
casePLPGSQL_STMT_SETAUTH:
1044+
rc=exec_stmt_setauth(estate, (PLpgSQL_stmt_setauth*)stmt);
1045+
break;
1046+
10251047
casePLPGSQL_STMT_RAISE:
10261048
rc=exec_stmt_raise(estate, (PLpgSQL_stmt_raise*)stmt);
10271049
break;
@@ -1645,6 +1667,29 @@ exec_stmt_return(PLpgSQL_execstate * estate, PLpgSQL_stmt_return * stmt)
16451667
returnPLPGSQL_RC_RETURN;
16461668
}
16471669

1670+
/* ----------
1671+
* exec_stmt_setauth Changes user ID to/from
1672+
* that of the function owner's
1673+
* ----------
1674+
*/
1675+
1676+
staticint
1677+
exec_stmt_setauth(PLpgSQL_execstate*estate,PLpgSQL_stmt_setauth*stmt)
1678+
{
1679+
switch(stmt->auth_level)
1680+
{
1681+
casePLPGSQL_AUTH_DEFINER:
1682+
SetUserId(estate->definer_uid);
1683+
break;
1684+
casePLPGSQL_AUTH_INVOKER:
1685+
SetUserId(estate->invoker_uid);
1686+
break;
1687+
}
1688+
1689+
estate->auth_level=stmt->auth_level;
1690+
returnPLPGSQL_RC_OK;
1691+
}
1692+
16481693

16491694
/* ----------
16501695
* exec_stmt_raiseBuild a message and throw it with

‎src/pl/plpgsql/src/pl_funcs.c

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
* procedural language
44
*
55
* IDENTIFICATION
6-
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.13 2001/05/21 14:22:19 wieck Exp $
6+
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.14 2001/07/11 18:54:18 momjian Exp $
77
*
88
* This software is copyrighted by Jan Wieck - Hamburg.
99
*
@@ -382,6 +382,7 @@ static void dump_fors(PLpgSQL_stmt_fors * stmt);
382382
staticvoiddump_select(PLpgSQL_stmt_select*stmt);
383383
staticvoiddump_exit(PLpgSQL_stmt_exit*stmt);
384384
staticvoiddump_return(PLpgSQL_stmt_return*stmt);
385+
staticvoiddump_setauth(PLpgSQL_stmt_setauth*stmt);
385386
staticvoiddump_raise(PLpgSQL_stmt_raise*stmt);
386387
staticvoiddump_execsql(PLpgSQL_stmt_execsql*stmt);
387388
staticvoiddump_dynexecute(PLpgSQL_stmt_dynexecute*stmt);
@@ -438,6 +439,9 @@ dump_stmt(PLpgSQL_stmt * stmt)
438439
casePLPGSQL_STMT_RETURN:
439440
dump_return((PLpgSQL_stmt_return*)stmt);
440441
break;
442+
casePLPGSQL_STMT_SETAUTH:
443+
dump_setauth((PLpgSQL_stmt_setauth*)stmt);
444+
break;
441445
casePLPGSQL_STMT_RAISE:
442446
dump_raise((PLpgSQL_stmt_raise*)stmt);
443447
break;
@@ -721,6 +725,21 @@ dump_return(PLpgSQL_stmt_return * stmt)
721725
printf("\n");
722726
}
723727

728+
staticvoid
729+
dump_setauth(PLpgSQL_stmt_setauth*stmt)
730+
{
731+
dump_ind();
732+
switch (stmt->auth_level)
733+
{
734+
casePLPGSQL_AUTH_DEFINER:
735+
printf("SET AUTHORIZATION DEFINER\n");
736+
break;
737+
casePLPGSQL_AUTH_INVOKER:
738+
printf("SET AUTHORIZATION INVOKER\n");
739+
break;
740+
}
741+
}
742+
724743
staticvoid
725744
dump_raise(PLpgSQL_stmt_raise*stmt)
726745
{

‎src/pl/plpgsql/src/plpgsql.h

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
* procedural language
44
*
55
* IDENTIFICATION
6-
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.14 2001/05/21 14:22:19wieck Exp $
6+
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.15 2001/07/11 18:54:19momjian Exp $
77
*
88
* This software is copyrighted by Jan Wieck - Hamburg.
99
*
@@ -95,6 +95,7 @@ enum
9595
PLPGSQL_STMT_DYNEXECUTE,
9696
PLPGSQL_STMT_DYNFORS,
9797
PLPGSQL_STMT_GETDIAG,
98+
PLPGSQL_STMT_SETAUTH,
9899
PLPGSQL_STMT_OPEN,
99100
PLPGSQL_STMT_FETCH,
100101
PLPGSQL_STMT_CLOSE
@@ -112,6 +113,16 @@ enum
112113
PLPGSQL_RC_RETURN
113114
};
114115

116+
/* ---------
117+
* Authorization levels
118+
* ---------
119+
*/
120+
enum
121+
{
122+
PLPGSQL_AUTH_INVOKER,
123+
PLPGSQL_AUTH_DEFINER,
124+
};
125+
115126
/* ----------
116127
* GET DIAGNOSTICS system attrs
117128
* ----------
@@ -425,6 +436,12 @@ typedef struct
425436
intretrecno;
426437
}PLpgSQL_stmt_return;
427438

439+
typedefstruct
440+
{/* SET AUTHORIZATION statement */
441+
intcmd_type;
442+
intlineno;
443+
intauth_level;
444+
}PLpgSQL_stmt_setauth;
428445

429446
typedefstruct
430447
{/* RAISE statement*/
@@ -480,6 +497,7 @@ typedef struct PLpgSQL_function
480497
inttg_nargs_varno;
481498

482499
intndatums;
500+
Oiddefiner_uid;
483501
PLpgSQL_datum**datums;
484502
PLpgSQL_stmt_block*action;
485503
structPLpgSQL_function*next;
@@ -502,6 +520,9 @@ typedef struct
502520
intfound_varno;
503521
intndatums;
504522
PLpgSQL_datum**datums;
523+
Oidinvoker_uid;
524+
Oiddefiner_uid;
525+
intauth_level;
505526
}PLpgSQL_execstate;
506527

507528

‎src/pl/plpgsql/src/scan.l

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
* procedural language
55
*
66
* IDENTIFICATION
7-
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.12 2001/05/21 14:22:19wieck Exp $
7+
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.13 2001/07/11 18:54:19momjian Exp $
88
*
99
* This software is copyrighted by Jan Wieck - Hamburg.
1010
*
@@ -121,6 +121,10 @@ null{ return K_NULL;}
121121
open{return K_OPEN;}
122122
perform{return K_PERFORM;}
123123
raise{return K_RAISE;}
124+
set{return K_SET;}
125+
authorization{return K_AUTHORIZATION;}
126+
invoker{return K_INVOKER;}
127+
definer{return K_DEFINER;}
124128
record{return K_RECORD;}
125129
rename{return K_RENAME;}
126130
result_oid{return K_RESULT_OID;}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp