Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commitdf67b83

Browse files
committed
Password fix. Now people have to do the REVOKE themselves.
1 parent70ddf2d commitdf67b83

File tree

4 files changed

+40
-10
lines changed

4 files changed

+40
-10
lines changed

‎src/backend/commands/user.c

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,11 @@
3030
#include<tcop/tcopprot.h>
3131
#include<utils/acl.h>
3232
#include<utils/rel.h>
33+
#include<utils/syscache.h>
3334
#include<commands/user.h>
3435

36+
staticvoidCheckPgUserAclNotNull(void);
37+
3538
/*---------------------------------------------------------------------
3639
* UpdatePgPwdFile
3740
*
@@ -93,6 +96,8 @@ void DefineUser(CreateUserStmt *stmt) {
9396
inblock;
9497
intmax_id=-1;
9598

99+
if (stmt->password)
100+
CheckPgUserAclNotNull();
96101
if (!(inblock=IsTransactionBlock()))
97102
BeginTransactionBlock();
98103

@@ -204,6 +209,8 @@ extern void AlterUser(AlterUserStmt *stmt) {
204209
n,
205210
inblock;
206211

212+
if (stmt->password)
213+
CheckPgUserAclNotNull();
207214
if (!(inblock=IsTransactionBlock()))
208215
BeginTransactionBlock();
209216

@@ -420,3 +427,30 @@ extern void RemoveUser(char* user) {
420427
if (IsTransactionBlock()&& !inblock)
421428
EndTransactionBlock();
422429
}
430+
431+
/*
432+
* CheckPgUserAclNotNull
433+
*
434+
* check to see if there is an ACL on pg_user
435+
*/
436+
staticvoidCheckPgUserAclNotNull()
437+
{
438+
HeapTuplehtp;
439+
440+
htp=SearchSysCacheTuple(RELNAME,PointerGetDatum(UserRelationName),
441+
0,0,0);
442+
if (!HeapTupleIsValid(htp))
443+
{
444+
elog(ERROR,"IsPgUserAclNull: class \"%s\" not found",
445+
UserRelationName);
446+
}
447+
448+
if (heap_attisnull(htp,Anum_pg_class_relacl))
449+
{
450+
elog(NOTICE,"To use passwords, you have to revoke permissions on pg_user");
451+
elog(NOTICE,"so normal users can not read the passwords.");
452+
elog(ERROR,"Try 'REVOKE ALL ON pg_user FROM PUBLIC'");
453+
}
454+
455+
return;
456+
}

‎src/bin/initdb/initdb.sh

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
#
2727
#
2828
# IDENTIFICATION
29-
# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.31 1997/12/30 02:26:43 scrappy Exp $
29+
# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.32 1998/02/19 17:19:45 momjian Exp $
3030
#
3131
#-------------------------------------------------------------------------
3232

@@ -351,10 +351,6 @@ echo "vacuuming template1"
351351
echo"vacuum"| postgres -F -Q -D$PGDATA template12>&1> /dev/null|\
352352
grep -v"^DEBUG:"
353353

354-
echo"Altering pg_user acl"
355-
echo"REVOKE ALL ON pg_user FROM public"| postgres -F -Q -D$PGDATA template12>&1> /dev/null|\
356-
grep -v"'DEBUG:"
357-
358354
echo"COPY pg_user TO '$PGDATA/pg_pwd' USING DELIMITERS '\\t'"| postgres -F -Q -D$PGDATA template12>&1> /dev/null|\
359355
grep -v"'DEBUG:"
360356

‎src/include/catalog/pg_user.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
* Copyright (c) 1994, Regents of the University of California
99
*
10-
* $Id: pg_user.h,v 1.8 1997/12/12 16:26:36 momjian Exp $
10+
* $Id: pg_user.h,v 1.9 1998/02/19 17:19:51 momjian Exp $
1111
*
1212
* NOTES
1313
* the genbki.sh script reads this file and generates .bki
@@ -58,7 +58,7 @@ typedef FormData_pg_user *Form_pg_user;
5858
#defineAnum_pg_user_usetrace4
5959
#defineAnum_pg_user_usesuper5
6060
#defineAnum_pg_user_usecatupd6
61-
#defineAnum_pg_user_passwd7
61+
#defineAnum_pg_user_passwd7
6262
#defineAnum_pg_user_valuntil8
6363

6464
/* ----------------

‎src/interfaces/ecpg/include/Makefile

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,9 @@ all clean::
66
@echo Nothing to be done.
77

88
install::
9-
install ecpglib.h$(DESTDIR)$(HEADERDIR)
10-
install ecpgtype.h$(DESTDIR)$(HEADERDIR)
11-
install sqlca.h$(DESTDIR)$(HEADERDIR)
9+
install$(INSTLOPTS)ecpglib.h$(DESTDIR)$(HEADERDIR)
10+
install$(INSTLOPTS)ecpgtype.h$(DESTDIR)$(HEADERDIR)
11+
install$(INSTLOPTS)sqlca.h$(DESTDIR)$(HEADERDIR)
1212

1313
uninstall::
1414
rm -f$(DESTDIR)$(HEADERDIR)/ecpglib.h

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp