NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitdf67b83

committed

Password fix. Now people have to do the REVOKE themselves.

1 parent70ddf2d commitdf67b83Copy full SHA for df67b83

File tree

4 files changed

+40

-10

lines changed

src
- backend/commands
  - user.c
- bin/initdb
  - initdb.sh
- include/catalog
  - pg_user.h
- interfaces/ecpg/include
  - Makefile

4 files changed

+40

-10

lines changed

`‎src/backend/commands/user.c‎`

Lines changed: 34 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,8 +30,11 @@`
`30`	`30`	`#include<tcop/tcopprot.h>`
`31`	`31`	`#include<utils/acl.h>`
`32`	`32`	`#include<utils/rel.h>`
	`33`	`+#include<utils/syscache.h>`
`33`	`34`	`#include<commands/user.h>`
`34`	`35`
	`36`	`+staticvoidCheckPgUserAclNotNull(void);`
	`37`	`+`
`35`	`38`	`/*---------------------------------------------------------------------`
`36`	`39`	`* UpdatePgPwdFile`
`37`	`40`	`*`
`@@ -93,6 +96,8 @@ void DefineUser(CreateUserStmt *stmt) {`
`93`	`96`	`inblock;`
`94`	`97`	`intmax_id=-1;`
`95`	`98`
	`99`	`+if (stmt->password)`
	`100`	`+CheckPgUserAclNotNull();`
`96`	`101`	`if (!(inblock=IsTransactionBlock()))`
`97`	`102`	`BeginTransactionBlock();`
`98`	`103`
`@@ -204,6 +209,8 @@ extern void AlterUser(AlterUserStmt *stmt) {`
`204`	`209`	`n,`
`205`	`210`	`inblock;`
`206`	`211`
	`212`	`+if (stmt->password)`
	`213`	`+CheckPgUserAclNotNull();`
`207`	`214`	`if (!(inblock=IsTransactionBlock()))`
`208`	`215`	`BeginTransactionBlock();`
`209`	`216`
`@@ -420,3 +427,30 @@ extern void RemoveUser(char* user) {`
`420`	`427`	`if (IsTransactionBlock()&& !inblock)`
`421`	`428`	`EndTransactionBlock();`
`422`	`429`	`}`
	`430`	`+`
	`431`	`+/*`
	`432`	`+ * CheckPgUserAclNotNull`
	`433`	`+ *`
	`434`	`+ * check to see if there is an ACL on pg_user`
	`435`	`+ */`
	`436`	`+staticvoidCheckPgUserAclNotNull()`
	`437`	`+{`
	`438`	`+HeapTuplehtp;`
	`439`	`+`
	`440`	`+htp=SearchSysCacheTuple(RELNAME,PointerGetDatum(UserRelationName),`
	`441`	`+0,0,0);`
	`442`	`+if (!HeapTupleIsValid(htp))`
	`443`	`+{`
	`444`	`+elog(ERROR,"IsPgUserAclNull: class \"%s\" not found",`
	`445`	`+UserRelationName);`
	`446`	`+}`
	`447`	`+`
	`448`	`+if (heap_attisnull(htp,Anum_pg_class_relacl))`
	`449`	`+{`
	`450`	`+elog(NOTICE,"To use passwords, you have to revoke permissions on pg_user");`
	`451`	`+elog(NOTICE,"so normal users can not read the passwords.");`
	`452`	`+elog(ERROR,"Try 'REVOKE ALL ON pg_user FROM PUBLIC'");`
	`453`	`+}`
	`454`	`+`
	`455`	`+return;`
	`456`	`+}`

`‎src/bin/initdb/initdb.sh‎`

Lines changed: 1 addition & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@`
`26`	`26`	`#`
`27`	`27`	`#`
`28`	`28`	`# IDENTIFICATION`
`29`		`-# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.31 1997/12/30 02:26:43 scrappy Exp $`
	`29`	`+# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.32 1998/02/19 17:19:45 momjian Exp $`
`30`	`30`	`#`
`31`	`31`	`#-------------------------------------------------------------------------`
`32`	`32`
`@@ -351,10 +351,6 @@ echo "vacuuming template1"`
`351`	`351`	`echo"vacuum"\| postgres -F -Q -D$PGDATA template12>&1> /dev/null\|\`
`352`	`352`	`grep -v"^DEBUG:"`
`353`	`353`
`354`		`-echo"Altering pg_user acl"`
`355`		`-echo"REVOKE ALL ON pg_user FROM public"\| postgres -F -Q -D$PGDATA template12>&1> /dev/null\|\`
`356`		`- grep -v"'DEBUG:"`
`357`		`-`
`358`	`354`	`echo"COPY pg_user TO '$PGDATA/pg_pwd' USING DELIMITERS '\\t'"\| postgres -F -Q -D$PGDATA template12>&1> /dev/null\|\`
`359`	`355`	`grep -v"'DEBUG:"`
`360`	`356`

`‎src/include/catalog/pg_user.h‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`*`
`8`	`8`	`* Copyright (c) 1994, Regents of the University of California`
`9`	`9`	`*`
`10`		`- * $Id: pg_user.h,v 1.8 1997/12/12 16:26:36 momjian Exp $`
	`10`	`+ * $Id: pg_user.h,v 1.9 1998/02/19 17:19:51 momjian Exp $`
`11`	`11`	`*`
`12`	`12`	`* NOTES`
`13`	`13`	`* the genbki.sh script reads this file and generates .bki`
`@@ -58,7 +58,7 @@ typedef FormData_pg_user *Form_pg_user;`
`58`	`58`	`#defineAnum_pg_user_usetrace4`
`59`	`59`	`#defineAnum_pg_user_usesuper5`
`60`	`60`	`#defineAnum_pg_user_usecatupd6`
`61`		`-#defineAnum_pg_user_passwd7`
	`61`	`+#defineAnum_pg_user_passwd7`
`62`	`62`	`#defineAnum_pg_user_valuntil8`
`63`	`63`
`64`	`64`	`/* ----------------`

`‎src/interfaces/ecpg/include/Makefile‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,9 +6,9 @@ all clean::`
`6`	`6`	`@echo Nothing to be done.`
`7`	`7`
`8`	`8`	`install::`
`9`		`-install ecpglib.h$(DESTDIR)$(HEADERDIR)`
`10`		`-install ecpgtype.h$(DESTDIR)$(HEADERDIR)`
`11`		`-install sqlca.h$(DESTDIR)$(HEADERDIR)`
	`9`	`+install$(INSTLOPTS)ecpglib.h$(DESTDIR)$(HEADERDIR)`
	`10`	`+install$(INSTLOPTS)ecpgtype.h$(DESTDIR)$(HEADERDIR)`
	`11`	`+install$(INSTLOPTS)sqlca.h$(DESTDIR)$(HEADERDIR)`
`12`	`12`
`13`	`13`	`uninstall::`
`14`	`14`	`rm -f$(DESTDIR)$(HEADERDIR)/ecpglib.h`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitdf67b83

File tree

4 files changed

4 files changed

`‎src/backend/commands/user.c‎`

`‎src/bin/initdb/initdb.sh‎`

`‎src/include/catalog/pg_user.h‎`

`‎src/interfaces/ecpg/include/Makefile‎`

0 commit comments