NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commit56c9b73

committed

Change the aclchk.c routines to uniformly use OIDs to identify the

objects to be privilege-checked. Some change in their APIs would benecessary no matter what in the schema environment, and simply gettingrid of the name-based interface entirely seems like the best way.

1 parent6137ed1 commit56c9b73Copy full SHA for 56c9b73

File tree

22 files changed

+551

-687

lines changed

src
- backend
  - catalog
    - aclchk.c
  - commands
  - executor
    - execMain.c
  - rewrite
    - rewriteDefine.c
    - rewriteRemove.c
  - tcop
    - utility.c
  - utils
    - adt
      - acl.c
    - cache
      - syscache.c
- include
  - rewrite
    - rewriteRemove.h
  - utils
    - acl.h
    - syscache.h
- test/regress/expected
  - errors.out
  - privileges.out

22 files changed

+551

-687

lines changed

`‎src/backend/catalog/aclchk.c‎`

Lines changed: 178 additions & 286 deletions

Large diffs are not rendered by default.

`‎src/backend/commands/analyze.c‎`

Lines changed: 2 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.28 2002/03/06 06:09:28 momjian Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.29 2002/03/21 23:27:20 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -200,8 +200,7 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt)`
`200`	`200`	`*/`
`201`	`201`	`onerel=heap_open(relid,AccessShareLock);`
`202`	`202`
`203`		`-if (!(pg_ownercheck(GetUserId(),RelationGetRelationName(onerel),`
`204`		`-RELNAME)\|\|`
	`203`	`+if (!(pg_class_ownercheck(RelationGetRelid(onerel),GetUserId())\|\|`
`205`	`204`	`(is_dbadmin(MyDatabaseId)&& !onerel->rd_rel->relisshared)))`
`206`	`205`	`{`
`207`	`206`	`/* No need for a WARNING if we already complained during VACUUM */`

`‎src/backend/commands/command.c‎`

Lines changed: 75 additions & 80 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.162 2002/03/2116:00:31 tgl Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.163 2002/03/2123:27:20 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`* NOTES`
`14`	`14`	`* The PerformAddAttribute() code, like most of the relation`
`@@ -327,6 +327,17 @@ AlterTableAddColumn(const char *relationName,`
`327`	`327`	`char*typename;`
`328`	`328`	`intattndims;`
`329`	`329`
	`330`	`+/*`
	`331`	`+ * Grab an exclusive lock on the target table, which we will NOT`
	`332`	`+ * release until end of transaction.`
	`333`	`+ */`
	`334`	`+rel=heap_openr(relationName,AccessExclusiveLock);`
	`335`	`+myrelid=RelationGetRelid(rel);`
	`336`	`+`
	`337`	`+if (rel->rd_rel->relkind!=RELKIND_RELATION)`
	`338`	`+elog(ERROR,"ALTER TABLE: relation \"%s\" is not a table",`
	`339`	`+relationName);`
	`340`	`+`
`330`	`341`	`/*`
`331`	`342`	`* permissions checking. this would normally be done in utility.c,`
`332`	`343`	`* but this particular routine is recursive.`
`@@ -336,20 +347,9 @@ AlterTableAddColumn(const char *relationName,`
`336`	`347`	`if (!allowSystemTableMods&&IsSystemRelationName(relationName))`
`337`	`348`	`elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",`
`338`	`349`	`relationName);`
`339`		`-if (!pg_ownercheck(GetUserId(),relationName,RELNAME))`
	`350`	`+if (!pg_class_ownercheck(myrelid,GetUserId()))`
`340`	`351`	`elog(ERROR,"ALTER TABLE: permission denied");`
`341`	`352`
`342`		`-/*`
`343`		`- * Grab an exclusive lock on the target table, which we will NOT`
`344`		`- * release until end of transaction.`
`345`		`- */`
`346`		`-rel=heap_openr(relationName,AccessExclusiveLock);`
`347`		`-`
`348`		`-if (rel->rd_rel->relkind!=RELKIND_RELATION)`
`349`		`-elog(ERROR,"ALTER TABLE: relation \"%s\" is not a table",`
`350`		`-relationName);`
`351`		`-`
`352`		`-myrelid=RelationGetRelid(rel);`
`353`	`353`	`heap_close(rel,NoLock);/* close rel but keep lock! */`
`354`	`354`
`355`	`355`	`/*`
`@@ -556,21 +556,19 @@ AlterTableAlterColumnDefault(const char *relationName,`
`556`	`556`	`int16attnum;`
`557`	`557`	`Oidmyrelid;`
`558`	`558`
`559`		`-if (!allowSystemTableMods&&IsSystemRelationName(relationName))`
`560`		`-elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",`
`561`		`-relationName);`
`562`		`-#ifndefNO_SECURITY`
`563`		`-if (!pg_ownercheck(GetUserId(),relationName,RELNAME))`
`564`		`-elog(ERROR,"ALTER TABLE: permission denied");`
`565`		`-#endif`
`566`		`-`
`567`	`559`	`rel=heap_openr(relationName,AccessExclusiveLock);`
	`560`	`+myrelid=RelationGetRelid(rel);`
`568`	`561`
`569`	`562`	`if (rel->rd_rel->relkind!=RELKIND_RELATION)`
`570`	`563`	`elog(ERROR,"ALTER TABLE: relation \"%s\" is not a table",`
`571`	`564`	`relationName);`
`572`	`565`
`573`		`-myrelid=RelationGetRelid(rel);`
	`566`	`+if (!allowSystemTableMods&&IsSystemRelationName(relationName))`
	`567`	`+elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",`
	`568`	`+relationName);`
	`569`	`+if (!pg_class_ownercheck(myrelid,GetUserId()))`
	`570`	`+elog(ERROR,"ALTER TABLE: permission denied");`
	`571`	`+`
`574`	`572`	`heap_close(rel,NoLock);`
`575`	`573`
`576`	`574`	`/*`
`@@ -730,24 +728,21 @@ AlterTableAlterColumnFlags(const char *relationName,`
`730`	`728`	`Relationattrelation;`
`731`	`729`	`HeapTupletuple;`
`732`	`730`
`733`		`-/* we allow statistics case for system tables */`
`734`		`-`
`735`		`-if (*flagType=='M'&& !allowSystemTableMods&&IsSystemRelationName(relationName))`
`736`		`-elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",`
`737`		`-relationName);`
`738`		`-`
`739`		`-#ifndefNO_SECURITY`
`740`		`-if (!pg_ownercheck(GetUserId(),relationName,RELNAME))`
`741`		`-elog(ERROR,"ALTER TABLE: permission denied");`
`742`		`-#endif`
`743`		`-`
`744`	`731`	`rel=heap_openr(relationName,AccessExclusiveLock);`
	`732`	`+myrelid=RelationGetRelid(rel);`
`745`	`733`
`746`	`734`	`if (rel->rd_rel->relkind!=RELKIND_RELATION)`
`747`	`735`	`elog(ERROR,"ALTER TABLE: relation \"%s\" is not a table",`
`748`	`736`	`relationName);`
`749`	`737`
`750`		`-myrelid=RelationGetRelid(rel);`
	`738`	`+/* we allow statistics case for system tables */`
	`739`	`+if (*flagType=='M'&&`
	`740`	`+!allowSystemTableMods&&IsSystemRelationName(relationName))`
	`741`	`+elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",`
	`742`	`+relationName);`
	`743`	`+if (!pg_class_ownercheck(myrelid,GetUserId()))`
	`744`	`+elog(ERROR,"ALTER TABLE: permission denied");`
	`745`	`+`
`751`	`746`	`heap_close(rel,NoLock);/* close rel, but keep lock! */`
`752`	`747`
`753`	`748`
`@@ -1034,6 +1029,17 @@ AlterTableDropColumn(const char *relationName,`
`1034`	`1029`	`if (inh)`
`1035`	`1030`	`elog(ERROR,"ALTER TABLE / DROP COLUMN with inherit option is not supported yet");`
`1036`	`1031`
	`1032`	`+/*`
	`1033`	`+ * Grab an exclusive lock on the target table, which we will NOT`
	`1034`	`+ * release until end of transaction.`
	`1035`	`+ */`
	`1036`	`+rel=heap_openr(relationName,AccessExclusiveLock);`
	`1037`	`+myrelid=RelationGetRelid(rel);`
	`1038`	`+`
	`1039`	`+if (rel->rd_rel->relkind!=RELKIND_RELATION)`
	`1040`	`+elog(ERROR,"ALTER TABLE: relation \"%s\" is not a table",`
	`1041`	`+relationName);`
	`1042`	`+`
`1037`	`1043`	`/*`
`1038`	`1044`	`* permissions checking. this would normally be done in utility.c,`
`1039`	`1045`	`* but this particular routine is recursive.`
`@@ -1043,22 +1049,9 @@ AlterTableDropColumn(const char *relationName,`
`1043`	`1049`	`if (!allowSystemTableMods&&IsSystemRelationName(relationName))`
`1044`	`1050`	`elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",`
`1045`	`1051`	`relationName);`
`1046`		`-#ifndefNO_SECURITY`
`1047`		`-if (!pg_ownercheck(GetUserId(),relationName,RELNAME))`
	`1052`	`+if (!pg_class_ownercheck(myrelid,GetUserId()))`
`1048`	`1053`	`elog(ERROR,"ALTER TABLE: permission denied");`
`1049`		`-#endif`
`1050`		`-`
`1051`		`-/*`
`1052`		`- * Grab an exclusive lock on the target table, which we will NOT`
`1053`		`- * release until end of transaction.`
`1054`		`- */`
`1055`		`-rel=heap_openr(relationName,AccessExclusiveLock);`
`1056`		`-`
`1057`		`-if (rel->rd_rel->relkind!=RELKIND_RELATION)`
`1058`		`-elog(ERROR,"ALTER TABLE: relation \"%s\" is not a table",`
`1059`		`-relationName);`
`1060`	`1054`
`1061`		`-myrelid=RelationGetRelid(rel);`
`1062`	`1055`	`heap_close(rel,NoLock);/* close rel but keep lock! */`
`1063`	`1056`
`1064`	`1057`	`/*`
`@@ -1180,25 +1173,22 @@ AlterTableAddConstraint(char *relationName,`
`1180`	`1173`	`Oidmyrelid;`
`1181`	`1174`	`List*listptr;`
`1182`	`1175`
`1183`		`-if (!allowSystemTableMods&&IsSystemRelationName(relationName))`
`1184`		`-elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",`
`1185`		`-relationName);`
`1186`		`-#ifndefNO_SECURITY`
`1187`		`-if (!pg_ownercheck(GetUserId(),relationName,RELNAME))`
`1188`		`-elog(ERROR,"ALTER TABLE: permission denied");`
`1189`		`-#endif`
`1190`		`-`
`1191`	`1176`	`/*`
`1192`	`1177`	`* Grab an exclusive lock on the target table, which we will NOT`
`1193`	`1178`	`* release until end of transaction.`
`1194`	`1179`	`*/`
`1195`	`1180`	`rel=heap_openr(relationName,AccessExclusiveLock);`
	`1181`	`+myrelid=RelationGetRelid(rel);`
`1196`	`1182`
`1197`	`1183`	`if (rel->rd_rel->relkind!=RELKIND_RELATION)`
`1198`	`1184`	`elog(ERROR,"ALTER TABLE: relation \"%s\" is not a table",`
`1199`	`1185`	`relationName);`
`1200`	`1186`
`1201`		`-myrelid=RelationGetRelid(rel);`
	`1187`	`+if (!allowSystemTableMods&&IsSystemRelationName(relationName))`
	`1188`	`+elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",`
	`1189`	`+relationName);`
	`1190`	`+if (!pg_class_ownercheck(myrelid,GetUserId()))`
	`1191`	`+elog(ERROR,"ALTER TABLE: permission denied");`
`1202`	`1192`
`1203`	`1193`	`if (inh)`
`1204`	`1194`	`{`
`@@ -1496,16 +1486,9 @@ AlterTableDropConstraint(const char *relationName,`
`1496`	`1486`	`intbehavior)`
`1497`	`1487`	`{`
`1498`	`1488`	`Relationrel;`
	`1489`	`+Oidmyrelid;`
`1499`	`1490`	`intdeleted;`
`1500`	`1491`
`1501`		`-if (!allowSystemTableMods&&IsSystemRelationName(relationName))`
`1502`		`-elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",`
`1503`		`-relationName);`
`1504`		`-#ifndefNO_SECURITY`
`1505`		`-if (!pg_ownercheck(GetUserId(),relationName,RELNAME))`
`1506`		`-elog(ERROR,"ALTER TABLE: permission denied");`
`1507`		`-#endif`
`1508`		`-`
`1509`	`1492`	`/*`
`1510`	`1493`	`* We don't support CASCADE yet - in fact, RESTRICT doesn't work to`
`1511`	`1494`	`* the spec either!`
`@@ -1517,14 +1500,20 @@ AlterTableDropConstraint(const char *relationName,`
`1517`	`1500`	`* Acquire an exclusive lock on the target relation for the duration`
`1518`	`1501`	`* of the operation.`
`1519`	`1502`	`*/`
`1520`		`-`
`1521`	`1503`	`rel=heap_openr(relationName,AccessExclusiveLock);`
	`1504`	`+myrelid=RelationGetRelid(rel);`
`1522`	`1505`
`1523`	`1506`	`/* Disallow DROP CONSTRAINT on views, indexes, sequences, etc */`
`1524`	`1507`	`if (rel->rd_rel->relkind!=RELKIND_RELATION)`
`1525`	`1508`	`elog(ERROR,"ALTER TABLE: relation \"%s\" is not a table",`
`1526`	`1509`	`relationName);`
`1527`	`1510`
	`1511`	`+if (!allowSystemTableMods&&IsSystemRelationName(relationName))`
	`1512`	`+elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",`
	`1513`	`+relationName);`
	`1514`	`+if (!pg_class_ownercheck(myrelid,GetUserId()))`
	`1515`	`+elog(ERROR,"ALTER TABLE: permission denied");`
	`1516`	`+`
`1528`	`1517`	`/*`
`1529`	`1518`	`* Since all we have is the name of the constraint, we have to look`
`1530`	`1519`	`* through all catalogs that could possibly contain a constraint for`
`@@ -1692,25 +1681,19 @@ AlterTableCreateToastTable(const char *relationName, bool silent)`
`1692`	`1681`	`IndexInfo*indexInfo;`
`1693`	`1682`	`OidclassObjectId[2];`
`1694`	`1683`
`1695`		`-/*`
`1696`		`- * permissions checking. XXX exactly what is appropriate here?`
`1697`		`- */`
`1698`		`-#ifndefNO_SECURITY`
`1699`		`-if (!pg_ownercheck(GetUserId(),relationName,RELNAME))`
`1700`		`-elog(ERROR,"ALTER TABLE: permission denied");`
`1701`		`-#endif`
`1702`		`-`
`1703`	`1684`	`/*`
`1704`	`1685`	`* Grab an exclusive lock on the target table, which we will NOT`
`1705`	`1686`	`* release until end of transaction.`
`1706`	`1687`	`*/`
`1707`	`1688`	`rel=heap_openr(relationName,AccessExclusiveLock);`
	`1689`	`+myrelid=RelationGetRelid(rel);`
`1708`	`1690`
`1709`	`1691`	`if (rel->rd_rel->relkind!=RELKIND_RELATION)`
`1710`	`1692`	`elog(ERROR,"ALTER TABLE: relation \"%s\" is not a table",`
`1711`	`1693`	`relationName);`
`1712`	`1694`
`1713`		`-myrelid=RelationGetRelid(rel);`
	`1695`	`+if (!pg_class_ownercheck(myrelid,GetUserId()))`
	`1696`	`+elog(ERROR,"ALTER TABLE: permission denied");`
`1714`	`1697`
`1715`	`1698`	`/*`
`1716`	`1699`	`* lock the pg_class tuple for update (is that really needed?)`
`@@ -1940,20 +1923,32 @@ LockTableCommand(LockStmt *lockstmt)`
`1940`	`1923`	`{`
`1941`	`1924`	`RangeVar*relation=lfirst(p);`
`1942`	`1925`	`char*relname=relation->relname;`
	`1926`	`+Oidreloid;`
`1943`	`1927`	`intaclresult;`
`1944`	`1928`	`Relationrel;`
`1945`	`1929`
	`1930`	`+/*`
	`1931`	`+ * We don't want to open the relation until we've checked privilege.`
	`1932`	`+ * So, manually get the relation OID.`
	`1933`	`+ */`
	`1934`	`+reloid=GetSysCacheOid(RELNAME,`
	`1935`	`+PointerGetDatum(relname),`
	`1936`	`+0,0,0);`
	`1937`	`+if (!OidIsValid(reloid))`
	`1938`	`+elog(ERROR,"LOCK TABLE: relation \"%s\" does not exist",`
	`1939`	`+relname);`
	`1940`	`+`
`1946`	`1941`	`if (lockstmt->mode==AccessShareLock)`
`1947`		`-aclresult=pg_aclcheck(relname,GetUserId(),`
`1948`		`-ACL_SELECT);`
	`1942`	`+aclresult=pg_class_aclcheck(reloid,GetUserId(),`
	`1943`	`+ACL_SELECT);`
`1949`	`1944`	`else`
`1950`		`-aclresult=pg_aclcheck(relname,GetUserId(),`
`1951`		`-ACL_UPDATE \|ACL_DELETE);`
	`1945`	`+aclresult=pg_class_aclcheck(reloid,GetUserId(),`
	`1946`	`+ACL_UPDATE \|ACL_DELETE);`
`1952`	`1947`
`1953`	`1948`	`if (aclresult!=ACLCHECK_OK)`
`1954`	`1949`	`elog(ERROR,"LOCK TABLE: permission denied");`
`1955`	`1950`
`1956`		`-rel=relation_openr(relname,lockstmt->mode);`
	`1951`	`+rel=relation_open(reloid,lockstmt->mode);`
`1957`	`1952`
`1958`	`1953`	`/* Currently, we only allow plain tables to be locked */`
`1959`	`1954`	`if (rel->rd_rel->relkind!=RELKIND_RELATION)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit56c9b73

File tree

22 files changed

22 files changed

`‎src/backend/catalog/aclchk.c‎`

`‎src/backend/commands/analyze.c‎`

`‎src/backend/commands/command.c‎`

0 commit comments