NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commit916d816

committed

Restrict CREATE OPERATOR CLASS to superusers, per discussion some weeks

ago.

1 parentd2db166 commit916d816Copy full SHA for 916d816

File tree

2 files changed

+19

-5

lines changed

doc/src/sgml/ref
- create_opclass.sgml
src/backend/commands
- opclasscmds.c

2 files changed

+19

-5

lines changed

`‎doc/src/sgml/ref/create_opclass.sgml`

Lines changed: 5 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`<!--`
`2`		`-$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.3 2002/09/21 18:32:54 petere Exp $`
	`2`	`+$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.4 2002/10/04 22:19:29 tgl Exp $`
`3`	`3`	`PostgreSQL documentation`
`4`	`4`	`-->`
`5`	`5`
`@@ -209,9 +209,10 @@ CREATE OPERATOR CLASS`
`209`	`209`	`are for different index access methods.`
`210`	`210`	`</para>`
`211`	`211`	`<para>`
`212`		`- The user who defines an operator class becomes its owner. The user`
`213`		`- must own the data type for which the operator class is being defined,`
`214`		`- and must have execute permission for all referenced operators and functions.`
	`212`	`+ The user who defines an operator class becomes its owner. Presently,`
	`213`	`+ the creating user must be a superuser. (This restriction is made because`
	`214`	`+ an erroneous operator class definition could confuse or even crash the`
	`215`	`+ server.)`
`215`	`216`	`</para>`
`216`	`217`
`217`	`218`	`<para>`

`‎src/backend/commands/opclasscmds.c`

Lines changed: 14 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`	`*`
`10`	`10`	`*`
`11`	`11`	`* IDENTIFICATION`
`12`		`- * $Header: /cvsroot/pgsql/src/backend/commands/opclasscmds.c,v 1.5 2002/09/0420:31:15 momjian Exp $`
	`12`	`+ * $Header: /cvsroot/pgsql/src/backend/commands/opclasscmds.c,v 1.6 2002/10/0422:19:29 tgl Exp $`
`13`	`13`	`*`
`14`	`14`	`*-------------------------------------------------------------------------`
`15`	`15`	`*/`
`@@ -96,12 +96,25 @@ DefineOpClass(CreateOpClassStmt *stmt)`
`96`	`96`
`97`	`97`	`ReleaseSysCache(tup);`
`98`	`98`
	`99`	`+/*`
	`100`	`+ * Currently, we require superuser privileges to create an opclass.`
	`101`	`+ * This seems necessary because we have no way to validate that the`
	`102`	`+ * offered set of operators and functions are consistent with the AM's`
	`103`	`+ * expectations. It would be nice to provide such a check someday,`
	`104`	`+ * if it can be done without solving the halting problem :-(`
	`105`	`+ */`
	`106`	`+if (!superuser())`
	`107`	`+elog(ERROR,"Must be superuser to create an operator class");`
	`108`	`+`
`99`	`109`	`/* Look up the datatype */`
`100`	`110`	`typeoid=typenameTypeId(stmt->datatype);`
`101`	`111`
	`112`	`+#ifdefNOT_USED`
	`113`	`+/* XXX this is unnecessary given the superuser check above */`
`102`	`114`	`/* Check we have ownership of the datatype */`
`103`	`115`	`if (!pg_type_ownercheck(typeoid,GetUserId()))`
`104`	`116`	`aclcheck_error(ACLCHECK_NOT_OWNER,format_type_be(typeoid));`
	`117`	`+#endif`
`105`	`118`
`106`	`119`	`/* Storage datatype is optional */`
`107`	`120`	`storageoid=InvalidOid;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit916d816

File tree

2 files changed

2 files changed

`‎doc/src/sgml/ref/create_opclass.sgml`

`‎src/backend/commands/opclasscmds.c`

0 commit comments