Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitdc6b4de

Browse files
committed
Require ownership permission for CREATE INDEX, per bug report.
Disallow CREATE INDEX on system catalogs, non-tables (views, sequences, etc).Disallow CREATE/DROP TRIGGER on system catalogs, non-tables.Disallow ALTER TABLE ADD/DROP CONSTRAINT on system catalogs.Disallow FOREIGN KEY reference to non-table.None of these things can actually work in the present system structure,but the code was letting them pass without complaint.
1 parentd02f0aa commitdc6b4de

File tree

5 files changed

+58
-14
lines changed

5 files changed

+58
-14
lines changed

‎src/backend/commands/command.c

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.151 2001/12/04 17:19:48 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.152 2002/01/03 23:19:30 tgl Exp $
1212
*
1313
* NOTES
1414
* The PerformAddAttribute() code, like most of the relation
@@ -716,6 +716,7 @@ AlterTableAlterColumnStatistics(const char *relationName,
716716
Relationattrelation;
717717
HeapTupletuple;
718718

719+
/* we allow this on system tables */
719720
#ifndefNO_SECURITY
720721
if (!pg_ownercheck(GetUserId(),relationName,RELNAME))
721722
elog(ERROR,"ALTER TABLE: permission denied");
@@ -1190,6 +1191,9 @@ AlterTableAddConstraint(char *relationName,
11901191
Oidmyrelid;
11911192
List*listptr;
11921193

1194+
if (!allowSystemTableMods&&IsSystemRelationName(relationName))
1195+
elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",
1196+
relationName);
11931197
#ifndefNO_SECURITY
11941198
if (!pg_ownercheck(GetUserId(),relationName,RELNAME))
11951199
elog(ERROR,"ALTER TABLE: permission denied");
@@ -1506,6 +1510,9 @@ AlterTableDropConstraint(const char *relationName,
15061510
Relationrel;
15071511
intdeleted;
15081512

1513+
if (!allowSystemTableMods&&IsSystemRelationName(relationName))
1514+
elog(ERROR,"ALTER TABLE: relation \"%s\" is a system catalog",
1515+
relationName);
15091516
#ifndefNO_SECURITY
15101517
if (!pg_ownercheck(GetUserId(),relationName,RELNAME))
15111518
elog(ERROR,"ALTER TABLE: permission denied");
@@ -1886,9 +1893,7 @@ needs_toast_table(Relation rel)
18861893
}
18871894

18881895
/*
1889-
*
18901896
* LOCK TABLE
1891-
*
18921897
*/
18931898
void
18941899
LockTableCommand(LockStmt*lockstmt)

‎src/backend/commands/indexcmds.c

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.61 2001/11/20 02:46:13 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.62 2002/01/03 23:19:36 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -73,6 +73,7 @@ DefineIndex(char *heapRelationName,
7373
Oid*classObjectId;
7474
OidaccessMethodId;
7575
OidrelationId;
76+
Relationrel;
7677
HeapTupletuple;
7778
Form_pg_amaccessMethodForm;
7879
IndexInfo*indexInfo;
@@ -90,12 +91,25 @@ DefineIndex(char *heapRelationName,
9091
INDEX_MAX_KEYS);
9192

9293
/*
93-
*compute heap relation id
94+
*Open heap relation, acquire a suitable lock on it, remember its OID
9495
*/
95-
if ((relationId=RelnameFindRelid(heapRelationName))==InvalidOid)
96-
elog(ERROR,"DefineIndex: relation \"%s\" not found",
96+
rel=heap_openr(heapRelationName,ShareLock);
97+
98+
/* Note: during bootstrap may see uncataloged relation */
99+
if (rel->rd_rel->relkind!=RELKIND_RELATION&&
100+
rel->rd_rel->relkind!=RELKIND_UNCATALOGED)
101+
elog(ERROR,"DefineIndex: relation \"%s\" is not a table",
97102
heapRelationName);
98103

104+
relationId=RelationGetRelid(rel);
105+
106+
heap_close(rel,NoLock);
107+
108+
if (!IsBootstrapProcessingMode()&&
109+
IsSystemRelationName(heapRelationName)&&
110+
!IndexesAreActive(relationId, false))
111+
elog(ERROR,"Existing indexes are inactive. REINDEX first");
112+
99113
/*
100114
* look up the access method, verify it can handle the requested
101115
* features
@@ -131,9 +145,6 @@ DefineIndex(char *heapRelationName,
131145
CheckPredicate(cnfPred,rangetable,relationId);
132146
}
133147

134-
if (!IsBootstrapProcessingMode()&&IsSystemRelationName(heapRelationName)&& !IndexesAreActive(relationId, false))
135-
elog(ERROR,"Existing indexes are inactive. REINDEX first");
136-
137148
/*
138149
* Prepare arguments for index_create, primarily an IndexInfo
139150
* structure

‎src/backend/commands/trigger.c

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* Portions Copyright (c) 1994, Regents of the University of California
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.99 2001/11/16 16:31:16 tgl Exp $
10+
* $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.100 2002/01/03 23:21:23 tgl Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -105,6 +105,10 @@ CreateTrigger(CreateTrigStmt *stmt)
105105

106106
rel=heap_openr(stmt->relname,AccessExclusiveLock);
107107

108+
if (rel->rd_rel->relkind!=RELKIND_RELATION)
109+
elog(ERROR,"CreateTrigger: relation \"%s\" is not a table",
110+
stmt->relname);
111+
108112
TRIGGER_CLEAR_TYPE(tgtype);
109113
if (stmt->before)
110114
TRIGGER_SETT_BEFORE(tgtype);
@@ -315,11 +319,20 @@ DropTrigger(DropTrigStmt *stmt)
315319
intfound=0;
316320
inttgfound=0;
317321

322+
if (!allowSystemTableMods&&IsSystemRelationName(stmt->relname))
323+
elog(ERROR,"DropTrigger: can't drop trigger for system relation %s",
324+
stmt->relname);
325+
318326
if (!pg_ownercheck(GetUserId(),stmt->relname,RELNAME))
319-
elog(ERROR,"%s: %s",stmt->relname,aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
327+
elog(ERROR,"%s: %s",stmt->relname,
328+
aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
320329

321330
rel=heap_openr(stmt->relname,AccessExclusiveLock);
322331

332+
if (rel->rd_rel->relkind!=RELKIND_RELATION)
333+
elog(ERROR,"DropTrigger: relation \"%s\" is not a table",
334+
stmt->relname);
335+
323336
/*
324337
* Search pg_trigger, delete target trigger, count remaining triggers
325338
* for relation. Note this is OK only because we have

‎src/backend/parser/analyze.c

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
77
* Portions Copyright (c) 1994, Regents of the University of California
88
*
9-
*$Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.212 2001/11/1221:04:45 tgl Exp $
9+
*$Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.213 2002/01/03 23:21:31 tgl Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -2792,6 +2792,10 @@ transformFkeyCheckAttrs(FkConstraint *fkconstraint, Oid *pktypoid)
27922792
*/
27932793
pkrel=heap_openr(fkconstraint->pktable_name,AccessShareLock);
27942794

2795+
if (pkrel->rd_rel->relkind!=RELKIND_RELATION)
2796+
elog(ERROR,"Referenced relation \"%s\" is not a table",
2797+
fkconstraint->pktable_name);
2798+
27952799
/*
27962800
* Get the list of index OIDs for the table from the relcache, and
27972801
* look up each one in the pg_index syscache for each unique one, and
@@ -2881,6 +2885,10 @@ transformFkeyGetPrimaryKey(FkConstraint *fkconstraint, Oid *pktypoid)
28812885
*/
28822886
pkrel=heap_openr(fkconstraint->pktable_name,AccessShareLock);
28832887

2888+
if (pkrel->rd_rel->relkind!=RELKIND_RELATION)
2889+
elog(ERROR,"Referenced relation \"%s\" is not a table",
2890+
fkconstraint->pktable_name);
2891+
28842892
/*
28852893
* Get the list of index OIDs for the table from the relcache, and
28862894
* look up each one in the pg_index syscache until we find one marked

‎src/backend/tcop/utility.c

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
*
1111
*
1212
* IDENTIFICATION
13-
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.123 2001/11/20 02:46:13 tgl Exp $
13+
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.124 2002/01/03 23:21:32 tgl Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -532,6 +532,13 @@ ProcessUtility(Node *parsetree,
532532

533533
set_ps_display(commandTag="CREATE");
534534

535+
relname=stmt->relname;
536+
if (!allowSystemTableMods&&IsSystemRelationName(relname))
537+
elog(ERROR,"CREATE INDEX: relation \"%s\" is a system catalog",
538+
relname);
539+
if (!pg_ownercheck(GetUserId(),relname,RELNAME))
540+
elog(ERROR,"permission denied");
541+
535542
DefineIndex(stmt->relname,/* relation name */
536543
stmt->idxname,/* index name */
537544
stmt->accessMethod,/* am name */

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp