NotificationsYou must be signed in to change notification settings
Fork5
Star27

Commit5ae5e3b

committed

Check that aggregate creator has the right to execute the transition

functions of the aggregate, at both aggregate creation and execution times.

1 parentf76730e commit5ae5e3bCopy full SHA for 5ae5e3b

File tree

2 files changed

+41

-2

lines changed

src/backend
- catalog
  - pg_aggregate.c
- executor
  - nodeAgg.c

2 files changed

+41

-2

lines changed

`‎src/backend/catalog/pg_aggregate.c‎`

Lines changed: 10 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/catalog/pg_aggregate.c,v 1.69 2004/12/31 21:59:38 pgsql Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/catalog/pg_aggregate.c,v 1.70 2005/01/27 23:42:15 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -22,10 +22,13 @@`
`22`	`22`	`#include"catalog/pg_aggregate.h"`
`23`	`23`	`#include"catalog/pg_language.h"`
`24`	`24`	`#include"catalog/pg_proc.h"`
	`25`	`+#include"miscadmin.h"`
`25`	`26`	`#include"optimizer/cost.h"`
`26`	`27`	`#include"parser/parse_coerce.h"`
`27`	`28`	`#include"parser/parse_func.h"`
	`29`	`+#include"utils/acl.h"`
`28`	`30`	`#include"utils/builtins.h"`
	`31`	`+#include"utils/lsyscache.h"`
`29`	`32`	`#include"utils/syscache.h"`
`30`	`33`
`31`	`34`
`@@ -262,6 +265,7 @@ lookup_agg_function(List *fnName,`
`262`	`265`	`boolretset;`
`263`	`266`	`Oid*true_oid_array;`
`264`	`267`	`FuncDetailCodefdresult;`
	`268`	`+AclResultaclresult;`
`265`	`269`
`266`	`270`	`/*`
`267`	`271`	`* func_get_detail looks up the function in the catalogs, does`
`@@ -326,5 +330,10 @@ lookup_agg_function(List *fnName,`
`326`	`330`	`errmsg("function %s requires run-time type coercion",`
`327`	`331`	`func_signature_string(fnName,nargs,true_oid_array))));`
`328`	`332`
	`333`	`+/* Check aggregate creator has permission to call the function */`
	`334`	`+aclresult=pg_proc_aclcheck(fnOid,GetUserId(),ACL_EXECUTE);`
	`335`	`+if (aclresult!=ACLCHECK_OK)`
	`336`	`+aclcheck_error(aclresult,ACL_KIND_PROC,get_func_name(fnOid));`
	`337`	`+`
`329`	`338`	`returnfnOid;`
`330`	`339`	`}`

`‎src/backend/executor/nodeAgg.c‎`

Lines changed: 31 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@`
`45`	`45`	`* Portions Copyright (c) 1994, Regents of the University of California`
`46`	`46`	`*`
`47`	`47`	`* IDENTIFICATION`
`48`		`- * $PostgreSQL: pgsql/src/backend/executor/nodeAgg.c,v 1.126 2004/12/31 21:59:45 pgsql Exp $`
	`48`	`+ * $PostgreSQL: pgsql/src/backend/executor/nodeAgg.c,v 1.127 2005/01/27 23:42:18 tgl Exp $`
`49`	`49`	`*`
`50`	`50`	`*-------------------------------------------------------------------------`
`51`	`51`	`*/`
`@@ -55,6 +55,7 @@`
`55`	`55`	`#include"access/heapam.h"`
`56`	`56`	`#include"catalog/pg_aggregate.h"`
`57`	`57`	`#include"catalog/pg_operator.h"`
	`58`	`+#include"catalog/pg_proc.h"`
`58`	`59`	`#include"executor/executor.h"`
`59`	`60`	`#include"executor/nodeAgg.h"`
`60`	`61`	`#include"miscadmin.h"`
`@@ -1260,6 +1261,35 @@ ExecInitAgg(Agg node, EState estate)`
`1260`	`1261`	`peraggstate->transfn_oid=transfn_oid=aggform->aggtransfn;`
`1261`	`1262`	`peraggstate->finalfn_oid=finalfn_oid=aggform->aggfinalfn;`
`1262`	`1263`
	`1264`	`+/* Check that aggregate owner has permission to call component fns */`
	`1265`	`+{`
	`1266`	`+HeapTupleprocTuple;`
	`1267`	`+AclIdaggOwner;`
	`1268`	`+`
	`1269`	`+procTuple=SearchSysCache(PROCOID,`
	`1270`	`+ObjectIdGetDatum(aggref->aggfnoid),`
	`1271`	`+0,0,0);`
	`1272`	`+if (!HeapTupleIsValid(procTuple))`
	`1273`	`+elog(ERROR,"cache lookup failed for function %u",`
	`1274`	`+aggref->aggfnoid);`
	`1275`	`+aggOwner= ((Form_pg_proc)GETSTRUCT(procTuple))->proowner;`
	`1276`	`+ReleaseSysCache(procTuple);`
	`1277`	`+`
	`1278`	`+aclresult=pg_proc_aclcheck(transfn_oid,aggOwner,`
	`1279`	`+ACL_EXECUTE);`
	`1280`	`+if (aclresult!=ACLCHECK_OK)`
	`1281`	`+aclcheck_error(aclresult,ACL_KIND_PROC,`
	`1282`	`+get_func_name(transfn_oid));`
	`1283`	`+if (OidIsValid(finalfn_oid))`
	`1284`	`+{`
	`1285`	`+aclresult=pg_proc_aclcheck(finalfn_oid,aggOwner,`
	`1286`	`+ACL_EXECUTE);`
	`1287`	`+if (aclresult!=ACLCHECK_OK)`
	`1288`	`+aclcheck_error(aclresult,ACL_KIND_PROC,`
	`1289`	`+get_func_name(finalfn_oid));`
	`1290`	`+}`
	`1291`	`+}`
	`1292`	`+`
`1263`	`1293`	`/* resolve actual type of transition state, if polymorphic */`
`1264`	`1294`	`aggtranstype=aggform->aggtranstype;`
`1265`	`1295`	`if (aggtranstype==ANYARRAYOID\|\|aggtranstype==ANYELEMENTOID)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit5ae5e3b

File tree

2 files changed

2 files changed

`‎src/backend/catalog/pg_aggregate.c‎`

`‎src/backend/executor/nodeAgg.c‎`

0 commit comments