Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit84f910a

Browse files
committed
Additional fixes for large object access control.
Use pg_largeobject_metadata.oid instead of pg_largeobject.loidto enumerate existing large objects in pg_dump, pg_restore, andcontrib modules.
1 parent0182d6f commit84f910a

File tree

9 files changed

+56
-16
lines changed

9 files changed

+56
-16
lines changed

‎contrib/lo/lo_test.sql‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $PostgreSQL: pgsql/contrib/lo/lo_test.sql,v 1.5 2007/11/13 04:24:28 momjian Exp $*/
1+
/* $PostgreSQL: pgsql/contrib/lo/lo_test.sql,v 1.6 2009/12/14 00:39:10 itagaki Exp $*/
22

33
-- Adjust this setting to control where the objects get created.
44
SET search_path= public;
@@ -12,7 +12,7 @@ SET search_path = public;
1212
--
1313

1414
-- Check what is in pg_largeobject
15-
SELECTcount(DISTINCT loid)FROMpg_largeobject;
15+
SELECTcount(oid)FROMpg_largeobject_metadata;
1616

1717
-- ignore any errors here - simply drop the table if it already exists
1818
DROPTABLE a;
@@ -74,6 +74,6 @@ DELETE FROM a;
7474
DROPTABLE a;
7575

7676
-- Check what is in pg_largeobject ... if different from original, trouble
77-
SELECTcount(DISTINCT loid)FROMpg_largeobject;
77+
SELECTcount(oid)FROMpg_largeobject_metadata;
7878

7979
-- end of tests

‎contrib/vacuumlo/vacuumlo.c‎

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/contrib/vacuumlo/vacuumlo.c,v 1.42 2009/07/13 22:56:30 momjian Exp $
11+
* $PostgreSQL: pgsql/contrib/vacuumlo/vacuumlo.c,v 1.43 2009/12/14 00:39:10 itagaki Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -142,7 +142,10 @@ vacuumlo(char *database, struct _param * param)
142142
*/
143143
buf[0]='\0';
144144
strcat(buf,"CREATE TEMP TABLE vacuum_l AS ");
145-
strcat(buf,"SELECT DISTINCT loid AS lo FROM pg_largeobject ");
145+
if (PQserverVersion(conn) >=80500)
146+
strcat(buf,"SELECT oid AS lo FROM pg_largeobject_metadata");
147+
else
148+
strcat(buf,"SELECT DISTINCT loid AS lo FROM pg_largeobject");
146149
res=PQexec(conn,buf);
147150
if (PQresultStatus(res)!=PGRES_COMMAND_OK)
148151
{

‎src/bin/pg_dump/pg_backup_archiver.c‎

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
*
1616
*
1717
* IDENTIFICATION
18-
*$PostgreSQL: pgsql/src/bin/pg_dump/pg_backup_archiver.c,v 1.176 2009/10/05 19:24:45 tgl Exp $
18+
*$PostgreSQL: pgsql/src/bin/pg_dump/pg_backup_archiver.c,v 1.177 2009/12/14 00:39:10 itagaki Exp $
1919
*
2020
*-------------------------------------------------------------------------
2121
*/
@@ -914,8 +914,7 @@ StartRestoreBlob(ArchiveHandle *AH, Oid oid, bool drop)
914914
ahlog(AH,2,"restoring large object with OID %u\n",oid);
915915

916916
if (drop)
917-
ahprintf(AH,"SELECT CASE WHEN EXISTS(SELECT 1 FROM pg_catalog.pg_largeobject WHERE loid = '%u') THEN pg_catalog.lo_unlink('%u') END;\n",
918-
oid,oid);
917+
DropBlobIfExists(AH,oid);
919918

920919
if (AH->connection)
921920
{

‎src/bin/pg_dump/pg_backup_archiver.h‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
*
1818
*
1919
* IDENTIFICATION
20-
*$PostgreSQL: pgsql/src/bin/pg_dump/pg_backup_archiver.h,v 1.82 2009/08/07 22:48:34 tgl Exp $
20+
*$PostgreSQL: pgsql/src/bin/pg_dump/pg_backup_archiver.h,v 1.83 2009/12/14 00:39:11 itagaki Exp $
2121
*
2222
*-------------------------------------------------------------------------
2323
*/
@@ -371,6 +371,7 @@ extern void InitArchiveFmt_Tar(ArchiveHandle *AH);
371371
externboolisValidTarHeader(char*header);
372372

373373
externintReconnectToServer(ArchiveHandle*AH,constchar*dbname,constchar*newUser);
374+
externvoidDropBlobIfExists(ArchiveHandle*AH,Oidoid);
374375

375376
intahwrite(constvoid*ptr,size_tsize,size_tnmemb,ArchiveHandle*AH);
376377
intahprintf(ArchiveHandle*AH,constchar*fmt,...) __attribute__((format(printf,2,3)));

‎src/bin/pg_dump/pg_backup_db.c‎

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
*Implements the basic DB functions used by the archiver.
66
*
77
* IDENTIFICATION
8-
* $PostgreSQL: pgsql/src/bin/pg_dump/pg_backup_db.c,v 1.84 2009/06/11 14:49:07 momjian Exp $
8+
* $PostgreSQL: pgsql/src/bin/pg_dump/pg_backup_db.c,v 1.85 2009/12/14 00:39:11 itagaki Exp $
99
*
1010
*-------------------------------------------------------------------------
1111
*/
@@ -652,6 +652,23 @@ CommitTransaction(ArchiveHandle *AH)
652652
ExecuteSqlCommand(AH,"COMMIT","could not commit database transaction");
653653
}
654654

655+
void
656+
DropBlobIfExists(ArchiveHandle*AH,Oidoid)
657+
{
658+
/* Call lo_unlink only if exists to avoid not-found error. */
659+
if (PQserverVersion(AH->connection) >=80500)
660+
{
661+
ahprintf(AH,"SELECT pg_catalog.lo_unlink(oid) "
662+
"FROM pg_catalog.pg_largeobject_metadata "
663+
"WHERE oid = %u;\n",oid);
664+
}
665+
else
666+
{
667+
ahprintf(AH,"SELECT CASE WHEN EXISTS(SELECT 1 FROM pg_catalog.pg_largeobject WHERE loid = '%u') THEN pg_catalog.lo_unlink('%u') END;\n",
668+
oid,oid);
669+
}
670+
}
671+
655672
staticbool
656673
_isIdentChar(unsignedcharc)
657674
{

‎src/bin/pg_dump/pg_backup_null.c‎

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
*
1818
*
1919
* IDENTIFICATION
20-
*$PostgreSQL: pgsql/src/bin/pg_dump/pg_backup_null.c,v 1.22 2009/08/04 21:56:09 tgl Exp $
20+
*$PostgreSQL: pgsql/src/bin/pg_dump/pg_backup_null.c,v 1.23 2009/12/14 00:39:11 itagaki Exp $
2121
*
2222
*-------------------------------------------------------------------------
2323
*/
@@ -151,8 +151,7 @@ _StartBlob(ArchiveHandle *AH, TocEntry *te, Oid oid)
151151
die_horribly(AH,NULL,"invalid OID for large object\n");
152152

153153
if (AH->ropt->dropSchema)
154-
ahprintf(AH,"SELECT CASE WHEN EXISTS(SELECT 1 FROM pg_catalog.pg_largeobject WHERE loid = '%u') THEN pg_catalog.lo_unlink('%u') END;\n",
155-
oid,oid);
154+
DropBlobIfExists(AH,oid);
156155

157156
ahprintf(AH,"SELECT pg_catalog.lo_open(pg_catalog.lo_create('%u'), %d);\n",
158157
oid,INV_WRITE);

‎src/bin/pg_dump/pg_dump.c‎

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
*by PostgreSQL
1313
*
1414
* IDENTIFICATION
15-
* $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.555 2009/12/11 03:34:56 itagaki Exp $
15+
* $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.556 2009/12/14 00:39:11 itagaki Exp $
1616
*
1717
*-------------------------------------------------------------------------
1818
*/
@@ -1945,7 +1945,9 @@ hasBlobs(Archive *AH)
19451945
selectSourceSchema("pg_catalog");
19461946

19471947
/* Check for BLOB OIDs */
1948-
if (AH->remoteVersion >=70100)
1948+
if (AH->remoteVersion >=80500)
1949+
blobQry="SELECT oid FROM pg_largeobject_metadata LIMIT 1";
1950+
elseif (AH->remoteVersion >=70100)
19491951
blobQry="SELECT loid FROM pg_largeobject LIMIT 1";
19501952
else
19511953
blobQry="SELECT oid FROM pg_class WHERE relkind = 'l' LIMIT 1";
@@ -1981,7 +1983,9 @@ dumpBlobs(Archive *AH, void *arg)
19811983
selectSourceSchema("pg_catalog");
19821984

19831985
/* Cursor to get all BLOB OIDs */
1984-
if (AH->remoteVersion >=70100)
1986+
if (AH->remoteVersion >=80500)
1987+
blobQry="DECLARE bloboid CURSOR FOR SELECT oid FROM pg_largeobject_metadata";
1988+
elseif (AH->remoteVersion >=70100)
19851989
blobQry="DECLARE bloboid CURSOR FOR SELECT DISTINCT loid FROM pg_largeobject";
19861990
else
19871991
blobQry="DECLARE bloboid CURSOR FOR SELECT oid FROM pg_class WHERE relkind = 'l'";

‎src/test/regress/expected/privileges.out‎

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1041,6 +1041,16 @@ SELECT lo_unlink(1002);
10411041
SELECT lo_export(1001, '/dev/null');-- to be denied
10421042
ERROR: must be superuser to use server-side lo_export()
10431043
HINT: Anyone can use the client-side lo_export() provided by libpq.
1044+
-- don't allow unpriv users to access pg_largeobject contents
1045+
\c -
1046+
SELECT * FROM pg_largeobject LIMIT 0;
1047+
loid | pageno | data
1048+
------+--------+------
1049+
(0 rows)
1050+
1051+
SET SESSION AUTHORIZATION regressuser1;
1052+
SELECT * FROM pg_largeobject LIMIT 0;-- to be denied
1053+
ERROR: permission denied for relation pg_largeobject
10441054
-- test default ACLs
10451055
\c -
10461056
CREATE SCHEMA testns;

‎src/test/regress/sql/privileges.sql‎

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -565,6 +565,13 @@ SELECT lo_truncate(lo_open(1002, x'20000'::int), 10);
565565
SELECT lo_unlink(1002);
566566
SELECT lo_export(1001,'/dev/null');-- to be denied
567567

568+
-- don't allow unpriv users to access pg_largeobject contents
569+
\c-
570+
SELECT*FROM pg_largeobjectLIMIT0;
571+
572+
SET SESSION AUTHORIZATION regressuser1;
573+
SELECT*FROM pg_largeobjectLIMIT0;-- to be denied
574+
568575
-- test default ACLs
569576
\c-
570577

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp