Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc4cf7fb

Browse files
committed
Adjust 'permission denied' messages to be more useful and consistent.
1 parenta063d4b commitc4cf7fb

38 files changed

+377
-243
lines changed

‎src/backend/catalog/aclchk.c‎

Lines changed: 62 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.84 2003/07/21 01:59:07 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.85 2003/08/01 00:15:19 tgl Exp $
1212
*
1313
* NOTES
1414
* See acl.h.
@@ -223,7 +223,7 @@ ExecuteGrantStmt_Relation(GrantStmt *stmt)
223223
if (stmt->is_grant
224224
&& !pg_class_ownercheck(relOid,GetUserId())
225225
&&pg_class_aclcheck(relOid,GetUserId(),ACL_GRANT_OPTION_FOR(privileges))!=ACLCHECK_OK)
226-
aclcheck_error(ACLCHECK_NO_PRIV,relvar->relname);
226+
aclcheck_error(ACLCHECK_NO_PRIV,ACL_KIND_CLASS,relvar->relname);
227227

228228
/* Not sensible to grant on an index */
229229
if (pg_class_tuple->relkind==RELKIND_INDEX)
@@ -329,7 +329,8 @@ ExecuteGrantStmt_Database(GrantStmt *stmt)
329329
if (stmt->is_grant
330330
&&pg_database_tuple->datdba!=GetUserId()
331331
&&pg_database_aclcheck(HeapTupleGetOid(tuple),GetUserId(),ACL_GRANT_OPTION_FOR(privileges))!=ACLCHECK_OK)
332-
aclcheck_error(ACLCHECK_NO_PRIV,NameStr(pg_database_tuple->datname));
332+
aclcheck_error(ACLCHECK_NO_PRIV,ACL_KIND_DATABASE,
333+
NameStr(pg_database_tuple->datname));
333334

334335
/*
335336
* If there's no ACL, create a default.
@@ -424,7 +425,7 @@ ExecuteGrantStmt_Function(GrantStmt *stmt)
424425
if (stmt->is_grant
425426
&& !pg_proc_ownercheck(oid,GetUserId())
426427
&&pg_proc_aclcheck(oid,GetUserId(),ACL_GRANT_OPTION_FOR(privileges))!=ACLCHECK_OK)
427-
aclcheck_error(ACLCHECK_NO_PRIV,
428+
aclcheck_error(ACLCHECK_NO_PRIV,ACL_KIND_PROC,
428429
NameStr(pg_proc_tuple->proname));
429430

430431
/*
@@ -525,7 +526,8 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
525526
if (stmt->is_grant
526527
&& !superuser()
527528
&&pg_language_aclcheck(HeapTupleGetOid(tuple),GetUserId(),ACL_GRANT_OPTION_FOR(privileges))!=ACLCHECK_OK)
528-
aclcheck_error(ACLCHECK_NO_PRIV,NameStr(pg_language_tuple->lanname));
529+
aclcheck_error(ACLCHECK_NO_PRIV,ACL_KIND_LANGUAGE,
530+
NameStr(pg_language_tuple->lanname));
529531

530532
/*
531533
* If there's no ACL, create a default.
@@ -619,7 +621,8 @@ ExecuteGrantStmt_Namespace(GrantStmt *stmt)
619621
if (stmt->is_grant
620622
&& !pg_namespace_ownercheck(HeapTupleGetOid(tuple),GetUserId())
621623
&&pg_namespace_aclcheck(HeapTupleGetOid(tuple),GetUserId(),ACL_GRANT_OPTION_FOR(privileges))!=ACLCHECK_OK)
622-
aclcheck_error(ACLCHECK_NO_PRIV,nspname);
624+
aclcheck_error(ACLCHECK_NO_PRIV,ACL_KIND_NAMESPACE,
625+
nspname);
623626

624627
/*
625628
* If there's no ACL, create a default using the
@@ -848,9 +851,59 @@ aclcheck(Acl *acl, AclId userid, AclMode mode)
848851

849852
/*
850853
* Standardized reporting of aclcheck permissions failures.
854+
*
855+
* Note: we do not double-quote the %s's below, because many callers
856+
* supply strings that might be already quoted.
851857
*/
858+
859+
staticconstchar*constno_priv_msg[MAX_ACL_KIND]=
860+
{
861+
/* ACL_KIND_CLASS */
862+
gettext_noop("permission denied for relation %s"),
863+
/* ACL_KIND_DATABASE */
864+
gettext_noop("permission denied for database %s"),
865+
/* ACL_KIND_PROC */
866+
gettext_noop("permission denied for function %s"),
867+
/* ACL_KIND_OPER */
868+
gettext_noop("permission denied for operator %s"),
869+
/* ACL_KIND_TYPE */
870+
gettext_noop("permission denied for type %s"),
871+
/* ACL_KIND_LANGUAGE */
872+
gettext_noop("permission denied for language %s"),
873+
/* ACL_KIND_NAMESPACE */
874+
gettext_noop("permission denied for schema %s"),
875+
/* ACL_KIND_OPCLASS */
876+
gettext_noop("permission denied for operator class %s"),
877+
/* ACL_KIND_CONVERSION */
878+
gettext_noop("permission denied for conversion %s")
879+
};
880+
881+
staticconstchar*constnot_owner_msg[MAX_ACL_KIND]=
882+
{
883+
/* ACL_KIND_CLASS */
884+
gettext_noop("must be owner of relation %s"),
885+
/* ACL_KIND_DATABASE */
886+
gettext_noop("must be owner of database %s"),
887+
/* ACL_KIND_PROC */
888+
gettext_noop("must be owner of function %s"),
889+
/* ACL_KIND_OPER */
890+
gettext_noop("must be owner of operator %s"),
891+
/* ACL_KIND_TYPE */
892+
gettext_noop("must be owner of type %s"),
893+
/* ACL_KIND_LANGUAGE */
894+
gettext_noop("must be owner of language %s"),
895+
/* ACL_KIND_NAMESPACE */
896+
gettext_noop("must be owner of schema %s"),
897+
/* ACL_KIND_OPCLASS */
898+
gettext_noop("must be owner of operator class %s"),
899+
/* ACL_KIND_CONVERSION */
900+
gettext_noop("must be owner of conversion %s")
901+
};
902+
903+
852904
void
853-
aclcheck_error(AclResultaclerr,constchar*objectname)
905+
aclcheck_error(AclResultaclerr,AclObjectKindobjectkind,
906+
constchar*objectname)
854907
{
855908
switch (aclerr)
856909
{
@@ -860,12 +913,12 @@ aclcheck_error(AclResult aclerr, const char *objectname)
860913
caseACLCHECK_NO_PRIV:
861914
ereport(ERROR,
862915
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
863-
errmsg("permission denied for \"%s\"",objectname)));
916+
errmsg(no_priv_msg[objectkind],objectname)));
864917
break;
865918
caseACLCHECK_NOT_OWNER:
866919
ereport(ERROR,
867920
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
868-
errmsg("must be owner of \"%s\"",objectname)));
921+
errmsg(not_owner_msg[objectkind],objectname)));
869922
break;
870923
default:
871924
elog(ERROR,"unrecognized AclResult: %d", (int)aclerr);

‎src/backend/catalog/namespace.c‎

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
* Portions Copyright (c) 1994, Regents of the University of California
1414
*
1515
* IDENTIFICATION
16-
* $Header: /cvsroot/pgsql/src/backend/catalog/namespace.c,v 1.54 2003/07/21 01:59:09 tgl Exp $
16+
* $Header: /cvsroot/pgsql/src/backend/catalog/namespace.c,v 1.55 2003/08/01 00:15:19 tgl Exp $
1717
*
1818
*-------------------------------------------------------------------------
1919
*/
@@ -1201,7 +1201,8 @@ LookupExplicitNamespace(const char *nspname)
12011201

12021202
aclresult=pg_namespace_aclcheck(namespaceId,GetUserId(),ACL_USAGE);
12031203
if (aclresult!=ACLCHECK_OK)
1204-
aclcheck_error(aclresult,nspname);
1204+
aclcheck_error(aclresult,ACL_KIND_NAMESPACE,
1205+
nspname);
12051206

12061207
returnnamespaceId;
12071208
}
@@ -1624,7 +1625,7 @@ InitTempTableNamespace(void)
16241625
ACL_CREATE_TEMP)!=ACLCHECK_OK)
16251626
ereport(ERROR,
16261627
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1627-
errmsg("not authorized to create temp tables in database \"%s\"",
1628+
errmsg("permission denied to create temp tables in database \"%s\"",
16281629
get_database_name(MyDatabaseId))));
16291630

16301631
snprintf(namespaceName,sizeof(namespaceName),"pg_temp_%d",MyBackendId);

‎src/backend/catalog/pg_conversion.c‎

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/catalog/pg_conversion.c,v 1.12 2003/07/28 00:09:14 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/catalog/pg_conversion.c,v 1.13 2003/08/01 00:15:19 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -146,9 +146,8 @@ ConversionDrop(Oid conversionOid, DropBehavior behavior)
146146

147147
if (!superuser()&&
148148
((Form_pg_conversion)GETSTRUCT(tuple))->conowner!=GetUserId())
149-
ereport(ERROR,
150-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
151-
errmsg("permission denied")));
149+
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_CONVERSION,
150+
NameStr(((Form_pg_conversion)GETSTRUCT(tuple))->conname));
152151

153152
ReleaseSysCache(tuple);
154153

‎src/backend/catalog/pg_operator.c‎

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/catalog/pg_operator.c,v 1.80 2003/07/21 01:59:11 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/catalog/pg_operator.c,v 1.81 2003/08/01 00:15:19 tgl Exp $
1212
*
1313
* NOTES
1414
* these routines moved here from commands/define.c and somewhat cleaned up.
@@ -732,7 +732,8 @@ get_other_operator(List *otherOp, Oid otherLeftTypeId, Oid otherRightTypeId,
732732
aclresult=pg_namespace_aclcheck(otherNamespace,GetUserId(),
733733
ACL_CREATE);
734734
if (aclresult!=ACLCHECK_OK)
735-
aclcheck_error(aclresult,get_namespace_name(otherNamespace));
735+
aclcheck_error(aclresult,ACL_KIND_NAMESPACE,
736+
get_namespace_name(otherNamespace));
736737

737738
other_oid=OperatorShellMake(otherName,
738739
otherNamespace,

‎src/backend/catalog/pg_proc.c‎

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/catalog/pg_proc.c,v 1.101 2003/07/21 01:59:11 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/catalog/pg_proc.c,v 1.102 2003/08/01 00:15:19 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -27,6 +27,7 @@
2727
#include"parser/parse_expr.h"
2828
#include"parser/parse_type.h"
2929
#include"tcop/tcopprot.h"
30+
#include"utils/acl.h"
3031
#include"utils/builtins.h"
3132
#include"utils/lsyscache.h"
3233
#include"utils/sets.h"
@@ -219,10 +220,8 @@ ProcedureCreate(const char *procedureName,
219220
errmsg("function \"%s\" already exists with same argument types",
220221
procedureName)));
221222
if (GetUserId()!=oldproc->proowner&& !superuser())
222-
ereport(ERROR,
223-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
224-
errmsg("you do not have permission to replace function \"%s\"",
225-
procedureName)));
223+
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_PROC,
224+
procedureName);
226225

227226
/*
228227
* Not okay to change the return type of the existing proc, since

‎src/backend/commands/aggregatecmds.c‎

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
*
1010
*
1111
* IDENTIFICATION
12-
* $Header: /cvsroot/pgsql/src/backend/commands/aggregatecmds.c,v 1.11 2003/07/20 21:56:32 tgl Exp $
12+
* $Header: /cvsroot/pgsql/src/backend/commands/aggregatecmds.c,v 1.12 2003/08/01 00:15:19 tgl Exp $
1313
*
1414
* DESCRIPTION
1515
* The "DefineFoo" routines take the parse tree and pick out the
@@ -64,7 +64,8 @@ DefineAggregate(List *names, List *parameters)
6464
/* Check we have creation rights in target namespace */
6565
aclresult=pg_namespace_aclcheck(aggNamespace,GetUserId(),ACL_CREATE);
6666
if (aclresult!=ACLCHECK_OK)
67-
aclcheck_error(aclresult,get_namespace_name(aggNamespace));
67+
aclcheck_error(aclresult,ACL_KIND_NAMESPACE,
68+
get_namespace_name(aggNamespace));
6869

6970
foreach(pl,parameters)
7071
{
@@ -191,7 +192,8 @@ RemoveAggregate(RemoveAggrStmt *stmt)
191192
if (!pg_proc_ownercheck(procOid,GetUserId())&&
192193
!pg_namespace_ownercheck(((Form_pg_proc)GETSTRUCT(tup))->pronamespace,
193194
GetUserId()))
194-
aclcheck_error(ACLCHECK_NOT_OWNER,NameListToString(aggName));
195+
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_PROC,
196+
NameListToString(aggName));
195197

196198
/* find_aggregate_func already checked it is an aggregate */
197199

@@ -269,12 +271,14 @@ RenameAggregate(List *name, TypeName *basetype, const char *newname)
269271

270272
/* must be owner */
271273
if (!pg_proc_ownercheck(procOid,GetUserId()))
272-
aclcheck_error(ACLCHECK_NOT_OWNER,NameListToString(name));
274+
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_PROC,
275+
NameListToString(name));
273276

274277
/* must have CREATE privilege on namespace */
275278
aclresult=pg_namespace_aclcheck(namespaceOid,GetUserId(),ACL_CREATE);
276279
if (aclresult!=ACLCHECK_OK)
277-
aclcheck_error(aclresult,get_namespace_name(namespaceOid));
280+
aclcheck_error(aclresult,ACL_KIND_NAMESPACE,
281+
get_namespace_name(namespaceOid));
278282

279283
/* rename */
280284
namestrcpy(&(((Form_pg_proc)GETSTRUCT(tup))->proname),newname);

‎src/backend/commands/alter.c‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/commands/alter.c,v 1.3 2003/07/22 19:00:07 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/commands/alter.c,v 1.4 2003/08/0100:15:19 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -102,7 +102,7 @@ ExecRenameStmt(RenameStmt *stmt)
102102
GetUserId(),
103103
ACL_CREATE);
104104
if (aclresult!=ACLCHECK_OK)
105-
aclcheck_error(aclresult,
105+
aclcheck_error(aclresult,ACL_KIND_NAMESPACE,
106106
get_namespace_name(namespaceId));
107107

108108
renamerel(relid,stmt->newname);

‎src/backend/commands/cluster.c‎

Lines changed: 7 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $Header: /cvsroot/pgsql/src/backend/commands/cluster.c,v 1.111 2003/07/20 21:56:32 tgl Exp $
14+
* $Header: /cvsroot/pgsql/src/backend/commands/cluster.c,v 1.112 2003/08/01 00:15:19 tgl Exp $
1515
*
1616
*-------------------------------------------------------------------------
1717
*/
@@ -69,7 +69,6 @@ static void copy_heap_data(Oid OIDNewHeap, Oid OIDOldHeap, Oid OIDOldIndex);
6969
staticList*get_indexattr_list(RelationOldHeap,OidOldIndex);
7070
staticvoidrebuild_indexes(OidOIDOldHeap,List*indexes);
7171
staticvoidswap_relfilenodes(Oidr1,Oidr2);
72-
staticboolcheck_cluster_permitted(OidrelOid);
7372
staticList*get_tables_to_cluster(MemoryContextcluster_context);
7473

7574

@@ -115,10 +114,9 @@ cluster(ClusterStmt *stmt)
115114
tableOid=RelationGetRelid(rel);
116115

117116
/* Check permissions */
118-
if (!check_cluster_permitted(tableOid))
119-
ereport(ERROR,
120-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
121-
errmsg("permission denied")));
117+
if (!pg_class_ownercheck(tableOid,GetUserId()))
118+
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_CLASS,
119+
RelationGetRelationName(rel));
122120

123121
if (stmt->indexname==NULL)
124122
{
@@ -279,7 +277,7 @@ cluster_rel(RelToCluster *rvtc, bool recheck)
279277
return;
280278

281279
/* Check that the user still owns the relation */
282-
if (!check_cluster_permitted(rvtc->tableOid))
280+
if (!pg_class_ownercheck(rvtc->tableOid,GetUserId()))
283281
return;
284282

285283
/*
@@ -850,17 +848,6 @@ swap_relfilenodes(Oid r1, Oid r2)
850848
heap_close(relRelation,RowExclusiveLock);
851849
}
852850

853-
/*
854-
* Checks if the user is allowed to cluster (ie, owns) the relation.
855-
* Superusers are allowed to cluster any table.
856-
*/
857-
staticbool
858-
check_cluster_permitted(OidrelOid)
859-
{
860-
/* Superusers bypass this check */
861-
returnpg_class_ownercheck(relOid,GetUserId());
862-
}
863-
864851
/*
865852
* Get a list of tables that the current user owns and
866853
* have indisclustered set. Return the list in a List * of rvsToCluster
@@ -894,7 +881,8 @@ get_tables_to_cluster(MemoryContext cluster_context)
894881
while ((indexTuple=heap_getnext(scan,ForwardScanDirection))!=NULL)
895882
{
896883
index= (Form_pg_index)GETSTRUCT(indexTuple);
897-
if (!check_cluster_permitted(index->indrelid))
884+
885+
if (!pg_class_ownercheck(index->indrelid,GetUserId()))
898886
continue;
899887

900888
/*

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp