mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent ALTER USER f RESET ALL from removing the settings that were put there

Browse Source 
by a superuser -- "ALTER USER f RESET setting" already disallows removing such a
setting.

Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database
owner that's not superuser.
This commit is contained in:
Alvaro Herrera 2010-03-25 14:44:34 +00:00
parent 92fc0db99f
commit be8cebc717
4 changed files with 124 additions and 13 deletions
doc/src/sgml
catalogs.sgml
src
backend
catalog
pg_db_role_setting.c
utils/misc
guc.c
include/utils
guc.h

8
doc/src/sgml/catalogs.sgml

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/catalogs.sgml,v 2.223 2010/02/17 04:19:37 tgl Exp $ --> <!-- $PostgreSQL: pgsql/doc/src/sgml/catalogs.sgml,v 2.224 2010/03/25 14:44:33 alvherre Exp $ -->
<!-- <!--
Documentation of the system catalogs, directed toward PostgreSQL developers Documentation of the system catalogs, directed toward PostgreSQL developers
--> -->
@ -1188,12 +1188,6 @@
<entry>Password expiry time (only used for password authentication); <entry>Password expiry time (only used for password authentication);
NULL if no expiration</entry> NULL if no expiration</entry>
</row> </row>
<row>
<entry><structfield>rolconfig</structfield></entry>
<entry><type>text[]</type></entry>
<entry>Session defaults for run-time configuration variables</entry>
</row>
</tbody> </tbody>
</tgroup> </tgroup>
</table> </table>

39
src/backend/catalog/pg_db_role_setting.c

@ -6,7 +6,7 @@
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/catalog/pg_db_role_setting.c,v 1.3 2010/02/26 02:00:37 momjian Exp $ * $PostgreSQL: pgsql/src/backend/catalog/pg_db_role_setting.c,v 1.4 2010/03/25 14:44:33 alvherre Exp $
*/ */
#include "postgres.h" #include "postgres.h"
@ -49,7 +49,8 @@ AlterSetting(Oid databaseid, Oid roleid, VariableSetStmt *setstmt)
/* /*
* There are three cases: * There are three cases:
* *
* - in RESET ALL, simply delete the pg_db_role_setting tuple (if any) * - in RESET ALL, request GUC to reset the settings array and update the
* catalog if there's anything left, delete it otherwise
* *
* - in other commands, if there's a tuple in pg_db_role_setting, update * - in other commands, if there's a tuple in pg_db_role_setting, update
* it; if it ends up empty, delete it * it; if it ends up empty, delete it
@ -60,8 +61,42 @@ AlterSetting(Oid databaseid, Oid roleid, VariableSetStmt *setstmt)
if (setstmt->kind == VAR_RESET_ALL) if (setstmt->kind == VAR_RESET_ALL)
{ {
if (HeapTupleIsValid(tuple)) if (HeapTupleIsValid(tuple))
{
ArrayType *new = NULL;
Datum datum;
bool isnull;
datum = heap_getattr(tuple, Anum_pg_db_role_setting_setconfig,
RelationGetDescr(rel), &isnull);
if (!isnull)
new = GUCArrayReset(DatumGetArrayTypeP(datum));
if (new)
{
Datum repl_val[Natts_pg_db_role_setting];
bool repl_null[Natts_pg_db_role_setting];
bool repl_repl[Natts_pg_db_role_setting];
HeapTuple newtuple;
memset(repl_repl, false, sizeof(repl_repl));
repl_val[Anum_pg_db_role_setting_setconfig - 1] =
PointerGetDatum(new);
repl_repl[Anum_pg_db_role_setting_setconfig - 1] = true;
repl_null[Anum_pg_db_role_setting_setconfig - 1] = false;
newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel),
repl_val, repl_null, repl_repl);
simple_heap_update(rel, &tuple->t_self, newtuple);
/* Update indexes */
CatalogUpdateIndexes(rel, newtuple);
}
else
simple_heap_delete(rel, &tuple->t_self); simple_heap_delete(rel, &tuple->t_self);
} }
}
else if (HeapTupleIsValid(tuple)) else if (HeapTupleIsValid(tuple))
{ {
Datum repl_val[Natts_pg_db_role_setting]; Datum repl_val[Natts_pg_db_role_setting];

85
src/backend/utils/misc/guc.c

@ -10,7 +10,7 @@
* Written by Peter Eisentraut <peter_e@gmx.net>. * Written by Peter Eisentraut <peter_e@gmx.net>.
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.544 2010/03/21 00:17:59 petere Exp $ * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.545 2010/03/25 14:44:33 alvherre Exp $
* *
*-------------------------------------------------------------------- *--------------------------------------------------------------------
*/ */
@ -7099,7 +7099,7 @@ ParseLongOption(const char *string, char **name, char **value)
/* /*
* Handle options fetched from pg_database.datconfig, pg_authid.rolconfig, * Handle options fetched from pg_db_role_setting.setconfig,
* pg_proc.proconfig, etc. Caller must specify proper context/source/action. * pg_proc.proconfig, etc. Caller must specify proper context/source/action.
* *
* The array parameter must be an array of TEXT (it must not be NULL). * The array parameter must be an array of TEXT (it must not be NULL).
@ -7151,6 +7151,7 @@ ProcessGUCArray(ArrayType *array,
free(name); free(name);
if (value) if (value)
free(value); free(value);
pfree(s);
} }
} }
@ -7285,6 +7286,7 @@ GUCArrayDelete(ArrayType *array, const char *name)
&& val[strlen(name)] == '=') && val[strlen(name)] == '=')
continue; continue;
/* else add it to the output array */ /* else add it to the output array */
if (newarray) if (newarray)
{ {
@ -7307,6 +7309,85 @@ GUCArrayDelete(ArrayType *array, const char *name)
return newarray; return newarray;
} }
/*
* Given a GUC array, delete all settings from it that our permission
* level allows: if superuser, delete them all; if regular user, only
* those that are PGC_USERSET
*/
ArrayType *
GUCArrayReset(ArrayType *array)
{
ArrayType *newarray;
int i;
int index;
/* if array is currently null, nothing to do */
if (!array)
return NULL;
/* if we're superuser, we can delete everything */
if (superuser())
return NULL;
newarray = NULL;
index = 1;
for (i = 1; i <= ARR_DIMS(array)[0]; i++)
{
Datum d;
char *val;
char *eqsgn;
bool isnull;
struct config_generic *gconf;
d = array_ref(array, 1, &i,
-1 /* varlenarray */ ,
-1 /* TEXT's typlen */ ,
false /* TEXT's typbyval */ ,
'i' /* TEXT's typalign */ ,
&isnull);
if (isnull)
continue;
val = TextDatumGetCString(d);
eqsgn = strchr(val, '=');
*eqsgn = '\0';
gconf = find_option(val, false, WARNING);
if (!gconf)
continue;
/* note: superuser-ness was already checked above */
/* skip entry if OK to delete */
if (gconf->context == PGC_USERSET)
continue;
/* XXX do we need to worry about database owner? */
/* else add it to the output array */
if (newarray)
{
newarray = array_set(newarray, 1, &index,
d,
false,
-1 /* varlenarray */ ,
-1 /* TEXT's typlen */ ,
false /* TEXT's typbyval */ ,
'i' /* TEXT's typalign */ );
}
else
newarray = construct_array(&d, 1,
TEXTOID,
-1, false, 'i');
index++;
pfree(val);
}
return newarray;
}
/* /*
* assign_hook and show_hook subroutines * assign_hook and show_hook subroutines

3
src/include/utils/guc.h

@ -7,7 +7,7 @@
* Copyright (c) 2000-2010, PostgreSQL Global Development Group * Copyright (c) 2000-2010, PostgreSQL Global Development Group
* Written by Peter Eisentraut <peter_e@gmx.net>. * Written by Peter Eisentraut <peter_e@gmx.net>.
* *
* $PostgreSQL: pgsql/src/include/utils/guc.h,v 1.112 2010/01/26 16:33:40 tgl Exp $ * $PostgreSQL: pgsql/src/include/utils/guc.h,v 1.113 2010/03/25 14:44:34 alvherre Exp $
*-------------------------------------------------------------------- *--------------------------------------------------------------------
*/ */
#ifndef GUC_H #ifndef GUC_H
@ -284,6 +284,7 @@ extern void ProcessGUCArray(ArrayType *array,
GucContext context, GucSource source, GucAction action); GucContext context, GucSource source, GucAction action);
extern ArrayType *GUCArrayAdd(ArrayType *array, const char *name, const char *value); extern ArrayType *GUCArrayAdd(ArrayType *array, const char *name, const char *value);
extern ArrayType *GUCArrayDelete(ArrayType *array, const char *name); extern ArrayType *GUCArrayDelete(ArrayType *array, const char *name);
extern ArrayType *GUCArrayReset(ArrayType *array);
extern int GUC_complaint_elevel(GucSource source); extern int GUC_complaint_elevel(GucSource source);