Fix permission checking for temp-table namespace.
This commit is contained in:
Tom Lane
parent
dfef56a92f
commit
c1003339d6
@ -8,7 +8,7 @@
|
|||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.73 2002/08/05 03:29:16 tgl Exp $
|
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.74 2002/08/07 21:45:01 tgl Exp $
|
||||||
*
|
*
|
||||||
* NOTES
|
* NOTES
|
||||||
* See acl.h.
|
* See acl.h.
|
||||||
@ -1163,6 +1163,13 @@ pg_namespace_aclcheck(Oid nsp_oid, Oid userid, AclMode mode)
|
|||||||
bool isNull;
|
bool isNull;
|
||||||
Acl *acl;
|
Acl *acl;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If we have been assigned this namespace as a temp namespace,
|
||||||
|
* assume we have all grantable privileges on it.
|
||||||
|
*/
|
||||||
|
if (isTempNamespace(nsp_oid))
|
||||||
|
return ACLCHECK_OK;
|
||||||
|
|
||||||
/* Superusers bypass all permission checking. */
|
/* Superusers bypass all permission checking. */
|
||||||
if (superuser_arg(userid))
|
if (superuser_arg(userid))
|
||||||
return ACLCHECK_OK;
|
return ACLCHECK_OK;
|
||||||
|
|||||||
@ -8,7 +8,7 @@
|
|||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.80 2002/08/02 18:15:06 tgl Exp $
|
* $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.81 2002/08/07 21:45:01 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
@ -119,9 +119,9 @@ DefineIndex(RangeVar *heapRelation,
|
|||||||
* Verify we (still) have CREATE rights in the rel's namespace.
|
* Verify we (still) have CREATE rights in the rel's namespace.
|
||||||
* (Presumably we did when the rel was created, but maybe not anymore.)
|
* (Presumably we did when the rel was created, but maybe not anymore.)
|
||||||
* Skip check if bootstrapping, since permissions machinery may not
|
* Skip check if bootstrapping, since permissions machinery may not
|
||||||
* be working yet; also, always allow if it's a temp table.
|
* be working yet.
|
||||||
*/
|
*/
|
||||||
if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId))
|
if (!IsBootstrapProcessingMode())
|
||||||
{
|
{
|
||||||
AclResult aclresult;
|
AclResult aclresult;
|
||||||
|
|
||||||
|
|||||||
@ -8,7 +8,7 @@
|
|||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/backend/commands/tablecmds.c,v 1.27 2002/08/05 03:29:17 tgl Exp $
|
* $Header: /cvsroot/pgsql/src/backend/commands/tablecmds.c,v 1.28 2002/08/07 21:45:01 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
@ -115,11 +115,11 @@ DefineRelation(CreateStmt *stmt, char relkind)
|
|||||||
* Look up the namespace in which we are supposed to create the
|
* Look up the namespace in which we are supposed to create the
|
||||||
* relation. Check we have permission to create there.
|
* relation. Check we have permission to create there.
|
||||||
* Skip check if bootstrapping, since permissions machinery may not
|
* Skip check if bootstrapping, since permissions machinery may not
|
||||||
* be working yet; also, always allow if it's a temp table.
|
* be working yet.
|
||||||
*/
|
*/
|
||||||
namespaceId = RangeVarGetCreationNamespace(stmt->relation);
|
namespaceId = RangeVarGetCreationNamespace(stmt->relation);
|
||||||
|
|
||||||
if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId))
|
if (!IsBootstrapProcessingMode())
|
||||||
{
|
{
|
||||||
AclResult aclresult;
|
AclResult aclresult;
|
||||||
|
|
||||||
|
|||||||
@ -27,7 +27,7 @@
|
|||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.172 2002/08/04 05:04:39 momjian Exp $
|
* $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.173 2002/08/07 21:45:02 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
@ -696,6 +696,7 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate)
|
|||||||
{
|
{
|
||||||
char *intoName;
|
char *intoName;
|
||||||
Oid namespaceId;
|
Oid namespaceId;
|
||||||
|
AclResult aclresult;
|
||||||
Oid intoRelationId;
|
Oid intoRelationId;
|
||||||
TupleDesc tupdesc;
|
TupleDesc tupdesc;
|
||||||
|
|
||||||
@ -705,16 +706,11 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate)
|
|||||||
intoName = parseTree->into->relname;
|
intoName = parseTree->into->relname;
|
||||||
namespaceId = RangeVarGetCreationNamespace(parseTree->into);
|
namespaceId = RangeVarGetCreationNamespace(parseTree->into);
|
||||||
|
|
||||||
if (!isTempNamespace(namespaceId))
|
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
|
||||||
{
|
ACL_CREATE);
|
||||||
AclResult aclresult;
|
if (aclresult != ACLCHECK_OK)
|
||||||
|
aclcheck_error(aclresult,
|
||||||
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
|
get_namespace_name(namespaceId));
|
||||||
ACL_CREATE);
|
|
||||||
if (aclresult != ACLCHECK_OK)
|
|
||||||
aclcheck_error(aclresult,
|
|
||||||
get_namespace_name(namespaceId));
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* new "INTO" table is created WITH OIDS
|
* new "INTO" table is created WITH OIDS
|
||||||
|
|||||||
@ -10,7 +10,7 @@
|
|||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.168 2002/08/04 04:31:44 momjian Exp $
|
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.169 2002/08/07 21:45:02 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
@ -399,22 +399,17 @@ ProcessUtility(Node *parsetree,
|
|||||||
/*
|
/*
|
||||||
* RENAME TABLE requires that we (still) hold CREATE
|
* RENAME TABLE requires that we (still) hold CREATE
|
||||||
* rights on the containing namespace, as well as
|
* rights on the containing namespace, as well as
|
||||||
* ownership of the table. But skip check for
|
* ownership of the table.
|
||||||
* temp tables.
|
|
||||||
*/
|
*/
|
||||||
Oid namespaceId = get_rel_namespace(relid);
|
Oid namespaceId = get_rel_namespace(relid);
|
||||||
|
AclResult aclresult;
|
||||||
|
|
||||||
if (!isTempNamespace(namespaceId))
|
aclresult = pg_namespace_aclcheck(namespaceId,
|
||||||
{
|
GetUserId(),
|
||||||
AclResult aclresult;
|
ACL_CREATE);
|
||||||
|
if (aclresult != ACLCHECK_OK)
|
||||||
aclresult = pg_namespace_aclcheck(namespaceId,
|
aclcheck_error(aclresult,
|
||||||
GetUserId(),
|
get_namespace_name(namespaceId));
|
||||||
ACL_CREATE);
|
|
||||||
if (aclresult != ACLCHECK_OK)
|
|
||||||
aclcheck_error(aclresult,
|
|
||||||
get_namespace_name(namespaceId));
|
|
||||||
}
|
|
||||||
|
|
||||||
renamerel(relid, stmt->newname);
|
renamerel(relid, stmt->newname);
|
||||||
break;
|
break;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user