rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix assign_session_authorization() to not be confused by all-numeric 

user names.  Per recent reports.
This commit is contained in:
Tom Lane 2003-02-01 18:31:28 +00:00
parent 361eaa185f
commit 21166170c8
1 changed files with 30 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/backend/commands/variable.c
View File

@ -9,7 +9,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.72 2002/12/05 04:04:42 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.73 2003/02/01 18:31:28 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -519,25 +519,36 @@ show_server_encoding(void)
/* /*
* SET SESSION AUTHORIZATION * SET SESSION AUTHORIZATION
* *
* Note: when resetting session auth after an error, we can't expect to do * When resetting session auth after an error, we can't expect to do catalog
* catalog lookups. Hence, the stored form of the value is always a numeric * lookups. Hence, the stored form of the value must provide a numeric userid
* userid that can be re-used directly. * that can be re-used directly. We store the string in the form of
* NAMEDATALEN 'x's followed by the numeric userid --- this cannot conflict
* with any valid user name, because of the NAMEDATALEN limit on names.
*/ */
const char * const char *
assign_session_authorization(const char *value, bool doit, bool interactive) assign_session_authorization(const char *value, bool doit, bool interactive)
{ {
AclId usesysid; AclId usesysid = 0;
char *endptr;
char *result; char *result;
usesysid = (Oid) strtoul(value, &endptr, 10); if (strspn(value, "x") == NAMEDATALEN)
{
/* might be a saved numeric userid */
char *endptr;
if (endptr != value && *endptr == '\0' && OidIsValid(usesysid)) usesysid = (AclId) strtoul(value + NAMEDATALEN, &endptr, 10);
{
/* use the numeric user ID */ if (endptr != value + NAMEDATALEN && *endptr == '\0')
{
/* syntactically valid, so use the numeric user ID */
}
else
usesysid = 0;
} }
else
if (usesysid == 0)
{ {
/* not a saved ID, so look it up */
HeapTuple userTup; HeapTuple userTup;
userTup = SearchSysCache(SHADOWNAME, userTup = SearchSysCache(SHADOWNAME,
@ -558,11 +569,13 @@ assign_session_authorization(const char *value, bool doit, bool interactive)
if (doit) if (doit)
SetSessionAuthorization(usesysid); SetSessionAuthorization(usesysid);
result = (char *) malloc(32); result = (char *) malloc(NAMEDATALEN + 32);
if (!result) if (!result)
return NULL; return NULL;
snprintf(result, 32, "%lu", (unsigned long) usesysid); memset(result, 'x', NAMEDATALEN);
snprintf(result + NAMEDATALEN, 32, "%lu", (unsigned long) usesysid);
return result; return result;
} }
@ -570,5 +583,9 @@ assign_session_authorization(const char *value, bool doit, bool interactive)
const char * const char *
show_session_authorization(void) show_session_authorization(void)
{ {
/*
* We can't use the stored string; see comments for
* assign_session_authorization
*/
return GetUserNameFromId(GetSessionUserId()); return GetUserNameFromId(GetSessionUserId());
} }