rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make sure that usesuper is always accessed through superuser(), so that the 

single-user escape path always works.
This commit is contained in:
Peter Eisentraut 2002-04-11 05:32:03 +00:00
parent a62f43ae6e
commit 25f050d90d
4 changed files with 24 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/backend/catalog/aclchk.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.62 2002/04/09 20:35:46 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.63 2002/04/11 05:32:02 petere Exp $
* *
* NOTES * NOTES
* See acl.h. * See acl.h.
@ -734,9 +734,6 @@ pg_class_aclcheck(Oid table_oid, Oid userid, AclMode mode)
/* /*
* Validate userid, find out if he is superuser * Validate userid, find out if he is superuser
*
* We do not use superuser_arg() here because we also need to check
* usecatupd.
*/ */
tuple = SearchSysCache(SHADOWSYSID, tuple = SearchSysCache(SHADOWSYSID,
ObjectIdGetDatum(userid), ObjectIdGetDatum(userid),
@ -744,11 +741,12 @@ pg_class_aclcheck(Oid table_oid, Oid userid, AclMode mode)
if (!HeapTupleIsValid(tuple)) if (!HeapTupleIsValid(tuple))
elog(ERROR, "pg_class_aclcheck: invalid user id %u", userid); elog(ERROR, "pg_class_aclcheck: invalid user id %u", userid);
usesuper = ((Form_pg_shadow) GETSTRUCT(tuple))->usesuper;
usecatupd = ((Form_pg_shadow) GETSTRUCT(tuple))->usecatupd; usecatupd = ((Form_pg_shadow) GETSTRUCT(tuple))->usecatupd;
ReleaseSysCache(tuple); ReleaseSysCache(tuple);
usesuper = superuser_arg(userid);
/* /*
* Now get the relation's tuple from pg_class * Now get the relation's tuple from pg_class
*/ */

38
src/backend/commands/dbcommands.c
View File

@ -9,7 +9,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.85 2002/03/06 06:09:32 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.86 2002/04/11 05:32:03 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -49,7 +49,7 @@ static bool get_db_info(const char *name, Oid *dbIdP, int4 *ownerIdP,
int *encodingP, bool *dbIsTemplateP, Oid *dbLastSysOidP, int *encodingP, bool *dbIsTemplateP, Oid *dbLastSysOidP,
TransactionId *dbVacuumXidP, TransactionId *dbFrozenXidP, TransactionId *dbVacuumXidP, TransactionId *dbFrozenXidP,
char *dbpath); char *dbpath);
static bool get_user_info(Oid use_sysid, bool *use_super, bool *use_createdb); static bool have_createdb_privilege(void);
static char *resolve_alt_dbpath(const char *dbpath, Oid dboid); static char *resolve_alt_dbpath(const char *dbpath, Oid dboid);
static bool remove_dbdirs(const char *real_loc, const char *altloc); static bool remove_dbdirs(const char *real_loc, const char *altloc);
@ -67,8 +67,6 @@ createdb(const char *dbname, const char *dbowner,
char *target_dir; char *target_dir;
char src_loc[MAXPGPATH]; char src_loc[MAXPGPATH];
char buf[2 * MAXPGPATH + 100]; char buf[2 * MAXPGPATH + 100];
bool use_super,
use_createdb;
Oid src_dboid; Oid src_dboid;
int4 src_owner; int4 src_owner;
int src_encoding; int src_encoding;
@ -91,21 +89,17 @@ createdb(const char *dbname, const char *dbowner,
else else
datdba = GetUserId(); datdba = GetUserId();
/* check permission to create database */
if (!get_user_info(GetUserId(), &use_super, &use_createdb))
elog(ERROR, "current user name is invalid");
if (datdba == (int32) GetUserId()) if (datdba == (int32) GetUserId())
{ {
/* creating database for self: can be superuser or createdb */ /* creating database for self: can be superuser or createdb */
if (!use_createdb && !use_super) if (!superuser() && !have_createdb_privilege())
elog(ERROR, "CREATE DATABASE: permission denied"); elog(ERROR, "CREATE DATABASE: permission denied");
} }
else else
{ {
/* creating database for someone else: must be superuser */ /* creating database for someone else: must be superuser */
/* note that the someone else need not have any permissions */ /* note that the someone else need not have any permissions */
if (!use_super) if (!superuser())
elog(ERROR, "CREATE DATABASE: permission denied"); elog(ERROR, "CREATE DATABASE: permission denied");
} }
@ -143,7 +137,7 @@ createdb(const char *dbname, const char *dbowner,
*/ */
if (!src_istemplate) if (!src_istemplate)
{ {
if (!use_super && GetUserId() != src_owner) if (!superuser() && GetUserId() != src_owner )
elog(ERROR, "CREATE DATABASE: permission to copy \"%s\" denied", elog(ERROR, "CREATE DATABASE: permission to copy \"%s\" denied",
dbtemplate); dbtemplate);
} }
@ -332,7 +326,6 @@ dropdb(const char *dbname)
{ {
int4 db_owner; int4 db_owner;
bool db_istemplate; bool db_istemplate;
bool use_super;
Oid db_id; Oid db_id;
char *alt_loc; char *alt_loc;
char *nominal_loc; char *nominal_loc;
@ -350,9 +343,6 @@ dropdb(const char *dbname)
if (IsTransactionBlock()) if (IsTransactionBlock())
elog(ERROR, "DROP DATABASE: may not be called in a transaction block"); elog(ERROR, "DROP DATABASE: may not be called in a transaction block");
if (!get_user_info(GetUserId(), &use_super, NULL))
elog(ERROR, "current user name is invalid");
/* /*
* Obtain exclusive lock on pg_database. We need this to ensure that * Obtain exclusive lock on pg_database. We need this to ensure that
* no new backend starts up in the target database while we are * no new backend starts up in the target database while we are
@ -368,7 +358,7 @@ dropdb(const char *dbname)
&db_istemplate, NULL, NULL, NULL, dbpath)) &db_istemplate, NULL, NULL, NULL, dbpath))
elog(ERROR, "DROP DATABASE: database \"%s\" does not exist", dbname); elog(ERROR, "DROP DATABASE: database \"%s\" does not exist", dbname);
if (!use_super && GetUserId() != db_owner) if (GetUserId() != db_owner && !superuser())
elog(ERROR, "DROP DATABASE: permission denied"); elog(ERROR, "DROP DATABASE: permission denied");
/* /*
@ -605,25 +595,23 @@ get_db_info(const char *name, Oid *dbIdP, int4 *ownerIdP,
} }
static bool static bool
get_user_info(Oid use_sysid, bool *use_super, bool *use_createdb) have_createdb_privilege(void)
{ {
HeapTuple utup; HeapTuple utup;
bool retval;
utup = SearchSysCache(SHADOWSYSID, utup = SearchSysCache(SHADOWSYSID,
ObjectIdGetDatum(use_sysid), ObjectIdGetDatum(GetUserId()),
0, 0, 0); 0, 0, 0);
if (!HeapTupleIsValid(utup)) if (!HeapTupleIsValid(utup))
return false; retval = true;
else
if (use_super) retval = ((Form_pg_shadow) GETSTRUCT(utup))->usecreatedb;
*use_super = ((Form_pg_shadow) GETSTRUCT(utup))->usesuper;
if (use_createdb)
*use_createdb = ((Form_pg_shadow) GETSTRUCT(utup))->usecreatedb;
ReleaseSysCache(utup); ReleaseSysCache(utup);
return true; return retval;
} }

7
src/backend/utils/misc/superuser.c
View File

@ -10,7 +10,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.20 2002/02/18 23:11:26 petere Exp $ * $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.21 2002/04/11 05:32:03 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -27,6 +27,11 @@
/* /*
* The Postgres user running this command has Postgres superuser privileges * The Postgres user running this command has Postgres superuser privileges
*
* All code should use either of these two functions to find out
* whether a given user is a superuser, rather than evaluating
* pg_shadow.usesuper directly, so that the escape hatch built in for
* the single-user case works.
*/ */
bool bool
superuser(void) superuser(void)

4
src/include/catalog/pg_shadow.h
View File

@ -9,7 +9,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $Id: pg_shadow.h,v 1.18 2002/03/01 22:45:17 petere Exp $ * $Id: pg_shadow.h,v 1.19 2002/04/11 05:32:03 petere Exp $
* *
* NOTES * NOTES
* the genbki.sh script reads this file and generates .bki * the genbki.sh script reads this file and generates .bki
@ -35,7 +35,7 @@ CATALOG(pg_shadow) BOOTSTRAP BKI_WITHOUT_OIDS
int4 usesysid; int4 usesysid;
bool usecreatedb; bool usecreatedb;
bool usetrace; bool usetrace;
bool usesuper; bool usesuper; /* read this field via superuser() only */
bool usecatupd; bool usecatupd;
text passwd; text passwd;
int4 valuntil; int4 valuntil;