rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Back out SET AUTHORIZATION patch until security is resolved.

This commit is contained in:
Bruce Momjian 2001-07-12 17:42:08 +00:00
parent fb45d4ae07
commit 5c4d1398a6
6 changed files with 8 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/pl/plpgsql/src/gram.y
View File

@ -4,7 +4,7 @@
* procedural language * procedural language
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.23 2001/07/12 01:19:40 momjian Exp $ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.24 2001/07/12 17:42:07 momjian Exp $
* *
* This software is copyrighted by Jan Wieck - Hamburg. * This software is copyrighted by Jan Wieck - Hamburg.
* *
@ -122,13 +122,11 @@ static PLpgSQL_expr *make_tupret_expr(PLpgSQL_row *row);
%type <stmts> proc_sect, proc_stmts, stmt_else, loop_body %type <stmts> proc_sect, proc_stmts, stmt_else, loop_body
%type <stmt> proc_stmt, pl_block %type <stmt> proc_stmt, pl_block
%type <stmt> stmt_assign, stmt_if, stmt_loop, stmt_while, stmt_exit %type <stmt> stmt_assign, stmt_if, stmt_loop, stmt_while, stmt_exit
%type <stmt> stmt_return, stmt_raise, stmt_execsql, stmt_fori, stmt_setauth %type <stmt> stmt_return, stmt_raise, stmt_execsql, stmt_fori
%type <stmt> stmt_fors, stmt_select, stmt_perform %type <stmt> stmt_fors, stmt_select, stmt_perform
%type <stmt> stmt_dynexecute, stmt_dynfors, stmt_getdiag %type <stmt> stmt_dynexecute, stmt_dynfors, stmt_getdiag
%type <stmt> stmt_open, stmt_fetch, stmt_close %type <stmt> stmt_open, stmt_fetch, stmt_close
%type <ival> auth_level
%type <intlist> raise_params %type <intlist> raise_params
%type <ival> raise_level, raise_param %type <ival> raise_level, raise_param
%type <str> raise_msg %type <str> raise_msg
@ -174,10 +172,6 @@ static PLpgSQL_expr *make_tupret_expr(PLpgSQL_row *row);
%token K_PERFORM %token K_PERFORM
%token K_ROW_COUNT %token K_ROW_COUNT
%token K_RAISE %token K_RAISE
%token K_SET
%token K_AUTHORIZATION
%token K_INVOKER
%token K_DEFINER
%token K_RECORD %token K_RECORD
%token K_RENAME %token K_RENAME
%token K_RESULT_OID %token K_RESULT_OID
@ -732,8 +726,6 @@ proc_stmt : pl_block
{ $$ = $1; } { $$ = $1; }
| stmt_raise | stmt_raise
{ $$ = $1; } { $$ = $1; }
| stmt_setauth
{ $$ = $1; }
| stmt_execsql | stmt_execsql
{ $$ = $1; } { $$ = $1; }
| stmt_dynexecute | stmt_dynexecute
@ -1251,29 +1243,6 @@ stmt_return : K_RETURN lno
} }
; ;
stmt_setauth : K_SET K_AUTHORIZATION auth_level lno ';'
{
PLpgSQL_stmt_setauth *new;
new=malloc(sizeof(PLpgSQL_stmt_setauth));
new->cmd_type = PLPGSQL_STMT_SETAUTH;
new->auth_level = $3;
new->lineno = $4;
$$ = (PLpgSQL_stmt *)new;
}
auth_level : K_DEFINER
{
$$=PLPGSQL_AUTH_DEFINER;
}
| K_INVOKER
{
$$=PLPGSQL_AUTH_INVOKER;
}
;
stmt_raise : K_RAISE lno raise_level raise_msg raise_params ';' stmt_raise : K_RAISE lno raise_level raise_msg raise_params ';'
{ {
PLpgSQL_stmt_raise *new; PLpgSQL_stmt_raise *new;

3
src/pl/plpgsql/src/pl_comp.c
View File

@ -3,7 +3,7 @@
* procedural language * procedural language
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.32 2001/07/11 18:54:18 momjian Exp $ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.33 2001/07/12 17:42:07 momjian Exp $
* *
* This software is copyrighted by Jan Wieck - Hamburg. * This software is copyrighted by Jan Wieck - Hamburg.
* *
@ -169,7 +169,6 @@ plpgsql_compile(Oid fn_oid, int functype)
function->fn_functype = functype; function->fn_functype = functype;
function->fn_oid = fn_oid; function->fn_oid = fn_oid;
function->definer_uid = procStruct->proowner;
function->fn_name = strdup(DatumGetCString(DirectFunctionCall1(nameout, function->fn_name = strdup(DatumGetCString(DirectFunctionCall1(nameout,
NameGetDatum(&(procStruct->proname))))); NameGetDatum(&(procStruct->proname)))));

49
src/pl/plpgsql/src/pl_exec.c
View File

@ -3,7 +3,7 @@
* procedural language * procedural language
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.45 2001/07/11 18:54:18 momjian Exp $ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.46 2001/07/12 17:42:07 momjian Exp $
* *
* This software is copyrighted by Jan Wieck - Hamburg. * This software is copyrighted by Jan Wieck - Hamburg.
* *
@ -47,7 +47,6 @@
#include "plpgsql.h" #include "plpgsql.h"
#include "pl.tab.h" #include "pl.tab.h"
#include "miscadmin.h"
#include "access/heapam.h" #include "access/heapam.h"
#include "catalog/pg_proc.h" #include "catalog/pg_proc.h"
#include "catalog/pg_type.h" #include "catalog/pg_type.h"
@ -106,8 +105,6 @@ static int exec_stmt_exit(PLpgSQL_execstate * estate,
PLpgSQL_stmt_exit * stmt); PLpgSQL_stmt_exit * stmt);
static int exec_stmt_return(PLpgSQL_execstate * estate, static int exec_stmt_return(PLpgSQL_execstate * estate,
PLpgSQL_stmt_return * stmt); PLpgSQL_stmt_return * stmt);
static int exec_stmt_setauth(PLpgSQL_execstate * estate,
PLpgSQL_stmt_setauth * stmt);
static int exec_stmt_raise(PLpgSQL_execstate * estate, static int exec_stmt_raise(PLpgSQL_execstate * estate,
PLpgSQL_stmt_raise * stmt); PLpgSQL_stmt_raise * stmt);
static int exec_stmt_execsql(PLpgSQL_execstate * estate, static int exec_stmt_execsql(PLpgSQL_execstate * estate,
@ -229,9 +226,6 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
case PLPGSQL_STMT_RETURN: case PLPGSQL_STMT_RETURN:
stmttype = "return"; stmttype = "return";
break; break;
case PLPGSQL_STMT_SETAUTH:
stmttype = "setauth";
break;
case PLPGSQL_STMT_RAISE: case PLPGSQL_STMT_RAISE:
stmttype = "raise"; stmttype = "raise";
break; break;
@ -283,10 +277,7 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
estate.retistuple = func->fn_retistuple; estate.retistuple = func->fn_retistuple;
estate.retisset = func->fn_retset; estate.retisset = func->fn_retset;
estate.exitlabel = NULL; estate.exitlabel = NULL;
estate.invoker_uid = GetUserId();
estate.definer_uid = func->definer_uid;
estate.auth_level = PLPGSQL_AUTH_INVOKER;
estate.found_varno = func->found_varno; estate.found_varno = func->found_varno;
estate.ndatums = func->ndatums; estate.ndatums = func->ndatums;
estate.datums = palloc(sizeof(PLpgSQL_datum *) * estate.ndatums); estate.datums = palloc(sizeof(PLpgSQL_datum *) * estate.ndatums);
@ -406,9 +397,6 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
elog(ERROR, "control reaches end of function without RETURN"); elog(ERROR, "control reaches end of function without RETURN");
} }
if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
SetUserId(estate.invoker_uid);
/* /*
* We got a return value - process it * We got a return value - process it
*/ */
@ -589,9 +577,6 @@ plpgsql_exec_trigger(PLpgSQL_function * func,
estate.retistuple = func->fn_retistuple; estate.retistuple = func->fn_retistuple;
estate.retisset = func->fn_retset; estate.retisset = func->fn_retset;
estate.exitlabel = NULL; estate.exitlabel = NULL;
estate.invoker_uid = GetUserId();
estate.definer_uid = func->definer_uid;
estate.auth_level = PLPGSQL_AUTH_INVOKER;
estate.found_varno = func->found_varno; estate.found_varno = func->found_varno;
estate.ndatums = func->ndatums; estate.ndatums = func->ndatums;
@ -775,9 +760,6 @@ plpgsql_exec_trigger(PLpgSQL_function * func,
elog(ERROR, "control reaches end of trigger procedure without RETURN"); elog(ERROR, "control reaches end of trigger procedure without RETURN");
} }
if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
SetUserId(estate.invoker_uid);
/* /*
* Check that the returned tuple structure has the same attributes, * Check that the returned tuple structure has the same attributes,
* the relation that fired the trigger has. * the relation that fired the trigger has.
@ -1040,10 +1022,6 @@ exec_stmt(PLpgSQL_execstate * estate, PLpgSQL_stmt * stmt)
rc = exec_stmt_return(estate, (PLpgSQL_stmt_return *) stmt); rc = exec_stmt_return(estate, (PLpgSQL_stmt_return *) stmt);
break; break;
case PLPGSQL_STMT_SETAUTH:
rc = exec_stmt_setauth(estate, (PLpgSQL_stmt_setauth *) stmt);
break;
case PLPGSQL_STMT_RAISE: case PLPGSQL_STMT_RAISE:
rc = exec_stmt_raise(estate, (PLpgSQL_stmt_raise *) stmt); rc = exec_stmt_raise(estate, (PLpgSQL_stmt_raise *) stmt);
break; break;
@ -1667,29 +1645,6 @@ exec_stmt_return(PLpgSQL_execstate * estate, PLpgSQL_stmt_return * stmt)
return PLPGSQL_RC_RETURN; return PLPGSQL_RC_RETURN;
} }
/* ----------
* exec_stmt_setauth Changes user ID to/from
* that of the function owner's
* ----------
*/
static int
exec_stmt_setauth(PLpgSQL_execstate * estate, PLpgSQL_stmt_setauth * stmt)
{
switch(stmt->auth_level)
{
case PLPGSQL_AUTH_DEFINER:
SetUserId(estate->definer_uid);
break;
case PLPGSQL_AUTH_INVOKER:
SetUserId(estate->invoker_uid);
break;
}
estate->auth_level=stmt->auth_level;
return PLPGSQL_RC_OK;
}
/* ---------- /* ----------
* exec_stmt_raise Build a message and throw it with * exec_stmt_raise Build a message and throw it with

21
src/pl/plpgsql/src/pl_funcs.c
View File

@ -3,7 +3,7 @@
* procedural language * procedural language
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.14 2001/07/11 18:54:18 momjian Exp $ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.15 2001/07/12 17:42:08 momjian Exp $
* *
* This software is copyrighted by Jan Wieck - Hamburg. * This software is copyrighted by Jan Wieck - Hamburg.
* *
@ -382,7 +382,6 @@ static void dump_fors(PLpgSQL_stmt_fors * stmt);
static void dump_select(PLpgSQL_stmt_select * stmt); static void dump_select(PLpgSQL_stmt_select * stmt);
static void dump_exit(PLpgSQL_stmt_exit * stmt); static void dump_exit(PLpgSQL_stmt_exit * stmt);
static void dump_return(PLpgSQL_stmt_return * stmt); static void dump_return(PLpgSQL_stmt_return * stmt);
static void dump_setauth(PLpgSQL_stmt_setauth * stmt);
static void dump_raise(PLpgSQL_stmt_raise * stmt); static void dump_raise(PLpgSQL_stmt_raise * stmt);
static void dump_execsql(PLpgSQL_stmt_execsql * stmt); static void dump_execsql(PLpgSQL_stmt_execsql * stmt);
static void dump_dynexecute(PLpgSQL_stmt_dynexecute * stmt); static void dump_dynexecute(PLpgSQL_stmt_dynexecute * stmt);
@ -439,9 +438,6 @@ dump_stmt(PLpgSQL_stmt * stmt)
case PLPGSQL_STMT_RETURN: case PLPGSQL_STMT_RETURN:
dump_return((PLpgSQL_stmt_return *) stmt); dump_return((PLpgSQL_stmt_return *) stmt);
break; break;
case PLPGSQL_STMT_SETAUTH:
dump_setauth((PLpgSQL_stmt_setauth *) stmt);
break;
case PLPGSQL_STMT_RAISE: case PLPGSQL_STMT_RAISE:
dump_raise((PLpgSQL_stmt_raise *) stmt); dump_raise((PLpgSQL_stmt_raise *) stmt);
break; break;
@ -725,21 +721,6 @@ dump_return(PLpgSQL_stmt_return * stmt)
printf("\n"); printf("\n");
} }
static void
dump_setauth(PLpgSQL_stmt_setauth * stmt)
{
dump_ind();
switch (stmt->auth_level)
{
case PLPGSQL_AUTH_DEFINER:
printf("SET AUTHORIZATION DEFINER\n");
break;
case PLPGSQL_AUTH_INVOKER:
printf("SET AUTHORIZATION INVOKER\n");
break;
}
}
static void static void
dump_raise(PLpgSQL_stmt_raise * stmt) dump_raise(PLpgSQL_stmt_raise * stmt)
{ {

23
src/pl/plpgsql/src/plpgsql.h
View File

@ -3,7 +3,7 @@
* procedural language * procedural language
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.15 2001/07/11 18:54:19 momjian Exp $ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.16 2001/07/12 17:42:08 momjian Exp $
* *
* This software is copyrighted by Jan Wieck - Hamburg. * This software is copyrighted by Jan Wieck - Hamburg.
* *
@ -95,7 +95,6 @@ enum
PLPGSQL_STMT_DYNEXECUTE, PLPGSQL_STMT_DYNEXECUTE,
PLPGSQL_STMT_DYNFORS, PLPGSQL_STMT_DYNFORS,
PLPGSQL_STMT_GETDIAG, PLPGSQL_STMT_GETDIAG,
PLPGSQL_STMT_SETAUTH,
PLPGSQL_STMT_OPEN, PLPGSQL_STMT_OPEN,
PLPGSQL_STMT_FETCH, PLPGSQL_STMT_FETCH,
PLPGSQL_STMT_CLOSE PLPGSQL_STMT_CLOSE
@ -113,16 +112,6 @@ enum
PLPGSQL_RC_RETURN PLPGSQL_RC_RETURN
}; };
/* ---------
* Authorization levels
* ---------
*/
enum
{
PLPGSQL_AUTH_INVOKER,
PLPGSQL_AUTH_DEFINER,
};
/* ---------- /* ----------
* GET DIAGNOSTICS system attrs * GET DIAGNOSTICS system attrs
* ---------- * ----------
@ -436,12 +425,6 @@ typedef struct
int retrecno; int retrecno;
} PLpgSQL_stmt_return; } PLpgSQL_stmt_return;
typedef struct
{ /* SET AUTHORIZATION statement */
int cmd_type;
int lineno;
int auth_level;
} PLpgSQL_stmt_setauth;
typedef struct typedef struct
{ /* RAISE statement */ { /* RAISE statement */
@ -497,7 +480,6 @@ typedef struct PLpgSQL_function
int tg_nargs_varno; int tg_nargs_varno;
int ndatums; int ndatums;
Oid definer_uid;
PLpgSQL_datum **datums; PLpgSQL_datum **datums;
PLpgSQL_stmt_block *action; PLpgSQL_stmt_block *action;
struct PLpgSQL_function *next; struct PLpgSQL_function *next;
@ -520,9 +502,6 @@ typedef struct
int found_varno; int found_varno;
int ndatums; int ndatums;
PLpgSQL_datum **datums; PLpgSQL_datum **datums;
Oid invoker_uid;
Oid definer_uid;
int auth_level;
} PLpgSQL_execstate; } PLpgSQL_execstate;

6
src/pl/plpgsql/src/scan.l
View File

@ -4,7 +4,7 @@
* procedural language * procedural language
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.13 2001/07/11 18:54:19 momjian Exp $ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.14 2001/07/12 17:42:08 momjian Exp $
* *
* This software is copyrighted by Jan Wieck - Hamburg. * This software is copyrighted by Jan Wieck - Hamburg.
* *
@ -121,10 +121,6 @@ null { return K_NULL; }
open { return K_OPEN; } open { return K_OPEN; }
perform { return K_PERFORM; } perform { return K_PERFORM; }
raise { return K_RAISE; } raise { return K_RAISE; }
set { return K_SET; }
authorization { return K_AUTHORIZATION; }
invoker { return K_INVOKER; }
definer { return K_DEFINER; }
record { return K_RECORD; } record { return K_RECORD; }
rename { return K_RENAME; } rename { return K_RENAME; }
result_oid { return K_RESULT_OID; } result_oid { return K_RESULT_OID; }