rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

*) inet_(client|server)_(addr|port)() and necessary documentation for 

the four functions.


> Also, please justify the temp-related changes.  I was not aware that we
> had any breakage there.

patch-tmp-schema.txt contains the following bits:

*) Changes pg_namespace_aclmask() so that the superuser is always able
to create objects in the temp namespace.
*) Changes pg_namespace_aclmask() so that if this is a temp namespace,
objects are only allowed to be created in the temp namespace if the
user has TEMP privs on the database.  This encompasses all object
creation, not just TEMP tables.
*) InitTempTableNamespace() checks to see if the current user, not the
session user, has access to create a temp namespace.

The first two changes are necessary to support the third change.  Now
it's possible to revoke all temp table privs from non-super users and
limiting all creation of temp tables/schemas via a function that's
executed with elevated privs (security definer).  Before this change,
it was not possible to have a setuid function to create a temp
table/schema if the session user had no TEMP privs.

patch-area-path.txt contains:

*) Can now determine the area of a closed path.


patch-dfmgr.txt contains:

*) Small tweak to add the library path that's being expanded.

I was using $lib/foo.so and couldn't easily figure out what the error
message, "invalid macro name in dynamic library path" meant without
looking through the source code.  With the path in there, at least I
know where to start looking in my config file.

Sean Chittenden
This commit is contained in:
Bruce Momjian 2004-05-26 18:35:51 +00:00
parent 51227f8d9d
commit 97d625dd1c
14 changed files with 234 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
doc/src/sgml/func.sgml
View File

@ -1,5 +1,5 @@
<!--
$PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.204 2004/05/26 15:25:57 momjian Exp $
$PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.205 2004/05/26 18:35:31 momjian Exp $
PostgreSQL documentation
-->
@ -6592,6 +6592,30 @@ SELECT NULLIF(value, '(none)') ...
<entry>user name of current execution context</entry>
</row>
<row>
<entry><function>inet_client_addr</function></entry>
<entry><type>inet</type></entry>
<entry>address of the remote connection</entry>
</row>
<row>
<entry><function>inet_client_port</function></entry>
<entry><type>int4</type></entry>
<entry>port of the remote connection</entry>
</row>
<row>
<entry><function>inet_server_addr</function></entry>
<entry><type>inet</type></entry>
<entry>address of the local connection</entry>
</row>
<row>
<entry><function>inet_server_port</function></entry>
<entry><type>int4</type></entry>
<entry>port of the local connection</entry>
</row>
<row>
<entry><function>session_user</function></entry>
<entry><type>name</type></entry>
@ -6647,6 +6671,17 @@ SELECT NULLIF(value, '(none)') ...
</para>
</note>
<para>
<function>inet_client_addr</function> and
<function>inet_server_addr</function> return the IPv4 or IPv6 (if
configured) address of the remote or local host connecting to the
database, respectively. <function>inet_client_port</function>
and <function>inet_server_port</function> return the port number
of the remote or local host connecting to the database,
respectively. If the connection is not a network connection,
these functions will return <literal>NULL</literal>.
</para>
<para>
<function>current_schema</function> returns the name of the schema that is
at the front of the search path (or a null value if the search path is

26
src/backend/catalog/aclchk.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.99 2004/05/26 04:41:06 neilc Exp $
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.100 2004/05/26 18:35:32 momjian Exp $
*
* NOTES
* See acl.h.
@ -1342,17 +1342,27 @@ pg_namespace_aclmask(Oid nsp_oid, AclId userid,
bool isNull;
Acl *acl;
/*
* If we have been assigned this namespace as a temp namespace, assume
* we have all grantable privileges on it.
*/
if (isTempNamespace(nsp_oid))
return mask;
/* Superusers bypass all permission checking. */
if (superuser_arg(userid))
return mask;
/*
* If we have been assigned this namespace as a temp
* namespace, check to make sure we have CREATE permissions on
* the database.
*
* Instead of returning ACLCHECK_NO_PRIV, should we return via
* ereport() with a message about trying to create an object
* in a TEMP namespace when GetUserId() doesn't have perms?
*/
if (isTempNamespace(nsp_oid)) {
if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
ACL_CREATE_TEMP) == ACLCHECK_OK)
return ACLCHECK_OK;
else
return ACLCHECK_NO_PRIV;
}
/*
* Get the schema's ACL from pg_namespace
*/

10
src/backend/catalog/namespace.c
View File

@ -13,7 +13,7 @@
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/catalog/namespace.c,v 1.64 2004/05/26 04:41:07 neilc Exp $
* $PostgreSQL: pgsql/src/backend/catalog/namespace.c,v 1.65 2004/05/26 18:35:32 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -1640,11 +1640,11 @@ InitTempTableNamespace(void)
* tables. We use a nonstandard error message here since
* "databasename: permission denied" might be a tad cryptic.
*
* Note we apply the check to the session user, not the currently active
* userid, since we are not going to change our minds about temp table
* availability during the session.
* ACL_CREATE_TEMP perms are also checked in
* pg_namespace_aclcheck() that way only users who have TEMP
* perms can create objects.
*/
if (pg_database_aclcheck(MyDatabaseId, GetSessionUserId(),
if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
ACL_CREATE_TEMP) != ACLCHECK_OK)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

12
src/backend/libpq/hba.c
View File

@ -10,7 +10,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.123 2004/05/26 04:41:18 neilc Exp $
* $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.124 2004/05/26 18:35:33 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -1345,8 +1345,11 @@ ident_inet(const SockAddr remote_addr,
hints.ai_addr = NULL;
hints.ai_next = NULL;
rc = getaddrinfo_all(remote_addr_s, ident_port, &hints, &ident_serv);
if (rc || !ident_serv)
if (rc || !ident_serv) {
if (ident_serv)
freeaddrinfo_all(hints.ai_family, ident_serv);
return false; /* we don't expect this to happen */
}
hints.ai_flags = AI_NUMERICHOST;
hints.ai_family = local_addr.addr.ss_family;
@ -1357,8 +1360,11 @@ ident_inet(const SockAddr remote_addr,
hints.ai_addr = NULL;
hints.ai_next = NULL;
rc = getaddrinfo_all(local_addr_s, NULL, &hints, &la);
if (rc || !la)
if (rc || !la) {
if (la)
freeaddrinfo_all(hints.ai_family, la);
return false; /* we don't expect this to happen */
}
sock_fd = socket(ident_serv->ai_family, ident_serv->ai_socktype,
ident_serv->ai_protocol);

6
src/backend/libpq/ip.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/ip.c,v 1.25 2004/04/24 20:10:34 tgl Exp $
* $PostgreSQL: pgsql/src/backend/libpq/ip.c,v 1.26 2004/05/26 18:35:33 momjian Exp $
*
* This file and the IPV6 implementation were initially provided by
* Nigel Kukard <nkukard@lbsd.net>, Linux Based Systems Design
@ -73,11 +73,11 @@ getaddrinfo_all(const char *hostname, const char *servname,
*result = NULL;
#ifdef HAVE_UNIX_SOCKETS
if (hintp != NULL && hintp->ai_family == AF_UNIX)
if (hintp->ai_family == AF_UNIX)
return getaddrinfo_unix(servname, hintp, result);
#endif
/* NULL has special meaning to getaddrinfo */
/* NULL has special meaning to getaddrinfo(). */
return getaddrinfo((!hostname || hostname[0] == '\0') ? NULL : hostname,
servname, hintp, result);
}

5
src/backend/libpq/pqcomm.c
View File

@ -30,7 +30,7 @@
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $PostgreSQL: pgsql/src/backend/libpq/pqcomm.c,v 1.168 2003/12/12 18:45:08 petere Exp $
* $PostgreSQL: pgsql/src/backend/libpq/pqcomm.c,v 1.169 2004/05/26 18:35:33 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -251,7 +251,8 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
ereport(LOG,
(errmsg("could not translate service \"%s\" to address: %s",
service, gai_strerror(ret))));
freeaddrinfo_all(hint.ai_family, addrs);
if (addrs)
freeaddrinfo_all(hint.ai_family, addrs);
return STATUS_ERROR;
}

8
src/backend/postmaster/postmaster.c
View File

@ -37,7 +37,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.394 2004/05/23 03:50:45 tgl Exp $
* $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.395 2004/05/26 18:35:35 momjian Exp $
*
* NOTES
*
@ -2469,10 +2469,14 @@ BackendInit(Port *port)
remote_port, sizeof(remote_port),
(log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV))
{
getnameinfo_all(&port->raddr.addr, port->raddr.salen,
int ret = getnameinfo_all(&port->raddr.addr, port->raddr.salen,
remote_host, sizeof(remote_host),
remote_port, sizeof(remote_port),
NI_NUMERICHOST | NI_NUMERICSERV);
if (ret)
ereport(WARNING,
(errmsg("getnameinfo_all() failed: %s",
gai_strerror(ret))));
}
snprintf(remote_ps_data, sizeof(remote_ps_data),
remote_port[0] == '\0' ? "%s" : "%s(%s)",

23
src/backend/utils/adt/geo_ops.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/utils/adt/geo_ops.c,v 1.84 2004/05/12 22:38:44 tgl Exp $
* $PostgreSQL: pgsql/src/backend/utils/adt/geo_ops.c,v 1.85 2004/05/26 18:35:38 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -1312,6 +1312,27 @@ line_interpt_internal(LINE *l1, LINE *l2)
* "(closed, npts, xcoord, ycoord,... )"
*---------------------------------------------------------*/
Datum
path_area(PG_FUNCTION_ARGS)
{
PATH *path = PG_GETARG_PATH_P(0);
double area = 0.0;
int i,j;
if (!path->closed)
PG_RETURN_NULL();
for (i = 0; i < path->npts; i++) {
j = (i + 1) % path->npts;
area += path->p[i].x * path->p[j].y;
area -= path->p[i].y * path->p[j].x;
}
area *= 0.5;
PG_RETURN_FLOAT8(area < 0.0 ? -area : area);
}
Datum
path_in(PG_FUNCTION_ARGS)
{

109
src/backend/utils/adt/network.c
View File

@ -1,7 +1,7 @@
/*
* PostgreSQL type definitions for the INET and CIDR types.
*
* $PostgreSQL: pgsql/src/backend/utils/adt/network.c,v 1.49 2003/12/01 18:50:19 tgl Exp $
* $PostgreSQL: pgsql/src/backend/utils/adt/network.c,v 1.50 2004/05/26 18:35:38 momjian Exp $
*
* Jon Postel RIP 16 Oct 1998
*/
@ -14,7 +14,10 @@
#include <arpa/inet.h>
#include "catalog/pg_type.h"
#include "libpq/ip.h"
#include "libpq/libpq-be.h"
#include "libpq/pqformat.h"
#include "miscadmin.h"
#include "utils/builtins.h"
#include "utils/inet.h"
@ -130,6 +133,110 @@ cidr_in(PG_FUNCTION_ARGS)
PG_RETURN_INET_P(network_in(src, 1));
}
/* INET that the client is connecting from */
Datum
inet_client_addr(PG_FUNCTION_ARGS)
{
Port *port = MyProcPort;
if (port == NULL)
PG_RETURN_NULL();
switch (port->raddr.addr.ss_family) {
case AF_INET:
#ifdef HAVE_IPV6
case AF_INET6:
#endif
break;
default:
PG_RETURN_NULL();
}
PG_RETURN_INET_P(network_in(port->remote_host, 0));
}
/* port that the client is connecting from */
Datum
inet_client_port(PG_FUNCTION_ARGS)
{
Port *port = MyProcPort;
if (port == NULL)
PG_RETURN_NULL();
PG_RETURN_INT32(DirectFunctionCall1(int4in, CStringGetDatum(port->remote_port)));
}
/* server INET that the client connected to */
Datum
inet_server_addr(PG_FUNCTION_ARGS)
{
Port *port = MyProcPort;
char local_host[NI_MAXHOST];
int ret;
if (port == NULL)
PG_RETURN_NULL();
switch (port->laddr.addr.ss_family) {
case AF_INET:
#ifdef HAVE_IPV6
case AF_INET6:
#endif
break;
default:
PG_RETURN_NULL();
}
local_host[0] = '\0';
ret = getnameinfo_all(&port->laddr.addr, port->laddr.salen,
local_host, sizeof(local_host),
NULL, 0,
NI_NUMERICHOST | NI_NUMERICSERV);
if (ret)
PG_RETURN_NULL();
PG_RETURN_INET_P(network_in(local_host, 0));
}
/* port that the server accepted the connection on */
Datum
inet_server_port(PG_FUNCTION_ARGS)
{
Port *port = MyProcPort;
char local_port[NI_MAXSERV];
int ret;
if (port == NULL)
PG_RETURN_NULL();
switch (port->laddr.addr.ss_family) {
case AF_INET:
#ifdef HAVE_IPV6
case AF_INET6:
#endif
break;
default:
PG_RETURN_NULL();
}
local_port[0] = '\0';
ret = getnameinfo_all(&port->laddr.addr, port->laddr.salen,
NULL, 0,
local_port, sizeof(local_port),
NI_NUMERICHOST | NI_NUMERICSERV);
if (ret)
PG_RETURN_NULL();
PG_RETURN_INT32(DirectFunctionCall1(int4in, CStringGetDatum(local_port)));
}
/*
* INET address output function.
*/

4
src/backend/utils/fmgr/dfmgr.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/utils/fmgr/dfmgr.c,v 1.72 2004/05/17 14:35:31 momjian Exp $
* $PostgreSQL: pgsql/src/backend/utils/fmgr/dfmgr.c,v 1.73 2004/05/26 18:35:39 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -350,7 +350,7 @@ substitute_libpath_macro(const char *name)
strncmp(name, "$libdir", strlen("$libdir")) != 0)
ereport(ERROR,
(errcode(ERRCODE_INVALID_NAME),
errmsg("invalid macro name in dynamic library path")));
errmsg("invalid macro name in dynamic library path: %s", name)));
ret = palloc(strlen(pkglib_path) + strlen(sep_ptr) + 1);

13
src/include/catalog/pg_proc.h
View File

@ -7,7 +7,7 @@
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $PostgreSQL: pgsql/src/include/catalog/pg_proc.h,v 1.331 2004/05/26 18:14:36 momjian Exp $
* $PostgreSQL: pgsql/src/include/catalog/pg_proc.h,v 1.332 2004/05/26 18:35:43 momjian Exp $
*
* NOTES
* The script catalog/genbki.sh reads this file and generates .bki
@ -1259,6 +1259,8 @@ DATA(insert OID = 977 ( height PGNSP PGUID 12 f f t f i 1 701 "603" _null_
DESCR("box height");
DATA(insert OID = 978 ( box_distance PGNSP PGUID 12 f f t f i 2 701 "603 603" _null_ box_distance - _null_ ));
DESCR("distance between boxes");
DATA(insert OID = 979 ( area PGNSP PGUID 12 f f t f i 1 701 "602" _null_ path_area - _null_ ));
DESCR("area of a closed path");
DATA(insert OID = 980 ( box_intersect PGNSP PGUID 12 f f t f i 2 603 "603 603" _null_ box_intersect - _null_ ));
DESCR("box intersection (another box)");
DATA(insert OID = 981 ( diagonal PGNSP PGUID 12 f f t f i 1 601 "603" _null_ box_diagonal - _null_ ));
@ -2344,6 +2346,15 @@ DESCR("I/O");
DATA(insert OID = 911 ( inet_out PGNSP PGUID 12 f f t f i 1 2275 "869" _null_ inet_out - _null_ ));
DESCR("I/O");
DATA(insert OID = 912 ( inet_client_addr PGNSP PGUID 12 f f f f s 0 869 "" _null_ inet_client_addr - _null_ ));
DESCR("Returns the INET address of the client connected to the backend");
DATA(insert OID = 913 ( inet_client_port PGNSP PGUID 12 f f f f s 0 23 "" _null_ inet_client_port - _null_ ));
DESCR("Returns the client's port number for this connection");
DATA(insert OID = 914 ( inet_server_addr PGNSP PGUID 12 f f f f s 0 869 "" _null_ inet_server_addr - _null_ ));
DESCR("Returns the INET address that the backend is using to service the connection");
DATA(insert OID = 915 ( inet_server_port PGNSP PGUID 12 f f f f s 0 23 "" _null_ inet_server_port - _null_ ));
DESCR("Returns the servers's port number for this connection");
/* for cidr type support */
DATA(insert OID = 1267 ( cidr_in PGNSP PGUID 12 f f t f i 1 650 "2275" _null_ cidr_in - _null_ ));
DESCR("I/O");

6
src/include/utils/builtins.h
View File

@ -7,7 +7,7 @@
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $PostgreSQL: pgsql/src/include/utils/builtins.h,v 1.239 2004/05/26 15:26:18 momjian Exp $
* $PostgreSQL: pgsql/src/include/utils/builtins.h,v 1.240 2004/05/26 18:35:46 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -647,6 +647,10 @@ extern int inet_net_pton(int af, const char *src,
void *dst, size_t size);
/* network.c */
extern Datum inet_client_addr(PG_FUNCTION_ARGS);
extern Datum inet_client_port(PG_FUNCTION_ARGS);
extern Datum inet_server_addr(PG_FUNCTION_ARGS);
extern Datum inet_server_port(PG_FUNCTION_ARGS);
extern Datum inet_in(PG_FUNCTION_ARGS);
extern Datum inet_out(PG_FUNCTION_ARGS);
extern Datum inet_recv(PG_FUNCTION_ARGS);

3
src/include/utils/geo_decls.h
View File

@ -6,7 +6,7 @@
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $PostgreSQL: pgsql/src/include/utils/geo_decls.h,v 1.43 2003/11/29 22:41:15 pgsql Exp $
* $PostgreSQL: pgsql/src/include/utils/geo_decls.h,v 1.44 2004/05/26 18:35:47 momjian Exp $
*
* NOTE
* These routines do *not* use the float types from adt/.
@ -305,6 +305,7 @@ extern Datum box_mul(PG_FUNCTION_ARGS);
extern Datum box_div(PG_FUNCTION_ARGS);
/* public path routines */
extern Datum path_area(PG_FUNCTION_ARGS);
extern Datum path_in(PG_FUNCTION_ARGS);
extern Datum path_out(PG_FUNCTION_ARGS);
extern Datum path_recv(PG_FUNCTION_ARGS);

5
src/interfaces/libpq/fe-connect.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.270 2004/05/21 20:56:49 tgl Exp $
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.271 2004/05/26 18:35:51 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -946,7 +946,8 @@ connectDBStart(PGconn *conn)
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not translate Unix-domain socket path \"%s\" to address: %s\n"),
portstr, gai_strerror(ret));
freeaddrinfo_all(hint.ai_family, addrs);
if (addrs)
freeaddrinfo_all(hint.ai_family, addrs);
goto connect_errReturn;
}