From a41e46b26167d819047c8e06b7f0bace6afce198 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 27 Aug 2007 01:24:50 +0000 Subject: [PATCH] Require SELECT privilege on a table to do dblink_get_pkey(). This is not all that exciting when the system catalogs are readable by all, but some people try to lock them down, and would not like this sort of end run ... --- contrib/dblink/dblink.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c index 190c7005d6..295a779772 100644 --- a/contrib/dblink/dblink.c +++ b/contrib/dblink/dblink.c @@ -8,7 +8,7 @@ * Darko Prenosil * Shridhar Daithankar * - * $PostgreSQL: pgsql/contrib/dblink/dblink.c,v 1.64 2007/07/08 17:12:38 joe Exp $ + * $PostgreSQL: pgsql/contrib/dblink/dblink.c,v 1.65 2007/08/27 01:24:50 tgl Exp $ * Copyright (c) 2001-2007, PostgreSQL Global Development Group * ALL RIGHTS RESERVED; * @@ -51,6 +51,7 @@ #include "nodes/pg_list.h" #include "parser/parse_type.h" #include "tcop/tcopprot.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/dynahash.h" @@ -1686,9 +1687,17 @@ get_pkey_attnames(Oid relid, int16 *numatts) char **result = NULL; Relation rel; TupleDesc tupdesc; + AclResult aclresult; - /* open relation using relid, get tupdesc */ + /* open relation using relid, check permissions, get tupdesc */ rel = relation_open(relid, AccessShareLock); + + aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(), + ACL_SELECT); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_CLASS, + RelationGetRelationName(rel)); + tupdesc = rel->rd_att; /* initialize numatts to 0 in case no primary key exists */