rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix permission checking for temp-table namespace.

This commit is contained in:
Tom Lane 2002-08-07 21:45:02 +00:00
parent dfef56a92f
commit c1003339d6
5 changed files with 30 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/backend/catalog/aclchk.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.73 2002/08/05 03:29:16 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.74 2002/08/07 21:45:01 tgl Exp $
* *
* NOTES * NOTES
* See acl.h. * See acl.h.
@ -1163,6 +1163,13 @@ pg_namespace_aclcheck(Oid nsp_oid, Oid userid, AclMode mode)
bool isNull; bool isNull;
Acl *acl; Acl *acl;
/*
* If we have been assigned this namespace as a temp namespace,
* assume we have all grantable privileges on it.
*/
if (isTempNamespace(nsp_oid))
return ACLCHECK_OK;
/* Superusers bypass all permission checking. */ /* Superusers bypass all permission checking. */
if (superuser_arg(userid)) if (superuser_arg(userid))
return ACLCHECK_OK; return ACLCHECK_OK;

6
src/backend/commands/indexcmds.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.80 2002/08/02 18:15:06 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.81 2002/08/07 21:45:01 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -119,9 +119,9 @@ DefineIndex(RangeVar *heapRelation,
* Verify we (still) have CREATE rights in the rel's namespace. * Verify we (still) have CREATE rights in the rel's namespace.
* (Presumably we did when the rel was created, but maybe not anymore.) * (Presumably we did when the rel was created, but maybe not anymore.)
* Skip check if bootstrapping, since permissions machinery may not * Skip check if bootstrapping, since permissions machinery may not
* be working yet; also, always allow if it's a temp table. * be working yet.
*/ */
if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId)) if (!IsBootstrapProcessingMode())
{ {
AclResult aclresult; AclResult aclresult;

6
src/backend/commands/tablecmds.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/tablecmds.c,v 1.27 2002/08/05 03:29:17 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/commands/tablecmds.c,v 1.28 2002/08/07 21:45:01 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -115,11 +115,11 @@ DefineRelation(CreateStmt *stmt, char relkind)
* Look up the namespace in which we are supposed to create the * Look up the namespace in which we are supposed to create the
* relation. Check we have permission to create there. * relation. Check we have permission to create there.
* Skip check if bootstrapping, since permissions machinery may not * Skip check if bootstrapping, since permissions machinery may not
* be working yet; also, always allow if it's a temp table. * be working yet.
*/ */
namespaceId = RangeVarGetCreationNamespace(stmt->relation); namespaceId = RangeVarGetCreationNamespace(stmt->relation);
if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId)) if (!IsBootstrapProcessingMode())
{ {
AclResult aclresult; AclResult aclresult;

18
src/backend/executor/execMain.c
View File

@ -27,7 +27,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.172 2002/08/04 05:04:39 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.173 2002/08/07 21:45:02 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -696,6 +696,7 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate)
{ {
char *intoName; char *intoName;
Oid namespaceId; Oid namespaceId;
AclResult aclresult;
Oid intoRelationId; Oid intoRelationId;
TupleDesc tupdesc; TupleDesc tupdesc;
@ -705,16 +706,11 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate)
intoName = parseTree->into->relname; intoName = parseTree->into->relname;
namespaceId = RangeVarGetCreationNamespace(parseTree->into); namespaceId = RangeVarGetCreationNamespace(parseTree->into);
if (!isTempNamespace(namespaceId)) aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
{ ACL_CREATE);
AclResult aclresult; if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult,
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), get_namespace_name(namespaceId));
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult,
get_namespace_name(namespaceId));
}
/* /*
* new "INTO" table is created WITH OIDS * new "INTO" table is created WITH OIDS

23
src/backend/tcop/utility.c
View File

@ -10,7 +10,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.168 2002/08/04 04:31:44 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.169 2002/08/07 21:45:02 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -399,22 +399,17 @@ ProcessUtility(Node *parsetree,
/* /*
* RENAME TABLE requires that we (still) hold CREATE * RENAME TABLE requires that we (still) hold CREATE
* rights on the containing namespace, as well as * rights on the containing namespace, as well as
* ownership of the table. But skip check for * ownership of the table.
* temp tables.
*/ */
Oid namespaceId = get_rel_namespace(relid); Oid namespaceId = get_rel_namespace(relid);
AclResult aclresult;
if (!isTempNamespace(namespaceId)) aclresult = pg_namespace_aclcheck(namespaceId,
{ GetUserId(),
AclResult aclresult; ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclresult = pg_namespace_aclcheck(namespaceId, aclcheck_error(aclresult,
GetUserId(), get_namespace_name(namespaceId));
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult,
get_namespace_name(namespaceId));
}
renamerel(relid, stmt->newname); renamerel(relid, stmt->newname);
break; break;