diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index c1fc738984..ef4b28e93d 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -30,8 +30,11 @@ #include #include #include +#include #include +static void CheckPgUserAclNotNull(void); + /*--------------------------------------------------------------------- * UpdatePgPwdFile * @@ -93,6 +96,8 @@ void DefineUser(CreateUserStmt *stmt) { inblock; int max_id = -1; + if (stmt->password) + CheckPgUserAclNotNull(); if (!(inblock = IsTransactionBlock())) BeginTransactionBlock(); @@ -204,6 +209,8 @@ extern void AlterUser(AlterUserStmt *stmt) { n, inblock; + if (stmt->password) + CheckPgUserAclNotNull(); if (!(inblock = IsTransactionBlock())) BeginTransactionBlock(); @@ -420,3 +427,30 @@ extern void RemoveUser(char* user) { if (IsTransactionBlock() && !inblock) EndTransactionBlock(); } + +/* + * CheckPgUserAclNotNull + * + * check to see if there is an ACL on pg_user + */ +static void CheckPgUserAclNotNull() +{ +HeapTuple htp; + + htp = SearchSysCacheTuple(RELNAME, PointerGetDatum(UserRelationName), + 0, 0, 0); + if (!HeapTupleIsValid(htp)) + { + elog(ERROR, "IsPgUserAclNull: class \"%s\" not found", + UserRelationName); + } + + if (heap_attisnull(htp, Anum_pg_class_relacl)) + { + elog(NOTICE, "To use passwords, you have to revoke permissions on pg_user"); + elog(NOTICE, "so normal users can not read the passwords."); + elog(ERROR, "Try 'REVOKE ALL ON pg_user FROM PUBLIC'"); + } + + return; +} diff --git a/src/bin/initdb/initdb.sh b/src/bin/initdb/initdb.sh index 48ac278f06..65e6458550 100644 --- a/src/bin/initdb/initdb.sh +++ b/src/bin/initdb/initdb.sh @@ -26,7 +26,7 @@ # # # IDENTIFICATION -# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.31 1997/12/30 02:26:43 scrappy Exp $ +# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.32 1998/02/19 17:19:45 momjian Exp $ # #------------------------------------------------------------------------- @@ -351,10 +351,6 @@ echo "vacuuming template1" echo "vacuum" | postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\ grep -v "^DEBUG:" -echo "Altering pg_user acl" -echo "REVOKE ALL ON pg_user FROM public" | postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\ - grep -v "'DEBUG:" - echo "COPY pg_user TO '$PGDATA/pg_pwd' USING DELIMITERS '\\t'" | postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\ grep -v "'DEBUG:" diff --git a/src/include/catalog/pg_user.h b/src/include/catalog/pg_user.h index f98e1bb72b..e86158cac4 100644 --- a/src/include/catalog/pg_user.h +++ b/src/include/catalog/pg_user.h @@ -7,7 +7,7 @@ * * Copyright (c) 1994, Regents of the University of California * - * $Id: pg_user.h,v 1.8 1997/12/12 16:26:36 momjian Exp $ + * $Id: pg_user.h,v 1.9 1998/02/19 17:19:51 momjian Exp $ * * NOTES * the genbki.sh script reads this file and generates .bki @@ -58,7 +58,7 @@ typedef FormData_pg_user *Form_pg_user; #define Anum_pg_user_usetrace 4 #define Anum_pg_user_usesuper 5 #define Anum_pg_user_usecatupd 6 -#define Anum_pg_user_passwd 7 +#define Anum_pg_user_passwd 7 #define Anum_pg_user_valuntil 8 /* ---------------- diff --git a/src/interfaces/ecpg/include/Makefile b/src/interfaces/ecpg/include/Makefile index de9096be76..5e15e972eb 100644 --- a/src/interfaces/ecpg/include/Makefile +++ b/src/interfaces/ecpg/include/Makefile @@ -6,9 +6,9 @@ all clean:: @echo Nothing to be done. install:: - install ecpglib.h $(DESTDIR)$(HEADERDIR) - install ecpgtype.h $(DESTDIR)$(HEADERDIR) - install sqlca.h $(DESTDIR)$(HEADERDIR) + install $(INSTLOPTS) ecpglib.h $(DESTDIR)$(HEADERDIR) + install $(INSTLOPTS) ecpgtype.h $(DESTDIR)$(HEADERDIR) + install $(INSTLOPTS) sqlca.h $(DESTDIR)$(HEADERDIR) uninstall:: rm -f $(DESTDIR)$(HEADERDIR)/ecpglib.h