From f39748a70f8734c8df0099a6839660e7976d0ff6 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter_e@gmx.net>
Date: Fri, 19 Dec 2003 14:21:56 +0000
Subject: [PATCH] Forbid REVOKE on untrusted languages, and don't dump
 privileges of untrusted languages (in case they sneak in).

---
 src/backend/catalog/aclchk.c |  4 ++--
 src/bin/pg_dump/pg_dump.c    | 11 ++++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 398e7a93cc..203cc4e4de 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.95 2003/11/29 19:51:42 pgsql Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.96 2003/12/19 14:21:56 petere Exp $
  *
  * NOTES
  *	  See acl.h.
@@ -594,7 +594,7 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
 			aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE,
 						   NameStr(pg_language_tuple->lanname));
 
-		if (!pg_language_tuple->lanpltrusted && stmt->is_grant)
+		if (!pg_language_tuple->lanpltrusted)
 			ereport(ERROR,
 					(errcode(ERRCODE_WRONG_OBJECT_TYPE),
 					 errmsg("language \"%s\" is not trusted", langname)));
diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
index 7b21f65a23..102cbc0f4a 100644
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -12,7 +12,7 @@
  *	by PostgreSQL
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.360 2003/12/06 03:00:12 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.361 2003/12/19 14:21:56 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -4633,10 +4633,11 @@ dumpProcLang(Archive *fout, ProcLangInfo *plang)
 				NULL, "",
 				plang->dobj.catId, 0, plang->dobj.dumpId);
 
-	dumpACL(fout, plang->dobj.catId, plang->dobj.dumpId, "LANGUAGE",
-			qlanname, plang->lanname,
-			funcInfo->pronamespace->nspname,
-			NULL, plang->lanacl);
+	if (plang->lanpltrusted)
+		dumpACL(fout, plang->dobj.catId, plang->dobj.dumpId, "LANGUAGE",
+				qlanname, plang->lanname,
+				funcInfo->pronamespace->nspname,
+				NULL, plang->lanacl);
 
 	free(qlanname);