Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 15162ae

Browse files
tglsfdctglsfdc
committed
Make dumpACL behave more reasonably for case where owner has revoked
some of his own privileges.
1 parent 340b66c commit 15162ae

File tree

1 file changed

+61
-63
lines changed

1 file changed

+61
-63
lines changed

src/bin/pg_dump/pg_dump.c

Lines changed: 61 additions & 63 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
*
2323
*
2424
* IDENTIFICATION
25-
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.257 2002/04/29 17:30:18 tgl Exp $
25+
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.258 2002/05/06 18:33:45 tgl Exp $
2626
*
2727
*-------------------------------------------------------------------------
2828
*/
@@ -79,7 +79,7 @@ static void dumpComment(Archive *fout, const char *target, const char *oid,
7979
const char *((*deps)[]));
8080
static void dumpOneDomain(Archive *fout, TypeInfo *tinfo);
8181
static void dumpSequence(Archive *fout, TableInfo tbinfo, const bool schemaOnly, const bool dataOnly);
82-
static void dumpACL(Archive *fout, TableInfo tbinfo);
82+
static void dumpACL(Archive *fout, TableInfo *tbinfo);
8383
static void dumpTriggers(Archive *fout, const char *tablename,
8484
TableInfo *tblinfo, int numTables);
8585
static void dumpRules(Archive *fout, const char *tablename,
@@ -4129,58 +4129,27 @@ GetPrivileges(Archive *AH, const char *s)
41294129
return strdup(aclbuf);
41304130
}
41314131

4132-
/*
4133-
* The name says it all; a function to append a string if the dest
4134-
* is big enough. If not, it does a realloc.
4135-
*/
4136-
static void
4137-
strcatalloc(char **dest, int *dSize, char *src)
4138-
{
4139-
int dLen = strlen(*dest);
4140-
int sLen = strlen(src);
4141-
4142-
if ((dLen + sLen) >= *dSize)
4143-
{
4144-
*dSize = (dLen + sLen) * 2;
4145-
*dest = realloc(*dest, *dSize);
4146-
}
4147-
strcpy(*dest + dLen, src);
4148-
}
4149-
41504132

41514133
/*
41524134
* dumpACL:
4153-
* Write out grant/revoke information
4154-
* Called for sequences and tables
4135+
* Write out grant/revoke information for a table, view or sequence
41554136
*/
4156-
41574137
static void
4158-
dumpACL(Archive *fout, TableInfo tbinfo)
4138+
dumpACL(Archive *fout, TableInfo *tbinfo)
41594139
{
4160-
const char *acls = tbinfo.relacl;
4140+
const char *acls = tbinfo->relacl;
41614141
char *aclbuf,
41624142
*tok,
41634143
*eqpos,
41644144
*priv;
41654145
char *objoid;
4166-
char *sql;
4167-
char tmp[1024];
4168-
int sSize = 4096;
4146+
PQExpBuffer sql;
4147+
bool found_owner_privs = false;
41694148

41704149
if (strlen(acls) == 0)
41714150
return; /* table has default permissions */
41724151

4173-
/*
4174-
* Allocate a larginsh buffer for the output SQL.
4175-
*/
4176-
sql = (char *) malloc(sSize);
4177-
4178-
/*
4179-
* Revoke Default permissions for PUBLIC. Is this actually necessary,
4180-
* or is it just a waste of time?
4181-
*/
4182-
sprintf(sql, "REVOKE ALL on %s from PUBLIC;\n",
4183-
fmtId(tbinfo.relname, force_quotes));
4152+
sql = createPQExpBuffer();
41844153

41854154
/* Make a working copy of acls so we can use strtok */
41864155
aclbuf = strdup(acls);
@@ -4202,9 +4171,10 @@ dumpACL(Archive *fout, TableInfo tbinfo)
42024171
if (!eqpos)
42034172
{
42044173
write_msg(NULL, "could not parse ACL list ('%s') for relation %s\n",
4205-
acls, tbinfo.relname);
4174+
acls, tbinfo->relname);
42064175
exit_nicely();
42074176
}
4177+
*eqpos = '\0'; /* it's ok to clobber aclbuf */
42084178

42094179
/*
42104180
* Parse the privileges (right-hand side). Skip if there are
@@ -4213,41 +4183,69 @@ dumpACL(Archive *fout, TableInfo tbinfo)
42134183
priv = GetPrivileges(fout, eqpos + 1);
42144184
if (*priv)
42154185
{
4216-
sprintf(tmp, "GRANT %s on %s to ",
4217-
priv, fmtId(tbinfo.relname, force_quotes));
4218-
strcatalloc(&sql, &sSize, tmp);
4219-
4220-
/*
4221-
* Note: fmtId() can only be called once per printf, so don't
4222-
* try to merge printing of username into the above printf.
4223-
*/
4224-
if (eqpos == tok)
4186+
if (strcmp(tok, tbinfo->usename) == 0)
42254187
{
4226-
/* Empty left-hand side means "PUBLIC" */
4227-
strcatalloc(&sql, &sSize, "PUBLIC;\n");
4188+
/*
4189+
* For the owner, the default privilege level is ALL.
4190+
*/
4191+
found_owner_privs = true;
4192+
if (strcmp(priv, "ALL") != 0)
4193+
{
4194+
/* NB: only one fmtId per appendPQExpBuffer! */
4195+
appendPQExpBuffer(sql, "REVOKE ALL ON %s FROM ",
4196+
fmtId(tbinfo->relname, force_quotes));
4197+
appendPQExpBuffer(sql, "%s;\n", fmtId(tok, force_quotes));
4198+
appendPQExpBuffer(sql, "GRANT %s ON %s TO ",
4199+
priv,
4200+
fmtId(tbinfo->relname, force_quotes));
4201+
appendPQExpBuffer(sql, "%s;\n", fmtId(tok, force_quotes));
4202+
}
42284203
}
42294204
else
42304205
{
4231-
*eqpos = '\0'; /* it's ok to clobber aclbuf */
4232-
if (strncmp(tok, "group ", strlen("group ")) == 0)
4233-
sprintf(tmp, "GROUP %s;\n",
4234-
fmtId(tok + strlen("group "), force_quotes));
4206+
/*
4207+
* Otherwise can assume we are starting from no privs.
4208+
*/
4209+
appendPQExpBuffer(sql, "GRANT %s ON %s TO ",
4210+
priv,
4211+
fmtId(tbinfo->relname, force_quotes));
4212+
if (eqpos == tok)
4213+
{
4214+
/* Empty left-hand side means "PUBLIC" */
4215+
appendPQExpBuffer(sql, "PUBLIC;\n");
4216+
}
4217+
else if (strncmp(tok, "group ", strlen("group ")) == 0)
4218+
appendPQExpBuffer(sql, "GROUP %s;\n",
4219+
fmtId(tok + strlen("group "),
4220+
force_quotes));
42354221
else
4236-
sprintf(tmp, "%s;\n", fmtId(tok, force_quotes));
4237-
strcatalloc(&sql, &sSize, tmp);
4222+
appendPQExpBuffer(sql, "%s;\n", fmtId(tok, force_quotes));
42384223
}
42394224
}
42404225
free(priv);
42414226
}
42424227

4228+
/*
4229+
* If we didn't find any owner privs, the owner must have revoked 'em all
4230+
*/
4231+
if (!found_owner_privs && *tbinfo->usename)
4232+
{
4233+
appendPQExpBuffer(sql, "REVOKE ALL ON %s FROM ",
4234+
fmtId(tbinfo->relname, force_quotes));
4235+
appendPQExpBuffer(sql, "%s;\n", fmtId(tbinfo->usename, force_quotes));
4236+
}
4237+
42434238
free(aclbuf);
42444239

4245-
if (tbinfo.viewdef != NULL)
4246-
objoid = tbinfo.viewoid;
4240+
if (tbinfo->viewdef != NULL)
4241+
objoid = tbinfo->viewoid;
42474242
else
4248-
objoid = tbinfo.oid;
4243+
objoid = tbinfo->oid;
4244+
4245+
ArchiveEntry(fout, objoid, tbinfo->relname, "ACL",
4246+
NULL, sql->data, "", "", "", NULL, NULL);
42494247

4250-
ArchiveEntry(fout, objoid, tbinfo.relname, "ACL", NULL, sql, "", "", "", NULL, NULL);
4248+
destroyPQExpBuffer(sql);
42514249
}
42524250

42534251
static void
@@ -4350,7 +4348,7 @@ dumpTables(Archive *fout, TableInfo *tblinfo, int numTables,
43504348
/* becomeUser(fout, tblinfo[i].usename); */
43514349
dumpSequence(fout, tblinfo[i], schemaOnly, dataOnly);
43524350
if (!aclsSkip)
4353-
dumpACL(fout, tblinfo[i]);
4351+
dumpACL(fout, &tblinfo[i]);
43544352
}
43554353
}
43564354
if (serialSeq)
@@ -4486,7 +4484,7 @@ dumpTables(Archive *fout, TableInfo *tblinfo, int numTables,
44864484
NULL, NULL);
44874485

44884486
if (!aclsSkip)
4489-
dumpACL(fout, tblinfo[i]);
4487+
dumpACL(fout, &tblinfo[i]);
44904488

44914489
}
44924490

0 commit comments

Comments
 (0)