Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 56c9b73

Browse files
tglsfdctglsfdc
committed
Change the aclchk.c routines to uniformly use OIDs to identify the
objects to be privilege-checked. Some change in their APIs would be necessary no matter what in the schema environment, and simply getting rid of the name-based interface entirely seems like the best way.
1 parent 6137ed1 commit 56c9b73

File tree

22 files changed

+551
-687
lines changed

22 files changed

+551
-687
lines changed

src/backend/catalog/aclchk.c

Lines changed: 178 additions & 286 deletions
Large diffs are not rendered by default.

src/backend/commands/analyze.c

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.28 2002/03/06 06:09:28 momjian Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.29 2002/03/21 23:27:20 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -200,8 +200,7 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt)
200200
*/
201201
onerel = heap_open(relid, AccessShareLock);
202202

203-
if (!(pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
204-
RELNAME) ||
203+
if (!(pg_class_ownercheck(RelationGetRelid(onerel), GetUserId()) ||
205204
(is_dbadmin(MyDatabaseId) && !onerel->rd_rel->relisshared)))
206205
{
207206
/* No need for a WARNING if we already complained during VACUUM */

src/backend/commands/command.c

Lines changed: 75 additions & 80 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.162 2002/03/21 16:00:31 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.163 2002/03/21 23:27:20 tgl Exp $
1212
*
1313
* NOTES
1414
* The PerformAddAttribute() code, like most of the relation
@@ -327,6 +327,17 @@ AlterTableAddColumn(const char *relationName,
327327
char *typename;
328328
int attndims;
329329

330+
/*
331+
* Grab an exclusive lock on the target table, which we will NOT
332+
* release until end of transaction.
333+
*/
334+
rel = heap_openr(relationName, AccessExclusiveLock);
335+
myrelid = RelationGetRelid(rel);
336+
337+
if (rel->rd_rel->relkind != RELKIND_RELATION)
338+
elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
339+
relationName);
340+
330341
/*
331342
* permissions checking. this would normally be done in utility.c,
332343
* but this particular routine is recursive.
@@ -336,20 +347,9 @@ AlterTableAddColumn(const char *relationName,
336347
if (!allowSystemTableMods && IsSystemRelationName(relationName))
337348
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
338349
relationName);
339-
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
350+
if (!pg_class_ownercheck(myrelid, GetUserId()))
340351
elog(ERROR, "ALTER TABLE: permission denied");
341352

342-
/*
343-
* Grab an exclusive lock on the target table, which we will NOT
344-
* release until end of transaction.
345-
*/
346-
rel = heap_openr(relationName, AccessExclusiveLock);
347-
348-
if (rel->rd_rel->relkind != RELKIND_RELATION)
349-
elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
350-
relationName);
351-
352-
myrelid = RelationGetRelid(rel);
353353
heap_close(rel, NoLock); /* close rel but keep lock! */
354354

355355
/*
@@ -556,21 +556,19 @@ AlterTableAlterColumnDefault(const char *relationName,
556556
int16 attnum;
557557
Oid myrelid;
558558

559-
if (!allowSystemTableMods && IsSystemRelationName(relationName))
560-
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
561-
relationName);
562-
#ifndef NO_SECURITY
563-
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
564-
elog(ERROR, "ALTER TABLE: permission denied");
565-
#endif
566-
567559
rel = heap_openr(relationName, AccessExclusiveLock);
560+
myrelid = RelationGetRelid(rel);
568561

569562
if (rel->rd_rel->relkind != RELKIND_RELATION)
570563
elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
571564
relationName);
572565

573-
myrelid = RelationGetRelid(rel);
566+
if (!allowSystemTableMods && IsSystemRelationName(relationName))
567+
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
568+
relationName);
569+
if (!pg_class_ownercheck(myrelid, GetUserId()))
570+
elog(ERROR, "ALTER TABLE: permission denied");
571+
574572
heap_close(rel, NoLock);
575573

576574
/*
@@ -730,24 +728,21 @@ AlterTableAlterColumnFlags(const char *relationName,
730728
Relation attrelation;
731729
HeapTuple tuple;
732730

733-
/* we allow statistics case for system tables */
734-
735-
if (*flagType =='M' && !allowSystemTableMods && IsSystemRelationName(relationName))
736-
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
737-
relationName);
738-
739-
#ifndef NO_SECURITY
740-
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
741-
elog(ERROR, "ALTER TABLE: permission denied");
742-
#endif
743-
744731
rel = heap_openr(relationName, AccessExclusiveLock);
732+
myrelid = RelationGetRelid(rel);
745733

746734
if (rel->rd_rel->relkind != RELKIND_RELATION)
747735
elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
748736
relationName);
749737

750-
myrelid = RelationGetRelid(rel);
738+
/* we allow statistics case for system tables */
739+
if (*flagType == 'M' &&
740+
!allowSystemTableMods && IsSystemRelationName(relationName))
741+
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
742+
relationName);
743+
if (!pg_class_ownercheck(myrelid, GetUserId()))
744+
elog(ERROR, "ALTER TABLE: permission denied");
745+
751746
heap_close(rel, NoLock); /* close rel, but keep lock! */
752747

753748

@@ -1034,6 +1029,17 @@ AlterTableDropColumn(const char *relationName,
10341029
if (inh)
10351030
elog(ERROR, "ALTER TABLE / DROP COLUMN with inherit option is not supported yet");
10361031

1032+
/*
1033+
* Grab an exclusive lock on the target table, which we will NOT
1034+
* release until end of transaction.
1035+
*/
1036+
rel = heap_openr(relationName, AccessExclusiveLock);
1037+
myrelid = RelationGetRelid(rel);
1038+
1039+
if (rel->rd_rel->relkind != RELKIND_RELATION)
1040+
elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
1041+
relationName);
1042+
10371043
/*
10381044
* permissions checking. this would normally be done in utility.c,
10391045
* but this particular routine is recursive.
@@ -1043,22 +1049,9 @@ AlterTableDropColumn(const char *relationName,
10431049
if (!allowSystemTableMods && IsSystemRelationName(relationName))
10441050
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
10451051
relationName);
1046-
#ifndef NO_SECURITY
1047-
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
1052+
if (!pg_class_ownercheck(myrelid, GetUserId()))
10481053
elog(ERROR, "ALTER TABLE: permission denied");
1049-
#endif
1050-
1051-
/*
1052-
* Grab an exclusive lock on the target table, which we will NOT
1053-
* release until end of transaction.
1054-
*/
1055-
rel = heap_openr(relationName, AccessExclusiveLock);
1056-
1057-
if (rel->rd_rel->relkind != RELKIND_RELATION)
1058-
elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
1059-
relationName);
10601054

1061-
myrelid = RelationGetRelid(rel);
10621055
heap_close(rel, NoLock); /* close rel but keep lock! */
10631056

10641057
/*
@@ -1180,25 +1173,22 @@ AlterTableAddConstraint(char *relationName,
11801173
Oid myrelid;
11811174
List *listptr;
11821175

1183-
if (!allowSystemTableMods && IsSystemRelationName(relationName))
1184-
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
1185-
relationName);
1186-
#ifndef NO_SECURITY
1187-
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
1188-
elog(ERROR, "ALTER TABLE: permission denied");
1189-
#endif
1190-
11911176
/*
11921177
* Grab an exclusive lock on the target table, which we will NOT
11931178
* release until end of transaction.
11941179
*/
11951180
rel = heap_openr(relationName, AccessExclusiveLock);
1181+
myrelid = RelationGetRelid(rel);
11961182

11971183
if (rel->rd_rel->relkind != RELKIND_RELATION)
11981184
elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
11991185
relationName);
12001186

1201-
myrelid = RelationGetRelid(rel);
1187+
if (!allowSystemTableMods && IsSystemRelationName(relationName))
1188+
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
1189+
relationName);
1190+
if (!pg_class_ownercheck(myrelid, GetUserId()))
1191+
elog(ERROR, "ALTER TABLE: permission denied");
12021192

12031193
if (inh)
12041194
{
@@ -1496,16 +1486,9 @@ AlterTableDropConstraint(const char *relationName,
14961486
int behavior)
14971487
{
14981488
Relation rel;
1489+
Oid myrelid;
14991490
int deleted;
15001491

1501-
if (!allowSystemTableMods && IsSystemRelationName(relationName))
1502-
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
1503-
relationName);
1504-
#ifndef NO_SECURITY
1505-
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
1506-
elog(ERROR, "ALTER TABLE: permission denied");
1507-
#endif
1508-
15091492
/*
15101493
* We don't support CASCADE yet - in fact, RESTRICT doesn't work to
15111494
* the spec either!
@@ -1517,14 +1500,20 @@ AlterTableDropConstraint(const char *relationName,
15171500
* Acquire an exclusive lock on the target relation for the duration
15181501
* of the operation.
15191502
*/
1520-
15211503
rel = heap_openr(relationName, AccessExclusiveLock);
1504+
myrelid = RelationGetRelid(rel);
15221505

15231506
/* Disallow DROP CONSTRAINT on views, indexes, sequences, etc */
15241507
if (rel->rd_rel->relkind != RELKIND_RELATION)
15251508
elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
15261509
relationName);
15271510

1511+
if (!allowSystemTableMods && IsSystemRelationName(relationName))
1512+
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
1513+
relationName);
1514+
if (!pg_class_ownercheck(myrelid, GetUserId()))
1515+
elog(ERROR, "ALTER TABLE: permission denied");
1516+
15281517
/*
15291518
* Since all we have is the name of the constraint, we have to look
15301519
* through all catalogs that could possibly contain a constraint for
@@ -1692,25 +1681,19 @@ AlterTableCreateToastTable(const char *relationName, bool silent)
16921681
IndexInfo *indexInfo;
16931682
Oid classObjectId[2];
16941683

1695-
/*
1696-
* permissions checking. XXX exactly what is appropriate here?
1697-
*/
1698-
#ifndef NO_SECURITY
1699-
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
1700-
elog(ERROR, "ALTER TABLE: permission denied");
1701-
#endif
1702-
17031684
/*
17041685
* Grab an exclusive lock on the target table, which we will NOT
17051686
* release until end of transaction.
17061687
*/
17071688
rel = heap_openr(relationName, AccessExclusiveLock);
1689+
myrelid = RelationGetRelid(rel);
17081690

17091691
if (rel->rd_rel->relkind != RELKIND_RELATION)
17101692
elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
17111693
relationName);
17121694

1713-
myrelid = RelationGetRelid(rel);
1695+
if (!pg_class_ownercheck(myrelid, GetUserId()))
1696+
elog(ERROR, "ALTER TABLE: permission denied");
17141697

17151698
/*
17161699
* lock the pg_class tuple for update (is that really needed?)
@@ -1940,20 +1923,32 @@ LockTableCommand(LockStmt *lockstmt)
19401923
{
19411924
RangeVar *relation = lfirst(p);
19421925
char *relname = relation->relname;
1926+
Oid reloid;
19431927
int aclresult;
19441928
Relation rel;
19451929

1930+
/*
1931+
* We don't want to open the relation until we've checked privilege.
1932+
* So, manually get the relation OID.
1933+
*/
1934+
reloid = GetSysCacheOid(RELNAME,
1935+
PointerGetDatum(relname),
1936+
0, 0, 0);
1937+
if (!OidIsValid(reloid))
1938+
elog(ERROR, "LOCK TABLE: relation \"%s\" does not exist",
1939+
relname);
1940+
19461941
if (lockstmt->mode == AccessShareLock)
1947-
aclresult = pg_aclcheck(relname, GetUserId(),
1948-
ACL_SELECT);
1942+
aclresult = pg_class_aclcheck(reloid, GetUserId(),
1943+
ACL_SELECT);
19491944
else
1950-
aclresult = pg_aclcheck(relname, GetUserId(),
1951-
ACL_UPDATE | ACL_DELETE);
1945+
aclresult = pg_class_aclcheck(reloid, GetUserId(),
1946+
ACL_UPDATE | ACL_DELETE);
19521947

19531948
if (aclresult != ACLCHECK_OK)
19541949
elog(ERROR, "LOCK TABLE: permission denied");
19551950

1956-
rel = relation_openr(relname, lockstmt->mode);
1951+
rel = relation_open(reloid, lockstmt->mode);
19571952

19581953
/* Currently, we only allow plain tables to be locked */
19591954
if (rel->rd_rel->relkind != RELKIND_RELATION)

0 commit comments

Comments
 (0)