]> granicus.if.org Git - postgresql/commitdiff
Forbid REVOKE on untrusted languages, and don't dump privileges of
authorPeter Eisentraut <peter_e@gmx.net>
Fri, 19 Dec 2003 14:21:43 +0000 (14:21 +0000)
committerPeter Eisentraut <peter_e@gmx.net>
Fri, 19 Dec 2003 14:21:43 +0000 (14:21 +0000)
untrusted languages (in case they sneak in).

src/backend/catalog/aclchk.c
src/bin/pg_dump/pg_dump.c

index bf43769d7062bccf7f3839072111f3b22f306c00..6b97bd6325ffce011be266b0b10963b68d27d6a3 100644 (file)
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.91 2003/10/31 20:00:49 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.91.2.1 2003/12/19 14:21:43 petere Exp $
  *
  * NOTES
  *       See acl.h.
@@ -592,7 +592,7 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
                        aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE,
                                                   NameStr(pg_language_tuple->lanname));
 
-               if (!pg_language_tuple->lanpltrusted && stmt->is_grant)
+               if (!pg_language_tuple->lanpltrusted)
                        ereport(ERROR,
                                        (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                                         errmsg("language \"%s\" is not trusted", langname)));
index 134e9522a379c3fc73de282bd30af17452c24d3c..686102f85674c7aa691fee815b6847ff0af289b1 100644 (file)
@@ -12,7 +12,7 @@
  *     by PostgreSQL
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.355 2003/10/28 21:05:29 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.355.2.1 2003/12/19 14:21:43 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -3488,6 +3488,7 @@ dumpProcLangs(Archive *fout, FuncInfo finfo[], int numFuncs)
        int                     i_lanacl = -1;
        char       *lanoid;
        char       *lanname;
+       bool        lanpltrusted;
        char       *lanacl;
        const char *lanplcallfoid;
        const char *lanvalidator;
@@ -3528,6 +3529,7 @@ dumpProcLangs(Archive *fout, FuncInfo finfo[], int numFuncs)
                lanoid = PQgetvalue(res, i, i_oid);
                lanplcallfoid = PQgetvalue(res, i, i_lanplcallfoid);
                lanname = PQgetvalue(res, i, i_lanname);
+               lanpltrusted = (PQgetvalue(res, i, i_lanpltrusted)[0] == 't');
                if (fout->remoteVersion >= 70300)
                {
                        lanvalidator = PQgetvalue(res, i, i_lanvalidator);
@@ -3580,7 +3582,7 @@ dumpProcLangs(Archive *fout, FuncInfo finfo[], int numFuncs)
                                                  fmtId(lanname));
 
                appendPQExpBuffer(defqry, "CREATE %sPROCEDURAL LANGUAGE %s",
-                                                 (PQgetvalue(res, i, i_lanpltrusted)[0] == 't') ?
+                                                 lanpltrusted ?
                                                  "TRUSTED " : "",
                                                  fmtId(lanname));
                appendPQExpBuffer(defqry, " HANDLER %s",
@@ -3605,7 +3607,7 @@ dumpProcLangs(Archive *fout, FuncInfo finfo[], int numFuncs)
                                         "PROCEDURAL LANGUAGE", deps,
                                         defqry->data, delqry->data, NULL, NULL, NULL);
 
-               if (!aclsSkip)
+               if (!aclsSkip && lanpltrusted)
                {
                        char       *tmp = strdup(fmtId(lanname));