]> granicus.if.org Git - postgresql/commitdiff
Require ownership permission for CREATE INDEX, per bug report.
authorTom Lane <tgl@sss.pgh.pa.us>
Thu, 3 Jan 2002 23:21:32 +0000 (23:21 +0000)
committerTom Lane <tgl@sss.pgh.pa.us>
Thu, 3 Jan 2002 23:21:32 +0000 (23:21 +0000)
Disallow CREATE INDEX on system catalogs, non-tables (views, sequences, etc).
Disallow CREATE/DROP TRIGGER on system catalogs, non-tables.
Disallow ALTER TABLE ADD/DROP CONSTRAINT on system catalogs.
Disallow FOREIGN KEY reference to non-table.
None of these things can actually work in the present system structure,
but the code was letting them pass without complaint.

src/backend/commands/command.c
src/backend/commands/indexcmds.c
src/backend/commands/trigger.c
src/backend/parser/analyze.c
src/backend/tcop/utility.c

index cab60421e6aed570744b56258cd6af1a0f85b102..646511eb18da7e2817c21a6f546a622f845cc644 100644 (file)
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.151 2001/12/04 17:19:48 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.152 2002/01/03 23:19:30 tgl Exp $
  *
  * NOTES
  *       The PerformAddAttribute() code, like most of the relation
@@ -716,6 +716,7 @@ AlterTableAlterColumnStatistics(const char *relationName,
        Relation        attrelation;
        HeapTuple       tuple;
 
+       /* we allow this on system tables */
 #ifndef NO_SECURITY
        if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
                elog(ERROR, "ALTER TABLE: permission denied");
@@ -1190,6 +1191,9 @@ AlterTableAddConstraint(char *relationName,
        Oid                     myrelid;
        List       *listptr;
 
+       if (!allowSystemTableMods && IsSystemRelationName(relationName))
+               elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
+                        relationName);
 #ifndef NO_SECURITY
        if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
                elog(ERROR, "ALTER TABLE: permission denied");
@@ -1506,6 +1510,9 @@ AlterTableDropConstraint(const char *relationName,
        Relation        rel;
        int                     deleted;
 
+       if (!allowSystemTableMods && IsSystemRelationName(relationName))
+               elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
+                        relationName);
 #ifndef NO_SECURITY
        if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
                elog(ERROR, "ALTER TABLE: permission denied");
@@ -1886,9 +1893,7 @@ needs_toast_table(Relation rel)
 }
 
 /*
- *
  * LOCK TABLE
- *
  */
 void
 LockTableCommand(LockStmt *lockstmt)
index a22e111ef4a755f76f0155d4db96fae3b797510f..4aa14844358b0666a46ba6f3c7ff900509e39314 100644 (file)
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.61 2001/11/20 02:46:13 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.62 2002/01/03 23:19:36 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -73,6 +73,7 @@ DefineIndex(char *heapRelationName,
        Oid                *classObjectId;
        Oid                     accessMethodId;
        Oid                     relationId;
+       Relation        rel;
        HeapTuple       tuple;
        Form_pg_am      accessMethodForm;
        IndexInfo  *indexInfo;
@@ -90,12 +91,25 @@ DefineIndex(char *heapRelationName,
                         INDEX_MAX_KEYS);
 
        /*
-        * compute heap relation id
+        * Open heap relation, acquire a suitable lock on it, remember its OID
         */
-       if ((relationId = RelnameFindRelid(heapRelationName)) == InvalidOid)
-               elog(ERROR, "DefineIndex: relation \"%s\" not found",
+       rel = heap_openr(heapRelationName, ShareLock);
+
+       /* Note: during bootstrap may see uncataloged relation */
+       if (rel->rd_rel->relkind != RELKIND_RELATION &&
+               rel->rd_rel->relkind != RELKIND_UNCATALOGED)
+               elog(ERROR, "DefineIndex: relation \"%s\" is not a table",
                         heapRelationName);
 
+       relationId = RelationGetRelid(rel);
+
+       heap_close(rel, NoLock);
+
+       if (!IsBootstrapProcessingMode() &&
+               IsSystemRelationName(heapRelationName) &&
+               !IndexesAreActive(relationId, false))
+               elog(ERROR, "Existing indexes are inactive. REINDEX first");
+
        /*
         * look up the access method, verify it can handle the requested
         * features
@@ -131,9 +145,6 @@ DefineIndex(char *heapRelationName,
                CheckPredicate(cnfPred, rangetable, relationId);
        }
 
-       if (!IsBootstrapProcessingMode() && IsSystemRelationName(heapRelationName) && !IndexesAreActive(relationId, false))
-               elog(ERROR, "Existing indexes are inactive. REINDEX first");
-
        /*
         * Prepare arguments for index_create, primarily an IndexInfo
         * structure
index 008774e5a8e079da6909eebf8c1fc205b6a93929..8eedda03aaf2cac84839b5428b2c69d2dbdbf287 100644 (file)
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.99 2001/11/16 16:31:16 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.100 2002/01/03 23:21:23 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -105,6 +105,10 @@ CreateTrigger(CreateTrigStmt *stmt)
 
        rel = heap_openr(stmt->relname, AccessExclusiveLock);
 
+       if (rel->rd_rel->relkind != RELKIND_RELATION)
+               elog(ERROR, "CreateTrigger: relation \"%s\" is not a table",
+                        stmt->relname);
+
        TRIGGER_CLEAR_TYPE(tgtype);
        if (stmt->before)
                TRIGGER_SETT_BEFORE(tgtype);
@@ -315,11 +319,20 @@ DropTrigger(DropTrigStmt *stmt)
        int                     found = 0;
        int                     tgfound = 0;
 
+       if (!allowSystemTableMods && IsSystemRelationName(stmt->relname))
+               elog(ERROR, "DropTrigger: can't drop trigger for system relation %s",
+                        stmt->relname);
+
        if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
-               elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
+               elog(ERROR, "%s: %s", stmt->relname,
+                        aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
 
        rel = heap_openr(stmt->relname, AccessExclusiveLock);
 
+       if (rel->rd_rel->relkind != RELKIND_RELATION)
+               elog(ERROR, "DropTrigger: relation \"%s\" is not a table",
+                        stmt->relname);
+
        /*
         * Search pg_trigger, delete target trigger, count remaining triggers
         * for relation.  Note this is OK only because we have
index 87df6f55e7924d70bf51602cff4cf5d20e1b42f3..413513cfa6cbdc0d4180dd8dc53246d89605eaf6 100644 (file)
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- *     $Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.212 2001/11/12 21:04:45 tgl Exp $
+ *     $Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.213 2002/01/03 23:21:31 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2792,6 +2792,10 @@ transformFkeyCheckAttrs(FkConstraint *fkconstraint, Oid *pktypoid)
         */
        pkrel = heap_openr(fkconstraint->pktable_name, AccessShareLock);
 
+       if (pkrel->rd_rel->relkind != RELKIND_RELATION)
+               elog(ERROR, "Referenced relation \"%s\" is not a table",
+                        fkconstraint->pktable_name);
+
        /*
         * Get the list of index OIDs for the table from the relcache, and
         * look up each one in the pg_index syscache for each unique one, and
@@ -2881,6 +2885,10 @@ transformFkeyGetPrimaryKey(FkConstraint *fkconstraint, Oid *pktypoid)
         */
        pkrel = heap_openr(fkconstraint->pktable_name, AccessShareLock);
 
+       if (pkrel->rd_rel->relkind != RELKIND_RELATION)
+               elog(ERROR, "Referenced relation \"%s\" is not a table",
+                        fkconstraint->pktable_name);
+
        /*
         * Get the list of index OIDs for the table from the relcache, and
         * look up each one in the pg_index syscache until we find one marked
index 4755025a9d06e6c6f6ab25b47a03c25836877acf..f8cf6310a5fbc9a2cf6c4cac5e9b5408783fb06b 100644 (file)
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.123 2001/11/20 02:46:13 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.124 2002/01/03 23:21:32 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -532,6 +532,13 @@ ProcessUtility(Node *parsetree,
 
                                set_ps_display(commandTag = "CREATE");
 
+                               relname = stmt->relname;
+                               if (!allowSystemTableMods && IsSystemRelationName(relname))
+                                       elog(ERROR, "CREATE INDEX: relation \"%s\" is a system catalog",
+                                                relname);
+                               if (!pg_ownercheck(GetUserId(), relname, RELNAME))
+                                       elog(ERROR, "permission denied");
+
                                DefineIndex(stmt->relname,              /* relation name */
                                                        stmt->idxname,          /* index name */
                                                        stmt->accessMethod, /* am name */