Disallow CREATE INDEX on system catalogs, non-tables (views, sequences, etc).
Disallow CREATE/DROP TRIGGER on system catalogs, non-tables.
Disallow ALTER TABLE ADD/DROP CONSTRAINT on system catalogs.
Disallow FOREIGN KEY reference to non-table.
None of these things can actually work in the present system structure,
but the code was letting them pass without complaint.
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.151 2001/12/04 17:19:48 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.152 2002/01/03 23:19:30 tgl Exp $
*
* NOTES
* The PerformAddAttribute() code, like most of the relation
Relation attrelation;
HeapTuple tuple;
+ /* we allow this on system tables */
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "ALTER TABLE: permission denied");
Oid myrelid;
List *listptr;
+ if (!allowSystemTableMods && IsSystemRelationName(relationName))
+ elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
+ relationName);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "ALTER TABLE: permission denied");
Relation rel;
int deleted;
+ if (!allowSystemTableMods && IsSystemRelationName(relationName))
+ elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
+ relationName);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "ALTER TABLE: permission denied");
}
/*
- *
* LOCK TABLE
- *
*/
void
LockTableCommand(LockStmt *lockstmt)
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.61 2001/11/20 02:46:13 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.62 2002/01/03 23:19:36 tgl Exp $
*
*-------------------------------------------------------------------------
*/
Oid *classObjectId;
Oid accessMethodId;
Oid relationId;
+ Relation rel;
HeapTuple tuple;
Form_pg_am accessMethodForm;
IndexInfo *indexInfo;
INDEX_MAX_KEYS);
/*
- * compute heap relation id
+ * Open heap relation, acquire a suitable lock on it, remember its OID
*/
- if ((relationId = RelnameFindRelid(heapRelationName)) == InvalidOid)
- elog(ERROR, "DefineIndex: relation \"%s\" not found",
+ rel = heap_openr(heapRelationName, ShareLock);
+
+ /* Note: during bootstrap may see uncataloged relation */
+ if (rel->rd_rel->relkind != RELKIND_RELATION &&
+ rel->rd_rel->relkind != RELKIND_UNCATALOGED)
+ elog(ERROR, "DefineIndex: relation \"%s\" is not a table",
heapRelationName);
+ relationId = RelationGetRelid(rel);
+
+ heap_close(rel, NoLock);
+
+ if (!IsBootstrapProcessingMode() &&
+ IsSystemRelationName(heapRelationName) &&
+ !IndexesAreActive(relationId, false))
+ elog(ERROR, "Existing indexes are inactive. REINDEX first");
+
/*
* look up the access method, verify it can handle the requested
* features
CheckPredicate(cnfPred, rangetable, relationId);
}
- if (!IsBootstrapProcessingMode() && IsSystemRelationName(heapRelationName) && !IndexesAreActive(relationId, false))
- elog(ERROR, "Existing indexes are inactive. REINDEX first");
-
/*
* Prepare arguments for index_create, primarily an IndexInfo
* structure
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.99 2001/11/16 16:31:16 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.100 2002/01/03 23:21:23 tgl Exp $
*
*-------------------------------------------------------------------------
*/
rel = heap_openr(stmt->relname, AccessExclusiveLock);
+ if (rel->rd_rel->relkind != RELKIND_RELATION)
+ elog(ERROR, "CreateTrigger: relation \"%s\" is not a table",
+ stmt->relname);
+
TRIGGER_CLEAR_TYPE(tgtype);
if (stmt->before)
TRIGGER_SETT_BEFORE(tgtype);
int found = 0;
int tgfound = 0;
+ if (!allowSystemTableMods && IsSystemRelationName(stmt->relname))
+ elog(ERROR, "DropTrigger: can't drop trigger for system relation %s",
+ stmt->relname);
+
if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
- elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
+ elog(ERROR, "%s: %s", stmt->relname,
+ aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
rel = heap_openr(stmt->relname, AccessExclusiveLock);
+ if (rel->rd_rel->relkind != RELKIND_RELATION)
+ elog(ERROR, "DropTrigger: relation \"%s\" is not a table",
+ stmt->relname);
+
/*
* Search pg_trigger, delete target trigger, count remaining triggers
* for relation. Note this is OK only because we have
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.212 2001/11/12 21:04:45 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.213 2002/01/03 23:21:31 tgl Exp $
*
*-------------------------------------------------------------------------
*/
*/
pkrel = heap_openr(fkconstraint->pktable_name, AccessShareLock);
+ if (pkrel->rd_rel->relkind != RELKIND_RELATION)
+ elog(ERROR, "Referenced relation \"%s\" is not a table",
+ fkconstraint->pktable_name);
+
/*
* Get the list of index OIDs for the table from the relcache, and
* look up each one in the pg_index syscache for each unique one, and
*/
pkrel = heap_openr(fkconstraint->pktable_name, AccessShareLock);
+ if (pkrel->rd_rel->relkind != RELKIND_RELATION)
+ elog(ERROR, "Referenced relation \"%s\" is not a table",
+ fkconstraint->pktable_name);
+
/*
* Get the list of index OIDs for the table from the relcache, and
* look up each one in the pg_index syscache until we find one marked
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.123 2001/11/20 02:46:13 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.124 2002/01/03 23:21:32 tgl Exp $
*
*-------------------------------------------------------------------------
*/
set_ps_display(commandTag = "CREATE");
+ relname = stmt->relname;
+ if (!allowSystemTableMods && IsSystemRelationName(relname))
+ elog(ERROR, "CREATE INDEX: relation \"%s\" is a system catalog",
+ relname);
+ if (!pg_ownercheck(GetUserId(), relname, RELNAME))
+ elog(ERROR, "permission denied");
+
DefineIndex(stmt->relname, /* relation name */
stmt->idxname, /* index name */
stmt->accessMethod, /* am name */