From: Tom Lane Date: Wed, 7 Aug 2002 21:45:02 +0000 (+0000) Subject: Fix permission checking for temp-table namespace. X-Git-Tag: REL7_3~992 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c1003339d6899535b455951b875565e5e73f2f7d;p=postgresql Fix permission checking for temp-table namespace. --- diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index c06b42cd2a..f8bf95ddc6 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.73 2002/08/05 03:29:16 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.74 2002/08/07 21:45:01 tgl Exp $ * * NOTES * See acl.h. @@ -1163,6 +1163,13 @@ pg_namespace_aclcheck(Oid nsp_oid, Oid userid, AclMode mode) bool isNull; Acl *acl; + /* + * If we have been assigned this namespace as a temp namespace, + * assume we have all grantable privileges on it. + */ + if (isTempNamespace(nsp_oid)) + return ACLCHECK_OK; + /* Superusers bypass all permission checking. */ if (superuser_arg(userid)) return ACLCHECK_OK; diff --git a/src/backend/commands/indexcmds.c b/src/backend/commands/indexcmds.c index 9edebc1e69..584df00d78 100644 --- a/src/backend/commands/indexcmds.c +++ b/src/backend/commands/indexcmds.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.80 2002/08/02 18:15:06 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.81 2002/08/07 21:45:01 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -119,9 +119,9 @@ DefineIndex(RangeVar *heapRelation, * Verify we (still) have CREATE rights in the rel's namespace. * (Presumably we did when the rel was created, but maybe not anymore.) * Skip check if bootstrapping, since permissions machinery may not - * be working yet; also, always allow if it's a temp table. + * be working yet. */ - if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId)) + if (!IsBootstrapProcessingMode()) { AclResult aclresult; diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c index eedc1a9dad..d40122cdf5 100644 --- a/src/backend/commands/tablecmds.c +++ b/src/backend/commands/tablecmds.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/tablecmds.c,v 1.27 2002/08/05 03:29:17 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/tablecmds.c,v 1.28 2002/08/07 21:45:01 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -115,11 +115,11 @@ DefineRelation(CreateStmt *stmt, char relkind) * Look up the namespace in which we are supposed to create the * relation. Check we have permission to create there. * Skip check if bootstrapping, since permissions machinery may not - * be working yet; also, always allow if it's a temp table. + * be working yet. */ namespaceId = RangeVarGetCreationNamespace(stmt->relation); - if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId)) + if (!IsBootstrapProcessingMode()) { AclResult aclresult; diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c index ecac95c426..7e50ca4f9e 100644 --- a/src/backend/executor/execMain.c +++ b/src/backend/executor/execMain.c @@ -27,7 +27,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.172 2002/08/04 05:04:39 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.173 2002/08/07 21:45:02 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -696,6 +696,7 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate) { char *intoName; Oid namespaceId; + AclResult aclresult; Oid intoRelationId; TupleDesc tupdesc; @@ -705,16 +706,11 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate) intoName = parseTree->into->relname; namespaceId = RangeVarGetCreationNamespace(parseTree->into); - if (!isTempNamespace(namespaceId)) - { - AclResult aclresult; - - aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), - ACL_CREATE); - if (aclresult != ACLCHECK_OK) - aclcheck_error(aclresult, - get_namespace_name(namespaceId)); - } + aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), + ACL_CREATE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, + get_namespace_name(namespaceId)); /* * new "INTO" table is created WITH OIDS diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c index 8c3af9ac9c..2ef3ff8a3f 100644 --- a/src/backend/tcop/utility.c +++ b/src/backend/tcop/utility.c @@ -10,7 +10,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.168 2002/08/04 04:31:44 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.169 2002/08/07 21:45:02 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -399,22 +399,17 @@ ProcessUtility(Node *parsetree, /* * RENAME TABLE requires that we (still) hold CREATE * rights on the containing namespace, as well as - * ownership of the table. But skip check for - * temp tables. + * ownership of the table. */ Oid namespaceId = get_rel_namespace(relid); - - if (!isTempNamespace(namespaceId)) - { - AclResult aclresult; - - aclresult = pg_namespace_aclcheck(namespaceId, - GetUserId(), - ACL_CREATE); - if (aclresult != ACLCHECK_OK) - aclcheck_error(aclresult, - get_namespace_name(namespaceId)); - } + AclResult aclresult; + + aclresult = pg_namespace_aclcheck(namespaceId, + GetUserId(), + ACL_CREATE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, + get_namespace_name(namespaceId)); renamerel(relid, stmt->newname); break;