From 5c4d1398a64b5573b653205e19650914e078f168 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Thu, 12 Jul 2001 17:42:08 +0000
Subject: [PATCH] Back out SET AUTHORIZATION patch until security is resolved.
---
src/pl/plpgsql/src/gram.y | 35 ++-----------------------
src/pl/plpgsql/src/pl_comp.c | 3 +--
src/pl/plpgsql/src/pl_exec.c | 49 ++---------------------------------
src/pl/plpgsql/src/pl_funcs.c | 21 +--------------
src/pl/plpgsql/src/plpgsql.h | 23 +---------------
src/pl/plpgsql/src/scan.l | 6 +----
6 files changed, 8 insertions(+), 129 deletions(-)
diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y
index c059097a3f..62e26f9006 100644
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@@ -4,7 +4,7 @@
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.23 2001/07/12 01:19:40 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.24 2001/07/12 17:42:07 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@@ -122,13 +122,11 @@ static PLpgSQL_expr *make_tupret_expr(PLpgSQL_row *row);
%type <stmts> proc_sect, proc_stmts, stmt_else, loop_body
%type <stmt> proc_stmt, pl_block
%type <stmt> stmt_assign, stmt_if, stmt_loop, stmt_while, stmt_exit
-%type <stmt> stmt_return, stmt_raise, stmt_execsql, stmt_fori, stmt_setauth
+%type <stmt> stmt_return, stmt_raise, stmt_execsql, stmt_fori
%type <stmt> stmt_fors, stmt_select, stmt_perform
%type <stmt> stmt_dynexecute, stmt_dynfors, stmt_getdiag
%type <stmt> stmt_open, stmt_fetch, stmt_close
-%type <ival> auth_level
-
%type <intlist> raise_params
%type <ival> raise_level, raise_param
%type <str> raise_msg
@@ -174,10 +172,6 @@ static PLpgSQL_expr *make_tupret_expr(PLpgSQL_row *row);
%token K_PERFORM
%token K_ROW_COUNT
%token K_RAISE
-%token K_SET
-%token K_AUTHORIZATION
-%token K_INVOKER
-%token K_DEFINER
%token K_RECORD
%token K_RENAME
%token K_RESULT_OID
@@ -732,8 +726,6 @@ proc_stmt : pl_block
{ $$ = $1; }
| stmt_raise
{ $$ = $1; }
- | stmt_setauth
- { $$ = $1; }
| stmt_execsql
{ $$ = $1; }
| stmt_dynexecute
@@ -1251,29 +1243,6 @@ stmt_return : K_RETURN lno
}
;
-stmt_setauth : K_SET K_AUTHORIZATION auth_level lno ';'
- {
- PLpgSQL_stmt_setauth *new;
-
- new=malloc(sizeof(PLpgSQL_stmt_setauth));
-
- new->cmd_type = PLPGSQL_STMT_SETAUTH;
- new->auth_level = $3;
- new->lineno = $4;
-
- $$ = (PLpgSQL_stmt *)new;
- }
-
-auth_level : K_DEFINER
- {
- $$=PLPGSQL_AUTH_DEFINER;
- }
- | K_INVOKER
- {
- $$=PLPGSQL_AUTH_INVOKER;
- }
-;
-
stmt_raise : K_RAISE lno raise_level raise_msg raise_params ';'
{
PLpgSQL_stmt_raise *new;
diff --git a/src/pl/plpgsql/src/pl_comp.c b/src/pl/plpgsql/src/pl_comp.c
index ecdb2fd21a..2ab6632e33 100644
--- a/src/pl/plpgsql/src/pl_comp.c
+++ b/src/pl/plpgsql/src/pl_comp.c
@@ -3,7 +3,7 @@
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.32 2001/07/11 18:54:18 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.33 2001/07/12 17:42:07 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@@ -169,7 +169,6 @@ plpgsql_compile(Oid fn_oid, int functype)
function->fn_functype = functype;
function->fn_oid = fn_oid;
- function->definer_uid = procStruct->proowner;
function->fn_name = strdup(DatumGetCString(DirectFunctionCall1(nameout,
NameGetDatum(&(procStruct->proname)))));
diff --git a/src/pl/plpgsql/src/pl_exec.c b/src/pl/plpgsql/src/pl_exec.c
index d5aeba891c..32e66287eb 100644
--- a/src/pl/plpgsql/src/pl_exec.c
+++ b/src/pl/plpgsql/src/pl_exec.c
@@ -3,7 +3,7 @@
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.45 2001/07/11 18:54:18 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.46 2001/07/12 17:42:07 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@@ -47,7 +47,6 @@
#include "plpgsql.h"
#include "pl.tab.h"
-#include "miscadmin.h"
#include "access/heapam.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_type.h"
@@ -106,8 +105,6 @@ static int exec_stmt_exit(PLpgSQL_execstate * estate,
PLpgSQL_stmt_exit * stmt);
static int exec_stmt_return(PLpgSQL_execstate * estate,
PLpgSQL_stmt_return * stmt);
-static int exec_stmt_setauth(PLpgSQL_execstate * estate,
- PLpgSQL_stmt_setauth * stmt);
static int exec_stmt_raise(PLpgSQL_execstate * estate,
PLpgSQL_stmt_raise * stmt);
static int exec_stmt_execsql(PLpgSQL_execstate * estate,
@@ -229,9 +226,6 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
case PLPGSQL_STMT_RETURN:
stmttype = "return";
break;
- case PLPGSQL_STMT_SETAUTH:
- stmttype = "setauth";
- break;
case PLPGSQL_STMT_RAISE:
stmttype = "raise";
break;
@@ -283,10 +277,7 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
estate.retistuple = func->fn_retistuple;
estate.retisset = func->fn_retset;
estate.exitlabel = NULL;
- estate.invoker_uid = GetUserId();
- estate.definer_uid = func->definer_uid;
- estate.auth_level = PLPGSQL_AUTH_INVOKER;
-
+
estate.found_varno = func->found_varno;
estate.ndatums = func->ndatums;
estate.datums = palloc(sizeof(PLpgSQL_datum *) * estate.ndatums);
@@ -406,9 +397,6 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
elog(ERROR, "control reaches end of function without RETURN");
}
- if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
- SetUserId(estate.invoker_uid);
-
/*
* We got a return value - process it
*/
@@ -589,9 +577,6 @@ plpgsql_exec_trigger(PLpgSQL_function * func,
estate.retistuple = func->fn_retistuple;
estate.retisset = func->fn_retset;
estate.exitlabel = NULL;
- estate.invoker_uid = GetUserId();
- estate.definer_uid = func->definer_uid;
- estate.auth_level = PLPGSQL_AUTH_INVOKER;
estate.found_varno = func->found_varno;
estate.ndatums = func->ndatums;
@@ -775,9 +760,6 @@ plpgsql_exec_trigger(PLpgSQL_function * func,
elog(ERROR, "control reaches end of trigger procedure without RETURN");
}
- if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
- SetUserId(estate.invoker_uid);
-
/*
* Check that the returned tuple structure has the same attributes,
* the relation that fired the trigger has.
@@ -1040,10 +1022,6 @@ exec_stmt(PLpgSQL_execstate * estate, PLpgSQL_stmt * stmt)
rc = exec_stmt_return(estate, (PLpgSQL_stmt_return *) stmt);
break;
- case PLPGSQL_STMT_SETAUTH:
- rc = exec_stmt_setauth(estate, (PLpgSQL_stmt_setauth *) stmt);
- break;
-
case PLPGSQL_STMT_RAISE:
rc = exec_stmt_raise(estate, (PLpgSQL_stmt_raise *) stmt);
break;
@@ -1667,29 +1645,6 @@ exec_stmt_return(PLpgSQL_execstate * estate, PLpgSQL_stmt_return * stmt)
return PLPGSQL_RC_RETURN;
}
-/* ----------
- * exec_stmt_setauth Changes user ID to/from
- * that of the function owner's
- * ----------
- */
-
-static int
-exec_stmt_setauth(PLpgSQL_execstate * estate, PLpgSQL_stmt_setauth * stmt)
-{
- switch(stmt->auth_level)
- {
- case PLPGSQL_AUTH_DEFINER:
- SetUserId(estate->definer_uid);
- break;
- case PLPGSQL_AUTH_INVOKER:
- SetUserId(estate->invoker_uid);
- break;
- }
-
- estate->auth_level=stmt->auth_level;
- return PLPGSQL_RC_OK;
-}
-
/* ----------
* exec_stmt_raise Build a message and throw it with
diff --git a/src/pl/plpgsql/src/pl_funcs.c b/src/pl/plpgsql/src/pl_funcs.c
index 55d6622a04..cce131b0c2 100644
--- a/src/pl/plpgsql/src/pl_funcs.c
+++ b/src/pl/plpgsql/src/pl_funcs.c
@@ -3,7 +3,7 @@
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.14 2001/07/11 18:54:18 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.15 2001/07/12 17:42:08 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@@ -382,7 +382,6 @@ static void dump_fors(PLpgSQL_stmt_fors * stmt);
static void dump_select(PLpgSQL_stmt_select * stmt);
static void dump_exit(PLpgSQL_stmt_exit * stmt);
static void dump_return(PLpgSQL_stmt_return * stmt);
-static void dump_setauth(PLpgSQL_stmt_setauth * stmt);
static void dump_raise(PLpgSQL_stmt_raise * stmt);
static void dump_execsql(PLpgSQL_stmt_execsql * stmt);
static void dump_dynexecute(PLpgSQL_stmt_dynexecute * stmt);
@@ -439,9 +438,6 @@ dump_stmt(PLpgSQL_stmt * stmt)
case PLPGSQL_STMT_RETURN:
dump_return((PLpgSQL_stmt_return *) stmt);
break;
- case PLPGSQL_STMT_SETAUTH:
- dump_setauth((PLpgSQL_stmt_setauth *) stmt);
- break;
case PLPGSQL_STMT_RAISE:
dump_raise((PLpgSQL_stmt_raise *) stmt);
break;
@@ -725,21 +721,6 @@ dump_return(PLpgSQL_stmt_return * stmt)
printf("\n");
}
-static void
-dump_setauth(PLpgSQL_stmt_setauth * stmt)
-{
- dump_ind();
- switch (stmt->auth_level)
- {
- case PLPGSQL_AUTH_DEFINER:
- printf("SET AUTHORIZATION DEFINER\n");
- break;
- case PLPGSQL_AUTH_INVOKER:
- printf("SET AUTHORIZATION INVOKER\n");
- break;
- }
-}
-
static void
dump_raise(PLpgSQL_stmt_raise * stmt)
{
diff --git a/src/pl/plpgsql/src/plpgsql.h b/src/pl/plpgsql/src/plpgsql.h
index c460cbf68a..fd507bc8b1 100644
--- a/src/pl/plpgsql/src/plpgsql.h
+++ b/src/pl/plpgsql/src/plpgsql.h
@@ -3,7 +3,7 @@
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.15 2001/07/11 18:54:19 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.16 2001/07/12 17:42:08 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@@ -95,7 +95,6 @@ enum
PLPGSQL_STMT_DYNEXECUTE,
PLPGSQL_STMT_DYNFORS,
PLPGSQL_STMT_GETDIAG,
- PLPGSQL_STMT_SETAUTH,
PLPGSQL_STMT_OPEN,
PLPGSQL_STMT_FETCH,
PLPGSQL_STMT_CLOSE
@@ -113,16 +112,6 @@ enum
PLPGSQL_RC_RETURN
};
-/* ---------
- * Authorization levels
- * ---------
- */
-enum
-{
- PLPGSQL_AUTH_INVOKER,
- PLPGSQL_AUTH_DEFINER,
-};
-
/* ----------
* GET DIAGNOSTICS system attrs
* ----------
@@ -436,12 +425,6 @@ typedef struct
int retrecno;
} PLpgSQL_stmt_return;
-typedef struct
-{ /* SET AUTHORIZATION statement */
- int cmd_type;
- int lineno;
- int auth_level;
-} PLpgSQL_stmt_setauth;
typedef struct
{ /* RAISE statement */
@@ -497,7 +480,6 @@ typedef struct PLpgSQL_function
int tg_nargs_varno;
int ndatums;
- Oid definer_uid;
PLpgSQL_datum **datums;
PLpgSQL_stmt_block *action;
struct PLpgSQL_function *next;
@@ -520,9 +502,6 @@ typedef struct
int found_varno;
int ndatums;
PLpgSQL_datum **datums;
- Oid invoker_uid;
- Oid definer_uid;
- int auth_level;
} PLpgSQL_execstate;
diff --git a/src/pl/plpgsql/src/scan.l b/src/pl/plpgsql/src/scan.l
index 7a7f6f4b1f..6e17365705 100644
--- a/src/pl/plpgsql/src/scan.l
+++ b/src/pl/plpgsql/src/scan.l
@@ -4,7 +4,7 @@
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.13 2001/07/11 18:54:19 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.14 2001/07/12 17:42:08 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@@ -121,10 +121,6 @@ null { return K_NULL; }
open { return K_OPEN; }
perform { return K_PERFORM; }
raise { return K_RAISE; }
-set { return K_SET; }
-authorization { return K_AUTHORIZATION; }
-invoker { return K_INVOKER; }
-definer { return K_DEFINER; }
record { return K_RECORD; }
rename { return K_RENAME; }
result_oid { return K_RESULT_OID; }
--
2.49.0