Re: [HACKERS] pg_user "sealed"
От | jwieck@debis.com (Jan Wieck) |
---|---|
Тема | Re: [HACKERS] pg_user "sealed" |
Дата | |
Msg-id | m0y75wO-000BFRC@orion.SAPserv.Hamburg.dsh.de обсуждение исходный текст |
Ответ на | Re: [HACKERS] pg_user "sealed" (Bruce Momjian <maillist@candle.pha.pa.us>) |
Список | pgsql-hackers |
So here it is, > > So if the relname is given to acldefault() in > > utils/adt/acl.c, it can do a IsSystemRelationName() on it and > > return ACL_RD instead of ACL_WORLD_DEFAULT. > > Nice solution. There might only be one problem left. The acl items output regproc too sets up a default entry and uses this if the passed in aip is NULL. For types output regproc we cannot pass in the relation name because this call happens trough the fmgr from somewhere else. I don't know if this could ever happen since the system would never produce an empty acl from inside or by the aclparse() input function. Might be a good thing to change aclitemout() for now to throw an elog() if aip is NULL and look if this ever happens. Jan -- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #======================================== jwieck@debis.com (Jan Wieck) # diff -c -r /usr/local/pgsql/sup/pgsql/src/backend/catalog/aclchk.c ./backend/catalog/aclchk.c *** /usr/local/pgsql/sup/pgsql/src/backend/catalog/aclchk.c Thu Feb 12 14:35:47 1998 --- ./backend/catalog/aclchk.c Mon Feb 23 22:27:24 1998 *************** *** 39,45 **** #include "utils/tqual.h" #include "fmgr.h" ! static int32 aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode); /* * Enable use of user relations in place of real system catalogs. --- 39,45 ---- #include "utils/tqual.h" #include "fmgr.h" ! static int32 aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode); /* * Enable use of user relations in place of real system catalogs. *************** *** 150,156 **** elog(DEBUG, "ChangeAcl: using default ACL"); #endif /* old_acl = acldefault(((Form_pg_class) GETSTRUCT(htp))->relowner); */ ! old_acl = acldefault(); free_old_acl = 1; } --- 150,156 ---- elog(DEBUG, "ChangeAcl: using default ACL"); #endif /* old_acl = acldefault(((Form_pg_class) GETSTRUCT(htp))->relowner); */ ! old_acl = acldefault(relname); free_old_acl = 1; } *************** *** 281,287 **** * any one of the requirements of 'mode'. Returns 0 otherwise. */ static int32 ! aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode) { unsigned i; AclItem *aip, --- 281,287 ---- * any one of the requirements of 'mode'. Returns 0 otherwise. */ static int32 ! aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode) { unsigned i; AclItem *aip, *************** *** 292,298 **** /* if no acl is found, use world default */ if (!acl) { ! acl = acldefault(); } num = ACL_NUM(acl); --- 292,298 ---- /* if no acl is found, use world default */ if (!acl) { ! acl = acldefault(relname); } num = ACL_NUM(acl); *************** *** 475,481 **** Anum_pg_class_relowner, RelationGetTupleDescriptor(relation), (bool *) NULL); ! acl = aclownerdefault(ownerId); } #else { /* This is why the syscache is great... */ --- 475,481 ---- Anum_pg_class_relowner, RelationGetTupleDescriptor(relation), (bool *) NULL); ! acl = aclownerdefault(relname, ownerId); } #else { /* This is why the syscache is great... */ *************** *** 511,517 **** heap_close(relation); } #endif ! result = aclcheck(acl, id, (AclIdType) ACL_IDTYPE_UID, mode); if (acl) pfree(acl); return (result); --- 511,517 ---- heap_close(relation); } #endif ! result = aclcheck(relname, acl, id, (AclIdType) ACL_IDTYPE_UID, mode); if (acl) pfree(acl); return (result); diff -c -r /usr/local/pgsql/sup/pgsql/src/backend/utils/adt/acl.c ./backend/utils/adt/acl.c *** /usr/local/pgsql/sup/pgsql/src/backend/utils/adt/acl.c Thu Feb 12 14:36:19 1998 --- ./backend/utils/adt/acl.c Mon Feb 23 22:32:56 1998 *************** *** 18,23 **** --- 18,24 ---- #include <utils/memutils.h> #include "utils/acl.h" #include "utils/syscache.h" + #include "catalog/catalog.h" #include "catalog/pg_user.h" #include "miscadmin.h" *************** *** 342,348 **** } Acl * ! aclownerdefault(AclId ownerid) { Acl *acl; AclItem *aip; --- 343,349 ---- } Acl * ! aclownerdefault(char *relname, AclId ownerid) { Acl *acl; AclItem *aip; *************** *** 351,357 **** aip = ACL_DAT(acl); aip[0].ai_idtype = ACL_IDTYPE_WORLD; aip[0].ai_id = ACL_ID_WORLD; ! aip[0].ai_mode = ACL_WORLD_DEFAULT; aip[1].ai_idtype = ACL_IDTYPE_UID; aip[1].ai_id = ownerid; aip[1].ai_mode = ACL_OWNER_DEFAULT; --- 352,358 ---- aip = ACL_DAT(acl); aip[0].ai_idtype = ACL_IDTYPE_WORLD; aip[0].ai_id = ACL_ID_WORLD; ! aip[0].ai_mode = IsSystemRelationName(relname) ? ACL_RD : ACL_WORLD_DEFAULT; aip[1].ai_idtype = ACL_IDTYPE_UID; aip[1].ai_id = ownerid; aip[1].ai_mode = ACL_OWNER_DEFAULT; *************** *** 359,365 **** } Acl * ! acldefault(void) { Acl *acl; AclItem *aip; --- 360,366 ---- } Acl * ! acldefault(char *relname) { Acl *acl; AclItem *aip; *************** *** 368,374 **** aip = ACL_DAT(acl); aip[0].ai_idtype = ACL_IDTYPE_WORLD; aip[0].ai_id = ACL_ID_WORLD; ! aip[0].ai_mode = ACL_WORLD_DEFAULT; return (acl); } --- 369,375 ---- aip = ACL_DAT(acl); aip[0].ai_idtype = ACL_IDTYPE_WORLD; aip[0].ai_id = ACL_ID_WORLD; ! aip[0].ai_mode = IsSystemRelationName(relname) ? ACL_RD : ACL_WORLD_DEFAULT; return (acl); } diff -c -r /usr/local/pgsql/sup/pgsql/src/include/utils/acl.h ./include/utils/acl.h *** /usr/local/pgsql/sup/pgsql/src/include/utils/acl.h Mon Feb 23 20:42:08 1998 --- ./include/utils/acl.h Mon Feb 23 22:25:47 1998 *************** *** 135,142 **** /* * routines used internally (parser, etc.) */ ! extern Acl *aclownerdefault(AclId ownerid); ! extern Acl *acldefault(void); extern Acl *aclinsert3(Acl *old_acl, AclItem *mod_aip, unsigned modechg); extern char *aclmakepriv(char *old_privlist, char new_priv); --- 135,142 ---- /* * routines used internally (parser, etc.) */ ! extern Acl *aclownerdefault(char *relname, AclId ownerid); ! extern Acl *acldefault(char *relname); extern Acl *aclinsert3(Acl *old_acl, AclItem *mod_aip, unsigned modechg); extern char *aclmakepriv(char *old_privlist, char new_priv);
В списке pgsql-hackers по дате отправления:
Следующее
От: jwieck@debis.com (Jan Wieck)Дата:
Сообщение: Re: [HACKERS] Here it is - view permissions