mirror of
https://github.com/postgres/postgres.git
synced 2025-10-24 01:29:19 +03:00
Check that aggregate creator has the right to execute the transition
functions of the aggregate, at both aggregate creation and execution times.
This commit is contained in:
@@ -8,7 +8,7 @@
|
|||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/backend/catalog/pg_aggregate.c,v 1.64 2003/09/25 06:57:58 petere Exp $
|
* $Header: /cvsroot/pgsql/src/backend/catalog/pg_aggregate.c,v 1.64.2.1 2005/01/27 23:43:11 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
@@ -22,10 +22,13 @@
|
|||||||
#include "catalog/pg_aggregate.h"
|
#include "catalog/pg_aggregate.h"
|
||||||
#include "catalog/pg_language.h"
|
#include "catalog/pg_language.h"
|
||||||
#include "catalog/pg_proc.h"
|
#include "catalog/pg_proc.h"
|
||||||
|
#include "miscadmin.h"
|
||||||
#include "optimizer/cost.h"
|
#include "optimizer/cost.h"
|
||||||
#include "parser/parse_coerce.h"
|
#include "parser/parse_coerce.h"
|
||||||
#include "parser/parse_func.h"
|
#include "parser/parse_func.h"
|
||||||
|
#include "utils/acl.h"
|
||||||
#include "utils/builtins.h"
|
#include "utils/builtins.h"
|
||||||
|
#include "utils/lsyscache.h"
|
||||||
#include "utils/syscache.h"
|
#include "utils/syscache.h"
|
||||||
|
|
||||||
|
|
||||||
@@ -261,6 +264,7 @@ lookup_agg_function(List *fnName,
|
|||||||
bool retset;
|
bool retset;
|
||||||
Oid *true_oid_array;
|
Oid *true_oid_array;
|
||||||
FuncDetailCode fdresult;
|
FuncDetailCode fdresult;
|
||||||
|
AclResult aclresult;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* func_get_detail looks up the function in the catalogs, does
|
* func_get_detail looks up the function in the catalogs, does
|
||||||
@@ -325,5 +329,10 @@ lookup_agg_function(List *fnName,
|
|||||||
errmsg("function %s requires run-time type coercion",
|
errmsg("function %s requires run-time type coercion",
|
||||||
func_signature_string(fnName, nargs, true_oid_array))));
|
func_signature_string(fnName, nargs, true_oid_array))));
|
||||||
|
|
||||||
|
/* Check aggregate creator has permission to call the function */
|
||||||
|
aclresult = pg_proc_aclcheck(fnOid, GetUserId(), ACL_EXECUTE);
|
||||||
|
if (aclresult != ACLCHECK_OK)
|
||||||
|
aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(fnOid));
|
||||||
|
|
||||||
return fnOid;
|
return fnOid;
|
||||||
}
|
}
|
||||||
|
@@ -45,7 +45,7 @@
|
|||||||
* Portions Copyright (c) 1994, Regents of the University of California
|
* Portions Copyright (c) 1994, Regents of the University of California
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/backend/executor/nodeAgg.c,v 1.116.2.2 2004/07/10 18:39:44 tgl Exp $
|
* $Header: /cvsroot/pgsql/src/backend/executor/nodeAgg.c,v 1.116.2.3 2005/01/27 23:43:16 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
@@ -55,6 +55,7 @@
|
|||||||
#include "access/heapam.h"
|
#include "access/heapam.h"
|
||||||
#include "catalog/pg_aggregate.h"
|
#include "catalog/pg_aggregate.h"
|
||||||
#include "catalog/pg_operator.h"
|
#include "catalog/pg_operator.h"
|
||||||
|
#include "catalog/pg_proc.h"
|
||||||
#include "executor/executor.h"
|
#include "executor/executor.h"
|
||||||
#include "executor/nodeAgg.h"
|
#include "executor/nodeAgg.h"
|
||||||
#include "miscadmin.h"
|
#include "miscadmin.h"
|
||||||
@@ -1260,6 +1261,35 @@ ExecInitAgg(Agg *node, EState *estate)
|
|||||||
peraggstate->transfn_oid = transfn_oid = aggform->aggtransfn;
|
peraggstate->transfn_oid = transfn_oid = aggform->aggtransfn;
|
||||||
peraggstate->finalfn_oid = finalfn_oid = aggform->aggfinalfn;
|
peraggstate->finalfn_oid = finalfn_oid = aggform->aggfinalfn;
|
||||||
|
|
||||||
|
/* Check that aggregate owner has permission to call component fns */
|
||||||
|
{
|
||||||
|
HeapTuple procTuple;
|
||||||
|
AclId aggOwner;
|
||||||
|
|
||||||
|
procTuple = SearchSysCache(PROCOID,
|
||||||
|
ObjectIdGetDatum(aggref->aggfnoid),
|
||||||
|
0, 0, 0);
|
||||||
|
if (!HeapTupleIsValid(procTuple))
|
||||||
|
elog(ERROR, "cache lookup failed for function %u",
|
||||||
|
aggref->aggfnoid);
|
||||||
|
aggOwner = ((Form_pg_proc) GETSTRUCT(procTuple))->proowner;
|
||||||
|
ReleaseSysCache(procTuple);
|
||||||
|
|
||||||
|
aclresult = pg_proc_aclcheck(transfn_oid, aggOwner,
|
||||||
|
ACL_EXECUTE);
|
||||||
|
if (aclresult != ACLCHECK_OK)
|
||||||
|
aclcheck_error(aclresult, ACL_KIND_PROC,
|
||||||
|
get_func_name(transfn_oid));
|
||||||
|
if (OidIsValid(finalfn_oid))
|
||||||
|
{
|
||||||
|
aclresult = pg_proc_aclcheck(finalfn_oid, aggOwner,
|
||||||
|
ACL_EXECUTE);
|
||||||
|
if (aclresult != ACLCHECK_OK)
|
||||||
|
aclcheck_error(aclresult, ACL_KIND_PROC,
|
||||||
|
get_func_name(finalfn_oid));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* resolve actual type of transition state, if polymorphic */
|
/* resolve actual type of transition state, if polymorphic */
|
||||||
aggtranstype = aggform->aggtranstype;
|
aggtranstype = aggform->aggtranstype;
|
||||||
if (aggtranstype == ANYARRAYOID || aggtranstype == ANYELEMENTOID)
|
if (aggtranstype == ANYARRAYOID || aggtranstype == ANYELEMENTOID)
|
||||||
|
Reference in New Issue
Block a user