mirror of
				https://github.com/postgres/postgres.git
				synced 2025-10-25 13:17:41 +03:00 
			
		
		
		
	Check that aggregate creator has the right to execute the transition
functions of the aggregate, at both aggregate creation and execution times.
This commit is contained in:
		| @@ -8,7 +8,7 @@ | ||||
|  * | ||||
|  * | ||||
|  * IDENTIFICATION | ||||
|  *	  $Header: /cvsroot/pgsql/src/backend/catalog/pg_aggregate.c,v 1.64 2003/09/25 06:57:58 petere Exp $ | ||||
|  *	  $Header: /cvsroot/pgsql/src/backend/catalog/pg_aggregate.c,v 1.64.2.1 2005/01/27 23:43:11 tgl Exp $ | ||||
|  * | ||||
|  *------------------------------------------------------------------------- | ||||
|  */ | ||||
| @@ -22,10 +22,13 @@ | ||||
| #include "catalog/pg_aggregate.h" | ||||
| #include "catalog/pg_language.h" | ||||
| #include "catalog/pg_proc.h" | ||||
| #include "miscadmin.h" | ||||
| #include "optimizer/cost.h" | ||||
| #include "parser/parse_coerce.h" | ||||
| #include "parser/parse_func.h" | ||||
| #include "utils/acl.h" | ||||
| #include "utils/builtins.h" | ||||
| #include "utils/lsyscache.h" | ||||
| #include "utils/syscache.h" | ||||
|  | ||||
|  | ||||
| @@ -261,6 +264,7 @@ lookup_agg_function(List *fnName, | ||||
| 	bool		retset; | ||||
| 	Oid		   *true_oid_array; | ||||
| 	FuncDetailCode fdresult; | ||||
| 	AclResult	aclresult; | ||||
|  | ||||
| 	/* | ||||
| 	 * func_get_detail looks up the function in the catalogs, does | ||||
| @@ -325,5 +329,10 @@ lookup_agg_function(List *fnName, | ||||
| 				 errmsg("function %s requires run-time type coercion", | ||||
| 				 func_signature_string(fnName, nargs, true_oid_array)))); | ||||
|  | ||||
| 	/* Check aggregate creator has permission to call the function */ | ||||
| 	aclresult = pg_proc_aclcheck(fnOid, GetUserId(), ACL_EXECUTE); | ||||
| 	if (aclresult != ACLCHECK_OK) | ||||
| 		aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(fnOid)); | ||||
|  | ||||
| 	return fnOid; | ||||
| } | ||||
|   | ||||
| @@ -45,7 +45,7 @@ | ||||
|  * Portions Copyright (c) 1994, Regents of the University of California | ||||
|  * | ||||
|  * IDENTIFICATION | ||||
|  *	  $Header: /cvsroot/pgsql/src/backend/executor/nodeAgg.c,v 1.116.2.2 2004/07/10 18:39:44 tgl Exp $ | ||||
|  *	  $Header: /cvsroot/pgsql/src/backend/executor/nodeAgg.c,v 1.116.2.3 2005/01/27 23:43:16 tgl Exp $ | ||||
|  * | ||||
|  *------------------------------------------------------------------------- | ||||
|  */ | ||||
| @@ -55,6 +55,7 @@ | ||||
| #include "access/heapam.h" | ||||
| #include "catalog/pg_aggregate.h" | ||||
| #include "catalog/pg_operator.h" | ||||
| #include "catalog/pg_proc.h" | ||||
| #include "executor/executor.h" | ||||
| #include "executor/nodeAgg.h" | ||||
| #include "miscadmin.h" | ||||
| @@ -1260,6 +1261,35 @@ ExecInitAgg(Agg *node, EState *estate) | ||||
| 		peraggstate->transfn_oid = transfn_oid = aggform->aggtransfn; | ||||
| 		peraggstate->finalfn_oid = finalfn_oid = aggform->aggfinalfn; | ||||
|  | ||||
| 		/* Check that aggregate owner has permission to call component fns */ | ||||
| 		{ | ||||
| 			HeapTuple	procTuple; | ||||
| 			AclId		aggOwner; | ||||
|  | ||||
| 			procTuple = SearchSysCache(PROCOID, | ||||
| 									   ObjectIdGetDatum(aggref->aggfnoid), | ||||
| 									   0, 0, 0); | ||||
| 			if (!HeapTupleIsValid(procTuple)) | ||||
| 				elog(ERROR, "cache lookup failed for function %u", | ||||
| 					 aggref->aggfnoid); | ||||
| 			aggOwner = ((Form_pg_proc) GETSTRUCT(procTuple))->proowner; | ||||
| 			ReleaseSysCache(procTuple); | ||||
|  | ||||
| 			aclresult = pg_proc_aclcheck(transfn_oid, aggOwner, | ||||
| 										 ACL_EXECUTE); | ||||
| 			if (aclresult != ACLCHECK_OK) | ||||
| 				aclcheck_error(aclresult, ACL_KIND_PROC, | ||||
| 							   get_func_name(transfn_oid)); | ||||
| 			if (OidIsValid(finalfn_oid)) | ||||
| 			{ | ||||
| 				aclresult = pg_proc_aclcheck(finalfn_oid, aggOwner, | ||||
| 											 ACL_EXECUTE); | ||||
| 				if (aclresult != ACLCHECK_OK) | ||||
| 					aclcheck_error(aclresult, ACL_KIND_PROC, | ||||
| 								   get_func_name(finalfn_oid)); | ||||
| 			} | ||||
| 		} | ||||
|  | ||||
| 		/* resolve actual type of transition state, if polymorphic */ | ||||
| 		aggtranstype = aggform->aggtranstype; | ||||
| 		if (aggtranstype == ANYARRAYOID || aggtranstype == ANYELEMENTOID) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user