mirror of
https://github.com/postgres/postgres.git
synced 2025-11-09 06:21:09 +03:00
Add GRANT CONNECTION ON DATABASE, to be used in addition to pg_hba.conf.
Gevik Babakhani
This commit is contained in:
Bruce Momjian
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.125 2006/03/05 15:58:22 momjian Exp $
|
||||
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.126 2006/04/30 02:09:07 momjian Exp $
|
||||
*
|
||||
* NOTES
|
||||
* See acl.h.
|
||||
@@ -1368,6 +1368,8 @@ string_to_privilege(const char *privname)
|
||||
return ACL_CREATE_TEMP;
|
||||
if (strcmp(privname, "temp") == 0)
|
||||
return ACL_CREATE_TEMP;
|
||||
if (strcmp(privname, "connection") == 0)
|
||||
return ACL_CONNECT;
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_SYNTAX_ERROR),
|
||||
errmsg("unrecognized privilege type \"%s\"", privname)));
|
||||
@@ -1401,6 +1403,8 @@ privilege_to_string(AclMode privilege)
|
||||
return "CREATE";
|
||||
case ACL_CREATE_TEMP:
|
||||
return "TEMP";
|
||||
case ACL_CONNECT:
|
||||
return "CONNECTION";
|
||||
default:
|
||||
elog(ERROR, "unrecognized privilege: %d", (int) privilege);
|
||||
}
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.131 2006/03/05 15:58:40 momjian Exp $
|
||||
* $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.132 2006/04/30 02:09:07 momjian Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -287,6 +287,9 @@ aclparse(const char *s, AclItem *aip)
|
||||
case ACL_CREATE_TEMP_CHR:
|
||||
read = ACL_CREATE_TEMP;
|
||||
break;
|
||||
case ACL_CONNECT_CHR:
|
||||
read = ACL_CONNECT;
|
||||
break;
|
||||
default:
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
|
||||
@@ -550,7 +553,7 @@ acldefault(GrantObjectType objtype, Oid ownerId)
|
||||
owner_default = ACL_ALL_RIGHTS_SEQUENCE;
|
||||
break;
|
||||
case ACL_OBJECT_DATABASE:
|
||||
world_default = ACL_CREATE_TEMP; /* not NO_RIGHTS! */
|
||||
world_default = ACL_CREATE_TEMP | ACL_CONNECT; /* not NO_RIGHTS! */
|
||||
owner_default = ACL_ALL_RIGHTS_DATABASE;
|
||||
break;
|
||||
case ACL_OBJECT_FUNCTION:
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.162 2006/03/29 21:17:39 tgl Exp $
|
||||
* $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.163 2006/04/30 02:09:07 momjian Exp $
|
||||
*
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
@@ -51,7 +51,7 @@
|
||||
|
||||
|
||||
static bool FindMyDatabase(const char *name, Oid *db_id, Oid *db_tablespace);
|
||||
static void ReverifyMyDatabase(const char *name);
|
||||
static void ReverifyMyDatabase(const char *name, const char *user_name);
|
||||
static void InitCommunication(void);
|
||||
static void ShutdownPostgres(int code, Datum arg);
|
||||
static bool ThereIsAtLeastOneRole(void);
|
||||
@@ -130,8 +130,9 @@ FindMyDatabase(const char *name, Oid *db_id, Oid *db_tablespace)
|
||||
* during session startup, this place is also fitting to set up any
|
||||
* database-specific configuration variables.
|
||||
*/
|
||||
|
||||
static void
|
||||
ReverifyMyDatabase(const char *name)
|
||||
ReverifyMyDatabase(const char *name, const char *user_name)
|
||||
{
|
||||
Relation pgdbrel;
|
||||
SysScanDesc pgdbscan;
|
||||
@@ -211,6 +212,23 @@ ReverifyMyDatabase(const char *name)
|
||||
(errcode(ERRCODE_TOO_MANY_CONNECTIONS),
|
||||
errmsg("too many connections for database \"%s\"",
|
||||
name)));
|
||||
|
||||
/*
|
||||
* Checking for privilege to connect to the database
|
||||
* We want to bypass the test if we are running in bootstrap mode
|
||||
*/
|
||||
if (!IsBootstrapProcessingMode())
|
||||
{
|
||||
if(pg_database_aclcheck(MyDatabaseId,GetUserId()
|
||||
,ACL_CONNECT) != ACLCHECK_OK )
|
||||
{
|
||||
ereport(FATAL,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
errmsg("couldn't connect to database %s", NameStr(dbform->datname)),
|
||||
errdetail("User %s doesn't have the CONNECTION privilege for database %s.",
|
||||
user_name, NameStr(dbform->datname))));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -487,7 +505,7 @@ InitPostgres(const char *dbname, const char *username)
|
||||
* superuser, so the above stuff has to happen first.)
|
||||
*/
|
||||
if (!bootstrap)
|
||||
ReverifyMyDatabase(dbname);
|
||||
ReverifyMyDatabase(dbname,username);
|
||||
|
||||
/*
|
||||
* Final phase of relation cache startup: write a new cache file if
|
||||
|
||||
Reference in New Issue
Block a user