database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-18 17:41:14 +03:00
Code

Forbid REVOKE on untrusted languages, and don't dump privileges of

Browse Source 
untrusted languages (in case they sneak in).
This commit is contained in:
Peter Eisentraut 2003-12-19 14:21:43 +00:00
parent ed651a54fd
commit 5570c9ee14
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/catalog/aclchk.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.91 2003/10/31 20:00:49 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.91.2.1 2003/12/19 14:21:43 petere Exp $
* *
* NOTES * NOTES
* See acl.h. * See acl.h.
@ -592,7 +592,7 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE, aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE,
NameStr(pg_language_tuple->lanname)); NameStr(pg_language_tuple->lanname));
if (!pg_language_tuple->lanpltrusted && stmt->is_grant) if (!pg_language_tuple->lanpltrusted)
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_WRONG_OBJECT_TYPE), (errcode(ERRCODE_WRONG_OBJECT_TYPE),
errmsg("language \"%s\" is not trusted", langname))); errmsg("language \"%s\" is not trusted", langname)));

8
src/bin/pg_dump/pg_dump.c
View File

@ -12,7 +12,7 @@
* by PostgreSQL * by PostgreSQL
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.355 2003/10/28 21:05:29 tgl Exp $ * $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.355.2.1 2003/12/19 14:21:43 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -3488,6 +3488,7 @@ dumpProcLangs(Archive *fout, FuncInfo finfo[], int numFuncs)
int i_lanacl = -1; int i_lanacl = -1;
char *lanoid; char *lanoid;
char *lanname; char *lanname;
bool lanpltrusted;
char *lanacl; char *lanacl;
const char *lanplcallfoid; const char *lanplcallfoid;
const char *lanvalidator; const char *lanvalidator;
@ -3528,6 +3529,7 @@ dumpProcLangs(Archive *fout, FuncInfo finfo[], int numFuncs)
lanoid = PQgetvalue(res, i, i_oid); lanoid = PQgetvalue(res, i, i_oid);
lanplcallfoid = PQgetvalue(res, i, i_lanplcallfoid); lanplcallfoid = PQgetvalue(res, i, i_lanplcallfoid);
lanname = PQgetvalue(res, i, i_lanname); lanname = PQgetvalue(res, i, i_lanname);
lanpltrusted = (PQgetvalue(res, i, i_lanpltrusted)[0] == 't');
if (fout->remoteVersion >= 70300) if (fout->remoteVersion >= 70300)
{ {
lanvalidator = PQgetvalue(res, i, i_lanvalidator); lanvalidator = PQgetvalue(res, i, i_lanvalidator);
@ -3580,7 +3582,7 @@ dumpProcLangs(Archive *fout, FuncInfo finfo[], int numFuncs)
fmtId(lanname)); fmtId(lanname));
appendPQExpBuffer(defqry, "CREATE %sPROCEDURAL LANGUAGE %s", appendPQExpBuffer(defqry, "CREATE %sPROCEDURAL LANGUAGE %s",
(PQgetvalue(res, i, i_lanpltrusted)[0] == 't') ? lanpltrusted ?
"TRUSTED " : "", "TRUSTED " : "",
fmtId(lanname)); fmtId(lanname));
appendPQExpBuffer(defqry, " HANDLER %s", appendPQExpBuffer(defqry, " HANDLER %s",
@ -3605,7 +3607,7 @@ dumpProcLangs(Archive *fout, FuncInfo finfo[], int numFuncs)
"PROCEDURAL LANGUAGE", deps, "PROCEDURAL LANGUAGE", deps,
defqry->data, delqry->data, NULL, NULL, NULL); defqry->data, delqry->data, NULL, NULL, NULL);
if (!aclsSkip) if (!aclsSkip && lanpltrusted)
{ {
char *tmp = strdup(fmtId(lanname)); char *tmp = strdup(fmtId(lanname));