database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-12-22 17:42:17 +03:00
Code Activity

Code cleanup of user name and user id handling in the backend. The current

Browse Source 
user is now defined in terms of the user id, the user name is only computed
upon request (for display purposes). This is kind of the opposite of the
previous state, which would maintain the user name and compute the user id
for permission checks.

Besides perhaps saving a few cycles (integer vs string), this now creates a
single point of attack for changing the user id during a connection, for
purposes of "setuid" functions, etc.
This commit is contained in:
Peter Eisentraut
2000-09-06 14:15:31 +00:00
parent daf1e3a702
commit 6dc249610a
28 changed files with 220 additions and 281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/commands/analyze.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.5 2000/08/21 17:22:32 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.6 2000/09/06 14:15:16 petere Exp $
*
*-------------------------------------------------------------------------
@@ -99,7 +99,7 @@ analyze_rel(Oid relid, List *anal_cols2, int MESSAGE_LEVEL)
onerel = heap_open(relid, AccessShareLock);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetPgUserName(), RelationGetRelationName(onerel),
if (!pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
RELNAME))
{
/* we already did an elog during vacuum

16
src/backend/commands/command.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.97 2000/08/29 04:20:43 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.98 2000/09/06 14:15:16 petere Exp $
*
* NOTES
* The PerformAddAttribute() code, like most of the relation
@@ -308,7 +308,7 @@ AlterTableAddColumn(const char *relationName,
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
relationName);
#ifndef NO_SECURITY
if (!pg_ownercheck(UserName, relationName, RELNAME))
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "ALTER TABLE: permission denied");
#endif
@@ -523,7 +523,7 @@ AlterTableAlterColumn(const char *relationName,
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
relationName);
#ifndef NO_SECURITY
if (!pg_ownercheck(UserName, relationName, RELNAME))
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "ALTER TABLE: permission denied");
#endif
@@ -935,7 +935,7 @@ AlterTableDropColumn(const char *relationName,
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
relationName);
#ifndef NO_SECURITY
if (!pg_ownercheck(UserName, relationName, RELNAME))
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "ALTER TABLE: permission denied");
#endif
@@ -1095,7 +1095,7 @@ AlterTableAddConstraint(char *relationName,
elog(ERROR, "ALTER TABLE / ADD CONSTRAINT passed invalid constraint.");
#ifndef NO_SECURITY
if (!pg_ownercheck(UserName, relationName, RELNAME))
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "ALTER TABLE: permission denied");
#endif
@@ -1484,7 +1484,7 @@ AlterTableCreateToastTable(const char *relationName, bool silent)
* permissions checking. XXX exactly what is appropriate here?
*/
#ifndef NO_SECURITY
if (!pg_ownercheck(UserName, relationName, RELNAME))
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "ALTER TABLE: permission denied");
#endif
@@ -1723,9 +1723,9 @@ LockTableCommand(LockStmt *lockstmt)
rel = heap_openr(lockstmt->relname, NoLock);
if (lockstmt->mode == AccessShareLock)
aclresult = pg_aclcheck(lockstmt->relname, GetPgUserName(), ACL_RD);
aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_RD);
else
aclresult = pg_aclcheck(lockstmt->relname, GetPgUserName(), ACL_WR);
aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_WR);
if (aclresult != ACLCHECK_OK)
elog(ERROR, "LOCK TABLE: permission denied");

44
src/backend/commands/comment.c
View File

@@ -281,7 +281,7 @@ CommentRelation(int reltype, char *relname, char *comment)
/*** First, check object security ***/
#ifndef NO_SECURITY
if (!pg_ownercheck(GetPgUserName(), relname, RELNAME))
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "you are not permitted to comment on class '%s'", relname);
#endif
@@ -347,7 +347,7 @@ CommentAttribute(char *relname, char *attrname, char *comment)
/*** First, check object security ***/
#ifndef NO_SECURITY
if (!pg_ownercheck(GetPgUserName(), relname, RELNAME))
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "you are not permitted to comment on class '%s\'", relname);
#endif
@@ -395,9 +395,8 @@ CommentDatabase(char *database, char *comment)
HeapScanDesc scan;
Oid oid;
bool superuser;
int4 dba,
userid;
char *username;
int4 dba;
Oid userid;
/*** First find the tuple in pg_database for the database ***/
@@ -416,12 +415,11 @@ CommentDatabase(char *database, char *comment)
/*** Now, fetch user information ***/
username = GetPgUserName();
usertuple = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(username),
userid = GetUserId();
usertuple = SearchSysCacheTuple(SHADOWSYSID, ObjectIdGetDatum(userid),
0, 0, 0);
if (!HeapTupleIsValid(usertuple))
elog(ERROR, "current user '%s' does not exist", username);
userid = ((Form_pg_shadow) GETSTRUCT(usertuple))->usesysid;
elog(ERROR, "invalid user id %u", (unsigned) userid);
superuser = ((Form_pg_shadow) GETSTRUCT(usertuple))->usesuper;
/*** Allow if the userid matches the database dba or is a superuser ***/
@@ -461,16 +459,14 @@ CommentRewrite(char *rule, char *comment)
HeapTuple rewritetuple;
Oid oid;
char *user,
*relation;
char *relation;
int aclcheck;
/*** First, validate user ***/
#ifndef NO_SECURITY
user = GetPgUserName();
relation = RewriteGetRuleEventRel(rule);
aclcheck = pg_aclcheck(relation, user, ACL_RU);
aclcheck = pg_aclcheck(relation, GetUserId(), ACL_RU);
if (aclcheck != ACLCHECK_OK)
{
elog(ERROR, "you are not permitted to comment on rule '%s'",
@@ -510,13 +506,11 @@ CommentType(char *type, char *comment)
HeapTuple typetuple;
Oid oid;
char *user;
/*** First, validate user ***/
#ifndef NO_SECURITY
user = GetPgUserName();
if (!pg_ownercheck(user, type, TYPENAME))
if (!pg_ownercheck(GetUserId(), type, TYPENAME))
{
elog(ERROR, "you are not permitted to comment on type '%s'",
type);
@@ -556,7 +550,6 @@ CommentAggregate(char *aggregate, char *argument, char *comment)
Oid baseoid,
oid;
bool defined;
char *user;
/*** First, attempt to determine the base aggregate oid ***/
@@ -572,8 +565,7 @@ CommentAggregate(char *aggregate, char *argument, char *comment)
/*** Next, validate the user's attempt to comment ***/
#ifndef NO_SECURITY
user = GetPgUserName();
if (!pg_aggr_ownercheck(user, aggregate, baseoid))
if (!pg_aggr_ownercheck(GetUserId(), aggregate, baseoid))
{
if (argument)
{
@@ -629,8 +621,7 @@ CommentProc(char *function, List *arguments, char *comment)
functuple;
Oid oid,
argoids[FUNC_MAX_ARGS];
char *user,
*argument;
char *argument;
int i,
argcount;
@@ -662,8 +653,7 @@ CommentProc(char *function, List *arguments, char *comment)
/*** Now, validate the user's ability to comment on this function ***/
#ifndef NO_SECURITY
user = GetPgUserName();
if (!pg_func_ownercheck(user, function, argcount, argoids))
if (!pg_func_ownercheck(GetUserId(), function, argcount, argoids))
elog(ERROR, "you are not permitted to comment on function '%s'",
function);
#endif
@@ -708,7 +698,6 @@ CommentOperator(char *opername, List *arguments, char *comment)
rightoid = InvalidOid;
bool defined;
char oprtype = 0,
*user,
*lefttype = NULL,
*righttype = NULL;
@@ -762,8 +751,7 @@ CommentOperator(char *opername, List *arguments, char *comment)
/*** Valid user's ability to comment on this operator ***/
#ifndef NO_SECURITY
user = GetPgUserName();
if (!pg_ownercheck(user, (char *) ObjectIdGetDatum(oid), OPEROID))
if (!pg_ownercheck(GetUserId(), (char *) ObjectIdGetDatum(oid), OPEROID))
{
elog(ERROR, "you are not permitted to comment on operator '%s'",
opername);
@@ -805,13 +793,11 @@ CommentTrigger(char *trigger, char *relname, char *comment)
HeapScanDesc scan;
ScanKeyData entry;
Oid oid = InvalidOid;
char *user;
/*** First, validate the user's action ***/
#ifndef NO_SECURITY
user = GetPgUserName();
if (!pg_ownercheck(user, relname, RELNAME))
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
{
elog(ERROR, "you are not permitted to comment on trigger '%s' %s '%s'",
trigger, "defined for relation", relname);

5
src/backend/commands/copy.c
View File

@@ -7,7 +7,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.121 2000/08/22 04:06:21 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.122 2000/09/06 14:15:16 petere Exp $
*
*-------------------------------------------------------------------------
*/
@@ -272,7 +272,6 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
FILE *fp;
Relation rel;
extern char *UserName; /* defined in global.c */
const AclMode required_access = from ? ACL_WR : ACL_RD;
int result;
@@ -281,7 +280,7 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
*/
rel = heap_openr(relname, (from ? RowExclusiveLock : AccessShareLock));
result = pg_aclcheck(relname, UserName, required_access);
result = pg_aclcheck(relname, GetUserId(), required_access);
if (result != ACLCHECK_OK)
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[result]);
if (!pipe && !superuser())

25
src/backend/commands/dbcommands.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.59 2000/08/03 16:34:01 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.60 2000/09/06 14:15:16 petere Exp $
*
*-------------------------------------------------------------------------
*/
@@ -37,7 +37,7 @@
/* non-export function prototypes */
static bool
get_user_info(const char *name, int4 *use_sysid, bool *use_super, bool *use_createdb);
get_user_info(Oid use_sysid, bool *use_super, bool *use_createdb);
static bool
get_db_info(const char *name, char *dbpath, Oid *dbIdP, int4 *ownerIdP);
@@ -54,7 +54,6 @@ createdb(const char *dbname, const char *dbpath, int encoding)
char buf[2 * MAXPGPATH + 100];
char *loc;
char locbuf[512];
int4 user_id;
int ret;
bool use_super,
use_createdb;
@@ -64,7 +63,7 @@ createdb(const char *dbname, const char *dbpath, int encoding)
Datum new_record[Natts_pg_database];
char new_record_nulls[Natts_pg_database] = {' ', ' ', ' ', ' '};
if (!get_user_info(GetPgUserName(), &user_id, &use_super, &use_createdb))
if (!get_user_info(GetUserId(), &use_super, &use_createdb))
elog(ERROR, "current user name is invalid");
if (!use_createdb && !use_super)
@@ -100,7 +99,7 @@ createdb(const char *dbname, const char *dbpath, int encoding)
/* Form tuple */
new_record[Anum_pg_database_datname - 1] = DirectFunctionCall1(namein,
CStringGetDatum(dbname));
new_record[Anum_pg_database_datdba - 1] = Int32GetDatum(user_id);
new_record[Anum_pg_database_datdba - 1] = Int32GetDatum(GetUserId());
new_record[Anum_pg_database_encoding - 1] = Int32GetDatum(encoding);
new_record[Anum_pg_database_datpath - 1] = DirectFunctionCall1(textin,
CStringGetDatum(locbuf));
@@ -174,8 +173,7 @@ createdb(const char *dbname, const char *dbpath, int encoding)
void
dropdb(const char *dbname)
{
int4 user_id,
db_owner;
int4 db_owner;
bool use_super;
Oid db_id;
char *path,
@@ -197,13 +195,13 @@ dropdb(const char *dbname)
if (IsTransactionBlock())
elog(ERROR, "DROP DATABASE: May not be called in a transaction block");
if (!get_user_info(GetPgUserName(), &user_id, &use_super, NULL))
if (!get_user_info(GetUserId(), &use_super, NULL))
elog(ERROR, "Current user name is invalid");
if (!get_db_info(dbname, dbpath, &db_id, &db_owner))
elog(ERROR, "DROP DATABASE: Database \"%s\" does not exist", dbname);
if (user_id != db_owner && !use_super)
if (GetUserId() != db_owner && !use_super)
elog(ERROR, "DROP DATABASE: Permission denied");
path = ExpandDatabasePath(dbpath);
@@ -374,20 +372,17 @@ get_db_info(const char *name, char *dbpath, Oid *dbIdP, int4 *ownerIdP)
static bool
get_user_info(const char *name, int4 *use_sysid, bool *use_super, bool *use_createdb)
get_user_info(Oid use_sysid, bool *use_super, bool *use_createdb)
{
HeapTuple utup;
AssertArg(name);
utup = SearchSysCacheTuple(SHADOWNAME,
PointerGetDatum(name),
utup = SearchSysCacheTuple(SHADOWSYSID,
ObjectIdGetDatum(use_sysid),
0, 0, 0);
if (!HeapTupleIsValid(utup))
return false;
if (use_sysid)
*use_sysid = ((Form_pg_shadow) GETSTRUCT(utup))->usesysid;
if (use_super)
*use_super = ((Form_pg_shadow) GETSTRUCT(utup))->usesuper;
if (use_createdb)

20
src/backend/commands/indexcmds.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.37 2000/08/20 00:44:19 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.38 2000/09/06 14:15:16 petere Exp $
*
*-------------------------------------------------------------------------
*/
@@ -697,15 +697,11 @@ ReindexDatabase(const char *dbname, bool force, bool all)
{
Relation relation,
relationRelation;
HeapTuple usertuple,
dbtuple,
HeapTuple dbtuple,
tuple;
HeapScanDesc scan;
int4 user_id,
db_owner;
bool superuser;
int4 db_owner;
Oid db_id;
char *username;
ScanKeyData scankey;
MemoryContext private_context;
MemoryContext old;
@@ -717,14 +713,6 @@ ReindexDatabase(const char *dbname, bool force, bool all)
AssertArg(dbname);
username = GetPgUserName();
usertuple = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(username),
0, 0, 0);
if (!HeapTupleIsValid(usertuple))
elog(ERROR, "Current user \"%s\" is invalid.", username);
user_id = ((Form_pg_shadow) GETSTRUCT(usertuple))->usesysid;
superuser = ((Form_pg_shadow) GETSTRUCT(usertuple))->usesuper;
relation = heap_openr(DatabaseRelationName, AccessShareLock);
ScanKeyEntryInitialize(&scankey, 0, Anum_pg_database_datname,
F_NAMEEQ, NameGetDatum(dbname));
@@ -737,7 +725,7 @@ ReindexDatabase(const char *dbname, bool force, bool all)
heap_endscan(scan);
heap_close(relation, NoLock);
if (user_id != db_owner && !superuser)
if (GetUserId() != db_owner && !superuser())
elog(ERROR, "REINDEX DATABASE: Permission denied.");
if (db_id != MyDatabaseId)

18
src/backend/commands/remove.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/remove.c,v 1.50 2000/07/04 06:11:29 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/remove.c,v 1.51 2000/09/06 14:15:16 petere Exp $
*
*-------------------------------------------------------------------------
*/
@@ -47,7 +47,6 @@ RemoveOperator(char *operatorName, /* operator name */
Oid typeId1 = InvalidOid;
Oid typeId2 = InvalidOid;
bool defined;
char *userName;
char oprtype;
if (typeName1)
@@ -88,8 +87,7 @@ RemoveOperator(char *operatorName, /* operator name */
if (HeapTupleIsValid(tup))
{
#ifndef NO_SECURITY
userName = GetPgUserName();
if (!pg_ownercheck(userName,
if (!pg_ownercheck(GetUserId(),
(char *) ObjectIdGetDatum(tup->t_data->t_oid),
OPEROID))
elog(ERROR, "RemoveOperator: operator '%s': permission denied",
@@ -257,11 +255,9 @@ RemoveType(char *typeName) /* type name to be removed */
HeapTuple tup;
Oid typeOid;
char *shadow_type;
char *userName;
#ifndef NO_SECURITY
userName = GetPgUserName();
if (!pg_ownercheck(userName, typeName, TYPENAME))
if (!pg_ownercheck(GetUserId(), typeName, TYPENAME))
elog(ERROR, "RemoveType: type '%s': permission denied",
typeName);
#endif
@@ -318,7 +314,6 @@ RemoveFunction(char *functionName, /* function name to be removed */
Relation relation;
HeapTuple tup;
Oid argList[FUNC_MAX_ARGS];
char *userName;
char *typename;
int i;
@@ -346,8 +341,7 @@ RemoveFunction(char *functionName, /* function name to be removed */
}
#ifndef NO_SECURITY
userName = GetPgUserName();
if (!pg_func_ownercheck(userName, functionName, nargs, argList))
if (!pg_func_ownercheck(GetUserId(), functionName, nargs, argList))
{
elog(ERROR, "RemoveFunction: function '%s': permission denied",
functionName);
@@ -388,7 +382,6 @@ RemoveAggregate(char *aggName, char *aggType)
{
Relation relation;
HeapTuple tup;
char *userName;
Oid basetypeID = InvalidOid;
bool defined;
@@ -413,8 +406,7 @@ RemoveAggregate(char *aggName, char *aggType)
basetypeID = 0;
#ifndef NO_SECURITY
userName = GetPgUserName();
if (!pg_aggr_ownercheck(userName, aggName, basetypeID))
if (!pg_aggr_ownercheck(GetUserId(), aggName, basetypeID))
{
if (aggType)
{

7
src/backend/commands/rename.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/rename.c,v 1.46 2000/06/20 06:41:13 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/rename.c,v 1.47 2000/09/06 14:15:16 petere Exp $
*
*-------------------------------------------------------------------------
*/
@@ -53,7 +53,6 @@ void
renameatt(char *relname,
char *oldattname,
char *newattname,
char *userName,
int recurse)
{
Relation targetrelation;
@@ -74,7 +73,7 @@ renameatt(char *relname,
relname);
#ifndef NO_SECURITY
if (!IsBootstrapProcessingMode() &&
!pg_ownercheck(userName, relname, RELNAME))
!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "renameatt: you do not own class \"%s\"",
relname);
#endif
@@ -129,7 +128,7 @@ renameatt(char *relname,
NameStr(((Form_pg_class) GETSTRUCT(reltup))->relname),
NAMEDATALEN);
/* note we need not recurse again! */
renameatt(childname, oldattname, newattname, userName, 0);
renameatt(childname, oldattname, newattname, 0);
}
}

6
src/backend/commands/sequence.c
View File

@@ -201,7 +201,7 @@ nextval(PG_FUNCTION_ARGS)
rescnt = 0;
#ifndef NO_SECURITY
if (pg_aclcheck(seqname, GetPgUserName(), ACL_WR) != ACLCHECK_OK)
if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
elog(ERROR, "%s.nextval: you don't have permissions to set sequence %s",
seqname, seqname);
#endif
@@ -298,7 +298,7 @@ currval(PG_FUNCTION_ARGS)
int32 result;
#ifndef NO_SECURITY
if (pg_aclcheck(seqname, GetPgUserName(), ACL_RD) != ACLCHECK_OK)
if (pg_aclcheck(seqname, GetUserId(), ACL_RD) != ACLCHECK_OK)
elog(ERROR, "%s.currval: you don't have permissions to read sequence %s",
seqname, seqname);
#endif
@@ -328,7 +328,7 @@ setval(PG_FUNCTION_ARGS)
Form_pg_sequence seq;
#ifndef NO_SECURITY
if (pg_aclcheck(seqname, GetPgUserName(), ACL_WR) != ACLCHECK_OK)
if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
elog(ERROR, "%s.setval: you don't have permissions to set sequence %s",
seqname, seqname);
#endif

6
src/backend/commands/trigger.c
View File

@@ -7,7 +7,7 @@
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.76 2000/08/11 23:45:28 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.77 2000/09/06 14:15:16 petere Exp $
*
*-------------------------------------------------------------------------
*/
@@ -69,7 +69,7 @@ CreateTrigger(CreateTrigStmt *stmt)
elog(ERROR, "CreateTrigger: can't create trigger for system relation %s", stmt->relname);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetPgUserName(), stmt->relname, RELNAME))
if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif
@@ -309,7 +309,7 @@ DropTrigger(DropTrigStmt *stmt)
int tgfound = 0;
#ifndef NO_SECURITY
if (!pg_ownercheck(GetPgUserName(), stmt->relname, RELNAME))
if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif

4
src/backend/commands/vacuum.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/vacuum.c,v 1.163 2000/07/14 22:17:42 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/vacuum.c,v 1.164 2000/09/06 14:15:16 petere Exp $
*
*-------------------------------------------------------------------------
@@ -404,7 +404,7 @@ vacuum_rel(Oid relid, bool analyze, bool is_toastrel)
toast_relid = onerel->rd_rel->reltoastrelid;
#ifndef NO_SECURITY
if (!pg_ownercheck(GetPgUserName(), RelationGetRelationName(onerel),
if (!pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
RELNAME))
{
elog(NOTICE, "Skipping \"%s\" --- only table owner can VACUUM it",