mirror of
https://github.com/postgres/postgres.git
synced 2025-11-18 02:02:55 +03:00
Make UPDATE and DELETE privileges distinct. Add REFERENCES and TRIGGER
privileges. INSERT and COPY FROM now require INSERT (only). Add privileges regression test.
This commit is contained in:
Peter Eisentraut
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.47 2001/03/22 03:59:18 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.48 2001/05/27 09:59:28 petere Exp $
|
||||
*
|
||||
* NOTES
|
||||
* See acl.h.
|
||||
@@ -46,7 +46,7 @@ char *aclcheck_error_strings[] = {
|
||||
};
|
||||
|
||||
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
static
|
||||
dumpacl(Acl *acl)
|
||||
{
|
||||
@@ -62,7 +62,7 @@ dumpacl(Acl *acl)
|
||||
PointerGetDatum(aip + i))));
|
||||
}
|
||||
|
||||
#endif
|
||||
#endif /* ACLDEBUG */
|
||||
|
||||
/*
|
||||
* ChangeAcl
|
||||
@@ -116,13 +116,13 @@ ChangeAcl(char *relname,
|
||||
old_acl = DatumGetAclPCopy(aclDatum);
|
||||
}
|
||||
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
dumpacl(old_acl);
|
||||
#endif
|
||||
|
||||
new_acl = aclinsert3(old_acl, mod_aip, modechg);
|
||||
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
dumpacl(new_acl);
|
||||
#endif
|
||||
|
||||
@@ -285,7 +285,7 @@ aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode)
|
||||
{
|
||||
if (aip->ai_id == id)
|
||||
{
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
elog(DEBUG, "aclcheck: found user %u/%d",
|
||||
aip->ai_id, aip->ai_mode);
|
||||
#endif
|
||||
@@ -301,7 +301,7 @@ aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode)
|
||||
{
|
||||
if (in_group(id, aip->ai_id))
|
||||
{
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
elog(DEBUG, "aclcheck: found group %u/%d",
|
||||
aip->ai_id, aip->ai_mode);
|
||||
#endif
|
||||
@@ -324,7 +324,7 @@ aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode)
|
||||
{
|
||||
if (aip->ai_id == id)
|
||||
{
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
elog(DEBUG, "aclcheck: found group %u/%d",
|
||||
aip->ai_id, aip->ai_mode);
|
||||
#endif
|
||||
@@ -341,7 +341,7 @@ aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode)
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
elog(DEBUG, "aclcheck: using world=%d", aidat->ai_mode);
|
||||
#endif
|
||||
return (aidat->ai_mode & mode) ? ACLCHECK_OK : ACLCHECK_NO_PRIV;
|
||||
@@ -371,7 +371,7 @@ pg_aclcheck(char *relname, Oid userid, AclMode mode)
|
||||
* pg_shadow.usecatupd is set. (This is to let superusers protect
|
||||
* themselves from themselves.)
|
||||
*/
|
||||
if (((mode & ACL_WR) || (mode & ACL_AP)) &&
|
||||
if (((mode & ACL_UPDATE) || (mode & ACL_INSERT) || (mode & ACL_DELETE)) &&
|
||||
!allowSystemTableMods && IsSystemRelationName(relname) &&
|
||||
strncmp(relname, "pg_temp.", strlen("pg_temp.")) != 0 &&
|
||||
!((Form_pg_shadow) GETSTRUCT(tuple))->usecatupd)
|
||||
@@ -387,7 +387,7 @@ pg_aclcheck(char *relname, Oid userid, AclMode mode)
|
||||
*/
|
||||
if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
|
||||
{
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
elog(DEBUG, "pg_aclcheck: \"%s\" is superuser",
|
||||
usename);
|
||||
#endif
|
||||
@@ -454,7 +454,7 @@ pg_ownercheck(Oid userid,
|
||||
*/
|
||||
if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
|
||||
{
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
elog(DEBUG, "pg_ownercheck: user \"%s\" is superuser",
|
||||
usename);
|
||||
#endif
|
||||
@@ -528,7 +528,7 @@ pg_func_ownercheck(Oid userid,
|
||||
*/
|
||||
if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
|
||||
{
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
elog(DEBUG, "pg_ownercheck: user \"%s\" is superuser",
|
||||
usename);
|
||||
#endif
|
||||
@@ -576,7 +576,7 @@ pg_aggr_ownercheck(Oid userid,
|
||||
*/
|
||||
if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
|
||||
{
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
elog(DEBUG, "pg_aggr_ownercheck: user \"%s\" is superuser",
|
||||
usename);
|
||||
#endif
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.128 2001/05/21 14:22:11 wieck Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.129 2001/05/27 09:59:28 petere Exp $
|
||||
*
|
||||
* NOTES
|
||||
* The PerformAddAttribute() code, like most of the relation
|
||||
@@ -1939,9 +1939,10 @@ LockTableCommand(LockStmt *lockstmt)
|
||||
elog(ERROR, "LOCK TABLE: %s is not a table", lockstmt->relname);
|
||||
|
||||
if (lockstmt->mode == AccessShareLock)
|
||||
aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_RD);
|
||||
aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_SELECT);
|
||||
else
|
||||
aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_WR);
|
||||
aclresult = pg_aclcheck(lockstmt->relname, GetUserId(),
|
||||
ACL_UPDATE | ACL_DELETE);
|
||||
|
||||
if (aclresult != ACLCHECK_OK)
|
||||
elog(ERROR, "LOCK TABLE: permission denied");
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
* Copyright (c) 1999, PostgreSQL Global Development Group
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/comment.c,v 1.27 2001/03/22 03:59:21 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/comment.c,v 1.28 2001/05/27 09:59:29 petere Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -468,7 +468,7 @@ CommentRewrite(char *rule, char *comment)
|
||||
|
||||
#ifndef NO_SECURITY
|
||||
relation = RewriteGetRuleEventRel(rule);
|
||||
aclcheck = pg_aclcheck(relation, GetUserId(), ACL_RU);
|
||||
aclcheck = pg_aclcheck(relation, GetUserId(), ACL_RULE);
|
||||
if (aclcheck != ACLCHECK_OK)
|
||||
{
|
||||
elog(ERROR, "you are not permitted to comment on rule '%s'",
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.136 2001/03/22 06:16:11 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.137 2001/05/27 09:59:29 petere Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -271,7 +271,7 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
|
||||
|
||||
FILE *fp;
|
||||
Relation rel;
|
||||
const AclMode required_access = from ? ACL_WR : ACL_RD;
|
||||
const AclMode required_access = from ? ACL_INSERT : ACL_SELECT;
|
||||
int result;
|
||||
|
||||
/*
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/sequence.c,v 1.55 2001/05/10 20:38:49 tgl Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/sequence.c,v 1.56 2001/05/27 09:59:29 petere Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -243,7 +243,7 @@ nextval(PG_FUNCTION_ARGS)
|
||||
rescnt = 0;
|
||||
bool logit = false;
|
||||
|
||||
if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
|
||||
if (pg_aclcheck(seqname, GetUserId(), ACL_UPDATE) != ACLCHECK_OK)
|
||||
elog(ERROR, "%s.nextval: you don't have permissions to set sequence %s",
|
||||
seqname, seqname);
|
||||
|
||||
@@ -390,7 +390,7 @@ currval(PG_FUNCTION_ARGS)
|
||||
SeqTable elm;
|
||||
int32 result;
|
||||
|
||||
if (pg_aclcheck(seqname, GetUserId(), ACL_RD) != ACLCHECK_OK)
|
||||
if (pg_aclcheck(seqname, GetUserId(), ACL_SELECT) != ACLCHECK_OK)
|
||||
elog(ERROR, "%s.currval: you don't have permissions to read sequence %s",
|
||||
seqname, seqname);
|
||||
|
||||
@@ -428,7 +428,7 @@ do_setval(char *seqname, int32 next, bool iscalled)
|
||||
Buffer buf;
|
||||
Form_pg_sequence seq;
|
||||
|
||||
if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
|
||||
if (pg_aclcheck(seqname, GetUserId(), ACL_UPDATE) != ACLCHECK_OK)
|
||||
elog(ERROR, "%s.setval: you don't have permissions to set sequence %s",
|
||||
seqname, seqname);
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
* Portions Copyright (c) 1994, Regents of the University of California
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.90 2001/03/22 06:16:11 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.91 2001/05/27 09:59:29 petere Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -69,8 +69,10 @@ CreateTrigger(CreateTrigStmt *stmt)
|
||||
if (!allowSystemTableMods && IsSystemRelationName(stmt->relname))
|
||||
elog(ERROR, "CreateTrigger: can't create trigger for system relation %s", stmt->relname);
|
||||
|
||||
if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
|
||||
elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
|
||||
if (pg_aclcheck(stmt->relname, GetUserId(),
|
||||
stmt->isconstraint ? ACL_REFERENCES : ACL_TRIGGER)
|
||||
!= ACLCHECK_OK)
|
||||
elog(ERROR, "permission denied");
|
||||
|
||||
/*
|
||||
* If trigger is a constraint, user trigger name as constraint name
|
||||
|
||||
@@ -27,7 +27,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.140 2001/05/15 00:33:36 tgl Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.141 2001/05/27 09:59:29 petere Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -420,7 +420,7 @@ ExecCheckRTEPerms(RangeTblEntry *rte, CmdType operation)
|
||||
|
||||
if (rte->checkForRead)
|
||||
{
|
||||
aclcheck_result = CHECK(ACL_RD);
|
||||
aclcheck_result = CHECK(ACL_SELECT);
|
||||
if (aclcheck_result != ACLCHECK_OK)
|
||||
elog(ERROR, "%s: %s",
|
||||
relName, aclcheck_error_strings[aclcheck_result]);
|
||||
@@ -437,15 +437,14 @@ ExecCheckRTEPerms(RangeTblEntry *rte, CmdType operation)
|
||||
switch (operation)
|
||||
{
|
||||
case CMD_INSERT:
|
||||
/* Accept either APPEND or WRITE access for this */
|
||||
aclcheck_result = CHECK(ACL_AP);
|
||||
if (aclcheck_result != ACLCHECK_OK)
|
||||
aclcheck_result = CHECK(ACL_WR);
|
||||
aclcheck_result = CHECK(ACL_INSERT);
|
||||
break;
|
||||
case CMD_SELECT:
|
||||
case CMD_DELETE:
|
||||
case CMD_UPDATE:
|
||||
aclcheck_result = CHECK(ACL_WR);
|
||||
aclcheck_result = CHECK(ACL_UPDATE);
|
||||
break;
|
||||
case CMD_DELETE:
|
||||
aclcheck_result = CHECK(ACL_DELETE);
|
||||
break;
|
||||
default:
|
||||
elog(ERROR, "ExecCheckRTEPerms: bogus operation %d",
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.226 2001/05/14 20:30:20 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.227 2001/05/27 09:59:29 petere Exp $
|
||||
*
|
||||
* HISTORY
|
||||
* AUTHOR DATE MAJOR EVENT
|
||||
@@ -2234,19 +2234,19 @@ from_in: IN
|
||||
*
|
||||
*****************************************************************************/
|
||||
|
||||
GrantStmt: GRANT privileges ON relation_name_list TO grantee opt_with_grant
|
||||
GrantStmt: GRANT privileges ON opt_table relation_name_list TO grantee opt_with_grant
|
||||
{
|
||||
$$ = (Node*)makeAclStmt($2,$4,$6,'+');
|
||||
$$ = (Node*)makeAclStmt($2,$5,$7,'+');
|
||||
}
|
||||
;
|
||||
|
||||
privileges: ALL PRIVILEGES
|
||||
{
|
||||
$$ = aclmakepriv("rwaR",0);
|
||||
$$ = aclmakepriv(ACL_MODE_STR,0);
|
||||
}
|
||||
| ALL
|
||||
{
|
||||
$$ = aclmakepriv("rwaR",0);
|
||||
$$ = aclmakepriv(ACL_MODE_STR,0);
|
||||
}
|
||||
| operation_commalist
|
||||
{
|
||||
@@ -2266,23 +2266,31 @@ operation_commalist: operation
|
||||
|
||||
operation: SELECT
|
||||
{
|
||||
$$ = ACL_MODE_RD_CHR;
|
||||
$$ = ACL_MODE_SELECT_CHR;
|
||||
}
|
||||
| INSERT
|
||||
{
|
||||
$$ = ACL_MODE_AP_CHR;
|
||||
$$ = ACL_MODE_INSERT_CHR;
|
||||
}
|
||||
| UPDATE
|
||||
{
|
||||
$$ = ACL_MODE_WR_CHR;
|
||||
$$ = ACL_MODE_UPDATE_CHR;
|
||||
}
|
||||
| DELETE
|
||||
{
|
||||
$$ = ACL_MODE_WR_CHR;
|
||||
$$ = ACL_MODE_DELETE_CHR;
|
||||
}
|
||||
| RULE
|
||||
{
|
||||
$$ = ACL_MODE_RU_CHR;
|
||||
$$ = ACL_MODE_RULE_CHR;
|
||||
}
|
||||
| REFERENCES
|
||||
{
|
||||
$$ = ACL_MODE_REFERENCES_CHR;
|
||||
}
|
||||
| TRIGGER
|
||||
{
|
||||
$$ = ACL_MODE_TRIGGER_CHR;
|
||||
}
|
||||
;
|
||||
|
||||
@@ -2315,9 +2323,9 @@ opt_with_grant: WITH GRANT OPTION
|
||||
*
|
||||
*****************************************************************************/
|
||||
|
||||
RevokeStmt: REVOKE privileges ON relation_name_list FROM grantee
|
||||
RevokeStmt: REVOKE privileges ON opt_table relation_name_list FROM grantee
|
||||
{
|
||||
$$ = (Node*)makeAclStmt($2,$4,$6,'-');
|
||||
$$ = (Node*)makeAclStmt($2,$5,$7,'-');
|
||||
}
|
||||
;
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.110 2001/05/07 00:43:23 tgl Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.111 2001/05/27 09:59:29 petere Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -267,7 +267,7 @@ ProcessUtility(Node *parsetree,
|
||||
int aclcheck_result;
|
||||
|
||||
relationName = RewriteGetRuleEventRel(rulename);
|
||||
aclcheck_result = pg_aclcheck(relationName, GetUserId(), ACL_RU);
|
||||
aclcheck_result = pg_aclcheck(relationName, GetUserId(), ACL_RULE);
|
||||
if (aclcheck_result != ACLCHECK_OK)
|
||||
elog(ERROR, "%s: %s", relationName,
|
||||
aclcheck_error_strings[aclcheck_result]);
|
||||
@@ -550,7 +550,7 @@ ProcessUtility(Node *parsetree,
|
||||
int aclcheck_result;
|
||||
|
||||
relname = stmt->object->relname;
|
||||
aclcheck_result = pg_aclcheck(relname, GetUserId(), ACL_RU);
|
||||
aclcheck_result = pg_aclcheck(relname, GetUserId(), ACL_RULE);
|
||||
if (aclcheck_result != ACLCHECK_OK)
|
||||
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[aclcheck_result]);
|
||||
set_ps_display(commandTag = "CREATE");
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.58 2001/03/22 03:59:48 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.59 2001/05/27 09:59:30 petere Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -113,8 +113,8 @@ aclparse(char *s, AclItem *aip, unsigned *modechg)
|
||||
|
||||
Assert(s && aip && modechg);
|
||||
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
printf("aclparse: input = '%s'\n", s);
|
||||
#ifdef ACLDEBUG
|
||||
elog(DEBUG, "aclparse: input = '%s'", s);
|
||||
#endif
|
||||
aip->ai_idtype = ACL_IDTYPE_UID;
|
||||
s = getid(s, name);
|
||||
@@ -155,17 +155,26 @@ aclparse(char *s, AclItem *aip, unsigned *modechg)
|
||||
{
|
||||
switch (*s)
|
||||
{
|
||||
case ACL_MODE_AP_CHR:
|
||||
aip->ai_mode |= ACL_AP;
|
||||
case ACL_MODE_INSERT_CHR:
|
||||
aip->ai_mode |= ACL_INSERT;
|
||||
break;
|
||||
case ACL_MODE_RD_CHR:
|
||||
aip->ai_mode |= ACL_RD;
|
||||
case ACL_MODE_SELECT_CHR:
|
||||
aip->ai_mode |= ACL_SELECT;
|
||||
break;
|
||||
case ACL_MODE_WR_CHR:
|
||||
aip->ai_mode |= ACL_WR;
|
||||
case ACL_MODE_UPDATE_CHR:
|
||||
aip->ai_mode |= ACL_UPDATE;
|
||||
break;
|
||||
case ACL_MODE_RU_CHR:
|
||||
aip->ai_mode |= ACL_RU;
|
||||
case ACL_MODE_DELETE_CHR:
|
||||
aip->ai_mode |= ACL_DELETE;
|
||||
break;
|
||||
case ACL_MODE_RULE_CHR:
|
||||
aip->ai_mode |= ACL_RULE;
|
||||
break;
|
||||
case ACL_MODE_REFERENCES_CHR:
|
||||
aip->ai_mode |= ACL_REFERENCES;
|
||||
break;
|
||||
case ACL_MODE_TRIGGER_CHR:
|
||||
aip->ai_mode |= ACL_TRIGGER;
|
||||
break;
|
||||
default:
|
||||
elog(ERROR, "aclparse: mode flags must use \"%s\"",
|
||||
@@ -192,7 +201,7 @@ aclparse(char *s, AclItem *aip, unsigned *modechg)
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef ACLDEBUG_TRACE
|
||||
#ifdef ACLDEBUG
|
||||
elog(DEBUG, "aclparse: correctly read [%x %d %x], modechg=%x",
|
||||
aip->ai_idtype, aip->ai_id, aip->ai_mode, *modechg);
|
||||
#endif
|
||||
@@ -269,7 +278,7 @@ aclitemout(PG_FUNCTION_ARGS)
|
||||
unsigned i;
|
||||
char *tmpname;
|
||||
|
||||
p = out = palloc(strlen("group =arwR ") + 1 + NAMEDATALEN);
|
||||
p = out = palloc(strlen("group =" ACL_MODE_STR " ") + 1 + NAMEDATALEN);
|
||||
*p = '\0';
|
||||
|
||||
switch (aip->ai_idtype)
|
||||
@@ -368,14 +377,13 @@ acldefault(char *relname, AclId ownerid)
|
||||
AclItem *aip;
|
||||
|
||||
#define ACL_WORLD_DEFAULT (ACL_NO)
|
||||
/* #define ACL_WORLD_DEFAULT (ACL_RD|ACL_WR|ACL_AP|ACL_RU) */
|
||||
#define ACL_OWNER_DEFAULT (ACL_RD|ACL_WR|ACL_AP|ACL_RU)
|
||||
#define ACL_OWNER_DEFAULT (ACL_INSERT|ACL_SELECT|ACL_UPDATE|ACL_DELETE|ACL_RULE|ACL_REFERENCES|ACL_TRIGGER)
|
||||
|
||||
acl = makeacl(2);
|
||||
aip = ACL_DAT(acl);
|
||||
aip[0].ai_idtype = ACL_IDTYPE_WORLD;
|
||||
aip[0].ai_id = ACL_ID_WORLD;
|
||||
aip[0].ai_mode = IsSystemRelationName(relname) ? ACL_RD : ACL_WORLD_DEFAULT;
|
||||
aip[0].ai_mode = IsSystemRelationName(relname) ? ACL_SELECT : ACL_WORLD_DEFAULT;
|
||||
aip[1].ai_idtype = ACL_IDTYPE_UID;
|
||||
aip[1].ai_id = ownerid;
|
||||
aip[1].ai_mode = ACL_OWNER_DEFAULT;
|
||||
@@ -651,8 +659,8 @@ aclmakepriv(char *old_privlist, char new_priv)
|
||||
int i;
|
||||
int l;
|
||||
|
||||
Assert(strlen(old_privlist) < 5);
|
||||
priv = palloc(5); /* at most "rwaR" */ ;
|
||||
Assert(strlen(old_privlist) <= strlen(ACL_MODE_STR));
|
||||
priv = palloc(strlen(ACL_MODE_STR)+1);
|
||||
|
||||
if (old_privlist == NULL || old_privlist[0] == '\0')
|
||||
{
|
||||
@@ -665,7 +673,7 @@ aclmakepriv(char *old_privlist, char new_priv)
|
||||
|
||||
l = strlen(old_privlist);
|
||||
|
||||
if (l == 4)
|
||||
if (l == strlen(ACL_MODE_STR))
|
||||
{ /* can't add any more privileges */
|
||||
return priv;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user