database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-03 22:24:49 +03:00
Code

Fix assign_session_authorization() to not be confused by all-numeric

Browse Source 
user names.  Per recent reports.
This commit is contained in:
Tom Lane 2003-02-01 18:31:37 +00:00
parent 3be050da32
commit c80184552f
1 changed files with 30 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/backend/commands/variable.c
View File

@ -9,7 +9,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.71 2002/09/04 20:31:17 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.71.2.1 2003/02/01 18:31:37 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -519,25 +519,36 @@ show_server_encoding(void)
/* /*
* SET SESSION AUTHORIZATION * SET SESSION AUTHORIZATION
* *
* Note: when resetting session auth after an error, we can't expect to do * When resetting session auth after an error, we can't expect to do catalog
* catalog lookups. Hence, the stored form of the value is always a numeric * lookups. Hence, the stored form of the value must provide a numeric userid
* userid that can be re-used directly. * that can be re-used directly. We store the string in the form of
* NAMEDATALEN 'x's followed by the numeric userid --- this cannot conflict
* with any valid user name, because of the NAMEDATALEN limit on names.
*/ */
const char * const char *
assign_session_authorization(const char *value, bool doit, bool interactive) assign_session_authorization(const char *value, bool doit, bool interactive)
{ {
Oid usesysid; Oid usesysid = 0;
char *endptr;
char *result; char *result;
usesysid = (Oid) strtoul(value, &endptr, 10); if (strspn(value, "x") == NAMEDATALEN)
if (endptr != value && *endptr == '\0' && OidIsValid(usesysid))
{ {
/* use the numeric user ID */ /* might be a saved numeric userid */
char *endptr;
usesysid = (Oid) strtoul(value + NAMEDATALEN, &endptr, 10);
if (endptr != value + NAMEDATALEN && *endptr == '\0')
{
/* syntactically valid, so use the numeric user ID */
} }
else else
usesysid = 0;
}
if (usesysid == 0)
{ {
/* not a saved ID, so look it up */
HeapTuple userTup; HeapTuple userTup;
userTup = SearchSysCache(SHADOWNAME, userTup = SearchSysCache(SHADOWNAME,
@ -558,11 +569,13 @@ assign_session_authorization(const char *value, bool doit, bool interactive)
if (doit) if (doit)
SetSessionAuthorization(usesysid); SetSessionAuthorization(usesysid);
result = (char *) malloc(32); result = (char *) malloc(NAMEDATALEN + 32);
if (!result) if (!result)
return NULL; return NULL;
snprintf(result, 32, "%lu", (unsigned long) usesysid); memset(result, 'x', NAMEDATALEN);
snprintf(result + NAMEDATALEN, 32, "%lu", (unsigned long) usesysid);
return result; return result;
} }
@ -570,5 +583,9 @@ assign_session_authorization(const char *value, bool doit, bool interactive)
const char * const char *
show_session_authorization(void) show_session_authorization(void)
{ {
/*
* We can't use the stored string; see comments for
* assign_session_authorization
*/
return GetUserNameFromId(GetSessionUserId()); return GetUserNameFromId(GetSessionUserId());
} }