database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-13 07:41:39 +03:00
Code Activity

Fix permission-checking bug reported by Tim Burgess 10-Feb-03 (this time

Browse Source 
for sure...).  Rather than relying on the query context of a rangetable
entry to identify what permissions it wants checked, store a full AclMode
mask in each RTE, and check exactly those bits.  This allows an RTE
specifying, say, INSERT privilege on a view to be copied into a derived
UPDATE query without changing meaning.  Per recent discussion thread.
initdb forced due to change of stored rule representation.
This commit is contained in:
Tom Lane
2004-01-14 23:01:55 +00:00
parent 01d320d421
commit cfd7fb7ed4
18 changed files with 186 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/backend/parser/parse_clause.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/parser/parse_clause.c,v 1.125 2003/11/29 19:51:51 pgsql Exp $
* $PostgreSQL: pgsql/src/backend/parser/parse_clause.c,v 1.126 2004/01/14 23:01:55 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@ -116,11 +116,14 @@ transformFromClause(ParseState *pstate, List *frmList)
* to check for namespace conflict; we assume that the namespace was
* initially empty in these cases.)
*
* Finally, we mark the relation as requiring the permissions specified
* by requiredPerms.
*
* Returns the rangetable index of the target relation.
*/
int
setTargetTable(ParseState *pstate, RangeVar *relation,
bool inh, bool alsoSource)
bool inh, bool alsoSource, AclMode requiredPerms)
{
RangeTblEntry *rte;
int rtindex;
@ -149,16 +152,15 @@ setTargetTable(ParseState *pstate, RangeVar *relation,
Assert(rte == rt_fetch(rtindex, pstate->p_rtable));
/*
* Override addRangeTableEntry's default checkForRead, and instead
* mark target table as requiring write access.
* Override addRangeTableEntry's default ACL_SELECT permissions check,
* and instead mark target table as requiring exactly the specified
* permissions.
*
* If we find an explicit reference to the rel later during parse
* analysis, scanRTEForColumn will change checkForRead to 'true'
* again. That can't happen for INSERT but it is possible for UPDATE
* and DELETE.
* analysis, scanRTEForColumn will add the ACL_SELECT bit back again.
* That can't happen for INSERT but it is possible for UPDATE and DELETE.
*/
rte->checkForRead = false;
rte->checkForWrite = true;
rte->requiredPerms = requiredPerms;
/*
* If UPDATE/DELETE, add table to joinlist and namespace.