database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-14 08:21:07 +03:00
Code Activity

From: Dan McGuirk <mcguirk@indirect.com>

Browse Source 
Subject: [HACKERS] better access control error messages

This patch replaces the 'no such class or insufficient privilege' with
distinct error messages that tell you whether the table really doesn't
exist or whether access was denied.
This commit is contained in:
Marc G. Fournier
1997-03-12 20:48:48 +00:00
parent c00c511b7b
commit e4949f9fe5
6 changed files with 63 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/backend/tcop/utility.c
View File

@ -9,7 +9,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.11 1997/01/16 14:56:21 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.12 1997/03/12 20:48:27 scrappy Exp $
*
*-------------------------------------------------------------------------
*/
@ -381,10 +381,13 @@ ProcessUtility(Node *parsetree,
case T_RuleStmt: /* CREATE RULE */
{
RuleStmt *stmt = (RuleStmt *)parsetree;
int aclcheck_result;
#ifndef NO_SECURITY
relname = stmt->object->relname;
if (!pg_aclcheck(relname, userName, ACL_RU))
elog(WARN, "%s %s", relname, ACL_NO_PRIV_WARNING);
aclcheck_result = pg_aclcheck(relname, userName, ACL_RU);
if(aclcheck_result != ACLCHECK_OK)
elog(WARN, "%s: %s", relname, aclcheck_error_strings[aclcheck_result]);
#endif
commandTag = "CREATE";
CHECK_IF_ABORTED();
@ -423,19 +426,21 @@ ProcessUtility(Node *parsetree,
relname);
#ifndef NO_SECURITY
if (!pg_ownercheck(userName, relname, RELNAME))
elog(WARN, "you do not own class \"%s\"",
relname);
elog(WARN, "%s: %s", relationName, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif
RemoveIndex(relname);
break;
case RULE:
{
char *rulename = stmt->name;
int aclcheck_result;
#ifndef NO_SECURITY
relationName = RewriteGetRuleEventRel(rulename);
if (!pg_aclcheck(relationName, userName, ACL_RU))
elog(WARN, "%s %s", relationName, ACL_NO_PRIV_WARNING);
aclcheck_result = pg_aclcheck(relationName, userName, ACL_RU);
if(aclcheck_result != ACLCHECK_OK) {
elog(WARN, "%s: %s", relationName, aclcheck_error_strings[aclcheck_result]);
}
#endif
RemoveRewriteRule(rulename);
}
@ -457,7 +462,7 @@ ProcessUtility(Node *parsetree,
ruleName = MakeRetrieveViewRuleName(viewName);
relationName = RewriteGetRuleEventRel(ruleName);
if (!pg_ownercheck(userName, relationName, RELNAME))
elog(WARN, "%s %s", relationName, ACL_NO_PRIV_WARNING);
elog(WARN, "%s: %s", relationName, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
pfree(ruleName);
#endif
RemoveView(viewName);