From: Dan McGuirk <mcguirk@indirect.com>

Subject: [HACKERS] better access control error messages This patch replaces the 'no such class or insufficient privilege' with distinct error messages that tell you whether the table really doesn't exist or whether access was denied.
2025-09-02 04:21:28 +03:00 · 1997-03-12 20:48:48 +00:00
parent c00c511b7b
commit e4949f9fe5
6 changed files with 63 additions and 43 deletions
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -6,7 +6,7 @@
 *
 * Copyright (c) 1994, Regents of the University of California
 *
- * $Id: acl.h,v 1.4 1996/11/10 03:06:14 momjian Exp $
+ * $Id: acl.h,v 1.5 1997/03/12 20:48:48 scrappy Exp $
 *
 * NOTES
 *    For backward-compatability purposes we have to allow there
@@ -111,10 +111,14 @@ typedef ArrayType IdList;
 #define	ACL_MODE_WR_CHR		'w'
 #define	ACL_MODE_RU_CHR		'R'

-/* we use this warning string both for non-existent tables and
-   insufficient privilege so non-privileged users cannot ascertain whether 
-   the class exists or not */
-#define ACL_NO_PRIV_WARNING "Either no such class or insufficient privilege"
+/* result codes for pg_aclcheck */
+#define ACLCHECK_OK               0
+#define ACLCHECK_NO_PRIV          1
+#define ACLCHECK_NO_CLASS         2
+#define ACLCHECK_NOT_OWNER        3
+
+/* warning messages.  set these in aclchk.c. */
+extern char *aclcheck_error_strings[];

 /*
 * Enable ACL execution tracing and table dumps