database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-17 17:02:08 +03:00
Code Activity

Check for INSERT privileges in SELECT INTO / CREATE TABLE AS.

Browse Source 
In the normal course of events, this matters only if ALTER DEFAULT
PRIVILEGES has been used to revoke default INSERT permission.  Whether
or not the new behavior is more or less likely to be what the user wants
when dealing only with the built-in privilege facilities is arguable,
but it's clearly better when using a loadable module such as sepgsql
that may use the hook in ExecCheckRTPerms to enforce additional
permissions checks.

KaiGai Kohei, reviewed by Albe Laurenz
This commit is contained in:
Robert Haas
2011-11-22 16:16:26 -05:00
parent 766948bedd
commit f1b4aa2a84
3 changed files with 93 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/backend/executor/execMain.c
View File

@ -2395,6 +2395,8 @@ OpenIntoRel(QueryDesc *queryDesc)
Datum reloptions;
Oid intoRelationId;
DR_intorel *myState;
RangeTblEntry *rte;
AttrNumber attnum;
static char *validnsps[] = HEAP_RELOPT_NAMESPACES;
Assert(into);
@ -2516,6 +2518,21 @@ OpenIntoRel(QueryDesc *queryDesc)
*/
intoRelationDesc = heap_open(intoRelationId, AccessExclusiveLock);
/*
* check INSERT permission on the constructed table.
*/
rte = makeNode(RangeTblEntry);
rte->rtekind = RTE_RELATION;
rte->relid = intoRelationId;
rte->relkind = RELKIND_RELATION;
rte->requiredPerms = ACL_INSERT;
for (attnum = 1; attnum <= queryDesc->tupDesc->natts; attnum++)
rte->modifiedCols = bms_add_member(rte->modifiedCols,
attnum - FirstLowInvalidHeapAttributeNumber);
ExecCheckRTPerms(list_make1(rte), true);
/*
* Now replace the query's DestReceiver with one for SELECT INTO
*/