diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2004-01-14 03:44:53 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2004-01-14 03:44:53 +0000 |
| commit | 7562103f6e77fe3b4fad6a7eba8c59f51627b30c (patch) | |
| tree | 4c5173c6f877a47affd6353ba5d0fa3836ff6a2a | |
| parent | 303a257b5fece11ed774359b8f564ba9e694f35a (diff) | |
| download | postgresql-7562103f6e77fe3b4fad6a7eba8c59f51627b30c.tar.gz postgresql-7562103f6e77fe3b4fad6a7eba8c59f51627b30c.zip | |
The no-updates-to-system-catalogs-unless-usecatupd restriction should
not apply to system views. It never mattered before 7.4, but it does now.
| -rw-r--r-- | src/backend/catalog/aclchk.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index 203cc4e4dec..e40b5b310f3 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.96 2003/12/19 14:21:56 petere Exp $ + * $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.97 2004/01/14 03:44:53 tgl Exp $ * * NOTES * See acl.h. @@ -1015,6 +1015,7 @@ pg_class_aclcheck(Oid table_oid, AclId userid, AclMode mode) bool usesuper, usecatupd; HeapTuple tuple; + Form_pg_class classForm; Datum aclDatum; bool isNull; Acl *acl; @@ -1046,16 +1047,22 @@ pg_class_aclcheck(Oid table_oid, AclId userid, AclMode mode) ereport(ERROR, (errcode(ERRCODE_UNDEFINED_TABLE), errmsg("relation with OID %u does not exist", table_oid))); + classForm = (Form_pg_class) GETSTRUCT(tuple); /* * Deny anyone permission to update a system catalog unless * pg_shadow.usecatupd is set. (This is to let superusers protect - * themselves from themselves.) + * themselves from themselves.) Also allow it if allowSystemTableMods. + * + * As of 7.4 we have some updatable system views; those shouldn't + * be protected in this way. Assume the view rules can take care + * of themselves. */ if ((mode & (ACL_INSERT | ACL_UPDATE | ACL_DELETE)) && - !allowSystemTableMods && - IsSystemClass((Form_pg_class) GETSTRUCT(tuple)) && - !usecatupd) + IsSystemClass(classForm) && + classForm->relkind != RELKIND_VIEW && + !usecatupd && + !allowSystemTableMods) { #ifdef ACLDEBUG elog(DEBUG2, "permission denied for system catalog update"); @@ -1084,9 +1091,8 @@ pg_class_aclcheck(Oid table_oid, AclId userid, AclMode mode) if (isNull) { /* No ACL, so build default ACL */ - AclId ownerId; + AclId ownerId = classForm->relowner; - ownerId = ((Form_pg_class) GETSTRUCT(tuple))->relowner; acl = acldefault(ACL_OBJECT_RELATION, ownerId); aclDatum = (Datum) 0; } |