diff options
| author | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2014-12-23 10:22:09 -0300 |
|---|---|---|
| committer | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2014-12-23 10:22:09 -0300 |
| commit | 1826987a46d079458007b7b6bbcbbd852353adbb (patch) | |
| tree | c3598d1d9c006551d2adff2b888112a24f2d03ed /src/backend/commands/dbcommands.c | |
| parent | 7eca575d1c28f6eee2bf4564f3d458d10c4a8f47 (diff) | |
| download | postgresql-1826987a46d079458007b7b6bbcbbd852353adbb.tar.gz postgresql-1826987a46d079458007b7b6bbcbbd852353adbb.zip | |
Use a bitmask to represent role attributes
The previous representation using a boolean column for each attribute
would not scale as well as we want to add further attributes.
Extra auxilliary functions are added to go along with this change, to
make up for the lost convenience of access of the old representation.
Catalog version bumped due to change in catalogs and the new functions.
Author: Adam Brightwell, minor tweaks by Álvaro
Reviewed by: Stephen Frost, Andres Freund, Álvaro Herrera
Diffstat (limited to 'src/backend/commands/dbcommands.c')
| -rw-r--r-- | src/backend/commands/dbcommands.c | 27 |
1 files changed, 3 insertions, 24 deletions
diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c index 1a5244cade2..c079168c83d 100644 --- a/src/backend/commands/dbcommands.c +++ b/src/backend/commands/dbcommands.c @@ -85,7 +85,6 @@ static bool get_db_info(const char *name, LOCKMODE lockmode, Oid *dbLastSysOidP, TransactionId *dbFrozenXidP, MultiXactId *dbMinMultiP, Oid *dbTablespace, char **dbCollate, char **dbCtype); -static bool have_createdb_privilege(void); static void remove_dbtablespaces(Oid db_id); static bool check_db_file_conflict(Oid db_id); static int errdetail_busy_db(int notherbackends, int npreparedxacts); @@ -291,7 +290,7 @@ createdb(const CreatedbStmt *stmt) * "giveaway" attacks. Note that a superuser will always have both of * these privileges a fortiori. */ - if (!have_createdb_privilege()) + if (!have_role_attribute(ROLE_ATTR_CREATEDB)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to create database"))); @@ -965,7 +964,7 @@ RenameDatabase(const char *oldname, const char *newname) oldname); /* must have createdb rights */ - if (!have_createdb_privilege()) + if (!have_role_attribute(ROLE_ATTR_CREATEDB)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to rename database"))); @@ -1623,7 +1622,7 @@ AlterDatabaseOwner(const char *dbname, Oid newOwnerId) * databases. Because superusers will always have this right, we need * no special case for them. */ - if (!have_createdb_privilege()) + if (!have_role_attribute(ROLE_ATTR_CREATEDB)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to change owner of database"))); @@ -1802,26 +1801,6 @@ get_db_info(const char *name, LOCKMODE lockmode, return result; } -/* Check if current user has createdb privileges */ -static bool -have_createdb_privilege(void) -{ - bool result = false; - HeapTuple utup; - - /* Superusers can always do everything */ - if (superuser()) - return true; - - utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId())); - if (HeapTupleIsValid(utup)) - { - result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreatedb; - ReleaseSysCache(utup); - } - return result; -} - /* * Remove tablespace directories * |