diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2003-02-01 18:31:28 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2003-02-01 18:31:28 +0000 |
| commit | 21166170c8cac2920ba25a647421f0f0c418c021 (patch) | |
| tree | 82c15b0c912e94ff9340b374683666a0b08905c8 /src/backend/commands/variable.c | |
| parent | 361eaa185f7b01551290289798088de48ddd0add (diff) | |
| download | postgresql-21166170c8cac2920ba25a647421f0f0c418c021.tar.gz postgresql-21166170c8cac2920ba25a647421f0f0c418c021.zip | |
Fix assign_session_authorization() to not be confused by all-numeric
user names. Per recent reports.
Diffstat (limited to 'src/backend/commands/variable.c')
| -rw-r--r-- | src/backend/commands/variable.c | 43 |
1 files changed, 30 insertions, 13 deletions
diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c index 622d2059880..6ce1487e86e 100644 --- a/src/backend/commands/variable.c +++ b/src/backend/commands/variable.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.72 2002/12/05 04:04:42 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.73 2003/02/01 18:31:28 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -519,25 +519,36 @@ show_server_encoding(void) /* * SET SESSION AUTHORIZATION * - * Note: when resetting session auth after an error, we can't expect to do - * catalog lookups. Hence, the stored form of the value is always a numeric - * userid that can be re-used directly. + * When resetting session auth after an error, we can't expect to do catalog + * lookups. Hence, the stored form of the value must provide a numeric userid + * that can be re-used directly. We store the string in the form of + * NAMEDATALEN 'x's followed by the numeric userid --- this cannot conflict + * with any valid user name, because of the NAMEDATALEN limit on names. */ const char * assign_session_authorization(const char *value, bool doit, bool interactive) { - AclId usesysid; - char *endptr; + AclId usesysid = 0; char *result; - usesysid = (Oid) strtoul(value, &endptr, 10); - - if (endptr != value && *endptr == '\0' && OidIsValid(usesysid)) + if (strspn(value, "x") == NAMEDATALEN) { - /* use the numeric user ID */ + /* might be a saved numeric userid */ + char *endptr; + + usesysid = (AclId) strtoul(value + NAMEDATALEN, &endptr, 10); + + if (endptr != value + NAMEDATALEN && *endptr == '\0') + { + /* syntactically valid, so use the numeric user ID */ + } + else + usesysid = 0; } - else + + if (usesysid == 0) { + /* not a saved ID, so look it up */ HeapTuple userTup; userTup = SearchSysCache(SHADOWNAME, @@ -558,11 +569,13 @@ assign_session_authorization(const char *value, bool doit, bool interactive) if (doit) SetSessionAuthorization(usesysid); - result = (char *) malloc(32); + result = (char *) malloc(NAMEDATALEN + 32); if (!result) return NULL; - snprintf(result, 32, "%lu", (unsigned long) usesysid); + memset(result, 'x', NAMEDATALEN); + + snprintf(result + NAMEDATALEN, 32, "%lu", (unsigned long) usesysid); return result; } @@ -570,5 +583,9 @@ assign_session_authorization(const char *value, bool doit, bool interactive) const char * show_session_authorization(void) { + /* + * We can't use the stored string; see comments for + * assign_session_authorization + */ return GetUserNameFromId(GetSessionUserId()); } |