diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2004-01-14 23:01:55 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2004-01-14 23:01:55 +0000 |
| commit | cfd7fb7ed4b66da97f88338d991843fa7e2fe59d (patch) | |
| tree | f433f1281eba10a7ab2e563fa39eaf3228df32e8 /src/backend/parser/analyze.c | |
| parent | 01d320d421b3f82de799e86e8b9adac27c2f9a26 (diff) | |
| download | postgresql-cfd7fb7ed4b66da97f88338d991843fa7e2fe59d.tar.gz postgresql-cfd7fb7ed4b66da97f88338d991843fa7e2fe59d.zip | |
Fix permission-checking bug reported by Tim Burgess 10-Feb-03 (this time
for sure...). Rather than relying on the query context of a rangetable
entry to identify what permissions it wants checked, store a full AclMode
mask in each RTE, and check exactly those bits. This allows an RTE
specifying, say, INSERT privilege on a view to be copied into a derived
UPDATE query without changing meaning. Per recent discussion thread.
initdb forced due to change of stored rule representation.
Diffstat (limited to 'src/backend/parser/analyze.c')
| -rw-r--r-- | src/backend/parser/analyze.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/src/backend/parser/analyze.c b/src/backend/parser/analyze.c index 33f32c1b377..89620821347 100644 --- a/src/backend/parser/analyze.c +++ b/src/backend/parser/analyze.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/backend/parser/analyze.c,v 1.295 2004/01/11 04:58:17 neilc Exp $ + * $PostgreSQL: pgsql/src/backend/parser/analyze.c,v 1.296 2004/01/14 23:01:55 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -472,7 +472,8 @@ transformDeleteStmt(ParseState *pstate, DeleteStmt *stmt) /* set up range table with just the result rel */ qry->resultRelation = setTargetTable(pstate, stmt->relation, interpretInhOption(stmt->relation->inhOpt), - true); + true, + ACL_DELETE); qry->distinctClause = NIL; @@ -539,7 +540,7 @@ transformInsertStmt(ParseState *pstate, InsertStmt *stmt, * table is not added to the joinlist or namespace. */ qry->resultRelation = setTargetTable(pstate, stmt->relation, - false, false); + false, false, ACL_INSERT); /* * Is it INSERT ... SELECT or INSERT ... VALUES? @@ -1721,8 +1722,8 @@ transformRuleStmt(ParseState *pstate, RuleStmt *stmt, makeAlias("*NEW*", NIL), false, true); /* Must override addRangeTableEntry's default access-check flags */ - oldrte->checkForRead = false; - newrte->checkForRead = false; + oldrte->requiredPerms = 0; + newrte->requiredPerms = 0; /* * They must be in the namespace too for lookup purposes, but only add @@ -1820,8 +1821,8 @@ transformRuleStmt(ParseState *pstate, RuleStmt *stmt, newrte = addRangeTableEntry(sub_pstate, stmt->relation, makeAlias("*NEW*", NIL), false, false); - oldrte->checkForRead = false; - newrte->checkForRead = false; + oldrte->requiredPerms = 0; + newrte->requiredPerms = 0; addRTEtoQuery(sub_pstate, oldrte, false, true); addRTEtoQuery(sub_pstate, newrte, false, true); @@ -2493,7 +2494,8 @@ transformUpdateStmt(ParseState *pstate, UpdateStmt *stmt) qry->resultRelation = setTargetTable(pstate, stmt->relation, interpretInhOption(stmt->relation->inhOpt), - true); + true, + ACL_UPDATE); /* * the FROM clause is non-standard SQL syntax. We used to be able to @@ -2880,7 +2882,7 @@ transformForUpdate(Query *qry, List *forUpdate) case RTE_RELATION: if (!intMember(i, rowMarks)) /* avoid duplicates */ rowMarks = lappendi(rowMarks, i); - rte->checkForWrite = true; + rte->requiredPerms |= ACL_SELECT_FOR_UPDATE; break; case RTE_SUBQUERY: /* @@ -2915,7 +2917,7 @@ transformForUpdate(Query *qry, List *forUpdate) case RTE_RELATION: if (!intMember(i, rowMarks)) /* avoid duplicates */ rowMarks = lappendi(rowMarks, i); - rte->checkForWrite = true; + rte->requiredPerms |= ACL_SELECT_FOR_UPDATE; break; case RTE_SUBQUERY: /* |