aboutsummaryrefslogtreecommitdiff
path: root/src/backend/tcop/utility.c
diff options
context:
space:
mode:
authorPeter Eisentraut <peter_e@gmx.net>2000-09-06 14:15:31 +0000
committerPeter Eisentraut <peter_e@gmx.net>2000-09-06 14:15:31 +0000
commit6dc249610a87aa8b9dcc8baf4e64d2e14d02f548 (patch)
tree6ca1b864625ecf91a2887c8031a9fa91b5f9c5c5 /src/backend/tcop/utility.c
parentdaf1e3a7026e367d630be3ac34ac0a9e7cf1340f (diff)
downloadpostgresql-6dc249610a87aa8b9dcc8baf4e64d2e14d02f548.tar.gz
postgresql-6dc249610a87aa8b9dcc8baf4e64d2e14d02f548.zip
Code cleanup of user name and user id handling in the backend. The current
user is now defined in terms of the user id, the user name is only computed upon request (for display purposes). This is kind of the opposite of the previous state, which would maintain the user name and compute the user id for permission checks. Besides perhaps saving a few cycles (integer vs string), this now creates a single point of attack for changing the user id during a connection, for purposes of "setuid" functions, etc.
Diffstat (limited to 'src/backend/tcop/utility.c')
-rw-r--r--src/backend/tcop/utility.c26
1 files changed, 11 insertions, 15 deletions
diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c
index 409aca70ada..558f678430f 100644
--- a/src/backend/tcop/utility.c
+++ b/src/backend/tcop/utility.c
@@ -10,7 +10,7 @@
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.91 2000/07/05 12:45:26 wieck Exp $
+ * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.92 2000/09/06 14:15:21 petere Exp $
*
*-------------------------------------------------------------------------
*/
@@ -74,9 +74,6 @@ ProcessUtility(Node *parsetree,
char *commandTag = NULL;
char *relname;
char *relationName;
- char *userName;
-
- userName = GetPgUserName();
switch (nodeTag(parsetree))
{
@@ -200,7 +197,7 @@ ProcessUtility(Node *parsetree,
/* close rel, but keep lock until end of xact */
heap_close(rel, NoLock);
#ifndef NO_SECURITY
- if (!pg_ownercheck(userName, relname, RELNAME))
+ if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "you do not own class \"%s\"",
relname);
#endif
@@ -234,7 +231,7 @@ ProcessUtility(Node *parsetree,
heap_close(rel, NoLock);
#ifndef NO_SECURITY
- if (!pg_ownercheck(userName, relname, RELNAME))
+ if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "you do not own class \"%s\"", relname);
#endif
TruncateRelation(relname);
@@ -299,7 +296,7 @@ ProcessUtility(Node *parsetree,
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
relname);
#ifndef NO_SECURITY
- if (!pg_ownercheck(userName, relname, RELNAME))
+ if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "permission denied");
#endif
@@ -333,7 +330,6 @@ ProcessUtility(Node *parsetree,
renameatt(relname, /* relname */
stmt->column, /* old att name */
stmt->newname, /* new att name */
- userName,
stmt->inh); /* recursive? */
}
}
@@ -405,7 +401,7 @@ ProcessUtility(Node *parsetree,
/* close rel, but keep lock until end of xact */
heap_close(rel, NoLock);
#ifndef NO_SECURITY
- if (!pg_ownercheck(userName, relname, RELNAME))
+ if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "you do not own class \"%s\"",
relname);
#endif
@@ -484,7 +480,7 @@ ProcessUtility(Node *parsetree,
#ifndef NO_SECURITY
relname = stmt->object->relname;
- aclcheck_result = pg_aclcheck(relname, userName, ACL_RU);
+ aclcheck_result = pg_aclcheck(relname, GetUserId(), ACL_RU);
if (aclcheck_result != ACLCHECK_OK)
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[aclcheck_result]);
#endif
@@ -529,7 +525,7 @@ ProcessUtility(Node *parsetree,
elog(ERROR, "class \"%s\" is a system catalog index",
relname);
#ifndef NO_SECURITY
- if (!pg_ownercheck(userName, relname, RELNAME))
+ if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif
RemoveIndex(relname);
@@ -542,7 +538,7 @@ ProcessUtility(Node *parsetree,
#ifndef NO_SECURITY
relationName = RewriteGetRuleEventRel(rulename);
- aclcheck_result = pg_aclcheck(relationName, userName, ACL_RU);
+ aclcheck_result = pg_aclcheck(relationName, GetUserId(), ACL_RU);
if (aclcheck_result != ACLCHECK_OK)
elog(ERROR, "%s: %s", relationName, aclcheck_error_strings[aclcheck_result]);
#endif
@@ -564,7 +560,7 @@ ProcessUtility(Node *parsetree,
ruleName = MakeRetrieveViewRuleName(viewName);
relationName = RewriteGetRuleEventRel(ruleName);
- if (!pg_ownercheck(userName, relationName, RELNAME))
+ if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "%s: %s", relationName, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
pfree(ruleName);
#endif
@@ -881,7 +877,7 @@ ProcessUtility(Node *parsetree,
relname);
}
#ifndef NO_SECURITY
- if (!pg_ownercheck(userName, relname, RELNAME))
+ if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif
ReindexIndex(relname, stmt->force);
@@ -899,7 +895,7 @@ ProcessUtility(Node *parsetree,
relname);
}
#ifndef NO_SECURITY
- if (!pg_ownercheck(userName, relname, RELNAME))
+ if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif
ReindexTable(relname, stmt->force);
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-29 05:30:19 +0000