diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2006-09-05 21:08:36 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2006-09-05 21:08:36 +0000 |
| commit | 7bae5a289c8fbe33aceb56f04e273eee2c1e7c39 (patch) | |
| tree | 6a682bb192d1966cc86ece22d51963fb86951f5d /src/backend/utils/cache/relcache.c | |
| parent | d5eb52a511bda6a975cc59ec69dca1da38675bf4 (diff) | |
| download | postgresql-7bae5a289c8fbe33aceb56f04e273eee2c1e7c39.tar.gz postgresql-7bae5a289c8fbe33aceb56f04e273eee2c1e7c39.zip | |
Get rid of the separate RULE privilege for tables: now only a table's owner
can create or modify rules for the table. Do setRuleCheckAsUser() while
loading rules into the relcache, rather than when defining a rule. This
ensures that permission checks for tables referenced in a rule are done with
respect to the current owner of the rule's table, whereas formerly ALTER TABLE
OWNER would fail to update the permission checking for associated rules.
Removal of separate RULE privilege is needed to prevent various scenarios
in which a grantee of RULE privilege could effectively have any privilege
of the table owner. For backwards compatibility, GRANT/REVOKE RULE is still
accepted, but it doesn't do anything. Per discussion here:
http://archives.postgresql.org/pgsql-hackers/2006-04/msg01138.php
Diffstat (limited to 'src/backend/utils/cache/relcache.c')
| -rw-r--r-- | src/backend/utils/cache/relcache.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/src/backend/utils/cache/relcache.c b/src/backend/utils/cache/relcache.c index 08697d50366..190543e2bd7 100644 --- a/src/backend/utils/cache/relcache.c +++ b/src/backend/utils/cache/relcache.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/cache/relcache.c,v 1.247 2006/07/31 20:09:05 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/cache/relcache.c,v 1.248 2006/09/05 21:08:36 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -51,6 +51,7 @@ #include "optimizer/clauses.h" #include "optimizer/planmain.h" #include "optimizer/prep.h" +#include "rewrite/rewriteDefine.h" #include "storage/fd.h" #include "storage/smgr.h" #include "utils/builtins.h" @@ -683,6 +684,22 @@ RelationBuildRuleLock(Relation relation) if ((Pointer) rule_text != DatumGetPointer(rule_datum)) pfree(rule_text); + /* + * We want the rule's table references to be checked as though by the + * table owner, not the user referencing the rule. Therefore, scan + * through the rule's actions and set the checkAsUser field on all + * rtable entries. We have to look at the qual as well, in case it + * contains sublinks. + * + * The reason for doing this when the rule is loaded, rather than + * when it is stored, is that otherwise ALTER TABLE OWNER would have + * to grovel through stored rules to update checkAsUser fields. + * Scanning the rule tree during load is relatively cheap (compared + * to constructing it in the first place), so we do it here. + */ + setRuleCheckAsUser((Node *) rule->actions, relation->rd_rel->relowner); + setRuleCheckAsUser(rule->qual, relation->rd_rel->relowner); + if (numlocks >= maxlocks) { maxlocks *= 2; |