diff options
Diffstat (limited to 'src/backend/commands')
| -rw-r--r-- | src/backend/commands/analyze.c | 31 | ||||
| -rw-r--r-- | src/backend/commands/schemacmds.c | 13 | ||||
| -rw-r--r-- | src/backend/commands/vacuum.c | 15 | ||||
| -rw-r--r-- | src/backend/commands/variable.c | 35 |
4 files changed, 77 insertions, 17 deletions
diff --git a/src/backend/commands/analyze.c b/src/backend/commands/analyze.c index f39a9575bbf..82bb020bc57 100644 --- a/src/backend/commands/analyze.c +++ b/src/backend/commands/analyze.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/analyze.c,v 1.113 2008/01/01 19:45:48 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/commands/analyze.c,v 1.114 2008/01/03 21:23:15 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -119,6 +119,8 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt, HeapTuple *rows; PGRUsage ru0; TimestampTz starttime = 0; + Oid save_userid; + bool save_secdefcxt; if (vacstmt->verbose) elevel = INFO; @@ -202,6 +204,18 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt, return; } + ereport(elevel, + (errmsg("analyzing \"%s.%s\"", + get_namespace_name(RelationGetNamespace(onerel)), + RelationGetRelationName(onerel)))); + + /* + * Switch to the table owner's userid, so that any index functions are + * run as that user. + */ + GetUserIdAndContext(&save_userid, &save_secdefcxt); + SetUserIdAndContext(onerel->rd_rel->relowner, true); + /* let others know what I'm doing */ LWLockAcquire(ProcArrayLock, LW_EXCLUSIVE); MyProc->vacuumFlags |= PROC_IN_ANALYZE; @@ -215,11 +229,6 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt, starttime = GetCurrentTimestamp(); } - ereport(elevel, - (errmsg("analyzing \"%s.%s\"", - get_namespace_name(RelationGetNamespace(onerel)), - RelationGetRelationName(onerel)))); - /* * Determine which columns to analyze * @@ -344,9 +353,7 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt, onerel->rd_rel->relisshared, 0, 0); - vac_close_indexes(nindexes, Irel, AccessShareLock); - relation_close(onerel, ShareUpdateExclusiveLock); - return; + goto cleanup; } /* @@ -466,6 +473,9 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt, totalrows, totaldeadrows); } + /* We skip to here if there were no analyzable columns */ +cleanup: + /* Done with indexes */ vac_close_indexes(nindexes, Irel, NoLock); @@ -498,6 +508,9 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt, LWLockAcquire(ProcArrayLock, LW_EXCLUSIVE); MyProc->vacuumFlags &= ~PROC_IN_ANALYZE; LWLockRelease(ProcArrayLock); + + /* Restore userid */ + SetUserIdAndContext(save_userid, save_secdefcxt); } /* diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c index 91a7ce9270d..d77294ccc22 100644 --- a/src/backend/commands/schemacmds.c +++ b/src/backend/commands/schemacmds.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/schemacmds.c,v 1.48 2008/01/01 19:45:49 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/commands/schemacmds.c,v 1.49 2008/01/03 21:23:15 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -48,9 +48,10 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString) ListCell *parsetree_item; Oid owner_uid; Oid saved_uid; + bool saved_secdefcxt; AclResult aclresult; - saved_uid = GetUserId(); + GetUserIdAndContext(&saved_uid, &saved_secdefcxt); /* * Who is supposed to own the new schema? @@ -86,11 +87,11 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString) * temporarily set the current user so that the object(s) will be created * with the correct ownership. * - * (The setting will revert to session user on error or at the end of this - * routine.) + * (The setting will be restored at the end of this routine, or in case + * of error, transaction abort will clean things up.) */ if (saved_uid != owner_uid) - SetUserId(owner_uid); + SetUserIdAndContext(owner_uid, true); /* Create the schema's namespace */ namespaceId = NamespaceCreate(schemaName, owner_uid); @@ -142,7 +143,7 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString) PopOverrideSearchPath(); /* Reset current user */ - SetUserId(saved_uid); + SetUserIdAndContext(saved_uid, saved_secdefcxt); } diff --git a/src/backend/commands/vacuum.c b/src/backend/commands/vacuum.c index 389141cd409..6b2b70dd1aa 100644 --- a/src/backend/commands/vacuum.c +++ b/src/backend/commands/vacuum.c @@ -13,7 +13,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/vacuum.c,v 1.362 2008/01/01 19:45:49 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/commands/vacuum.c,v 1.363 2008/01/03 21:23:15 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -971,6 +971,8 @@ vacuum_rel(Oid relid, VacuumStmt *vacstmt, char expected_relkind) Relation onerel; LockRelId onerelid; Oid toast_relid; + Oid save_userid; + bool save_secdefcxt; /* Begin a transaction for vacuuming this relation */ StartTransactionCommand(); @@ -1101,6 +1103,14 @@ vacuum_rel(Oid relid, VacuumStmt *vacstmt, char expected_relkind) toast_relid = onerel->rd_rel->reltoastrelid; /* + * Switch to the table owner's userid, so that any index functions are + * run as that user. (This is unnecessary, but harmless, for lazy + * VACUUM.) + */ + GetUserIdAndContext(&save_userid, &save_secdefcxt); + SetUserIdAndContext(onerel->rd_rel->relowner, true); + + /* * Do the actual work --- either FULL or "lazy" vacuum */ if (vacstmt->full) @@ -1108,6 +1118,9 @@ vacuum_rel(Oid relid, VacuumStmt *vacstmt, char expected_relkind) else lazy_vacuum_rel(onerel, vacstmt, vac_strategy); + /* Restore userid */ + SetUserIdAndContext(save_userid, save_secdefcxt); + /* all done with this class, but hold lock until commit */ relation_close(onerel, NoLock); diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c index d0f1168570e..2c234071d21 100644 --- a/src/backend/commands/variable.c +++ b/src/backend/commands/variable.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.124 2008/01/01 19:45:49 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.125 2008/01/03 21:23:15 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -717,6 +717,21 @@ assign_session_authorization(const char *value, bool doit, GucSource source) /* not a saved ID, so look it up */ HeapTuple roleTup; + if (InSecurityDefinerContext()) + { + /* + * Disallow SET SESSION AUTHORIZATION inside a security definer + * context. We need to do this because when we exit the context, + * GUC won't be notified, leaving things out of sync. Note that + * this test is positioned so that restoring a previously saved + * setting isn't prevented. + */ + ereport(GUC_complaint_elevel(source), + (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), + errmsg("cannot set session authorization within security-definer function"))); + return NULL; + } + if (!IsTransactionState()) { /* @@ -823,6 +838,24 @@ assign_role(const char *value, bool doit, GucSource source) } } + if (roleid == InvalidOid && InSecurityDefinerContext()) + { + /* + * Disallow SET ROLE inside a security definer context. We need to do + * this because when we exit the context, GUC won't be notified, + * leaving things out of sync. Note that this test is arranged so + * that restoring a previously saved setting isn't prevented. + * + * XXX it would be nice to allow this case in future, with the + * behavior being that the SET ROLE's effects end when the security + * definer context is exited. + */ + ereport(GUC_complaint_elevel(source), + (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), + errmsg("cannot set role within security-definer function"))); + return NULL; + } + if (roleid == InvalidOid && strcmp(actual_rolename, "none") != 0) { |