From c33d575899593a46a5b9a76e4e0ef6f9d81e55dd Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Wed, 29 Jun 2005 20:34:15 +0000 Subject: More cleanup on roles patch. Allow admin option to be inherited through role memberships; make superuser/createrole distinction do something useful; fix some locking and CommandCounterIncrement issues; prevent creation of loops in the membership graph. --- src/backend/commands/dbcommands.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'src/backend/commands/dbcommands.c') diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c index 1dac14ead2e..96f964fb95f 100644 --- a/src/backend/commands/dbcommands.c +++ b/src/backend/commands/dbcommands.c @@ -15,7 +15,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.162 2005/06/28 05:08:53 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.163 2005/06/29 20:34:13 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -194,8 +194,8 @@ createdb(const CreatedbStmt *stmt) if (is_member_of_role(GetUserId(), datdba)) { - /* creating database for self: can be superuser or createdb */ - if (!superuser() && !have_createdb_privilege()) + /* creating database for self: createdb is required */ + if (!have_createdb_privilege()) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to create database"))); @@ -759,7 +759,7 @@ RenameDatabase(const char *oldname, const char *newname) oldname); /* must have createdb rights */ - if (!superuser() && !have_createdb_privilege()) + if (!have_createdb_privilege()) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to rename database"))); @@ -1044,6 +1044,10 @@ have_createdb_privilege(void) bool result = false; HeapTuple utup; + /* Superusers can always do everything */ + if (superuser()) + return true; + utup = SearchSysCache(AUTHOID, ObjectIdGetDatum(GetUserId()), 0, 0, 0); -- cgit v1.2.3