opensourcemirror
/
postgresql
mirror of git://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove NO_SECURITY define.

This commit is contained in:
Bruce Momjian 2000-10-16 17:08:11 +00:00
parent 17e3e4702d
commit 85f1950a6f
12 changed files with 24 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/commands/analyze.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.7 2000/10/05 19:48:22 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.8 2000/10/16 17:08:05 momjian Exp $
*
*-------------------------------------------------------------------------
@ -98,7 +98,6 @@ analyze_rel(Oid relid, List *anal_cols2, int MESSAGE_LEVEL)
onerel = heap_open(relid, AccessShareLock);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
RELNAME))
{
@ -110,7 +109,6 @@ analyze_rel(Oid relid, List *anal_cols2, int MESSAGE_LEVEL)
CommitTransactionCommand();
return;
}
#endif
elog(MESSAGE_LEVEL, "Analyzing...");

30
src/backend/commands/command.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.106 2000/10/10 17:13:30 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.107 2000/10/16 17:08:05 momjian Exp $
*
* NOTES
* The PerformAddAttribute() code, like most of the relation
@ -311,10 +311,8 @@ AlterTableAddColumn(const char *relationName,
if (!allowSystemTableMods && IsSystemRelationName(relationName))
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
relationName);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "ALTER TABLE: permission denied");
#endif
/*
* Grab an exclusive lock on the target table, which we will NOT
@ -1149,7 +1147,7 @@ AlterTableAddConstraint(char *relationName,
scan = heap_beginscan(rel, false, SnapshotNow, 0, NULL);
AssertState(scan != NULL);
/*
/*
* We need to make a parse state and range table to allow
* us to transformExpr and fix_opids to get a version of
* the expression we can pass to ExecQual
@ -1195,7 +1193,7 @@ AlterTableAddConstraint(char *relationName,
rte->eref->relname = relationName;
rtlist = makeList1(rte);
/*
/*
* Scan through the rows now, making the necessary things
* for ExecQual, and then call it to evaluate the
* expression.
@ -1224,13 +1222,13 @@ AlterTableAddConstraint(char *relationName,
pfree(rte);
heap_endscan(scan);
heap_close(rel, NoLock);
heap_close(rel, NoLock);
if (!successful)
if (!successful)
{
elog(ERROR, "AlterTableAddConstraint: rejected due to CHECK constraint %s", name);
}
/*
/*
* Call AddRelationRawConstraints to do the real adding --
* It duplicates some of the above, but does not check the
* validity of the constraint against tuples already in
@ -1274,7 +1272,7 @@ AlterTableAddConstraint(char *relationName,
pkrel = heap_openr(fkconstraint->pktable_name, AccessExclusiveLock);
if (pkrel->rd_rel->relkind != RELKIND_RELATION)
elog(ERROR, "referenced table \"%s\" not a relation",
elog(ERROR, "referenced table \"%s\" not a relation",
fkconstraint->pktable_name);
/*
@ -1328,7 +1326,7 @@ AlterTableAddConstraint(char *relationName,
}
}
if (found)
break;
break;
indexStruct = NULL;
}
if (!found)
@ -1591,7 +1589,7 @@ AlterTableCreateToastTable(const char *relationName, bool silent)
if (((Form_pg_class) GETSTRUCT(reltup))->reltoastrelid != InvalidOid)
{
if (silent)
if (silent)
{
heap_close(rel, NoLock);
heap_close(class_rel, NoLock);
@ -1601,14 +1599,14 @@ AlterTableCreateToastTable(const char *relationName, bool silent)
elog(ERROR, "ALTER TABLE: relation \"%s\" already has a toast table",
relationName);
}
}
/*
* Check to see whether the table actually needs a TOAST table.
*/
if (! needs_toast_table(rel))
{
if (silent)
if (silent)
{
heap_close(rel, NoLock);
heap_close(class_rel, NoLock);
@ -1784,7 +1782,7 @@ LockTableCommand(LockStmt *lockstmt)
if (rel->rd_rel->relkind != RELKIND_RELATION)
elog(ERROR, "LOCK TABLE: %s is not a table", lockstmt->relname);
if (is_view(rel))
if (is_view(rel))
elog(ERROR, "LOCK TABLE: cannot lock a view");
if (lockstmt->mode == AccessShareLock)
@ -1842,7 +1840,7 @@ is_view(Relation rel)
while (HeapTupleIsValid(tuple = heap_getnext(scanDesc, 0)))
{
if (tuple->t_data != NULL)
if (tuple->t_data != NULL)
{
data = (Form_pg_rewrite) GETSTRUCT(tuple);
if (data->ev_type == '1')
@ -1856,6 +1854,6 @@ is_view(Relation rel)
heap_endscan(scanDesc);
heap_close(RewriteRelation, RowExclusiveLock);
return retval;
}

4
src/backend/commands/comment.c
View File

@ -283,10 +283,8 @@ CommentRelation(int reltype, char *relname, char *comment)
/*** First, check object security ***/
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "you are not permitted to comment on class '%s'", relname);
#endif
/*** Now, attempt to find the oid in the cached version of pg_class ***/
@ -349,10 +347,8 @@ CommentAttribute(char *relname, char *attrname, char *comment)
/*** First, check object security ***/
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "you are not permitted to comment on class '%s\'", relname);
#endif
/*** Now, fetch the attribute oid from the system cache ***/

10
src/backend/commands/remove.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/remove.c,v 1.53 2000/10/07 00:58:16 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/remove.c,v 1.54 2000/10/16 17:08:05 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -81,13 +81,11 @@ RemoveOperator(char *operatorName, /* operator name */
if (HeapTupleIsValid(tup))
{
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(),
(char *) ObjectIdGetDatum(tup->t_data->t_oid),
OPEROID))
elog(ERROR, "RemoveOperator: operator '%s': permission denied",
operatorName);
#endif
/*** Delete any comments associated with this operator ***/
@ -250,11 +248,9 @@ RemoveType(char *typeName) /* type name to be removed */
Oid typeOid;
char *shadow_type;
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), typeName, TYPENAME))
elog(ERROR, "RemoveType: type '%s': permission denied",
typeName);
#endif
relation = heap_openr(TypeRelationName, RowExclusiveLock);
@ -334,13 +330,11 @@ RemoveFunction(char *functionName, /* function name to be removed */
}
}
#ifndef NO_SECURITY
if (!pg_func_ownercheck(GetUserId(), functionName, nargs, argList))
{
elog(ERROR, "RemoveFunction: function '%s': permission denied",
functionName);
}
#endif
relation = heap_openr(ProcedureRelationName, RowExclusiveLock);
tup = SearchSysCacheTuple(PROCNAME,
@ -396,7 +390,6 @@ RemoveAggregate(char *aggName, char *aggType)
else
basetypeID = 0;
#ifndef NO_SECURITY
if (!pg_aggr_ownercheck(GetUserId(), aggName, basetypeID))
{
if (aggType)
@ -410,7 +403,6 @@ RemoveAggregate(char *aggName, char *aggType)
aggName);
}
}
#endif
relation = heap_openr(AggregateRelationName, RowExclusiveLock);
tup = SearchSysCacheTuple(AGGNAME,

4
src/backend/commands/rename.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/rename.c,v 1.48 2000/10/16 14:52:03 vadim Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/rename.c,v 1.49 2000/10/16 17:08:05 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -71,12 +71,10 @@ renameatt(char *relname,
if (!allowSystemTableMods && IsSystemRelationName(relname))
elog(ERROR, "renameatt: class \"%s\" is a system catalog",
relname);
#ifndef NO_SECURITY
if (!IsBootstrapProcessingMode() &&
!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "renameatt: you do not own class \"%s\"",
relname);
#endif
/*
* Grab an exclusive lock on the target table, which we will NOT

8
src/backend/commands/sequence.c
View File

@ -201,11 +201,9 @@ nextval(PG_FUNCTION_ARGS)
next,
rescnt = 0;
#ifndef NO_SECURITY
if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
elog(ERROR, "%s.nextval: you don't have permissions to set sequence %s",
seqname, seqname);
#endif
/* open and AccessShareLock sequence */
elm = init_sequence("nextval", seqname);
@ -298,11 +296,9 @@ currval(PG_FUNCTION_ARGS)
SeqTable elm;
int32 result;
#ifndef NO_SECURITY
if (pg_aclcheck(seqname, GetUserId(), ACL_RD) != ACLCHECK_OK)
elog(ERROR, "%s.currval: you don't have permissions to read sequence %s",
seqname, seqname);
#endif
/* open and AccessShareLock sequence */
elm = init_sequence("currval", seqname);
@ -318,18 +314,16 @@ currval(PG_FUNCTION_ARGS)
PG_RETURN_INT32(result);
}
static void
static void
do_setval(char *seqname, int32 next, bool iscalled)
{
SeqTable elm;
Buffer buf;
Form_pg_sequence seq;
#ifndef NO_SECURITY
if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
elog(ERROR, "%s.setval: you don't have permissions to set sequence %s",
seqname, seqname);
#endif
/* open and AccessShareLock sequence */
elm = init_sequence("setval", seqname);

6
src/backend/commands/trigger.c
View File

@ -7,7 +7,7 @@
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.77 2000/09/06 14:15:16 petere Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.78 2000/10/16 17:08:05 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -68,10 +68,8 @@ CreateTrigger(CreateTrigStmt *stmt)
if (!allowSystemTableMods && IsSystemRelationName(stmt->relname))
elog(ERROR, "CreateTrigger: can't create trigger for system relation %s", stmt->relname);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif
/* ----------
* If trigger is a constraint, user trigger name as constraint
@ -308,10 +306,8 @@ DropTrigger(DropTrigStmt *stmt)
int found = 0;
int tgfound = 0;
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif
rel = heap_openr(stmt->relname, AccessExclusiveLock);

4
src/backend/commands/vacuum.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/vacuum.c,v 1.167 2000/10/05 19:48:22 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/vacuum.c,v 1.168 2000/10/16 17:08:05 momjian Exp $
*
*-------------------------------------------------------------------------
@ -397,7 +397,6 @@ vacuum_rel(Oid relid, bool analyze, bool is_toastrel)
*/
onerel = heap_open(relid, AccessExclusiveLock);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
RELNAME))
{
@ -408,7 +407,6 @@ vacuum_rel(Oid relid, bool analyze, bool is_toastrel)
CommitTransactionCommand();
return;
}
#endif
/*
* Remember the relation'ss TOAST relation for later

4
src/backend/executor/execMain.c
View File

@ -27,7 +27,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.129 2000/10/05 19:11:26 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.130 2000/10/16 17:08:06 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -619,9 +619,7 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate)
/*
* Do permissions checks.
*/
#ifndef NO_SECURITY
ExecCheckQueryPerms(operation, parseTree, plan);
#endif
/*
* get information from query descriptor

24
src/backend/tcop/utility.c
View File

@ -10,7 +10,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.95 2000/10/07 00:58:18 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.96 2000/10/16 17:08:07 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -174,11 +174,9 @@ ProcessUtility(Node *parsetree,
relname);
/* close rel, but keep lock until end of xact */
heap_close(rel, NoLock);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "you do not own class \"%s\"",
relname);
#endif
}
/* OK, terminate 'em all */
foreach(arg, args)
@ -210,10 +208,8 @@ ProcessUtility(Node *parsetree,
relname);
heap_close(rel, NoLock);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "you do not own class \"%s\"", relname);
#endif
TruncateRelation(relname);
}
break;
@ -270,10 +266,8 @@ ProcessUtility(Node *parsetree,
if (!allowSystemTableMods && IsSystemRelationName(relname))
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
relname);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "permission denied");
#endif
/* ----------------
* XXX using len == 3 to tell the difference
@ -430,12 +424,10 @@ ProcessUtility(Node *parsetree,
RuleStmt *stmt = (RuleStmt *) parsetree;
int aclcheck_result;
#ifndef NO_SECURITY
relname = stmt->object->relname;
aclcheck_result = pg_aclcheck(relname, GetUserId(), ACL_RU);
if (aclcheck_result != ACLCHECK_OK)
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[aclcheck_result]);
#endif
set_ps_display(commandTag = "CREATE");
DefineQueryRewrite(stmt);
@ -473,10 +465,8 @@ ProcessUtility(Node *parsetree,
if (!allowSystemTableMods && IsSystemRelationName(relname))
elog(ERROR, "class \"%s\" is a system catalog index",
relname);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif
RemoveIndex(relname);
break;
case RULE:
@ -484,20 +474,15 @@ ProcessUtility(Node *parsetree,
char *rulename = stmt->name;
int aclcheck_result;
#ifndef NO_SECURITY
relationName = RewriteGetRuleEventRel(rulename);
aclcheck_result = pg_aclcheck(relationName, GetUserId(), ACL_RU);
if (aclcheck_result != ACLCHECK_OK)
elog(ERROR, "%s: %s", relationName, aclcheck_error_strings[aclcheck_result]);
#endif
RemoveRewriteRule(rulename);
}
break;
case TYPE_P:
#ifndef NO_SECURITY
/* XXX moved to remove.c */
#endif
RemoveType(stmt->name);
break;
case VIEW:
@ -505,14 +490,11 @@ ProcessUtility(Node *parsetree,
char *viewName = stmt->name;
char *ruleName;
#ifndef NO_SECURITY
ruleName = MakeRetrieveViewRuleName(viewName);
relationName = RewriteGetRuleEventRel(ruleName);
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
elog(ERROR, "%s: %s", relationName, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
pfree(ruleName);
#endif
RemoveView(viewName);
}
break;
@ -810,10 +792,8 @@ ProcessUtility(Node *parsetree,
elog(ERROR, "\"%s\" is a system index. call REINDEX under standalone postgres with -P -O options",
relname);
}
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif
ReindexIndex(relname, stmt->force);
break;
case TABLE:
@ -828,10 +808,8 @@ ProcessUtility(Node *parsetree,
relname);
}
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
#endif
ReindexTable(relname, stmt->force);
break;
case DATABASE:

4
src/backend/utils/adt/acl.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.50 2000/10/07 00:58:19 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.51 2000/10/16 17:08:08 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -589,11 +589,9 @@ ExecuteChangeACLStmt(ChangeACLStmt *stmt)
if (rel && rel->rd_rel->relkind == RELKIND_INDEX)
elog(ERROR, "\"%s\" is an index relation",
relname);
#ifndef NO_SECURITY
if (!pg_ownercheck(GetUserId(), relname, RELNAME))
elog(ERROR, "you do not own class \"%s\"",
relname);
#endif
ChangeAcl(relname, &aclitem, modechg);
/* close rel, but keep lock until end of xact */
heap_close(rel, NoLock);

3
src/include/config.h.in
View File

@ -8,7 +8,7 @@
* or in config.h afterwards. Of course, if you edit config.h, then your
* changes will be overwritten the next time you run configure.
*
* $Id: config.h.in,v 1.142 2000/10/14 23:56:58 momjian Exp $
* $Id: config.h.in,v 1.143 2000/10/16 17:08:11 momjian Exp $
*/
#ifndef CONFIG_H
@ -276,7 +276,6 @@
/* #define RTDEBUG */
/* #define GISTDEBUG */
/* #define OMIT_PARTIAL_INDEX */
/* #define NO_SECURITY */
/* #define LOCK_DEBUG */
/*