Skip to content

Commit 7562103

Browse files
tglsfdctglsfdc
committed
The no-updates-to-system-catalogs-unless-usecatupd restriction should
not apply to system views. It never mattered before 7.4, but it does now.
1 parent 303a257 commit 7562103

File tree

1 file changed

+13
-7
lines changed

1 file changed

+13
-7
lines changed

src/backend/catalog/aclchk.c

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.96 2003/12/19 14:21:56 petere Exp $
11+
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.97 2004/01/14 03:44:53 tgl Exp $
1212
*
1313
* NOTES
1414
* See acl.h.
@@ -1015,6 +1015,7 @@ pg_class_aclcheck(Oid table_oid, AclId userid, AclMode mode)
10151015
bool usesuper,
10161016
usecatupd;
10171017
HeapTuple tuple;
1018+
Form_pg_class classForm;
10181019
Datum aclDatum;
10191020
bool isNull;
10201021
Acl *acl;
@@ -1046,16 +1047,22 @@ pg_class_aclcheck(Oid table_oid, AclId userid, AclMode mode)
10461047
ereport(ERROR,
10471048
(errcode(ERRCODE_UNDEFINED_TABLE),
10481049
errmsg("relation with OID %u does not exist", table_oid)));
1050+
classForm = (Form_pg_class) GETSTRUCT(tuple);
10491051

10501052
/*
10511053
* Deny anyone permission to update a system catalog unless
10521054
* pg_shadow.usecatupd is set. (This is to let superusers protect
1053-
* themselves from themselves.)
1055+
* themselves from themselves.) Also allow it if allowSystemTableMods.
1056+
*
1057+
* As of 7.4 we have some updatable system views; those shouldn't
1058+
* be protected in this way. Assume the view rules can take care
1059+
* of themselves.
10541060
*/
10551061
if ((mode & (ACL_INSERT | ACL_UPDATE | ACL_DELETE)) &&
1056-
!allowSystemTableMods &&
1057-
IsSystemClass((Form_pg_class) GETSTRUCT(tuple)) &&
1058-
!usecatupd)
1062+
IsSystemClass(classForm) &&
1063+
classForm->relkind != RELKIND_VIEW &&
1064+
!usecatupd &&
1065+
!allowSystemTableMods)
10591066
{
10601067
#ifdef ACLDEBUG
10611068
elog(DEBUG2, "permission denied for system catalog update");
@@ -1084,9 +1091,8 @@ pg_class_aclcheck(Oid table_oid, AclId userid, AclMode mode)
10841091
if (isNull)
10851092
{
10861093
/* No ACL, so build default ACL */
1087-
AclId ownerId;
1094+
AclId ownerId = classForm->relowner;
10881095

1089-
ownerId = ((Form_pg_class) GETSTRUCT(tuple))->relowner;
10901096
acl = acldefault(ACL_OBJECT_RELATION, ownerId);
10911097
aclDatum = (Datum) 0;
10921098
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy