Skip to content

Commit 85add42

Browse files
bmomjianbmomjian
committed
I have large database and with this DB work more users and I very need
more restriction for fretful users. The current PG allow define only NO-CREATE-DB and NO-CREATE-USER restriction, but for some users I need NO-CREATE-TABLE and NO-LOCK-TABLE. This patch add to current code NOCREATETABLE and NOLOCKTABLE feature: CREATE USER username [ WITH [ SYSID uid ] [ PASSWORD 'password' ] ] [ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ] -> [ CREATETABLE | NOCREATETABLE ] [ LOCKTABLE | NOLOCKTABLE ] ...etc. If CREATETABLE or LOCKTABLE is not specific in CREATE USER command, as default is set CREATETABLE or LOCKTABLE (true). A user with NOCREATETABLE restriction can't call CREATE TABLE or SELECT INTO commands, only create temp table is allow for him. Karel
1 parent a672e96 commit 85add42

File tree

13 files changed

+225
-53
lines changed

13 files changed

+225
-53
lines changed

src/backend/commands/command.c

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.77 2000/06/04 22:04:32 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.78 2000/06/09 15:50:43 momjian Exp $
1212
*
1313
* NOTES
1414
* The PortalExecutorHeapMemory crap needs to be eliminated
@@ -30,6 +30,7 @@
3030
#include "commands/command.h"
3131
#include "executor/spi.h"
3232
#include "catalog/heap.h"
33+
#include "catalog/pg_shadow.h"
3334
#include "miscadmin.h"
3435
#include "optimizer/prep.h"
3536
#include "utils/acl.h"
@@ -1211,6 +1212,21 @@ LockTableCommand(LockStmt *lockstmt)
12111212
{
12121213
Relation rel;
12131214
int aclresult;
1215+
HeapTuple tup;
1216+
1217+
1218+
/* ----------
1219+
* Check pg_shadow for global lock setting
1220+
* ----------
1221+
*/
1222+
tup = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(GetPgUserName()), 0, 0, 0);
1223+
1224+
if (!HeapTupleIsValid(tup))
1225+
elog(ERROR, "LOCK TABLE: look at pg_shadow failed");
1226+
1227+
if (!((Form_pg_shadow) GETSTRUCT(tup))->uselocktable)
1228+
elog(ERROR, "LOCK TABLE: permission denied");
1229+
12141230

12151231
rel = heap_openr(lockstmt->relname, NoLock);
12161232
if (!RelationIsValid(rel))

src/backend/commands/creatinh.c

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,9 @@
99
*
1010
* IDENTIFICATION
1111
<<<<<<< creatinh.c
12-
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/creatinh.c,v 1.59 2000/06/09 01:44:03 momjian Exp $
12+
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/creatinh.c,v 1.60 2000/06/09 15:50:43 momjian Exp $
1313
=======
14-
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/creatinh.c,v 1.59 2000/06/09 01:44:03 momjian Exp $
14+
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/creatinh.c,v 1.60 2000/06/09 15:50:43 momjian Exp $
1515
>>>>>>> 1.58
1616
*
1717
*-------------------------------------------------------------------------
@@ -26,8 +26,10 @@
2626
#include "catalog/pg_inherits.h"
2727
#include "catalog/pg_ipl.h"
2828
#include "catalog/pg_type.h"
29+
#include "catalog/pg_shadow.h"
2930
#include "commands/creatinh.h"
3031
#include "utils/syscache.h"
32+
#include "miscadmin.h"
3133

3234
/* ----------------
3335
* local stuff
@@ -63,6 +65,22 @@ DefineRelation(CreateStmt *stmt, char relkind)
6365
int i;
6466
AttrNumber attnum;
6567

68+
if (!stmt->istemp) {
69+
HeapTuple tup;
70+
71+
/* ----------
72+
* Check pg_shadow for global createTable setting
73+
* ----------
74+
*/
75+
tup = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(GetPgUserName()), 0, 0, 0);
76+
77+
if (!HeapTupleIsValid(tup))
78+
elog(ERROR, "CREATE TABLE: look at pg_shadow failed");
79+
80+
if (!((Form_pg_shadow) GETSTRUCT(tup))->usecreatetable)
81+
elog(ERROR, "CREATE TABLE: permission denied");
82+
}
83+
6684
if (strlen(stmt->relname) >= NAMEDATALEN)
6785
elog(ERROR, "the relation name %s is >= %d characters long",
6886
stmt->relname, NAMEDATALEN);

src/backend/commands/user.c

Lines changed: 35 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* Portions Copyright (c) 1996-2000, PostgreSQL, Inc
77
* Portions Copyright (c) 1994, Regents of the University of California
88
*
9-
* $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.58 2000/06/09 01:11:04 tgl Exp $
9+
* $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.59 2000/06/09 15:50:43 momjian Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -250,6 +250,10 @@ CreateUser(CreateUserStmt *stmt)
250250
return;
251251
}
252252

253+
AssertState(BoolIsValid(stmt->createtable));
254+
new_record[Anum_pg_shadow_usecreatetable-1] = (Datum)(stmt->createtable);
255+
AssertState(BoolIsValid(stmt->locktable));
256+
new_record[Anum_pg_shadow_uselocktable-1] = (Datum)(stmt->locktable);
253257
/*
254258
* Build a tuple to insert
255259
*/
@@ -263,6 +267,8 @@ CreateUser(CreateUserStmt *stmt)
263267
AssertState(BoolIsValid(stmt->createuser));
264268
new_record[Anum_pg_shadow_usesuper - 1] = (Datum) (stmt->createuser);
265269
/* superuser gets catupd right by default */
270+
new_record_nulls[Anum_pg_shadow_usecreatetable-1] = ' ';
271+
new_record_nulls[Anum_pg_shadow_uselocktable-1] = ' ';
266272
new_record[Anum_pg_shadow_usecatupd - 1] = (Datum) (stmt->createuser);
267273

268274
if (stmt->password)
@@ -352,7 +358,8 @@ AlterUser(AlterUserStmt *stmt)
352358

353359
/* must be superuser or just want to change your own password */
354360
if (!superuser() &&
355-
!(stmt->createdb == 0 && stmt->createuser == 0 && !stmt->validUntil
361+
!(stmt->createdb==0 && stmt->createuser==0 && stmt->createtable==0
362+
&& stmt->locktable==0 && !stmt->validUntil
356363
&& stmt->password && strcmp(GetPgUserName(), stmt->user) == 0))
357364
elog(ERROR, "ALTER USER: permission denied");
358365

@@ -380,8 +387,32 @@ AlterUser(AlterUserStmt *stmt)
380387
/*
381388
* Build a tuple to update, perusing the information just obtained
382389
*/
383-
new_record[Anum_pg_shadow_usename - 1] = PointerGetDatum(namein(stmt->user));
384-
new_record_nulls[Anum_pg_shadow_usename - 1] = ' ';
390+
391+
/* createtable */
392+
if (stmt->createtable == 0)
393+
{
394+
/* don't change */
395+
new_record[Anum_pg_shadow_usecreatetable-1] = heap_getattr(tuple, Anum_pg_shadow_usecreatetable, pg_shadow_dsc, &null);
396+
new_record_nulls[Anum_pg_shadow_usecreatetable-1] = null ? 'n' : ' ';
397+
}
398+
else
399+
{
400+
new_record[Anum_pg_shadow_usecreatetable-1] = (Datum)(stmt->createtable > 0 ? true : false);
401+
new_record_nulls[Anum_pg_shadow_usecreatetable-1] = ' ';
402+
}
403+
404+
/* locktable */
405+
if (stmt->locktable == 0)
406+
{
407+
/* don't change */
408+
new_record[Anum_pg_shadow_uselocktable-1] = heap_getattr(tuple, Anum_pg_shadow_uselocktable, pg_shadow_dsc, &null);
409+
new_record_nulls[Anum_pg_shadow_uselocktable-1] = null ? 'n' : ' ';
410+
}
411+
else
412+
{
413+
new_record[Anum_pg_shadow_uselocktable-1] = (Datum)(stmt->locktable > 0 ? true : false);
414+
new_record_nulls[Anum_pg_shadow_uselocktable-1] = ' ';
415+
}
385416

386417
/* sysid - leave as is */
387418
new_record[Anum_pg_shadow_usesysid - 1] = heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_shadow_dsc, &null);

src/backend/parser/gram.y

Lines changed: 47 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.170 2000/06/09 01:44:18 momjian Exp $
14+
* $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.171 2000/06/09 15:50:44 momjian Exp $
1515
*
1616
* HISTORY
1717
* AUTHOR DATE MAJOR EVENT
@@ -145,7 +145,8 @@ static void doNegateFloat(Value *v);
145145
%type <ival> opt_lock, lock_type
146146
%type <boolean> opt_lmode, opt_force
147147

148-
%type <ival> user_createdb_clause, user_createuser_clause
148+
%type <ival> user_createdb_clause, user_createuser_clause, user_createtable_clause,
149+
user_locktable_clause
149150
%type <str> user_passwd_clause
150151
%type <ival> sysid_clause
151152
%type <str> user_valid_clause
@@ -339,14 +340,14 @@ static void doNegateFloat(Value *v);
339340
*/
340341
%token ABORT_TRANS, ACCESS, AFTER, AGGREGATE, ANALYZE,
341342
BACKWARD, BEFORE, BINARY, BIT,
342-
CACHE, CLUSTER, COMMENT, COPY, CREATEDB, CREATEUSER, CYCLE,
343+
CACHE, CLUSTER, COMMENT, COPY, CREATEDB, CREATETABLE, CREATEUSER, CYCLE,
343344
DATABASE, DELIMITERS, DO,
344345
EACH, ENCODING, EXCLUSIVE, EXPLAIN, EXTEND,
345346
FORCE, FORWARD, FUNCTION, HANDLER,
346347
INCREMENT, INDEX, INHERITS, INSTEAD, ISNULL,
347-
LANCOMPILER, LIMIT, LISTEN, LOAD, LOCATION, LOCK_P,
348+
LANCOMPILER, LIMIT, LISTEN, LOAD, LOCATION, LOCK_P, LOCKTABLE,
348349
MAXVALUE, MINVALUE, MODE, MOVE,
349-
NEW, NOCREATEDB, NOCREATEUSER, NONE, NOTHING, NOTIFY, NOTNULL,
350+
NEW, NOCREATEDB, NOCREATETABLE, NOCREATEUSER, NOLOCKTABLE, NONE, NOTHING, NOTIFY, NOTNULL,
350351
OFFSET, OIDS, OPERATOR, PASSWORD, PROCEDURAL,
351352
REINDEX, RENAME, RESET, RETURNS, ROW, RULE,
352353
SEQUENCE, SERIAL, SETOF, SHARE, SHOW, START, STATEMENT, STDIN, STDOUT, SYSID,
@@ -473,32 +474,37 @@ stmt : AlterTableStmt
473474
*
474475
*****************************************************************************/
475476

476-
CreateUserStmt: CREATE USER UserId
477-
user_createdb_clause user_createuser_clause user_group_clause
477+
CreateUserStmt: CREATE USER UserId user_createdb_clause user_createuser_clause
478+
user_createtable_clause user_locktable_clause user_group_clause
478479
user_valid_clause
479480
{
480481
CreateUserStmt *n = makeNode(CreateUserStmt);
481482
n->user = $3;
482-
n->sysid = -1;
483+
n->sysid = -1;
483484
n->password = NULL;
484485
n->createdb = $4 == +1 ? true : false;
485486
n->createuser = $5 == +1 ? true : false;
486-
n->groupElts = $6;
487-
n->validUntil = $7;
487+
n->createtable = $6 == +1 ? true : false;
488+
n->locktable = $7 == +1 ? true : false;
489+
n->groupElts = $8;
490+
n->validUntil = $9;
488491
$$ = (Node *)n;
489492
}
490493
| CREATE USER UserId WITH sysid_clause user_passwd_clause
491-
user_createdb_clause user_createuser_clause user_group_clause
494+
user_createdb_clause user_createuser_clause
495+
user_createtable_clause user_locktable_clause user_group_clause
492496
user_valid_clause
493497
{
494498
CreateUserStmt *n = makeNode(CreateUserStmt);
495499
n->user = $3;
496-
n->sysid = $5;
500+
n->sysid = $5;
497501
n->password = $6;
498502
n->createdb = $7 == +1 ? true : false;
499503
n->createuser = $8 == +1 ? true : false;
500-
n->groupElts = $9;
501-
n->validUntil = $10;
504+
n->createtable = $9 == +1 ? true : false;
505+
n->locktable = $10 == +1 ? true : false;
506+
n->groupElts = $11;
507+
n->validUntil = $12;
502508
$$ = (Node *)n;
503509
}
504510
;
@@ -510,27 +516,32 @@ CreateUserStmt: CREATE USER UserId
510516
*
511517
*****************************************************************************/
512518

513-
AlterUserStmt: ALTER USER UserId user_createdb_clause
514-
user_createuser_clause user_valid_clause
519+
AlterUserStmt: ALTER USER UserId user_createdb_clause user_createuser_clause
520+
user_createtable_clause user_locktable_clause user_valid_clause
515521
{
516522
AlterUserStmt *n = makeNode(AlterUserStmt);
517523
n->user = $3;
518524
n->password = NULL;
519525
n->createdb = $4;
520526
n->createuser = $5;
521-
n->validUntil = $6;
527+
n->createtable = $6;
528+
n->locktable = $7;
529+
n->validUntil = $8;
522530
$$ = (Node *)n;
523531
}
524532
| ALTER USER UserId WITH PASSWORD Sconst
525-
user_createdb_clause
526-
user_createuser_clause user_valid_clause
533+
user_createdb_clause user_createuser_clause
534+
user_createtable_clause user_locktable_clause
535+
user_valid_clause
527536
{
528537
AlterUserStmt *n = makeNode(AlterUserStmt);
529538
n->user = $3;
530539
n->password = $6;
531540
n->createdb = $7;
532541
n->createuser = $8;
533-
n->validUntil = $9;
542+
n->createtable = $9;
543+
n->locktable = $10;
544+
n->validUntil = $11;
534545
$$ = (Node *)n;
535546
}
536547
;
@@ -573,6 +584,22 @@ user_createuser_clause: CREATEUSER { $$ = +1; }
573584
| /*EMPTY*/ { $$ = 0; }
574585
;
575586

587+
user_createtable_clause: CREATETABLE { $$ = +1; }
588+
| NOCREATETABLE { $$ = -1; }
589+
| /*EMPTY*/ {
590+
/* EMPTY is default = CREATETABLE */
591+
$$ = +1;
592+
}
593+
;
594+
595+
user_locktable_clause: LOCKTABLE { $$ = +1; }
596+
| NOLOCKTABLE { $$ = -1; }
597+
| /*EMPTY*/ {
598+
/* EMPTY is default = LOCKTABLE */
599+
$$ = +1;
600+
}
601+
;
602+
576603
user_list: user_list ',' UserId
577604
{
578605
$$ = lcons((void*)makeString($3), $1);

src/backend/parser/keywords.c

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,9 @@
99
*
1010
* IDENTIFICATION
1111
<<<<<<< keywords.c
12-
* $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.74 2000/06/09 01:44:18 momjian Exp $
12+
* $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.75 2000/06/09 15:50:45 momjian Exp $
1313
=======
14-
* $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.74 2000/06/09 01:44:18 momjian Exp $
14+
* $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.75 2000/06/09 15:50:45 momjian Exp $
1515
>>>>>>> 1.73
1616
*
1717
*-------------------------------------------------------------------------
@@ -75,6 +75,7 @@ static ScanKeyword ScanKeywords[] = {
7575
{"copy", COPY},
7676
{"create", CREATE},
7777
{"createdb", CREATEDB},
78+
{"createtable", CREATETABLE},
7879
{"createuser", CREATEUSER},
7980
{"cross", CROSS},
8081
{"current_date", CURRENT_DATE},
@@ -155,6 +156,7 @@ static ScanKeyword ScanKeywords[] = {
155156
{"local", LOCAL},
156157
{"location", LOCATION},
157158
{"lock", LOCK_P},
159+
{"locktable", LOCKTABLE},
158160
{"match", MATCH},
159161
{"maxvalue", MAXVALUE},
160162
{"minute", MINUTE_P},
@@ -170,7 +172,9 @@ static ScanKeyword ScanKeywords[] = {
170172
{"next", NEXT},
171173
{"no", NO},
172174
{"nocreatedb", NOCREATEDB},
175+
{"nocreatetable", NOCREATETABLE},
173176
{"nocreateuser", NOCREATEUSER},
177+
{"nolocktable", NOLOCKTABLE},
174178
{"none", NONE},
175179
{"not", NOT},
176180
{"nothing", NOTHING},

src/backend/tcop/pquery.c

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/tcop/pquery.c,v 1.32 2000/06/04 22:08:53 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/tcop/pquery.c,v 1.33 2000/06/09 15:50:46 momjian Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -20,6 +20,9 @@
2020
#include "executor/executor.h"
2121
#include "tcop/pquery.h"
2222
#include "utils/ps_status.h"
23+
#include "catalog/pg_shadow.h"
24+
#include "miscadmin.h"
25+
#include "utils/syscache.h"
2326

2427
static char *CreateOperationTag(int operationType);
2528
static void ProcessQueryDesc(QueryDesc *queryDesc, Node *limoffset,
@@ -250,6 +253,23 @@ ProcessQueryDesc(QueryDesc *queryDesc, Node *limoffset, Node *limcount)
250253
else if (parseTree->into != NULL)
251254
{
252255
/* select into table */
256+
257+
if (!parseTree->isTemp) {
258+
HeapTuple tup;
259+
260+
/* ----------
261+
* Check pg_shadow for global createTable setting
262+
* ----------
263+
*/
264+
tup = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(GetPgUserName()), 0, 0, 0);
265+
266+
if (!HeapTupleIsValid(tup))
267+
elog(ERROR, "ProcessQueryDesc: look at pg_shadow failed");
268+
269+
if (!((Form_pg_shadow) GETSTRUCT(tup))->usecreatetable)
270+
elog(ERROR, "SELECT INTO TABLE: permission denied");
271+
}
272+
253273
isRetrieveIntoRelation = true;
254274
}
255275

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy