Fix permission checking for temp-table namespace.

tglsfdc · tglsfdc · commit c1003339d689 · 2002-08-07T21:45:02.000Z
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.73 2002/08/05 03:29:16 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.74 2002/08/07 21:45:01 tgl Exp $
  *
  * NOTES
  *	  See acl.h.
@@ -1163,6 +1163,13 @@ pg_namespace_aclcheck(Oid nsp_oid, Oid userid, AclMode mode)
 	bool		isNull;
 	Acl		   *acl;
 
+	/*
+	 * If we have been assigned this namespace as a temp namespace,
+	 * assume we have all grantable privileges on it.
+	 */
+	if (isTempNamespace(nsp_oid))
+		return ACLCHECK_OK;
+
 	/* Superusers bypass all permission checking. */
 	if (superuser_arg(userid))
 		return ACLCHECK_OK;
diff --git a/src/backend/commands/indexcmds.c b/src/backend/commands/indexcmds.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.80 2002/08/02 18:15:06 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.81 2002/08/07 21:45:01 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -119,9 +119,9 @@ DefineIndex(RangeVar *heapRelation,
 	 * Verify we (still) have CREATE rights in the rel's namespace.
 	 * (Presumably we did when the rel was created, but maybe not anymore.)
 	 * Skip check if bootstrapping, since permissions machinery may not
-	 * be working yet; also, always allow if it's a temp table.
+	 * be working yet.
 	 */
-	if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId))
+	if (!IsBootstrapProcessingMode())
 	{
 		AclResult	aclresult;
 
diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/tablecmds.c,v 1.27 2002/08/05 03:29:17 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/tablecmds.c,v 1.28 2002/08/07 21:45:01 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -115,11 +115,11 @@ DefineRelation(CreateStmt *stmt, char relkind)
 	 * Look up the namespace in which we are supposed to create the
 	 * relation.  Check we have permission to create there.
 	 * Skip check if bootstrapping, since permissions machinery may not
-	 * be working yet; also, always allow if it's a temp table.
+	 * be working yet.
 	 */
 	namespaceId = RangeVarGetCreationNamespace(stmt->relation);
 
-	if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId))
+	if (!IsBootstrapProcessingMode())
 	{
 		AclResult	aclresult;
 
diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c
@@ -27,7 +27,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.172 2002/08/04 05:04:39 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.173 2002/08/07 21:45:02 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -696,6 +696,7 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate)
 			{
 				char	   *intoName;
 				Oid			namespaceId;
+				AclResult	aclresult;
 				Oid			intoRelationId;
 				TupleDesc	tupdesc;
 
@@ -705,16 +706,11 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate)
 				intoName = parseTree->into->relname;
 				namespaceId = RangeVarGetCreationNamespace(parseTree->into);
 
-				if (!isTempNamespace(namespaceId))
-				{
-					AclResult	aclresult;
-
-					aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
-													  ACL_CREATE);
-					if (aclresult != ACLCHECK_OK)
-						aclcheck_error(aclresult,
-									   get_namespace_name(namespaceId));
-				}
+				aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
+												  ACL_CREATE);
+				if (aclresult != ACLCHECK_OK)
+					aclcheck_error(aclresult,
+								   get_namespace_name(namespaceId));
 
 				/*
 				 * new "INTO" table is created WITH OIDS
diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.168 2002/08/04 04:31:44 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.169 2002/08/07 21:45:02 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -399,22 +399,17 @@ ProcessUtility(Node *parsetree,
 						/*
 						 * RENAME TABLE requires that we (still) hold CREATE
 						 * rights on the containing namespace, as well as
-						 * ownership of the table.  But skip check for
-						 * temp tables.
+						 * ownership of the table.
 						 */
 						Oid			namespaceId = get_rel_namespace(relid);
-
-						if (!isTempNamespace(namespaceId))
-						{
-							AclResult	aclresult;
-
-							aclresult = pg_namespace_aclcheck(namespaceId,
-															  GetUserId(),
-															  ACL_CREATE);
-							if (aclresult != ACLCHECK_OK)
-								aclcheck_error(aclresult,
-											get_namespace_name(namespaceId));
-						}
+						AclResult	aclresult;
+
+						aclresult = pg_namespace_aclcheck(namespaceId,
+														  GetUserId(),
+														  ACL_CREATE);
+						if (aclresult != ACLCHECK_OK)
+							aclcheck_error(aclresult,
+										   get_namespace_name(namespaceId));
 
 						renamerel(relid, stmt->newname);
 						break;

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.80 2002/08/02 18:15:06 tgl Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.81 2002/08/07 21:45:01 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -119,9 +119,9 @@ DefineIndex(RangeVar *heapRelation,`
`119`	`119`	`* Verify we (still) have CREATE rights in the rel's namespace.`
`120`	`120`	`* (Presumably we did when the rel was created, but maybe not anymore.)`
`121`	`121`	`* Skip check if bootstrapping, since permissions machinery may not`
`122`		`- * be working yet; also, always allow if it's a temp table.`
	`122`	`+ * be working yet.`
`123`	`123`	`*/`
`124`		`- if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId))`
	`124`	`+ if (!IsBootstrapProcessingMode())`
`125`	`125`	`{`
`126`	`126`	`AclResult aclresult;`
`127`	`127`