|
26 | 26 | #include "utils/memutils.h" |
27 | 27 | #include "utils/tqual.h" |
28 | 28 |
|
29 | | -/* |
30 | | - * For most object types, the permissions-checking logic is simple enough |
31 | | - * that it makes sense to just include it in CommentObject(). However, |
32 | | - * attributes require a bit more checking. |
33 | | - */ |
34 | | -static void CheckAttributeSecLabel(Relation relation); |
35 | | - |
36 | 29 | typedef struct |
37 | 30 | { |
38 | 31 | const char *provider_name; |
@@ -98,52 +91,30 @@ ExecSecLabelStmt(SecLabelStmt *stmt) |
98 | 91 | address = get_object_address(stmt->objtype, stmt->objname, stmt->objargs, |
99 | 92 | &relation, ShareUpdateExclusiveLock); |
100 | 93 |
|
101 | | - /* Privilege and integrity checks. */ |
| 94 | + /* Require ownership of the target object. */ |
| 95 | + check_object_ownership(GetUserId(), stmt->objtype, address, |
| 96 | + stmt->objname, stmt->objargs, relation); |
| 97 | + |
| 98 | + /* Perform other integrity checks as needed. */ |
102 | 99 | switch (stmt->objtype) |
103 | 100 | { |
104 | | - case OBJECT_SEQUENCE: |
105 | | - case OBJECT_TABLE: |
106 | | - case OBJECT_VIEW: |
107 | | - case OBJECT_FOREIGN_TABLE: |
108 | | - if (!pg_class_ownercheck(RelationGetRelid(relation), GetUserId())) |
109 | | - aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, |
110 | | - RelationGetRelationName(relation)); |
111 | | - break; |
112 | 101 | case OBJECT_COLUMN: |
113 | | - CheckAttributeSecLabel(relation); |
114 | | - break; |
115 | | - case OBJECT_TYPE: |
116 | | - if (!pg_type_ownercheck(address.objectId, GetUserId())) |
117 | | - aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TYPE, |
118 | | - format_type_be(address.objectId)); |
119 | | - break; |
120 | | - case OBJECT_AGGREGATE: |
121 | | - case OBJECT_FUNCTION: |
122 | | - if (!pg_proc_ownercheck(address.objectId, GetUserId())) |
123 | | - aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC, |
124 | | - NameListToString(stmt->objname)); |
125 | | - break; |
126 | | - case OBJECT_SCHEMA: |
127 | | - if (!pg_namespace_ownercheck(address.objectId, GetUserId())) |
128 | | - aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_NAMESPACE, |
129 | | - strVal(linitial(stmt->objname))); |
130 | | - break; |
131 | | - case OBJECT_LANGUAGE: |
132 | | - if (!superuser()) |
133 | | - ereport(ERROR, |
134 | | - (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), |
135 | | - errmsg("must be superuser to comment on procedural language"))); |
136 | | - break; |
137 | | - case OBJECT_LARGEOBJECT: |
138 | | - if (!pg_largeobject_ownercheck(address.objectId, GetUserId())) |
| 102 | + /* |
| 103 | + * Allow security labels only on columns of tables, views, |
| 104 | + * composite types, and foreign tables (which are the only |
| 105 | + * relkinds for which pg_dump will dump labels). |
| 106 | + */ |
| 107 | + if (relation->rd_rel->relkind != RELKIND_RELATION && |
| 108 | + relation->rd_rel->relkind != RELKIND_VIEW && |
| 109 | + relation->rd_rel->relkind != RELKIND_COMPOSITE_TYPE && |
| 110 | + relation->rd_rel->relkind != RELKIND_FOREIGN_TABLE) |
139 | 111 | ereport(ERROR, |
140 | | - (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), |
141 | | - errmsg("must be owner of large object %u", |
142 | | - address.objectId))); |
| 112 | + (errcode(ERRCODE_WRONG_OBJECT_TYPE), |
| 113 | + errmsg("\"%s\" is not a table, view, composite type, or foreign table", |
| 114 | + RelationGetRelationName(relation)))); |
143 | 115 | break; |
144 | 116 | default: |
145 | | - elog(ERROR, "unrecognized object type: %d", |
146 | | - (int) stmt->objtype); |
| 117 | + break; |
147 | 118 | } |
148 | 119 |
|
149 | 120 | /* Provider gets control here, may throw ERROR to veto new label. */ |
@@ -352,31 +323,6 @@ DeleteSecurityLabel(const ObjectAddress *object) |
352 | 323 | heap_close(pg_seclabel, RowExclusiveLock); |
353 | 324 | } |
354 | 325 |
|
355 | | -/* |
356 | | - * Check whether the user is allowed to comment on an attribute of the |
357 | | - * specified relation. |
358 | | - */ |
359 | | -static void |
360 | | -CheckAttributeSecLabel(Relation relation) |
361 | | -{ |
362 | | - if (!pg_class_ownercheck(RelationGetRelid(relation), GetUserId())) |
363 | | - aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, |
364 | | - RelationGetRelationName(relation)); |
365 | | - |
366 | | - /* |
367 | | - * Allow security labels only on columns of tables, views, and composite |
368 | | - * types (which are the only relkinds for which pg_dump will dump labels). |
369 | | - */ |
370 | | - if (relation->rd_rel->relkind != RELKIND_RELATION && |
371 | | - relation->rd_rel->relkind != RELKIND_VIEW && |
372 | | - relation->rd_rel->relkind != RELKIND_COMPOSITE_TYPE && |
373 | | - relation->rd_rel->relkind != RELKIND_FOREIGN_TABLE) |
374 | | - ereport(ERROR, |
375 | | - (errcode(ERRCODE_WRONG_OBJECT_TYPE), |
376 | | - errmsg("\"%s\" is not a table, view, composite type, or foreign table", |
377 | | - RelationGetRelationName(relation)))); |
378 | | -} |
379 | | - |
380 | 326 | void |
381 | 327 | register_label_provider(const char *provider_name, check_object_relabel_type hook) |
382 | 328 | { |
|
0 commit comments