Skip to content

Commit 82a2881

Browse files
tglsfdctglsfdc
committed
Code review for GRANT CONNECT patch. Spell the privilege as CONNECT not
CONNECTION, fix a number of places that were missed (eg pg_dump support), avoid executing an extra search of pg_database during startup.
1 parent 986085a commit 82a2881

File tree

12 files changed

+118
-81
lines changed

12 files changed

+118
-81
lines changed

doc/src/sgml/client-auth.sgml

+12-3
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.88 2006/04/30 02:09:06 momjian Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.89 2006/04/30 21:15:32 tgl Exp $ -->
22

33
<chapter id="client-authentication">
44
<title>Client Authentication</title>
@@ -206,8 +206,6 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
206206
Multiple user names can be supplied by separating them with commas.
207207
A separate file containing user names can be specified by preceding the
208208
file name with <literal>@</>.
209-
User and group connectivity can also be restricted by <command>GRANT
210-
CONNECTION ON DATABASE</>.
211209
</para>
212210
</listitem>
213211
</varlistentry>
@@ -436,6 +434,17 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
436434
re-read the file.
437435
</para>
438436

437+
<tip>
438+
<para>
439+
To connect to a particular database, a user must not only pass the
440+
<filename>pg_hba.conf</filename> checks, but must have the
441+
<literal>CONNECT</> privilege for the database. If you wish to
442+
restrict which users can connect to which databases, it's usually
443+
easier to control this by granting/revoking <literal>CONNECT</> privilege
444+
than to put the rules into <filename>pg_hba.conf</filename> entries.
445+
</para>
446+
</tip>
447+
439448
<para>
440449
Some examples of <filename>pg_hba.conf</filename> entries are shown in
441450
<xref linkend="example-pg-hba.conf">. See the next section for details on the

doc/src/sgml/ddl.sgml

+4-3
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/ddl.sgml,v 1.56 2006/04/23 03:39:50 momjian Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/ddl.sgml,v 1.57 2006/04/30 21:15:32 tgl Exp $ -->
22

33
<chapter id="ddl">
44
<title>Data Definition</title>
@@ -1343,8 +1343,9 @@ ALTER TABLE products RENAME TO items;
13431343
There are several different privileges: <literal>SELECT</>,
13441344
<literal>INSERT</>, <literal>UPDATE</>, <literal>DELETE</>,
13451345
<literal>RULE</>, <literal>REFERENCES</>, <literal>TRIGGER</>,
1346-
<literal>CREATE</>, <literal>TEMPORARY</>, <literal>EXECUTE</>, and
1347-
<literal>USAGE</>. The privileges applicable to a particular
1346+
<literal>CREATE</>, <literal>CONNECT</>, <literal>TEMPORARY</>,
1347+
<literal>EXECUTE</>, and <literal>USAGE</>.
1348+
The privileges applicable to a particular
13481349
object vary depending on the object's type (table, function, etc).
13491350
For complete information on the different types of privileges
13501351
supported by <productname>PostgreSQL</productname>, refer to the

doc/src/sgml/func.sgml

+2-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.315 2006/04/25 00:25:15 momjian Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.316 2006/04/30 21:15:32 tgl Exp $ -->
22

33
<chapter id="functions">
44
<title>Functions and Operators</title>
@@ -9227,6 +9227,7 @@ SELECT has_table_privilege('myschema.mytable', 'select');
92279227
arguments are analogous to <function>has_table_privilege</function>.
92289228
The desired access privilege type must evaluate to
92299229
<literal>CREATE</literal>,
9230+
<literal>CONNECT</literal>,
92309231
<literal>TEMPORARY</literal>, or
92319232
<literal>TEMP</literal> (which is equivalent to
92329233
<literal>TEMPORARY</literal>).

doc/src/sgml/ref/grant.sgml

+9-9
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.53 2006/04/30 02:09:06 momjian Exp $
2+
$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.54 2006/04/30 21:15:33 tgl Exp $
33
PostgreSQL documentation
44
-->
55

@@ -30,7 +30,7 @@ GRANT { { USAGE | SELECT | UPDATE }
3030
ON SEQUENCE <replaceable class="PARAMETER">sequencename</replaceable> [, ...]
3131
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
3232

33-
GRANT { { CREATE | TEMPORARY | TEMP | CONNECTION } [,...] | ALL [ PRIVILEGES ] }
33+
GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
3434
ON DATABASE <replaceable>dbname</replaceable> [, ...]
3535
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
3636

@@ -118,7 +118,8 @@ GRANT <replaceable class="PARAMETER">role</replaceable> [, ...]
118118
Depending on the type of object, the initial default privileges may
119119
include granting some privileges to <literal>PUBLIC</literal>.
120120
The default is no public access for tables, schemas, and tablespaces;
121-
<literal>TEMP</> table creation privilege for databases;
121+
<literal>CONNECT</> privilege and <literal>TEMP</> table creation privilege
122+
for databases;
122123
<literal>EXECUTE</> privilege for functions; and
123124
<literal>USAGE</> privilege for languages.
124125
The object owner may of course revoke these privileges. (For maximum
@@ -230,13 +231,12 @@ GRANT <replaceable class="PARAMETER">role</replaceable> [, ...]
230231
</varlistentry>
231232

232233
<varlistentry>
233-
<term>CONNECTION</term>
234+
<term>CONNECT</term>
234235
<listitem>
235236
<para>
236-
Allows the ability to connect to the specified database.
237-
By default, Grant permissions allow users to connect to any database,
238-
though <filename>pg_hba.conf</> can add additional connection
239-
restrictions.
237+
Allows the user to connect to the specified database. This
238+
privilege is checked at connection startup (in addition to checking
239+
any restrictions imposed by <filename>pg_hba.conf</>).
240240
</para>
241241
</listitem>
242242
</varlistentry>
@@ -429,7 +429,7 @@ GRANT <replaceable class="PARAMETER">role</replaceable> [, ...]
429429
X -- EXECUTE
430430
U -- USAGE
431431
C -- CREATE
432-
c -- CONNECTION
432+
c -- CONNECT
433433
T -- TEMPORARY
434434
arwdRxt -- ALL PRIVILEGES (for tables)
435435
* -- grant option for preceding privilege

doc/src/sgml/ref/revoke.sgml

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.37 2006/04/30 02:09:06 momjian Exp $
2+
$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.38 2006/04/30 21:15:33 tgl Exp $
33
PostgreSQL documentation
44
-->
55

@@ -35,7 +35,7 @@ REVOKE [ GRANT OPTION FOR ]
3535
[ CASCADE | RESTRICT ]
3636

3737
REVOKE [ GRANT OPTION FOR ]
38-
{ { CREATE | TEMPORARY | TEMP | CONNECTION } [,...] | ALL [ PRIVILEGES ] }
38+
{ { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
3939
ON DATABASE <replaceable>dbname</replaceable> [, ...]
4040
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
4141
[ CASCADE | RESTRICT ]

doc/src/sgml/user-manag.sgml

+4-4
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.34 2006/03/10 19:10:49 momjian Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.35 2006/04/30 21:15:32 tgl Exp $ -->
22

33
<chapter id="user-manag">
44
<title>Database Roles and Privileges</title>
@@ -294,9 +294,9 @@ ALTER ROLE myname SET enable_indexscan TO off;
294294
There are several different kinds of privilege: <literal>SELECT</>,
295295
<literal>INSERT</>, <literal>UPDATE</>, <literal>DELETE</>,
296296
<literal>RULE</>, <literal>REFERENCES</>, <literal>TRIGGER</>,
297-
<literal>CREATE</>, <literal>TEMPORARY</>, <literal>EXECUTE</>,
298-
and <literal>USAGE</>. For more
299-
information on the different types of privileges supported by
297+
<literal>CREATE</>, <literal>CONNECT</>, <literal>TEMPORARY</>,
298+
<literal>EXECUTE</>, and <literal>USAGE</>.
299+
For more information on the different types of privileges supported by
300300
<productname>PostgreSQL</productname>, see the
301301
<xref linkend="sql-grant" endterm="sql-grant-title"> reference page.
302302
</para>

src/backend/catalog/aclchk.c

+29-13
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.126 2006/04/30 02:09:07 momjian Exp $
11+
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.127 2006/04/30 21:15:33 tgl Exp $
1212
*
1313
* NOTES
1414
* See acl.h.
@@ -1368,7 +1368,7 @@ string_to_privilege(const char *privname)
13681368
return ACL_CREATE_TEMP;
13691369
if (strcmp(privname, "temp") == 0)
13701370
return ACL_CREATE_TEMP;
1371-
if (strcmp(privname, "connection") == 0)
1371+
if (strcmp(privname, "connect") == 0)
13721372
return ACL_CONNECT;
13731373
ereport(ERROR,
13741374
(errcode(ERRCODE_SYNTAX_ERROR),
@@ -1404,7 +1404,7 @@ privilege_to_string(AclMode privilege)
14041404
case ACL_CREATE_TEMP:
14051405
return "TEMP";
14061406
case ACL_CONNECT:
1407-
return "CONNECTION";
1407+
return "CONNECT";
14081408
default:
14091409
elog(ERROR, "unrecognized privilege: %d", (int) privilege);
14101410
}
@@ -1661,10 +1661,6 @@ pg_database_aclmask(Oid db_oid, Oid roleid,
16611661
ScanKeyData entry[1];
16621662
SysScanDesc scan;
16631663
HeapTuple tuple;
1664-
Datum aclDatum;
1665-
bool isNull;
1666-
Acl *acl;
1667-
Oid ownerId;
16681664

16691665
/* Superusers bypass all permission checking. */
16701666
if (superuser_arg(roleid))
@@ -1688,10 +1684,33 @@ pg_database_aclmask(Oid db_oid, Oid roleid,
16881684
(errcode(ERRCODE_UNDEFINED_DATABASE),
16891685
errmsg("database with OID %u does not exist", db_oid)));
16901686

1691-
ownerId = ((Form_pg_database) GETSTRUCT(tuple))->datdba;
1687+
result = pg_database_tuple_aclmask(tuple, RelationGetDescr(pg_database),
1688+
roleid, mask, how);
1689+
1690+
systable_endscan(scan);
1691+
heap_close(pg_database, AccessShareLock);
1692+
1693+
return result;
1694+
}
1695+
1696+
/*
1697+
* This is split out so that ReverifyMyDatabase can perform an ACL check
1698+
* without a whole extra search of pg_database
1699+
*/
1700+
AclMode
1701+
pg_database_tuple_aclmask(HeapTuple db_tuple, TupleDesc tupdesc,
1702+
Oid roleid, AclMode mask, AclMaskHow how)
1703+
{
1704+
AclMode result;
1705+
Datum aclDatum;
1706+
bool isNull;
1707+
Acl *acl;
1708+
Oid ownerId;
1709+
1710+
ownerId = ((Form_pg_database) GETSTRUCT(db_tuple))->datdba;
16921711

1693-
aclDatum = heap_getattr(tuple, Anum_pg_database_datacl,
1694-
RelationGetDescr(pg_database), &isNull);
1712+
aclDatum = heap_getattr(db_tuple, Anum_pg_database_datacl,
1713+
tupdesc, &isNull);
16951714

16961715
if (isNull)
16971716
{
@@ -1711,9 +1730,6 @@ pg_database_aclmask(Oid db_oid, Oid roleid,
17111730
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
17121731
pfree(acl);
17131732

1714-
systable_endscan(scan);
1715-
heap_close(pg_database, AccessShareLock);
1716-
17171733
return result;
17181734
}
17191735

src/backend/utils/adt/acl.c

+10-2
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.132 2006/04/30 02:09:07 momjian Exp $
11+
* $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.133 2006/04/30 21:15:33 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -553,7 +553,8 @@ acldefault(GrantObjectType objtype, Oid ownerId)
553553
owner_default = ACL_ALL_RIGHTS_SEQUENCE;
554554
break;
555555
case ACL_OBJECT_DATABASE:
556-
world_default = ACL_CREATE_TEMP | ACL_CONNECT; /* not NO_RIGHTS! */
556+
/* for backwards compatibility, grant some rights by default */
557+
world_default = ACL_CREATE_TEMP | ACL_CONNECT;
557558
owner_default = ACL_ALL_RIGHTS_DATABASE;
558559
break;
559560
case ACL_OBJECT_FUNCTION:
@@ -1341,6 +1342,8 @@ convert_priv_string(text *priv_type_text)
13411342
return ACL_CREATE_TEMP;
13421343
if (pg_strcasecmp(priv_type, "TEMPORARY") == 0)
13431344
return ACL_CREATE_TEMP;
1345+
if (pg_strcasecmp(priv_type, "CONNECT") == 0)
1346+
return ACL_CONNECT;
13441347

13451348
ereport(ERROR,
13461349
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
@@ -1778,6 +1781,11 @@ convert_database_priv_string(text *priv_type_text)
17781781
if (pg_strcasecmp(priv_type, "TEMP WITH GRANT OPTION") == 0)
17791782
return ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP);
17801783

1784+
if (pg_strcasecmp(priv_type, "CONNECT") == 0)
1785+
return ACL_CONNECT;
1786+
if (pg_strcasecmp(priv_type, "CONNECT WITH GRANT OPTION") == 0)
1787+
return ACL_GRANT_OPTION_FOR(ACL_CONNECT);
1788+
17811789
ereport(ERROR,
17821790
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
17831791
errmsg("unrecognized privilege type: \"%s\"", priv_type)));

0 commit comments

Comments
 (0)