Skip to content

Commit 6dc2496

Browse files
peterepetere
committed
Code cleanup of user name and user id handling in the backend. The current
user is now defined in terms of the user id, the user name is only computed upon request (for display purposes). This is kind of the opposite of the previous state, which would maintain the user name and compute the user id for permission checks. Besides perhaps saving a few cycles (integer vs string), this now creates a single point of attack for changing the user id during a connection, for purposes of "setuid" functions, etc.
1 parent daf1e3a commit 6dc2496

File tree

28 files changed

+217
-278
lines changed

28 files changed

+217
-278
lines changed

src/backend/bootstrap/bootstrap.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
* Portions Copyright (c) 1994, Regents of the University of California
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/bootstrap/bootstrap.c,v 1.92 2000/08/03 19:19:06 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/bootstrap/bootstrap.c,v 1.93 2000/09/06 14:15:14 petere Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -355,7 +355,7 @@ BootstrapMain(int argc, char *argv[])
355355
/*
356356
* backend initialization
357357
*/
358-
InitPostgres(dbName);
358+
InitPostgres(dbName, NULL);
359359
LockDisable(true);
360360

361361
if (IsUnderPostmaster && !xloginit)

src/backend/catalog/aclchk.c

Lines changed: 39 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.39 2000/07/31 22:39:13 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.40 2000/09/06 14:15:15 petere Exp $
1212
*
1313
* NOTES
1414
* See acl.h.
@@ -355,21 +355,22 @@ aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode)
355355
}
356356

357357
int32
358-
pg_aclcheck(char *relname, char *usename, AclMode mode)
358+
pg_aclcheck(char *relname, Oid userid, AclMode mode)
359359
{
360360
HeapTuple tuple;
361-
AclId id;
362361
Acl *acl = (Acl *) NULL;
363362
int32 result;
363+
char *usename;
364364
Relation relation;
365365

366-
tuple = SearchSysCacheTuple(SHADOWNAME,
367-
PointerGetDatum(usename),
366+
tuple = SearchSysCacheTuple(SHADOWSYSID,
367+
ObjectIdGetDatum(userid),
368368
0, 0, 0);
369369
if (!HeapTupleIsValid(tuple))
370-
elog(ERROR, "pg_aclcheck: user \"%s\" not found",
371-
usename);
372-
id = (AclId) ((Form_pg_shadow) GETSTRUCT(tuple))->usesysid;
370+
elog(ERROR, "pg_aclcheck: invalid user id %u",
371+
(unsigned) userid);
372+
373+
usename = NameStr(((Form_pg_shadow) GETSTRUCT(tuple))->usename);
373374

374375
/*
375376
* Deny anyone permission to update a system catalog unless
@@ -445,28 +446,28 @@ pg_aclcheck(char *relname, char *usename, AclMode mode)
445446
}
446447
heap_close(relation, RowExclusiveLock);
447448
#endif
448-
result = aclcheck(relname, acl, id, (AclIdType) ACL_IDTYPE_UID, mode);
449+
result = aclcheck(relname, acl, userid, (AclIdType) ACL_IDTYPE_UID, mode);
449450
if (acl)
450451
pfree(acl);
451452
return result;
452453
}
453454

454455
int32
455-
pg_ownercheck(const char *usename,
456+
pg_ownercheck(Oid userid,
456457
const char *value,
457458
int cacheid)
458459
{
459460
HeapTuple tuple;
460-
AclId user_id,
461-
owner_id = 0;
461+
AclId owner_id = 0;
462+
char *usename;
462463

463-
tuple = SearchSysCacheTuple(SHADOWNAME,
464-
PointerGetDatum(usename),
464+
tuple = SearchSysCacheTuple(SHADOWSYSID,
465+
ObjectIdGetDatum(userid),
465466
0, 0, 0);
466467
if (!HeapTupleIsValid(tuple))
467-
elog(ERROR, "pg_ownercheck: user \"%s\" not found",
468-
usename);
469-
user_id = (AclId) ((Form_pg_shadow) GETSTRUCT(tuple))->usesysid;
468+
elog(ERROR, "pg_ownercheck: invalid user id %u",
469+
(unsigned) userid);
470+
usename = NameStr(((Form_pg_shadow) GETSTRUCT(tuple))->usename);
470471

471472
/*
472473
* Superusers bypass all permission-checking.
@@ -513,26 +514,26 @@ pg_ownercheck(const char *usename,
513514
break;
514515
}
515516

516-
return user_id == owner_id;
517+
return userid == owner_id;
517518
}
518519

519520
int32
520-
pg_func_ownercheck(char *usename,
521+
pg_func_ownercheck(Oid userid,
521522
char *funcname,
522523
int nargs,
523524
Oid *arglist)
524525
{
525526
HeapTuple tuple;
526-
AclId user_id,
527-
owner_id;
527+
AclId owner_id;
528+
char *username;
528529

529-
tuple = SearchSysCacheTuple(SHADOWNAME,
530-
PointerGetDatum(usename),
530+
tuple = SearchSysCacheTuple(SHADOWSYSID,
531+
ObjectIdGetDatum(userid),
531532
0, 0, 0);
532533
if (!HeapTupleIsValid(tuple))
533-
elog(ERROR, "pg_func_ownercheck: user \"%s\" not found",
534-
usename);
535-
user_id = (AclId) ((Form_pg_shadow) GETSTRUCT(tuple))->usesysid;
534+
elog(ERROR, "pg_func_ownercheck: invalid user id %u",
535+
(unsigned) userid);
536+
username = NameStr(((Form_pg_shadow) GETSTRUCT(tuple))->usename);
536537

537538
/*
538539
* Superusers bypass all permission-checking.
@@ -541,7 +542,7 @@ pg_func_ownercheck(char *usename,
541542
{
542543
#ifdef ACLDEBUG_TRACE
543544
elog(DEBUG, "pg_ownercheck: user \"%s\" is superuser",
544-
usename);
545+
username);
545546
#endif
546547
return 1;
547548
}
@@ -556,25 +557,25 @@ pg_func_ownercheck(char *usename,
556557

557558
owner_id = ((Form_pg_proc) GETSTRUCT(tuple))->proowner;
558559

559-
return user_id == owner_id;
560+
return userid == owner_id;
560561
}
561562

562563
int32
563-
pg_aggr_ownercheck(char *usename,
564+
pg_aggr_ownercheck(Oid userid,
564565
char *aggname,
565566
Oid basetypeID)
566567
{
567568
HeapTuple tuple;
568-
AclId user_id,
569-
owner_id;
569+
AclId owner_id;
570+
char *username;
570571

571-
tuple = SearchSysCacheTuple(SHADOWNAME,
572-
PointerGetDatum(usename),
572+
tuple = SearchSysCacheTuple(SHADOWSYSID,
573+
PointerGetDatum(userid),
573574
0, 0, 0);
574575
if (!HeapTupleIsValid(tuple))
575-
elog(ERROR, "pg_aggr_ownercheck: user \"%s\" not found",
576-
usename);
577-
user_id = (AclId) ((Form_pg_shadow) GETSTRUCT(tuple))->usesysid;
576+
elog(ERROR, "pg_aggr_ownercheck: invalid user id %u",
577+
(unsigned) userid);
578+
username = NameStr(((Form_pg_shadow) GETSTRUCT(tuple))->usename);
578579

579580
/*
580581
* Superusers bypass all permission-checking.
@@ -583,7 +584,7 @@ pg_aggr_ownercheck(char *usename,
583584
{
584585
#ifdef ACLDEBUG_TRACE
585586
elog(DEBUG, "pg_aggr_ownercheck: user \"%s\" is superuser",
586-
usename);
587+
username);
587588
#endif
588589
return 1;
589590
}
@@ -598,5 +599,5 @@ pg_aggr_ownercheck(char *usename,
598599

599600
owner_id = ((Form_pg_aggregate) GETSTRUCT(tuple))->aggowner;
600601

601-
return user_id == owner_id;
602+
return userid == owner_id;
602603
}

src/backend/commands/analyze.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.5 2000/08/21 17:22:32 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.6 2000/09/06 14:15:16 petere Exp $
1212
*
1313
1414
*-------------------------------------------------------------------------
@@ -99,7 +99,7 @@ analyze_rel(Oid relid, List *anal_cols2, int MESSAGE_LEVEL)
9999
onerel = heap_open(relid, AccessShareLock);
100100

101101
#ifndef NO_SECURITY
102-
if (!pg_ownercheck(GetPgUserName(), RelationGetRelationName(onerel),
102+
if (!pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
103103
RELNAME))
104104
{
105105
/* we already did an elog during vacuum

src/backend/commands/command.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.97 2000/08/29 04:20:43 momjian Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.98 2000/09/06 14:15:16 petere Exp $
1212
*
1313
* NOTES
1414
* The PerformAddAttribute() code, like most of the relation
@@ -308,7 +308,7 @@ AlterTableAddColumn(const char *relationName,
308308
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
309309
relationName);
310310
#ifndef NO_SECURITY
311-
if (!pg_ownercheck(UserName, relationName, RELNAME))
311+
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
312312
elog(ERROR, "ALTER TABLE: permission denied");
313313
#endif
314314

@@ -523,7 +523,7 @@ AlterTableAlterColumn(const char *relationName,
523523
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
524524
relationName);
525525
#ifndef NO_SECURITY
526-
if (!pg_ownercheck(UserName, relationName, RELNAME))
526+
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
527527
elog(ERROR, "ALTER TABLE: permission denied");
528528
#endif
529529

@@ -935,7 +935,7 @@ AlterTableDropColumn(const char *relationName,
935935
elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
936936
relationName);
937937
#ifndef NO_SECURITY
938-
if (!pg_ownercheck(UserName, relationName, RELNAME))
938+
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
939939
elog(ERROR, "ALTER TABLE: permission denied");
940940
#endif
941941

@@ -1095,7 +1095,7 @@ AlterTableAddConstraint(char *relationName,
10951095
elog(ERROR, "ALTER TABLE / ADD CONSTRAINT passed invalid constraint.");
10961096

10971097
#ifndef NO_SECURITY
1098-
if (!pg_ownercheck(UserName, relationName, RELNAME))
1098+
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
10991099
elog(ERROR, "ALTER TABLE: permission denied");
11001100
#endif
11011101

@@ -1484,7 +1484,7 @@ AlterTableCreateToastTable(const char *relationName, bool silent)
14841484
* permissions checking. XXX exactly what is appropriate here?
14851485
*/
14861486
#ifndef NO_SECURITY
1487-
if (!pg_ownercheck(UserName, relationName, RELNAME))
1487+
if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
14881488
elog(ERROR, "ALTER TABLE: permission denied");
14891489
#endif
14901490

@@ -1723,9 +1723,9 @@ LockTableCommand(LockStmt *lockstmt)
17231723
rel = heap_openr(lockstmt->relname, NoLock);
17241724

17251725
if (lockstmt->mode == AccessShareLock)
1726-
aclresult = pg_aclcheck(lockstmt->relname, GetPgUserName(), ACL_RD);
1726+
aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_RD);
17271727
else
1728-
aclresult = pg_aclcheck(lockstmt->relname, GetPgUserName(), ACL_WR);
1728+
aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_WR);
17291729

17301730
if (aclresult != ACLCHECK_OK)
17311731
elog(ERROR, "LOCK TABLE: permission denied");

0 commit comments

Comments
 (0)