From: Alvaro Herrera Date: Thu, 25 Mar 2010 14:45:36 +0000 (+0000) Subject: Prevent ALTER USER f RESET ALL from removing the settings that were put there X-Git-Tag: REL8_1_21~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=03ecb5773782ba60aba33b052f23093965bf3129;p=thirdparty%2Fpostgresql.git Prevent ALTER USER f RESET ALL from removing the settings that were put there by a superuser -- "ALTER USER f RESET setting" already disallows removing such a setting. Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database owner that's not superuser. --- diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c index 0ae1b996e4b..6cf9a991bdd 100644 --- a/src/backend/commands/dbcommands.c +++ b/src/backend/commands/dbcommands.c @@ -15,7 +15,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.173.2.3 2007/04/12 15:04:47 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.173.2.4 2010/03/25 14:45:35 alvherre Exp $ * *------------------------------------------------------------------------- */ @@ -924,9 +924,30 @@ AlterDatabaseSet(AlterDatabaseSetStmt *stmt) if (strcmp(stmt->variable, "all") == 0 && valuestr == NULL) { - /* RESET ALL */ - repl_null[Anum_pg_database_datconfig - 1] = 'n'; - repl_val[Anum_pg_database_datconfig - 1] = (Datum) 0; + ArrayType *new = NULL; + Datum datum; + bool isnull; + + /* + * in RESET ALL, request GUC to reset the settings array; if none + * left, we can set datconfig to null; otherwise use the returned + * array + */ + datum = heap_getattr(tuple, Anum_pg_database_datconfig, + RelationGetDescr(rel), &isnull); + if (!isnull) + new = GUCArrayReset(DatumGetArrayTypeP(datum)); + if (new) + { + repl_val[Anum_pg_database_datconfig - 1] = PointerGetDatum(new); + repl_repl[Anum_pg_database_datconfig - 1] = 'r'; + repl_null[Anum_pg_database_datconfig - 1] = ' '; + } + else + { + repl_null[Anum_pg_database_datconfig - 1] = 'n'; + repl_val[Anum_pg_database_datconfig - 1] = (Datum) 0; + } } else { diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 91befbc6aba..595740deadc 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.164 2005/11/04 17:25:15 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.164.2.1 2010/03/25 14:45:35 alvherre Exp $ * *------------------------------------------------------------------------- */ @@ -757,8 +757,30 @@ AlterRoleSet(AlterRoleSetStmt *stmt) repl_repl[Anum_pg_authid_rolconfig - 1] = 'r'; if (strcmp(stmt->variable, "all") == 0 && valuestr == NULL) { - /* RESET ALL */ - repl_null[Anum_pg_authid_rolconfig - 1] = 'n'; + ArrayType *new = NULL; + Datum datum; + bool isnull; + + /* + * in RESET ALL, request GUC to reset the settings array; if none + * left, we can set rolconfig to null; otherwise use the returned + * array + */ + datum = SysCacheGetAttr(AUTHNAME, oldtuple, + Anum_pg_authid_rolconfig, &isnull); + if (!isnull) + new = GUCArrayReset(DatumGetArrayTypeP(datum)); + if (new) + { + repl_val[Anum_pg_authid_rolconfig - 1] = PointerGetDatum(new); + repl_repl[Anum_pg_authid_rolconfig - 1] = 'r'; + repl_null[Anum_pg_authid_rolconfig - 1] = ' '; + } + else + { + repl_null[Anum_pg_authid_rolconfig - 1] = 'n'; + repl_val[Anum_pg_authid_rolconfig - 1] = (Datum) 0; + } } else { diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index ae75354b4a1..8f0cba97086 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -10,7 +10,7 @@ * Written by Peter Eisentraut . * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.299.2.8 2010/02/25 23:44:27 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.299.2.9 2010/03/25 14:45:36 alvherre Exp $ * *-------------------------------------------------------------------- */ @@ -5439,6 +5439,7 @@ ProcessGUCArray(ArrayType *array, GucSource source) free(name); if (value) free(value); + pfree(s); } } @@ -5574,6 +5575,85 @@ GUCArrayDelete(ArrayType *array, const char *name) && val[strlen(name)] == '=') continue; + + /* else add it to the output array */ + if (newarray) + { + newarray = array_set(newarray, 1, &index, + d, + false, + -1 /* varlenarray */ , + -1 /* TEXT's typlen */ , + false /* TEXT's typbyval */ , + 'i' /* TEXT's typalign */ ); + } + else + newarray = construct_array(&d, 1, + TEXTOID, + -1, false, 'i'); + + index++; + } + + return newarray; +} + +/* + * Given a GUC array, delete all settings from it that our permission + * level allows: if superuser, delete them all; if regular user, only + * those that are PGC_USERSET + */ +ArrayType * +GUCArrayReset(ArrayType *array) +{ + ArrayType *newarray; + int i; + int index; + + /* if array is currently null, nothing to do */ + if (!array) + return NULL; + + /* if we're superuser, we can delete everything */ + if (superuser()) + return NULL; + + newarray = NULL; + index = 1; + + for (i = 1; i <= ARR_DIMS(array)[0]; i++) + { + Datum d; + char *val; + char *eqsgn; + bool isnull; + struct config_generic *gconf; + + d = array_ref(array, 1, &i, + -1 /* varlenarray */ , + -1 /* TEXT's typlen */ , + false /* TEXT's typbyval */ , + 'i' /* TEXT's typalign */ , + &isnull); + + if (isnull) + continue; + val = DatumGetCString(DirectFunctionCall1(textout, d)); + + eqsgn = strchr(val, '='); + *eqsgn = '\0'; + + gconf = find_option(val, WARNING); + if (!gconf) + continue; + + /* note: superuser-ness was already checked above */ + /* skip entry if OK to delete */ + if (gconf->context == PGC_USERSET) + continue; + + /* XXX do we need to worry about database owner? */ + /* else add it to the output array */ if (newarray) { @@ -5592,6 +5672,7 @@ GUCArrayDelete(ArrayType *array, const char *name) -1, false, 'i'); index++; + pfree(val); } return newarray; diff --git a/src/include/utils/guc.h b/src/include/utils/guc.h index fd1b226a754..1317471069c 100644 --- a/src/include/utils/guc.h +++ b/src/include/utils/guc.h @@ -7,7 +7,7 @@ * Copyright (c) 2000-2005, PostgreSQL Global Development Group * Written by Peter Eisentraut . * - * $PostgreSQL: pgsql/src/include/utils/guc.h,v 1.63.2.2 2009/12/09 21:58:44 tgl Exp $ + * $PostgreSQL: pgsql/src/include/utils/guc.h,v 1.63.2.3 2010/03/25 14:45:36 alvherre Exp $ *-------------------------------------------------------------------- */ #ifndef GUC_H @@ -211,6 +211,7 @@ extern char *flatten_set_variable_args(const char *name, List *args); extern void ProcessGUCArray(ArrayType *array, GucSource source); extern ArrayType *GUCArrayAdd(ArrayType *array, const char *name, const char *value); extern ArrayType *GUCArrayDelete(ArrayType *array, const char *name); +extern ArrayType *GUCArrayReset(ArrayType *array); #ifdef EXEC_BACKEND extern void write_nondefault_variables(GucContext context);