From: Alvaro Herrera <alvherre@alvh.no-ip.org>
Date: Thu, 25 Mar 2010 14:45:36 +0000 (+0000)
Subject: Prevent ALTER USER f RESET ALL from removing the settings that were put there
X-Git-Tag: REL8_1_21~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=03ecb5773782ba60aba33b052f23093965bf3129;p=thirdparty%2Fpostgresql.git

Prevent ALTER USER f RESET ALL from removing the settings that were put there
by a superuser -- "ALTER USER f RESET setting" already disallows removing such a
setting.

Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database
owner that's not superuser.
---

diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c
index 0ae1b996e4b..6cf9a991bdd 100644
--- a/src/backend/commands/dbcommands.c
+++ b/src/backend/commands/dbcommands.c
@@ -15,7 +15,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.173.2.3 2007/04/12 15:04:47 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.173.2.4 2010/03/25 14:45:35 alvherre Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -924,9 +924,30 @@ AlterDatabaseSet(AlterDatabaseSetStmt *stmt)
 
 	if (strcmp(stmt->variable, "all") == 0 && valuestr == NULL)
 	{
-		/* RESET ALL */
-		repl_null[Anum_pg_database_datconfig - 1] = 'n';
-		repl_val[Anum_pg_database_datconfig - 1] = (Datum) 0;
+		ArrayType  *new = NULL;
+		Datum		datum;
+		bool		isnull;
+
+		/*
+		 * in RESET ALL, request GUC to reset the settings array; if none
+		 * left, we can set datconfig to null; otherwise use the returned
+		 * array
+		 */
+		datum = heap_getattr(tuple, Anum_pg_database_datconfig,
+							 RelationGetDescr(rel), &isnull);
+		if (!isnull)
+			new = GUCArrayReset(DatumGetArrayTypeP(datum));
+		if (new)
+		{
+			repl_val[Anum_pg_database_datconfig - 1] = PointerGetDatum(new);
+			repl_repl[Anum_pg_database_datconfig - 1] = 'r';
+			repl_null[Anum_pg_database_datconfig - 1] = ' ';
+		}
+		else
+		{
+			repl_null[Anum_pg_database_datconfig - 1] = 'n';
+			repl_val[Anum_pg_database_datconfig - 1] = (Datum) 0;
+		}
 	}
 	else
 	{
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 91befbc6aba..595740deadc 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.164 2005/11/04 17:25:15 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.164.2.1 2010/03/25 14:45:35 alvherre Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -757,8 +757,30 @@ AlterRoleSet(AlterRoleSetStmt *stmt)
 	repl_repl[Anum_pg_authid_rolconfig - 1] = 'r';
 	if (strcmp(stmt->variable, "all") == 0 && valuestr == NULL)
 	{
-		/* RESET ALL */
-		repl_null[Anum_pg_authid_rolconfig - 1] = 'n';
+		ArrayType  *new = NULL;
+		Datum		datum;
+		bool		isnull;
+
+		/*
+		 * in RESET ALL, request GUC to reset the settings array; if none
+		 * left, we can set rolconfig to null; otherwise use the returned
+		 * array
+		 */
+		datum = SysCacheGetAttr(AUTHNAME, oldtuple,
+								Anum_pg_authid_rolconfig, &isnull);
+		if (!isnull)
+			new = GUCArrayReset(DatumGetArrayTypeP(datum));
+		if (new)
+		{
+			repl_val[Anum_pg_authid_rolconfig - 1] = PointerGetDatum(new);
+			repl_repl[Anum_pg_authid_rolconfig - 1] = 'r';
+			repl_null[Anum_pg_authid_rolconfig - 1] = ' ';
+		}
+		else
+		{
+			repl_null[Anum_pg_authid_rolconfig - 1] = 'n';
+			repl_val[Anum_pg_authid_rolconfig - 1] = (Datum) 0;
+		}
 	}
 	else
 	{
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index ae75354b4a1..8f0cba97086 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -10,7 +10,7 @@
  * Written by Peter Eisentraut <peter_e@gmx.net>.
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.299.2.8 2010/02/25 23:44:27 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.299.2.9 2010/03/25 14:45:36 alvherre Exp $
  *
  *--------------------------------------------------------------------
  */
@@ -5439,6 +5439,7 @@ ProcessGUCArray(ArrayType *array, GucSource source)
 		free(name);
 		if (value)
 			free(value);
+		pfree(s);
 	}
 }
 
@@ -5574,6 +5575,85 @@ GUCArrayDelete(ArrayType *array, const char *name)
 			&& val[strlen(name)] == '=')
 			continue;
 
+
+		/* else add it to the output array */
+		if (newarray)
+		{
+			newarray = array_set(newarray, 1, &index,
+								 d,
+								 false,
+								 -1 /* varlenarray */ ,
+								 -1 /* TEXT's typlen */ ,
+								 false /* TEXT's typbyval */ ,
+								 'i' /* TEXT's typalign */ );
+		}
+		else
+			newarray = construct_array(&d, 1,
+									   TEXTOID,
+									   -1, false, 'i');
+
+		index++;
+	}
+
+	return newarray;
+}
+
+/*
+ * Given a GUC array, delete all settings from it that our permission
+ * level allows: if superuser, delete them all; if regular user, only
+ * those that are PGC_USERSET
+ */
+ArrayType *
+GUCArrayReset(ArrayType *array)
+{
+	ArrayType  *newarray;
+	int			i;
+	int			index;
+
+	/* if array is currently null, nothing to do */
+	if (!array)
+		return NULL;
+
+	/* if we're superuser, we can delete everything */
+	if (superuser())
+		return NULL;
+
+	newarray = NULL;
+	index = 1;
+
+	for (i = 1; i <= ARR_DIMS(array)[0]; i++)
+	{
+		Datum		d;
+		char	   *val;
+		char	   *eqsgn;
+		bool		isnull;
+		struct config_generic *gconf;
+
+		d = array_ref(array, 1, &i,
+					  -1 /* varlenarray */ ,
+					  -1 /* TEXT's typlen */ ,
+					  false /* TEXT's typbyval */ ,
+					  'i' /* TEXT's typalign */ ,
+					  &isnull);
+
+		if (isnull)
+			continue;
+		val = DatumGetCString(DirectFunctionCall1(textout, d));
+
+		eqsgn = strchr(val, '=');
+		*eqsgn = '\0';
+
+		gconf = find_option(val, WARNING);
+		if (!gconf)
+			continue;
+
+		/* note: superuser-ness was already checked above */
+		/* skip entry if OK to delete */
+		if (gconf->context == PGC_USERSET)
+			continue;
+
+		/* XXX do we need to worry about database owner? */
+
 		/* else add it to the output array */
 		if (newarray)
 		{
@@ -5592,6 +5672,7 @@ GUCArrayDelete(ArrayType *array, const char *name)
 									   -1, false, 'i');
 
 		index++;
+		pfree(val);
 	}
 
 	return newarray;
diff --git a/src/include/utils/guc.h b/src/include/utils/guc.h
index fd1b226a754..1317471069c 100644
--- a/src/include/utils/guc.h
+++ b/src/include/utils/guc.h
@@ -7,7 +7,7 @@
  * Copyright (c) 2000-2005, PostgreSQL Global Development Group
  * Written by Peter Eisentraut <peter_e@gmx.net>.
  *
- * $PostgreSQL: pgsql/src/include/utils/guc.h,v 1.63.2.2 2009/12/09 21:58:44 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/utils/guc.h,v 1.63.2.3 2010/03/25 14:45:36 alvherre Exp $
  *--------------------------------------------------------------------
  */
 #ifndef GUC_H
@@ -211,6 +211,7 @@ extern char *flatten_set_variable_args(const char *name, List *args);
 extern void ProcessGUCArray(ArrayType *array, GucSource source);
 extern ArrayType *GUCArrayAdd(ArrayType *array, const char *name, const char *value);
 extern ArrayType *GUCArrayDelete(ArrayType *array, const char *name);
+extern ArrayType *GUCArrayReset(ArrayType *array);
 
 #ifdef EXEC_BACKEND
 extern void write_nondefault_variables(GucContext context);