mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2025-01-18 18:44:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

I updated the patch to use the SET AUTHORIZATION { INVOKER | DEFINER }

Browse Source 
terminology. Also, the function owner is now determined and saved at compile
time (no gotchas here, right?)/

Mark Volpe
This commit is contained in:
Bruce Momjian 2001-07-11 18:54:19 +00:00
parent 11ac469f4a
commit d946b2083a
6 changed files with 129 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/pl/plpgsql/src/gram.y
View File

@ -4,7 +4,7 @@
* procedural language
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.21 2001/06/06 18:54:41 wieck Exp $
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.22 2001/07/11 18:54:18 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@ -122,11 +122,13 @@ static PLpgSQL_expr *make_tupret_expr(PLpgSQL_row *row);
%type <stmts> proc_sect, proc_stmts, stmt_else, loop_body
%type <stmt> proc_stmt, pl_block
%type <stmt> stmt_assign, stmt_if, stmt_loop, stmt_while, stmt_exit
%type <stmt> stmt_return, stmt_raise, stmt_execsql, stmt_fori
%type <stmt> stmt_return, stmt_raise, stmt_execsql, stmt_fori, stmt_setauth
%type <stmt> stmt_fors, stmt_select, stmt_perform
%type <stmt> stmt_dynexecute, stmt_dynfors, stmt_getdiag
%type <stmt> stmt_open, stmt_fetch, stmt_close
%type <ival> auth_level
%type <intlist> raise_params
%type <ival> raise_level, raise_param
%type <str> raise_msg
@ -172,6 +174,10 @@ static PLpgSQL_expr *make_tupret_expr(PLpgSQL_row *row);
%token K_PERFORM
%token K_ROW_COUNT
%token K_RAISE
%token K_SET
%token K_AUTHORIZATION
%token K_INVOKER
%token K_DEFINER
%token K_RECORD
%token K_RENAME
%token K_RESULT_OID
@ -726,6 +732,8 @@ proc_stmt : pl_block
{ $$ = $1; }
| stmt_raise
{ $$ = $1; }
| stmt_setauth
{ $$ = $1; }
| stmt_execsql
{ $$ = $1; }
| stmt_dynexecute
@ -1243,6 +1251,29 @@ stmt_return : K_RETURN lno
}
;
stmt_setauth : K_SET K_AUTHORIZATION auth_level lno ';'
{
PLpgSQL_stmt_setauth *new;
new=malloc(sizeof(PLpgSQL_stmt_setauth));
new->cmd_type = PLPGSQL_STMT_SETAUTH;
new->auth_level = $3;
new->lineno = $4;
$$ = (PLpgSQL_stmt *)new;
}
auth_level : K_DEFINER
{
$$=PLPGSQL_AUTH_DEFINER;
}
| K_INVOKER
{
$$=PLPGSQL_AUTH_INVOKER;
}
;
stmt_raise : K_RAISE lno raise_level raise_msg raise_params ';'
{
PLpgSQL_stmt_raise *new;

3
src/pl/plpgsql/src/pl_comp.c
View File

@ -3,7 +3,7 @@
* procedural language
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.31 2001/05/21 14:22:18 wieck Exp $
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.32 2001/07/11 18:54:18 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@ -169,6 +169,7 @@ plpgsql_compile(Oid fn_oid, int functype)
function->fn_functype = functype;
function->fn_oid = fn_oid;
function->definer_uid = procStruct->proowner;
function->fn_name = strdup(DatumGetCString(DirectFunctionCall1(nameout,
NameGetDatum(&(procStruct->proname)))));

49
src/pl/plpgsql/src/pl_exec.c
View File

@ -3,7 +3,7 @@
* procedural language
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.44 2001/05/28 19:33:24 tgl Exp $
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.45 2001/07/11 18:54:18 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@ -47,6 +47,7 @@
#include "plpgsql.h"
#include "pl.tab.h"
#include "miscadmin.h"
#include "access/heapam.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_type.h"
@ -105,6 +106,8 @@ static int exec_stmt_exit(PLpgSQL_execstate * estate,
PLpgSQL_stmt_exit * stmt);
static int exec_stmt_return(PLpgSQL_execstate * estate,
PLpgSQL_stmt_return * stmt);
static int exec_stmt_setauth(PLpgSQL_execstate * estate,
PLpgSQL_stmt_setauth * stmt);
static int exec_stmt_raise(PLpgSQL_execstate * estate,
PLpgSQL_stmt_raise * stmt);
static int exec_stmt_execsql(PLpgSQL_execstate * estate,
@ -226,6 +229,9 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
case PLPGSQL_STMT_RETURN:
stmttype = "return";
break;
case PLPGSQL_STMT_SETAUTH:
stmttype = "setauth";
break;
case PLPGSQL_STMT_RAISE:
stmttype = "raise";
break;
@ -277,7 +283,10 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
estate.retistuple = func->fn_retistuple;
estate.retisset = func->fn_retset;
estate.exitlabel = NULL;
estate.invoker_uid = GetUserId();
estate.definer_uid = func->definer_uid;
estate.auth_level = PLPGSQL_AUTH_INVOKER;
estate.found_varno = func->found_varno;
estate.ndatums = func->ndatums;
estate.datums = palloc(sizeof(PLpgSQL_datum *) * estate.ndatums);
@ -397,6 +406,9 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
elog(ERROR, "control reaches end of function without RETURN");
}
if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
SetUserId(estate.invoker_uid);
/*
* We got a return value - process it
*/
@ -577,6 +589,9 @@ plpgsql_exec_trigger(PLpgSQL_function * func,
estate.retistuple = func->fn_retistuple;
estate.retisset = func->fn_retset;
estate.exitlabel = NULL;
estate.invoker_uid = GetUserId();
estate.definer_uid = func->definer_uid;
estate.auth_level = PLPGSQL_AUTH_INVOKER;
estate.found_varno = func->found_varno;
estate.ndatums = func->ndatums;
@ -760,6 +775,9 @@ plpgsql_exec_trigger(PLpgSQL_function * func,
elog(ERROR, "control reaches end of trigger procedure without RETURN");
}
if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
SetUserId(estate.invoker_uid);
/*
* Check that the returned tuple structure has the same attributes,
* the relation that fired the trigger has.
@ -1022,6 +1040,10 @@ exec_stmt(PLpgSQL_execstate * estate, PLpgSQL_stmt * stmt)
rc = exec_stmt_return(estate, (PLpgSQL_stmt_return *) stmt);
break;
case PLPGSQL_STMT_SETAUTH:
rc = exec_stmt_setauth(estate, (PLpgSQL_stmt_setauth *) stmt);
break;
case PLPGSQL_STMT_RAISE:
rc = exec_stmt_raise(estate, (PLpgSQL_stmt_raise *) stmt);
break;
@ -1645,6 +1667,29 @@ exec_stmt_return(PLpgSQL_execstate * estate, PLpgSQL_stmt_return * stmt)
return PLPGSQL_RC_RETURN;
}
/* ----------
* exec_stmt_setauth Changes user ID to/from
* that of the function owner's
* ----------
*/
static int
exec_stmt_setauth(PLpgSQL_execstate * estate, PLpgSQL_stmt_setauth * stmt)
{
switch(stmt->auth_level)
{
case PLPGSQL_AUTH_DEFINER:
SetUserId(estate->definer_uid);
break;
case PLPGSQL_AUTH_INVOKER:
SetUserId(estate->invoker_uid);
break;
}
estate->auth_level=stmt->auth_level;
return PLPGSQL_RC_OK;
}
/* ----------
* exec_stmt_raise Build a message and throw it with

21
src/pl/plpgsql/src/pl_funcs.c
View File

@ -3,7 +3,7 @@
* procedural language
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.13 2001/05/21 14:22:19 wieck Exp $
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.14 2001/07/11 18:54:18 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@ -382,6 +382,7 @@ static void dump_fors(PLpgSQL_stmt_fors * stmt);
static void dump_select(PLpgSQL_stmt_select * stmt);
static void dump_exit(PLpgSQL_stmt_exit * stmt);
static void dump_return(PLpgSQL_stmt_return * stmt);
static void dump_setauth(PLpgSQL_stmt_setauth * stmt);
static void dump_raise(PLpgSQL_stmt_raise * stmt);
static void dump_execsql(PLpgSQL_stmt_execsql * stmt);
static void dump_dynexecute(PLpgSQL_stmt_dynexecute * stmt);
@ -438,6 +439,9 @@ dump_stmt(PLpgSQL_stmt * stmt)
case PLPGSQL_STMT_RETURN:
dump_return((PLpgSQL_stmt_return *) stmt);
break;
case PLPGSQL_STMT_SETAUTH:
dump_setauth((PLpgSQL_stmt_setauth *) stmt);
break;
case PLPGSQL_STMT_RAISE:
dump_raise((PLpgSQL_stmt_raise *) stmt);
break;
@ -721,6 +725,21 @@ dump_return(PLpgSQL_stmt_return * stmt)
printf("\n");
}
static void
dump_setauth(PLpgSQL_stmt_setauth * stmt)
{
dump_ind();
switch (stmt->auth_level)
{
case PLPGSQL_AUTH_DEFINER:
printf("SET AUTHORIZATION DEFINER\n");
break;
case PLPGSQL_AUTH_INVOKER:
printf("SET AUTHORIZATION INVOKER\n");
break;
}
}
static void
dump_raise(PLpgSQL_stmt_raise * stmt)
{

23
src/pl/plpgsql/src/plpgsql.h
View File

@ -3,7 +3,7 @@
* procedural language
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.14 2001/05/21 14:22:19 wieck Exp $
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.15 2001/07/11 18:54:19 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@ -95,6 +95,7 @@ enum
PLPGSQL_STMT_DYNEXECUTE,
PLPGSQL_STMT_DYNFORS,
PLPGSQL_STMT_GETDIAG,
PLPGSQL_STMT_SETAUTH,
PLPGSQL_STMT_OPEN,
PLPGSQL_STMT_FETCH,
PLPGSQL_STMT_CLOSE
@ -112,6 +113,16 @@ enum
PLPGSQL_RC_RETURN
};
/* ---------
* Authorization levels
* ---------
*/
enum
{
PLPGSQL_AUTH_INVOKER,
PLPGSQL_AUTH_DEFINER,
};
/* ----------
* GET DIAGNOSTICS system attrs
* ----------
@ -425,6 +436,12 @@ typedef struct
int retrecno;
} PLpgSQL_stmt_return;
typedef struct
{ /* SET AUTHORIZATION statement */
int cmd_type;
int lineno;
int auth_level;
} PLpgSQL_stmt_setauth;
typedef struct
{ /* RAISE statement */
@ -480,6 +497,7 @@ typedef struct PLpgSQL_function
int tg_nargs_varno;
int ndatums;
Oid definer_uid;
PLpgSQL_datum **datums;
PLpgSQL_stmt_block *action;
struct PLpgSQL_function *next;
@ -502,6 +520,9 @@ typedef struct
int found_varno;
int ndatums;
PLpgSQL_datum **datums;
Oid invoker_uid;
Oid definer_uid;
int auth_level;
} PLpgSQL_execstate;

6
src/pl/plpgsql/src/scan.l
View File

@ -4,7 +4,7 @@
* procedural language
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.12 2001/05/21 14:22:19 wieck Exp $
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.13 2001/07/11 18:54:19 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@ -121,6 +121,10 @@ null { return K_NULL; }
open { return K_OPEN; }
perform { return K_PERFORM; }
raise { return K_RAISE; }
set { return K_SET; }
authorization { return K_AUTHORIZATION; }
invoker { return K_INVOKER; }
definer { return K_DEFINER; }
record { return K_RECORD; }
rename { return K_RENAME; }
result_oid { return K_RESULT_OID; }