From 9a77104a266835384d5e7cb87c5c1592ef21b2c4 Mon Sep 17 00:00:00 2001 From: Alvaro Herrera Date: Thu, 25 Mar 2010 14:45:21 +0000 Subject: [PATCH] Prevent ALTER USER f RESET ALL from removing the settings that were put there by a superuser -- "ALTER USER f RESET setting" already disallows removing such a setting. Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database owner that's not superuser. --- src/backend/commands/dbcommands.c | 29 +++++++++-- src/backend/commands/user.c | 28 +++++++++-- src/backend/utils/misc/guc.c | 83 ++++++++++++++++++++++++++++++- src/include/utils/guc.h | 3 +- 4 files changed, 134 insertions(+), 9 deletions(-) diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c index 13bb4f92c2..7a52e8c8f3 100644 --- a/src/backend/commands/dbcommands.c +++ b/src/backend/commands/dbcommands.c @@ -13,7 +13,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.187.2.3 2008/04/17 00:00:00 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.187.2.4 2010/03/25 14:45:21 alvherre Exp $ * *------------------------------------------------------------------------- */ @@ -916,9 +916,30 @@ AlterDatabaseSet(AlterDatabaseSetStmt *stmt) if (strcmp(stmt->variable, "all") == 0 && valuestr == NULL) { - /* RESET ALL */ - repl_null[Anum_pg_database_datconfig - 1] = 'n'; - repl_val[Anum_pg_database_datconfig - 1] = (Datum) 0; + ArrayType *new = NULL; + Datum datum; + bool isnull; + + /* + * in RESET ALL, request GUC to reset the settings array; if none + * left, we can set datconfig to null; otherwise use the returned + * array + */ + datum = heap_getattr(tuple, Anum_pg_database_datconfig, + RelationGetDescr(rel), &isnull); + if (!isnull) + new = GUCArrayReset(DatumGetArrayTypeP(datum)); + if (new) + { + repl_val[Anum_pg_database_datconfig - 1] = PointerGetDatum(new); + repl_repl[Anum_pg_database_datconfig - 1] = 'r'; + repl_null[Anum_pg_database_datconfig - 1] = ' '; + } + else + { + repl_null[Anum_pg_database_datconfig - 1] = 'n'; + repl_val[Anum_pg_database_datconfig - 1] = (Datum) 0; + } } else { diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 2e9b27a598..9965068887 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2006, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.174 2006/10/04 00:29:51 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.174.2.1 2010/03/25 14:45:21 alvherre Exp $ * *------------------------------------------------------------------------- */ @@ -760,8 +760,30 @@ AlterRoleSet(AlterRoleSetStmt *stmt) repl_repl[Anum_pg_authid_rolconfig - 1] = 'r'; if (strcmp(stmt->variable, "all") == 0 && valuestr == NULL) { - /* RESET ALL */ - repl_null[Anum_pg_authid_rolconfig - 1] = 'n'; + ArrayType *new = NULL; + Datum datum; + bool isnull; + + /* + * in RESET ALL, request GUC to reset the settings array; if none + * left, we can set rolconfig to null; otherwise use the returned + * array + */ + datum = SysCacheGetAttr(AUTHNAME, oldtuple, + Anum_pg_authid_rolconfig, &isnull); + if (!isnull) + new = GUCArrayReset(DatumGetArrayTypeP(datum)); + if (new) + { + repl_val[Anum_pg_authid_rolconfig - 1] = PointerGetDatum(new); + repl_repl[Anum_pg_authid_rolconfig - 1] = 'r'; + repl_null[Anum_pg_authid_rolconfig - 1] = ' '; + } + else + { + repl_null[Anum_pg_authid_rolconfig - 1] = 'n'; + repl_val[Anum_pg_authid_rolconfig - 1] = (Datum) 0; + } } else { diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index d8a82ee10d..349967b955 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -10,7 +10,7 @@ * Written by Peter Eisentraut . * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.360.2.7 2010/02/25 13:26:19 mha Exp $ + * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.360.2.8 2010/03/25 14:45:21 alvherre Exp $ * *-------------------------------------------------------------------- */ @@ -5961,6 +5961,7 @@ ProcessGUCArray(ArrayType *array, GucSource source) free(name); if (value) free(value); + pfree(s); } } @@ -6095,6 +6096,7 @@ GUCArrayDelete(ArrayType *array, const char *name) && val[strlen(name)] == '=') continue; + /* else add it to the output array */ if (newarray) { @@ -6117,6 +6119,85 @@ GUCArrayDelete(ArrayType *array, const char *name) return newarray; } +/* + * Given a GUC array, delete all settings from it that our permission + * level allows: if superuser, delete them all; if regular user, only + * those that are PGC_USERSET + */ +ArrayType * +GUCArrayReset(ArrayType *array) +{ + ArrayType *newarray; + int i; + int index; + + /* if array is currently null, nothing to do */ + if (!array) + return NULL; + + /* if we're superuser, we can delete everything */ + if (superuser()) + return NULL; + + newarray = NULL; + index = 1; + + for (i = 1; i <= ARR_DIMS(array)[0]; i++) + { + Datum d; + char *val; + char *eqsgn; + bool isnull; + struct config_generic *gconf; + + d = array_ref(array, 1, &i, + -1 /* varlenarray */ , + -1 /* TEXT's typlen */ , + false /* TEXT's typbyval */ , + 'i' /* TEXT's typalign */ , + &isnull); + + if (isnull) + continue; + val = DatumGetCString(DirectFunctionCall1(textout, d)); + + eqsgn = strchr(val, '='); + *eqsgn = '\0'; + + gconf = find_option(val, WARNING); + if (!gconf) + continue; + + /* note: superuser-ness was already checked above */ + /* skip entry if OK to delete */ + if (gconf->context == PGC_USERSET) + continue; + + /* XXX do we need to worry about database owner? */ + + /* else add it to the output array */ + if (newarray) + { + newarray = array_set(newarray, 1, &index, + d, + false, + -1 /* varlenarray */ , + -1 /* TEXT's typlen */ , + false /* TEXT's typbyval */ , + 'i' /* TEXT's typalign */ ); + } + else + newarray = construct_array(&d, 1, + TEXTOID, + -1, false, 'i'); + + index++; + pfree(val); + } + + return newarray; +} + /* * assign_hook subroutines diff --git a/src/include/utils/guc.h b/src/include/utils/guc.h index d20dc67d09..6b100b7255 100644 --- a/src/include/utils/guc.h +++ b/src/include/utils/guc.h @@ -7,7 +7,7 @@ * Copyright (c) 2000-2006, PostgreSQL Global Development Group * Written by Peter Eisentraut . * - * $PostgreSQL: pgsql/src/include/utils/guc.h,v 1.76.2.1 2009/12/09 21:58:30 tgl Exp $ + * $PostgreSQL: pgsql/src/include/utils/guc.h,v 1.76.2.2 2010/03/25 14:45:21 alvherre Exp $ *-------------------------------------------------------------------- */ #ifndef GUC_H @@ -209,6 +209,7 @@ extern char *flatten_set_variable_args(const char *name, List *args); extern void ProcessGUCArray(ArrayType *array, GucSource source); extern ArrayType *GUCArrayAdd(ArrayType *array, const char *name, const char *value); extern ArrayType *GUCArrayDelete(ArrayType *array, const char *name); +extern ArrayType *GUCArrayReset(ArrayType *array); extern void pg_timezone_abbrev_initialize(void); -- 2.39.5