<para>
The third form of <command>CREATE TYPE</command> creates a new base type
- (scalar type). The parameters can appear in any order, not only that
+ (scalar type). To create a new base type, you must be a superuser.
+ (This restriction is made because an erroneous type definition could
+ confuse or even crash the server.)
+ </para>
+
+ <para>
+ The parameters can appear in any order, not only that
illustrated above, and most are optional. You must register
two or more functions (using <command>CREATE FUNCTION</command>) before
defining the type. The support functions
<para>
Because there are no restrictions on use of a data type once it's been
created, creating a base type is tantamount to granting public execute
- permission on the functions mentioned in the type definition. (The creator
- of the type is therefore required to own these functions.) This is usually
+ permission on the functions mentioned in the type definition.
+ This is usually
not an issue for the sorts of functions that are useful in a type
definition. But you might want to think twice before designing a type
in a way that would require <quote>secret</> information to be used
/*
* DefineType
- * Registers a new type.
+ * Registers a new base type.
*/
void
DefineType(List *names, List *parameters)
{
char *typeName;
Oid typeNamespace;
- AclResult aclresult;
int16 internalLength = -1; /* default: variable-length */
Oid elemType = InvalidOid;
List *inputName = NIL;
Oid resulttype;
Relation pg_type;
+ /*
+ * As of Postgres 8.4, we require superuser privilege to create a base
+ * type. This is simple paranoia: there are too many ways to mess up the
+ * system with an incorrect type definition (for instance, representation
+ * parameters that don't match what the C code expects). In practice
+ * it takes superuser privilege to create the I/O functions, and so the
+ * former requirement that you own the I/O functions pretty much forced
+ * superuserness anyway. We're just making doubly sure here.
+ *
+ * XXX re-enable NOT_USED code sections below if you remove this test.
+ */
+ if (!superuser())
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("must be superuser to create a base type")));
+
/* Convert list of names to a name and namespace */
typeNamespace = QualifiedNameGetCreationNamespace(names, &typeName);
+#ifdef NOT_USED
+ /* XXX this is unnecessary given the superuser check above */
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(typeNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
get_namespace_name(typeNamespace));
+#endif
/*
* Look to see if type already exists (presumably as a shell; if not,
* don't have a way to make the type go away if the grant option is
* revoked, so ownership seems better.
*/
+#ifdef NOT_USED
+ /* XXX this is unnecessary given the superuser check above */
if (inputOid && !pg_proc_ownercheck(inputOid, GetUserId()))
aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
NameListToString(inputName));
if (analyzeOid && !pg_proc_ownercheck(analyzeOid, GetUserId()))
aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
NameListToString(analyzeName));
+#endif
/* Preassign array type OID so we can insert it in pg_type.typarray */
pg_type = heap_open(TypeRelationId, AccessShareLock);
projects / users / simon / postgres.git / commitdiff