diff options
| author | Bruce Momjian <bruce@momjian.us> | 1998-02-19 17:20:01 +0000 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 1998-02-19 17:20:01 +0000 |
| commit | df67b83a7a183291e53f9eea8f2553de893822c8 (patch) | |
| tree | 62188fefb8055085351ebec1b0d0a5207c5d119b /src/backend/commands/user.c | |
| parent | 70ddf2dfc2c2e06b74df0ccb9f34e80a76c51f33 (diff) | |
| download | postgresql-df67b83a7a183291e53f9eea8f2553de893822c8.tar.gz postgresql-df67b83a7a183291e53f9eea8f2553de893822c8.zip | |
Password fix. Now people have to do the REVOKE themselves.
Diffstat (limited to 'src/backend/commands/user.c')
| -rw-r--r-- | src/backend/commands/user.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index c1fc7389848..ef4b28e93d4 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -30,8 +30,11 @@ #include <tcop/tcopprot.h> #include <utils/acl.h> #include <utils/rel.h> +#include <utils/syscache.h> #include <commands/user.h> +static void CheckPgUserAclNotNull(void); + /*--------------------------------------------------------------------- * UpdatePgPwdFile * @@ -93,6 +96,8 @@ void DefineUser(CreateUserStmt *stmt) { inblock; int max_id = -1; + if (stmt->password) + CheckPgUserAclNotNull(); if (!(inblock = IsTransactionBlock())) BeginTransactionBlock(); @@ -204,6 +209,8 @@ extern void AlterUser(AlterUserStmt *stmt) { n, inblock; + if (stmt->password) + CheckPgUserAclNotNull(); if (!(inblock = IsTransactionBlock())) BeginTransactionBlock(); @@ -420,3 +427,30 @@ extern void RemoveUser(char* user) { if (IsTransactionBlock() && !inblock) EndTransactionBlock(); } + +/* + * CheckPgUserAclNotNull + * + * check to see if there is an ACL on pg_user + */ +static void CheckPgUserAclNotNull() +{ +HeapTuple htp; + + htp = SearchSysCacheTuple(RELNAME, PointerGetDatum(UserRelationName), + 0, 0, 0); + if (!HeapTupleIsValid(htp)) + { + elog(ERROR, "IsPgUserAclNull: class \"%s\" not found", + UserRelationName); + } + + if (heap_attisnull(htp, Anum_pg_class_relacl)) + { + elog(NOTICE, "To use passwords, you have to revoke permissions on pg_user"); + elog(NOTICE, "so normal users can not read the passwords."); + elog(ERROR, "Try 'REVOKE ALL ON pg_user FROM PUBLIC'"); + } + + return; +} |