diff options
| author | Marc G. Fournier <scrappy@hub.org> | 1997-03-12 20:48:48 +0000 |
|---|---|---|
| committer | Marc G. Fournier <scrappy@hub.org> | 1997-03-12 20:48:48 +0000 |
| commit | e4949f9fe55223dac74b0075b5483ad15e8e318c (patch) | |
| tree | 0eebc8861f09df6d575a5834278176c04fe8ce16 /src/backend/tcop/utility.c | |
| parent | c00c511b7bb85e8c3fa2424a25cb9cea3d5f4b33 (diff) | |
| download | postgresql-e4949f9fe55223dac74b0075b5483ad15e8e318c.tar.gz postgresql-e4949f9fe55223dac74b0075b5483ad15e8e318c.zip | |
From: Dan McGuirk <mcguirk@indirect.com>
Subject: [HACKERS] better access control error messages
This patch replaces the 'no such class or insufficient privilege' with
distinct error messages that tell you whether the table really doesn't
exist or whether access was denied.
Diffstat (limited to 'src/backend/tcop/utility.c')
| -rw-r--r-- | src/backend/tcop/utility.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c index 693dadc8346..065d01457cc 100644 --- a/src/backend/tcop/utility.c +++ b/src/backend/tcop/utility.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.11 1997/01/16 14:56:21 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.12 1997/03/12 20:48:27 scrappy Exp $ * *------------------------------------------------------------------------- */ @@ -381,10 +381,13 @@ ProcessUtility(Node *parsetree, case T_RuleStmt: /* CREATE RULE */ { RuleStmt *stmt = (RuleStmt *)parsetree; + int aclcheck_result; + #ifndef NO_SECURITY relname = stmt->object->relname; - if (!pg_aclcheck(relname, userName, ACL_RU)) - elog(WARN, "%s %s", relname, ACL_NO_PRIV_WARNING); + aclcheck_result = pg_aclcheck(relname, userName, ACL_RU); + if(aclcheck_result != ACLCHECK_OK) + elog(WARN, "%s: %s", relname, aclcheck_error_strings[aclcheck_result]); #endif commandTag = "CREATE"; CHECK_IF_ABORTED(); @@ -423,19 +426,21 @@ ProcessUtility(Node *parsetree, relname); #ifndef NO_SECURITY if (!pg_ownercheck(userName, relname, RELNAME)) - elog(WARN, "you do not own class \"%s\"", - relname); + elog(WARN, "%s: %s", relationName, aclcheck_error_strings[ACLCHECK_NOT_OWNER]); #endif RemoveIndex(relname); break; case RULE: { char *rulename = stmt->name; + int aclcheck_result; #ifndef NO_SECURITY relationName = RewriteGetRuleEventRel(rulename); - if (!pg_aclcheck(relationName, userName, ACL_RU)) - elog(WARN, "%s %s", relationName, ACL_NO_PRIV_WARNING); + aclcheck_result = pg_aclcheck(relationName, userName, ACL_RU); + if(aclcheck_result != ACLCHECK_OK) { + elog(WARN, "%s: %s", relationName, aclcheck_error_strings[aclcheck_result]); + } #endif RemoveRewriteRule(rulename); } @@ -457,7 +462,7 @@ ProcessUtility(Node *parsetree, ruleName = MakeRetrieveViewRuleName(viewName); relationName = RewriteGetRuleEventRel(ruleName); if (!pg_ownercheck(userName, relationName, RELNAME)) - elog(WARN, "%s %s", relationName, ACL_NO_PRIV_WARNING); + elog(WARN, "%s: %s", relationName, aclcheck_error_strings[ACLCHECK_NOT_OWNER]); pfree(ruleName); #endif RemoveView(viewName); |