diff options
Diffstat (limited to 'src/backend/parser')
| -rw-r--r-- | src/backend/parser/analyze.c | 22 | ||||
| -rw-r--r-- | src/backend/parser/parse_clause.c | 20 | ||||
| -rw-r--r-- | src/backend/parser/parse_relation.c | 48 |
3 files changed, 47 insertions, 43 deletions
diff --git a/src/backend/parser/analyze.c b/src/backend/parser/analyze.c index 33f32c1b377..89620821347 100644 --- a/src/backend/parser/analyze.c +++ b/src/backend/parser/analyze.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/backend/parser/analyze.c,v 1.295 2004/01/11 04:58:17 neilc Exp $ + * $PostgreSQL: pgsql/src/backend/parser/analyze.c,v 1.296 2004/01/14 23:01:55 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -472,7 +472,8 @@ transformDeleteStmt(ParseState *pstate, DeleteStmt *stmt) /* set up range table with just the result rel */ qry->resultRelation = setTargetTable(pstate, stmt->relation, interpretInhOption(stmt->relation->inhOpt), - true); + true, + ACL_DELETE); qry->distinctClause = NIL; @@ -539,7 +540,7 @@ transformInsertStmt(ParseState *pstate, InsertStmt *stmt, * table is not added to the joinlist or namespace. */ qry->resultRelation = setTargetTable(pstate, stmt->relation, - false, false); + false, false, ACL_INSERT); /* * Is it INSERT ... SELECT or INSERT ... VALUES? @@ -1721,8 +1722,8 @@ transformRuleStmt(ParseState *pstate, RuleStmt *stmt, makeAlias("*NEW*", NIL), false, true); /* Must override addRangeTableEntry's default access-check flags */ - oldrte->checkForRead = false; - newrte->checkForRead = false; + oldrte->requiredPerms = 0; + newrte->requiredPerms = 0; /* * They must be in the namespace too for lookup purposes, but only add @@ -1820,8 +1821,8 @@ transformRuleStmt(ParseState *pstate, RuleStmt *stmt, newrte = addRangeTableEntry(sub_pstate, stmt->relation, makeAlias("*NEW*", NIL), false, false); - oldrte->checkForRead = false; - newrte->checkForRead = false; + oldrte->requiredPerms = 0; + newrte->requiredPerms = 0; addRTEtoQuery(sub_pstate, oldrte, false, true); addRTEtoQuery(sub_pstate, newrte, false, true); @@ -2493,7 +2494,8 @@ transformUpdateStmt(ParseState *pstate, UpdateStmt *stmt) qry->resultRelation = setTargetTable(pstate, stmt->relation, interpretInhOption(stmt->relation->inhOpt), - true); + true, + ACL_UPDATE); /* * the FROM clause is non-standard SQL syntax. We used to be able to @@ -2880,7 +2882,7 @@ transformForUpdate(Query *qry, List *forUpdate) case RTE_RELATION: if (!intMember(i, rowMarks)) /* avoid duplicates */ rowMarks = lappendi(rowMarks, i); - rte->checkForWrite = true; + rte->requiredPerms |= ACL_SELECT_FOR_UPDATE; break; case RTE_SUBQUERY: /* @@ -2915,7 +2917,7 @@ transformForUpdate(Query *qry, List *forUpdate) case RTE_RELATION: if (!intMember(i, rowMarks)) /* avoid duplicates */ rowMarks = lappendi(rowMarks, i); - rte->checkForWrite = true; + rte->requiredPerms |= ACL_SELECT_FOR_UPDATE; break; case RTE_SUBQUERY: /* diff --git a/src/backend/parser/parse_clause.c b/src/backend/parser/parse_clause.c index d4e6747df6f..8b7be43af13 100644 --- a/src/backend/parser/parse_clause.c +++ b/src/backend/parser/parse_clause.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/parser/parse_clause.c,v 1.125 2003/11/29 19:51:51 pgsql Exp $ + * $PostgreSQL: pgsql/src/backend/parser/parse_clause.c,v 1.126 2004/01/14 23:01:55 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -116,11 +116,14 @@ transformFromClause(ParseState *pstate, List *frmList) * to check for namespace conflict; we assume that the namespace was * initially empty in these cases.) * + * Finally, we mark the relation as requiring the permissions specified + * by requiredPerms. + * * Returns the rangetable index of the target relation. */ int setTargetTable(ParseState *pstate, RangeVar *relation, - bool inh, bool alsoSource) + bool inh, bool alsoSource, AclMode requiredPerms) { RangeTblEntry *rte; int rtindex; @@ -149,16 +152,15 @@ setTargetTable(ParseState *pstate, RangeVar *relation, Assert(rte == rt_fetch(rtindex, pstate->p_rtable)); /* - * Override addRangeTableEntry's default checkForRead, and instead - * mark target table as requiring write access. + * Override addRangeTableEntry's default ACL_SELECT permissions check, + * and instead mark target table as requiring exactly the specified + * permissions. * * If we find an explicit reference to the rel later during parse - * analysis, scanRTEForColumn will change checkForRead to 'true' - * again. That can't happen for INSERT but it is possible for UPDATE - * and DELETE. + * analysis, scanRTEForColumn will add the ACL_SELECT bit back again. + * That can't happen for INSERT but it is possible for UPDATE and DELETE. */ - rte->checkForRead = false; - rte->checkForWrite = true; + rte->requiredPerms = requiredPerms; /* * If UPDATE/DELETE, add table to joinlist and namespace. diff --git a/src/backend/parser/parse_relation.c b/src/backend/parser/parse_relation.c index 76caa60aeb2..3e314bea963 100644 --- a/src/backend/parser/parse_relation.c +++ b/src/backend/parser/parse_relation.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/parser/parse_relation.c,v 1.91 2003/11/29 19:51:52 pgsql Exp $ + * $PostgreSQL: pgsql/src/backend/parser/parse_relation.c,v 1.92 2004/01/14 23:01:55 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -437,7 +437,7 @@ RTERangeTablePosn(ParseState *pstate, RangeTblEntry *rte, int *sublevels_up) * nothing. It might seem that we need to propagate the mark to all the * contained RTEs, but that is not necessary. This is so because a join * expression can only appear in a FROM clause, and any table named in - * FROM will be marked checkForRead from the beginning. + * FROM will be marked as requiring read access from the beginning. */ static Node * scanRTEForColumn(ParseState *pstate, RangeTblEntry *rte, char *colname) @@ -477,7 +477,8 @@ scanRTEForColumn(ParseState *pstate, RangeTblEntry *rte, char *colname) errmsg("column reference \"%s\" is ambiguous", colname))); result = (Node *) make_var(pstate, rte, attnum); - rte->checkForRead = true; + /* Require read access */ + rte->requiredPerms |= ACL_SELECT; } } @@ -504,7 +505,8 @@ scanRTEForColumn(ParseState *pstate, RangeTblEntry *rte, char *colname) 0, 0)) { result = (Node *) make_var(pstate, rte, attnum); - rte->checkForRead = true; + /* Require read access */ + rte->requiredPerms |= ACL_SELECT; } } } @@ -689,7 +691,7 @@ addRangeTableEntry(ParseState *pstate, * Flags: * - this RTE should be expanded to include descendant tables, * - this RTE is in the FROM clause, - * - this RTE should be checked for read/write access rights. + * - this RTE should be checked for appropriate access rights. * * The initial default on access checks is always check-for-READ-access, * which is the right thing for all except target tables. @@ -697,10 +699,9 @@ addRangeTableEntry(ParseState *pstate, */ rte->inh = inh; rte->inFromCl = inFromCl; - rte->checkForRead = true; - rte->checkForWrite = false; - rte->checkAsUser = InvalidOid; /* not set-uid by default, either */ + rte->requiredPerms = ACL_SELECT; + rte->checkAsUser = 0; /* not set-uid by default, either */ /* * Add completed RTE to pstate's range table list, but not to join @@ -784,7 +785,7 @@ addRangeTableEntryForRelation(ParseState *pstate, * Flags: * - this RTE should be expanded to include descendant tables, * - this RTE is in the FROM clause, - * - this RTE should be checked for read/write access rights. + * - this RTE should be checked for appropriate access rights. * * The initial default on access checks is always check-for-READ-access, * which is the right thing for all except target tables. @@ -792,10 +793,9 @@ addRangeTableEntryForRelation(ParseState *pstate, */ rte->inh = inh; rte->inFromCl = inFromCl; - rte->checkForRead = true; - rte->checkForWrite = false; - rte->checkAsUser = InvalidOid; /* not set-uid by default, either */ + rte->requiredPerms = ACL_SELECT; + rte->checkAsUser = 0; /* not set-uid by default, either */ /* * Add completed RTE to pstate's range table list, but not to join @@ -864,17 +864,16 @@ addRangeTableEntryForSubquery(ParseState *pstate, * Flags: * - this RTE should be expanded to include descendant tables, * - this RTE is in the FROM clause, - * - this RTE should be checked for read/write access rights. + * - this RTE should be checked for appropriate access rights. * * Subqueries are never checked for access rights. *---------- */ rte->inh = false; /* never true for subqueries */ rte->inFromCl = inFromCl; - rte->checkForRead = false; - rte->checkForWrite = false; - rte->checkAsUser = InvalidOid; + rte->requiredPerms = 0; + rte->checkAsUser = 0; /* * Add completed RTE to pstate's range table list, but not to join @@ -1034,15 +1033,17 @@ addRangeTableEntryForFunction(ParseState *pstate, * Flags: * - this RTE should be expanded to include descendant tables, * - this RTE is in the FROM clause, - * - this RTE should be checked for read/write access rights. + * - this RTE should be checked for appropriate access rights. + * + * Functions are never checked for access rights (at least, not by + * the RTE permissions mechanism). *---------- */ rte->inh = false; /* never true for functions */ rte->inFromCl = inFromCl; - rte->checkForRead = true; - rte->checkForWrite = false; - rte->checkAsUser = InvalidOid; + rte->requiredPerms = 0; + rte->checkAsUser = 0; /* * Add completed RTE to pstate's range table list, but not to join @@ -1095,17 +1096,16 @@ addRangeTableEntryForJoin(ParseState *pstate, * Flags: * - this RTE should be expanded to include descendant tables, * - this RTE is in the FROM clause, - * - this RTE should be checked for read/write access rights. + * - this RTE should be checked for appropriate access rights. * * Joins are never checked for access rights. *---------- */ rte->inh = false; /* never true for joins */ rte->inFromCl = inFromCl; - rte->checkForRead = false; - rte->checkForWrite = false; - rte->checkAsUser = InvalidOid; + rte->requiredPerms = 0; + rte->checkAsUser = 0; /* * Add completed RTE to pstate's range table list, but not to join |