Require ownership permission for CREATE INDEX, per bug report.

Disallow CREATE INDEX on system catalogs, non-tables (views, sequences, etc). Disallow CREATE/DROP TRIGGER on system catalogs, non-tables. Disallow ALTER TABLE ADD/DROP CONSTRAINT on system catalogs. Disallow FOREIGN KEY reference to non-table. None of these things can actually work in the present system structure, but the code was letting them pass without complaint.
2025-10-30 00:04:49 -04:00 · 2002-01-03 23:21:32 +00:00 · 2002-01-03 23:21:32 +00:00 · dc6b4deb97
commit dc6b4deb97
parent d02f0aaa3b
5 changed files with 58 additions and 14 deletions
--- a/src/backend/commands/command.c
+++ b/src/backend/commands/command.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.151 2001/12/04 17:19:48 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.152 2002/01/03 23:19:30 tgl Exp $
 *
 * NOTES
 *	  The PerformAddAttribute() code, like most of the relation
@ -716,6 +716,7 @@ AlterTableAlterColumnStatistics(const char *relationName,
 	Relation	attrelation;
 	HeapTuple	tuple;
 	/* we allow this on system tables */
 #ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
 		elog(ERROR, "ALTER TABLE: permission denied");
@ -1190,6 +1191,9 @@ AlterTableAddConstraint(char *relationName,
 	Oid			myrelid;
 	List	   *listptr;
 	if (!allowSystemTableMods && IsSystemRelationName(relationName))
 		elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
 			 relationName);
 #ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
 		elog(ERROR, "ALTER TABLE: permission denied");
@ -1506,6 +1510,9 @@ AlterTableDropConstraint(const char *relationName,
 	Relation	rel;
 	int			deleted;
 	if (!allowSystemTableMods && IsSystemRelationName(relationName))
 		elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
 			 relationName);
 #ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
 		elog(ERROR, "ALTER TABLE: permission denied");
@ -1886,9 +1893,7 @@ needs_toast_table(Relation rel)
 }
 /*
 *
 * LOCK TABLE
 *
 */
 void
 LockTableCommand(LockStmt *lockstmt)
--- a/src/backend/commands/indexcmds.c
+++ b/src/backend/commands/indexcmds.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.61 2001/11/20 02:46:13 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.62 2002/01/03 23:19:36 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -73,6 +73,7 @@ DefineIndex(char *heapRelationName,
 	Oid		   *classObjectId;
 	Oid			accessMethodId;
 	Oid			relationId;
 	Relation	rel;
 	HeapTuple	tuple;
 	Form_pg_am	accessMethodForm;
 	IndexInfo  *indexInfo;
@ -90,12 +91,25 @@ DefineIndex(char *heapRelationName,
 			 INDEX_MAX_KEYS);
 	/*
-	 * compute heap relation id
+	 * Open heap relation, acquire a suitable lock on it, remember its OID
 	 */
-	if ((relationId = RelnameFindRelid(heapRelationName)) == InvalidOid)
+	rel = heap_openr(heapRelationName, ShareLock);
-		elog(ERROR, "DefineIndex: relation \"%s\" not found",
+
 	/* Note: during bootstrap may see uncataloged relation */
 	if (rel->rd_rel->relkind != RELKIND_RELATION &&
 		rel->rd_rel->relkind != RELKIND_UNCATALOGED)
 		elog(ERROR, "DefineIndex: relation \"%s\" is not a table",
 			 heapRelationName);
 	relationId = RelationGetRelid(rel);
 	heap_close(rel, NoLock);
 	if (!IsBootstrapProcessingMode() &&
 		IsSystemRelationName(heapRelationName) &&
 		!IndexesAreActive(relationId, false))
 		elog(ERROR, "Existing indexes are inactive. REINDEX first");
 	/*
 	 * look up the access method, verify it can handle the requested
 	 * features
@ -131,9 +145,6 @@ DefineIndex(char *heapRelationName,
 		CheckPredicate(cnfPred, rangetable, relationId);
 	}
 	if (!IsBootstrapProcessingMode() && IsSystemRelationName(heapRelationName) && !IndexesAreActive(relationId, false))
 		elog(ERROR, "Existing indexes are inactive. REINDEX first");
 	/*
 	 * Prepare arguments for index_create, primarily an IndexInfo
 	 * structure
--- a/src/backend/commands/trigger.c
+++ b/src/backend/commands/trigger.c
@ -7,7 +7,7 @@
 * Portions Copyright (c) 1994, Regents of the University of California
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.99 2001/11/16 16:31:16 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.100 2002/01/03 23:21:23 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -105,6 +105,10 @@ CreateTrigger(CreateTrigStmt *stmt)
 	rel = heap_openr(stmt->relname, AccessExclusiveLock);
 	if (rel->rd_rel->relkind != RELKIND_RELATION)
 		elog(ERROR, "CreateTrigger: relation \"%s\" is not a table",
 			 stmt->relname);
 	TRIGGER_CLEAR_TYPE(tgtype);
 	if (stmt->before)
 		TRIGGER_SETT_BEFORE(tgtype);
@ -315,11 +319,20 @@ DropTrigger(DropTrigStmt *stmt)
 	int			found = 0;
 	int			tgfound = 0;
 	if (!allowSystemTableMods && IsSystemRelationName(stmt->relname))
 		elog(ERROR, "DropTrigger: can't drop trigger for system relation %s",
 			 stmt->relname);
 	if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
-		elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
+		elog(ERROR, "%s: %s", stmt->relname,
 			 aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
 	rel = heap_openr(stmt->relname, AccessExclusiveLock);
 	if (rel->rd_rel->relkind != RELKIND_RELATION)
 		elog(ERROR, "DropTrigger: relation \"%s\" is not a table",
 			 stmt->relname);
 	/*
 	 * Search pg_trigger, delete target trigger, count remaining triggers
 	 * for relation.  Note this is OK only because we have
--- a/src/backend/parser/analyze.c
+++ b/src/backend/parser/analyze.c
@ -6,7 +6,7 @@
 * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- *	$Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.212 2001/11/12 21:04:45 tgl Exp $
+ *	$Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.213 2002/01/03 23:21:31 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -2792,6 +2792,10 @@ transformFkeyCheckAttrs(FkConstraint *fkconstraint, Oid *pktypoid)
 	 */
 	pkrel = heap_openr(fkconstraint->pktable_name, AccessShareLock);
 	if (pkrel->rd_rel->relkind != RELKIND_RELATION)
 		elog(ERROR, "Referenced relation \"%s\" is not a table",
 			 fkconstraint->pktable_name);
 	/*
 	 * Get the list of index OIDs for the table from the relcache, and
 	 * look up each one in the pg_index syscache for each unique one, and
@ -2881,6 +2885,10 @@ transformFkeyGetPrimaryKey(FkConstraint *fkconstraint, Oid *pktypoid)
 	 */
 	pkrel = heap_openr(fkconstraint->pktable_name, AccessShareLock);
 	if (pkrel->rd_rel->relkind != RELKIND_RELATION)
 		elog(ERROR, "Referenced relation \"%s\" is not a table",
 			 fkconstraint->pktable_name);
 	/*
 	 * Get the list of index OIDs for the table from the relcache, and
 	 * look up each one in the pg_index syscache until we find one marked
--- a/src/backend/tcop/utility.c
+++ b/src/backend/tcop/utility.c
@ -10,7 +10,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.123 2001/11/20 02:46:13 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.124 2002/01/03 23:21:32 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -532,6 +532,13 @@ ProcessUtility(Node *parsetree,
 				set_ps_display(commandTag = "CREATE");
 				relname = stmt->relname;
 				if (!allowSystemTableMods && IsSystemRelationName(relname))
 					elog(ERROR, "CREATE INDEX: relation \"%s\" is a system catalog",
 						 relname);
 				if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 					elog(ERROR, "permission denied");
 				DefineIndex(stmt->relname,		/* relation name */
 							stmt->idxname,		/* index name */
 							stmt->accessMethod, /* am name */