the four functions.
> Also, please justify the temp-related changes. I was not aware that we
> had any breakage there.
patch-tmp-schema.txt contains the following bits:
*) Changes pg_namespace_aclmask() so that the superuser is always able
to create objects in the temp namespace.
*) Changes pg_namespace_aclmask() so that if this is a temp namespace,
objects are only allowed to be created in the temp namespace if the
user has TEMP privs on the database. This encompasses all object
creation, not just TEMP tables.
*) InitTempTableNamespace() checks to see if the current user, not the
session user, has access to create a temp namespace.
The first two changes are necessary to support the third change. Now
it's possible to revoke all temp table privs from non-super users and
limiting all creation of temp tables/schemas via a function that's
executed with elevated privs (security definer). Before this change,
it was not possible to have a setuid function to create a temp
table/schema if the session user had no TEMP privs.
patch-area-path.txt contains:
*) Can now determine the area of a closed path.
patch-dfmgr.txt contains:
*) Small tweak to add the library path that's being expanded.
I was using $lib/foo.so and couldn't easily figure out what the error
message, "invalid macro name in dynamic library path" meant without
looking through the source code. With the path in there, at least I
know where to start looking in my config file.
Sean Chittenden
<!--
-$PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.204 2004/05/26 15:25:57 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.205 2004/05/26 18:35:31 momjian Exp $
PostgreSQL documentation
-->
</row>
<row>
+ <entry><function>inet_client_addr</function></entry>
+ <entry><type>inet</type></entry>
+ <entry>address of the remote connection</entry>
+ </row>
+
+ <row>
+ <entry><function>inet_client_port</function></entry>
+ <entry><type>int4</type></entry>
+ <entry>port of the remote connection</entry>
+ </row>
+
+ <row>
+ <entry><function>inet_server_addr</function></entry>
+ <entry><type>inet</type></entry>
+ <entry>address of the local connection</entry>
+ </row>
+
+ <row>
+ <entry><function>inet_server_port</function></entry>
+ <entry><type>int4</type></entry>
+ <entry>port of the local connection</entry>
+ </row>
+
+ <row>
<entry><function>session_user</function></entry>
<entry><type>name</type></entry>
<entry>session user name</entry>
</note>
<para>
+ <function>inet_client_addr</function> and
+ <function>inet_server_addr</function> return the IPv4 or IPv6 (if
+ configured) address of the remote or local host connecting to the
+ database, respectively. <function>inet_client_port</function>
+ and <function>inet_server_port</function> return the port number
+ of the remote or local host connecting to the database,
+ respectively. If the connection is not a network connection,
+ these functions will return <literal>NULL</literal>.
+ </para>
+
+ <para>
<function>current_schema</function> returns the name of the schema that is
at the front of the search path (or a null value if the search path is
empty). This is the schema that will be used for any tables or
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.99 2004/05/26 04:41:06 neilc Exp $
+ * $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.100 2004/05/26 18:35:32 momjian Exp $
*
* NOTES
* See acl.h.
bool isNull;
Acl *acl;
- /*
- * If we have been assigned this namespace as a temp namespace, assume
- * we have all grantable privileges on it.
- */
- if (isTempNamespace(nsp_oid))
- return mask;
-
/* Superusers bypass all permission checking. */
if (superuser_arg(userid))
return mask;
/*
+ * If we have been assigned this namespace as a temp
+ * namespace, check to make sure we have CREATE permissions on
+ * the database.
+ *
+ * Instead of returning ACLCHECK_NO_PRIV, should we return via
+ * ereport() with a message about trying to create an object
+ * in a TEMP namespace when GetUserId() doesn't have perms?
+ */
+ if (isTempNamespace(nsp_oid)) {
+ if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
+ ACL_CREATE_TEMP) == ACLCHECK_OK)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
+ }
+
+ /*
* Get the schema's ACL from pg_namespace
*/
tuple = SearchSysCache(NAMESPACEOID,
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/catalog/namespace.c,v 1.64 2004/05/26 04:41:07 neilc Exp $
+ * $PostgreSQL: pgsql/src/backend/catalog/namespace.c,v 1.65 2004/05/26 18:35:32 momjian Exp $
*
*-------------------------------------------------------------------------
*/
* tables. We use a nonstandard error message here since
* "databasename: permission denied" might be a tad cryptic.
*
- * Note we apply the check to the session user, not the currently active
- * userid, since we are not going to change our minds about temp table
- * availability during the session.
+ * ACL_CREATE_TEMP perms are also checked in
+ * pg_namespace_aclcheck() that way only users who have TEMP
+ * perms can create objects.
*/
- if (pg_database_aclcheck(MyDatabaseId, GetSessionUserId(),
+ if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
ACL_CREATE_TEMP) != ACLCHECK_OK)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.123 2004/05/26 04:41:18 neilc Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.124 2004/05/26 18:35:33 momjian Exp $
*
*-------------------------------------------------------------------------
*/
hints.ai_addr = NULL;
hints.ai_next = NULL;
rc = getaddrinfo_all(remote_addr_s, ident_port, &hints, &ident_serv);
- if (rc || !ident_serv)
+ if (rc || !ident_serv) {
+ if (ident_serv)
+ freeaddrinfo_all(hints.ai_family, ident_serv);
return false; /* we don't expect this to happen */
+ }
hints.ai_flags = AI_NUMERICHOST;
hints.ai_family = local_addr.addr.ss_family;
hints.ai_addr = NULL;
hints.ai_next = NULL;
rc = getaddrinfo_all(local_addr_s, NULL, &hints, &la);
- if (rc || !la)
+ if (rc || !la) {
+ if (la)
+ freeaddrinfo_all(hints.ai_family, la);
return false; /* we don't expect this to happen */
+ }
sock_fd = socket(ident_serv->ai_family, ident_serv->ai_socktype,
ident_serv->ai_protocol);
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/ip.c,v 1.25 2004/04/24 20:10:34 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/ip.c,v 1.26 2004/05/26 18:35:33 momjian Exp $
*
* This file and the IPV6 implementation were initially provided by
* Nigel Kukard <nkukard@lbsd.net>, Linux Based Systems Design
*result = NULL;
#ifdef HAVE_UNIX_SOCKETS
- if (hintp != NULL && hintp->ai_family == AF_UNIX)
+ if (hintp->ai_family == AF_UNIX)
return getaddrinfo_unix(servname, hintp, result);
#endif
- /* NULL has special meaning to getaddrinfo */
+ /* NULL has special meaning to getaddrinfo(). */
return getaddrinfo((!hostname || hostname[0] == '\0') ? NULL : hostname,
servname, hintp, result);
}
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/backend/libpq/pqcomm.c,v 1.168 2003/12/12 18:45:08 petere Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/pqcomm.c,v 1.169 2004/05/26 18:35:33 momjian Exp $
*
*-------------------------------------------------------------------------
*/
ereport(LOG,
(errmsg("could not translate service \"%s\" to address: %s",
service, gai_strerror(ret))));
- freeaddrinfo_all(hint.ai_family, addrs);
+ if (addrs)
+ freeaddrinfo_all(hint.ai_family, addrs);
return STATUS_ERROR;
}
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.394 2004/05/23 03:50:45 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.395 2004/05/26 18:35:35 momjian Exp $
*
* NOTES
*
remote_port, sizeof(remote_port),
(log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV))
{
- getnameinfo_all(&port->raddr.addr, port->raddr.salen,
+ int ret = getnameinfo_all(&port->raddr.addr, port->raddr.salen,
remote_host, sizeof(remote_host),
remote_port, sizeof(remote_port),
NI_NUMERICHOST | NI_NUMERICSERV);
+ if (ret)
+ ereport(WARNING,
+ (errmsg("getnameinfo_all() failed: %s",
+ gai_strerror(ret))));
}
snprintf(remote_ps_data, sizeof(remote_ps_data),
remote_port[0] == '\0' ? "%s" : "%s(%s)",
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/utils/adt/geo_ops.c,v 1.84 2004/05/12 22:38:44 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/adt/geo_ops.c,v 1.85 2004/05/26 18:35:38 momjian Exp $
*
*-------------------------------------------------------------------------
*/
*---------------------------------------------------------*/
Datum
+path_area(PG_FUNCTION_ARGS)
+{
+ PATH *path = PG_GETARG_PATH_P(0);
+ double area = 0.0;
+ int i,j;
+
+ if (!path->closed)
+ PG_RETURN_NULL();
+
+ for (i = 0; i < path->npts; i++) {
+ j = (i + 1) % path->npts;
+ area += path->p[i].x * path->p[j].y;
+ area -= path->p[i].y * path->p[j].x;
+ }
+
+ area *= 0.5;
+ PG_RETURN_FLOAT8(area < 0.0 ? -area : area);
+}
+
+
+Datum
path_in(PG_FUNCTION_ARGS)
{
char *str = PG_GETARG_CSTRING(0);
/*
* PostgreSQL type definitions for the INET and CIDR types.
*
- * $PostgreSQL: pgsql/src/backend/utils/adt/network.c,v 1.49 2003/12/01 18:50:19 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/adt/network.c,v 1.50 2004/05/26 18:35:38 momjian Exp $
*
* Jon Postel RIP 16 Oct 1998
*/
#include <arpa/inet.h>
#include "catalog/pg_type.h"
+#include "libpq/ip.h"
+#include "libpq/libpq-be.h"
#include "libpq/pqformat.h"
+#include "miscadmin.h"
#include "utils/builtins.h"
#include "utils/inet.h"
PG_RETURN_INET_P(network_in(src, 1));
}
+/* INET that the client is connecting from */
+Datum
+inet_client_addr(PG_FUNCTION_ARGS)
+{
+ Port *port = MyProcPort;
+
+ if (port == NULL)
+ PG_RETURN_NULL();
+
+ switch (port->raddr.addr.ss_family) {
+ case AF_INET:
+#ifdef HAVE_IPV6
+ case AF_INET6:
+#endif
+ break;
+ default:
+ PG_RETURN_NULL();
+ }
+
+ PG_RETURN_INET_P(network_in(port->remote_host, 0));
+}
+
+
+/* port that the client is connecting from */
+Datum
+inet_client_port(PG_FUNCTION_ARGS)
+{
+ Port *port = MyProcPort;
+
+ if (port == NULL)
+ PG_RETURN_NULL();
+
+ PG_RETURN_INT32(DirectFunctionCall1(int4in, CStringGetDatum(port->remote_port)));
+}
+
+
+/* server INET that the client connected to */
+Datum
+inet_server_addr(PG_FUNCTION_ARGS)
+{
+ Port *port = MyProcPort;
+ char local_host[NI_MAXHOST];
+ int ret;
+
+ if (port == NULL)
+ PG_RETURN_NULL();
+
+ switch (port->laddr.addr.ss_family) {
+ case AF_INET:
+#ifdef HAVE_IPV6
+ case AF_INET6:
+#endif
+ break;
+ default:
+ PG_RETURN_NULL();
+ }
+
+ local_host[0] = '\0';
+
+ ret = getnameinfo_all(&port->laddr.addr, port->laddr.salen,
+ local_host, sizeof(local_host),
+ NULL, 0,
+ NI_NUMERICHOST | NI_NUMERICSERV);
+ if (ret)
+ PG_RETURN_NULL();
+
+ PG_RETURN_INET_P(network_in(local_host, 0));
+}
+
+
+/* port that the server accepted the connection on */
+Datum
+inet_server_port(PG_FUNCTION_ARGS)
+{
+ Port *port = MyProcPort;
+ char local_port[NI_MAXSERV];
+ int ret;
+
+ if (port == NULL)
+ PG_RETURN_NULL();
+
+ switch (port->laddr.addr.ss_family) {
+ case AF_INET:
+#ifdef HAVE_IPV6
+ case AF_INET6:
+#endif
+ break;
+ default:
+ PG_RETURN_NULL();
+ }
+
+ local_port[0] = '\0';
+
+ ret = getnameinfo_all(&port->laddr.addr, port->laddr.salen,
+ NULL, 0,
+ local_port, sizeof(local_port),
+ NI_NUMERICHOST | NI_NUMERICSERV);
+ if (ret)
+ PG_RETURN_NULL();
+
+ PG_RETURN_INT32(DirectFunctionCall1(int4in, CStringGetDatum(local_port)));
+}
+
+
/*
* INET address output function.
*/
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/utils/fmgr/dfmgr.c,v 1.72 2004/05/17 14:35:31 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/fmgr/dfmgr.c,v 1.73 2004/05/26 18:35:39 momjian Exp $
*
*-------------------------------------------------------------------------
*/
strncmp(name, "$libdir", strlen("$libdir")) != 0)
ereport(ERROR,
(errcode(ERRCODE_INVALID_NAME),
- errmsg("invalid macro name in dynamic library path")));
+ errmsg("invalid macro name in dynamic library path: %s", name)));
ret = palloc(strlen(pkglib_path) + strlen(sep_ptr) + 1);
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/catalog/pg_proc.h,v 1.331 2004/05/26 18:14:36 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/catalog/pg_proc.h,v 1.332 2004/05/26 18:35:43 momjian Exp $
*
* NOTES
* The script catalog/genbki.sh reads this file and generates .bki
DESCR("box height");
DATA(insert OID = 978 ( box_distance PGNSP PGUID 12 f f t f i 2 701 "603 603" _null_ box_distance - _null_ ));
DESCR("distance between boxes");
+DATA(insert OID = 979 ( area PGNSP PGUID 12 f f t f i 1 701 "602" _null_ path_area - _null_ ));
+DESCR("area of a closed path");
DATA(insert OID = 980 ( box_intersect PGNSP PGUID 12 f f t f i 2 603 "603 603" _null_ box_intersect - _null_ ));
DESCR("box intersection (another box)");
DATA(insert OID = 981 ( diagonal PGNSP PGUID 12 f f t f i 1 601 "603" _null_ box_diagonal - _null_ ));
DATA(insert OID = 911 ( inet_out PGNSP PGUID 12 f f t f i 1 2275 "869" _null_ inet_out - _null_ ));
DESCR("I/O");
+DATA(insert OID = 912 ( inet_client_addr PGNSP PGUID 12 f f f f s 0 869 "" _null_ inet_client_addr - _null_ ));
+DESCR("Returns the INET address of the client connected to the backend");
+DATA(insert OID = 913 ( inet_client_port PGNSP PGUID 12 f f f f s 0 23 "" _null_ inet_client_port - _null_ ));
+DESCR("Returns the client's port number for this connection");
+DATA(insert OID = 914 ( inet_server_addr PGNSP PGUID 12 f f f f s 0 869 "" _null_ inet_server_addr - _null_ ));
+DESCR("Returns the INET address that the backend is using to service the connection");
+DATA(insert OID = 915 ( inet_server_port PGNSP PGUID 12 f f f f s 0 23 "" _null_ inet_server_port - _null_ ));
+DESCR("Returns the servers's port number for this connection");
+
/* for cidr type support */
DATA(insert OID = 1267 ( cidr_in PGNSP PGUID 12 f f t f i 1 650 "2275" _null_ cidr_in - _null_ ));
DESCR("I/O");
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/utils/builtins.h,v 1.239 2004/05/26 15:26:18 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/utils/builtins.h,v 1.240 2004/05/26 18:35:46 momjian Exp $
*
*-------------------------------------------------------------------------
*/
void *dst, size_t size);
/* network.c */
+extern Datum inet_client_addr(PG_FUNCTION_ARGS);
+extern Datum inet_client_port(PG_FUNCTION_ARGS);
+extern Datum inet_server_addr(PG_FUNCTION_ARGS);
+extern Datum inet_server_port(PG_FUNCTION_ARGS);
extern Datum inet_in(PG_FUNCTION_ARGS);
extern Datum inet_out(PG_FUNCTION_ARGS);
extern Datum inet_recv(PG_FUNCTION_ARGS);
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/utils/geo_decls.h,v 1.43 2003/11/29 22:41:15 pgsql Exp $
+ * $PostgreSQL: pgsql/src/include/utils/geo_decls.h,v 1.44 2004/05/26 18:35:47 momjian Exp $
*
* NOTE
* These routines do *not* use the float types from adt/.
extern Datum box_div(PG_FUNCTION_ARGS);
/* public path routines */
+extern Datum path_area(PG_FUNCTION_ARGS);
extern Datum path_in(PG_FUNCTION_ARGS);
extern Datum path_out(PG_FUNCTION_ARGS);
extern Datum path_recv(PG_FUNCTION_ARGS);
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.270 2004/05/21 20:56:49 tgl Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.271 2004/05/26 18:35:51 momjian Exp $
*
*-------------------------------------------------------------------------
*/
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not translate Unix-domain socket path \"%s\" to address: %s\n"),
portstr, gai_strerror(ret));
- freeaddrinfo_all(hint.ai_family, addrs);
+ if (addrs)
+ freeaddrinfo_all(hint.ai_family, addrs);
goto connect_errReturn;
}
OSDN Git Service
