| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Petr Jelinek <pjmodos(at)parba(dot)cz> |
| Cc: | pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: per user/database connections limit again |
| Date: | 2005-07-02 23:55:46 |
| Message-ID: | 20050702235546.GK24207@ns.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
* Petr Jelinek (pjmodos(at)parba(dot)cz) wrote:
> + if (!(superuser()
> + || ((Form_pg_database) GETSTRUCT(tuple))->datdba == GetUserId()))
> + aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
> + stmt->dbname);
This should almost certainly be a pg_database_ownercheck() call instead.
The rest needs to be updated for roles, but looks like it should be
pretty easy to do. Much of it just needs to be repatched, the parts
that do need to be changed look to be pretty simple changes.
I believe the use of SessionUserId is probably correct in this patch.
This does mean that this patch will only be for canlogin roles, but that
seems like it's probably correct. Handling roles w/ members would
require much more thought.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Fuhr | 2005-07-03 02:22:21 | contrib/pgcrypto patch for OpenSSL 0.9.8 |
| Previous Message | Bruce Momjian | 2005-07-02 23:35:03 | Re: [HACKERS] Dbsize backend integration |