*** pgsql-cvs/src/backend/commands/user.c Wed Jun 14 18:19:45 2000 --- pgsql-user/src/backend/commands/user.c Sun Jun 25 14:37:58 2000 *************** CreateUser(CreateUserStmt *stmt) *** 202,216 **** elog(ERROR, "CREATE USER: permission denied"); /* - * The reason for the following is this: If you start a transaction - * block, create a user, then roll back the transaction, the pg_pwd - * won't get rolled back due to a bug in the Unix file system ( :}). - * Hence this is in the interest of security. - */ - if (IsTransactionBlock()) - elog(ERROR, "CREATE USER: may not be called in a transaction block"); - - /* * Scan the pg_shadow relation to be certain the user or id doesn't * already exist. Note we secure exclusive lock, because we also need * to be sure of what the next usesysid should be, and we need to --- 202,207 ---- *************** AlterUser(AlterUserStmt *stmt) *** 356,364 **** && stmt->password && strcmp(GetPgUserName(), stmt->user) == 0)) elog(ERROR, "ALTER USER: permission denied"); ! /* see comments in create user */ ! if (IsTransactionBlock()) ! elog(ERROR, "ALTER USER: may not be called in a transaction block"); /* * Scan the pg_shadow relation to be certain the user exists. Note we --- 347,355 ---- && stmt->password && strcmp(GetPgUserName(), stmt->user) == 0)) elog(ERROR, "ALTER USER: permission denied"); ! /* changes to the flat password file cannot be rolled back */ ! if (IsTransactionBlock() && stmt->password) ! elog(NOTICE, "ALTER USER: password changes cannot be rolled back"); /* * Scan the pg_shadow relation to be certain the user exists. Note we *************** DropUser(DropUserStmt *stmt) *** 503,509 **** elog(ERROR, "DROP USER: permission denied"); if (IsTransactionBlock()) ! elog(ERROR, "DROP USER: may not be called in a transaction block"); /* * Scan the pg_shadow relation to find the usesysid of the user to be --- 494,500 ---- elog(ERROR, "DROP USER: permission denied"); if (IsTransactionBlock()) ! elog(NOTICE, "DROP USER cannot be rolled back completely"); /* * Scan the pg_shadow relation to find the usesysid of the user to be *************** CreateGroup(CreateGroupStmt *stmt) *** 675,688 **** if (!superuser()) elog(ERROR, "CREATE GROUP: permission denied"); - /* - * There is not real reason for this, but it makes it consistent with - * create user, and it seems like a good idea anyway. - */ - if (IsTransactionBlock()) - elog(ERROR, "CREATE GROUP: may not be called in a transaction block"); - - pg_group_rel = heap_openr(GroupRelationName, AccessExclusiveLock); pg_group_dsc = RelationGetDescr(pg_group_rel); --- 666,671 ---- *************** AlterGroup(AlterGroupStmt *stmt, const c *** 816,829 **** if (!superuser()) elog(ERROR, "%s: permission denied", tag); - /* - * There is not real reason for this, but it makes it consistent with - * alter user, and it seems like a good idea anyway. - */ - if (IsTransactionBlock()) - elog(ERROR, "%s: may not be called in a transaction block", tag); - - pg_group_rel = heap_openr(GroupRelationName, AccessExclusiveLock); pg_group_dsc = RelationGetDescr(pg_group_rel); --- 799,804 ---- *************** DropGroup(DropGroupStmt *stmt) *** 1091,1103 **** */ if (!superuser()) elog(ERROR, "DROP GROUP: permission denied"); - - /* - * There is not real reason for this, but it makes it consistent with - * drop user, and it seems like a good idea anyway. - */ - if (IsTransactionBlock()) - elog(ERROR, "DROP GROUP: may not be called in a transaction block"); /* * Scan the pg_group table and delete all matching groups. --- 1066,1071 ----