Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 916d816

Browse files
tglsfdctglsfdc
committed
Restrict CREATE OPERATOR CLASS to superusers, per discussion some weeks
ago.
1 parent d2db166 commit 916d816

File tree

2 files changed

+19
-5
lines changed

2 files changed

+19
-5
lines changed

doc/src/sgml/ref/create_opclass.sgml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.3 2002/09/21 18:32:54 petere Exp $
2+
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.4 2002/10/04 22:19:29 tgl Exp $
33
PostgreSQL documentation
44
-->
55

@@ -209,9 +209,10 @@ CREATE OPERATOR CLASS
209209
are for different index access methods.
210210
</para>
211211
<para>
212-
The user who defines an operator class becomes its owner. The user
213-
must own the data type for which the operator class is being defined,
214-
and must have execute permission for all referenced operators and functions.
212+
The user who defines an operator class becomes its owner. Presently,
213+
the creating user must be a superuser. (This restriction is made because
214+
an erroneous operator class definition could confuse or even crash the
215+
server.)
215216
</para>
216217

217218
<para>

src/backend/commands/opclasscmds.c

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
*
1010
*
1111
* IDENTIFICATION
12-
* $Header: /cvsroot/pgsql/src/backend/commands/opclasscmds.c,v 1.5 2002/09/04 20:31:15 momjian Exp $
12+
* $Header: /cvsroot/pgsql/src/backend/commands/opclasscmds.c,v 1.6 2002/10/04 22:19:29 tgl Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -96,12 +96,25 @@ DefineOpClass(CreateOpClassStmt *stmt)
9696

9797
ReleaseSysCache(tup);
9898

99+
/*
100+
* Currently, we require superuser privileges to create an opclass.
101+
* This seems necessary because we have no way to validate that the
102+
* offered set of operators and functions are consistent with the AM's
103+
* expectations. It would be nice to provide such a check someday,
104+
* if it can be done without solving the halting problem :-(
105+
*/
106+
if (!superuser())
107+
elog(ERROR, "Must be superuser to create an operator class");
108+
99109
/* Look up the datatype */
100110
typeoid = typenameTypeId(stmt->datatype);
101111

112+
#ifdef NOT_USED
113+
/* XXX this is unnecessary given the superuser check above */
102114
/* Check we have ownership of the datatype */
103115
if (!pg_type_ownercheck(typeoid, GetUserId()))
104116
aclcheck_error(ACLCHECK_NOT_OWNER, format_type_be(typeoid));
117+
#endif
105118

106119
/* Storage datatype is optional */
107120
storageoid = InvalidOid;

0 commit comments

Comments
 (0)