*) inet_(client|server)_(addr|port)() and necessary documentation for

the four functions.


> Also, please justify the temp-related changes.  I was not aware that we
> had any breakage there.

patch-tmp-schema.txt contains the following bits:

*) Changes pg_namespace_aclmask() so that the superuser is always able
to create objects in the temp namespace.
*) Changes pg_namespace_aclmask() so that if this is a temp namespace,
objects are only allowed to be created in the temp namespace if the
user has TEMP privs on the database.  This encompasses all object
creation, not just TEMP tables.
*) InitTempTableNamespace() checks to see if the current user, not the
session user, has access to create a temp namespace.

The first two changes are necessary to support the third change.  Now
it's possible to revoke all temp table privs from non-super users and
limiting all creation of temp tables/schemas via a function that's
executed with elevated privs (security definer).  Before this change,
it was not possible to have a setuid function to create a temp
table/schema if the session user had no TEMP privs.

patch-area-path.txt contains:

*) Can now determine the area of a closed path.


patch-dfmgr.txt contains:

*) Small tweak to add the library path that's being expanded.

I was using $lib/foo.so and couldn't easily figure out what the error
message, "invalid macro name in dynamic library path" meant without
looking through the source code.  With the path in there, at least I
know where to start looking in my config file.

Sean Chittenden

Author: bmomjian

doc/src/sgml/func.sgml

@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.204 2004/05/26 15:25:57 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.205 2004/05/26 18:35:31 momjian Exp $
 PostgreSQL documentation
 -->
 
@@ -6592,6 +6592,30 @@ SELECT NULLIF(value, '(none)') ...
        <entry>user name of current execution context</entry>
       </row>
 
+      <row>
+       <entry><function>inet_client_addr</function></entry>
+       <entry><type>inet</type></entry>
+       <entry>address of the remote connection</entry>
+      </row>
+
+      <row>
+       <entry><function>inet_client_port</function></entry>
+       <entry><type>int4</type></entry>
+       <entry>port of the remote connection</entry>
+      </row>
+
+      <row>
+       <entry><function>inet_server_addr</function></entry>
+       <entry><type>inet</type></entry>
+       <entry>address of the local connection</entry>
+      </row>
+
+      <row>
+       <entry><function>inet_server_port</function></entry>
+       <entry><type>int4</type></entry>
+       <entry>port of the local connection</entry>
+      </row>
+
       <row>
        <entry><function>session_user</function></entry>
        <entry><type>name</type></entry>
@@ -6647,6 +6671,17 @@ SELECT NULLIF(value, '(none)') ...
     </para>
    </note>
 
+   <para>
+     <function>inet_client_addr</function> and
+     <function>inet_server_addr</function> return the IPv4 or IPv6 (if
+     configured) address of the remote or local host connecting to the
+     database, respectively.  <function>inet_client_port</function>
+     and <function>inet_server_port</function> return the port number
+     of the remote or local host connecting to the database,
+     respectively.  If the connection is not a network connection,
+     these functions will return <literal>NULL</literal>.
+   </para>
+
    <para>
     <function>current_schema</function> returns the name of the schema that is
     at the front of the search path (or a null value if the search path is

src/backend/catalog/aclchk.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.99 2004/05/26 04:41:06 neilc Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.100 2004/05/26 18:35:32 momjian Exp $
  *
  * NOTES
  *	  See acl.h.
@@ -1342,17 +1342,27 @@ pg_namespace_aclmask(Oid nsp_oid, AclId userid,
 	bool		isNull;
 	Acl		   *acl;
 
-	/*
-	 * If we have been assigned this namespace as a temp namespace, assume
-	 * we have all grantable privileges on it.
-	 */
-	if (isTempNamespace(nsp_oid))
-		return mask;
-
 	/* Superusers bypass all permission checking. */
 	if (superuser_arg(userid))
 		return mask;
 
+	/*
+	 * If we have been assigned this namespace as a temp
+	 * namespace, check to make sure we have CREATE permissions on
+	 * the database.
+	 *
+	 * Instead of returning ACLCHECK_NO_PRIV, should we return via
+	 * ereport() with a message about trying to create an object
+	 * in a TEMP namespace when GetUserId() doesn't have perms?
+	 */
+	if (isTempNamespace(nsp_oid)) {
+	  if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
+				   ACL_CREATE_TEMP) == ACLCHECK_OK)
+	    return ACLCHECK_OK;
+	  else
+	    return ACLCHECK_NO_PRIV;
+	}
+
 	/*
 	 * Get the schema's ACL from pg_namespace
 	 */

src/backend/catalog/namespace.c

@@ -13,7 +13,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/namespace.c,v 1.64 2004/05/26 04:41:07 neilc Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/namespace.c,v 1.65 2004/05/26 18:35:32 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1640,11 +1640,11 @@ InitTempTableNamespace(void)
 	 * tables.	We use a nonstandard error message here since
 	 * "databasename: permission denied" might be a tad cryptic.
 	 *
-	 * Note we apply the check to the session user, not the currently active
-	 * userid, since we are not going to change our minds about temp table
-	 * availability during the session.
+	 * ACL_CREATE_TEMP perms are also checked in
+	 * pg_namespace_aclcheck() that way only users who have TEMP
+	 * perms can create objects.
 	 */
-	if (pg_database_aclcheck(MyDatabaseId, GetSessionUserId(),
+	if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
 							 ACL_CREATE_TEMP) != ACLCHECK_OK)
 		ereport(ERROR,
 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

src/backend/libpq/hba.c

@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.123 2004/05/26 04:41:18 neilc Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.124 2004/05/26 18:35:33 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1345,8 +1345,11 @@ ident_inet(const SockAddr remote_addr,
 	hints.ai_addr = NULL;
 	hints.ai_next = NULL;
 	rc = getaddrinfo_all(remote_addr_s, ident_port, &hints, &ident_serv);
-	if (rc || !ident_serv)
+	if (rc || !ident_serv) {
+		if (ident_serv)
+			freeaddrinfo_all(hints.ai_family, ident_serv);
 		return false;			/* we don't expect this to happen */
+	}
 
 	hints.ai_flags = AI_NUMERICHOST;
 	hints.ai_family = local_addr.addr.ss_family;
@@ -1357,8 +1360,11 @@ ident_inet(const SockAddr remote_addr,
 	hints.ai_addr = NULL;
 	hints.ai_next = NULL;
 	rc = getaddrinfo_all(local_addr_s, NULL, &hints, &la);
-	if (rc || !la)
+	if (rc || !la) {
+		if (la)
+			freeaddrinfo_all(hints.ai_family, la);
 		return false;			/* we don't expect this to happen */
+	}
 
 	sock_fd = socket(ident_serv->ai_family, ident_serv->ai_socktype,
 					 ident_serv->ai_protocol);

src/backend/libpq/ip.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/ip.c,v 1.25 2004/04/24 20:10:34 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/ip.c,v 1.26 2004/05/26 18:35:33 momjian Exp $
  *
  * This file and the IPV6 implementation were initially provided by
  * Nigel Kukard <nkukard@lbsd.net>, Linux Based Systems Design
@@ -73,11 +73,11 @@ getaddrinfo_all(const char *hostname, const char *servname,
 	*result = NULL;
 
 #ifdef HAVE_UNIX_SOCKETS
-	if (hintp != NULL && hintp->ai_family == AF_UNIX)
+	if (hintp->ai_family == AF_UNIX)
 		return getaddrinfo_unix(servname, hintp, result);
 #endif
 
-	/* NULL has special meaning to getaddrinfo */
+	/* NULL has special meaning to getaddrinfo(). */
 	return getaddrinfo((!hostname || hostname[0] == '\0') ? NULL : hostname,
 					   servname, hintp, result);
 }

src/backend/libpq/pqcomm.c

@@ -30,7 +30,7 @@
  * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- *	$PostgreSQL: pgsql/src/backend/libpq/pqcomm.c,v 1.168 2003/12/12 18:45:08 petere Exp $
+ *	$PostgreSQL: pgsql/src/backend/libpq/pqcomm.c,v 1.169 2004/05/26 18:35:33 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -251,7 +251,8 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
 			ereport(LOG,
 			 (errmsg("could not translate service \"%s\" to address: %s",
 					 service, gai_strerror(ret))));
-		freeaddrinfo_all(hint.ai_family, addrs);
+		if (addrs)
+			freeaddrinfo_all(hint.ai_family, addrs);
 		return STATUS_ERROR;
 	}
 

src/backend/postmaster/postmaster.c

@@ -37,7 +37,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.394 2004/05/23 03:50:45 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.395 2004/05/26 18:35:35 momjian Exp $
  *
  * NOTES
  *
@@ -2469,10 +2469,14 @@ BackendInit(Port *port)
 						remote_port, sizeof(remote_port),
 				   (log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV))
 	{
-		getnameinfo_all(&port->raddr.addr, port->raddr.salen,
+		int ret = getnameinfo_all(&port->raddr.addr, port->raddr.salen,
 						remote_host, sizeof(remote_host),
 						remote_port, sizeof(remote_port),
 						NI_NUMERICHOST | NI_NUMERICSERV);
+		if (ret)
+			ereport(WARNING,
+				(errmsg("getnameinfo_all() failed: %s",
+					gai_strerror(ret))));
 	}
 	snprintf(remote_ps_data, sizeof(remote_ps_data),
 			 remote_port[0] == '\0' ? "%s" : "%s(%s)",

src/backend/utils/adt/geo_ops.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/adt/geo_ops.c,v 1.84 2004/05/12 22:38:44 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/adt/geo_ops.c,v 1.85 2004/05/26 18:35:38 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1312,6 +1312,27 @@ line_interpt_internal(LINE *l1, LINE *l2)
  *				"(closed, npts, xcoord, ycoord,... )"
  *---------------------------------------------------------*/
 
+Datum
+path_area(PG_FUNCTION_ARGS)
+{
+	PATH	*path = PG_GETARG_PATH_P(0);
+	double	area = 0.0;
+	int i,j;
+
+	if (!path->closed)
+		PG_RETURN_NULL();
+
+	for (i = 0; i < path->npts; i++) {
+		j = (i + 1) % path->npts;
+		area += path->p[i].x * path->p[j].y;
+		area -= path->p[i].y * path->p[j].x;
+	}
+
+	area *= 0.5;
+	PG_RETURN_FLOAT8(area < 0.0 ? -area : area);
+}
+
+
 Datum
 path_in(PG_FUNCTION_ARGS)
 {

src/backend/utils/adt/network.c

@@ -1,7 +1,7 @@
 /*
  *	PostgreSQL type definitions for the INET and CIDR types.
  *
- *	$PostgreSQL: pgsql/src/backend/utils/adt/network.c,v 1.49 2003/12/01 18:50:19 tgl Exp $
+ *	$PostgreSQL: pgsql/src/backend/utils/adt/network.c,v 1.50 2004/05/26 18:35:38 momjian Exp $
  *
  *	Jon Postel RIP 16 Oct 1998
  */
@@ -14,7 +14,10 @@
 #include <arpa/inet.h>
 
 #include "catalog/pg_type.h"
+#include "libpq/ip.h"
+#include "libpq/libpq-be.h"
 #include "libpq/pqformat.h"
+#include "miscadmin.h"
 #include "utils/builtins.h"
 #include "utils/inet.h"
 
@@ -130,6 +133,110 @@ cidr_in(PG_FUNCTION_ARGS)
 	PG_RETURN_INET_P(network_in(src, 1));
 }
 
+/* INET that the client is connecting from */
+Datum
+inet_client_addr(PG_FUNCTION_ARGS)
+{
+	Port *port = MyProcPort;
+
+	if (port == NULL)
+		PG_RETURN_NULL();
+
+	switch (port->raddr.addr.ss_family) {
+	case AF_INET:
+#ifdef HAVE_IPV6
+	case AF_INET6:
+#endif
+		break;
+	default:
+		PG_RETURN_NULL();
+	}
+
+	PG_RETURN_INET_P(network_in(port->remote_host, 0));
+}
+
+
+/* port that the client is connecting from */
+Datum
+inet_client_port(PG_FUNCTION_ARGS)
+{
+	Port *port = MyProcPort;
+
+	if (port == NULL)
+		PG_RETURN_NULL();
+
+	PG_RETURN_INT32(DirectFunctionCall1(int4in, CStringGetDatum(port->remote_port)));
+}
+
+
+/* server INET that the client connected to */
+Datum
+inet_server_addr(PG_FUNCTION_ARGS)
+{
+	Port *port = MyProcPort;
+	char	local_host[NI_MAXHOST];
+	int	ret;
+
+	if (port == NULL)
+		PG_RETURN_NULL();
+
+	switch (port->laddr.addr.ss_family) {
+	case AF_INET:
+#ifdef HAVE_IPV6
+	case AF_INET6:
+#endif
+	  break;
+	default:
+		PG_RETURN_NULL();
+	}
+
+	local_host[0] = '\0';
+
+	ret = getnameinfo_all(&port->laddr.addr, port->laddr.salen,
+			      local_host, sizeof(local_host),
+			      NULL, 0,
+			      NI_NUMERICHOST | NI_NUMERICSERV);
+	if (ret)
+		PG_RETURN_NULL();
+
+	PG_RETURN_INET_P(network_in(local_host, 0));
+}
+
+
+/* port that the server accepted the connection on */
+Datum
+inet_server_port(PG_FUNCTION_ARGS)
+{
+	Port *port = MyProcPort;
+	char	local_port[NI_MAXSERV];
+	int	ret;
+
+	if (port == NULL)
+		PG_RETURN_NULL();
+
+	switch (port->laddr.addr.ss_family) {
+	case AF_INET:
+#ifdef HAVE_IPV6
+	case AF_INET6:
+#endif
+	  break;
+	default:
+		PG_RETURN_NULL();
+	}
+
+	local_port[0] = '\0';
+
+	ret = getnameinfo_all(&port->laddr.addr, port->laddr.salen,
+			      NULL, 0,
+			      local_port, sizeof(local_port),
+			      NI_NUMERICHOST | NI_NUMERICSERV);
+	if (ret)
+		PG_RETURN_NULL();
+
+	PG_RETURN_INT32(DirectFunctionCall1(int4in, CStringGetDatum(local_port)));
+}
+
+
 /*
  *	INET address output function.
  */