From 89ebbbef6cda4425f85ba12d638bb80a9e6314aa Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 27 Aug 2007 01:24:50 +0000 Subject: [PATCH] Require SELECT privilege on a table to do dblink_get_pkey(). This is not all that exciting when the system catalogs are readable by all, but some people try to lock them down, and would not like this sort of end run ... --- contrib/dblink/dblink.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c index d5945e678d..3d2b344f71 100644 --- a/contrib/dblink/dblink.c +++ b/contrib/dblink/dblink.c @@ -51,6 +51,7 @@ #include "nodes/pg_list.h" #include "parser/parse_type.h" #include "tcop/tcopprot.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/dynahash.h" @@ -1686,9 +1687,17 @@ get_pkey_attnames(Oid relid, int16 *numatts) char **result = NULL; Relation rel; TupleDesc tupdesc; + AclResult aclresult; - /* open relation using relid, get tupdesc */ + /* open relation using relid, check permissions, get tupdesc */ rel = relation_open(relid, AccessShareLock); + + aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(), + ACL_SELECT); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_CLASS, + RelationGetRelationName(rel)); + tupdesc = rel->rd_att; /* initialize numatts to 0 in case no primary key exists */ -- 2.39.5