Require SELECT privilege on a table to do dblink_get_pkey(). This is

not all that exciting when the system catalogs are readable by all,
but some people try to lock them down, and would not like this sort of
end run ...

diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c
index d5945e678d796bae9712877847927de811294d3f..3d2b344f71adab48e65eb3ad0fecfdc24951978c 100644 (file)
--- a/contrib/dblink/dblink.c
+++ b/contrib/dblink/dblink.c
@@ -51,6 +51,7 @@
 #include "nodes/pg_list.h"
 #include "parser/parse_type.h"
 #include "tcop/tcopprot.h"
+#include "utils/acl.h"
 #include "utils/array.h"
 #include "utils/builtins.h"
 #include "utils/dynahash.h"
@@ -1686,9 +1687,17 @@ get_pkey_attnames(Oid relid, int16 *numatts)
        char      **result = NULL;
        Relation        rel;
        TupleDesc       tupdesc;
+       AclResult       aclresult;
 
-       /* open relation using relid, get tupdesc */
+       /* open relation using relid, check permissions, get tupdesc */
        rel = relation_open(relid, AccessShareLock);
+
+       aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
+                                                                 ACL_SELECT);
+       if (aclresult != ACLCHECK_OK)
+               aclcheck_error(aclresult, ACL_KIND_CLASS,
+                                          RelationGetRelationName(rel));
+
        tupdesc = rel->rd_att;
 
        /* initialize numatts to 0 in case no primary key exists */