external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WIP

backport_permission_checks
Onder Kalaci 2022-08-15 13:43:40 +02:00
parent 9e0794b327
commit 4ecaf2b381
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/backend/distributed/utils/resource_lock.c
View File

@ -98,6 +98,7 @@ static void LockShardListResourcesOnFirstWorker(LOCKMODE lockmode,
static bool IsFirstWorkerNode(); static bool IsFirstWorkerNode();
static void CitusRangeVarCallbackForLockTable(const RangeVar *rangeVar, Oid relationId, static void CitusRangeVarCallbackForLockTable(const RangeVar *rangeVar, Oid relationId,
Oid oldRelationId, void *arg); Oid oldRelationId, void *arg);
static void EnsureCanAcquireLock(Oid relationId, LOCKMODE lockMode);
static AclResult CitusLockTableAclCheck(Oid relationId, LOCKMODE lockmode, Oid userId); static AclResult CitusLockTableAclCheck(Oid relationId, LOCKMODE lockmode, Oid userId);
static void SetLocktagForShardDistributionMetadata(int64 shardId, LOCKTAG *tag); static void SetLocktagForShardDistributionMetadata(int64 shardId, LOCKTAG *tag);
@ -624,6 +625,10 @@ LockShardResource(uint64 shardId, LOCKMODE lockmode)
const bool sessionLock = false; const bool sessionLock = false;
const bool dontWait = false; const bool dontWait = false;
/*
* We cannot allow underprivileged users to acquire locks on
* the owner tables of the shards.
*/
EnsureCanAcquireLock(RelationIdForShard(shardId), lockmode); EnsureCanAcquireLock(RelationIdForShard(shardId), lockmode);
SET_LOCKTAG_SHARD_RESOURCE(tag, MyDatabaseId, shardId); SET_LOCKTAG_SHARD_RESOURCE(tag, MyDatabaseId, shardId);