Fix assign_session_authorization() to not be confused by all-numeric

user names.  Per recent reports.

diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index 622d205988081c8c9b13dbf4c765f322f0024def..6ce1487e86ef4c32feb2319dfd4c40da79a9f99b 100644 (file)
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.72 2002/12/05 04:04:42 momjian Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.73 2003/02/01 18:31:28 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -519,25 +519,36 @@ show_server_encoding(void)
 /*
  * SET SESSION AUTHORIZATION
  *
- * Note: when resetting session auth after an error, we can't expect to do
- * catalog lookups.  Hence, the stored form of the value is always a numeric
- * userid that can be re-used directly.
+ * When resetting session auth after an error, we can't expect to do catalog
+ * lookups.  Hence, the stored form of the value must provide a numeric userid
+ * that can be re-used directly.  We store the string in the form of
+ * NAMEDATALEN 'x's followed by the numeric userid --- this cannot conflict
+ * with any valid user name, because of the NAMEDATALEN limit on names.
  */
 const char *
 assign_session_authorization(const char *value, bool doit, bool interactive)
 {
-   AclId       usesysid;
-   char       *endptr;
+   AclId       usesysid = 0;
    char       *result;
 
-   usesysid = (Oid) strtoul(value, &endptr, 10);
-
-   if (endptr != value && *endptr == '\0' && OidIsValid(usesysid))
+   if (strspn(value, "x") == NAMEDATALEN)
    {
-       /* use the numeric user ID */
+       /* might be a saved numeric userid */
+       char       *endptr;
+
+       usesysid = (AclId) strtoul(value + NAMEDATALEN, &endptr, 10);
+
+       if (endptr != value + NAMEDATALEN && *endptr == '\0')
+       {
+           /* syntactically valid, so use the numeric user ID */
+       }
+       else
+           usesysid = 0;
    }
-   else
+
+   if (usesysid == 0)
    {
+       /* not a saved ID, so look it up */
        HeapTuple   userTup;
 
        userTup = SearchSysCache(SHADOWNAME,
@@ -558,11 +569,13 @@ assign_session_authorization(const char *value, bool doit, bool interactive)
    if (doit)
        SetSessionAuthorization(usesysid);
 
-   result = (char *) malloc(32);
+   result = (char *) malloc(NAMEDATALEN + 32);
    if (!result)
        return NULL;
 
-   snprintf(result, 32, "%lu", (unsigned long) usesysid);
+   memset(result, 'x', NAMEDATALEN);
+
+   snprintf(result + NAMEDATALEN, 32, "%lu", (unsigned long) usesysid);
 
    return result;
 }
@@ -570,5 +583,9 @@ assign_session_authorization(const char *value, bool doit, bool interactive)
 const char *
 show_session_authorization(void)
 {
+   /*
+    * We can't use the stored string; see comments for
+    * assign_session_authorization
+    */
    return GetUserNameFromId(GetSessionUserId());
 }