Password fix. Now people have to do the REVOKE themselves.

diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index c1fc7389848c714b7dd3605a250e96291ffba791..ef4b28e93d4d0b5d95e3edb14b89f0f1cde6dee4 100644 (file)
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -30,8 +30,11 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 
+static void CheckPgUserAclNotNull(void);
+
 /*---------------------------------------------------------------------
  * UpdatePgPwdFile
  *
@@ -93,6 +96,8 @@ void DefineUser(CreateUserStmt *stmt) {
                    inblock;
   int              max_id = -1;
 
+  if (stmt->password)
+   CheckPgUserAclNotNull();
   if (!(inblock = IsTransactionBlock()))
     BeginTransactionBlock();
 
@@ -204,6 +209,8 @@ extern void AlterUser(AlterUserStmt *stmt) {
                    n,
                    inblock;
 
+  if (stmt->password)
+   CheckPgUserAclNotNull();
   if (!(inblock = IsTransactionBlock()))
     BeginTransactionBlock();
 
@@ -420,3 +427,30 @@ extern void RemoveUser(char* user) {
   if (IsTransactionBlock() && !inblock)
     EndTransactionBlock();
 }
+
+/*
+ * CheckPgUserAclNotNull
+ *
+ * check to see if there is an ACL on pg_user
+ */
+static void CheckPgUserAclNotNull()
+{
+HeapTuple htp;
+
+   htp = SearchSysCacheTuple(RELNAME, PointerGetDatum(UserRelationName),
+                             0, 0, 0);
+   if (!HeapTupleIsValid(htp))
+   {
+       elog(ERROR, "IsPgUserAclNull: class \"%s\" not found",
+            UserRelationName);
+   }
+
+   if (heap_attisnull(htp, Anum_pg_class_relacl))
+   {
+       elog(NOTICE, "To use passwords, you have to revoke permissions on pg_user");
+       elog(NOTICE, "so normal users can not read the passwords.");
+       elog(ERROR, "Try 'REVOKE ALL ON pg_user FROM PUBLIC'");
+   }
+   
+   return;
+}

diff --git a/src/bin/initdb/initdb.sh b/src/bin/initdb/initdb.sh
index 48ac278f06a831a7971829578ce987010827c63c..65e645855010b63b70620bc58a652b4507c95690 100644 (file)
--- a/src/bin/initdb/initdb.sh
+++ b/src/bin/initdb/initdb.sh
@@ -26,7 +26,7 @@
 #
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.31 1997/12/30 02:26:43 scrappy Exp $
+#    $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.32 1998/02/19 17:19:45 momjian Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -351,10 +351,6 @@ echo "vacuuming template1"
 echo "vacuum" | postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
    grep -v "^DEBUG:"
 
-echo "Altering pg_user acl"
-echo "REVOKE ALL ON pg_user FROM public" | postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
-         grep -v "'DEBUG:"
-
 echo "COPY pg_user TO '$PGDATA/pg_pwd' USING DELIMITERS '\\t'" | postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
          grep -v "'DEBUG:"
 

diff --git a/src/include/catalog/pg_user.h b/src/include/catalog/pg_user.h
index f98e1bb72bd2636ba92cab5e584381d8141b5bb5..e86158cac4a8f1bf8cb3c2e53b63ee6e1cd96ba6 100644 (file)
--- a/src/include/catalog/pg_user.h
+++ b/src/include/catalog/pg_user.h
@@ -7,7 +7,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_user.h,v 1.8 1997/12/12 16:26:36 momjian Exp $
+ * $Id: pg_user.h,v 1.9 1998/02/19 17:19:51 momjian Exp $
  *
  * NOTES
  *   the genbki.sh script reads this file and generates .bki
@@ -58,7 +58,7 @@ typedef FormData_pg_user *Form_pg_user;
 #define Anum_pg_user_usetrace          4
 #define Anum_pg_user_usesuper          5
 #define Anum_pg_user_usecatupd         6
-#define Anum_pg_user_passwd            7
+#define Anum_pg_user_passwd                7
 #define Anum_pg_user_valuntil          8
 
 /* ----------------

diff --git a/src/interfaces/ecpg/include/Makefile b/src/interfaces/ecpg/include/Makefile
index de9096be76998b3c278972e0d860684582de0146..5e15e972ebd752a0e83ce93c700fd6ed1d6049f2 100644 (file)
--- a/src/interfaces/ecpg/include/Makefile
+++ b/src/interfaces/ecpg/include/Makefile
@@ -6,9 +6,9 @@ all clean::
    @echo Nothing to be done.
 
 install::
-   install ecpglib.h $(DESTDIR)$(HEADERDIR)    
-   install ecpgtype.h $(DESTDIR)$(HEADERDIR)   
-   install sqlca.h $(DESTDIR)$(HEADERDIR)  
+   install $(INSTLOPTS) ecpglib.h $(DESTDIR)$(HEADERDIR)   
+   install $(INSTLOPTS) ecpgtype.h $(DESTDIR)$(HEADERDIR)  
+   install $(INSTLOPTS) sqlca.h $(DESTDIR)$(HEADERDIR) 
 
 uninstall::
    rm -f $(DESTDIR)$(HEADERDIR)/ecpglib.h