Remove NO_SECURITY define.

85f1950a · Bruce Momjian · 17e3e470 · 85f1950a · 85f1950a · 85f1950a
Commit 85f1950a authored Oct 16, 2000 by Bruce Momjian
12 changed files
--- a/src/backend/commands/analyze.c
+++ b/src/backend/commands/analyze.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.7 2000/10/05 19:48:22 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.8 2000/10/16 17:08:05 momjian Exp $
 *
 *-------------------------------------------------------------------------
@@ -98,7 +98,6 @@ analyze_rel(Oid relid, List *anal_cols2, int MESSAGE_LEVEL)
 	onerel = heap_open(relid, AccessShareLock);
-#ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
 					   RELNAME))
 	{
@@ -110,7 +109,6 @@ analyze_rel(Oid relid, List *anal_cols2, int MESSAGE_LEVEL)
 		CommitTransactionCommand();
 		return;
 	}
-#endif
 	elog(MESSAGE_LEVEL, "Analyzing...");

--- a/src/backend/commands/command.c
+++ b/src/backend/commands/command.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.106 2000/10/10 17:13:30 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.107 2000/10/16 17:08:05 momjian Exp $
 *
 * NOTES
 *	  The PerformAddAttribute() code, like most of the relation
@@ -311,10 +311,8 @@ AlterTableAddColumn(const char *relationName,
 	if (!allowSystemTableMods && IsSystemRelationName(relationName))
 		elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
 			 relationName);
-#ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
 		elog(ERROR, "ALTER TABLE: permission denied");
-#endif
 	/*
 	 * Grab an exclusive lock on the target table, which we will NOT

--- a/src/backend/commands/comment.c
+++ b/src/backend/commands/comment.c
@@ -283,10 +283,8 @@ CommentRelation(int reltype, char *relname, char *comment)
 	/*** First, check object security ***/
-#ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 		elog(ERROR, "you are not permitted to comment on class '%s'", relname);
-#endif
 	/*** Now, attempt to find the oid in the cached version of pg_class ***/
@@ -349,10 +347,8 @@ CommentAttribute(char *relname, char *attrname, char *comment)
 	/*** First, check object security ***/
-#ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 		elog(ERROR, "you are not permitted to comment on class '%s\'", relname);
-#endif
 	/*** Now, fetch the attribute oid from the system cache ***/

--- a/src/backend/commands/remove.c
+++ b/src/backend/commands/remove.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/remove.c,v 1.53 2000/10/07 00:58:16 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/remove.c,v 1.54 2000/10/16 17:08:05 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -81,13 +81,11 @@ RemoveOperator(char *operatorName,		/* operator name */
 	if (HeapTupleIsValid(tup))
 	{
-#ifndef NO_SECURITY
 		if (!pg_ownercheck(GetUserId(),
 						   (char *) ObjectIdGetDatum(tup->t_data->t_oid),
 						   OPEROID))
 			elog(ERROR, "RemoveOperator: operator '%s': permission denied",
 				 operatorName);
-#endif
 		/*** Delete any comments associated with this operator ***/
@@ -250,11 +248,9 @@ RemoveType(char *typeName)		/* type name to be removed */
 	Oid			typeOid;
 	char	   *shadow_type;
-#ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), typeName, TYPENAME))
 		elog(ERROR, "RemoveType: type '%s': permission denied",
 			 typeName);
-#endif
 	relation = heap_openr(TypeRelationName, RowExclusiveLock);
@@ -334,13 +330,11 @@ RemoveFunction(char *functionName,		/* function name to be removed */
 		}
 	}
-#ifndef NO_SECURITY
 	if (!pg_func_ownercheck(GetUserId(), functionName, nargs, argList))
 	{
 		elog(ERROR, "RemoveFunction: function '%s': permission denied",
 			 functionName);
 	}
-#endif
 	relation = heap_openr(ProcedureRelationName, RowExclusiveLock);
 	tup = SearchSysCacheTuple(PROCNAME,
@@ -396,7 +390,6 @@ RemoveAggregate(char *aggName, char *aggType)
 	else
 		basetypeID = 0;
-#ifndef NO_SECURITY
 	if (!pg_aggr_ownercheck(GetUserId(), aggName, basetypeID))
 	{
 		if (aggType)
@@ -410,7 +403,6 @@ RemoveAggregate(char *aggName, char *aggType)
 				 aggName);
 		}
 	}
-#endif
 	relation = heap_openr(AggregateRelationName, RowExclusiveLock);
 	tup = SearchSysCacheTuple(AGGNAME,

--- a/src/backend/commands/rename.c
+++ b/src/backend/commands/rename.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/rename.c,v 1.48 2000/10/16 14:52:03 vadim Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/rename.c,v 1.49 2000/10/16 17:08:05 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -71,12 +71,10 @@ renameatt(char *relname,
 	if (!allowSystemTableMods && IsSystemRelationName(relname))
 		elog(ERROR, "renameatt: class \"%s\" is a system catalog",
 			 relname);
-#ifndef NO_SECURITY
 	if (!IsBootstrapProcessingMode() &&
 		!pg_ownercheck(GetUserId(), relname, RELNAME))
 		elog(ERROR, "renameatt: you do not own class \"%s\"",
 			 relname);
-#endif
 	/*
 	 * Grab an exclusive lock on the target table, which we will NOT

--- a/src/backend/commands/sequence.c
+++ b/src/backend/commands/sequence.c
@@ -201,11 +201,9 @@ nextval(PG_FUNCTION_ARGS)
 				next,
 				rescnt = 0;
-#ifndef NO_SECURITY
 	if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
 		elog(ERROR, "%s.nextval: you don't have permissions to set sequence %s",
 			 seqname, seqname);
-#endif
 	/* open and AccessShareLock sequence */
 	elm = init_sequence("nextval", seqname);
@@ -298,11 +296,9 @@ currval(PG_FUNCTION_ARGS)
 	SeqTable	elm;
 	int32		result;
-#ifndef NO_SECURITY
 	if (pg_aclcheck(seqname, GetUserId(), ACL_RD) != ACLCHECK_OK)
 		elog(ERROR, "%s.currval: you don't have permissions to read sequence %s",
 			 seqname, seqname);
-#endif
 	/* open and AccessShareLock sequence */
 	elm = init_sequence("currval", seqname);
@@ -325,11 +321,9 @@ do_setval(char *seqname, int32 next, bool iscalled)
 	Buffer		buf;
 	Form_pg_sequence seq;
-#ifndef NO_SECURITY
 	if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
 		elog(ERROR, "%s.setval: you don't have permissions to set sequence %s",
 			 seqname, seqname);
-#endif
 	/* open and AccessShareLock sequence */
 	elm = init_sequence("setval", seqname);

--- a/src/backend/commands/trigger.c
+++ b/src/backend/commands/trigger.c
@@ -7,7 +7,7 @@
 * Portions Copyright (c) 1994, Regents of the University of California
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.77 2000/09/06 14:15:16 petere Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.78 2000/10/16 17:08:05 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -68,10 +68,8 @@ CreateTrigger(CreateTrigStmt *stmt)
 	if (!allowSystemTableMods && IsSystemRelationName(stmt->relname))
 		elog(ERROR, "CreateTrigger: can't create trigger for system relation %s", stmt->relname);
-#ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
 		elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
-#endif
 	/* ----------
 	 * If trigger is a constraint, user trigger name as constraint
@@ -308,10 +306,8 @@ DropTrigger(DropTrigStmt *stmt)
 	int			found = 0;
 	int			tgfound = 0;
-#ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
 		elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
-#endif
 	rel = heap_openr(stmt->relname, AccessExclusiveLock);

--- a/src/backend/commands/vacuum.c
+++ b/src/backend/commands/vacuum.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/vacuum.c,v 1.167 2000/10/05 19:48:22 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/vacuum.c,v 1.168 2000/10/16 17:08:05 momjian Exp $
 *
 *-------------------------------------------------------------------------
@@ -397,7 +397,6 @@ vacuum_rel(Oid relid, bool analyze, bool is_toastrel)
 	 */
 	onerel = heap_open(relid, AccessExclusiveLock);
-#ifndef NO_SECURITY
 	if (!pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
 					   RELNAME))
 	{
@@ -408,7 +407,6 @@ vacuum_rel(Oid relid, bool analyze, bool is_toastrel)
 			CommitTransactionCommand();
 		return;
 	}
-#endif
 	/*
 	 * Remember the relation'ss TOAST relation for later

--- a/src/backend/executor/execMain.c
+++ b/src/backend/executor/execMain.c
@@ -27,7 +27,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.129 2000/10/05 19:11:26 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.130 2000/10/16 17:08:06 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -619,9 +619,7 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate)
 	/*
 	 * Do permissions checks.
 	 */
-#ifndef NO_SECURITY
 	ExecCheckQueryPerms(operation, parseTree, plan);
-#endif
 	/*
 	 * get information from query descriptor

--- a/src/backend/tcop/utility.c
+++ b/src/backend/tcop/utility.c
@@ -10,7 +10,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.95 2000/10/07 00:58:18 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.96 2000/10/16 17:08:07 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -174,11 +174,9 @@ ProcessUtility(Node *parsetree,
 							 relname);
 					/* close rel, but keep lock until end of xact */
 					heap_close(rel, NoLock);
-#ifndef NO_SECURITY
 					if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 						elog(ERROR, "you do not own class \"%s\"",
 							 relname);
-#endif
 				}
 				/* OK, terminate 'em all */
 				foreach(arg, args)
@@ -210,10 +208,8 @@ ProcessUtility(Node *parsetree,
 						 relname);
 				heap_close(rel, NoLock);
-#ifndef NO_SECURITY
 				if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 					elog(ERROR, "you do not own class \"%s\"", relname);
-#endif
 				TruncateRelation(relname);
 			}
 			break;
@@ -270,10 +266,8 @@ ProcessUtility(Node *parsetree,
 				if (!allowSystemTableMods && IsSystemRelationName(relname))
 					elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
 						 relname);
-#ifndef NO_SECURITY
 				if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 					elog(ERROR, "permission denied");
-#endif
 				/* ----------------
 				 *	XXX using len == 3 to tell the difference
@@ -430,12 +424,10 @@ ProcessUtility(Node *parsetree,
 				RuleStmt   *stmt = (RuleStmt *) parsetree;
 				int			aclcheck_result;
-#ifndef NO_SECURITY
 				relname = stmt->object->relname;
 				aclcheck_result = pg_aclcheck(relname, GetUserId(), ACL_RU);
 				if (aclcheck_result != ACLCHECK_OK)
 					elog(ERROR, "%s: %s", relname, aclcheck_error_strings[aclcheck_result]);
-#endif
 				set_ps_display(commandTag = "CREATE");
 				DefineQueryRewrite(stmt);
@@ -473,10 +465,8 @@ ProcessUtility(Node *parsetree,
 						if (!allowSystemTableMods && IsSystemRelationName(relname))
 							elog(ERROR, "class \"%s\" is a system catalog index",
 								 relname);
-#ifndef NO_SECURITY
 						if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 							elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
-#endif
 						RemoveIndex(relname);
 						break;
 					case RULE:
@@ -484,20 +474,15 @@ ProcessUtility(Node *parsetree,
 							char	   *rulename = stmt->name;
 							int			aclcheck_result;
-#ifndef NO_SECURITY
 							relationName = RewriteGetRuleEventRel(rulename);
 							aclcheck_result = pg_aclcheck(relationName, GetUserId(), ACL_RU);
 							if (aclcheck_result != ACLCHECK_OK)
 								elog(ERROR, "%s: %s", relationName, aclcheck_error_strings[aclcheck_result]);
-#endif
 							RemoveRewriteRule(rulename);
 						}
 						break;
 					case TYPE_P:
-#ifndef NO_SECURITY
 						/* XXX moved to remove.c */
-#endif
 						RemoveType(stmt->name);
 						break;
 					case VIEW:
@@ -505,14 +490,11 @@ ProcessUtility(Node *parsetree,
 							char	   *viewName = stmt->name;
 							char	   *ruleName;
-#ifndef NO_SECURITY
 							ruleName = MakeRetrieveViewRuleName(viewName);
 							relationName = RewriteGetRuleEventRel(ruleName);
 							if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
 								elog(ERROR, "%s: %s", relationName, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
 							pfree(ruleName);
-#endif
 							RemoveView(viewName);
 						}
 						break;
@@ -810,10 +792,8 @@ ProcessUtility(Node *parsetree,
 								elog(ERROR, "\"%s\" is a system index. call REINDEX under standalone postgres with -P -O options",
 								 relname);
 						}
-#ifndef NO_SECURITY
 						if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 							elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
-#endif
 						ReindexIndex(relname, stmt->force);
 						break;
 					case TABLE:
@@ -828,10 +808,8 @@ ProcessUtility(Node *parsetree,
 								 relname);
 						}
-#ifndef NO_SECURITY
 						if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 							elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
-#endif
 						ReindexTable(relname, stmt->force);
 						break;
 					case DATABASE:

--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.50 2000/10/07 00:58:19 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.51 2000/10/16 17:08:08 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -589,11 +589,9 @@ ExecuteChangeACLStmt(ChangeACLStmt *stmt)
 		if (rel && rel->rd_rel->relkind == RELKIND_INDEX)
 			elog(ERROR, "\"%s\" is an index relation",
 				 relname);
-#ifndef NO_SECURITY
 		if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 			elog(ERROR, "you do not own class \"%s\"",
 				 relname);
-#endif
 		ChangeAcl(relname, &aclitem, modechg);
 		/* close rel, but keep lock until end of xact */
 		heap_close(rel, NoLock);

--- a/src/include/config.h.in
+++ b/src/include/config.h.in
@@ -8,7 +8,7 @@
 * or in config.h afterwards.  Of course, if you edit config.h, then your
 * changes will be overwritten the next time you run configure.
 *
- * $Id: config.h.in,v 1.142 2000/10/14 23:56:58 momjian Exp $
+ * $Id: config.h.in,v 1.143 2000/10/16 17:08:11 momjian Exp $
 */
 #ifndef CONFIG_H
@@ -276,7 +276,6 @@
 /* #define RTDEBUG */
 /* #define GISTDEBUG */
 /* #define OMIT_PARTIAL_INDEX */
-/* #define NO_SECURITY        */
 /* #define LOCK_DEBUG */
 /*