From 6561372c572eff590d7d4759b4b5ec2cdc74ba5d Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 28 Jun 2005 22:16:45 +0000 Subject: Fix up problems in write_auth_file and parsing of the auth file. In particular, make hba.c cope with zero-length tokens, which it never did properly before. Also, enforce rolcanlogin. --- src/backend/utils/init/miscinit.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'src/backend/utils/init/miscinit.c') diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index 1db2992899..be1f6e7049 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/init/miscinit.c,v 1.143 2005/06/28 05:09:02 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/init/miscinit.c,v 1.144 2005/06/28 22:16:45 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -312,6 +312,7 @@ void InitializeSessionUserId(const char *rolename) { HeapTuple roleTup; + Form_pg_authid rform; Datum datum; bool isnull; Oid roleid; @@ -330,13 +331,19 @@ InitializeSessionUserId(const char *rolename) 0, 0, 0); if (!HeapTupleIsValid(roleTup)) ereport(FATAL, - (errcode(ERRCODE_UNDEFINED_OBJECT), + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), errmsg("role \"%s\" does not exist", rolename))); + rform = (Form_pg_authid) GETSTRUCT(roleTup); roleid = HeapTupleGetOid(roleTup); + if (!rform->rolcanlogin) + ereport(FATAL, + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), + errmsg("role \"%s\" is not permitted to log in", rolename))); + AuthenticatedUserId = roleid; - AuthenticatedUserIsSuperuser = ((Form_pg_authid) GETSTRUCT(roleTup))->rolsuper; + AuthenticatedUserIsSuperuser = rform->rolsuper; SetSessionUserId(roleid); /* sets CurrentUserId too */ -- cgit v1.2.1