From 916d8164dffedeca2318c3df70e486a63a5a01f7 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Fri, 4 Oct 2002 22:19:29 +0000
Subject: [PATCH] Restrict CREATE OPERATOR CLASS to superusers, per discussion
 some weeks ago.

---
 doc/src/sgml/ref/create_opclass.sgml |  9 +++++----
 src/backend/commands/opclasscmds.c   | 15 ++++++++++++++-
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/doc/src/sgml/ref/create_opclass.sgml b/doc/src/sgml/ref/create_opclass.sgml
index 74ac1a8d202..48f21435da5 100644
--- a/doc/src/sgml/ref/create_opclass.sgml
+++ b/doc/src/sgml/ref/create_opclass.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.3 2002/09/21 18:32:54 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.4 2002/10/04 22:19:29 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -209,9 +209,10 @@ CREATE OPERATOR CLASS
    are for different index access methods.
   </para>
   <para>
-   The user who defines an operator class becomes its owner.  The user
-   must own the data type for which the operator class is being defined,
-   and must have execute permission for all referenced operators and functions.
+   The user who defines an operator class becomes its owner.  Presently,
+   the creating user must be a superuser.  (This restriction is made because
+   an erroneous operator class definition could confuse or even crash the
+   server.)
   </para>
 
   <para>
diff --git a/src/backend/commands/opclasscmds.c b/src/backend/commands/opclasscmds.c
index 277394626a8..4ec30f93aa3 100644
--- a/src/backend/commands/opclasscmds.c
+++ b/src/backend/commands/opclasscmds.c
@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/opclasscmds.c,v 1.5 2002/09/04 20:31:15 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/opclasscmds.c,v 1.6 2002/10/04 22:19:29 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -96,12 +96,25 @@ DefineOpClass(CreateOpClassStmt *stmt)
 
 	ReleaseSysCache(tup);
 
+	/*
+	 * Currently, we require superuser privileges to create an opclass.
+	 * This seems necessary because we have no way to validate that the
+	 * offered set of operators and functions are consistent with the AM's
+	 * expectations.  It would be nice to provide such a check someday,
+	 * if it can be done without solving the halting problem :-(
+	 */
+	if (!superuser())
+		elog(ERROR, "Must be superuser to create an operator class");
+
 	/* Look up the datatype */
 	typeoid = typenameTypeId(stmt->datatype);
 
+#ifdef NOT_USED
+	/* XXX this is unnecessary given the superuser check above */
 	/* Check we have ownership of the datatype */
 	if (!pg_type_ownercheck(typeoid, GetUserId()))
 		aclcheck_error(ACLCHECK_NOT_OWNER, format_type_be(typeoid));
+#endif
 
 	/* Storage datatype is optional */
 	storageoid = InvalidOid;
-- 
GitLab