From c7558b3bae78cb15e7e8715e27b3751bd32a700d Mon Sep 17 00:00:00 2001 From: Peter Eisentraut <peter_e@gmx.net> Date: Sun, 25 Jun 2000 14:24:59 +0000 Subject: [PATCH] Relaxed pickiness about user and group commands in transaction blocks. --- src/backend/commands/user.c | 42 +++++-------------------------------- 1 file changed, 5 insertions(+), 37 deletions(-) diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 0b46b6b97d2..859cb31edad 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2000, PostgreSQL, Inc * Portions Copyright (c) 1994, Regents of the University of California * - * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.60 2000/06/12 03:40:29 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.61 2000/06/25 14:24:59 petere Exp $ * *------------------------------------------------------------------------- */ @@ -201,15 +201,6 @@ CreateUser(CreateUserStmt *stmt) if (!superuser()) elog(ERROR, "CREATE USER: permission denied"); - /* - * The reason for the following is this: If you start a transaction - * block, create a user, then roll back the transaction, the pg_pwd - * won't get rolled back due to a bug in the Unix file system ( :}). - * Hence this is in the interest of security. - */ - if (IsTransactionBlock()) - elog(ERROR, "CREATE USER: may not be called in a transaction block"); - /* * Scan the pg_shadow relation to be certain the user or id doesn't * already exist. Note we secure exclusive lock, because we also need @@ -356,9 +347,9 @@ AlterUser(AlterUserStmt *stmt) && stmt->password && strcmp(GetPgUserName(), stmt->user) == 0)) elog(ERROR, "ALTER USER: permission denied"); - /* see comments in create user */ - if (IsTransactionBlock()) - elog(ERROR, "ALTER USER: may not be called in a transaction block"); + /* changes to the flat password file cannot be rolled back */ + if (IsTransactionBlock() && stmt->password) + elog(NOTICE, "ALTER USER: password changes cannot be rolled back"); /* * Scan the pg_shadow relation to be certain the user exists. Note we @@ -503,7 +494,7 @@ DropUser(DropUserStmt *stmt) elog(ERROR, "DROP USER: permission denied"); if (IsTransactionBlock()) - elog(ERROR, "DROP USER: may not be called in a transaction block"); + elog(NOTICE, "DROP USER cannot be rolled back completely"); /* * Scan the pg_shadow relation to find the usesysid of the user to be @@ -675,14 +666,6 @@ CreateGroup(CreateGroupStmt *stmt) if (!superuser()) elog(ERROR, "CREATE GROUP: permission denied"); - /* - * There is not real reason for this, but it makes it consistent with - * create user, and it seems like a good idea anyway. - */ - if (IsTransactionBlock()) - elog(ERROR, "CREATE GROUP: may not be called in a transaction block"); - - pg_group_rel = heap_openr(GroupRelationName, AccessExclusiveLock); pg_group_dsc = RelationGetDescr(pg_group_rel); @@ -816,14 +799,6 @@ AlterGroup(AlterGroupStmt *stmt, const char *tag) if (!superuser()) elog(ERROR, "%s: permission denied", tag); - /* - * There is not real reason for this, but it makes it consistent with - * alter user, and it seems like a good idea anyway. - */ - if (IsTransactionBlock()) - elog(ERROR, "%s: may not be called in a transaction block", tag); - - pg_group_rel = heap_openr(GroupRelationName, AccessExclusiveLock); pg_group_dsc = RelationGetDescr(pg_group_rel); @@ -1092,13 +1067,6 @@ DropGroup(DropGroupStmt *stmt) if (!superuser()) elog(ERROR, "DROP GROUP: permission denied"); - /* - * There is not real reason for this, but it makes it consistent with - * drop user, and it seems like a good idea anyway. - */ - if (IsTransactionBlock()) - elog(ERROR, "DROP GROUP: may not be called in a transaction block"); - /* * Scan the pg_group table and delete all matching groups. */ -- GitLab