> > > Um, why not make it an actual full blown security feature by
> > > applying the following patch?  This gives PostgreSQL real read
> > > only transactions that users can't escape from.  Notes about the
> > > patch:
> > 
> > Way nifty.   
> > 
> > I vote in favor of this patch (suitably documented & debugged) for 7.5.
> 
> Heh, there ain't much to debug: it's pretty straight forward.  I ran
> all the use cases/syntaxes I could think of and they worked as
> expected.  It's a pretty chump little ditty that I originally wrote
> for the sake of the 7.4 PR, but it's proving to be quite useful here
> in my tree...  though I like the name "jail_read_only_transactions"
> more...  patch updated for new name.

Err..  and attached.  -sc

-- 
Sean Chittenden
Index: src/include/access/xact.h
===================================================================
RCS file: /home/ncvs/pgsql/pgsql-server/src/include/access/xact.h,v
retrieving revision 1.52
diff -u -r1.52 xact.h
--- src/include/access/xact.h   14 May 2003 03:26:03 -0000      1.52
+++ src/include/access/xact.h   30 Jul 2003 21:27:04 -0000
@@ -33,6 +33,7 @@
 /* Xact read-only state */
 extern bool    DefaultXactReadOnly;
 extern bool    XactReadOnly;
+extern bool    JailReadOnlyXacts;
 
 /*
  *     transaction states - transaction state from server perspective
Index: src/backend/utils/misc/guc.c
===================================================================
RCS file: /home/ncvs/pgsql/pgsql-server/src/backend/utils/misc/guc.c,v
retrieving revision 1.144
diff -u -r1.144 guc.c
--- src/backend/utils/misc/guc.c        29 Jul 2003 00:03:18 -0000      1.144
+++ src/backend/utils/misc/guc.c        30 Jul 2003 21:30:50 -0000
@@ -94,6 +94,7 @@
 static const char *assign_log_error_verbosity(const char *newval, bool doit,
                                                   bool interactive);
 static bool assign_phony_autocommit(bool newval, bool doit, bool interactive);
+static bool assign_transaction_read_only(bool newval, bool doit, bool interactive);
 
 
 /*
@@ -814,6 +815,15 @@
                        GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE
                },
                &XactReadOnly,
+               false, assign_transaction_read_only, NULL
+       },
+       {
+               {"jail_read_only_transactions", PGC_SUSET, CLIENT_CONN_STATEMENT,
+                       gettext_noop("Jails transactions that are READ ONLY so that 
users can't change the transaction from being in a READ ONLY mode"),
+                       NULL,
+                       GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE
+               },
+               &JailReadOnlyXacts,
                false, NULL, NULL
        },
        {
@@ -4375,6 +4385,39 @@
                return false;
        }
        return true;
+}
+
+
+static bool
+assign_transaction_read_only(bool newval, bool doit, bool interactive)
+{
+       if (JailReadOnlyXacts == false)
+       {
+               if (doit == true)
+                       XactReadOnly = newval;
+               return true;
+       } else {
+               if (superuser() == false)
+               {
+                       if (newval == true)
+                       {
+                               if (doit)
+                                       XactReadOnly = true;
+
+                               return true;
+                       } else {
+                               if (doit && interactive)
+                                       ereport(ERROR,
+                                               
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                                errmsg("Insufficient privileges to 
SET transaction_read_only TO FALSE")));
+                               return false;
+                       }
+               } else {
+                       if (doit)
+                               XactReadOnly = newval;
+                       return true;
+               }
+       }
 }
 
 
Index: src/backend/access/transam/xact.c
===================================================================
RCS file: /home/ncvs/pgsql/pgsql-server/src/backend/access/transam/xact.c,v
retrieving revision 1.149
diff -u -r1.149 xact.c
--- src/backend/access/transam/xact.c   21 Jul 2003 20:29:39 -0000      1.149
+++ src/backend/access/transam/xact.c   30 Jul 2003 21:31:17 -0000
@@ -211,6 +211,7 @@
 
 bool           DefaultXactReadOnly = false;
 bool           XactReadOnly;
+bool           JailReadOnlyXacts = false;
 
 int                    CommitDelay = 0;        /* precommit delay in microseconds */
 int                    CommitSiblings = 5; /* number of concurrent xacts needed to
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Reply via email to