Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitf9e8bc1

Browse files
Merge pull request#285 from Green-Chan/PGPRO-14441
[PGPRO-14441] Add "regress_" prefix to roles in test
2 parents9cf1428 +e3092cb commitf9e8bc1

File tree

5 files changed

+170
-170
lines changed

5 files changed

+170
-170
lines changed

‎expected/pathman_CVE-2020-14350.out‎

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7,15 +7,15 @@ DROP FUNCTION IF EXISTS _partition_data_concurrent(oid,integer);
77
DROP FUNCTION IF EXISTS create_single_range_partition(TEXT,ANYELEMENT,ANYELEMENT,TEXT);
88
DROP TABLE IF EXISTS test1 CASCADE;
99
DROP TABLE IF EXISTS test2 CASCADE;
10-
DROP ROLE IF EXISTSpathman_regress_hacker;
10+
DROP ROLE IF EXISTSregress_pathman_hacker;
1111
SET client_min_messages = 'notice';
1212
GRANT CREATE ON SCHEMA public TO PUBLIC;
1313
CREATE EXTENSION pg_pathman;
14-
CREATE ROLEpathman_regress_hacker LOGIN;
14+
CREATE ROLEregress_pathman_hacker LOGIN;
1515
-- Test 1
1616
RESET ROLE;
17-
ALTER ROLEpathman_regress_hacker NOSUPERUSER;
18-
SET ROLEpathman_regress_hacker;
17+
ALTER ROLEregress_pathman_hacker NOSUPERUSER;
18+
SET ROLEregress_pathman_hacker;
1919
SHOW is_superuser;
2020
is_superuser
2121
--------------
@@ -26,7 +26,7 @@ CREATE FUNCTION _partition_data_concurrent(relation oid, p_limit INT, OUT p_tota
2626
RETURNS bigint
2727
AS $$
2828
BEGIN
29-
ALTER ROLEpathman_regress_hacker SUPERUSER;
29+
ALTER ROLEregress_pathman_hacker SUPERUSER;
3030
SELECT _partition_data_concurrent(relation, NULL::text, NULL::text, p_limit) INTO p_total;
3131
END
3232
$$ LANGUAGE plpgsql;
@@ -53,7 +53,7 @@ SELECT pg_sleep(1);
5353
(1 row)
5454

5555
-- Test result (must be 'off')
56-
SET ROLEpathman_regress_hacker;
56+
SET ROLEregress_pathman_hacker;
5757
SHOW is_superuser;
5858
is_superuser
5959
--------------
@@ -62,8 +62,8 @@ SHOW is_superuser;
6262

6363
-- Test 2
6464
RESET ROLE;
65-
ALTER ROLEpathman_regress_hacker NOSUPERUSER;
66-
SET ROLEpathman_regress_hacker;
65+
ALTER ROLEregress_pathman_hacker NOSUPERUSER;
66+
SET ROLEregress_pathman_hacker;
6767
SHOW is_superuser;
6868
is_superuser
6969
--------------
@@ -74,7 +74,7 @@ CREATE FUNCTION create_single_range_partition(parent_relid TEXT, start_value ANY
7474
RETURNS REGCLASS
7575
AS $$
7676
BEGIN
77-
ALTER ROLEpathman_regress_hacker SUPERUSER;
77+
ALTER ROLEregress_pathman_hacker SUPERUSER;
7878
RETURN create_single_range_partition(parent_relid, start_value, end_value, partition_name, NULL::text);
7979
END
8080
$$ LANGUAGE plpgsql;
@@ -89,7 +89,7 @@ SELECT create_range_partitions('test2', 'i', 0, 1);
8989

9090
INSERT INTO test2 values(1);
9191
-- Test result (must be 'off')
92-
SET ROLEpathman_regress_hacker;
92+
SET ROLEregress_pathman_hacker;
9393
SHOW is_superuser;
9494
is_superuser
9595
--------------
@@ -112,5 +112,5 @@ NOTICE: drop cascades to 3 other objects
112112
DETAIL: drop cascades to sequence test2_seq
113113
drop cascades to table test2_1
114114
drop cascades to table test2_2
115-
DROP ROLEpathman_regress_hacker;
115+
DROP ROLEregress_pathman_hacker;
116116
DROP EXTENSION pg_pathman;

‎expected/pathman_permissions.out‎

Lines changed: 58 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -2,16 +2,16 @@
22
SET search_path = 'public';
33
CREATE EXTENSION pg_pathman;
44
CREATE SCHEMA permissions;
5-
CREATE ROLEpathman_user1 LOGIN;
6-
CREATE ROLEpathman_user2 LOGIN;
7-
GRANT USAGE, CREATE ON SCHEMA permissions TOpathman_user1;
8-
GRANT USAGE, CREATE ON SCHEMA permissions TOpathman_user2;
5+
CREATE ROLEregress_pathman_user1 LOGIN;
6+
CREATE ROLEregress_pathman_user2 LOGIN;
7+
GRANT USAGE, CREATE ON SCHEMA permissions TOregress_pathman_user1;
8+
GRANT USAGE, CREATE ON SCHEMA permissions TOregress_pathman_user2;
99
/* Switch to #1 */
10-
SET ROLEpathman_user1;
10+
SET ROLEregress_pathman_user1;
1111
CREATE TABLE permissions.pathman_user1_table(id serial, a int);
1212
INSERT INTO permissions.pathman_user1_table SELECT g, g FROM generate_series(1, 20) as g;
1313
/* Should fail (can't SELECT) */
14-
SET ROLEpathman_user2;
14+
SET ROLEregress_pathman_user2;
1515
DO $$
1616
BEGIN
1717
SELECT create_range_partitions('permissions.pathman_user1_table', 'id', 1, 10, 2);
@@ -20,11 +20,11 @@ EXCEPTION
2020
RAISE NOTICE 'Insufficient priviliges';
2121
END$$;
2222
NOTICE: Insufficient priviliges
23-
/* Grant SELECT topathman_user2 */
24-
SET ROLEpathman_user1;
25-
GRANT SELECT ON permissions.pathman_user1_table TOpathman_user2;
23+
/* Grant SELECT toregress_pathman_user2 */
24+
SET ROLEregress_pathman_user1;
25+
GRANT SELECT ON permissions.pathman_user1_table TOregress_pathman_user2;
2626
/* Should fail (don't own parent) */
27-
SET ROLEpathman_user2;
27+
SET ROLEregress_pathman_user2;
2828
DO $$
2929
BEGIN
3030
SELECT create_range_partitions('permissions.pathman_user1_table', 'id', 1, 10, 2);
@@ -34,15 +34,15 @@ EXCEPTION
3434
END$$;
3535
NOTICE: Insufficient priviliges
3636
/* Should be ok */
37-
SET ROLEpathman_user1;
37+
SET ROLEregress_pathman_user1;
3838
SELECT create_range_partitions('permissions.pathman_user1_table', 'id', 1, 10, 2);
3939
create_range_partitions
4040
-------------------------
4141
2
4242
(1 row)
4343

4444
/* Should be able to see */
45-
SET ROLEpathman_user2;
45+
SET ROLEregress_pathman_user2;
4646
SELECT * FROM pathman_config;
4747
partrel | expr | parttype | range_interval
4848
---------------------------------+------+----------+----------------
@@ -56,20 +56,20 @@ SELECT * FROM pathman_config_params;
5656
(1 row)
5757

5858
/* Should fail */
59-
SET ROLEpathman_user2;
59+
SET ROLEregress_pathman_user2;
6060
SELECT set_enable_parent('permissions.pathman_user1_table', true);
6161
WARNING: only the owner or superuser can change partitioning configuration of table "pathman_user1_table"
6262
ERROR: new row violates row-level security policy for table "pathman_config_params"
6363
SELECT set_auto('permissions.pathman_user1_table', false);
6464
WARNING: only the owner or superuser can change partitioning configuration of table "pathman_user1_table"
6565
ERROR: new row violates row-level security policy for table "pathman_config_params"
6666
/* Should fail */
67-
SET ROLEpathman_user2;
67+
SET ROLEregress_pathman_user2;
6868
DELETE FROM pathman_config
6969
WHERE partrel = 'permissions.pathman_user1_table'::regclass;
7070
WARNING: only the owner or superuser can change partitioning configuration of table "pathman_user1_table"
7171
/* No rights to insert, should fail */
72-
SET ROLEpathman_user2;
72+
SET ROLEregress_pathman_user2;
7373
DO $$
7474
BEGIN
7575
INSERT INTO permissions.pathman_user1_table (id, a) VALUES (35, 0);
@@ -79,15 +79,15 @@ EXCEPTION
7979
END$$;
8080
NOTICE: Insufficient priviliges
8181
/* No rights to create partitions (need INSERT privilege) */
82-
SET ROLEpathman_user2;
82+
SET ROLEregress_pathman_user2;
8383
SELECT prepend_range_partition('permissions.pathman_user1_table');
8484
ERROR: permission denied for parent relation "pathman_user1_table"
85-
/* Allowpathman_user2 to create partitions */
86-
SET ROLEpathman_user1;
87-
GRANT INSERT ON permissions.pathman_user1_table TOpathman_user2;
88-
GRANT UPDATE(a) ON permissions.pathman_user1_table TOpathman_user2; /* per-column ACL */
85+
/* Allowregress_pathman_user2 to create partitions */
86+
SET ROLEregress_pathman_user1;
87+
GRANT INSERT ON permissions.pathman_user1_table TOregress_pathman_user2;
88+
GRANT UPDATE(a) ON permissions.pathman_user1_table TOregress_pathman_user2; /* per-column ACL */
8989
/* Should be able to prepend a partition */
90-
SET ROLEpathman_user2;
90+
SET ROLEregress_pathman_user2;
9191
SELECT prepend_range_partition('permissions.pathman_user1_table');
9292
prepend_range_partition
9393
-----------------------------------
@@ -100,9 +100,9 @@ WHERE attrelid = (SELECT "partition" FROM pathman_partition_list
100100
ORDER BY range_min::int ASC /* prepend */
101101
LIMIT 1)
102102
ORDER BY attname; /* check ACL for each column */
103-
attname | attacl
104-
----------+---------------------------------
105-
a | {pathman_user2=w/pathman_user1}
103+
attname |attacl
104+
----------+-------------------------------------------------
105+
a | {regress_pathman_user2=w/regress_pathman_user1}
106106
cmax |
107107
cmin |
108108
ctid |
@@ -113,7 +113,7 @@ ORDER BY attname; /* check ACL for each column */
113113
(8 rows)
114114

115115
/* Have rights, should be ok (parent's ACL is shared by new children) */
116-
SET ROLEpathman_user2;
116+
SET ROLEregress_pathman_user2;
117117
INSERT INTO permissions.pathman_user1_table (id, a) VALUES (35, 0) RETURNING *;
118118
id | a
119119
----+---
@@ -126,11 +126,11 @@ WHERE oid = ANY (SELECT "partition" FROM pathman_partition_list
126126
ORDER BY range_max::int DESC /* append */
127127
LIMIT 3)
128128
ORDER BY relname; /* we also check ACL for "pathman_user1_table_2" */
129-
relname | relacl
130-
-----------------------+----------------------------------------------------------------------
131-
pathman_user1_table_2 | {pathman_user1=arwdDxt/pathman_user1,pathman_user2=r/pathman_user1}
132-
pathman_user1_table_5 | {pathman_user1=arwdDxt/pathman_user1,pathman_user2=ar/pathman_user1}
133-
pathman_user1_table_6 | {pathman_user1=arwdDxt/pathman_user1,pathman_user2=ar/pathman_user1}
129+
relname |relacl
130+
-----------------------+------------------------------------------------------------------------------------------------------
131+
pathman_user1_table_2 | {regress_pathman_user1=arwdDxt/regress_pathman_user1,regress_pathman_user2=r/regress_pathman_user1}
132+
pathman_user1_table_5 | {regress_pathman_user1=arwdDxt/regress_pathman_user1,regress_pathman_user2=ar/regress_pathman_user1}
133+
pathman_user1_table_6 | {regress_pathman_user1=arwdDxt/regress_pathman_user1,regress_pathman_user2=ar/regress_pathman_user1}
134134
(3 rows)
135135

136136
/* Try to drop partition, should fail */
@@ -143,19 +143,19 @@ EXCEPTION
143143
END$$;
144144
NOTICE: Insufficient priviliges
145145
/* Disable automatic partition creation */
146-
SET ROLEpathman_user1;
146+
SET ROLEregress_pathman_user1;
147147
SELECT set_auto('permissions.pathman_user1_table', false);
148148
set_auto
149149
----------
150150

151151
(1 row)
152152

153153
/* Partition creation, should fail */
154-
SET ROLEpathman_user2;
154+
SET ROLEregress_pathman_user2;
155155
INSERT INTO permissions.pathman_user1_table (id, a) VALUES (55, 0) RETURNING *;
156156
ERROR: no suitable partition for key '55'
157157
/* Finally drop partitions */
158-
SET ROLEpathman_user1;
158+
SET ROLEregress_pathman_user1;
159159
SELECT drop_partitions('permissions.pathman_user1_table');
160160
NOTICE: 10 rows copied from permissions.pathman_user1_table_1
161161
NOTICE: 10 rows copied from permissions.pathman_user1_table_2
@@ -168,7 +168,7 @@ NOTICE: 1 rows copied from permissions.pathman_user1_table_6
168168
(1 row)
169169

170170
/* Switch to #2 */
171-
SET ROLEpathman_user2;
171+
SET ROLEregress_pathman_user2;
172172
/* Test ddl event trigger */
173173
CREATE TABLE permissions.pathman_user2_table(id serial);
174174
SELECT create_hash_partitions('permissions.pathman_user2_table', 'id', 3);
@@ -188,10 +188,10 @@ NOTICE: 10 rows copied from permissions.pathman_user2_table_2
188188
(1 row)
189189

190190
/* Switch to #1 */
191-
SET ROLEpathman_user1;
191+
SET ROLEregress_pathman_user1;
192192
CREATE TABLE permissions.dropped_column(a int, val int not null, b int, c int);
193193
INSERT INTO permissions.dropped_column SELECT i,i,i,i FROM generate_series(1, 30) i;
194-
GRANT SELECT(val), INSERT(val) ON permissions.dropped_column TOpathman_user2;
194+
GRANT SELECT(val), INSERT(val) ON permissions.dropped_column TOregress_pathman_user2;
195195
SELECT create_range_partitions('permissions.dropped_column', 'val', 1, 10);
196196
create_range_partitions
197197
-------------------------
@@ -203,11 +203,11 @@ WHERE attrelid = ANY (SELECT "partition" FROM pathman_partition_list
203203
WHERE parent = 'permissions.dropped_column'::REGCLASS)
204204
AND attacl IS NOT NULL
205205
ORDER BY attrelid::regclass::text; /* check ACL for each column */
206-
attrelid | attname | attacl
207-
------------------------------+---------+----------------------------------
208-
permissions.dropped_column_1 | val | {pathman_user2=ar/pathman_user1}
209-
permissions.dropped_column_2 | val | {pathman_user2=ar/pathman_user1}
210-
permissions.dropped_column_3 | val | {pathman_user2=ar/pathman_user1}
206+
attrelid | attname |attacl
207+
------------------------------+---------+--------------------------------------------------
208+
permissions.dropped_column_1 | val | {regress_pathman_user2=ar/regress_pathman_user1}
209+
permissions.dropped_column_2 | val | {regress_pathman_user2=ar/regress_pathman_user1}
210+
permissions.dropped_column_3 | val | {regress_pathman_user2=ar/regress_pathman_user1}
211211
(3 rows)
212212

213213
ALTER TABLE permissions.dropped_column DROP COLUMN a; /* DROP "a" */
@@ -222,12 +222,12 @@ WHERE attrelid = ANY (SELECT "partition" FROM pathman_partition_list
222222
WHERE parent = 'permissions.dropped_column'::REGCLASS)
223223
AND attacl IS NOT NULL
224224
ORDER BY attrelid::regclass::text; /* check ACL for each column (+1 partition) */
225-
attrelid | attname | attacl
226-
------------------------------+---------+----------------------------------
227-
permissions.dropped_column_1 | val | {pathman_user2=ar/pathman_user1}
228-
permissions.dropped_column_2 | val | {pathman_user2=ar/pathman_user1}
229-
permissions.dropped_column_3 | val | {pathman_user2=ar/pathman_user1}
230-
permissions.dropped_column_4 | val | {pathman_user2=ar/pathman_user1}
225+
attrelid | attname |attacl
226+
------------------------------+---------+--------------------------------------------------
227+
permissions.dropped_column_1 | val | {regress_pathman_user2=ar/regress_pathman_user1}
228+
permissions.dropped_column_2 | val | {regress_pathman_user2=ar/regress_pathman_user1}
229+
permissions.dropped_column_3 | val | {regress_pathman_user2=ar/regress_pathman_user1}
230+
permissions.dropped_column_4 | val | {regress_pathman_user2=ar/regress_pathman_user1}
231231
(4 rows)
232232

233233
ALTER TABLE permissions.dropped_column DROP COLUMN b; /* DROP "b" */
@@ -242,22 +242,22 @@ WHERE attrelid = ANY (SELECT "partition" FROM pathman_partition_list
242242
WHERE parent = 'permissions.dropped_column'::REGCLASS)
243243
AND attacl IS NOT NULL
244244
ORDER BY attrelid::regclass::text; /* check ACL for each column (+1 partition) */
245-
attrelid | attname | attacl
246-
------------------------------+---------+----------------------------------
247-
permissions.dropped_column_1 | val | {pathman_user2=ar/pathman_user1}
248-
permissions.dropped_column_2 | val | {pathman_user2=ar/pathman_user1}
249-
permissions.dropped_column_3 | val | {pathman_user2=ar/pathman_user1}
250-
permissions.dropped_column_4 | val | {pathman_user2=ar/pathman_user1}
251-
permissions.dropped_column_5 | val | {pathman_user2=ar/pathman_user1}
245+
attrelid | attname |attacl
246+
------------------------------+---------+--------------------------------------------------
247+
permissions.dropped_column_1 | val | {regress_pathman_user2=ar/regress_pathman_user1}
248+
permissions.dropped_column_2 | val | {regress_pathman_user2=ar/regress_pathman_user1}
249+
permissions.dropped_column_3 | val | {regress_pathman_user2=ar/regress_pathman_user1}
250+
permissions.dropped_column_4 | val | {regress_pathman_user2=ar/regress_pathman_user1}
251+
permissions.dropped_column_5 | val | {regress_pathman_user2=ar/regress_pathman_user1}
252252
(5 rows)
253253

254254
DROP TABLE permissions.dropped_column CASCADE;
255255
NOTICE: drop cascades to 6 other objects
256256
/* Finally reset user */
257257
RESET ROLE;
258-
DROP OWNED BYpathman_user1;
259-
DROP OWNED BYpathman_user2;
260-
DROP USERpathman_user1;
261-
DROP USERpathman_user2;
258+
DROP OWNED BYregress_pathman_user1;
259+
DROP OWNED BYregress_pathman_user2;
260+
DROP USERregress_pathman_user1;
261+
DROP USERregress_pathman_user2;
262262
DROP SCHEMA permissions;
263263
DROP EXTENSION pg_pathman;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp