NotificationsYou must be signed in to change notification settings
Fork4.9k
Star17.7k

Commit01c7a87

committed

Fix corner-case failures in has_foo_privilege() family of functions.

The variants of these functions that take numeric inputs (OIDs orcolumn numbers) are supposed to return NULL rather than failingon bad input; this rule reduces problems with snapshot skew whenqueries apply the functions to all rows of a catalog.has_column_privilege() had careless handling of the case where thetable OID didn't exist. You might get something like this:select has_column_privilege(9999,'nosuchcol','select');ERROR: column "nosuchcol" of relation "(null)" does not existor you might get a crash, depending on the platform's printf's responseto a null string pointer.In addition, while applying the column-number variant to a droppedcolumn returned NULL as desired, applying the column-name variantdid not:select has_column_privilege('mytable','........pg.dropped.2........','select');ERROR: column "........pg.dropped.2........" of relation "mytable" does not existIt seems better to make this case return NULL as well.Also, the OID-accepting variants of has_foreign_data_wrapper_privilege,has_server_privilege, and has_tablespace_privilege didn't follow theprinciple of returning NULL for nonexistent OIDs. Superusers got TRUE,everybody else got an error.Per investigation of Jaime Casanova's report of a new crash in HEAD.These behaviors have been like this for a long time, so back-patch toall supported branches.Patch by me; thanks to Stephen Frost for discussion and reviewDiscussion:https://postgr.es/m/CAJGNTeP=-6Gyqq5TN9OvYEydi7Fv1oGyYj650LGTnW44oAzYCg@mail.gmail.com

1 parent4b2fb12 commit01c7a87Copy full SHA for 01c7a87

File tree

3 files changed

+159

-10

lines changed

src
- backend/utils/adt
  - acl.c
- test/regress
  - expected
    - privileges.out
  - sql
    - privileges.sql

3 files changed

+159

-10

lines changed

`‎src/backend/utils/adt/acl.c`

Lines changed: 85 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -2450,8 +2450,12 @@ has_any_column_privilege_id_id(PG_FUNCTION_ARGS)`
`2450`	`2450`	`*`
`2451`	`2451`	`*The result is a boolean value: true if user has the indicated`
`2452`	`2452`	`*privilege, false if not. The variants that take a relation OID`
`2453`		`- *and an integer attnum return NULL (rather than throwing an error)`
`2454`		`- *if the column doesn't exist or is dropped.`
	`2453`	`+ *return NULL (rather than throwing an error) if that relation OID`
	`2454`	`+ *doesn't exist. Likewise, the variants that take an integer attnum`
	`2455`	`+ *return NULL (rather than throwing an error) if there is no such`
	`2456`	`+ *pg_attribute entry. All variants return NULL if an attisdropped`
	`2457`	`+ *column is selected. These rules are meant to avoid unnecessary`
	`2458`	`+ *failures in queries that scan pg_attribute.`
`2455`	`2459`	`*/`
`2456`	`2460`
`2457`	`2461`	`/*`
`@@ -2468,6 +2472,12 @@ column_privilege_check(Oid tableoid, AttrNumber attnum,`
`2468`	`2472`	`HeapTupleattTuple;`
`2469`	`2473`	`Form_pg_attributeattributeForm;`
`2470`	`2474`
	`2475`	`+/*`
	`2476`	`+ * If convert_column_name failed, we can just return -1 immediately.`
	`2477`	`+ */`
	`2478`	`+if (attnum==InvalidAttrNumber)`
	`2479`	`+return-1;`
	`2480`	`+`
`2471`	`2481`	`/*`
`2472`	`2482`	`* First check if we have the privilege at the table level. We check`
`2473`	`2483`	`* existence of the pg_class row before risking calling pg_class_aclcheck.`
`@@ -2829,21 +2839,59 @@ has_column_privilege_id_attnum(PG_FUNCTION_ARGS)`
`2829`	`2839`
`2830`	`2840`	`/*`
`2831`	`2841`	`* Given a table OID and a column name expressed as a string, look it up`
`2832`		`- * and return the column number`
	`2842`	`+ * and return the column number. Returns InvalidAttrNumber in cases`
	`2843`	`+ * where caller should return NULL instead of failing.`
`2833`	`2844`	`*/`
`2834`	`2845`	`staticAttrNumber`
`2835`	`2846`	`convert_column_name(Oidtableoid,text*column)`
`2836`	`2847`	`{`
`2837`		`-AttrNumberattnum;`
`2838`	`2848`	`char*colname;`
	`2849`	`+HeapTupleattTuple;`
	`2850`	`+AttrNumberattnum;`
`2839`	`2851`
`2840`	`2852`	`colname=text_to_cstring(column);`
`2841`		`-attnum=get_attnum(tableoid,colname);`
`2842`		`-if (attnum==InvalidAttrNumber)`
`2843`		`-ereport(ERROR,`
`2844`		`-(errcode(ERRCODE_UNDEFINED_COLUMN),`
`2845`		`-errmsg("column \"%s\" of relation \"%s\" does not exist",`
`2846`		`-colname,get_rel_name(tableoid))));`
	`2853`	`+`
	`2854`	`+/*`
	`2855`	`+ * We don't use get_attnum() here because it will report that dropped`
	`2856`	`+ * columns don't exist. We need to treat dropped columns differently from`
	`2857`	`+ * nonexistent columns.`
	`2858`	`+ */`
	`2859`	`+attTuple=SearchSysCache2(ATTNAME,`
	`2860`	`+ObjectIdGetDatum(tableoid),`
	`2861`	`+CStringGetDatum(colname));`
	`2862`	`+if (HeapTupleIsValid(attTuple))`
	`2863`	`+{`
	`2864`	`+Form_pg_attributeattributeForm;`
	`2865`	`+`
	`2866`	`+attributeForm= (Form_pg_attribute)GETSTRUCT(attTuple);`
	`2867`	`+/* We want to return NULL for dropped columns */`
	`2868`	`+if (attributeForm->attisdropped)`
	`2869`	`+attnum=InvalidAttrNumber;`
	`2870`	`+else`
	`2871`	`+attnum=attributeForm->attnum;`
	`2872`	`+ReleaseSysCache(attTuple);`
	`2873`	`+}`
	`2874`	`+else`
	`2875`	`+{`
	`2876`	`+char*tablename=get_rel_name(tableoid);`
	`2877`	`+`
	`2878`	`+/*`
	`2879`	`+ * If the table OID is bogus, or it's just been dropped, we'll get`
	`2880`	`+ * NULL back. In such cases we want has_column_privilege to return`
	`2881`	`+ * NULL too, so just return InvalidAttrNumber.`
	`2882`	`+ */`
	`2883`	`+if (tablename!=NULL)`
	`2884`	`+{`
	`2885`	`+/* tableoid exists, colname does not, so throw error */`
	`2886`	`+ereport(ERROR,`
	`2887`	`+(errcode(ERRCODE_UNDEFINED_COLUMN),`
	`2888`	`+errmsg("column \"%s\" of relation \"%s\" does not exist",`
	`2889`	`+colname,tablename)));`
	`2890`	`+}`
	`2891`	`+/* tableoid doesn't exist, so act like attisdropped case */`
	`2892`	`+attnum=InvalidAttrNumber;`
	`2893`	`+}`
	`2894`	`+`
`2847`	`2895`	`pfree(colname);`
`2848`	`2896`	`returnattnum;`
`2849`	`2897`	`}`
`@@ -3147,6 +3195,9 @@ has_foreign_data_wrapper_privilege_name_id(PG_FUNCTION_ARGS)`
`3147`	`3195`	`roleid=get_role_oid_or_public(NameStr(*username));`
`3148`	`3196`	`mode=convert_foreign_data_wrapper_priv_string(priv_type_text);`
`3149`	`3197`
	`3198`	`+if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID,ObjectIdGetDatum(fdwid)))`
	`3199`	`+PG_RETURN_NULL();`
	`3200`	`+`
`3150`	`3201`	`aclresult=pg_foreign_data_wrapper_aclcheck(fdwid,roleid,mode);`
`3151`	`3202`
`3152`	`3203`	`PG_RETURN_BOOL(aclresult==ACLCHECK_OK);`
`@@ -3170,6 +3221,9 @@ has_foreign_data_wrapper_privilege_id(PG_FUNCTION_ARGS)`
`3170`	`3221`	`roleid=GetUserId();`
`3171`	`3222`	`mode=convert_foreign_data_wrapper_priv_string(priv_type_text);`
`3172`	`3223`
	`3224`	`+if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID,ObjectIdGetDatum(fdwid)))`
	`3225`	`+PG_RETURN_NULL();`
	`3226`	`+`
`3173`	`3227`	`aclresult=pg_foreign_data_wrapper_aclcheck(fdwid,roleid,mode);`
`3174`	`3228`
`3175`	`3229`	`PG_RETURN_BOOL(aclresult==ACLCHECK_OK);`
`@@ -3214,6 +3268,9 @@ has_foreign_data_wrapper_privilege_id_id(PG_FUNCTION_ARGS)`
`3214`	`3268`
`3215`	`3269`	`mode=convert_foreign_data_wrapper_priv_string(priv_type_text);`
`3216`	`3270`
	`3271`	`+if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID,ObjectIdGetDatum(fdwid)))`
	`3272`	`+PG_RETURN_NULL();`
	`3273`	`+`
`3217`	`3274`	`aclresult=pg_foreign_data_wrapper_aclcheck(fdwid,roleid,mode);`
`3218`	`3275`
`3219`	`3276`	`PG_RETURN_BOOL(aclresult==ACLCHECK_OK);`
`@@ -3913,6 +3970,9 @@ has_server_privilege_name_id(PG_FUNCTION_ARGS)`
`3913`	`3970`	`roleid=get_role_oid_or_public(NameStr(*username));`
`3914`	`3971`	`mode=convert_server_priv_string(priv_type_text);`
`3915`	`3972`
	`3973`	`+if (!SearchSysCacheExists1(FOREIGNSERVEROID,ObjectIdGetDatum(serverid)))`
	`3974`	`+PG_RETURN_NULL();`
	`3975`	`+`
`3916`	`3976`	`aclresult=pg_foreign_server_aclcheck(serverid,roleid,mode);`
`3917`	`3977`
`3918`	`3978`	`PG_RETURN_BOOL(aclresult==ACLCHECK_OK);`
`@@ -3936,6 +3996,9 @@ has_server_privilege_id(PG_FUNCTION_ARGS)`
`3936`	`3996`	`roleid=GetUserId();`
`3937`	`3997`	`mode=convert_server_priv_string(priv_type_text);`
`3938`	`3998`
	`3999`	`+if (!SearchSysCacheExists1(FOREIGNSERVEROID,ObjectIdGetDatum(serverid)))`
	`4000`	`+PG_RETURN_NULL();`
	`4001`	`+`
`3939`	`4002`	`aclresult=pg_foreign_server_aclcheck(serverid,roleid,mode);`
`3940`	`4003`
`3941`	`4004`	`PG_RETURN_BOOL(aclresult==ACLCHECK_OK);`
`@@ -3980,6 +4043,9 @@ has_server_privilege_id_id(PG_FUNCTION_ARGS)`
`3980`	`4043`
`3981`	`4044`	`mode=convert_server_priv_string(priv_type_text);`
`3982`	`4045`
	`4046`	`+if (!SearchSysCacheExists1(FOREIGNSERVEROID,ObjectIdGetDatum(serverid)))`
	`4047`	`+PG_RETURN_NULL();`
	`4048`	`+`
`3983`	`4049`	`aclresult=pg_foreign_server_aclcheck(serverid,roleid,mode);`
`3984`	`4050`
`3985`	`4051`	`PG_RETURN_BOOL(aclresult==ACLCHECK_OK);`
`@@ -4095,6 +4161,9 @@ has_tablespace_privilege_name_id(PG_FUNCTION_ARGS)`
`4095`	`4161`	`roleid=get_role_oid_or_public(NameStr(*username));`
`4096`	`4162`	`mode=convert_tablespace_priv_string(priv_type_text);`
`4097`	`4163`
	`4164`	`+if (!SearchSysCacheExists1(TABLESPACEOID,ObjectIdGetDatum(tablespaceoid)))`
	`4165`	`+PG_RETURN_NULL();`
	`4166`	`+`
`4098`	`4167`	`aclresult=pg_tablespace_aclcheck(tablespaceoid,roleid,mode);`
`4099`	`4168`
`4100`	`4169`	`PG_RETURN_BOOL(aclresult==ACLCHECK_OK);`
`@@ -4118,6 +4187,9 @@ has_tablespace_privilege_id(PG_FUNCTION_ARGS)`
`4118`	`4187`	`roleid=GetUserId();`
`4119`	`4188`	`mode=convert_tablespace_priv_string(priv_type_text);`
`4120`	`4189`
	`4190`	`+if (!SearchSysCacheExists1(TABLESPACEOID,ObjectIdGetDatum(tablespaceoid)))`
	`4191`	`+PG_RETURN_NULL();`
	`4192`	`+`
`4121`	`4193`	`aclresult=pg_tablespace_aclcheck(tablespaceoid,roleid,mode);`
`4122`	`4194`
`4123`	`4195`	`PG_RETURN_BOOL(aclresult==ACLCHECK_OK);`
`@@ -4162,6 +4234,9 @@ has_tablespace_privilege_id_id(PG_FUNCTION_ARGS)`
`4162`	`4234`
`4163`	`4235`	`mode=convert_tablespace_priv_string(priv_type_text);`
`4164`	`4236`
	`4237`	`+if (!SearchSysCacheExists1(TABLESPACEOID,ObjectIdGetDatum(tablespaceoid)))`
	`4238`	`+PG_RETURN_NULL();`
	`4239`	`+`
`4165`	`4240`	`aclresult=pg_tablespace_aclcheck(tablespaceoid,roleid,mode);`
`4166`	`4241`
`4167`	`4242`	`PG_RETURN_BOOL(aclresult==ACLCHECK_OK);`

`‎src/test/regress/expected/privileges.out`

Lines changed: 57 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1036,6 +1036,63 @@ from (select oid from pg_class where relname = 'atest1') as t1;`
`1036`	`1036`	`f`
`1037`	`1037`	`(1 row)`
`1038`	`1038`
	`1039`	`+-- has_column_privilege function`
	`1040`	`+-- bad-input checks (as non-super-user)`
	`1041`	`+select has_column_privilege('pg_authid',NULL,'select');`
	`1042`	`+ has_column_privilege`
	`1043`	`+----------------------`
	`1044`	`+`
	`1045`	`+(1 row)`
	`1046`	`+`
	`1047`	`+select has_column_privilege('pg_authid','nosuchcol','select');`
	`1048`	`+ERROR: column "nosuchcol" of relation "pg_authid" does not exist`
	`1049`	`+select has_column_privilege(9999,'nosuchcol','select');`
	`1050`	`+ has_column_privilege`
	`1051`	`+----------------------`
	`1052`	`+`
	`1053`	`+(1 row)`
	`1054`	`+`
	`1055`	`+select has_column_privilege(9999,99::int2,'select');`
	`1056`	`+ has_column_privilege`
	`1057`	`+----------------------`
	`1058`	`+`
	`1059`	`+(1 row)`
	`1060`	`+`
	`1061`	`+select has_column_privilege('pg_authid',99::int2,'select');`
	`1062`	`+ has_column_privilege`
	`1063`	`+----------------------`
	`1064`	`+`
	`1065`	`+(1 row)`
	`1066`	`+`
	`1067`	`+select has_column_privilege(9999,99::int2,'select');`
	`1068`	`+ has_column_privilege`
	`1069`	`+----------------------`
	`1070`	`+`
	`1071`	`+(1 row)`
	`1072`	`+`
	`1073`	`+create temp table mytable(f1 int, f2 int, f3 int);`
	`1074`	`+alter table mytable drop column f2;`
	`1075`	`+select has_column_privilege('mytable','f2','select');`
	`1076`	`+ERROR: column "f2" of relation "mytable" does not exist`
	`1077`	`+select has_column_privilege('mytable','........pg.dropped.2........','select');`
	`1078`	`+ has_column_privilege`
	`1079`	`+----------------------`
	`1080`	`+`
	`1081`	`+(1 row)`
	`1082`	`+`
	`1083`	`+select has_column_privilege('mytable',2::int2,'select');`
	`1084`	`+ has_column_privilege`
	`1085`	`+----------------------`
	`1086`	`+ t`
	`1087`	`+(1 row)`
	`1088`	`+`
	`1089`	`+revoke select on table mytable from regressuser3;`
	`1090`	`+select has_column_privilege('mytable',2::int2,'select');`
	`1091`	`+ has_column_privilege`
	`1092`	`+----------------------`
	`1093`	`+`
	`1094`	`+(1 row)`
	`1095`	`+`
`1039`	`1096`	`-- Grant options`
`1040`	`1097`	`SET SESSION AUTHORIZATION regressuser1;`
`1041`	`1098`	`CREATE TABLE atest4 (a int);`

`‎src/test/regress/sql/privileges.sql`

Lines changed: 17 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -657,6 +657,23 @@ from (select oid from pg_class where relname = 'atest1') as t1;`
`657`	`657`	`select has_table_privilege(t1.oid,'trigger')`
`658`	`658`	`from (selectoidfrom pg_classwhere relname='atest1')as t1;`
`659`	`659`
	`660`	`+-- has_column_privilege function`
	`661`	`+`
	`662`	`+-- bad-input checks (as non-super-user)`
	`663`	`+select has_column_privilege('pg_authid',NULL,'select');`
	`664`	`+select has_column_privilege('pg_authid','nosuchcol','select');`
	`665`	`+select has_column_privilege(9999,'nosuchcol','select');`
	`666`	`+select has_column_privilege(9999,99::int2,'select');`
	`667`	`+select has_column_privilege('pg_authid',99::int2,'select');`
	`668`	`+select has_column_privilege(9999,99::int2,'select');`
	`669`	`+`
	`670`	`+create temp table mytable(f1int, f2int, f3int);`
	`671`	`+altertable mytable drop column f2;`
	`672`	`+select has_column_privilege('mytable','f2','select');`
	`673`	`+select has_column_privilege('mytable','........pg.dropped.2........','select');`
	`674`	`+select has_column_privilege('mytable',2::int2,'select');`
	`675`	`+revokeselecton table mytablefrom regressuser3;`
	`676`	`+select has_column_privilege('mytable',2::int2,'select');`
`660`	`677`
`661`	`678`	`-- Grant options`
`662`	`679`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit01c7a87

File tree

3 files changed

3 files changed

`‎src/backend/utils/adt/acl.c`

`‎src/test/regress/expected/privileges.out`

`‎src/test/regress/sql/privileges.sql`

0 commit comments