Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb1df061

Browse files
committed
pg_dump: fix mis-dumping of non-global default privileges.
Non-global default privilege entries should be dumped as-is,not made relative to the default ACL for their object type.This would typically only matter if one had revoked someon-by-default privileges in a global entry, and then wantedto grant them again in a non-global entry.Per report from Boris Korzun. This is an old bug, so back-patchto all supported branches.Neil Chen, test case by Masahiko SawadaDiscussion:https://postgr.es/m/111621616618184@mail.yandex.ruDiscussion:https://postgr.es/m/CAA3qoJnr2+1dVJObNtfec=qW4Z0nz=A9+r5bZKoTSy5RDjskMw@mail.gmail.com
1 parent4d31470 commitb1df061

File tree

2 files changed

+52
-1
lines changed

2 files changed

+52
-1
lines changed

‎src/bin/pg_dump/pg_dump.c

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9067,9 +9067,26 @@ getDefaultACLs(Archive *fout, int *numDefaultACLs)
90679067
PQExpBuffer initacl_subquery = createPQExpBuffer();
90689068
PQExpBuffer initracl_subquery = createPQExpBuffer();
90699069

9070+
/*
9071+
* Global entries (with defaclnamespace=0) replace the hard-wired
9072+
* default ACL for their object type. We should dump them as deltas
9073+
* from the default ACL, since that will be used as a starting point
9074+
* for interpreting the ALTER DEFAULT PRIVILEGES commands. On the
9075+
* other hand, non-global entries can only add privileges not revoke
9076+
* them. We must dump those as-is (i.e., as deltas from an empty
9077+
* ACL). We implement that by passing NULL as the object type for
9078+
* acldefault(), which works because acldefault() is STRICT.
9079+
*
9080+
* We can use defaclobjtype as the object type for acldefault(),
9081+
* except for the case of 'S' (DEFACLOBJ_SEQUENCE) which must be
9082+
* converted to 's'.
9083+
*/
90709084
buildACLQueries(acl_subquery, racl_subquery, initacl_subquery,
90719085
initracl_subquery, "defaclacl", "defaclrole",
9072-
"CASE WHEN defaclobjtype = 'S' THEN 's' ELSE defaclobjtype END::\"char\"",
9086+
"CASE WHEN defaclnamespace = 0 THEN"
9087+
" CASE WHEN defaclobjtype = 'S' THEN 's'::\"char\""
9088+
" ELSE defaclobjtype END "
9089+
"ELSE NULL END",
90739090
dopt->binary_upgrade);
90749091

90759092
appendPQExpBuffer(query, "SELECT d.oid, d.tableoid, "

‎src/bin/pg_dump/t/002_pg_dump.pl

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -255,6 +255,40 @@
255255
pg_dumpall_globals_clean=> 1,
256256
section_pre_data=> 1,
257257
section_data=> 1, }, },
258+
259+
'ALTER DEFAULT PRIVILEGES FOR ROLE regress_dump_test_role GRANT EXECUTE ON FUNCTIONS'
260+
=> {
261+
create_order=> 15,
262+
create_sql=>'ALTER DEFAULT PRIVILEGES
263+
FOR ROLE regress_dump_test_role IN SCHEMA dump_test
264+
GRANT EXECUTE ON FUNCTIONS TO regress_dump_test_role;',
265+
regexp=>qr/^
266+
\QALTER DEFAULT PRIVILEGES\E
267+
\QFOR ROLE regress_dump_test_role IN SCHEMA dump_test\E
268+
\QGRANT ALL ON FUNCTIONS TO regress_dump_test_role;\E
269+
/xm,
270+
like=> {
271+
binary_upgrade=> 1,
272+
clean=> 1,
273+
clean_if_exists=> 1,
274+
createdb=> 1,
275+
defaults=> 1,
276+
exclude_test_table=> 1,
277+
exclude_test_table_data=> 1,
278+
only_dump_test_schema=> 1,
279+
pg_dumpall_dbprivs=> 1,
280+
schema_only=> 1,
281+
section_post_data=> 1,
282+
test_schema_plus_blobs=> 1, },
283+
unlike=> {
284+
exclude_dump_test_schema=> 1,
285+
no_privs=> 1,
286+
only_dump_test_table=> 1,
287+
pg_dumpall_globals=> 1,
288+
pg_dumpall_globals_clean=> 1,
289+
section_pre_data=> 1,
290+
section_data=> 1, }, },
291+
258292
'ALTER ROLE regress_dump_test_role'=> {
259293
regexp=>qr/^
260294
\QALTER ROLE regress_dump_test_role WITH\E

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp