Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit1543920

Browse files
committed
Don't try to dump RLS policies or security labels for extension objects.
checkExtensionMembership() set the DUMP_COMPONENT_SECLABEL andDUMP_COMPONENT_POLICY flags for extension member objects, even thoughwe lack any infrastructure for tracking extensions' initial settingsof these properties. This is not OK. The result was that a dumpwould always include commands to set these properties for extensionobjects that have them, with at least three negative consequences:1. The restoring user might not have privilege to set these propertieson these objects.2. The properties might be incorrect/irrelevant for the version of theextension that's installed in the destination database.3. The dump itself might fail, in the case of RLS properties attachedto extension tables that the dumping user lacks privilege to LOCK.(That's because we must get at least AccessShareLock to ensure thatwe don't fail while trying to decompile the RLS expressions.)When and if somebody cares to invent initial-state infrastructure forextensions' RLS policies and security labels, we could think aboutfinding another way around problem#3. But in the absence of suchinfrastructure, this whole thing is just wrong and we shouldn't do it.(Note: this applies only to ordinary dumps; binary-upgrade dumpsstill dump and restore extension member objects separately, withall properties.)Tom Lane and Jacob Champion. Back-patch to all supported branches.Discussion:https://postgr.es/m/00d46a48-3324-d9a0-49bf-e7f0f11d1038@timescale.com
1 parent36be886 commit1543920

File tree

3 files changed

+41
-10
lines changed

3 files changed

+41
-10
lines changed

‎src/bin/pg_dump/pg_dump.c

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1618,20 +1618,24 @@ checkExtensionMembership(DumpableObject *dobj, Archive *fout)
16181618
addObjectDependency(dobj, ext->dobj.dumpId);
16191619

16201620
/*
1621-
* In 9.6 and above, mark the member object to have any non-initial ACL,
1622-
* policies, and security labels dumped.
1623-
*
1624-
* Note that any initial ACLs (see pg_init_privs) will be removed when we
1625-
* extract the information about the object. We don't provide support for
1626-
* initial policies and security labels and it seems unlikely for those to
1627-
* ever exist, but we may have to revisit this later.
1621+
* In 9.6 and above, mark the member object to have any non-initial ACLs
1622+
* dumped. (Any initial ACLs will be removed later, using data from
1623+
* pg_init_privs, so that we'll dump only the delta from the extension's
1624+
* initial setup.)
16281625
*
16291626
* Prior to 9.6, we do not include any extension member components.
16301627
*
16311628
* In binary upgrades, we still dump all components of the members
16321629
* individually, since the idea is to exactly reproduce the database
16331630
* contents rather than replace the extension contents with something
16341631
* different.
1632+
*
1633+
* Note: it might be interesting someday to implement storage and delta
1634+
* dumping of extension members' RLS policies and/or security labels.
1635+
* However there is a pitfall for RLS policies: trying to dump them
1636+
* requires getting a lock on their tables, and the calling user might not
1637+
* have privileges for that. We need no lock to examine a table's ACLs,
1638+
* so the current feature doesn't have a problem of that sort.
16351639
*/
16361640
if (fout->dopt->binary_upgrade)
16371641
dobj->dump = ext->dobj.dump;
@@ -1640,9 +1644,7 @@ checkExtensionMembership(DumpableObject *dobj, Archive *fout)
16401644
if (fout->remoteVersion < 90600)
16411645
dobj->dump = DUMP_COMPONENT_NONE;
16421646
else
1643-
dobj->dump = ext->dobj.dump_contains & (DUMP_COMPONENT_ACL |
1644-
DUMP_COMPONENT_SECLABEL |
1645-
DUMP_COMPONENT_POLICY);
1647+
dobj->dump = ext->dobj.dump_contains & (DUMP_COMPONENT_ACL);
16461648
}
16471649

16481650
return true;

‎src/test/modules/test_pg_dump/t/001_base.pl

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -172,6 +172,19 @@
172172
'postgres',
173173
],
174174
},
175+
176+
# regress_dump_login_role shouldn't need SELECT rights on internal
177+
# (undumped) extension tables
178+
privileged_internals=> {
179+
dump_cmd=> [
180+
'pg_dump','--no-sync',"--file=$tempdir/privileged_internals.sql",
181+
# these two tables are irrelevant to the test case
182+
'--exclude-table=regress_pg_dump_schema.external_tab',
183+
'--exclude-table=regress_pg_dump_schema.extdependtab',
184+
'--username=regress_dump_login_role','postgres',
185+
],
186+
},
187+
175188
schema_only=> {
176189
dump_cmd=> [
177190
'pg_dump','--no-sync',"--file=$tempdir/schema_only.sql",
@@ -281,6 +294,7 @@
281294
exclude_table=> 1,
282295
no_privs=> 1,
283296
no_owner=> 1,
297+
privileged_internals=> 1,
284298
with_extension=> 1,
285299
without_extension=> 1);
286300

@@ -318,6 +332,16 @@
318332
like => { pg_dumpall_globals => 1, },
319333
},
320334
335+
'CREATE ROLE regress_dump_login_role' => {
336+
create_order => 1,
337+
create_sql => 'CREATE ROLE regress_dump_login_role LOGIN;',
338+
regexp => qr/^
339+
\QCREATE ROLE regress_dump_login_role;\E
340+
\n\QALTER ROLE regress_dump_login_role WITH\E.*\Q LOGIN\E.*;
341+
\n/xm,
342+
like => { pg_dumpall_globals => 1, },
343+
},
344+
321345
'CREATE SEQUENCE regress_pg_dump_table_col1_seq' => {
322346
regexp => qr/^
323347
\QCREATE SEQUENCE public.regress_pg_dump_table_col1_seq\E
@@ -661,6 +685,7 @@
661685
data_only => 1,
662686
extension_schema => 1,
663687
pg_dumpall_globals => 1,
688+
privileged_internals => 1,
664689
section_data => 1,
665690
section_pre_data => 1,
666691
# Excludes this schema as extension is not listed.
@@ -677,6 +702,7 @@
677702
data_only => 1,
678703
extension_schema => 1,
679704
pg_dumpall_globals => 1,
705+
privileged_internals => 1,
680706
section_data => 1,
681707
section_pre_data => 1,
682708
# Excludes this schema as extension is not listed.
@@ -700,6 +726,7 @@
700726
# Excludes the extension and keeps the schema's data.
701727
without_extension_internal_schema => 1,
702728
},
729+
unlike => { privileged_internals => 1 },
703730
},);
704731
705732
#########################################

‎src/test/modules/test_pg_dump/test_pg_dump--1.0.sql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,13 @@ CREATE SEQUENCE regress_pg_dump_seq;
1212

1313
CREATESEQUENCEregress_seq_dumpable;
1414
SELECTpg_catalog.pg_extension_config_dump('regress_seq_dumpable','');
15+
GRANTSELECTON SEQUENCE regress_seq_dumpable TO public;
1516

1617
CREATETABLEregress_table_dumpable (
1718
col1intcheck (col1>0)
1819
);
1920
SELECTpg_catalog.pg_extension_config_dump('regress_table_dumpable','');
21+
GRANTSELECTON regress_table_dumpable TO public;
2022

2123
CREATESCHEMAregress_pg_dump_schema;
2224

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp