NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit4989ce7

committed

MERGE ... DO NOTHING: require SELECT privileges

Verify that a user running MERGE with a DO NOTHING clause hasprivileges to read the table, even if no columns are referenced. Suchprivileges were already required if the ON clause or any of the WHENconditions referenced any column at all, so there's no functional changein practice.This change fixes an assertion failure in the case where no column isreferenced by the command and the WHEN clauses are all DO NOTHING.Backpatch to 15, where MERGE was introduced.Reported-by: Alena Rybakina <a.rybakina@postgrespro.ru>Reported-by: Alexander Lakhin <exclusion@gmail.com>Discussion:https://postgr.es/m/4d65a385-7efa-4436-a825-0869f89d9d92@postgrespro.ru

1 parented345c2 commit4989ce7Copy full SHA for 4989ce7

File tree

3 files changed

+27

-1

lines changed

src
- backend/parser
  - parse_merge.c
- test/regress
  - expected
    - merge.out
  - sql
    - merge.sql

3 files changed

+27

-1

lines changed

`‎src/backend/parser/parse_merge.c`

Lines changed: 6 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,11 @@ transformMergeStmt(ParseState pstate, MergeStmt stmt)`
`133`	`133`	`intwhen_type= (mergeWhenClause->matched ?0 :1);`
`134`	`134`
`135`	`135`	`/*`
`136`		`- * Collect action types so we can check target permissions`
	`136`	`+ * Collect permissions to check, according to action types. We require`
	`137`	`+ * SELECT privileges for DO NOTHING because it'd be irregular to have`
	`138`	`+ * a target relation with zero privileges checked, in case DO NOTHING`
	`139`	`+ * is the only action. There's no damage from that: any meaningful`
	`140`	`+ * MERGE command requires at least some access to the table anyway.`
`137`	`141`	`*/`
`138`	`142`	`switch (mergeWhenClause->commandType)`
`139`	`143`	`{`
`@@ -147,6 +151,7 @@ transformMergeStmt(ParseState pstate, MergeStmt stmt)`
`147`	`151`	`targetPerms \|=ACL_DELETE;`
`148`	`152`	`break;`
`149`	`153`	`caseCMD_NOTHING:`
	`154`	`+targetPerms \|=ACL_SELECT;`
`150`	`155`	`break;`
`151`	`156`	`default:`
`152`	`157`	`elog(ERROR,"unknown action in MERGE WHEN clause");`

`‎src/test/regress/expected/merge.out`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`	`--`
`4`	`4`	`CREATE USER regress_merge_privs;`
`5`	`5`	`CREATE USER regress_merge_no_privs;`
	`6`	`+CREATE USER regress_merge_none;`
`6`	`7`	`DROP TABLE IF EXISTS target;`
`7`	`8`	`NOTICE: table "target" does not exist, skipping`
`8`	`9`	`DROP TABLE IF EXISTS source;`
`@@ -159,6 +160,14 @@ ERROR: cannot execute MERGE on relation "mv"`
`159`	`160`	`DETAIL: This operation is not supported for materialized views.`
`160`	`161`	`DROP MATERIALIZED VIEW mv;`
`161`	`162`	`-- permissions`
	`163`	`+SET SESSION AUTHORIZATION regress_merge_none;`
	`164`	`+MERGE INTO target`
	`165`	`+USING (SELECT 1)`
	`166`	`+ON true`
	`167`	`+WHEN MATCHED THEN`
	`168`	`+DO NOTHING;`
	`169`	`+ERROR: permission denied for table target`
	`170`	`+SET SESSION AUTHORIZATION regress_merge_privs;`
`162`	`171`	`MERGE INTO target`
`163`	`172`	`USING source2`
`164`	`173`	`ON target.tid = source2.sid`
`@@ -2248,3 +2257,4 @@ DROP TABLE source, source2;`
`2248`	`2257`	`DROP FUNCTION merge_trigfunc();`
`2249`	`2258`	`DROP USER regress_merge_privs;`
`2250`	`2259`	`DROP USER regress_merge_no_privs;`
	`2260`	`+DROP USER regress_merge_none;`

`‎src/test/regress/sql/merge.sql`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,8 @@`
`4`	`4`
`5`	`5`	`CREATEUSERregress_merge_privs;`
`6`	`6`	`CREATEUSERregress_merge_no_privs;`
	`7`	`+CREATEUSERregress_merge_none;`
	`8`	`+`
`7`	`9`	`DROPTABLE IF EXISTS target;`
`8`	`10`	`DROPTABLE IF EXISTS source;`
`9`	`11`	`CREATETABLEtarget (tidinteger, balanceinteger)`
`@@ -118,6 +120,14 @@ DROP MATERIALIZED VIEW mv;`
`118`	`120`
`119`	`121`	`-- permissions`
`120`	`122`
	`123`	`+SET SESSION AUTHORIZATION regress_merge_none;`
	`124`	`+MERGE INTO target`
	`125`	`+USING (SELECT1)`
	`126`	`+ON true`
	`127`	`+WHEN MATCHED THEN`
	`128`	`+DO NOTHING;`
	`129`	`+`
	`130`	`+SET SESSION AUTHORIZATION regress_merge_privs;`
`121`	`131`	`MERGE INTO target`
`122`	`132`	`USING source2`
`123`	`133`	`ONtarget.tid=source2.sid`
`@@ -1471,3 +1481,4 @@ DROP TABLE source, source2;`
`1471`	`1481`	`DROPFUNCTION merge_trigfunc();`
`1472`	`1482`	`DROPUSER regress_merge_privs;`
`1473`	`1483`	`DROPUSER regress_merge_no_privs;`
	`1484`	`+DROPUSER regress_merge_none;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4989ce7

File tree

3 files changed

3 files changed

`‎src/backend/parser/parse_merge.c`

`‎src/test/regress/expected/merge.out`

`‎src/test/regress/sql/merge.sql`

0 commit comments