NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit59bd34c

committed

Fix bugs in manipulation of large objects.

In v16 and up (since commitafbfc02), large object ownershipchecking has been broken because object_ownercheck() didn't take careof the discrepancy between our object-address representation of largeobjects (classId == LargeObjectRelationId) and the catalog where theirownership info is actually stored (LargeObjectMetadataRelationId).This resulted in failures such as "unrecognized class ID: 2613"when trying to update blob properties as a non-superuser.Poking around for related bugs, I found that AlterObjectOwner_internalwould pass the wrong classId to the PostAlterHook in the no-op codepath where the large object already has the desired owner. Also,recordExtObjInitPriv checked for the wrong classId; that bug is onlylatent because the stanza is dead code anyway, but as long as we'recarrying it around it should be less wrong. These bugs are quite old.In HEAD, we can reduce the scope for future bugs of this ilk bychanging AlterObjectOwner_internal's API to let the translation happeninside that function, rather than requiring callers to know about it.A more bulletproof fix, perhaps, would be to start usingLargeObjectMetadataRelationId as the dependency and object-addressclassId for blobs. However that has substantial risk of breakingthird-party code; even within our own code, it'd create hasslesfor pg_dump which would have to cope with a version-dependentrepresentation. For now, keep the status quo.Discussion:https://postgr.es/m/2650449.1702497209@sss.pgh.pa.us

1 parent0e91750 commit59bd34cCopy full SHA for 59bd34c

File tree

9 files changed

+54

-55

lines changed

src
- backend
  - catalog
    - aclchk.c
    - pg_shdepend.c
  - commands
    - alter.c
  - libpq
    - be-fsstubs.c
  - storage/large_object
    - inv_api.c
- include/commands
  - alter.h
- test/regress
  - expected
    - largeobject.out
    - largeobject_1.out
  - sql
    - largeobject.sql

9 files changed

+54

-55

lines changed

`‎src/backend/catalog/aclchk.c`

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -4103,9 +4103,14 @@ object_ownercheck(Oid classid, Oid objectid, Oid roleid)`
`4103`	`4103`	`if (superuser_arg(roleid))`
`4104`	`4104`	`return true;`
`4105`	`4105`
	`4106`	`+/* For large objects, the catalog to consult is pg_largeobject_metadata */`
	`4107`	`+if (classid==LargeObjectRelationId)`
	`4108`	`+classid=LargeObjectMetadataRelationId;`
	`4109`	`+`
`4106`	`4110`	`cacheid=get_object_catcache_oid(classid);`
`4107`	`4111`	`if (cacheid!=-1)`
`4108`	`4112`	`{`
	`4113`	`+/* we can get the object's tuple from the syscache */`
`4109`	`4114`	`HeapTupletuple;`
`4110`	`4115`
`4111`	`4116`	`tuple=SearchSysCache1(cacheid,ObjectIdGetDatum(objectid));`
`@@ -4122,7 +4127,6 @@ object_ownercheck(Oid classid, Oid objectid, Oid roleid)`
`4122`	`4127`	`else`
`4123`	`4128`	`{`
`4124`	`4129`	`/* for catalogs without an appropriate syscache */`
`4125`		`-`
`4126`	`4130`	`Relationrel;`
`4127`	`4131`	`ScanKeyDataentry[1];`
`4128`	`4132`	`SysScanDescscan;`
`@@ -4442,9 +4446,9 @@ recordExtObjInitPriv(Oid objoid, Oid classoid)`
`4442`	`4446`
`4443`	`4447`	`ReleaseSysCache(tuple);`
`4444`	`4448`	`}`
`4445`		`-/* pg_largeobject_metadata */`
`4446`		`-elseif (classoid==LargeObjectMetadataRelationId)`
	`4449`	`+elseif (classoid==LargeObjectRelationId)`
`4447`	`4450`	`{`
	`4451`	`+/* For large objects, we must consult pg_largeobject_metadata */`
`4448`	`4452`	`DatumaclDatum;`
`4449`	`4453`	`boolisNull;`
`4450`	`4454`	`HeapTupletuple;`

`‎src/backend/catalog/pg_shdepend.c`

Lines changed: 3 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -1614,20 +1614,9 @@ shdepReassignOwned(List *roleids, Oid newrole)`
`1614`	`1614`	`caseDatabaseRelationId:`
`1615`	`1615`	`caseTSConfigRelationId:`
`1616`	`1616`	`caseTSDictionaryRelationId:`
`1617`		`-{`
`1618`		`-OidclassId=sdepForm->classid;`
`1619`		`-Relationcatalog;`
`1620`		`-`
`1621`		`-if (classId==LargeObjectRelationId)`
`1622`		`-classId=LargeObjectMetadataRelationId;`
`1623`		`-`
`1624`		`-catalog=table_open(classId,RowExclusiveLock);`
`1625`		`-`
`1626`		`-AlterObjectOwner_internal(catalog,sdepForm->objid,`
`1627`		`-newrole);`
`1628`		`-`
`1629`		`-table_close(catalog,NoLock);`
`1630`		`-}`
	`1617`	`+AlterObjectOwner_internal(sdepForm->classid,`
	`1618`	`+sdepForm->objid,`
	`1619`	`+newrole);`
`1631`	`1620`	`break;`
`1632`	`1621`
`1633`	`1622`	`default:`

`‎src/backend/commands/alter.c`

Lines changed: 22 additions & 26 deletions

Original file line number	Diff line number	Diff line change
`@@ -918,9 +918,7 @@ ExecAlterOwnerStmt(AlterOwnerStmt *stmt)`
`918`	`918`	`caseOBJECT_TSDICTIONARY:`
`919`	`919`	`caseOBJECT_TSCONFIGURATION:`
`920`	`920`	`{`
`921`		`-Relationcatalog;`
`922`	`921`	`Relationrelation;`
`923`		`-OidclassId;`
`924`	`922`	`ObjectAddressaddress;`
`925`	`923`
`926`	`924`	`address=get_object_address(stmt->objectType,`
`@@ -929,20 +927,9 @@ ExecAlterOwnerStmt(AlterOwnerStmt *stmt)`
`929`	`927`	`AccessExclusiveLock,`
`930`	`928`	`false);`
`931`	`929`	`Assert(relation==NULL);`
`932`		`-classId=address.classId;`
`933`	`930`
`934`		`-/*`
`935`		`- * XXX - get_object_address returns Oid of pg_largeobject`
`936`		`- * catalog for OBJECT_LARGEOBJECT because of historical`
`937`		`- * reasons. Fix up it here.`
`938`		`- */`
`939`		`-if (classId==LargeObjectRelationId)`
`940`		`-classId=LargeObjectMetadataRelationId;`
`941`		`-`
`942`		`-catalog=table_open(classId,RowExclusiveLock);`
`943`		`-`
`944`		`-AlterObjectOwner_internal(catalog,address.objectId,newowner);`
`945`		`-table_close(catalog,RowExclusiveLock);`
	`931`	`+AlterObjectOwner_internal(address.classId,address.objectId,`
	`932`	`+newowner);`
`946`	`933`
`947`	`934`	`returnaddress;`
`948`	`935`	`}`
`@@ -960,25 +947,32 @@ ExecAlterOwnerStmt(AlterOwnerStmt *stmt)`
`960`	`947`	`* cases (won't work for tables, nor other cases where we need to do more than`
`961`	`948`	`* change the ownership column of a single catalog entry).`
`962`	`949`	`*`
`963`		`- *rel: catalog relationcontaining object (RowExclusiveLock'd by caller)`
	`950`	`+ *classId: OID of catalogcontaining object`
`964`	`951`	`* objectId: OID of object to change the ownership of`
`965`	`952`	`* new_ownerId: OID of new object owner`
	`953`	`+ *`
	`954`	`+ * This will work on large objects, but we have to beware of the fact that`
	`955`	`+ * classId isn't the OID of the catalog to modify in that case.`
`966`	`956`	`*/`
`967`	`957`	`void`
`968`		`-AlterObjectOwner_internal(Relationrel,OidobjectId,Oidnew_ownerId)`
	`958`	`+AlterObjectOwner_internal(OidclassId,OidobjectId,Oidnew_ownerId)`
`969`	`959`	`{`
`970`		`-OidclassId=RelationGetRelid(rel);`
`971`		`-AttrNumberAnum_oid=get_object_attnum_oid(classId);`
`972`		`-AttrNumberAnum_owner=get_object_attnum_owner(classId);`
`973`		`-AttrNumberAnum_namespace=get_object_attnum_namespace(classId);`
`974`		`-AttrNumberAnum_acl=get_object_attnum_acl(classId);`
`975`		`-AttrNumberAnum_name=get_object_attnum_name(classId);`
	`960`	`+/* For large objects, the catalog to modify is pg_largeobject_metadata */`
	`961`	`+OidcatalogId= (classId==LargeObjectRelationId) ?LargeObjectMetadataRelationId :classId;`
	`962`	`+AttrNumberAnum_oid=get_object_attnum_oid(catalogId);`
	`963`	`+AttrNumberAnum_owner=get_object_attnum_owner(catalogId);`
	`964`	`+AttrNumberAnum_namespace=get_object_attnum_namespace(catalogId);`
	`965`	`+AttrNumberAnum_acl=get_object_attnum_acl(catalogId);`
	`966`	`+AttrNumberAnum_name=get_object_attnum_name(catalogId);`
	`967`	`+Relationrel;`
`976`	`968`	`HeapTupleoldtup;`
`977`	`969`	`Datumdatum;`
`978`	`970`	`boolisnull;`
`979`	`971`	`Oidold_ownerId;`
`980`	`972`	`OidnamespaceId=InvalidOid;`
`981`	`973`
	`974`	`+rel=table_open(catalogId,RowExclusiveLock);`
	`975`	`+`
`982`	`976`	`oldtup=get_catalog_object_by_oid(rel,Anum_oid,objectId);`
`983`	`977`	`if (oldtup==NULL)`
`984`	`978`	`elog(ERROR,"cache lookup failed for object %u of catalog \"%s\"",`
`@@ -1026,7 +1020,8 @@ AlterObjectOwner_internal(Relation rel, Oid objectId, Oid new_ownerId)`
`1026`	`1020`	`snprintf(namebuf,sizeof(namebuf),"%u",objectId);`
`1027`	`1021`	`objname=namebuf;`
`1028`	`1022`	`}`
`1029`		`-aclcheck_error(ACLCHECK_NOT_OWNER,get_object_type(classId,objectId),`
	`1023`	`+aclcheck_error(ACLCHECK_NOT_OWNER,`
	`1024`	`+get_object_type(catalogId,objectId),`
`1030`	`1025`	`objname);`
`1031`	`1026`	`}`
`1032`	`1027`	`/* Must be able to become new owner */`
`@@ -1079,8 +1074,6 @@ AlterObjectOwner_internal(Relation rel, Oid objectId, Oid new_ownerId)`
`1079`	`1074`	`CatalogTupleUpdate(rel,&newtup->t_self,newtup);`
`1080`	`1075`
`1081`	`1076`	`/* Update owner dependency reference */`
`1082`		`-if (classId==LargeObjectMetadataRelationId)`
`1083`		`-classId=LargeObjectRelationId;`
`1084`	`1077`	`changeDependencyOnOwner(classId,objectId,new_ownerId);`
`1085`	`1078`
`1086`	`1079`	`/* Release memory */`
`@@ -1089,5 +1082,8 @@ AlterObjectOwner_internal(Relation rel, Oid objectId, Oid new_ownerId)`
`1089`	`1082`	`pfree(replaces);`
`1090`	`1083`	`}`
`1091`	`1084`
	`1085`	`+/* Note the post-alter hook gets classId not catalogId */`
`1092`	`1086`	`InvokeObjectPostAlterHook(classId,objectId,0);`
	`1087`	`+`
	`1088`	`+table_close(rel,RowExclusiveLock);`
`1093`	`1089`	`}`

`‎src/backend/libpq/be-fsstubs.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@`
`43`	`43`	`#include<unistd.h>`
`44`	`44`
`45`	`45`	`#include"access/xact.h"`
`46`		`-#include"catalog/pg_largeobject_metadata.h"`
	`46`	`+#include"catalog/pg_largeobject.h"`
`47`	`47`	`#include"libpq/be-fsstubs.h"`
`48`	`48`	`#include"libpq/libpq-fs.h"`
`49`	`49`	`#include"miscadmin.h"`
`@@ -323,7 +323,7 @@ be_lo_unlink(PG_FUNCTION_ARGS)`
`323`	`323`	`* relevant FDs.`
`324`	`324`	`*/`
`325`	`325`	`if (!lo_compat_privileges&&`
`326`		`-!object_ownercheck(LargeObjectMetadataRelationId,lobjId,GetUserId()))`
	`326`	`+!object_ownercheck(LargeObjectRelationId,lobjId,GetUserId()))`
`327`	`327`	`ereport(ERROR,`
`328`	`328`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`329`	`329`	`errmsg("must be owner of large object %u",lobjId)));`

`‎src/backend/storage/large_object/inv_api.c`

Lines changed: 4 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -221,11 +221,10 @@ inv_create(Oid lobjId)`
`221`	`221`	`/*`
`222`	`222`	`* dependency on the owner of largeobject`
`223`	`223`	`*`
`224`		`- * The reason why we use LargeObjectRelationId instead of`
`225`		`- * LargeObjectMetadataRelationId here is to provide backward compatibility`
`226`		`- * to the applications which utilize a knowledge about internal layout of`
`227`		`- * system catalogs. OID of pg_largeobject_metadata and loid of`
`228`		`- * pg_largeobject are same value, so there are no actual differences here.`
	`224`	`+ * Note that LO dependencies are recorded using classId`
	`225`	`+ * LargeObjectRelationId for backwards-compatibility reasons. Using`
	`226`	`+ * LargeObjectMetadataRelationId instead would simplify matters for the`
	`227`	`+ * backend, but it'd complicate pg_dump and possibly break other clients.`
`229`	`228`	`*/`
`230`	`229`	`recordDependencyOnOwner(LargeObjectRelationId,`
`231`	`230`	`lobjId_new,GetUserId());`

`‎src/include/commands/alter.h`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,6 @@`
`17`	`17`	`#include"catalog/dependency.h"`
`18`	`18`	`#include"catalog/objectaddress.h"`
`19`	`19`	`#include"nodes/parsenodes.h"`
`20`		`-#include"utils/relcache.h"`
`21`	`20`
`22`	`21`	`externObjectAddressExecRenameStmt(RenameStmt*stmt);`
`23`	`22`
`@@ -29,7 +28,7 @@ extern OidAlterObjectNamespace_oid(Oid classId, Oid objid, Oid nspOid,`
`29`	`28`	`ObjectAddresses*objsMoved);`
`30`	`29`
`31`	`30`	`externObjectAddressExecAlterOwnerStmt(AlterOwnerStmt*stmt);`
`32`		`-externvoidAlterObjectOwner_internal(Relationrel,OidobjectId,`
	`31`	`+externvoidAlterObjectOwner_internal(OidclassId,OidobjectId,`
`33`	`32`	`Oidnew_ownerId);`
`34`	`33`
`35`	`34`	`#endif/* ALTER_H */`

`‎src/test/regress/expected/largeobject.out`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`\getenv abs_builddir PG_ABS_BUILDDIR`
`7`	`7`	`-- ensure consistent test output regardless of the default bytea format`
`8`	`8`	`SET bytea_output TO escape;`
`9`		`--- Test ALTER LARGE OBJECT OWNER, GRANT, COMMENT`
	`9`	`+-- Test ALTER LARGE OBJECT OWNER`
`10`	`10`	`CREATE ROLE regress_lo_user;`
`11`	`11`	`SELECT lo_create(42);`
`12`	`12`	`lo_create`
`@@ -15,8 +15,11 @@ SELECT lo_create(42);`
`15`	`15`	`(1 row)`
`16`	`16`
`17`	`17`	`ALTER LARGE OBJECT 42 OWNER TO regress_lo_user;`
	`18`	`+-- Test GRANT, COMMENT as non-superuser`
	`19`	`+SET SESSION AUTHORIZATION regress_lo_user;`
`18`	`20`	`GRANT SELECT ON LARGE OBJECT 42 TO public;`
`19`	`21`	`COMMENT ON LARGE OBJECT 42 IS 'the ultimate answer';`
	`22`	`+RESET SESSION AUTHORIZATION;`
`20`	`23`	`-- Test psql's \lo_list et al (we assume no other LOs exist yet)`
`21`	`24`	`\lo_list`
`22`	`25`	`Large objects`

`‎src/test/regress/expected/largeobject_1.out`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`\getenv abs_builddir PG_ABS_BUILDDIR`
`7`	`7`	`-- ensure consistent test output regardless of the default bytea format`
`8`	`8`	`SET bytea_output TO escape;`
`9`		`--- Test ALTER LARGE OBJECT OWNER, GRANT, COMMENT`
	`9`	`+-- Test ALTER LARGE OBJECT OWNER`
`10`	`10`	`CREATE ROLE regress_lo_user;`
`11`	`11`	`SELECT lo_create(42);`
`12`	`12`	`lo_create`
`@@ -15,8 +15,11 @@ SELECT lo_create(42);`
`15`	`15`	`(1 row)`
`16`	`16`
`17`	`17`	`ALTER LARGE OBJECT 42 OWNER TO regress_lo_user;`
	`18`	`+-- Test GRANT, COMMENT as non-superuser`
	`19`	`+SET SESSION AUTHORIZATION regress_lo_user;`
`18`	`20`	`GRANT SELECT ON LARGE OBJECT 42 TO public;`
`19`	`21`	`COMMENT ON LARGE OBJECT 42 IS 'the ultimate answer';`
	`22`	`+RESET SESSION AUTHORIZATION;`
`20`	`23`	`-- Test psql's \lo_list et al (we assume no other LOs exist yet)`
`21`	`24`	`\lo_list`
`22`	`25`	`Large objects`

`‎src/test/regress/sql/largeobject.sql`

Lines changed: 7 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -9,13 +9,19 @@`
`9`	`9`	`-- ensure consistent test output regardless of the default bytea format`
`10`	`10`	`SET bytea_output TO escape;`
`11`	`11`
`12`		`--- Test ALTER LARGE OBJECT OWNER, GRANT, COMMENT`
	`12`	`+-- Test ALTER LARGE OBJECT OWNER`
`13`	`13`	`CREATE ROLE regress_lo_user;`
`14`	`14`	`SELECT lo_create(42);`
`15`	`15`	`ALTER LARGE OBJECT42 OWNER TO regress_lo_user;`
	`16`	`+`
	`17`	`+-- Test GRANT, COMMENT as non-superuser`
	`18`	`+SET SESSION AUTHORIZATION regress_lo_user;`
	`19`	`+`
`16`	`20`	`GRANTSELECTON LARGE OBJECT42 TO public;`
`17`	`21`	`COMMENTON LARGE OBJECT42 IS'the ultimate answer';`
`18`	`22`
	`23`	`+RESET SESSION AUTHORIZATION;`
	`24`	`+`
`19`	`25`	`-- Test psql's \lo_list et al (we assume no other LOs exist yet)`
`20`	`26`	`\lo_list`
`21`	`27`	`\lo_list+`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit59bd34c

File tree

9 files changed

9 files changed

`‎src/backend/catalog/aclchk.c`

`‎src/backend/catalog/pg_shdepend.c`

`‎src/backend/commands/alter.c`

`‎src/backend/libpq/be-fsstubs.c`

`‎src/backend/storage/large_object/inv_api.c`

`‎src/include/commands/alter.h`

`‎src/test/regress/expected/largeobject.out`

`‎src/test/regress/expected/largeobject_1.out`

`‎src/test/regress/sql/largeobject.sql`

0 commit comments