NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit6566133

committed

Ensure that pg_auth_members.grantor is always valid.

Previously, "GRANT foo TO bar" or "GRANT foo TO bar GRANTED BY baz"would record the OID of the grantor in pg_auth_members.grantor, butthat role could later be dropped without modifying or removing thepg_auth_members record. That's not great, because we typically tryto avoid dangling references in catalog data.Now, a role grant depends on the grantor, and the grantor can't bedropped without removing the grant or changing the grantor. "DROPOWNED BY" will remove the grant, just as it does for other kinds ofprivileges. "REASSIGN OWNED BY" will not, again just like what we doin other cases involving privileges.pg_auth_members now has an OID column, because that is needed in orderfor dependencies to work. It also now has an index on the grantorcolumn, because otherwise dropping a role would require a sequentialscan of the entire table to see whether the role's OID is in use asa grantor. That probably wouldn't be too large a problem in practice,but it seems better to have an index just in case.A follow-on patch is planned with the goal of more thoroughlyrationalizing the behavior of role grants. This patch is just tryingto do enough to make sure that the data we store in the catalogs is atsome basic level valid.Patch by me, reviewed by Stephen FrostDiscussion:http://postgr.es/m/CA+TgmoaFr-RZeQ+WoQ5nKPv97oT9+aDgK_a5+qWHSgbDsMp1Vg@mail.gmail.com

1 parent2f17b57 commit6566133Copy full SHA for 6566133

File tree

16 files changed

+397

-68

lines changed

doc/src/sgml
- catalogs.sgml
src
- backend
  - catalog
  - commands
- include/catalog
  - dependency.h
  - pg_auth_members.h
- test/regress
  - expected
    - create_role.out
    - privileges.out
  - sql
    - create_role.sql
    - privileges.sql

16 files changed

+397

-68

lines changed

`‎doc/src/sgml/catalogs.sgml‎`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1669,6 +1669,15 @@ SCRAM-SHA-256$<replaceable><iteration count></replaceable>:<replaceable>&l`
`1669`	`1669`	`</thead>`
`1670`	`1670`
`1671`	`1671`	`<tbody>`
	`1672`	`+ <row>`
	`1673`	`+ <entry role="catalog_table_entry"><para role="column_definition">`
	`1674`	`+ <structfield>oid</structfield> <type>oid</type>`
	`1675`	`+ </para>`
	`1676`	`+ <para>`
	`1677`	`+ Row identifier`
	`1678`	`+ </para></entry>`
	`1679`	`+ </row>`
	`1680`	`+`
`1672`	`1681`	`<row>`
`1673`	`1682`	`<entry role="catalog_table_entry"><para role="column_definition">`
`1674`	`1683`	`<structfield>roleid</structfield> <type>oid</type>`

`‎src/backend/catalog/catalog.c‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -262,6 +262,8 @@ IsSharedRelation(Oid relationId)`
`262`	`262`	`relationId==AuthIdRolnameIndexId\|\|`
`263`	`263`	`relationId==AuthMemMemRoleIndexId\|\|`
`264`	`264`	`relationId==AuthMemRoleMemIndexId\|\|`
	`265`	`+relationId==AuthMemOidIndexId\|\|`
	`266`	`+relationId==AuthMemGrantorIndexId\|\|`
`265`	`267`	`relationId==DatabaseNameIndexId\|\|`
`266`	`268`	`relationId==DatabaseOidIndexId\|\|`
`267`	`269`	`relationId==DbRoleSettingDatidRolidIndexId\|\|`

`‎src/backend/catalog/dependency.c‎`

Lines changed: 11 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@`
`28`	`28`	`#include"catalog/pg_amproc.h"`
`29`	`29`	`#include"catalog/pg_attrdef.h"`
`30`	`30`	`#include"catalog/pg_authid.h"`
	`31`	`+#include"catalog/pg_auth_members.h"`
`31`	`32`	`#include"catalog/pg_cast.h"`
`32`	`33`	`#include"catalog/pg_collation.h"`
`33`	`34`	`#include"catalog/pg_constraint.h"`
`@@ -172,6 +173,7 @@ static const Oid object_classes[] = {`
`172`	`173`	`TSTemplateRelationId,/* OCLASS_TSTEMPLATE */`
`173`	`174`	`TSConfigRelationId,/* OCLASS_TSCONFIG */`
`174`	`175`	`AuthIdRelationId,/* OCLASS_ROLE */`
	`176`	`+AuthMemRelationId,/* OCLASS_ROLE_MEMBERSHIP */`
`175`	`177`	`DatabaseRelationId,/* OCLASS_DATABASE */`
`176`	`178`	`TableSpaceRelationId,/* OCLASS_TBLSPACE */`
`177`	`179`	`ForeignDataWrapperRelationId,/* OCLASS_FDW */`
`@@ -1502,6 +1504,7 @@ doDeletion(const ObjectAddress *object, int flags)`
`1502`	`1504`	`caseOCLASS_DEFACL:`
`1503`	`1505`	`caseOCLASS_EVENT_TRIGGER:`
`1504`	`1506`	`caseOCLASS_TRANSFORM:`
	`1507`	`+caseOCLASS_ROLE_MEMBERSHIP:`
`1505`	`1508`	`DropObjectById(object);`
`1506`	`1509`	`break;`
`1507`	`1510`
`@@ -1529,9 +1532,8 @@ doDeletion(const ObjectAddress *object, int flags)`
`1529`	`1532`	`* Accepts the same flags as performDeletion (though currently only`
`1530`	`1533`	`* PERFORM_DELETION_CONCURRENTLY does anything).`
`1531`	`1534`	`*`
`1532`		`- * We use LockRelation for relations, LockDatabaseObject for everything`
`1533`		`- * else. Shared-across-databases objects are not currently supported`
`1534`		`- * because no caller cares, but could be modified to use LockSharedObject.`
	`1535`	`+ * We use LockRelation for relations, and otherwise LockSharedObject or`
	`1536`	`+ * LockDatabaseObject as appropriate for the object type.`
`1535`	`1537`	`*/`
`1536`	`1538`	`void`
`1537`	`1539`	`AcquireDeletionLock(constObjectAddress*object,intflags)`
`@@ -1549,6 +1551,9 @@ AcquireDeletionLock(const ObjectAddress *object, int flags)`
`1549`	`1551`	`else`
`1550`	`1552`	`LockRelationOid(object->objectId,AccessExclusiveLock);`
`1551`	`1553`	`}`
	`1554`	`+elseif (object->classId==AuthMemRelationId)`
	`1555`	`+LockSharedObject(object->classId,object->objectId,0,`
	`1556`	`+AccessExclusiveLock);`
`1552`	`1557`	`else`
`1553`	`1558`	`{`
`1554`	`1559`	`/* assume we should lock the whole object not a sub-object */`
`@@ -2914,6 +2919,9 @@ getObjectClass(const ObjectAddress *object)`
`2914`	`2919`	`caseAuthIdRelationId:`
`2915`	`2920`	`returnOCLASS_ROLE;`
`2916`	`2921`
	`2922`	`+caseAuthMemRelationId:`
	`2923`	`+returnOCLASS_ROLE_MEMBERSHIP;`
	`2924`	`+`
`2917`	`2925`	`caseDatabaseRelationId:`
`2918`	`2926`	`returnOCLASS_DATABASE;`
`2919`	`2927`

`‎src/backend/catalog/objectaddress.c‎`

Lines changed: 108 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@`
`27`	`27`	`#include"catalog/pg_amproc.h"`
`28`	`28`	`#include"catalog/pg_attrdef.h"`
`29`	`29`	`#include"catalog/pg_authid.h"`
	`30`	`+#include"catalog/pg_auth_members.h"`
`30`	`31`	`#include"catalog/pg_cast.h"`
`31`	`32`	`#include"catalog/pg_collation.h"`
`32`	`33`	`#include"catalog/pg_constraint.h"`
`@@ -386,6 +387,20 @@ static const ObjectPropertyType ObjectProperty[] =`
`386`	`387`	`-1,`
`387`	`388`	`true`
`388`	`389`	`},`
	`390`	`+{`
	`391`	`+"role membership",`
	`392`	`+AuthMemRelationId,`
	`393`	`+AuthMemOidIndexId,`
	`394`	`+-1,`
	`395`	`+-1,`
	`396`	`+Anum_pg_auth_members_oid,`
	`397`	`+InvalidAttrNumber,`
	`398`	`+InvalidAttrNumber,`
	`399`	`+Anum_pg_auth_members_grantor,`
	`400`	`+InvalidAttrNumber,`
	`401`	`+-1,`
	`402`	`+true`
	`403`	`+},`
`389`	`404`	`{`
`390`	`405`	`"rule",`
`391`	`406`	`RewriteRelationId,`
`@@ -787,6 +802,10 @@ static const struct object_type_map`
`787`	`802`	`{`
`788`	`803`	`"role",OBJECT_ROLE`
`789`	`804`	`},`
	`805`	`+/* OCLASS_ROLE_MEMBERSHIP */`
	`806`	`+{`
	`807`	`+"role membership",-1/* unmapped */`
	`808`	`+},`
`790`	`809`	`/* OCLASS_DATABASE */`
`791`	`810`	`{`
`792`	`811`	`"database",OBJECT_DATABASE`
`@@ -3644,6 +3663,48 @@ getObjectDescription(const ObjectAddress *object, bool missing_ok)`
`3644`	`3663`	`break;`
`3645`	`3664`	`}`
`3646`	`3665`
	`3666`	`+caseOCLASS_ROLE_MEMBERSHIP:`
	`3667`	`+{`
	`3668`	`+RelationamDesc;`
	`3669`	`+ScanKeyDataskey[1];`
	`3670`	`+SysScanDescrcscan;`
	`3671`	`+HeapTupletup;`
	`3672`	`+Form_pg_auth_membersamForm;`
	`3673`	`+`
	`3674`	`+amDesc=table_open(AuthMemRelationId,AccessShareLock);`
	`3675`	`+`
	`3676`	`+ScanKeyInit(&skey[0],`
	`3677`	`+Anum_pg_auth_members_oid,`
	`3678`	`+BTEqualStrategyNumber,F_OIDEQ,`
	`3679`	`+ObjectIdGetDatum(object->objectId));`
	`3680`	`+`
	`3681`	`+rcscan=systable_beginscan(amDesc,AuthMemOidIndexId, true,`
	`3682`	`+NULL,1,skey);`
	`3683`	`+`
	`3684`	`+tup=systable_getnext(rcscan);`
	`3685`	`+`
	`3686`	`+if (!HeapTupleIsValid(tup))`
	`3687`	`+{`
	`3688`	`+if (!missing_ok)`
	`3689`	`+elog(ERROR,"could not find tuple for role membership %u",`
	`3690`	`+object->objectId);`
	`3691`	`+`
	`3692`	`+systable_endscan(rcscan);`
	`3693`	`+table_close(amDesc,AccessShareLock);`
	`3694`	`+break;`
	`3695`	`+}`
	`3696`	`+`
	`3697`	`+amForm= (Form_pg_auth_members)GETSTRUCT(tup);`
	`3698`	`+`
	`3699`	`+appendStringInfo(&buffer,_("membership of role %s in role %s"),`
	`3700`	`+GetUserNameFromId(amForm->member, false),`
	`3701`	`+GetUserNameFromId(amForm->roleid, false));`
	`3702`	`+`
	`3703`	`+systable_endscan(rcscan);`
	`3704`	`+table_close(amDesc,AccessShareLock);`
	`3705`	`+break;`
	`3706`	`+}`
	`3707`	`+`
`3647`	`3708`	`caseOCLASS_DATABASE:`
`3648`	`3709`	`{`
`3649`	`3710`	`char*datname;`
`@@ -4533,6 +4594,10 @@ getObjectTypeDescription(const ObjectAddress *object, bool missing_ok)`
`4533`	`4594`	`appendStringInfoString(&buffer,"role");`
`4534`	`4595`	`break;`
`4535`	`4596`
	`4597`	`+caseOCLASS_ROLE_MEMBERSHIP:`
	`4598`	`+appendStringInfoString(&buffer,"role membership");`
	`4599`	`+break;`
	`4600`	`+`
`4536`	`4601`	`caseOCLASS_DATABASE:`
`4537`	`4602`	`appendStringInfoString(&buffer,"database");`
`4538`	`4603`	`break;`
`@@ -5476,6 +5541,49 @@ getObjectIdentityParts(const ObjectAddress *object,`
`5476`	`5541`	`break;`
`5477`	`5542`	`}`
`5478`	`5543`
	`5544`	`+caseOCLASS_ROLE_MEMBERSHIP:`
	`5545`	`+{`
	`5546`	`+RelationauthMemDesc;`
	`5547`	`+ScanKeyDataskey[1];`
	`5548`	`+SysScanDescamscan;`
	`5549`	`+HeapTupletup;`
	`5550`	`+Form_pg_auth_membersamForm;`
	`5551`	`+`
	`5552`	`+authMemDesc=table_open(AuthMemRelationId,`
	`5553`	`+AccessShareLock);`
	`5554`	`+`
	`5555`	`+ScanKeyInit(&skey[0],`
	`5556`	`+Anum_pg_auth_members_oid,`
	`5557`	`+BTEqualStrategyNumber,F_OIDEQ,`
	`5558`	`+ObjectIdGetDatum(object->objectId));`
	`5559`	`+`
	`5560`	`+amscan=systable_beginscan(authMemDesc,AuthMemOidIndexId, true,`
	`5561`	`+NULL,1,skey);`
	`5562`	`+`
	`5563`	`+tup=systable_getnext(amscan);`
	`5564`	`+`
	`5565`	`+if (!HeapTupleIsValid(tup))`
	`5566`	`+{`
	`5567`	`+if (!missing_ok)`
	`5568`	`+elog(ERROR,"could not find tuple for pg_auth_members entry %u",`
	`5569`	`+object->objectId);`
	`5570`	`+`
	`5571`	`+systable_endscan(amscan);`
	`5572`	`+table_close(authMemDesc,AccessShareLock);`
	`5573`	`+break;`
	`5574`	`+}`
	`5575`	`+`
	`5576`	`+amForm= (Form_pg_auth_members)GETSTRUCT(tup);`
	`5577`	`+`
	`5578`	`+appendStringInfo(&buffer,_("membership of role %s in role %s"),`
	`5579`	`+GetUserNameFromId(amForm->member, false),`
	`5580`	`+GetUserNameFromId(amForm->roleid, false));`
	`5581`	`+`
	`5582`	`+systable_endscan(amscan);`
	`5583`	`+table_close(authMemDesc,AccessShareLock);`
	`5584`	`+break;`
	`5585`	`+}`
	`5586`	`+`
`5479`	`5587`	`caseOCLASS_DATABASE:`
`5480`	`5588`	`{`
`5481`	`5589`	`char*datname;`

`‎src/backend/catalog/pg_shdepend.c‎`

Lines changed: 29 additions & 18 deletions

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@`
`22`	`22`	`#include"catalog/dependency.h"`
`23`	`23`	`#include"catalog/indexing.h"`
`24`	`24`	`#include"catalog/pg_authid.h"`
	`25`	`+#include"catalog/pg_auth_members.h"`
`25`	`26`	`#include"catalog/pg_collation.h"`
`26`	`27`	`#include"catalog/pg_conversion.h"`
`27`	`28`	`#include"catalog/pg_database.h"`
`@@ -1364,11 +1365,6 @@ shdepDropOwned(List *roleids, DropBehavior behavior)`
`1364`	`1365`	`caseSHARED_DEPENDENCY_INVALID:`
`1365`	`1366`	`elog(ERROR,"unexpected dependency type");`
`1366`	`1367`	`break;`
`1367`		`-caseSHARED_DEPENDENCY_ACL:`
`1368`		`-RemoveRoleFromObjectACL(roleid,`
`1369`		`-sdepForm->classid,`
`1370`		`-sdepForm->objid);`
`1371`		`-break;`
`1372`	`1368`	`caseSHARED_DEPENDENCY_POLICY:`
`1373`	`1369`
`1374`	`1370`	`/*`
`@@ -1398,22 +1394,37 @@ shdepDropOwned(List *roleids, DropBehavior behavior)`
`1398`	`1394`	`add_exact_object_address(&obj,deleteobjs);`
`1399`	`1395`	`}`
`1400`	`1396`	`break;`
	`1397`	`+caseSHARED_DEPENDENCY_ACL:`
	`1398`	`+`
	`1399`	`+/*`
	`1400`	`+ * Dependencies on role grants are recorded using`
	`1401`	`+ * SHARED_DEPENDENCY_ACL, but unlike a regular ACL list`
	`1402`	`+ * which stores all permissions for a particular object in`
	`1403`	`+ * a single ACL array, there's a separate catalog row for`
	`1404`	`+ * each grant - so removing the grant just means removing`
	`1405`	`+ * the entire row.`
	`1406`	`+ */`
	`1407`	`+if (sdepForm->classid!=AuthMemRelationId)`
	`1408`	`+{`
	`1409`	`+RemoveRoleFromObjectACL(roleid,`
	`1410`	`+sdepForm->classid,`
	`1411`	`+sdepForm->objid);`
	`1412`	`+break;`
	`1413`	`+}`
	`1414`	`+/* FALLTHROUGH */`
`1401`	`1415`	`caseSHARED_DEPENDENCY_OWNER:`
`1402`		`-/* If a local object, save it for deletion below */`
`1403`		`-if (sdepForm->dbid==MyDatabaseId)`
	`1416`	`+/* Save it for deletion below */`
	`1417`	`+obj.classId=sdepForm->classid;`
	`1418`	`+obj.objectId=sdepForm->objid;`
	`1419`	`+obj.objectSubId=sdepForm->objsubid;`
	`1420`	`+/* as above */`
	`1421`	`+AcquireDeletionLock(&obj,0);`
	`1422`	`+if (!systable_recheck_tuple(scan,tuple))`
`1404`	`1423`	`{`
`1405`		`-obj.classId=sdepForm->classid;`
`1406`		`-obj.objectId=sdepForm->objid;`
`1407`		`-obj.objectSubId=sdepForm->objsubid;`
`1408`		`-/* as above */`
`1409`		`-AcquireDeletionLock(&obj,0);`
`1410`		`-if (!systable_recheck_tuple(scan,tuple))`
`1411`		`-{`
`1412`		`-ReleaseDeletionLock(&obj);`
`1413`		`-break;`
`1414`		`-}`
`1415`		`-add_exact_object_address(&obj,deleteobjs);`
	`1424`	`+ReleaseDeletionLock(&obj);`
	`1425`	`+break;`
`1416`	`1426`	`}`
	`1427`	`+add_exact_object_address(&obj,deleteobjs);`
`1417`	`1428`	`break;`
`1418`	`1429`	`}`
`1419`	`1430`	`}`

`‎src/backend/catalog/system_views.sql‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ CREATE VIEW pg_group AS`
`53`	`53`	`SELECT`
`54`	`54`	`rolnameAS groname,`
`55`	`55`	`oidAS grosysid,`
`56`		`- ARRAY(SELECT memberFROM pg_auth_membersWHERE roleid=oid)AS grolist`
	`56`	`+ ARRAY(SELECT memberFROM pg_auth_membersWHERE roleid=pg_authid.oid)AS grolist`
`57`	`57`	`FROM pg_authid`
`58`	`58`	`WHERE NOT rolcanlogin;`
`59`	`59`

`‎src/backend/commands/alter.c‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -650,6 +650,7 @@ AlterObjectNamespace_oid(Oid classId, Oid objid, Oid nspOid,`
`650`	`650`	`caseOCLASS_TRIGGER:`
`651`	`651`	`caseOCLASS_SCHEMA:`
`652`	`652`	`caseOCLASS_ROLE:`
	`653`	`+caseOCLASS_ROLE_MEMBERSHIP:`
`653`	`654`	`caseOCLASS_DATABASE:`
`654`	`655`	`caseOCLASS_TBLSPACE:`
`655`	`656`	`caseOCLASS_FDW:`

`‎src/backend/commands/event_trigger.c‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1015,6 +1015,7 @@ EventTriggerSupportsObjectClass(ObjectClass objclass)`
`1015`	`1015`	`caseOCLASS_DATABASE:`
`1016`	`1016`	`caseOCLASS_TBLSPACE:`
`1017`	`1017`	`caseOCLASS_ROLE:`
	`1018`	`+caseOCLASS_ROLE_MEMBERSHIP:`
`1018`	`1019`	`caseOCLASS_PARAMETER_ACL:`
`1019`	`1020`	`/* no support for global objects */`
`1020`	`1021`	`return false;`

`‎src/backend/commands/tablecmds.c‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -12667,6 +12667,7 @@ ATExecAlterColumnType(AlteredTableInfo *tab, Relation rel,`
`12667`	`12667`	`case OCLASS_TSTEMPLATE:`
`12668`	`12668`	`case OCLASS_TSCONFIG:`
`12669`	`12669`	`case OCLASS_ROLE:`
	`12670`	`+case OCLASS_ROLE_MEMBERSHIP:`
`12670`	`12671`	`case OCLASS_DATABASE:`
`12671`	`12672`	`case OCLASS_TBLSPACE:`
`12672`	`12673`	`case OCLASS_FDW:`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6566133

File tree

16 files changed

16 files changed

`‎doc/src/sgml/catalogs.sgml‎`

`‎src/backend/catalog/catalog.c‎`

`‎src/backend/catalog/dependency.c‎`

`‎src/backend/catalog/objectaddress.c‎`

`‎src/backend/catalog/pg_shdepend.c‎`

`‎src/backend/catalog/system_views.sql‎`

`‎src/backend/commands/alter.c‎`

`‎src/backend/commands/event_trigger.c‎`

`‎src/backend/commands/tablecmds.c‎`

0 commit comments