NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commita7fcb62

committed

Fix some inappropriately-disallowed uses of ALTER ROLE/DATABASE SET.

Most GUC check hooks that inspect database state have special checksthat prevent them from throwing hard errors for state-dependent issueswhen source == PGC_S_TEST. This allows, for example,"ALTER DATABASE d SET default_text_search_config = foo" when the "foo"configuration hasn't been created yet. Without this, we have problemsduring dump/reload or pg_upgrade, because pg_dump has no idea aboutpossible dependencies of GUC values and can't ensure a safe restoreordering.However, check_role() and check_session_authorization() hadn't gottenthe memo about that, and would throw hard errors anyway. It's notentirely clear what is the use-case for "ALTER ROLE x SET role = y",but we've now heard two independent complaints about that bollixingan upgrade, so apparently some people are doing it.Hence, fix these two functions to act more like other check hookswith similar needs. (But I did not change their insistence onbeing inside a transaction, as it's still not apparent that settingeither GUC from the configuration file would be wise.)Also fix check_temp_buffers, which had a different form of the diseaseof making state-dependent checks without any exception for PGC_S_TEST.A cursory survey of other GUC check hooks did not find any more issuesof this ilk. (There are a lot of interdependencies amongPGC_POSTMASTER and PGC_SIGHUP GUCs, which may be a bad idea, butthey're not relevant to the immediate concern because they can't beset via ALTER ROLE/DATABASE.)Per reports from Charlie Hornsby and Nathan Bossart. Back-patchto all supported branches.Discussion:https://postgr.es/m/HE1P189MB0523B31598B0C772C908088DB7709@HE1P189MB0523.EURP189.PROD.OUTLOOK.COMDiscussion:https://postgr.es/m/20160711223641.1426.86096@wrigleys.postgresql.org

1 parent6530df6 commita7fcb62Copy full SHA for a7fcb62

File tree

2 files changed

+34

-1

lines changed

src/backend
- commands
  - variable.c
- utils/misc
  - guc.c

2 files changed

+34

-1

lines changed

`‎src/backend/commands/variable.c`

Lines changed: 32 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -767,6 +767,17 @@ check_session_authorization(char newval, void extra, GucSource source)`
`767`	`767`	`roleTup=SearchSysCache1(AUTHNAME,PointerGetDatum(*newval));`
`768`	`768`	`if (!HeapTupleIsValid(roleTup))`
`769`	`769`	`{`
	`770`	`+/*`
	`771`	`+ * When source == PGC_S_TEST, we don't throw a hard error for a`
	`772`	`+ * nonexistent user name, only a NOTICE. See comments in guc.h.`
	`773`	`+ */`
	`774`	`+if (source==PGC_S_TEST)`
	`775`	`+{`
	`776`	`+ereport(NOTICE,`
	`777`	`+(errcode(ERRCODE_UNDEFINED_OBJECT),`
	`778`	`+errmsg("role \"%s\" does not exist",*newval)));`
	`779`	`+return true;`
	`780`	`+}`
`770`	`781`	`GUC_check_errmsg("role \"%s\" does not exist",*newval);`
`771`	`782`	`return false;`
`772`	`783`	`}`
`@@ -837,10 +848,23 @@ check_role(char newval, void extra, GucSource source)`
`837`	`848`	`return false;`
`838`	`849`	`}`
`839`	`850`
	`851`	`+/*`
	`852`	`+ * When source == PGC_S_TEST, we don't throw a hard error for a`
	`853`	`+ * nonexistent user name or insufficient privileges, only a NOTICE.`
	`854`	`+ * See comments in guc.h.`
	`855`	`+ */`
	`856`	`+`
`840`	`857`	`/* Look up the username */`
`841`	`858`	`roleTup=SearchSysCache1(AUTHNAME,PointerGetDatum(*newval));`
`842`	`859`	`if (!HeapTupleIsValid(roleTup))`
`843`	`860`	`{`
	`861`	`+if (source==PGC_S_TEST)`
	`862`	`+{`
	`863`	`+ereport(NOTICE,`
	`864`	`+(errcode(ERRCODE_UNDEFINED_OBJECT),`
	`865`	`+errmsg("role \"%s\" does not exist",*newval)));`
	`866`	`+return true;`
	`867`	`+}`
`844`	`868`	`GUC_check_errmsg("role \"%s\" does not exist",*newval);`
`845`	`869`	`return false;`
`846`	`870`	`}`
`@@ -859,6 +883,14 @@ check_role(char newval, void extra, GucSource source)`
`859`	`883`	`if (!InitializingParallelWorker&&`
`860`	`884`	`!is_member_of_role(GetSessionUserId(),roleid))`
`861`	`885`	`{`
	`886`	`+if (source==PGC_S_TEST)`
	`887`	`+{`
	`888`	`+ereport(NOTICE,`
	`889`	`+(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
	`890`	`+errmsg("permission will be denied to set role \"%s\"",`
	`891`	`+*newval)));`
	`892`	`+return true;`
	`893`	`+}`
`862`	`894`	`GUC_check_errcode(ERRCODE_INSUFFICIENT_PRIVILEGE);`
`863`	`895`	`GUC_check_errmsg("permission denied to set role \"%s\"",`
`864`	`896`	`*newval);`

`‎src/backend/utils/misc/guc.c`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -11095,8 +11095,9 @@ check_temp_buffers(int newval, void *extra, GucSource source)`
`11095`	`11095`	`{`
`11096`	`11096`	`/*`
`11097`	`11097`	`* Once local buffers have been initialized, it's too late to change this.`
	`11098`	`+ * However, if this is only a test call, allow it.`
`11098`	`11099`	`*/`
`11099`		`-if (NLocBuffer&&NLocBuffer!=*newval)`
	`11100`	`+if (source!=PGC_S_TEST&&NLocBuffer&&NLocBuffer!=*newval)`
`11100`	`11101`	`{`
`11101`	`11102`	`GUC_check_errdetail("\"temp_buffers\" cannot be changed after any temporary tables have been accessed in the session.");`
`11102`	`11103`	`return false;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita7fcb62

File tree

2 files changed

2 files changed

`‎src/backend/commands/variable.c`

`‎src/backend/utils/misc/guc.c`

0 commit comments