NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitd691cb9

committed

Fix erroneous handling of shared dependencies (ie dependencies on roles)

in CREATE OR REPLACE FUNCTION. The original code would update pg_shdependas if a new function was being created, even if it wasn't, with two badconsequences: pg_shdepend might record the wrong owner for the function,and any dependencies for roles mentioned in the function's ACL would be lost.The fix is very easy: just don't touch pg_shdepend at all when doing afunction replacement.Also update the CREATE FUNCTION reference page, which never explainedexactly what changes and doesn't change in a function replacement.In passing, fix the CREATE VIEW reference page similarly; there's nocode bug there, but the docs didn't say what happens.

1 parentcaa4cfa commitd691cb9Copy full SHA for d691cb9

File tree

3 files changed

+30

-10

lines changed

doc/src/sgml/ref
- create_function.sgml
- create_view.sgml
src/backend/catalog
- pg_proc.c

3 files changed

+30

-10

lines changed

`‎doc/src/sgml/ref/create_function.sgml`

Lines changed: 9 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`<!--`
`2`		`-$PostgreSQL: pgsql/doc/src/sgml/ref/create_function.sgml,v 1.86 2009/09/19 10:23:26 petere Exp $`
	`2`	`+$PostgreSQL: pgsql/doc/src/sgml/ref/create_function.sgml,v 1.87 2009/10/02 18:13:04 tgl Exp $`
`3`	`3`	`-->`
`4`	`4`
`5`	`5`	`<refentry id="SQL-CREATEFUNCTION">`
`@@ -562,6 +562,14 @@ CREATE FUNCTION foo(int, int default 42) ...`
`562`	`562`	`<literal>USAGE</literal> privilege on the language.`
`563`	`563`	`</para>`
`564`	`564`
	`565`	`+ <para>`
	`566`	`+ When <command>CREATE OR REPLACE FUNCTION</> is used to replace an`
	`567`	`+ existing function, the ownership and permissions of the function`
	`568`	`+ do not change. All other function properties are assigned the`
	`569`	`+ values specified or implied in the command. You must own the function`
	`570`	`+ to replace it (this includes being a member of the owning role).`
	`571`	`+ </para>`
	`572`	`+`
`565`	`573`	`</refsect1>`
`566`	`574`
`567`	`575`	`<refsect1 id="sql-createfunction-examples">`

`‎doc/src/sgml/ref/create_view.sgml`

Lines changed: 9 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`<!--`
`2`		`-$PostgreSQL: pgsql/doc/src/sgml/ref/create_view.sgml,v 1.41 2009/01/27 12:40:15 petere Exp $`
	`2`	`+$PostgreSQL: pgsql/doc/src/sgml/ref/create_view.sgml,v 1.42 2009/10/02 18:13:04 tgl Exp $`
`3`	`3`	`PostgreSQL documentation`
`4`	`4`	`-->`
`5`	`5`
`@@ -149,6 +149,14 @@ CREATE VIEW vista AS SELECT text 'Hello World' AS hello;`
`149`	`149`	`used by the view.`
`150`	`150`	`</para>`
`151`	`151`
	`152`	`+ <para>`
	`153`	`+ When <command>CREATE OR REPLACE VIEW</> is used on an`
	`154`	`+ existing view, only the view's defining SELECT rule is changed.`
	`155`	`+ Other view properties, including ownership, permissions, and non-SELECT`
	`156`	`+ rules, remain unchanged. You must own the view`
	`157`	`+ to replace it (this includes being a member of the owning role).`
	`158`	`+ </para>`
	`159`	`+`
`152`	`160`	`</refsect1>`
`153`	`161`
`154`	`162`	`<refsect1>`

`‎src/backend/catalog/pg_proc.c`

Lines changed: 12 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.165 2009/09/22 23:43:37 tgl Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.166 2009/10/02 18:13:04 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -89,6 +89,7 @@ ProcedureCreate(const char *procedureName,`
`89`	`89`	`boolinternalInParam= false;`
`90`	`90`	`boolinternalOutParam= false;`
`91`	`91`	`OidvariadicType=InvalidOid;`
	`92`	`+Oidproowner=GetUserId();`
`92`	`93`	`Relationrel;`
`93`	`94`	`HeapTupletup;`
`94`	`95`	`HeapTupleoldtup;`
`@@ -290,7 +291,7 @@ ProcedureCreate(const char *procedureName,`
`290`	`291`	`namestrcpy(&procname,procedureName);`
`291`	`292`	`values[Anum_pg_proc_proname-1]=NameGetDatum(&procname);`
`292`	`293`	`values[Anum_pg_proc_pronamespace-1]=ObjectIdGetDatum(procNamespace);`
`293`		`-values[Anum_pg_proc_proowner-1]=ObjectIdGetDatum(GetUserId());`
	`294`	`+values[Anum_pg_proc_proowner-1]=ObjectIdGetDatum(proowner);`
`294`	`295`	`values[Anum_pg_proc_prolang-1]=ObjectIdGetDatum(languageObjectId);`
`295`	`296`	`values[Anum_pg_proc_procost-1]=Float4GetDatum(procost);`
`296`	`297`	`values[Anum_pg_proc_prorows-1]=Float4GetDatum(prorows);`
`@@ -353,7 +354,7 @@ ProcedureCreate(const char *procedureName,`
`353`	`354`	`(errcode(ERRCODE_DUPLICATE_FUNCTION),`
`354`	`355`	`errmsg("function \"%s\" already exists with same argument types",`
`355`	`356`	`procedureName)));`
`356`		`-if (!pg_proc_ownercheck(HeapTupleGetOid(oldtup),GetUserId()))`
	`357`	`+if (!pg_proc_ownercheck(HeapTupleGetOid(oldtup),proowner))`
`357`	`358`	`aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_PROC,`
`358`	`359`	`procedureName);`
`359`	`360`
`@@ -471,7 +472,10 @@ ProcedureCreate(const char *procedureName,`
`471`	`472`	`procedureName)));`
`472`	`473`	`}`
`473`	`474`
`474`		`-/* do not change existing ownership or permissions, either */`
	`475`	`+/*`
	`476`	`+ * Do not change existing ownership or permissions, either. Note`
	`477`	`+ * dependency-update code below has to agree with this decision.`
	`478`	`+ */`
`475`	`479`	`replaces[Anum_pg_proc_proowner-1]= false;`
`476`	`480`	`replaces[Anum_pg_proc_proacl-1]= false;`
`477`	`481`
`@@ -498,12 +502,11 @@ ProcedureCreate(const char *procedureName,`
`498`	`502`	`/*`
`499`	`503`	`* Create dependencies for the new function. If we are updating an`
`500`	`504`	`* existing function, first delete any existing pg_depend entries.`
	`505`	`+ * (However, since we are not changing ownership or permissions, the`
	`506`	`+ * shared dependencies do not need to change, and we leave them alone.)`
`501`	`507`	`*/`
`502`	`508`	`if (is_update)`
`503`		`-{`
`504`	`509`	`deleteDependencyRecordsFor(ProcedureRelationId,retval);`
`505`		`-deleteSharedDependencyRecordsFor(ProcedureRelationId,retval,0);`
`506`		`-}`
`507`	`510`
`508`	`511`	`myself.classId=ProcedureRelationId;`
`509`	`512`	`myself.objectId=retval;`
`@@ -537,7 +540,8 @@ ProcedureCreate(const char *procedureName,`
`537`	`540`	`}`
`538`	`541`
`539`	`542`	`/* dependency on owner */`
`540`		`-recordDependencyOnOwner(ProcedureRelationId,retval,GetUserId());`
	`543`	`+if (!is_update)`
	`544`	`+recordDependencyOnOwner(ProcedureRelationId,retval,proowner);`
`541`	`545`
`542`	`546`	`heap_freetuple(tup);`
`543`	`547`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitd691cb9

File tree

3 files changed

3 files changed

`‎doc/src/sgml/ref/create_function.sgml`

`‎doc/src/sgml/ref/create_view.sgml`

`‎src/backend/catalog/pg_proc.c`

0 commit comments