- Notifications
You must be signed in to change notification settings - Fork28
Commit1b55acb
committed
Fix missing role dependencies for some schema and type ACLs.
This patch fixes several related cases in which pg_shdepend entries werenever made, or were lost, for references to roles appearing in the ACLs ofschemas and/or types. While that did no immediate harm, if a referencedrole were later dropped, the drop would be allowed and would leave adangling reference in the object's ACL. That still wasn't a big problemfor normal database usage, but it would cause obscure failures insubsequent dump/reload or pg_upgrade attempts, taking the form ofattempts to grant privileges to all-numeric role names. (I think I'veseen field reports matching that symptom, but can't find any right now.)Several cases are fixed here:1. ALTER DOMAIN SET/DROP DEFAULT would lose the dependencies for anyexisting ACL entries for the domain. This case is ancient, datingback as far as we've had pg_shdepend tracking at all.2. If a default type privilege applies, CREATE TYPE recorded theACL properly but forgot to install dependency entries for it.This dates to the addition of default privileges for types in 9.2.3. If a default schema privilege applies, CREATE SCHEMA recorded theACL properly but forgot to install dependency entries for it.This dates to the addition of default privileges for schemas in v10(commitab89e46).Another somewhat-related problem is that when creating a relationrowtype or implicit array type, TypeCreate would apply any availabledefault type privileges to that type, which we don't really wantsince such an object isn't supposed to have privileges of its own.(You can't, for example, drop such privileges once they've been addedto an array type.)ab89e46 is also to blame for a race condition in the regression tests:privileges.sql transiently installed globally-applicable defaultprivileges on schemas, which sometimes got absorbed into the ACLs ofschemas created by concurrent test scripts. This should have resultedin failures when privileges.sql tried to drop the role holding suchprivileges; but thanks to the bug fixed here, it instead led to danglingACLs in the final state of the regression database. We'd managed not tonotice that, but it became obvious in the wake of commitda90676, whichallowed the race condition to occur in pg_upgrade tests.To fix, add a function recordDependencyOnNewAcl to encapsulate whatcallers of get_user_default_acl need to do; while the original callsites got that right via ad-hoc code, none of the later-added oneshave. Also change GenerateTypeDependencies to generate thesedependencies, which requires adding the typacl to its parameter list.(That might be annoying if there are any extensions calling thatfunction directly; but if there are, they're most likely buggy in thesame way as the core callers were, so they need work anyway.) WhileI was at it, I changed GenerateTypeDependencies to accept most of itsparameters in the form of a Form_pg_type pointer, making its parameterlist a bit less unwieldy and mistake-prone.The test race condition is fixed just by wrapping the addition andremoval of default privileges into a single transaction, so that thatstate is never visible externally. We might eventually prefer toseparate out tests of default privileges into a script that runs byitself, but that would be a bigger change and would make the testsrun slower overall.Back-patch relevant parts to all supported branches.Discussion:https://postgr.es/m/15719.1541725287@sss.pgh.pa.us1 parent84b4a0c commit1b55acb
File tree
10 files changed
+160
-137
lines changed- src
- backend
- catalog
- commands
- include
- catalog
- utils
- test/regress
- expected
- sql
10 files changed
+160
-137
lines changedLines changed: 28 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5445 | 5445 | | |
5446 | 5446 | | |
5447 | 5447 | | |
5448 | | - | |
| 5448 | + | |
| 5449 | + | |
| 5450 | + | |
| 5451 | + | |
5449 | 5452 | | |
5450 | 5453 | | |
5451 | 5454 | | |
| |||
5520 | 5523 | | |
5521 | 5524 | | |
5522 | 5525 | | |
| 5526 | + | |
| 5527 | + | |
| 5528 | + | |
| 5529 | + | |
| 5530 | + | |
| 5531 | + | |
| 5532 | + | |
| 5533 | + | |
| 5534 | + | |
| 5535 | + | |
| 5536 | + | |
| 5537 | + | |
| 5538 | + | |
| 5539 | + | |
| 5540 | + | |
| 5541 | + | |
| 5542 | + | |
| 5543 | + | |
| 5544 | + | |
| 5545 | + | |
| 5546 | + | |
| 5547 | + | |
| 5548 | + | |
| 5549 | + | |
5523 | 5550 | | |
5524 | 5551 | | |
5525 | 5552 | | |
| |||
Lines changed: 3 additions & 12 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1320 | 1320 | | |
1321 | 1321 | | |
1322 | 1322 | | |
| 1323 | + | |
1323 | 1324 | | |
1324 | 1325 | | |
1325 | 1326 | | |
1326 | 1327 | | |
1327 | 1328 | | |
1328 | 1329 | | |
1329 | 1330 | | |
| 1331 | + | |
| 1332 | + | |
1330 | 1333 | | |
1331 | 1334 | | |
1332 | 1335 | | |
| |||
1336 | 1339 | | |
1337 | 1340 | | |
1338 | 1341 | | |
1339 | | - | |
1340 | | - | |
1341 | | - | |
1342 | | - | |
1343 | | - | |
1344 | | - | |
1345 | | - | |
1346 | | - | |
1347 | | - | |
1348 | | - | |
1349 | | - | |
1350 | | - | |
1351 | 1342 | | |
1352 | 1343 | | |
1353 | 1344 | | |
| |||
Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
100 | 100 | | |
101 | 101 | | |
102 | 102 | | |
| 103 | + | |
| 104 | + | |
| 105 | + | |
103 | 106 | | |
104 | 107 | | |
105 | 108 | | |
| |||
Lines changed: 3 additions & 11 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
654 | 654 | | |
655 | 655 | | |
656 | 656 | | |
657 | | - | |
658 | | - | |
659 | | - | |
660 | | - | |
661 | | - | |
662 | | - | |
663 | | - | |
664 | | - | |
665 | | - | |
666 | | - | |
667 | | - | |
| 657 | + | |
| 658 | + | |
| 659 | + | |
668 | 660 | | |
669 | 661 | | |
670 | 662 | | |
| |||
0 commit comments
Comments
(0)