Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit9f8a48b

Browse files
committed
Invalidate acl.c caches when pg_authid changes.
This makes existing sessions reflect "ALTER ROLE ... [NO]INHERIT" asquickly as they have been reflecting "GRANT role_name". Back-patch to9.5 (all supported versions).Reviewed by Nathan Bossart.Discussion:https://postgr.es/m/20201221095028.GB3777719@rfd.leadboat.com
1 parent6f7e972 commit9f8a48b

File tree

3 files changed

+19
-3
lines changed

3 files changed

+19
-3
lines changed

‎src/backend/utils/adt/acl.c

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,6 @@ typedef struct
5252
* role. In most of these tests the "given role" is the same, namely the
5353
* active current user. So we can optimize it by keeping a cached list of
5454
* all the roles the "given role" is a member of, directly or indirectly.
55-
* The cache is flushed whenever we detect a change in pg_auth_members.
5655
*
5756
* There are actually two caches, one computed under "has_privs" rules
5857
* (do not recurse where rolinherit isn't true) and one computed under
@@ -4675,12 +4674,16 @@ initialize_acl(void)
46754674
if (!IsBootstrapProcessingMode())
46764675
{
46774676
/*
4678-
* In normal mode, set a callback on any syscache invalidation of
4679-
* pg_auth_members rows
4677+
* In normal mode, set a callback on any syscache invalidation of rows
4678+
* of pg_auth_members (for each AUTHMEM search in this file) or
4679+
* pg_authid (for has_rolinherit())
46804680
*/
46814681
CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
46824682
RoleMembershipCacheCallback,
46834683
(Datum)0);
4684+
CacheRegisterSyscacheCallback(AUTHOID,
4685+
RoleMembershipCacheCallback,
4686+
(Datum)0);
46844687
}
46854688
}
46864689

‎src/test/regress/expected/privileges.out

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -350,6 +350,13 @@ SET SESSION AUTHORIZATION regress_priv_user1;
350350
SELECT * FROM atest3; -- fail
351351
ERROR: permission denied for table atest3
352352
DELETE FROM atest3; -- ok
353+
BEGIN;
354+
RESET SESSION AUTHORIZATION;
355+
ALTER ROLE regress_priv_user1 NOINHERIT;
356+
SET SESSION AUTHORIZATION regress_priv_user1;
357+
DELETE FROM atest3;
358+
ERROR: permission denied for table atest3
359+
ROLLBACK;
353360
-- views
354361
SET SESSION AUTHORIZATION regress_priv_user3;
355362
CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok

‎src/test/regress/sql/privileges.sql

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -220,6 +220,12 @@ SET SESSION AUTHORIZATION regress_priv_user1;
220220
SELECT*FROM atest3;-- fail
221221
DELETEFROM atest3;-- ok
222222

223+
BEGIN;
224+
RESET SESSION AUTHORIZATION;
225+
ALTER ROLE regress_priv_user1 NOINHERIT;
226+
SET SESSION AUTHORIZATION regress_priv_user1;
227+
DELETEFROM atest3;
228+
ROLLBACK;
223229

224230
-- views
225231

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp