NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commit9f8a48b

committed

Invalidate acl.c caches when pg_authid changes.

This makes existing sessions reflect "ALTER ROLE ... [NO]INHERIT" asquickly as they have been reflecting "GRANT role_name". Back-patch to9.5 (all supported versions).Reviewed by Nathan Bossart.Discussion:https://postgr.es/m/20201221095028.GB3777719@rfd.leadboat.com

1 parent6f7e972 commit9f8a48bCopy full SHA for 9f8a48b

File tree

3 files changed

+19

-3

lines changed

src
- backend/utils/adt
  - acl.c
- test/regress
  - expected
    - privileges.out
  - sql
    - privileges.sql

3 files changed

+19

-3

lines changed

`‎src/backend/utils/adt/acl.c`

Lines changed: 6 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,6 @@ typedef struct`
`52`	`52`	`* role. In most of these tests the "given role" is the same, namely the`
`53`	`53`	`* active current user. So we can optimize it by keeping a cached list of`
`54`	`54`	`* all the roles the "given role" is a member of, directly or indirectly.`
`55`		`- * The cache is flushed whenever we detect a change in pg_auth_members.`
`56`	`55`	`*`
`57`	`56`	`* There are actually two caches, one computed under "has_privs" rules`
`58`	`57`	`* (do not recurse where rolinherit isn't true) and one computed under`
`@@ -4675,12 +4674,16 @@ initialize_acl(void)`
`4675`	`4674`	`if (!IsBootstrapProcessingMode())`
`4676`	`4675`	`{`
`4677`	`4676`	`/*`
`4678`		`- * In normal mode, set a callback on any syscache invalidation of`
`4679`		`- * pg_auth_members rows`
	`4677`	`+ * In normal mode, set a callback on any syscache invalidation of rows`
	`4678`	`+ * of pg_auth_members (for each AUTHMEM search in this file) or`
	`4679`	`+ * pg_authid (for has_rolinherit())`
`4680`	`4680`	`*/`
`4681`	`4681`	`CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,`
`4682`	`4682`	`RoleMembershipCacheCallback,`
`4683`	`4683`	`(Datum)0);`
	`4684`	`+CacheRegisterSyscacheCallback(AUTHOID,`
	`4685`	`+RoleMembershipCacheCallback,`
	`4686`	`+ (Datum)0);`
`4684`	`4687`	`}`
`4685`	`4688`	`}`
`4686`	`4689`

`‎src/test/regress/expected/privileges.out`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -350,6 +350,13 @@ SET SESSION AUTHORIZATION regress_priv_user1;`
`350`	`350`	`SELECT * FROM atest3; -- fail`
`351`	`351`	`ERROR: permission denied for table atest3`
`352`	`352`	`DELETE FROM atest3; -- ok`
	`353`	`+BEGIN;`
	`354`	`+RESET SESSION AUTHORIZATION;`
	`355`	`+ALTER ROLE regress_priv_user1 NOINHERIT;`
	`356`	`+SET SESSION AUTHORIZATION regress_priv_user1;`
	`357`	`+DELETE FROM atest3;`
	`358`	`+ERROR: permission denied for table atest3`
	`359`	`+ROLLBACK;`
`353`	`360`	`-- views`
`354`	`361`	`SET SESSION AUTHORIZATION regress_priv_user3;`
`355`	`362`	`CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok`

`‎src/test/regress/sql/privileges.sql`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -220,6 +220,12 @@ SET SESSION AUTHORIZATION regress_priv_user1;`
`220`	`220`	`SELECT*FROM atest3;-- fail`
`221`	`221`	`DELETEFROM atest3;-- ok`
`222`	`222`
	`223`	`+BEGIN;`
	`224`	`+RESET SESSION AUTHORIZATION;`
	`225`	`+ALTER ROLE regress_priv_user1 NOINHERIT;`
	`226`	`+SET SESSION AUTHORIZATION regress_priv_user1;`
	`227`	`+DELETEFROM atest3;`
	`228`	`+ROLLBACK;`
`223`	`229`
`224`	`230`	`-- views`
`225`	`231`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit9f8a48b

File tree

3 files changed

3 files changed

`‎src/backend/utils/adt/acl.c`

`‎src/test/regress/expected/privileges.out`

`‎src/test/regress/sql/privileges.sql`

0 commit comments