diff options
| author | Joe Conway <mail@joeconway.com> | 2021-03-31 13:55:25 -0400 |
|---|---|---|
| committer | Joe Conway <mail@joeconway.com> | 2021-03-31 13:55:25 -0400 |
| commit | b12bd4869b5e64b742a69ca07915e2f77f85a9ae (patch) | |
| tree | 44c2f80d86ccabaf46d7489b515a258eaece4f1c /src/test | |
| parent | 86dc90056dfdbd9d1b891718d2e5614e3e432f35 (diff) | |
| download | postgresql-b12bd4869b5e64b742a69ca07915e2f77f85a9ae.tar.gz postgresql-b12bd4869b5e64b742a69ca07915e2f77f85a9ae.zip | |
Fix has_column_privilege function corner case
According to the comments, when an invalid or dropped column oid is passed
to has_column_privilege(), the intention has always been to return NULL.
However, when the caller had table level privilege the invalid/missing
column was never discovered, because table permissions were checked first.
Fix that by introducing extended versions of pg_attribute_acl(check|mask)
and pg_class_acl(check|mask) which take a new argument, is_missing. When
is_missing is NULL, the old behavior is preserved. But when is_missing is
passed by the caller, no ERROR is thrown for dropped or missing
columns/relations, and is_missing is flipped to true. This in turn allows
has_column_privilege to check for column privileges first, providing the
desired semantics.
Not backpatched since it is a user visible behavioral change with no previous
complaints, and the fix is a bit on the invasive side.
Author: Joe Conway
Reviewed-By: Tom Lane
Reported by: Ian Barwick
Discussion: https://postgr.es/m/flat/9b5f4311-157b-4164-7fe7-077b4fe8ed84%40joeconway.com
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/regress/expected/privileges.out | 14 | ||||
| -rw-r--r-- | src/test/regress/sql/privileges.sql | 2 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out index 4903371991f..89f3d5da46e 100644 --- a/src/test/regress/expected/privileges.out +++ b/src/test/regress/expected/privileges.out @@ -1362,7 +1362,13 @@ select has_column_privilege('mytable','........pg.dropped.2........','select'); select has_column_privilege('mytable',2::int2,'select'); has_column_privilege ---------------------- - t + +(1 row) + +select has_column_privilege('mytable',99::int2,'select'); + has_column_privilege +---------------------- + (1 row) revoke select on table mytable from regress_priv_user3; @@ -1372,6 +1378,12 @@ select has_column_privilege('mytable',2::int2,'select'); (1 row) +select has_column_privilege('mytable',99::int2,'select'); + has_column_privilege +---------------------- + +(1 row) + drop table mytable; -- Grant options SET SESSION AUTHORIZATION regress_priv_user1; diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql index 8dcd2199e0d..22337310af3 100644 --- a/src/test/regress/sql/privileges.sql +++ b/src/test/regress/sql/privileges.sql @@ -836,8 +836,10 @@ alter table mytable drop column f2; select has_column_privilege('mytable','f2','select'); select has_column_privilege('mytable','........pg.dropped.2........','select'); select has_column_privilege('mytable',2::int2,'select'); +select has_column_privilege('mytable',99::int2,'select'); revoke select on table mytable from regress_priv_user3; select has_column_privilege('mytable',2::int2,'select'); +select has_column_privilege('mytable',99::int2,'select'); drop table mytable; -- Grant options |