Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit c39aa1e

Browse filesBrowse files
tglsfdctglsfdc
committed
Fix some inappropriately-disallowed uses of ALTER ROLE/DATABASE SET.
Most GUC check hooks that inspect database state have special checks that prevent them from throwing hard errors for state-dependent issues when source == PGC_S_TEST. This allows, for example, "ALTER DATABASE d SET default_text_search_config = foo" when the "foo" configuration hasn't been created yet. Without this, we have problems during dump/reload or pg_upgrade, because pg_dump has no idea about possible dependencies of GUC values and can't ensure a safe restore ordering. However, check_role() and check_session_authorization() hadn't gotten the memo about that, and would throw hard errors anyway. It's not entirely clear what is the use-case for "ALTER ROLE x SET role = y", but we've now heard two independent complaints about that bollixing an upgrade, so apparently some people are doing it. Hence, fix these two functions to act more like other check hooks with similar needs. (But I did not change their insistence on being inside a transaction, as it's still not apparent that setting either GUC from the configuration file would be wise.) Also fix check_temp_buffers, which had a different form of the disease of making state-dependent checks without any exception for PGC_S_TEST. A cursory survey of other GUC check hooks did not find any more issues of this ilk. (There are a lot of interdependencies among PGC_POSTMASTER and PGC_SIGHUP GUCs, which may be a bad idea, but they're not relevant to the immediate concern because they can't be set via ALTER ROLE/DATABASE.) Per reports from Charlie Hornsby and Nathan Bossart. Back-patch to all supported branches. Discussion: https://postgr.es/m/HE1P189MB0523B31598B0C772C908088DB7709@HE1P189MB0523.EURP189.PROD.OUTLOOK.COM Discussion: https://postgr.es/m/20160711223641.1426.86096@wrigleys.postgresql.org
1 parent 97b7ad4 commit c39aa1e
Copy full SHA for c39aa1e

File tree

Expand file treeCollapse file tree

2 files changed

+34
-1
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+34
-1
lines changed

‎src/backend/commands/variable.c

Copy file name to clipboardExpand all lines: src/backend/commands/variable.c
+32Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -767,6 +767,17 @@ check_session_authorization(char **newval, void **extra, GucSource source)
767767
roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(*newval));
768768
if (!HeapTupleIsValid(roleTup))
769769
{
770+
/*
771+
* When source == PGC_S_TEST, we don't throw a hard error for a
772+
* nonexistent user name, only a NOTICE. See comments in guc.h.
773+
*/
774+
if (source == PGC_S_TEST)
775+
{
776+
ereport(NOTICE,
777+
(errcode(ERRCODE_UNDEFINED_OBJECT),
778+
errmsg("role \"%s\" does not exist", *newval)));
779+
return true;
780+
}
770781
GUC_check_errmsg("role \"%s\" does not exist", *newval);
771782
return false;
772783
}
@@ -837,10 +848,23 @@ check_role(char **newval, void **extra, GucSource source)
837848
return false;
838849
}
839850

851+
/*
852+
* When source == PGC_S_TEST, we don't throw a hard error for a
853+
* nonexistent user name or insufficient privileges, only a NOTICE.
854+
* See comments in guc.h.
855+
*/
856+
840857
/* Look up the username */
841858
roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(*newval));
842859
if (!HeapTupleIsValid(roleTup))
843860
{
861+
if (source == PGC_S_TEST)
862+
{
863+
ereport(NOTICE,
864+
(errcode(ERRCODE_UNDEFINED_OBJECT),
865+
errmsg("role \"%s\" does not exist", *newval)));
866+
return true;
867+
}
844868
GUC_check_errmsg("role \"%s\" does not exist", *newval);
845869
return false;
846870
}
@@ -859,6 +883,14 @@ check_role(char **newval, void **extra, GucSource source)
859883
if (!InitializingParallelWorker &&
860884
!is_member_of_role(GetSessionUserId(), roleid))
861885
{
886+
if (source == PGC_S_TEST)
887+
{
888+
ereport(NOTICE,
889+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
890+
errmsg("permission will be denied to set role \"%s\"",
891+
*newval)));
892+
return true;
893+
}
862894
GUC_check_errcode(ERRCODE_INSUFFICIENT_PRIVILEGE);
863895
GUC_check_errmsg("permission denied to set role \"%s\"",
864896
*newval);

‎src/backend/utils/misc/guc.c

Copy file name to clipboardExpand all lines: src/backend/utils/misc/guc.c
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11325,8 +11325,9 @@ check_temp_buffers(int *newval, void **extra, GucSource source)
1132511325
{
1132611326
/*
1132711327
* Once local buffers have been initialized, it's too late to change this.
11328+
* However, if this is only a test call, allow it.
1132811329
*/
11329-
if (NLocBuffer && NLocBuffer != *newval)
11330+
if (source != PGC_S_TEST && NLocBuffer && NLocBuffer != *newval)
1133011331
{
1133111332
GUC_check_errdetail("\"temp_buffers\" cannot be changed after any temporary tables have been accessed in the session.");
1133211333
return false;

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.