git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

Remove redundant privilege check from pg_sequences system view.

author Nathan Bossart <nathan@postgresql.org>

Mon, 1 Jul 2024 16:47:40 +0000 (11:47 -0500)

committer Nathan Bossart <nathan@postgresql.org>

Mon, 1 Jul 2024 16:47:40 +0000 (11:47 -0500)

This commit adjusts pg_sequence_last_value() to return NULL instead
of ERROR-ing for sequences for which the current user lacks
privileges. This allows us to remove the call to
has_sequence_privilege() in the definition of the pg_sequences
system view.

Bumps catversion.

Suggested-by: Michael Paquier
Reviewed-by: Michael Paquier, Tom Lane
Discussion: https://postgr.es/m/20240501005730.GA594666%40nathanxps13

src/backend/catalog/system_views.sql patch | blob | blame | history

src/backend/commands/sequence.c patch | blob | blame | history

src/include/catalog/catversion.h patch | blob | blame | history

src/test/regress/expected/rules.out patch | blob | blame | history

diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql

index efb29adeb39cc5689980595f5328be3057ca2562..19cabc9a47fa0872a5810fd8444dbf522dc7d595 100644 (file)

--- a/src/backend/catalog/system_views.sql

+++ b/src/backend/catalog/system_views.sql

@@ -176,11 +176,7 @@ CREATE VIEW pg_sequences AS

S.seqincrement AS increment_by,

S.seqcycle AS cycle,

S.seqcache AS cache_size,

- CASE

- WHEN has_sequence_privilege(C.oid, 'SELECT,USAGE'::text)

- THEN pg_sequence_last_value(C.oid)

- ELSE NULL

- END AS last_value

+ pg_sequence_last_value(C.oid) AS last_value

FROM pg_sequence S JOIN pg_class C ON (C.oid = S.seqrelid)

LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace)

WHERE NOT pg_is_other_temp_schema(N.oid)

diff --git a/src/backend/commands/sequence.c b/src/backend/commands/sequence.c

index b4ad19c05396062e2b99861d23be77ee0ec9c5e6..9f28d40466b5a06762f4f4dde269377aea005783 100644 (file)

--- a/src/backend/commands/sequence.c

+++ b/src/backend/commands/sequence.c

@@ -1790,21 +1790,17 @@ pg_sequence_last_value(PG_FUNCTION_ARGS)

/* open and lock sequence */

init_sequence(relid, &elm, &seqrel);

- if (pg_class_aclcheck(relid, GetUserId(), ACL_SELECT | ACL_USAGE) != ACLCHECK_OK)

- ereport(ERROR,

- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

- errmsg("permission denied for sequence %s",

- RelationGetRelationName(seqrel))));

* We return NULL for other sessions' temporary sequences. The

* pg_sequences system view already filters those out, but this offers a

* defense against ERRORs in case someone invokes this function directly.

* Also, for the benefit of the pg_sequences view, we return NULL for

- * unlogged sequences on standbys instead of throwing an error.

+ * unlogged sequences on standbys and for sequences for which the current

+ * user lacks privileges instead of throwing an error.

- if (!RELATION_IS_OTHER_TEMP(seqrel) &&

+ if (pg_class_aclcheck(relid, GetUserId(), ACL_SELECT | ACL_USAGE) == ACLCHECK_OK &&

+ !RELATION_IS_OTHER_TEMP(seqrel) &&

(RelationIsPermanent(seqrel) || !RecoveryInProgress()))

{

Buffer buf;

diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h

index 7363a445fc475912b12b0acca3cc4b1543d4a946..969980afd694803c070ce5ed4c6c125c597d7f4b 100644 (file)

--- a/src/include/catalog/catversion.h

+++ b/src/include/catalog/catversion.h

@@ -57,6 +57,6 @@

/* yyyymmddN */

-#define CATALOG_VERSION_NO 202407011

+#define CATALOG_VERSION_NO 202407012

#endif

diff --git a/src/test/regress/expected/rules.out b/src/test/regress/expected/rules.out

index e12ef4336a25d95e4ef72d1e4c5c2f74ef2154db..4c789279e5e633b52225b84e5c1b63502b02b3de 100644 (file)

--- a/src/test/regress/expected/rules.out

+++ b/src/test/regress/expected/rules.out

@@ -1700,10 +1700,7 @@ pg_sequences| SELECT n.nspname AS schemaname,

s.seqincrement AS increment_by,

s.seqcycle AS cycle,

s.seqcache AS cache_size,

- CASE

- WHEN has_sequence_privilege(c.oid, 'SELECT,USAGE'::text) THEN pg_sequence_last_value((c.oid)::regclass)

- ELSE NULL::bigint

- END AS last_value

+ pg_sequence_last_value((c.oid)::regclass) AS last_value

FROM ((pg_sequence s

JOIN pg_class c ON ((c.oid = s.seqrelid)))

LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace)))

This is the main PostgreSQL git repository.

RSS Atom