Fix ALTER DEFAULT PRIVILEGES with duplicated objects

michaelpq · michaelpq · commit 0ddb529cf3e2 · 2021-01-20T11:39:35.000+09:00
Specifying duplicated objects in this command would lead to unique constraint violations in pg_default_acl or "tuple already updated by self" errors. Similarly to GRANT/REVOKE, increment the command ID after each subcommand processing to allow this case to work transparently. A regression test is added by tweaking one of the existing queries of privileges.sql to stress this case. Reported-by: Andrus Author: Michael Paquier Reviewed-by: Álvaro Herrera Discussion: https://postgr.es/m/ae2a7dc1-9d71-8cba-3bb9-e4cb7eb1f44e@hot.ee Backpatch-through: 9.5
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
@@ -1293,6 +1293,9 @@ SetDefaultACL(InternalDefaultACL *iacls)
 		ReleaseSysCache(tuple);
 
 	heap_close(rel, RowExclusiveLock);
+
+	/* prevent error when processing duplicate objects */
+	CommandCounterIncrement();
 }
 
 
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
@@ -1563,7 +1563,8 @@ SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
  f
 (1 row)
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
+-- placeholder for test with duplicated schema and role names
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no
  has_table_privilege 
 ---------------------
diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql
@@ -933,7 +933,8 @@ CREATE TABLE testns.acltest1 (x int);
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
+-- placeholder for test with duplicated schema and role names
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;
 
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no

Original file line number	Diff line number	Diff line change
`@@ -1293,6 +1293,9 @@ SetDefaultACL(InternalDefaultACL *iacls)`
`1293`	`1293`	`ReleaseSysCache(tuple);`
`1294`	`1294`
`1295`	`1295`	`heap_close(rel, RowExclusiveLock);`
	`1296`	`+`
	`1297`	`+ /* prevent error when processing duplicate objects */`
	`1298`	`+ CommandCounterIncrement();`
`1296`	`1299`	`}`
`1297`	`1300`
`1298`	`1301`
Original file line number	Diff line number	Diff line change
`@@ -1563,7 +1563,8 @@ SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no`
`1563`	`1563`	`f`
`1564`	`1564`	`(1 row)`
`1565`	`1565`
`1566`		`-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;`
	`1566`	`+-- placeholder for test with duplicated schema and role names`
	`1567`	`+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;`
`1567`	`1568`	`SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no`
`1568`	`1569`	`has_table_privilege`
`1569`	`1570`	`---------------------`