Fix ALTER DEFAULT PRIVILEGES with duplicated objects

michaelpq · michaelpq · commit 7dc3be9df86c · 2021-01-20T11:39:31.000+09:00
Specifying duplicated objects in this command would lead to unique constraint violations in pg_default_acl or "tuple already updated by self" errors. Similarly to GRANT/REVOKE, increment the command ID after each subcommand processing to allow this case to work transparently. A regression test is added by tweaking one of the existing queries of privileges.sql to stress this case. Reported-by: Andrus Author: Michael Paquier Reviewed-by: Álvaro Herrera Discussion: https://postgr.es/m/ae2a7dc1-9d71-8cba-3bb9-e4cb7eb1f44e@hot.ee Backpatch-through: 9.5
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
@@ -1312,6 +1312,9 @@ SetDefaultACL(InternalDefaultACL *iacls)
 		ReleaseSysCache(tuple);
 
 	heap_close(rel, RowExclusiveLock);
+
+	/* prevent error when processing duplicate objects */
+	CommandCounterIncrement();
 }
 
 
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
@@ -1562,7 +1562,8 @@ SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
  f
 (1 row)
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
+-- placeholder for test with duplicated schema and role names
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;
 SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
  has_table_privilege 
 ---------------------
diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql
@@ -933,7 +933,8 @@ CREATE TABLE testns.acltest1 (x int);
 SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
 SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
+-- placeholder for test with duplicated schema and role names
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;
 
 SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
 SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no

Original file line number	Diff line number	Diff line change
`@@ -1312,6 +1312,9 @@ SetDefaultACL(InternalDefaultACL *iacls)`
`1312`	`1312`	`ReleaseSysCache(tuple);`
`1313`	`1313`
`1314`	`1314`	`heap_close(rel, RowExclusiveLock);`
	`1315`	`+`
	`1316`	`+ /* prevent error when processing duplicate objects */`
	`1317`	`+ CommandCounterIncrement();`
`1315`	`1318`	`}`
`1316`	`1319`
`1317`	`1320`
Original file line number	Diff line number	Diff line change
`@@ -1562,7 +1562,8 @@ SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no`
`1562`	`1562`	`f`
`1563`	`1563`	`(1 row)`
`1564`	`1564`
`1565`		`-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;`
	`1565`	`+-- placeholder for test with duplicated schema and role names`
	`1566`	`+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;`
`1566`	`1567`	`SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no`
`1567`	`1568`	`has_table_privilege`
`1568`	`1569`	`---------------------`