Fix ALTER DEFAULT PRIVILEGES with duplicated objects

michaelpq · michaelpq · commit 1c3a4d44d844 · 2021-01-20T11:39:21.000+09:00
Specifying duplicated objects in this command would lead to unique constraint violations in pg_default_acl or "tuple already updated by self" errors. Similarly to GRANT/REVOKE, increment the command ID after each subcommand processing to allow this case to work transparently. A regression test is added by tweaking one of the existing queries of privileges.sql to stress this case. Reported-by: Andrus Author: Michael Paquier Reviewed-by: Álvaro Herrera Discussion: https://postgr.es/m/ae2a7dc1-9d71-8cba-3bb9-e4cb7eb1f44e@hot.ee Backpatch-through: 9.5
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
@@ -1383,6 +1383,9 @@ SetDefaultACL(InternalDefaultACL *iacls)
 		ReleaseSysCache(tuple);
 
 	heap_close(rel, RowExclusiveLock);
+
+	/* prevent error when processing duplicate objects */
+	CommandCounterIncrement();
 }
 
 
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
@@ -1617,7 +1617,8 @@ SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -
  f
 (1 row)
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
+-- placeholder for test with duplicated schema and role names
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;
 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
  has_table_privilege 
 ---------------------
diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql
@@ -961,7 +961,8 @@ CREATE TABLE testns.acltest1 (x int);
 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
+-- placeholder for test with duplicated schema and role names
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;
 
 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no

Original file line number	Diff line number	Diff line change
`@@ -1383,6 +1383,9 @@ SetDefaultACL(InternalDefaultACL *iacls)`
`1383`	`1383`	`ReleaseSysCache(tuple);`
`1384`	`1384`
`1385`	`1385`	`heap_close(rel, RowExclusiveLock);`
	`1386`	`+`
	`1387`	`+ /* prevent error when processing duplicate objects */`
	`1388`	`+ CommandCounterIncrement();`
`1386`	`1389`	`}`
`1387`	`1390`
`1388`	`1391`
Original file line number	Diff line number	Diff line change
`@@ -1617,7 +1617,8 @@ SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -`
`1617`	`1617`	`f`
`1618`	`1618`	`(1 row)`
`1619`	`1619`
`1620`		`-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;`
	`1620`	`+-- placeholder for test with duplicated schema and role names`
	`1621`	`+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;`
`1621`	`1622`	`SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no`
`1622`	`1623`	`has_table_privilege`
`1623`	`1624`	`---------------------`