diff options
| author | Michael Paquier | 2019-06-12 02:30:11 +0000 |
|---|---|---|
| committer | Michael Paquier | 2019-06-12 02:30:11 +0000 |
| commit | ceac4505d3428a8414b4f3d6708ea81506811a5f (patch) | |
| tree | c8dd0356de70c8f8bad5a84bfe5b40a9173bf641 /src/backend | |
| parent | e788e849addd56007a0e75f3b5514f294a0f3bca (diff) | |
Fix handling of COMMENT for domain constraints
For a non-superuser, changing a comment on a domain constraint was
leading to a cache lookup failure as the code tried to perform the
ownership lookup on the constraint OID itself, thinking that it was a
type, but this check needs to happen on the type the domain constraint
relies on. As the type a domain constraint relies on can be guessed
directly based on the constraint OID, first fetch its type OID and
perform the ownership on it.
This is broken since 7eca575, which has split the handling of comments
for table constraints and domain constraints, so back-patch down to
9.5.
Reported-by: Clemens Ladisch
Author: Daniel Gustafsson, Michael Paquier
Reviewed-by: Álvaro Herrera
Discussion: https://postgr.es/m/15833-808e11904835d26f@postgresql.org
Backpatch-through: 9.5
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/catalog/objectaddress.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/src/backend/catalog/objectaddress.c b/src/backend/catalog/objectaddress.c index 2235e5626fb..caf48cefa98 100644 --- a/src/backend/catalog/objectaddress.c +++ b/src/backend/catalog/objectaddress.c @@ -2295,10 +2295,32 @@ check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address, case OBJECT_TYPE: case OBJECT_DOMAIN: case OBJECT_ATTRIBUTE: - case OBJECT_DOMCONSTRAINT: if (!pg_type_ownercheck(address.objectId, roleid)) aclcheck_error_type(ACLCHECK_NOT_OWNER, address.objectId); break; + case OBJECT_DOMCONSTRAINT: + { + HeapTuple tuple; + Oid contypid; + + tuple = SearchSysCache1(CONSTROID, + ObjectIdGetDatum(address.objectId)); + if (!HeapTupleIsValid(tuple)) + elog(ERROR, "constraint with OID %u does not exist", + address.objectId); + + contypid = ((Form_pg_constraint) GETSTRUCT(tuple))->contypid; + + ReleaseSysCache(tuple); + + /* + * Fallback to type ownership check in this case as this is + * what domain constraints rely on. + */ + if (!pg_type_ownercheck(contypid, roleid)) + aclcheck_error_type(ACLCHECK_NOT_OWNER, contypid); + } + break; case OBJECT_AGGREGATE: case OBJECT_FUNCTION: case OBJECT_PROCEDURE: |