Allow functions to be executed with the privileges of the function owner.

I took the opportunity to remove the pg_proc.proistrusted field.

4 files changed, 26 insertions, 2 deletions

diff --git a/src/test/regress/expected/opr_sanity.out b/src/test/regress/expected/opr_sanity.out
index 87f8a7afa41..98ac26c0c20 100644
--- a/src/test/regress/expected/opr_sanity.out
+++ b/src/test/regress/expected/opr_sanity.out
@@ -55,7 +55,7 @@ WHERE p1.oid != p2.oid AND
     p1.prolang = 12 AND p2.prolang = 12 AND
     (p1.prolang != p2.prolang OR
      p1.proisagg != p2.proisagg OR
-     p1.proistrusted != p2.proistrusted OR
+     p1.prosecdef != p2.prosecdef OR
      p1.proisstrict != p2.proisstrict OR
      p1.proretset != p2.proretset OR
      p1.provolatile != p2.provolatile OR
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
index 1ab013469fa..adc45332509 100644
--- a/src/test/regress/expected/privileges.out
+++ b/src/test/regress/expected/privileges.out
@@ -206,6 +206,10 @@ ERROR:  invalid privilege type USAGE for function object
 GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regressuser4;
 GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regressuser4;
 ERROR:  GRANT: function testfunc_nosuch(integer) does not exist
+CREATE FUNCTION testfunc4(boolean) RETURNS text
+  AS 'select col1 from atest2 where col2 = $1;'
+  LANGUAGE sql SECURITY DEFINER;
+GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regressuser3;
 SET SESSION AUTHORIZATION regressuser2;
 SELECT testfunc1(5), testfunc2(5); -- ok
  testfunc1 | testfunc2 
@@ -218,6 +222,14 @@ ERROR:  sql: permission denied
 SET SESSION AUTHORIZATION regressuser3;
 SELECT testfunc1(5); -- fail
 ERROR:  testfunc1: permission denied
+SELECT col1 FROM atest2 WHERE col2 = true; -- fail
+ERROR:  atest2: permission denied
+SELECT testfunc4(true); -- ok
+ testfunc4 
+-----------
+ bar
+(1 row)
+
 SET SESSION AUTHORIZATION regressuser4;
 SELECT testfunc1(5); -- ok
  testfunc1 
@@ -501,6 +513,8 @@ from (select oid from pg_class where relname = 'atest1') as t1;
 
 -- clean up
 \c regression
+DROP FUNCTION testfunc2(int);
+DROP FUNCTION testfunc4(boolean);
 DROP TABLE atest1;
 DROP TABLE atest2;
 DROP TABLE atest3;
diff --git a/src/test/regress/sql/opr_sanity.sql b/src/test/regress/sql/opr_sanity.sql
index c3fd710f449..270c275b87a 100644
--- a/src/test/regress/sql/opr_sanity.sql
+++ b/src/test/regress/sql/opr_sanity.sql
@@ -54,7 +54,7 @@ WHERE p1.oid != p2.oid AND
     p1.prolang = 12 AND p2.prolang = 12 AND
     (p1.prolang != p2.prolang OR
      p1.proisagg != p2.proisagg OR
-     p1.proistrusted != p2.proistrusted OR
+     p1.prosecdef != p2.prosecdef OR
      p1.proisstrict != p2.proisstrict OR
      p1.proretset != p2.proretset OR
      p1.provolatile != p2.provolatile OR
diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql
index 61e9e31f36c..21ef1efe820 100644
--- a/src/test/regress/sql/privileges.sql
+++ b/src/test/regress/sql/privileges.sql
@@ -144,12 +144,19 @@ GRANT USAGE ON FUNCTION testfunc1(int) TO regressuser3; -- semantic error
 GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regressuser4;
 GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regressuser4;
 
+CREATE FUNCTION testfunc4(boolean) RETURNS text
+  AS 'select col1 from atest2 where col2 = $1;'
+  LANGUAGE sql SECURITY DEFINER;
+GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regressuser3;
+
 SET SESSION AUTHORIZATION regressuser2;
 SELECT testfunc1(5), testfunc2(5); -- ok
 CREATE FUNCTION testfunc3(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; -- fail
 
 SET SESSION AUTHORIZATION regressuser3;
 SELECT testfunc1(5); -- fail
+SELECT col1 FROM atest2 WHERE col2 = true; -- fail
+SELECT testfunc4(true); -- ok
 
 SET SESSION AUTHORIZATION regressuser4;
 SELECT testfunc1(5); -- ok
@@ -265,6 +272,9 @@ from (select oid from pg_class where relname = 'atest1') as t1;
 -- clean up
 
 \c regression
+DROP FUNCTION testfunc2(int);
+DROP FUNCTION testfunc4(boolean);
+
 DROP TABLE atest1;
 DROP TABLE atest2;
 DROP TABLE atest3;