granicus.if.org Git - postgresql/commit

author	Stephen Frost <sfrost@snowman.net>
	Tue, 31 Jan 2017 21:24:14 +0000 (16:24 -0500)
committer	Stephen Frost <sfrost@snowman.net>
	Tue, 31 Jan 2017 21:24:14 +0000 (16:24 -0500)
commit	eb5e9d90df7536d0cf5c0d669d874f91b7be36d6
tree	69630404f3569542ccb0d4e693839bbc004314fb	tree \| snapshot
parent	3e9c36165377b07ffb182c366e295ac48ea5d5ba	commit \| diff

pg_dump: Fix handling of ALTER DEFAULT PRIVILEGES

In commit 23f34fa, we changed how ACLs were handled to use the new
pg_init_privs catalog and to dump out the ACL commands as REVOKE+GRANT
combinations instead of trying to REVOKE all rights always and then
GRANT back just the ones which were in place.

Unfortunately, the DEFAULT PRIVILEGES system didn't quite get the
correct treatment with this change and ended up (incorrectly) only
including positive GRANTs instead of both the REVOKEs and GRANTs
necessary to preserve the correct privileges.

There are only a couple cases where such REVOKEs are possible because,
generally speaking, there's few rights which exist on objects by
default to be revoked.

Examples of REVOKEs which weren't being correctly preserved are when
privileges are REVOKE'd from the creator/owner, like so:

ALTER DEFAULT PRIVILEGES
  FOR ROLE myrole
  REVOKE SELECT ON TABLES FROM myrole;

or when other default privileges are being revoked, such as EXECUTE
rights granted to public for functions:

ALTER DEFAULT PRIVILEGES
  FOR ROLE myrole
  REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC;

Fix this by correctly working out what the correct REVOKE statements are
(if any) and dump them out, just as we do for everything else.

Noticed while developing additional regression tests for pg_dump, which
will be landing shortly.

Back-patch to 9.6 where the bug was introduced.

src/bin/pg_dump/dumputils.c		diff \| blob \| history
src/bin/pg_dump/dumputils.h		diff \| blob \| history
src/bin/pg_dump/pg_dump.c		diff \| blob \| history
src/bin/pg_dump/pg_dump.h		diff \| blob \| history