| From: | Nathan Bossart <nathan(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Move privilege check for SET SESSION AUTHORIZATION. |
| Date: | 2023-07-14 04:15:51 |
| Message-ID: | E1qKADf-000Gu6-9J@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Move privilege check for SET SESSION AUTHORIZATION.
Presently, the privilege check for SET SESSION AUTHORIZATION is
performed in session_authorization's assign_hook. A relevant
comment states, "It's OK because the check does not require catalog
access and can't fail during an end-of-transaction GUC
reversion..." However, we plan to add a catalog lookup to this
privilege check in a follow-up commit.
This commit moves this privilege check to the check_hook for
session_authorization. Like check_role(), we do not throw a hard
error for insufficient privileges when the source is PGC_S_TEST.
Author: Joseph Koshakow
Discussion: https://postgr.es/m/CAAvxfHc-HHzONQ2oXdvhFF9ayRnidPwK%2BfVBhRzaBWYYLVQL-g%40mail.gmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/9987a7bf34061ed5cffc4e5113da056358976e94
Modified Files
--------------
src/backend/commands/variable.c | 32 ++++++++++++++++++++++++++++----
src/backend/utils/init/miscinit.c | 30 ++++++++++++------------------
src/include/miscadmin.h | 1 +
3 files changed, 41 insertions(+), 22 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Langote | 2023-07-14 05:56:23 | pgsql: Add missing initializations of p_perminfo |
| Previous Message | Amit Kapila | 2023-07-14 03:09:10 | pgsql: Allow the use of a hash index on the subscriber during replicati |