|
|
|
|
@ -1769,7 +1769,7 @@ SET SESSION AUTHORIZATION regress_sro_user; |
|
|
|
|
CREATE FUNCTION unwanted_grant() RETURNS void LANGUAGE sql AS |
|
|
|
|
'GRANT regress_priv_group2 TO regress_sro_user'; |
|
|
|
|
CREATE FUNCTION mv_action() RETURNS bool LANGUAGE sql AS |
|
|
|
|
'DECLARE c CURSOR WITH HOLD FOR SELECT public.unwanted_grant(); SELECT true'; |
|
|
|
|
'DECLARE c CURSOR WITH HOLD FOR SELECT unwanted_grant(); SELECT true'; |
|
|
|
|
-- REFRESH of this MV will queue a GRANT at end of transaction |
|
|
|
|
CREATE MATERIALIZED VIEW sro_mv AS SELECT mv_action() WITH NO DATA; |
|
|
|
|
REFRESH MATERIALIZED VIEW sro_mv; |
|
|
|
|
@ -1783,12 +1783,12 @@ SET SESSION AUTHORIZATION regress_sro_user; |
|
|
|
|
-- INSERT to this table will queue a GRANT at end of transaction |
|
|
|
|
CREATE TABLE sro_trojan_table (); |
|
|
|
|
CREATE FUNCTION sro_trojan() RETURNS trigger LANGUAGE plpgsql AS |
|
|
|
|
'BEGIN PERFORM public.unwanted_grant(); RETURN NULL; END'; |
|
|
|
|
'BEGIN PERFORM unwanted_grant(); RETURN NULL; END'; |
|
|
|
|
CREATE CONSTRAINT TRIGGER t AFTER INSERT ON sro_trojan_table |
|
|
|
|
INITIALLY DEFERRED FOR EACH ROW EXECUTE PROCEDURE sro_trojan(); |
|
|
|
|
-- Now, REFRESH will issue such an INSERT, queueing the GRANT |
|
|
|
|
CREATE OR REPLACE FUNCTION mv_action() RETURNS bool LANGUAGE sql AS |
|
|
|
|
'INSERT INTO public.sro_trojan_table DEFAULT VALUES; SELECT true'; |
|
|
|
|
'INSERT INTO sro_trojan_table DEFAULT VALUES; SELECT true'; |
|
|
|
|
REFRESH MATERIALIZED VIEW sro_mv; |
|
|
|
|
ERROR: cannot fire deferred trigger within security-restricted operation |
|
|
|
|
CONTEXT: SQL function "mv_action" statement 1 |
|
|
|
|
@ -1800,15 +1800,15 @@ BEGIN; SET CONSTRAINTS ALL IMMEDIATE; REFRESH MATERIALIZED VIEW sro_mv; COMMIT; |
|
|
|
|
ERROR: permission denied to grant role "regress_priv_group2" |
|
|
|
|
DETAIL: Only roles with the ADMIN option on role "regress_priv_group2" may grant this role. |
|
|
|
|
CONTEXT: SQL function "unwanted_grant" statement 1 |
|
|
|
|
SQL statement "SELECT public.unwanted_grant()" |
|
|
|
|
PL/pgSQL function public.sro_trojan() line 1 at PERFORM |
|
|
|
|
SQL statement "SELECT unwanted_grant()" |
|
|
|
|
PL/pgSQL function sro_trojan() line 1 at PERFORM |
|
|
|
|
SQL function "mv_action" statement 1 |
|
|
|
|
-- REFRESH MATERIALIZED VIEW CONCURRENTLY use of eval_const_expressions() |
|
|
|
|
SET SESSION AUTHORIZATION regress_sro_user; |
|
|
|
|
CREATE FUNCTION unwanted_grant_nofail(int) RETURNS int |
|
|
|
|
IMMUTABLE LANGUAGE plpgsql AS $$ |
|
|
|
|
BEGIN |
|
|
|
|
PERFORM public.unwanted_grant(); |
|
|
|
|
PERFORM unwanted_grant(); |
|
|
|
|
RAISE WARNING 'owned'; |
|
|
|
|
RETURN 1; |
|
|
|
|
EXCEPTION WHEN OTHERS THEN |
|
|
|
|
|
Jeff Davis
2 years ago