database/openGauss-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

!5855 修复B模式视图权限校验遗漏

Browse Source 
Merge pull request !5855 from TinyBag/user
This commit is contained in:
opengauss_bot
2024-08-15 07:31:36 +00:00
committed by Gitee
parent 1308535c47 e7cbdfbe90
commit c24d2cd17a
3 changed files with 70 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/gausskernel/optimizer/rewrite/rewriteHandler.cpp
View File

@ -2033,10 +2033,8 @@ static Query* ApplyRetrieveRule(Query* parsetree, RewriteRule* rule, int rt_inde
/* default is definer in b format database */
checkAsUser = RelationGetOwner(relation);
}
if (checkAsUser != RelationGetOwner(relation)) {
/* set all relations' and functions' invoker information */
query_tree_walker((Query *)rule_action, (bool (*)())viewSecurityPassDown, (void *)&checkAsUser, QTW_EXAMINE_RTES);
}
/* set all relations' and functions' invoker information */
query_tree_walker((Query *)rule_action, (bool (*)())viewSecurityPassDown, (void *)&checkAsUser, QTW_EXAMINE_RTES);
} else if (RelationHasViewSecurityOption(relation)) {
ereport(ERROR,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),

37
src/test/regress/expected/b_compatibility.out
View File

@ -2940,5 +2940,42 @@ select * from v_1144877_1 order by 1,2;
reset role;
drop user use_a_1144877 cascade;
drop user use_b_1144877 cascade;
create user use_a_1144480 identified by 'A@123456';
create user use_b_1144480 identified by 'A@123456';
--超户建表和视图
create table sql_security_1144480(id int,cal int);
insert into sql_security_1144480 values(1,1);
insert into sql_security_1144480 values(2,2);
insert into sql_security_1144480 values(3,3);
create schema s_1144480;
create table s_1144480.sql_security_1144480(id int,cal int);
insert into s_1144480.sql_security_1144480 values(2,1);
insert into s_1144480.sql_security_1144480 values(3,2);
insert into s_1144480.sql_security_1144480 values(4,3);
grant all on schema public to use_a_1144480;
create definer=use_a_1144480 sql security invoker view v_1144480 as select * from s_1144480.sql_security_1144480;
create definer=use_a_1144480 sql security definer view v_1144480_1 as select * from sql_security_1144480;
--普通用户a 调用 :v_1144480 报错没有模式的权限;v_1144480_1 成功
grant all on table s_1144480.sql_security_1144480 to use_a_1144480;
grant all on table sql_security_1144480 to use_a_1144480;
set role use_a_1144480 password 'A@123456';
select * from v_1144480 order by 1,2;
ERROR: permission denied for schema s_1144480
DETAIL: N/A
select * from v_1144480_1 order by 1,2;
id | cal
----+-----
1 | 1
2 | 2
3 | 3
(3 rows)
reset role;
drop schema s_1144480 cascade;
NOTICE: drop cascades to 2 other objects
DETAIL: drop cascades to table s_1144480.sql_security_1144480
drop cascades to view v_1144480
drop user use_b_1144480 cascade;
drop user use_a_1144480 cascade;
\c regression
drop database db_a1144877;

31
src/test/regress/sql/b_compatibility.sql
View File

@ -1769,5 +1769,36 @@ reset role;
drop user use_a_1144877 cascade;
drop user use_b_1144877 cascade;
create user use_a_1144480 identified by 'A@123456';
create user use_b_1144480 identified by 'A@123456';
--
create table sql_security_1144480(id int,cal int);
insert into sql_security_1144480 values(1,1);
insert into sql_security_1144480 values(2,2);
insert into sql_security_1144480 values(3,3);
create schema s_1144480;
create table s_1144480.sql_security_1144480(id int,cal int);
insert into s_1144480.sql_security_1144480 values(2,1);
insert into s_1144480.sql_security_1144480 values(3,2);
insert into s_1144480.sql_security_1144480 values(4,3);
grant all on schema public to use_a_1144480;
create definer=use_a_1144480 sql security invoker view v_1144480 as select * from s_1144480.sql_security_1144480;
create definer=use_a_1144480 sql security definer view v_1144480_1 as select * from sql_security_1144480;
--a v_1144480 v_1144480_1
grant all on table s_1144480.sql_security_1144480 to use_a_1144480;
grant all on table sql_security_1144480 to use_a_1144480;
set role use_a_1144480 password 'A@123456';
select * from v_1144480 order by 1,2;
select * from v_1144480_1 order by 1,2;
reset role;
drop schema s_1144480 cascade;
drop user use_b_1144480 cascade;
drop user use_a_1144480 cascade;
\c regression
drop database db_a1144877;