Fix erroneous handling of shared dependencies (ie dependencies on roles)

in CREATE OR REPLACE FUNCTION. The original code would update pg_shdepend as if a new function was being created, even if it wasn't, with two bad consequences: pg_shdepend might record the wrong owner for the function, and any dependencies for roles mentioned in the function's ACL would be lost. The fix is very easy: just don't touch pg_shdepend at all when doing a function replacement. Also update the CREATE FUNCTION reference page, which never explained exactly what changes and doesn't change in a function replacement. In passing, fix the CREATE VIEW reference page similarly; there's no code bug there, but the docs didn't say what happens.
2025-01-12 18:34:36 +08:00 · 2009-10-02 18:13:26 +00:00 · 2009-10-02 18:13:26 +00:00 · 9b5ac366f9
commit 9b5ac366f9
parent 3bf3527fe0
3 changed files with 30 additions and 10 deletions
--- a/doc/src/sgml/ref/create_function.sgml
+++ b/doc/src/sgml/ref/create_function.sgml
@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/create_function.sgml,v 1.70.2.3 2009/09/03 22:11:30 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/create_function.sgml,v 1.70.2.4 2009/10/02 18:13:26 tgl Exp $
 -->
 <refentry id="SQL-CREATEFUNCTION">
@ -424,6 +424,14 @@ CREATE FUNCTION foo(int, out text) ...
    <literal>USAGE</literal> privilege on the language.
   </para>
   <para>
    When <command>CREATE OR REPLACE FUNCTION</> is used to replace an
    existing function, the ownership and permissions of the function
    do not change.  All other function properties are assigned the
    values specified or implied in the command.  You must own the function
    to replace it (this includes being a member of the owning role).
   </para>
 </refsect1>
 <refsect1 id="sql-createfunction-examples">
--- a/doc/src/sgml/ref/create_view.sgml
+++ b/doc/src/sgml/ref/create_view.sgml
@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/create_view.sgml,v 1.33 2006/09/18 19:54:01 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/create_view.sgml,v 1.33.2.1 2009/10/02 18:13:26 tgl Exp $
 PostgreSQL documentation
 -->
@ -146,6 +146,14 @@ CREATE VIEW vista AS SELECT text 'Hello World' AS hello;
    used by the view.
   </para>
   <para>
    When <command>CREATE OR REPLACE VIEW</> is used on an
    existing view, only the view's defining SELECT rule is changed.
    Other view properties, including ownership, permissions, and non-SELECT
    rules, remain unchanged.  You must own the view
    to replace it (this includes being a member of the owning role).
   </para>
 </refsect1>
 <refsect1>
--- a/src/backend/catalog/pg_proc.c
+++ b/src/backend/catalog/pg_proc.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.141 2006/10/19 18:32:46 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.141.2.1 2009/10/02 18:13:26 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -81,6 +81,7 @@ ProcedureCreate(const char *procedureName,
 	bool		genericOutParam = false;
 	bool		internalInParam = false;
 	bool		internalOutParam = false;
 	Oid			proowner = GetUserId();
 	Relation	rel;
 	HeapTuple	tup;
 	HeapTuple	oldtup;
@ -217,7 +218,7 @@ ProcedureCreate(const char *procedureName,
 	namestrcpy(&procname, procedureName);
 	values[Anum_pg_proc_proname - 1] = NameGetDatum(&procname);
 	values[Anum_pg_proc_pronamespace - 1] = ObjectIdGetDatum(procNamespace);
-	values[Anum_pg_proc_proowner - 1] = ObjectIdGetDatum(GetUserId());
+	values[Anum_pg_proc_proowner - 1] = ObjectIdGetDatum(proowner);
 	values[Anum_pg_proc_prolang - 1] = ObjectIdGetDatum(languageObjectId);
 	values[Anum_pg_proc_proisagg - 1] = BoolGetDatum(isAgg);
 	values[Anum_pg_proc_prosecdef - 1] = BoolGetDatum(security_definer);
@ -266,7 +267,7 @@ ProcedureCreate(const char *procedureName,
 					(errcode(ERRCODE_DUPLICATE_FUNCTION),
 			errmsg("function \"%s\" already exists with same argument types",
 				   procedureName)));
-		if (!pg_proc_ownercheck(HeapTupleGetOid(oldtup), GetUserId()))
+		if (!pg_proc_ownercheck(HeapTupleGetOid(oldtup), proowner))
 			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
 						   procedureName);
@ -320,7 +321,10 @@ ProcedureCreate(const char *procedureName,
 								procedureName)));
 		}
-		/* do not change existing ownership or permissions, either */
+		/*
 		 * Do not change existing ownership or permissions, either.  Note
 		 * dependency-update code below has to agree with this decision.
 		 */
 		replaces[Anum_pg_proc_proowner - 1] = ' ';
 		replaces[Anum_pg_proc_proacl - 1] = ' ';
@ -347,12 +351,11 @@ ProcedureCreate(const char *procedureName,
 	/*
 	 * Create dependencies for the new function.  If we are updating an
 	 * existing function, first delete any existing pg_depend entries.
 	 * (However, since we are not changing ownership or permissions, the
 	 * shared dependencies do *not* need to change, and we leave them alone.)
 	 */
 	if (is_update)
 	{
 		deleteDependencyRecordsFor(ProcedureRelationId, retval);
 		deleteSharedDependencyRecordsFor(ProcedureRelationId, retval);
 	}
 	myself.classId = ProcedureRelationId;
 	myself.objectId = retval;
@ -386,7 +389,8 @@ ProcedureCreate(const char *procedureName,
 	}
 	/* dependency on owner */
-	recordDependencyOnOwner(ProcedureRelationId, retval, GetUserId());
+	if (!is_update)
 		recordDependencyOnOwner(ProcedureRelationId, retval, proowner);
 	heap_freetuple(tup);