Avoid storing initial privileges for Babelfish objects created during initialization #480
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HarshLunagariya
force-pushed
the
babel_dep
branch
from
f3f1eb3 to
0915a62
Compare
Signed-off-by: Harsh Lunagariya <[email protected]>
HarshLunagariya
force-pushed
the
babel_dep
branch
from
0915a62 to
40bd6cb
Compare
src/backend/catalog/aclchk.c
Outdated
| @@ -4687,6 +4687,9 @@ recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl) | |||
| if (!creating_extension && !binary_upgrade_record_init_privs) | |||
| return; | |||
|
|
|||
| if (pltsql_check_store_init_privs_flag_hook && ((*pltsql_check_store_init_privs_flag_hook)())) | |||
There was a problem hiding this comment.
I think we should directly check the GUC here instead of doing it in a hook. We can put the required checks in guc_assign_hook if needed.
There was a problem hiding this comment.
- I was going to do the same earlier, but this will be cleaner to manage. Because there will be condition needed whether we are in creation/alter phase or not / then what is the value of guc / then skip if superuser.
- No, we can't really put those checks only in guc_assign_hook because we also want to make sure that it is being utilised only while creation and alter.
1 task
HarshLunagariya
changed the title
Signed-off-by: Harsh Lunagariya <[email protected]>
Signed-off-by: Harsh Lunagariya <[email protected]>
surendravishnoi
approved these changes
Dec 17, 2024
rishabhtanwar29
approved these changes
Dec 17, 2024
rishabhtanwar29
merged commit 9a28935
into
babelfish-for-postgresql:BABEL_5_X_DEV__PG_17_X
2 checks passed
rishabhtanwar29
pushed a commit
to babelfish-for-postgresql/babelfish_extensions
that referenced
this pull request
Dec 17, 2024
… initialization (#3136) In Babelfish, Currently There are two patterns followed for initial privileges for system created objects: 1. Initial privileges are stored for the objects that are created during CREATE EXTENSION like system object, catalogs. 2. But for the objects that are created during `initialize_babelfish()` (which gets executed after creating extension) like dbo user, schema for system generated TSQL databases like master, msdb, tempdb, Initial privileges are not being recorded. When there are any GRANT/REVOKE on objects which are created during `initialize_babelfish()` in any upgrade script, they are falsely being considered as internal/system-generated object and initial_privileges are being stored for them which can cause inconsistency between initial privileges of a newly spawned database server and upgraded database server. To avoid this situation, we should not store initial privileges for GRANT/REVOKE execution during upgrade. For achieving this, * Extension Changes: This commit implements `pltsql_allow_storing_init_privs_hook` hook for checking whether to store initial privileges for given object or not. There are 3 category of handling storage of initial privileges: 1. SAVE_INIT_PRIVS : Check if it is objects created during CREATE extension and store initial privs for them. system, information_schema_tsql objects and pltsql language are the examples of it. 2. DISCARD_INIT_PRIVS : If it is schema contained object within system created TSQL schema like master, msdb or tempdb OR user created schema, Do not store initial privileges for them. 3. ERROR_INIT_PRIVS : The default case when above 2 conditions doesn't match then error out. To avoid error please classify it between above 2 conditions. * Engine Changes: Reverts the temporary fix [3f20518](babelfish-for-postgresql/postgresql_modified_for_babelfish@3f20518) and [f9e9557](babelfish-for-postgresql/postgresql_modified_for_babelfish@f9e9557). Added `pltsql_check_store_init_privs_flag_hook` hook for checking whether to store initial privileges or not. Engine PR : babelfish-for-postgresql/postgresql_modified_for_babelfish#480 Task: BABEL-5410 Signed-off-by: Harsh Lunagariya <[email protected]>
pranavJ23
pushed a commit
to pranavJ23/babelfish_extensions
that referenced
this pull request
Jan 6, 2025
… initialization (babelfish-for-postgresql#3136) In Babelfish, Currently There are two patterns followed for initial privileges for system created objects: 1. Initial privileges are stored for the objects that are created during CREATE EXTENSION like system object, catalogs. 2. But for the objects that are created during `initialize_babelfish()` (which gets executed after creating extension) like dbo user, schema for system generated TSQL databases like master, msdb, tempdb, Initial privileges are not being recorded. When there are any GRANT/REVOKE on objects which are created during `initialize_babelfish()` in any upgrade script, they are falsely being considered as internal/system-generated object and initial_privileges are being stored for them which can cause inconsistency between initial privileges of a newly spawned database server and upgraded database server. To avoid this situation, we should not store initial privileges for GRANT/REVOKE execution during upgrade. For achieving this, * Extension Changes: This commit implements `pltsql_allow_storing_init_privs_hook` hook for checking whether to store initial privileges for given object or not. There are 3 category of handling storage of initial privileges: 1. SAVE_INIT_PRIVS : Check if it is objects created during CREATE extension and store initial privs for them. system, information_schema_tsql objects and pltsql language are the examples of it. 2. DISCARD_INIT_PRIVS : If it is schema contained object within system created TSQL schema like master, msdb or tempdb OR user created schema, Do not store initial privileges for them. 3. ERROR_INIT_PRIVS : The default case when above 2 conditions doesn't match then error out. To avoid error please classify it between above 2 conditions. * Engine Changes: Reverts the temporary fix [3f20518](babelfish-for-postgresql/postgresql_modified_for_babelfish@3f20518) and [f9e9557](babelfish-for-postgresql/postgresql_modified_for_babelfish@f9e9557). Added `pltsql_check_store_init_privs_flag_hook` hook for checking whether to store initial privileges or not. Engine PR : babelfish-for-postgresql/postgresql_modified_for_babelfish#480 Task: BABEL-5410 Signed-off-by: Harsh Lunagariya <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
In Babelfish, Currently There are two patterns followed for initial privileges for system created objects:
initialize_babelfish()(which gets executed after creating extension) like dbo user, schema for system generated TSQL databases like master, msdb, tempdb, Initial privileges are not being recorded.When there are any GRANT/REVOKE on objects which are created during
initialize_babelfish()in any upgrade script, they are falsely being considered as internal/system-generated object and initial_privileges are being stored for them which can cause inconsistency between initial privileges of a newly spawned database server and upgraded database server.To avoid this situation, we should not store initial privileges for GRANT/REVOKE execution during upgrade. For achieving this,
Extension Changes:
This commit implements
pltsql_allow_storing_init_privs_hookhook for checking whether to store initial privileges for given object or not.There are 3 category of handling storage of initial privileges:
SAVE_INIT_PRIVS : Check if it is objects created during CREATE extension and
store initial privs for them. system, information_schema_tsql
objects and pltsql language are the examples of it.
DISCARD_INIT_PRIVS : If it is schema contained object within system created
TSQL schema like master, msdb or tempdb OR user created schema,
Do not store initial privileges for them.
ERROR_INIT_PRIVS : The default case when above 2 conditions doesn't match then error
out. To avoid error please classify it between above 2 conditions.
Engine Changes:
Reverts the temporary fix 3f20518 and f9e9557. Added
pltsql_check_store_init_privs_flag_hookhook for checking whether to store initial privileges or not.Extension PR : babelfish-for-postgresql/babelfish_extensions#3136
Issues Resolved
BABEL-5410
Check List
By submitting this pull request, I confirm that my contribution is under the terms of the PostgreSQL license, and grant any person obtaining a copy of the contribution permission to relicense all or a portion of my contribution to the PostgreSQL License solely to contribute all or a portion of my contribution to the PostgreSQL open source project.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.