Simplify creation of built-in functions with non-default ACLs.
Up to now, to create such a function, one had to make a pg_proc.dat
entry and then modify it with GRANT/REVOKE commands, which we put in
system_functions.sql. That seems a little ugly though, because it
violates the idea of having a single source of truth about the initial
contents of pg_proc, and it results in leaving dead rows in the
initial contents of pg_proc.
This patch improves matters by allowing aclitemin to work during early
bootstrap, before pg_authid has been loaded. On the same principle
that we use for early access to pg_type details, put a table of known
built-in role names into bootstrap.c, and use that in bootstrap mode.
To create a built-in function with a non-default ACL, one should write
the desired ACL list in its pg_proc.dat entry, using a simplified
version of aclitemout's notation: omit the grantor (if it is the
bootstrap superuser, which it pretty much always should be) and spell
the bootstrap superuser's name as POSTGRES, similarly to the notation
used elsewhere in src/include/catalog. This results in entries like
proacl => '{POSTGRES=X,pg_monitor=X}'
which shows that we've revoked public execute permissions and instead
granted that to pg_monitor.
In addition to fixing up pg_proc.dat entries, I got rid of some
role grants that had been stuck into system_functions.sql,
and instead put them into a new file pg_auth_members.dat;
that seems like a far less random place to put the information.
The correctness of the data changes can be verified by comparing the
initial contents of pg_proc and pg_auth_members before and after.
pg_proc should match exactly, but the OID column of pg_auth_members
will probably be different because those OIDs now get assigned a
little earlier in bootstrap. (I forced a catversion bump out of
caution, but it wasn't really necessary.)
Author: Tom Lane <[email protected]>
Reviewed-by: Álvaro Herrera <[email protected]>
Discussion:
https://postgr.es/m/[email protected]
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/f95d73ed433207c4323802dc96e52f3e5553a86c
Modified Files
--------------
src/backend/bootstrap/bootstrap.c | 59 +++++++++
src/backend/catalog/system_functions.sql | 166 +------------------------
src/backend/catalog/system_views.sql | 19 +--
src/backend/utils/adt/acl.c | 26 ++--
src/include/bootstrap/bootstrap.h | 2 +
src/include/catalog/Makefile | 1 +
src/include/catalog/catversion.h | 2 +-
src/include/catalog/meson.build | 1 +
src/include/catalog/pg_auth_members.dat | 20 +++
src/include/catalog/pg_auth_members.h | 27 +++--
src/include/catalog/pg_authid.dat | 6 +-
src/include/catalog/pg_proc.dat | 201 ++++++++++++++++++++-----------
12 files changed, 268 insertions(+), 262 deletions(-)
