external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1049 from citusdata/bugfix/schema_owner 

Fix permissions for multi-user re-partition queries
pull/912/head
Marco Slot 2016-12-20 11:22:59 +01:00 committed by GitHub
parent 4914ccbaba dd094bc372
commit 64c140e78e
2 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/backend/distributed/worker/task_tracker_protocol.c
View File

@ -261,12 +261,8 @@ CreateJobSchema(StringInfo schemaName)
Oid savedUserId = InvalidOid; Oid savedUserId = InvalidOid;
int savedSecurityContext = 0; int savedSecurityContext = 0;
CreateSchemaStmt *createSchemaStmt = NULL;
/* build a CREATE SCHEMA statement */ RoleSpec currentUserRole = { 0 };
CreateSchemaStmt *createSchemaStmt = makeNode(CreateSchemaStmt);
createSchemaStmt->schemaname = schemaName->data;
createSchemaStmt->authrole = NULL;
createSchemaStmt->schemaElts = NIL;
/* allow schema names that start with pg_ */ /* allow schema names that start with pg_ */
oldAllowSystemTableMods = allowSystemTableMods; oldAllowSystemTableMods = allowSystemTableMods;
@ -276,7 +272,18 @@ CreateJobSchema(StringInfo schemaName)
GetUserIdAndSecContext(&savedUserId, &savedSecurityContext); GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE); SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
/* actually create schema, and make it visible */ /* build a CREATE SCHEMA statement */
currentUserRole.type = T_RoleSpec;
currentUserRole.roletype = ROLESPEC_CSTRING;
currentUserRole.rolename = GetUserNameFromId(savedUserId, false);
currentUserRole.location = -1;
createSchemaStmt = makeNode(CreateSchemaStmt);
createSchemaStmt->schemaname = schemaName->data;
createSchemaStmt->authrole = (Node *) &currentUserRole;
createSchemaStmt->schemaElts = NIL;
/* actually create schema with the current user as owner */
CreateSchemaCommand(createSchemaStmt, queryString); CreateSchemaCommand(createSchemaStmt, queryString);
CommandCounterIncrement(); CommandCounterIncrement();

9
src/backend/distributed/worker/worker_merge_protocol.c
View File

@ -23,6 +23,7 @@
#include "catalog/pg_namespace.h" #include "catalog/pg_namespace.h"
#include "commands/copy.h" #include "commands/copy.h"
#include "commands/tablecmds.h" #include "commands/tablecmds.h"
#include "distributed/metadata_cache.h"
#include "distributed/worker_protocol.h" #include "distributed/worker_protocol.h"
#include "executor/spi.h" #include "executor/spi.h"
#include "nodes/makefuncs.h" #include "nodes/makefuncs.h"
@ -74,6 +75,8 @@ worker_merge_files_into_table(PG_FUNCTION_ARGS)
bool schemaExists = false; bool schemaExists = false;
List *columnNameList = NIL; List *columnNameList = NIL;
List *columnTypeList = NIL; List *columnTypeList = NIL;
Oid savedUserId = InvalidOid;
int savedSecurityContext = 0;
/* we should have the same number of column names and types */ /* we should have the same number of column names and types */
int32 columnNameCount = ArrayObjectCount(columnNameObject); int32 columnNameCount = ArrayObjectCount(columnNameObject);
@ -101,8 +104,14 @@ worker_merge_files_into_table(PG_FUNCTION_ARGS)
CreateTaskTable(jobSchemaName, taskTableName, columnNameList, columnTypeList); CreateTaskTable(jobSchemaName, taskTableName, columnNameList, columnTypeList);
/* need superuser to copy from files */
GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
CopyTaskFilesFromDirectory(jobSchemaName, taskTableName, taskDirectoryName); CopyTaskFilesFromDirectory(jobSchemaName, taskTableName, taskDirectoryName);
SetUserIdAndSecContext(savedUserId, savedSecurityContext);
PG_RETURN_VOID(); PG_RETURN_VOID();
} }