diff --git a/src/backend/distributed/cimv/create.c b/src/backend/distributed/cimv/create.c index d0e5e9dde..102f788fe 100644 --- a/src/backend/distributed/cimv/create.c +++ b/src/backend/distributed/cimv/create.c @@ -149,6 +149,8 @@ CreateCimv(CimvCreate *cimvCreate) elog(ERROR, "SPI_connect failed"); } + PushCitusSecurityContext(); + CreateMatTable(cimvCreate, false); if (cimvCreate->createOptions->schedule != NULL) @@ -163,6 +165,8 @@ CreateCimv(CimvCreate *cimvCreate) CreateDataChangeTriggers(cimvCreate); InsertIntoPgCimv(cimvCreate->formCimv); + PopCitusSecurityContext(); + if (SPI_finish() != SPI_OK_FINISH) { elog(ERROR, "SPI_finish failed"); diff --git a/src/backend/distributed/cimv/drop.c b/src/backend/distributed/cimv/drop.c index 6a0dd9490..d5b343eb1 100644 --- a/src/backend/distributed/cimv/drop.c +++ b/src/backend/distributed/cimv/drop.c @@ -6,6 +6,7 @@ #include "distributed/listutils.h" #include "distributed/metadata_cache.h" #include "distributed/pg_cimv.h" +#include "distributed/security_utils.h" #include "executor/spi.h" #include "nodes/parsenodes.h" #include "utils/builtins.h" @@ -122,6 +123,9 @@ ProcessDropViewStmt(DropStmt *stmt) static void DropCimv(Form_pg_cimv formCimv, DropBehavior behavior) { + + PushCitusSecurityContext(); + ObjectAddress matTableAddress; matTableAddress.classId = RelationRelationId; matTableAddress.objectId = formCimv->mattable; @@ -191,6 +195,7 @@ DropCimv(Form_pg_cimv formCimv, DropBehavior behavior) DeletePgCimvRow(userViewAddress.objectId); + PopCitusSecurityContext(); /* Close SPI context. */ if (SPI_finish() != SPI_OK_FINISH) { diff --git a/src/backend/distributed/cimv/refresh.c b/src/backend/distributed/cimv/refresh.c index 0d4eae3fd..a44873944 100644 --- a/src/backend/distributed/cimv/refresh.c +++ b/src/backend/distributed/cimv/refresh.c @@ -5,6 +5,7 @@ #include "catalog/pg_class.h" #include "distributed/listutils.h" #include "distributed/metadata_cache.h" +#include "distributed/security_utils.h" #include "distributed/pg_cimv.h" #include "executor/spi.h" #include "nodes/parsenodes.h" @@ -109,10 +110,12 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate) matTableName, refreshViewSchemaName, refreshViewName); + PushCitusSecurityContext(); if (SPI_execute(querybuf.data, false, 0) != SPI_OK_INSERT) { elog(ERROR, "SPI_exec failed: %s", querybuf.data); } + PopCitusSecurityContext(); } else { @@ -133,6 +136,7 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate) matTableName, refreshViewSchemaName, refreshViewName); + PushCitusSecurityContext(); SpiExecuteSnapshot(&querybuf, snapshot, SPI_OK_INSERT); resetStringInfo(&querybuf); @@ -146,6 +150,7 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate) SpiExecuteSnapshot(&querybuf, snapshot, SPI_OK_DELETE); resetStringInfo(&querybuf); } + PopCitusSecurityContext(); } } diff --git a/src/backend/distributed/commands/utility_hook.c b/src/backend/distributed/commands/utility_hook.c index f623ca75b..0a5592ef6 100644 --- a/src/backend/distributed/commands/utility_hook.c +++ b/src/backend/distributed/commands/utility_hook.c @@ -461,27 +461,25 @@ multi_ProcessUtility(PlannedStmt *pstmt, bool continueProcessing = true; if (IsA(parsetree, CreateTableAsStmt)) { - PushCitusSecurityContext(); continueProcessing = !ProcessCreateMaterializedViewStmt((const CreateTableAsStmt *) parsetree, queryString, pstmt); - PopCitusSecurityContext(); } if (IsA(parsetree, RefreshMatViewStmt)) { - PushCitusSecurityContext(); + // PushCitusSecurityContext(); continueProcessing = !ProcessRefreshMaterializedViewStmt( (RefreshMatViewStmt *) parsetree); - PopCitusSecurityContext(); + // PopCitusSecurityContext(); } if (IsA(parsetree, DropStmt)) { DropStmt *dropStatement = (DropStmt *) parsetree; - PushCitusSecurityContext(); + // PushCitusSecurityContext(); if (dropStatement->removeType == OBJECT_MATVIEW) { ProcessDropMaterializedViewStmt(dropStatement); @@ -490,7 +488,7 @@ multi_ProcessUtility(PlannedStmt *pstmt, { ProcessDropViewStmt(dropStatement); } - PopCitusSecurityContext(); + // PopCitusSecurityContext(); } diff --git a/src/backend/distributed/utils/security_utils.c b/src/backend/distributed/utils/security_utils.c new file mode 100644 index 000000000..827d54ad8 --- /dev/null +++ b/src/backend/distributed/utils/security_utils.c @@ -0,0 +1,17 @@ + +#include "postgres.h" +#include "distributed/security_utils.h" +#include "distributed/metadata_cache.h" + +static Oid savedUserId = InvalidOid; +static int savedSecurityContext = 0; + +void PushCitusSecurityContext(void) { + GetUserIdAndSecContext(&savedUserId, &savedSecurityContext); + SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE); + +} + +void PopCitusSecurityContext(void) { + SetUserIdAndSecContext(savedUserId, savedSecurityContext); +} \ No newline at end of file diff --git a/src/include/distributed/security_utils.h b/src/include/distributed/security_utils.h index 549ae641f..f15a70551 100644 --- a/src/include/distributed/security_utils.h +++ b/src/include/distributed/security_utils.h @@ -14,13 +14,7 @@ #include "postgres.h" #include "miscadmin.h" -#define PushCitusSecurityContext() \ - Oid savedUserId_DONTUSE = InvalidOid; \ - int savedSecurityContext_DONTUSE = 0; \ - GetUserIdAndSecContext(&savedUserId_DONTUSE, &savedSecurityContext_DONTUSE); \ - SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE); - -#define PopCitusSecurityContext() \ - SetUserIdAndSecContext(savedUserId_DONTUSE, savedSecurityContext_DONTUSE); +extern void PushCitusSecurityContext(void); +extern void PopCitusSecurityContext(void); #endif