From b1ee7ec93e44266fc02a2e56965ec68c6ede19f4 Mon Sep 17 00:00:00 2001 From: Metin Doslu Date: Wed, 15 Mar 2017 11:47:55 +0200 Subject: [PATCH] Fix access permission checks for distributed relations With this commit, we add the range table list of the original query to our custom plan. Therefore, PostgreSQL can check relations in the original query for access permissions and error out if the proper access is not granted. --- src/backend/distributed/planner/multi_planner.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/backend/distributed/planner/multi_planner.c b/src/backend/distributed/planner/multi_planner.c index 7839c7cfc..d81776541 100644 --- a/src/backend/distributed/planner/multi_planner.c +++ b/src/backend/distributed/planner/multi_planner.c @@ -454,6 +454,9 @@ FinalizeNonRouterPlan(PlannedStmt *localPlan, MultiPlan *multiPlan, finalPlan->queryId = localPlan->queryId; finalPlan->utilityStmt = localPlan->utilityStmt; + /* add original range table list for access permission checks */ + finalPlan->rtable = list_concat(finalPlan->rtable, localPlan->rtable); + return finalPlan; } @@ -473,7 +476,7 @@ FinalizeRouterPlan(PlannedStmt *localPlan, CustomScan *customScan) List *targetList = NIL; List *columnNameList = NIL; - /* we will have only one range table entry */ + /* we will have custom scan range table entry as the first one in the list */ int customScanRangeTableIndex = 1; /* build a targetlist to read from the custom scan output */ @@ -514,6 +517,9 @@ FinalizeRouterPlan(PlannedStmt *localPlan, CustomScan *customScan) remoteScanRangeTableEntry = RemoteScanRangeTableEntry(columnNameList); routerPlan->rtable = list_make1(remoteScanRangeTableEntry); + /* add original range table list for access permission checks */ + routerPlan->rtable = list_concat(routerPlan->rtable, localPlan->rtable); + routerPlan->canSetTag = true; routerPlan->relationOids = NIL;