Fix failure of "ALTER TABLE t ADD COLUMN c serial" when done by non-owner.

The implicitly created sequence was created as owned by the current user, who could be different from the table owner, eg if current user is a superuser or some member of the table's owning role. This caused sanity checks in the SEQUENCE OWNED BY code to spit up. Although possibly we don't need those sanity checks, the safest fix seems to be to make sure the implicit sequence is assigned the same owner role as the table has. (We still do all permissions checks as the current user, however.) Per report from Josh Berkus. Back-patch to 9.0. The bug goes back to the invention of SEQUENCE OWNED BY in 8.2, but the fix requires an API change for DefineRelation(), which seems to have potential for breaking third-party code if done in a minor release. Given the lack of prior complaints, it's probably not worth fixing in the stable branches.
2025-06-16 06:01:02 +03:00 · 2010-08-18 18:35:21 +00:00
parent 99848ed7cb
commit b5565bca11
11 changed files with 49 additions and 18 deletions
--- a/src/backend/commands/tablecmds.c
+++ b/src/backend/commands/tablecmds.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/commands/tablecmds.c,v 1.340 2010/08/13 20:10:51 rhaas Exp $
+ *	  $PostgreSQL: pgsql/src/backend/commands/tablecmds.c,v 1.341 2010/08/18 18:35:19 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -341,11 +341,21 @@ static const char *storage_name(char c);
 *		DefineRelation
 *				Creates a new relation.
 *
+ * stmt carries parsetree information from an ordinary CREATE TABLE statement.
+ * The other arguments are used to extend the behavior for other cases:
+ * relkind: relkind to assign to the new relation
+ * ownerId: if not InvalidOid, use this as the new relation's owner.
+ *
+ * Note that permissions checks are done against current user regardless of
+ * ownerId.  A nonzero ownerId is used when someone is creating a relation
+ * "on behalf of" someone else, so we still want to see that the current user
+ * has permissions to do it.
+ *
 * If successful, returns the OID of the new relation.
 * ----------------------------------------------------------------
 */
 Oid
-DefineRelation(CreateStmt *stmt, char relkind)
+DefineRelation(CreateStmt *stmt, char relkind, Oid ownerId)
 {
 	char		relname[NAMEDATALEN];
 	Oid			namespaceId;
@ -440,6 +450,10 @@ DefineRelation(CreateStmt *stmt, char relkind)
 				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
 				 errmsg("only shared relations can be placed in pg_global tablespace")));

+	/* Identify user ID that will own the table */
+	if (!OidIsValid(ownerId))
+		ownerId = GetUserId();
+
 	/*
 	 * Parse and validate reloptions, if any.
 	 */
@ -532,7 +546,7 @@ DefineRelation(CreateStmt *stmt, char relkind)
 										  InvalidOid,
 										  InvalidOid,
 										  ofTypeId,
-										  GetUserId(),
+										  ownerId,
 										  descriptor,
 										  list_concat(cookedDefaults,
 													  old_constraints),