Skip to content

Commit e3092cb

Browse files
author
Karina Litskevich
committed
[PGPRO-14441] Add "regress_" prefix to roles in test
Tags: pg_pathman
1 parent 9cf1428 commit e3092cb

File tree

5 files changed

+170
-170
lines changed

5 files changed

+170
-170
lines changed

expected/pathman_CVE-2020-14350.out

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7,15 +7,15 @@ DROP FUNCTION IF EXISTS _partition_data_concurrent(oid,integer);
77
DROP FUNCTION IF EXISTS create_single_range_partition(TEXT,ANYELEMENT,ANYELEMENT,TEXT);
88
DROP TABLE IF EXISTS test1 CASCADE;
99
DROP TABLE IF EXISTS test2 CASCADE;
10-
DROP ROLE IF EXISTS pathman_regress_hacker;
10+
DROP ROLE IF EXISTS regress_pathman_hacker;
1111
SET client_min_messages = 'notice';
1212
GRANT CREATE ON SCHEMA public TO PUBLIC;
1313
CREATE EXTENSION pg_pathman;
14-
CREATE ROLE pathman_regress_hacker LOGIN;
14+
CREATE ROLE regress_pathman_hacker LOGIN;
1515
-- Test 1
1616
RESET ROLE;
17-
ALTER ROLE pathman_regress_hacker NOSUPERUSER;
18-
SET ROLE pathman_regress_hacker;
17+
ALTER ROLE regress_pathman_hacker NOSUPERUSER;
18+
SET ROLE regress_pathman_hacker;
1919
SHOW is_superuser;
2020
is_superuser
2121
--------------
@@ -26,7 +26,7 @@ CREATE FUNCTION _partition_data_concurrent(relation oid, p_limit INT, OUT p_tota
2626
RETURNS bigint
2727
AS $$
2828
BEGIN
29-
ALTER ROLE pathman_regress_hacker SUPERUSER;
29+
ALTER ROLE regress_pathman_hacker SUPERUSER;
3030
SELECT _partition_data_concurrent(relation, NULL::text, NULL::text, p_limit) INTO p_total;
3131
END
3232
$$ LANGUAGE plpgsql;
@@ -53,7 +53,7 @@ SELECT pg_sleep(1);
5353
(1 row)
5454

5555
-- Test result (must be 'off')
56-
SET ROLE pathman_regress_hacker;
56+
SET ROLE regress_pathman_hacker;
5757
SHOW is_superuser;
5858
is_superuser
5959
--------------
@@ -62,8 +62,8 @@ SHOW is_superuser;
6262

6363
-- Test 2
6464
RESET ROLE;
65-
ALTER ROLE pathman_regress_hacker NOSUPERUSER;
66-
SET ROLE pathman_regress_hacker;
65+
ALTER ROLE regress_pathman_hacker NOSUPERUSER;
66+
SET ROLE regress_pathman_hacker;
6767
SHOW is_superuser;
6868
is_superuser
6969
--------------
@@ -74,7 +74,7 @@ CREATE FUNCTION create_single_range_partition(parent_relid TEXT, start_value ANY
7474
RETURNS REGCLASS
7575
AS $$
7676
BEGIN
77-
ALTER ROLE pathman_regress_hacker SUPERUSER;
77+
ALTER ROLE regress_pathman_hacker SUPERUSER;
7878
RETURN create_single_range_partition(parent_relid, start_value, end_value, partition_name, NULL::text);
7979
END
8080
$$ LANGUAGE plpgsql;
@@ -89,7 +89,7 @@ SELECT create_range_partitions('test2', 'i', 0, 1);
8989

9090
INSERT INTO test2 values(1);
9191
-- Test result (must be 'off')
92-
SET ROLE pathman_regress_hacker;
92+
SET ROLE regress_pathman_hacker;
9393
SHOW is_superuser;
9494
is_superuser
9595
--------------
@@ -112,5 +112,5 @@ NOTICE: drop cascades to 3 other objects
112112
DETAIL: drop cascades to sequence test2_seq
113113
drop cascades to table test2_1
114114
drop cascades to table test2_2
115-
DROP ROLE pathman_regress_hacker;
115+
DROP ROLE regress_pathman_hacker;
116116
DROP EXTENSION pg_pathman;

expected/pathman_permissions.out

Lines changed: 58 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -2,16 +2,16 @@
22
SET search_path = 'public';
33
CREATE EXTENSION pg_pathman;
44
CREATE SCHEMA permissions;
5-
CREATE ROLE pathman_user1 LOGIN;
6-
CREATE ROLE pathman_user2 LOGIN;
7-
GRANT USAGE, CREATE ON SCHEMA permissions TO pathman_user1;
8-
GRANT USAGE, CREATE ON SCHEMA permissions TO pathman_user2;
5+
CREATE ROLE regress_pathman_user1 LOGIN;
6+
CREATE ROLE regress_pathman_user2 LOGIN;
7+
GRANT USAGE, CREATE ON SCHEMA permissions TO regress_pathman_user1;
8+
GRANT USAGE, CREATE ON SCHEMA permissions TO regress_pathman_user2;
99
/* Switch to #1 */
10-
SET ROLE pathman_user1;
10+
SET ROLE regress_pathman_user1;
1111
CREATE TABLE permissions.pathman_user1_table(id serial, a int);
1212
INSERT INTO permissions.pathman_user1_table SELECT g, g FROM generate_series(1, 20) as g;
1313
/* Should fail (can't SELECT) */
14-
SET ROLE pathman_user2;
14+
SET ROLE regress_pathman_user2;
1515
DO $$
1616
BEGIN
1717
SELECT create_range_partitions('permissions.pathman_user1_table', 'id', 1, 10, 2);
@@ -20,11 +20,11 @@ EXCEPTION
2020
RAISE NOTICE 'Insufficient priviliges';
2121
END$$;
2222
NOTICE: Insufficient priviliges
23-
/* Grant SELECT to pathman_user2 */
24-
SET ROLE pathman_user1;
25-
GRANT SELECT ON permissions.pathman_user1_table TO pathman_user2;
23+
/* Grant SELECT to regress_pathman_user2 */
24+
SET ROLE regress_pathman_user1;
25+
GRANT SELECT ON permissions.pathman_user1_table TO regress_pathman_user2;
2626
/* Should fail (don't own parent) */
27-
SET ROLE pathman_user2;
27+
SET ROLE regress_pathman_user2;
2828
DO $$
2929
BEGIN
3030
SELECT create_range_partitions('permissions.pathman_user1_table', 'id', 1, 10, 2);
@@ -34,15 +34,15 @@ EXCEPTION
3434
END$$;
3535
NOTICE: Insufficient priviliges
3636
/* Should be ok */
37-
SET ROLE pathman_user1;
37+
SET ROLE regress_pathman_user1;
3838
SELECT create_range_partitions('permissions.pathman_user1_table', 'id', 1, 10, 2);
3939
create_range_partitions
4040
-------------------------
4141
2
4242
(1 row)
4343

4444
/* Should be able to see */
45-
SET ROLE pathman_user2;
45+
SET ROLE regress_pathman_user2;
4646
SELECT * FROM pathman_config;
4747
partrel | expr | parttype | range_interval
4848
---------------------------------+------+----------+----------------
@@ -56,20 +56,20 @@ SELECT * FROM pathman_config_params;
5656
(1 row)
5757

5858
/* Should fail */
59-
SET ROLE pathman_user2;
59+
SET ROLE regress_pathman_user2;
6060
SELECT set_enable_parent('permissions.pathman_user1_table', true);
6161
WARNING: only the owner or superuser can change partitioning configuration of table "pathman_user1_table"
6262
ERROR: new row violates row-level security policy for table "pathman_config_params"
6363
SELECT set_auto('permissions.pathman_user1_table', false);
6464
WARNING: only the owner or superuser can change partitioning configuration of table "pathman_user1_table"
6565
ERROR: new row violates row-level security policy for table "pathman_config_params"
6666
/* Should fail */
67-
SET ROLE pathman_user2;
67+
SET ROLE regress_pathman_user2;
6868
DELETE FROM pathman_config
6969
WHERE partrel = 'permissions.pathman_user1_table'::regclass;
7070
WARNING: only the owner or superuser can change partitioning configuration of table "pathman_user1_table"
7171
/* No rights to insert, should fail */
72-
SET ROLE pathman_user2;
72+
SET ROLE regress_pathman_user2;
7373
DO $$
7474
BEGIN
7575
INSERT INTO permissions.pathman_user1_table (id, a) VALUES (35, 0);
@@ -79,15 +79,15 @@ EXCEPTION
7979
END$$;
8080
NOTICE: Insufficient priviliges
8181
/* No rights to create partitions (need INSERT privilege) */
82-
SET ROLE pathman_user2;
82+
SET ROLE regress_pathman_user2;
8383
SELECT prepend_range_partition('permissions.pathman_user1_table');
8484
ERROR: permission denied for parent relation "pathman_user1_table"
85-
/* Allow pathman_user2 to create partitions */
86-
SET ROLE pathman_user1;
87-
GRANT INSERT ON permissions.pathman_user1_table TO pathman_user2;
88-
GRANT UPDATE(a) ON permissions.pathman_user1_table TO pathman_user2; /* per-column ACL */
85+
/* Allow regress_pathman_user2 to create partitions */
86+
SET ROLE regress_pathman_user1;
87+
GRANT INSERT ON permissions.pathman_user1_table TO regress_pathman_user2;
88+
GRANT UPDATE(a) ON permissions.pathman_user1_table TO regress_pathman_user2; /* per-column ACL */
8989
/* Should be able to prepend a partition */
90-
SET ROLE pathman_user2;
90+
SET ROLE regress_pathman_user2;
9191
SELECT prepend_range_partition('permissions.pathman_user1_table');
9292
prepend_range_partition
9393
-----------------------------------
@@ -100,9 +100,9 @@ WHERE attrelid = (SELECT "partition" FROM pathman_partition_list
100100
ORDER BY range_min::int ASC /* prepend */
101101
LIMIT 1)
102102
ORDER BY attname; /* check ACL for each column */
103-
attname | attacl
104-
----------+---------------------------------
105-
a | {pathman_user2=w/pathman_user1}
103+
attname | attacl
104+
----------+-------------------------------------------------
105+
a | {regress_pathman_user2=w/regress_pathman_user1}
106106
cmax |
107107
cmin |
108108
ctid |
@@ -113,7 +113,7 @@ ORDER BY attname; /* check ACL for each column */
113113
(8 rows)
114114

115115
/* Have rights, should be ok (parent's ACL is shared by new children) */
116-
SET ROLE pathman_user2;
116+
SET ROLE regress_pathman_user2;
117117
INSERT INTO permissions.pathman_user1_table (id, a) VALUES (35, 0) RETURNING *;
118118
id | a
119119
----+---
@@ -126,11 +126,11 @@ WHERE oid = ANY (SELECT "partition" FROM pathman_partition_list
126126
ORDER BY range_max::int DESC /* append */
127127
LIMIT 3)
128128
ORDER BY relname; /* we also check ACL for "pathman_user1_table_2" */
129-
relname | relacl
130-
-----------------------+----------------------------------------------------------------------
131-
pathman_user1_table_2 | {pathman_user1=arwdDxt/pathman_user1,pathman_user2=r/pathman_user1}
132-
pathman_user1_table_5 | {pathman_user1=arwdDxt/pathman_user1,pathman_user2=ar/pathman_user1}
133-
pathman_user1_table_6 | {pathman_user1=arwdDxt/pathman_user1,pathman_user2=ar/pathman_user1}
129+
relname | relacl
130+
-----------------------+------------------------------------------------------------------------------------------------------
131+
pathman_user1_table_2 | {regress_pathman_user1=arwdDxt/regress_pathman_user1,regress_pathman_user2=r/regress_pathman_user1}
132+
pathman_user1_table_5 | {regress_pathman_user1=arwdDxt/regress_pathman_user1,regress_pathman_user2=ar/regress_pathman_user1}
133+
pathman_user1_table_6 | {regress_pathman_user1=arwdDxt/regress_pathman_user1,regress_pathman_user2=ar/regress_pathman_user1}
134134
(3 rows)
135135

136136
/* Try to drop partition, should fail */
@@ -143,19 +143,19 @@ EXCEPTION
143143
END$$;
144144
NOTICE: Insufficient priviliges
145145
/* Disable automatic partition creation */
146-
SET ROLE pathman_user1;
146+
SET ROLE regress_pathman_user1;
147147
SELECT set_auto('permissions.pathman_user1_table', false);
148148
set_auto
149149
----------
150150

151151
(1 row)
152152

153153
/* Partition creation, should fail */
154-
SET ROLE pathman_user2;
154+
SET ROLE regress_pathman_user2;
155155
INSERT INTO permissions.pathman_user1_table (id, a) VALUES (55, 0) RETURNING *;
156156
ERROR: no suitable partition for key '55'
157157
/* Finally drop partitions */
158-
SET ROLE pathman_user1;
158+
SET ROLE regress_pathman_user1;
159159
SELECT drop_partitions('permissions.pathman_user1_table');
160160
NOTICE: 10 rows copied from permissions.pathman_user1_table_1
161161
NOTICE: 10 rows copied from permissions.pathman_user1_table_2
@@ -168,7 +168,7 @@ NOTICE: 1 rows copied from permissions.pathman_user1_table_6
168168
(1 row)
169169

170170
/* Switch to #2 */
171-
SET ROLE pathman_user2;
171+
SET ROLE regress_pathman_user2;
172172
/* Test ddl event trigger */
173173
CREATE TABLE permissions.pathman_user2_table(id serial);
174174
SELECT create_hash_partitions('permissions.pathman_user2_table', 'id', 3);
@@ -188,10 +188,10 @@ NOTICE: 10 rows copied from permissions.pathman_user2_table_2
188188
(1 row)
189189

190190
/* Switch to #1 */
191-
SET ROLE pathman_user1;
191+
SET ROLE regress_pathman_user1;
192192
CREATE TABLE permissions.dropped_column(a int, val int not null, b int, c int);
193193
INSERT INTO permissions.dropped_column SELECT i,i,i,i FROM generate_series(1, 30) i;
194-
GRANT SELECT(val), INSERT(val) ON permissions.dropped_column TO pathman_user2;
194+
GRANT SELECT(val), INSERT(val) ON permissions.dropped_column TO regress_pathman_user2;
195195
SELECT create_range_partitions('permissions.dropped_column', 'val', 1, 10);
196196
create_range_partitions
197197
-------------------------
@@ -203,11 +203,11 @@ WHERE attrelid = ANY (SELECT "partition" FROM pathman_partition_list
203203
WHERE parent = 'permissions.dropped_column'::REGCLASS)
204204
AND attacl IS NOT NULL
205205
ORDER BY attrelid::regclass::text; /* check ACL for each column */
206-
attrelid | attname | attacl
207-
------------------------------+---------+----------------------------------
208-
permissions.dropped_column_1 | val | {pathman_user2=ar/pathman_user1}
209-
permissions.dropped_column_2 | val | {pathman_user2=ar/pathman_user1}
210-
permissions.dropped_column_3 | val | {pathman_user2=ar/pathman_user1}
206+
attrelid | attname | attacl
207+
------------------------------+---------+--------------------------------------------------
208+
permissions.dropped_column_1 | val | {regress_pathman_user2=ar/regress_pathman_user1}
209+
permissions.dropped_column_2 | val | {regress_pathman_user2=ar/regress_pathman_user1}
210+
permissions.dropped_column_3 | val | {regress_pathman_user2=ar/regress_pathman_user1}
211211
(3 rows)
212212

213213
ALTER TABLE permissions.dropped_column DROP COLUMN a; /* DROP "a" */
@@ -222,12 +222,12 @@ WHERE attrelid = ANY (SELECT "partition" FROM pathman_partition_list
222222
WHERE parent = 'permissions.dropped_column'::REGCLASS)
223223
AND attacl IS NOT NULL
224224
ORDER BY attrelid::regclass::text; /* check ACL for each column (+1 partition) */
225-
attrelid | attname | attacl
226-
------------------------------+---------+----------------------------------
227-
permissions.dropped_column_1 | val | {pathman_user2=ar/pathman_user1}
228-
permissions.dropped_column_2 | val | {pathman_user2=ar/pathman_user1}
229-
permissions.dropped_column_3 | val | {pathman_user2=ar/pathman_user1}
230-
permissions.dropped_column_4 | val | {pathman_user2=ar/pathman_user1}
225+
attrelid | attname | attacl
226+
------------------------------+---------+--------------------------------------------------
227+
permissions.dropped_column_1 | val | {regress_pathman_user2=ar/regress_pathman_user1}
228+
permissions.dropped_column_2 | val | {regress_pathman_user2=ar/regress_pathman_user1}
229+
permissions.dropped_column_3 | val | {regress_pathman_user2=ar/regress_pathman_user1}
230+
permissions.dropped_column_4 | val | {regress_pathman_user2=ar/regress_pathman_user1}
231231
(4 rows)
232232

233233
ALTER TABLE permissions.dropped_column DROP COLUMN b; /* DROP "b" */
@@ -242,22 +242,22 @@ WHERE attrelid = ANY (SELECT "partition" FROM pathman_partition_list
242242
WHERE parent = 'permissions.dropped_column'::REGCLASS)
243243
AND attacl IS NOT NULL
244244
ORDER BY attrelid::regclass::text; /* check ACL for each column (+1 partition) */
245-
attrelid | attname | attacl
246-
------------------------------+---------+----------------------------------
247-
permissions.dropped_column_1 | val | {pathman_user2=ar/pathman_user1}
248-
permissions.dropped_column_2 | val | {pathman_user2=ar/pathman_user1}
249-
permissions.dropped_column_3 | val | {pathman_user2=ar/pathman_user1}
250-
permissions.dropped_column_4 | val | {pathman_user2=ar/pathman_user1}
251-
permissions.dropped_column_5 | val | {pathman_user2=ar/pathman_user1}
245+
attrelid | attname | attacl
246+
------------------------------+---------+--------------------------------------------------
247+
permissions.dropped_column_1 | val | {regress_pathman_user2=ar/regress_pathman_user1}
248+
permissions.dropped_column_2 | val | {regress_pathman_user2=ar/regress_pathman_user1}
249+
permissions.dropped_column_3 | val | {regress_pathman_user2=ar/regress_pathman_user1}
250+
permissions.dropped_column_4 | val | {regress_pathman_user2=ar/regress_pathman_user1}
251+
permissions.dropped_column_5 | val | {regress_pathman_user2=ar/regress_pathman_user1}
252252
(5 rows)
253253

254254
DROP TABLE permissions.dropped_column CASCADE;
255255
NOTICE: drop cascades to 6 other objects
256256
/* Finally reset user */
257257
RESET ROLE;
258-
DROP OWNED BY pathman_user1;
259-
DROP OWNED BY pathman_user2;
260-
DROP USER pathman_user1;
261-
DROP USER pathman_user2;
258+
DROP OWNED BY regress_pathman_user1;
259+
DROP OWNED BY regress_pathman_user2;
260+
DROP USER regress_pathman_user1;
261+
DROP USER regress_pathman_user2;
262262
DROP SCHEMA permissions;
263263
DROP EXTENSION pg_pathman;

0 commit comments

Comments
 (0)