• Stephen Frost's avatar
    Handle ALTER EXTENSION ADD/DROP with pg_init_privs · e54f7572
    Stephen Frost authored
    In commit 6c268df1, pg_init_privs was added to track the initial
    privileges of catalog objects and extensions.  Unfortunately, that
    commit didn't include understanding of ALTER EXTENSION ADD/DROP, which
    allows the objects associated with an extension to be changed after the
    initial CREATE EXTENSION script has been run.
    
    The result of this meant that ACLs for objects added through
    ALTER EXTENSION ADD were not recorded into pg_init_privs and we would
    end up including those ACLs in pg_dump when we shouldn't have.
    
    This commit corrects that by making sure to have pg_init_privs updated
    when ALTER EXTENSION ADD/DROP is run, recording the permissions as they
    are at ALTER EXTENSION ADD time, and removing any if/when ALTER
    EXTENSION DROP is called.
    
    This issue was pointed out by Moshe Jacobson as commentary on bug #14456
    (which was actually a bug about versions prior to 9.6 not handling
    custom ACLs on extensions correctly, an issue now addressed with
    pg_init_privs in 9.6).
    
    Back-patch to 9.6 where pg_init_privs was introduced.
    e54f7572
aclchk.c 155 KB