Fix pg_subscription column privileges for subwalrcvtimeout

The subwalrcvtimeout column was added by commit fb80f38, but the
column-level privileges on pg_subscription were not updated. As a
result, non-superusers cannot read the column, unlike the other
publicly readable pg_subscription columns.

This commit grants SELECT privilege on subwalrcvtimeout to PUBLIC.

Bump catalog version.

Author: Nisha Moond <nisha.moond412@gmail.com>
Reviewed-by: Amit Kapila <amit.kapila16@gmail.com>
Reviewed-by: Fujii Masao <masao.fujii@gmail.com>
Discussion: https://postgr.es/m/CABdArM4uA=6nA0BunJwudiEoY1BcWUS_oj_2pkEq_d-YdiBJhw@mail.gmail.com

diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index 73a1c1c46703a6638d863ddfc56b40ce382b17c7..8f129baec906196a04b81b37fdab57b87ff0310c 100644 (file)
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -1527,7 +1527,8 @@ GRANT SELECT (oid, subdbid, subskiplsn, subname, subowner, subenabled,
               subbinary, substream, subtwophasestate, subdisableonerr,
                          subpasswordrequired, subrunasowner, subfailover,
               subretaindeadtuples, submaxretention, subretentionactive,
-              subserver, subslotname, subsynccommit, subpublications, suborigin)
+              subserver, subslotname, subsynccommit, subwalrcvtimeout,
+              subpublications, suborigin)
     ON pg_subscription TO public;
 
 CREATE VIEW pg_stat_subscription_stats AS

diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h
index a1416260abcbf935dd73e7ba4c797d670f73f5f7..87007e725c16107bb3146eedf7a09d83dff913b1 100644 (file)
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -57,6 +57,6 @@
  */
 
 /*                                                     yyyymmddN */
-#define CATALOG_VERSION_NO     202605131
+#define CATALOG_VERSION_NO     202606051
 
 #endif

diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out
index 7e3cabdb93f5242c4e228f051532d207081297d9..8481056a7023197eaa60f496c7f8fbe7f6a4bfdf 100644 (file)
--- a/src/test/regress/expected/subscription.out
+++ b/src/test/regress/expected/subscription.out
@@ -47,6 +47,21 @@ SELECT obj_description(s.oid, 'pg_subscription') FROM pg_subscription s;
  test subscription
 (1 row)
 
+-- Check that only subconninfo is not publicly readable in pg_subscription.
+SELECT count(*) = 0 AS ok
+    FROM pg_attribute
+    WHERE attrelid = 'pg_catalog.pg_subscription'::regclass AND attnum > 0 AND NOT attisdropped
+        AND ((attname = 'subconninfo'
+               AND has_column_privilege('regress_subscription_user_dummy',
+                   'pg_catalog.pg_subscription', attname, 'SELECT'))
+            OR (attname <> 'subconninfo'
+               AND NOT has_column_privilege('regress_subscription_user_dummy',
+                   'pg_catalog.pg_subscription', attname, 'SELECT')));
+ ok 
+----
+ t
+(1 row)
+
 -- Check if the subscription stats are created and stats_reset is updated
 -- by pg_stat_reset_subscription_stats().
 SELECT subname, stats_reset IS NULL stats_reset_is_null FROM pg_stat_subscription_stats WHERE subname = 'regress_testsub';

diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql
index 6c3d9632e8a3a9e7beb2dd62a5599f0b51531738..374fad6aa7b0ebb460255235dc03597c7b9fa934 100644 (file)
--- a/src/test/regress/sql/subscription.sql
+++ b/src/test/regress/sql/subscription.sql
@@ -42,6 +42,17 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB
 COMMENT ON SUBSCRIPTION regress_testsub IS 'test subscription';
 SELECT obj_description(s.oid, 'pg_subscription') FROM pg_subscription s;
 
+-- Check that only subconninfo is not publicly readable in pg_subscription.
+SELECT count(*) = 0 AS ok
+    FROM pg_attribute
+    WHERE attrelid = 'pg_catalog.pg_subscription'::regclass AND attnum > 0 AND NOT attisdropped
+        AND ((attname = 'subconninfo'
+               AND has_column_privilege('regress_subscription_user_dummy',
+                   'pg_catalog.pg_subscription', attname, 'SELECT'))
+            OR (attname <> 'subconninfo'
+               AND NOT has_column_privilege('regress_subscription_user_dummy',
+                   'pg_catalog.pg_subscription', attname, 'SELECT')));
+
 -- Check if the subscription stats are created and stats_reset is updated
 -- by pg_stat_reset_subscription_stats().
 SELECT subname, stats_reset IS NULL stats_reset_is_null FROM pg_stat_subscription_stats WHERE subname = 'regress_testsub';