Fix cascading privilege revoke to notice when privileges are still held.
If we revoke a grant option from some role X, but X still holds the option
via another grant, we should not recursively revoke the privilege from
role(s) Y that X had granted it to. This was supposedly fixed as one
aspect of commit 4b2dafcc0b1a579ef5daaa2728223006d1ff98e9, but I must not
have tested it, because in fact that code never worked: it forgot to shift
the grant-option bits back over when masking the bits being revoked.
Per bug #6728 from Daniel German. Back-patch to all active branches,
since this has been wrong since 8.0.
src/backend/utils/adt/acl.c | 4 +-
src/test/regress/expected/privileges.out | 46 ++++++++++++++++++++++++++++-
src/test/regress/sql/privileges.sql | 29 ++++++++++++++++++-
3 files changed, 74 insertions(+), 5 deletions(-)
pgsql-committers by date
|Next:||From: Tom Lane||Date: 2012-08-23 22:07:41|
|Subject: pgsql: Stamp 9.2rc1.|
|Previous:||From: Heikki Linnakangas||Date: 2012-08-23 09:00:12|
|Subject: pgsql: Fix typo in example.|