pgsql-create-extension-permission-checks.patch
application/octet-stream
Filename: pgsql-create-extension-permission-checks.patch
Type: application/octet-stream
Part: 0
src/backend/commands/extension.c | 14 ++++++++++++++
1 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c
index 9b9bb7d..944b40e 100644
--- a/src/backend/commands/extension.c
+++ b/src/backend/commands/extension.c
@@ -1370,6 +1370,20 @@ CreateExtension(CreateExtensionStmt *stmt)
if (schemaOid == InvalidOid)
{
+ AclResult aclresult;
+
+ /*
+ * To create a schema, must have schema-create privilege on the
+ * current database. It also requires the current role must be
+ * able to become the owner role, however, it is obviously same
+ * role in this case.
+ */
+ aclresult = pg_database_aclcheck(MyDatabaseId,
+ extowner, ACL_CREATE);
+ if (aclresult != ACLCHECK_OK)
+ aclcheck_error(aclresult, ACL_KIND_DATABASE,
+ get_database_name(MyDatabaseId));
+
schemaOid = NamespaceCreate(schemaName, extowner);
/* Advance cmd counter to make the namespace visible */
CommandCounterIncrement();