Make CREATE EXTENSION check schema creation permissions.

tglsfdc · tglsfdc · commit 7f7fdd2a17ce · 2011-08-23T21:49:16.000-04:00
When creating a new schema for a non-relocatable extension, we neglected
to check whether the calling user has permission to create schemas.
That didn't matter in the original coding, since we had already checked
superuserness, but in the new dispensation where users need not be
superusers, we should check it.  Use CreateSchemaCommand() rather than
calling NamespaceCreate() directly, so that we also enforce the rules
about reserved schema names.

Per complaint from KaiGai Kohei, though this isn't the same as his patch.
diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c
@@ -40,6 +40,7 @@
 #include "commands/alter.h"
 #include "commands/comment.h"
 #include "commands/extension.h"
+#include "commands/schemacmds.h"
 #include "commands/trigger.h"
 #include "executor/executor.h"
 #include "funcapi.h"
@@ -1369,9 +1370,18 @@ CreateExtension(CreateExtensionStmt *stmt)
 
 		if (schemaOid == InvalidOid)
 		{
-			schemaOid = NamespaceCreate(schemaName, extowner);
-			/* Advance cmd counter to make the namespace visible */
-			CommandCounterIncrement();
+			CreateSchemaStmt *csstmt = makeNode(CreateSchemaStmt);
+
+			csstmt->schemaname = schemaName;
+			csstmt->authid = NULL;		/* will be created by current user */
+			csstmt->schemaElts = NIL;
+			CreateSchemaCommand(csstmt, NULL);
+
+			/*
+			 * CreateSchemaCommand includes CommandCounterIncrement, so new
+			 * schema is now visible
+			 */
+			schemaOid = get_namespace_oid(schemaName, false);
 		}
 	}
 	else
