Make CREATE EXTENSION check schema creation permissions.

When creating a new schema for a non-relocatable extension, we neglected
to check whether the calling user has permission to create schemas.
That didn't matter in the original coding, since we had already checked
superuserness, but in the new dispensation where users need not be
superusers, we should check it.  Use CreateSchemaCommand() rather than
calling NamespaceCreate() directly, so that we also enforce the rules
about reserved schema names.

Per complaint from KaiGai Kohei, though this isn't the same as his patch.

1 files changed, 13 insertions, 3 deletions

diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c
index 9b9bb7dc8f0..d591bf00f96 100644
--- a/src/backend/commands/extension.c
+++ b/src/backend/commands/extension.c
@@ -40,6 +40,7 @@
 #include "commands/alter.h"
 #include "commands/comment.h"
 #include "commands/extension.h"
+#include "commands/schemacmds.h"
 #include "commands/trigger.h"
 #include "executor/executor.h"
 #include "funcapi.h"
@@ -1370,9 +1371,18 @@ CreateExtension(CreateExtensionStmt *stmt)
 
 		if (schemaOid == InvalidOid)
 		{
-			schemaOid = NamespaceCreate(schemaName, extowner);
-			/* Advance cmd counter to make the namespace visible */
-			CommandCounterIncrement();
+			CreateSchemaStmt *csstmt = makeNode(CreateSchemaStmt);
+
+			csstmt->schemaname = schemaName;
+			csstmt->authid = NULL;		/* will be created by current user */
+			csstmt->schemaElts = NIL;
+			CreateSchemaCommand(csstmt, NULL);
+
+			/*
+			 * CreateSchemaCommand includes CommandCounterIncrement, so new
+			 * schema is now visible
+			 */
+			schemaOid = get_namespace_oid(schemaName, false);
 		}
 	}
 	else