git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3b7cd8c)

Integrate superuser check into has_rolreplication()

author Peter Eisentraut <peter@eisentraut.org>

2023年3月16日 14:43:33 +0000 (15:43 +0100)

committer Peter Eisentraut <peter@eisentraut.org>

2023年3月16日 14:43:33 +0000 (15:43 +0100)

This makes it consistent with similar functions like
has_createrole_privilege() and allows removing some explicit superuser
checks.

Author: Nathan Bossart <nathandbossart@gmail.com>
Discussion: https://www.postgresql.org/message-id/20230310000313.GA3992372%40nathanxps13

src/backend/replication/slot.c patch | blob | blame | history

src/backend/utils/init/miscinit.c patch | blob | blame | history

src/backend/utils/init/postinit.c patch | blob | blame | history

diff --git a/src/backend/replication/slot.c b/src/backend/replication/slot.c

index f286918f69ed0d91770bb60342976205efb1718c..3506b77cc7c2b9b2cadb36f900f2a11274e418a8 100644 (file)

--- a/src/backend/replication/slot.c

+++ b/src/backend/replication/slot.c

@@ -1140,7 +1140,7 @@ CheckSlotRequirements(void)

void

CheckSlotPermissions(void)

{

- if (!superuser() && !has_rolreplication(GetUserId()))

+ if (!has_rolreplication(GetUserId()))

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("must be superuser or replication role to use replication slots")));

diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c

index 7eb7fe87f68d4c1e977d37d47f10674d3f4b2b69..a604432126c82ee1ac459cc1388d59dedcb0c2bc 100644 (file)

--- a/src/backend/utils/init/miscinit.c

+++ b/src/backend/utils/init/miscinit.c

@@ -709,6 +709,10 @@ has_rolreplication(Oid roleid)

bool result = false;

HeapTuple utup;

+ /* Superusers bypass all permission checking. */

+ if (superuser_arg(roleid))

+ return true;

+

utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));

if (HeapTupleIsValid(utup))

{

diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c

index b0e20cc6357f85aa5ce9c62c495ead780f10beef..3026317bfc96e043064a43dc5d23c9cb1205b9a8 100644 (file)

--- a/src/backend/utils/init/postinit.c

+++ b/src/backend/utils/init/postinit.c

@@ -962,7 +962,7 @@ InitPostgres(const char *in_dbname, Oid dboid,

{

Assert(!bootstrap);

- if (!superuser() && !has_rolreplication(GetUserId()))

+ if (!has_rolreplication(GetUserId()))

ereport(FATAL,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("must be superuser or replication role to start walsender")));

This is the main PostgreSQL git repository.