Prevent ALTER USER f RESET ALL from removing the settings that were put there

by a superuser -- "ALTER USER f RESET setting" already disallows removing such a setting. Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database owner that's not superuser.
2025-06-27 23:21:58 +03:00 · 2010-03-25 14:44:51 +00:00
parent 505efe9917
commit 08729b4e8a
4 changed files with 134 additions and 10 deletions
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@ -6,7 +6,7 @@
 * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.187 2009/06/11 14:48:56 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.187.2.1 2010/03/25 14:44:51 alvherre Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -772,9 +772,30 @@ AlterRoleSet(AlterRoleSetStmt *stmt)

 	if (stmt->setstmt->kind == VAR_RESET_ALL)
 	{
-		/* RESET ALL, so just set rolconfig to null */
-		repl_null[Anum_pg_authid_rolconfig - 1] = true;
-		repl_val[Anum_pg_authid_rolconfig - 1] = (Datum) 0;
+		ArrayType  *new = NULL;
+		Datum		datum;
+		bool		isnull;
+
+		/*
+		 * in RESET ALL, request GUC to reset the settings array; if none
+		 * left, we can set rolconfig to null; otherwise use the returned
+		 * array
+		 */
+		datum = SysCacheGetAttr(AUTHNAME, oldtuple,
+								Anum_pg_authid_rolconfig, &isnull);
+		if (!isnull)
+			new = GUCArrayReset(DatumGetArrayTypeP(datum));
+		if (new)
+		{
+			repl_val[Anum_pg_authid_rolconfig - 1] = PointerGetDatum(new);
+			repl_repl[Anum_pg_authid_rolconfig - 1] = true;
+			repl_null[Anum_pg_authid_rolconfig - 1] = false;
+		}
+		else
+		{
+			repl_null[Anum_pg_authid_rolconfig - 1] = true;
+			repl_val[Anum_pg_authid_rolconfig - 1] = (Datum) 0;
+		}
 	}
 	else
 	{