database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-10-27 00:12:01 +03:00
Code Activity

pg_dump: Fix dumping of security labels on subscriptions and event triggers.

Browse Source 
Previously, pg_dump incorrectly queried pg_seclabel to retrieve security labels
for subscriptions, which are stored in pg_shseclabel as they are global objects.
This could result in security labels for subscriptions not being dumped.

This commit fixes the issue by updating pg_dump to query the pg_seclabels view,
which aggregates entries from both pg_seclabel and pg_shseclabel.
While querying pg_shseclabel directly for subscriptions was an alternative,
using pg_seclabels is simpler and sufficient.

In addition, pg_dump is updated to dump security labels on event triggers,
which were previously omitted.

Backpatch to all supported versions.

Author: Jian He <jian.universality@gmail.com>
Co-authored-by: Fujii Masao <masao.fujii@gmail.com>
Discussion: https://postgr.es/m/CACJufxHCt00pR9h51AVu6+yPD5J7JQn=7dQXxqacj0XyDhc-fA@mail.gmail.com
Backpatch-through: 13
This commit is contained in:
Fujii Masao
2025-09-16 16:44:58 +09:00
parent db900ec358
commit 295c0a644a
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/bin/pg_dump/pg_backup_archiver.c
View File

@@ -3125,12 +3125,14 @@ _tocEntryRestorePass(TocEntry *te)
return RESTORE_PASS_POST_ACL; return RESTORE_PASS_POST_ACL;
/* /*
* Comments need to be emitted in the same pass as their parent objects. * Comments and security labels need to be emitted in the same pass as
* ACLs haven't got comments, and neither do matview data objects, but * their parent objects. ACLs haven't got comments and security labels,
* event triggers do. (Fortunately, event triggers haven't got ACLs, or * and neither do matview data objects, but event triggers do.
* we'd need yet another weird special case.) * (Fortunately, event triggers haven't got ACLs, or we'd need yet another
* weird special case.)
*/ */
if (strcmp(te->desc, "COMMENT") == 0 && if ((strcmp(te->desc, "COMMENT") == 0 ||
strcmp(te->desc, "SECURITY LABEL") == 0) &&
strncmp(te->tag, "EVENT TRIGGER ", 14) == 0) strncmp(te->tag, "EVENT TRIGGER ", 14) == 0)
return RESTORE_PASS_POST_ACL; return RESTORE_PASS_POST_ACL;

7
src/bin/pg_dump/pg_dump.c
View File

@@ -15840,7 +15840,7 @@ collectSecLabels(Archive *fout, SecLabelItem **items)
appendPQExpBufferStr(query, appendPQExpBufferStr(query,
"SELECT label, provider, classoid, objoid, objsubid " "SELECT label, provider, classoid, objoid, objsubid "
"FROM pg_catalog.pg_seclabel " "FROM pg_catalog.pg_seclabels "
"ORDER BY classoid, objoid, objsubid"); "ORDER BY classoid, objoid, objsubid");
res = ExecuteSqlQuery(fout, query->data, PGRES_TUPLES_OK); res = ExecuteSqlQuery(fout, query->data, PGRES_TUPLES_OK);
@@ -18301,6 +18301,11 @@ dumpEventTrigger(Archive *fout, const EventTriggerInfo *evtinfo)
NULL, evtinfo->evtowner, NULL, evtinfo->evtowner,
evtinfo->dobj.catId, 0, evtinfo->dobj.dumpId); evtinfo->dobj.catId, 0, evtinfo->dobj.dumpId);
if (evtinfo->dobj.dump & DUMP_COMPONENT_SECLABEL)
dumpSecLabel(fout, "EVENT TRIGGER", qevtname,
NULL, evtinfo->evtowner,
evtinfo->dobj.catId, 0, evtinfo->dobj.dumpId);
destroyPQExpBuffer(query); destroyPQExpBuffer(query);
destroyPQExpBuffer(delqry); destroyPQExpBuffer(delqry);
free(qevtname); free(qevtname);