database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-27 12:41:57 +03:00
Code Activity

Use has_privs_for_roles for predefined role checks: round 2

Browse Source 
Similar to commit 6198420ad, replace is_member_of_role with
has_privs_for_role for predefined role access checks in recently
committed basebackup code. In passing fix a double-word error
in a nearby comment.

Discussion: https://postgr.es/m/flat/CAGB+Vh4Zv_TvKt2tv3QNS6tUM_F_9icmuj0zjywwcgVi4PAhFA@mail.gmail.com
This commit is contained in:
Joe Conway
2022-04-02 13:24:38 -04:00
parent cfdd03f45e
commit 9752436f04
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
contrib/basebackup_to_shell/basebackup_to_shell.c
View File

@ -90,7 +90,7 @@ _PG_init(void)
} }
/* /*
* We choose to defer sanity sanity checking until shell_get_sink(), and so * We choose to defer sanity checking until shell_get_sink(), and so
* just pass the target detail through without doing anything. However, we do * just pass the target detail through without doing anything. However, we do
* permissions checks here, before any real work has been done. * permissions checks here, before any real work has been done.
*/ */
@ -103,7 +103,7 @@ shell_check_detail(char *target, char *target_detail)
StartTransactionCommand(); StartTransactionCommand();
roleid = get_role_oid(shell_required_role, true); roleid = get_role_oid(shell_required_role, true);
if (!is_member_of_role(GetUserId(), roleid)) if (!has_privs_of_role(GetUserId(), roleid))
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to use basebackup_to_shell"))); errmsg("permission denied to use basebackup_to_shell")));

2
doc/src/sgml/ref/pg_basebackup.sgml
View File

@ -237,7 +237,7 @@ PostgreSQL documentation
<literal>server:/some/path</literal>, the backup will be stored on <literal>server:/some/path</literal>, the backup will be stored on
the machine where the server is running in the the machine where the server is running in the
<literal>/some/path</literal> directory. Storing a backup on the <literal>/some/path</literal> directory. Storing a backup on the
server requires superuser privileges or being granted the server requires superuser privileges or having privileges of the
<literal>pg_write_server_files</literal> role. If the target is set to <literal>pg_write_server_files</literal> role. If the target is set to
<literal>blackhole</literal>, the contents are discarded and not <literal>blackhole</literal>, the contents are discarded and not
stored anywhere. This should only be used for testing purposes, as you stored anywhere. This should only be used for testing purposes, as you

4
src/backend/replication/basebackup_server.c
View File

@ -69,10 +69,10 @@ bbsink_server_new(bbsink *next, char *pathname)
/* Replication permission is not sufficient in this case. */ /* Replication permission is not sufficient in this case. */
StartTransactionCommand(); StartTransactionCommand();
if (!is_member_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES)) if (!has_privs_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES))
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser or a member of the pg_write_server_files role to create server backup"))); errmsg("must be superuser or a role with privileges of the pg_write_server_files role to create server backup")));
CommitTransactionCommand(); CommitTransactionCommand();
/* /*