database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-14 18:42:34 +03:00
Code Activity

Add REPLICATION privilege for ROLEs

Browse Source 
This privilege is required to do Streaming Replication, instead of
superuser, making it possible to set up a SR slave that doesn't
have write permissions on the master.

Superuser privileges do NOT override this check, so in order to
use the default superuser account for replication it must be
explicitly granted the REPLICATION permissions. This is backwards
incompatible change, in the interest of higher default security.
This commit is contained in:
Magnus Hagander
2010-12-29 11:05:03 +01:00
parent f2ba1e994c
commit 9b8aff8c19
19 changed files with 189 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/backend/utils/init/miscinit.c
View File

@ -231,6 +231,7 @@ static int SecurityRestrictionContext = 0;
static bool SetRoleIsActive = false;
/*
* GetUserId - get the current effective user ID.
*
@ -388,6 +389,24 @@ SetUserIdAndContext(Oid userid, bool sec_def_context)
}
/*
* Check if the authenticated user is a replication role
*/
bool
is_authenticated_user_replication_role(void)
{
bool result = false;
HeapTuple utup;
utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(AuthenticatedUserId));
if (HeapTupleIsValid(utup))
{
result = ((Form_pg_authid) GETSTRUCT(utup))->rolreplication;
ReleaseSysCache(utup);
}
return result;
}
/*
* Initialize user identity during normal backend startup
*/