projects / users / c2main / postgres.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3b7cd8c)
Integrate superuser check into has_rolreplication()
authorPeter Eisentraut <peter@eisentraut.org>
Thu, 16 Mar 2023 14:43:33 +0000 (15:43 +0100)
committerPeter Eisentraut <peter@eisentraut.org>
Thu, 16 Mar 2023 14:43:33 +0000 (15:43 +0100)
This makes it consistent with similar functions like
has_createrole_privilege() and allows removing some explicit superuser
checks.

Author: Nathan Bossart <nathandbossart@gmail.com>
Discussion: https://www.postgresql.org/message-id/20230310000313.GA3992372%40nathanxps13

src/backend/replication/slot.c patch | blob | blame | history
src/backend/utils/init/miscinit.c patch | blob | blame | history
src/backend/utils/init/postinit.c patch | blob | blame | history

diff --git a/src/backend/replication/slot.c b/src/backend/replication/slot.c
index f286918f69ed0d91770bb60342976205efb1718c..3506b77cc7c2b9b2cadb36f900f2a11274e418a8 100644 (file)
--- a/src/backend/replication/slot.c
+++ b/src/backend/replication/slot.c
@@ -1140,7 +1140,7 @@ CheckSlotRequirements(void)
 void
 CheckSlotPermissions(void)
 {
-       if (!superuser() && !has_rolreplication(GetUserId()))
+       if (!has_rolreplication(GetUserId()))
                ereport(ERROR,
                                (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                                 errmsg("must be superuser or replication role to use replication slots")));
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c
index 7eb7fe87f68d4c1e977d37d47f10674d3f4b2b69..a604432126c82ee1ac459cc1388d59dedcb0c2bc 100644 (file)
--- a/src/backend/utils/init/miscinit.c
+++ b/src/backend/utils/init/miscinit.c
@@ -709,6 +709,10 @@ has_rolreplication(Oid roleid)
        bool            result = false;
        HeapTuple       utup;
 
+       /* Superusers bypass all permission checking. */
+       if (superuser_arg(roleid))
+               return true;
+
        utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
        if (HeapTupleIsValid(utup))
        {
diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c
index b0e20cc6357f85aa5ce9c62c495ead780f10beef..3026317bfc96e043064a43dc5d23c9cb1205b9a8 100644 (file)
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@@ -962,7 +962,7 @@ InitPostgres(const char *in_dbname, Oid dboid,
        {
                Assert(!bootstrap);
 
-               if (!superuser() && !has_rolreplication(GetUserId()))
+               if (!has_rolreplication(GetUserId()))
                        ereport(FATAL,
                                        (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                                         errmsg("must be superuser or replication role to start walsender")));
Cedric's Stuff