diff options
author | Magnus Hagander <magnus@hagander.net> | 2010-12-29 11:05:03 +0100 |
---|---|---|
committer | Magnus Hagander <magnus@hagander.net> | 2010-12-29 11:05:03 +0100 |
commit | 9b8aff8c192e2f313f90395d114c58a9ef84f97f (patch) | |
tree | a4a4f7a5c25d4bbdd85599471a206433de704f1d /src/include | |
parent | f2ba1e994c4d17dc3d4b8d48d3933c96d09127e1 (diff) | |
download | postgresql-9b8aff8c192e2f313f90395d114c58a9ef84f97f.tar.gz postgresql-9b8aff8c192e2f313f90395d114c58a9ef84f97f.zip |
Add REPLICATION privilege for ROLEs
This privilege is required to do Streaming Replication, instead of
superuser, making it possible to set up a SR slave that doesn't
have write permissions on the master.
Superuser privileges do NOT override this check, so in order to
use the default superuser account for replication it must be
explicitly granted the REPLICATION permissions. This is backwards
incompatible change, in the interest of higher default security.
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/catalog/pg_authid.h | 12 | ||||
-rw-r--r-- | src/include/miscadmin.h | 1 | ||||
-rw-r--r-- | src/include/parser/kwlist.h | 2 |
3 files changed, 10 insertions, 5 deletions
diff --git a/src/include/catalog/pg_authid.h b/src/include/catalog/pg_authid.h index aaba0febc0a..b6d18385f4e 100644 --- a/src/include/catalog/pg_authid.h +++ b/src/include/catalog/pg_authid.h @@ -51,6 +51,7 @@ CATALOG(pg_authid,1260) BKI_SHARED_RELATION BKI_ROWTYPE_OID(2842) BKI_SCHEMA_MAC bool rolcreatedb; /* allowed to create databases? */ bool rolcatupdate; /* allowed to alter catalogs manually? */ bool rolcanlogin; /* allowed to log in as session user? */ + bool rolreplication; /* role used for streaming replication */ int4 rolconnlimit; /* max connections allowed (-1=no limit) */ /* remaining fields may be null; use heap_getattr to read them! */ @@ -72,7 +73,7 @@ typedef FormData_pg_authid *Form_pg_authid; * compiler constants for pg_authid * ---------------- */ -#define Natts_pg_authid 10 +#define Natts_pg_authid 11 #define Anum_pg_authid_rolname 1 #define Anum_pg_authid_rolsuper 2 #define Anum_pg_authid_rolinherit 3 @@ -80,9 +81,10 @@ typedef FormData_pg_authid *Form_pg_authid; #define Anum_pg_authid_rolcreatedb 5 #define Anum_pg_authid_rolcatupdate 6 #define Anum_pg_authid_rolcanlogin 7 -#define Anum_pg_authid_rolconnlimit 8 -#define Anum_pg_authid_rolpassword 9 -#define Anum_pg_authid_rolvaliduntil 10 +#define Anum_pg_authid_rolreplication 8 +#define Anum_pg_authid_rolconnlimit 9 +#define Anum_pg_authid_rolpassword 10 +#define Anum_pg_authid_rolvaliduntil 11 /* ---------------- * initial contents of pg_authid @@ -91,7 +93,7 @@ typedef FormData_pg_authid *Form_pg_authid; * user choices. * ---------------- */ -DATA(insert OID = 10 ( "POSTGRES" t t t t t t -1 _null_ _null_ )); +DATA(insert OID = 10 ( "POSTGRES" t t t t t t f -1 _null_ _null_ )); #define BOOTSTRAP_SUPERUSERID 10 diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h index 032875e36c3..ddba50cafae 100644 --- a/src/include/miscadmin.h +++ b/src/include/miscadmin.h @@ -357,6 +357,7 @@ extern void ValidatePgVersion(const char *path); extern void process_shared_preload_libraries(void); extern void process_local_preload_libraries(void); extern void pg_bindtextdomain(const char *domain); +extern bool is_authenticated_user_replication_role(void); /* in access/transam/xlog.c */ extern bool BackupInProgress(void); diff --git a/src/include/parser/kwlist.h b/src/include/parser/kwlist.h index 2c44cf7943c..09d167a3230 100644 --- a/src/include/parser/kwlist.h +++ b/src/include/parser/kwlist.h @@ -250,6 +250,7 @@ PG_KEYWORD("nocreateuser", NOCREATEUSER, UNRESERVED_KEYWORD) PG_KEYWORD("noinherit", NOINHERIT, UNRESERVED_KEYWORD) PG_KEYWORD("nologin", NOLOGIN_P, UNRESERVED_KEYWORD) PG_KEYWORD("none", NONE, COL_NAME_KEYWORD) +PG_KEYWORD("noreplication", NOREPLICATION_P, UNRESERVED_KEYWORD) PG_KEYWORD("nosuperuser", NOSUPERUSER, UNRESERVED_KEYWORD) PG_KEYWORD("not", NOT, RESERVED_KEYWORD) PG_KEYWORD("nothing", NOTHING, UNRESERVED_KEYWORD) @@ -313,6 +314,7 @@ PG_KEYWORD("rename", RENAME, UNRESERVED_KEYWORD) PG_KEYWORD("repeatable", REPEATABLE, UNRESERVED_KEYWORD) PG_KEYWORD("replace", REPLACE, UNRESERVED_KEYWORD) PG_KEYWORD("replica", REPLICA, UNRESERVED_KEYWORD) +PG_KEYWORD("replication", REPLICATION_P, UNRESERVED_KEYWORD) PG_KEYWORD("reset", RESET, UNRESERVED_KEYWORD) PG_KEYWORD("restart", RESTART, UNRESERVED_KEYWORD) PG_KEYWORD("restrict", RESTRICT, UNRESERVED_KEYWORD) |