Accept SET SESSION AUTHORIZATION DEFAULT and RESET SESSION AUTHORIZATION

to reset session userid to the originally-authenticated name.  Also,
relax SET SESSION AUTHORIZATION to allow specifying one's own username
even if one is not superuser, so as to avoid unnecessary error messages
when loading a pg_dump file that uses this command.  Per discussion from
several months ago.

3 files changed, 69 insertions, 20 deletions

diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index 301a3c86a74..de42538bd63 100644
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.65 2002/04/22 15:13:53 thomas Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.66 2002/05/06 19:47:30 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -815,6 +815,15 @@ reset_server_encoding(void)
 }
 
 
+static bool
+show_session_authorization(void)
+{
+	elog(INFO, "Current session authorization is '%s'",
+		 GetUserName(GetSessionUserId()));
+	return TRUE;
+}
+
+
 
 /* SetPGVariable()
  * Dispatcher for handling SET commands.
@@ -902,6 +911,8 @@ GetPGVariable(const char *name)
 		show_server_encoding();
 	else if (strcasecmp(name, "seed") == 0)
 		show_random_seed();
+	else if (strcasecmp(name, "session_authorization") == 0)
+		show_session_authorization();
 	else if (strcasecmp(name, "all") == 0)
 	{
 		ShowAllGUCConfig();
@@ -935,6 +946,8 @@ ResetPGVariable(const char *name)
 		reset_server_encoding();
 	else if (strcasecmp(name, "seed") == 0)
 		reset_random_seed();
+	else if (strcasecmp(name, "session_authorization") == 0)
+		SetSessionAuthorization(NULL);
 	else if (strcasecmp(name, "all") == 0)
 	{
 		reset_random_seed();
@@ -942,6 +955,7 @@ ResetPGVariable(const char *name)
 		reset_client_encoding();
 		reset_datestyle();
 		reset_timezone();
+		/* should we reset session authorization here? */
 
 		ResetAllOptions(false);
 	}
diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y
index 1d1b7a78a29..258a11c1183 100644
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.312 2002/05/03 00:32:16 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.313 2002/05/06 19:47:30 tgl Exp $
  *
  * HISTORY
  *	  AUTHOR			DATE			MAJOR EVENT
@@ -281,7 +281,7 @@ static void doNegateFloat(Value *v);
 %type <ival>	Iconst
 %type <str>		Sconst, comment_text
 %type <str>		UserId, opt_boolean, ColId_or_Sconst
-%type <list>	var_list
+%type <list>	var_list, var_list_or_default
 %type <str>		ColId, ColLabel, type_name
 %type <node>	var_value, zone_value
 
@@ -833,14 +833,14 @@ schema_stmt: CreateStmt
  *
  *****************************************************************************/
 
-VariableSetStmt:  SET ColId TO var_list
+VariableSetStmt:  SET ColId TO var_list_or_default
 				{
 					VariableSetStmt *n = makeNode(VariableSetStmt);
 					n->name  = $2;
 					n->args = $4;
 					$$ = (Node *) n;
 				}
-		| SET ColId '=' var_list
+		| SET ColId '=' var_list_or_default
 				{
 					VariableSetStmt *n = makeNode(VariableSetStmt);
 					n->name  = $2;
@@ -884,14 +884,25 @@ VariableSetStmt:  SET ColId TO var_list
 					n->args = makeList1(makeStringConst($4, NULL));
 					$$ = (Node *) n;
 				}
+		| SET SESSION AUTHORIZATION DEFAULT
+				{
+					VariableSetStmt *n = makeNode(VariableSetStmt);
+					n->name = "session_authorization";
+					n->args = NIL;
+					$$ = (Node *) n;
+				}
+		;
+
+var_list_or_default:  var_list
+				{ $$ = $1; }
+		| DEFAULT
+				{ $$ = NIL; }
 		;
 
 var_list:  var_value
 				{	$$ = makeList1($1); }
 		| var_list ',' var_value
 				{	$$ = lappend($1, $3); }
-		| DEFAULT
-				{ $$ = NIL; }
 		;
 
 var_value:  opt_boolean
@@ -1017,6 +1028,12 @@ VariableResetStmt:	RESET ColId
 					n->name  = "XactIsoLevel";
 					$$ = (Node *) n;
 				}
+		| RESET SESSION AUTHORIZATION
+				{
+					VariableResetStmt *n = makeNode(VariableResetStmt);
+					n->name = "session_authorization";
+					$$ = (Node *) n;
+				}
 		| RESET ALL
 				{
 					VariableResetStmt *n = makeNode(VariableResetStmt);
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c
index 91c5a3eb2f5..4cc9d396c70 100644
--- a/src/backend/utils/init/miscinit.c
+++ b/src/backend/utils/init/miscinit.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.89 2002/05/05 00:03:29 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.90 2002/05/06 19:47:30 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -529,15 +529,17 @@ GetCharSetByHost(char *TableName, int host, const char *DataDir)
 /* ----------------------------------------------------------------
  *	User ID things
  *
- * The session user is determined at connection start and never
- * changes.  The current user may change when "setuid" functions
+ * The authenticated user is determined at connection start and never
+ * changes.  The session user can be changed only by SET SESSION
+ * AUTHORIZATION.  The current user may change when "setuid" functions
  * are implemented.  Conceptually there is a stack, whose bottom
  * is the session user.  You are yourself responsible to save and
  * restore the current user id if you need to change it.
  * ----------------------------------------------------------------
  */
-static Oid	CurrentUserId = InvalidOid;
+static Oid	AuthenticatedUserId = InvalidOid;
 static Oid	SessionUserId = InvalidOid;
+static Oid	CurrentUserId = InvalidOid;
 
 static bool AuthenticatedUserIsSuperuser = false;
 
@@ -588,6 +590,7 @@ InitializeSessionUserId(const char *username)
 	HeapTuple	userTup;
 	Datum		datum;
 	bool		isnull;
+	Oid			usesysid;
 
 	/*
 	 * Don't do scans if we're bootstrapping, none of the system catalogs
@@ -596,7 +599,7 @@ InitializeSessionUserId(const char *username)
 	AssertState(!IsBootstrapProcessingMode());
 
 	/* call only once */
-	AssertState(!OidIsValid(SessionUserId));
+	AssertState(!OidIsValid(AuthenticatedUserId));
 
 	userTup = SearchSysCache(SHADOWNAME,
 							 PointerGetDatum(username),
@@ -604,10 +607,14 @@ InitializeSessionUserId(const char *username)
 	if (!HeapTupleIsValid(userTup))
 		elog(FATAL, "user \"%s\" does not exist", username);
 
-	SetSessionUserId(((Form_pg_shadow) GETSTRUCT(userTup))->usesysid);
+	usesysid = ((Form_pg_shadow) GETSTRUCT(userTup))->usesysid;
 
+	AuthenticatedUserId = usesysid;
 	AuthenticatedUserIsSuperuser = ((Form_pg_shadow) GETSTRUCT(userTup))->usesuper;
 
+	SetSessionUserId(usesysid);	/* sets CurrentUserId too */
+
+
 	/*
 	 * Set up user-specific configuration variables.  This is a good
 	 * place to do it so we don't have to read pg_shadow twice during
@@ -633,25 +640,36 @@ InitializeSessionUserIdStandalone(void)
 	AssertState(!IsUnderPostmaster);
 
 	/* call only once */
-	AssertState(!OidIsValid(SessionUserId));
+	AssertState(!OidIsValid(AuthenticatedUserId));
 
-	SetSessionUserId(BOOTSTRAP_USESYSID);
+	AuthenticatedUserId = BOOTSTRAP_USESYSID;
 	AuthenticatedUserIsSuperuser = true;
+
+	SetSessionUserId(BOOTSTRAP_USESYSID);
 }
 
 
 /*
  * Change session auth ID while running
+ *
+ * Only a superuser may set auth ID to something other than himself.
+ *
+ * username == NULL implies reset to default (AuthenticatedUserId).
  */
 void
 SetSessionAuthorization(const char *username)
 {
-	int32		userid;
-
-	if (!AuthenticatedUserIsSuperuser)
-		elog(ERROR, "permission denied");
+	Oid		userid;
 
-	userid = get_usesysid(username);
+	if (username == NULL)
+		userid = AuthenticatedUserId;
+	else
+	{
+		userid = get_usesysid(username);
+		if (userid != AuthenticatedUserId &&
+			!AuthenticatedUserIsSuperuser)
+			elog(ERROR, "permission denied");
+	}
 
 	SetSessionUserId(userid);
 	SetUserId(userid);