diff options
| -rw-r--r-- | src/backend/access/transam/xlog.c | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index 27de1ee5c84..efaba469cc8 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -8957,6 +8957,11 @@ pg_start_backup(PG_FUNCTION_ARGS) backupidstr = text_to_cstring(backupid); + if (!superuser() && !has_rolreplication(GetUserId())) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("must be superuser or replication role to run a backup"))); + startpoint = do_pg_start_backup(backupidstr, fast, NULL); snprintf(startxlogstr, sizeof(startxlogstr), "%X/%X", @@ -8984,6 +8989,9 @@ pg_start_backup(PG_FUNCTION_ARGS) * * Every successfully started non-exclusive backup must be stopped by calling * do_pg_stop_backup() or do_pg_abort_backup(). + * + * It is the responsibility of the caller of this function to verify the + * permissions of the calling user! */ XLogRecPtr do_pg_start_backup(const char *backupidstr, bool fast, char **labelfile) @@ -9000,11 +9008,6 @@ do_pg_start_backup(const char *backupidstr, bool fast, char **labelfile) FILE *fp; StringInfoData labelfbuf; - if (!superuser() && !has_rolreplication(GetUserId())) - ereport(ERROR, - (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("must be superuser or replication role to run a backup"))); - if (RecoveryInProgress()) ereport(ERROR, (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), @@ -9241,6 +9244,11 @@ pg_stop_backup(PG_FUNCTION_ARGS) XLogRecPtr stoppoint; char stopxlogstr[MAXFNAMELEN]; + if (!superuser() && !has_rolreplication(GetUserId())) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("must be superuser or replication role to run a backup"))); + stoppoint = do_pg_stop_backup(NULL, true); snprintf(stopxlogstr, sizeof(stopxlogstr), "%X/%X", @@ -9254,6 +9262,9 @@ pg_stop_backup(PG_FUNCTION_ARGS) * If labelfile is NULL, this stops an exclusive backup. Otherwise this stops * the non-exclusive backup specified by 'labelfile'. + * + * It is the responsibility of the caller of this function to verify the + * permissions of the calling user! */ XLogRecPtr do_pg_stop_backup(char *labelfile, bool waitforarchive) @@ -9279,11 +9290,6 @@ do_pg_stop_backup(char *labelfile, bool waitforarchive) bool reported_waiting = false; char *remaining; - if (!superuser() && !has_rolreplication(GetUserId())) - ereport(ERROR, - (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - (errmsg("must be superuser or replication role to run a backup")))); - if (RecoveryInProgress()) ereport(ERROR, (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), |