aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/backend/commands/copy.c6
-rw-r--r--src/backend/commands/user.c6
-rw-r--r--src/backend/replication/walreceiver.c2
-rw-r--r--src/backend/replication/walsender.c2
-rw-r--r--src/backend/storage/ipc/procarray.c2
-rw-r--r--src/backend/storage/ipc/signalfuncs.c2
-rw-r--r--src/backend/utils/adt/acl.c4
-rw-r--r--src/backend/utils/adt/dbsize.c4
-rw-r--r--src/backend/utils/adt/genfile.c7
-rw-r--r--src/backend/utils/adt/pgstatfuncs.c2
-rw-r--r--src/backend/utils/misc/guc.c14
-rw-r--r--src/include/catalog/pg_authid.dat18
12 files changed, 36 insertions, 33 deletions
diff --git a/src/backend/commands/copy.c b/src/backend/commands/copy.c
index 8c712c8737f..8265b981ebd 100644
--- a/src/backend/commands/copy.c
+++ b/src/backend/commands/copy.c
@@ -80,7 +80,7 @@ DoCopy(ParseState *pstate, const CopyStmt *stmt,
{
if (stmt->is_program)
{
- if (!is_member_of_role(GetUserId(), DEFAULT_ROLE_EXECUTE_SERVER_PROGRAM))
+ if (!is_member_of_role(GetUserId(), ROLE_PG_EXECUTE_SERVER_PROGRAM))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser or a member of the pg_execute_server_program role to COPY to or from an external program"),
@@ -89,14 +89,14 @@ DoCopy(ParseState *pstate, const CopyStmt *stmt,
}
else
{
- if (is_from && !is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_SERVER_FILES))
+ if (is_from && !is_member_of_role(GetUserId(), ROLE_PG_READ_SERVER_FILES))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser or a member of the pg_read_server_files role to COPY from a file"),
errhint("Anyone can COPY to stdout or from stdin. "
"psql's \\copy command also works for anyone.")));
- if (!is_from && !is_member_of_role(GetUserId(), DEFAULT_ROLE_WRITE_SERVER_FILES))
+ if (!is_from && !is_member_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser or a member of the pg_write_server_files role to COPY to a file"),
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index e91fa4c78c9..a8c5188ebcd 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -1501,10 +1501,10 @@ AddRoleMems(const char *rolename, Oid roleid,
* situation-dependent member. There's no technical need for this
* restriction. (One could lift it and take the further step of making
* pg_database_ownercheck() equivalent to has_privs_of_role(roleid,
- * DEFAULT_ROLE_DATABASE_OWNER), in which case explicit,
+ * ROLE_DATABASE_OWNER), in which case explicit,
* situation-independent members could act as the owner of any database.)
*/
- if (roleid == DEFAULT_ROLE_DATABASE_OWNER)
+ if (roleid == ROLE_DATABASE_OWNER)
ereport(ERROR,
errmsg("role \"%s\" cannot have explicit members", rolename));
@@ -1555,7 +1555,7 @@ AddRoleMems(const char *rolename, Oid roleid,
* shared object. (The effect of such ownership is that any owner of
* another database can act as the owner of affected shared objects.)
*/
- if (memberid == DEFAULT_ROLE_DATABASE_OWNER)
+ if (memberid == ROLE_DATABASE_OWNER)
ereport(ERROR,
errmsg("role \"%s\" cannot be a member of any role",
get_rolespec_name(memberRole)));
diff --git a/src/backend/replication/walreceiver.c b/src/backend/replication/walreceiver.c
index 8532296f26c..2b6fa4019b8 100644
--- a/src/backend/replication/walreceiver.c
+++ b/src/backend/replication/walreceiver.c
@@ -1361,7 +1361,7 @@ pg_stat_get_wal_receiver(PG_FUNCTION_ARGS)
/* Fetch values */
values[0] = Int32GetDatum(pid);
- if (!is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
+ if (!is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
{
/*
* Only superusers and members of pg_read_all_stats can see details.
diff --git a/src/backend/replication/walsender.c b/src/backend/replication/walsender.c
index 23baa4498af..4bf8a18e01e 100644
--- a/src/backend/replication/walsender.c
+++ b/src/backend/replication/walsender.c
@@ -3355,7 +3355,7 @@ pg_stat_get_wal_senders(PG_FUNCTION_ARGS)
memset(nulls, 0, sizeof(nulls));
values[0] = Int32GetDatum(pid);
- if (!is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
+ if (!is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
{
/*
* Only superusers and members of pg_read_all_stats can see
diff --git a/src/backend/storage/ipc/procarray.c b/src/backend/storage/ipc/procarray.c
index 4fc6ffb9175..e113a85aed4 100644
--- a/src/backend/storage/ipc/procarray.c
+++ b/src/backend/storage/ipc/procarray.c
@@ -3752,7 +3752,7 @@ TerminateOtherDBBackends(Oid databaseId)
/* Users can signal backends they have role membership in. */
if (!has_privs_of_role(GetUserId(), proc->roleId) &&
- !has_privs_of_role(GetUserId(), DEFAULT_ROLE_SIGNAL_BACKENDID))
+ !has_privs_of_role(GetUserId(), ROLE_PG_SIGNAL_BACKEND))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be a member of the role whose process is being terminated or member of pg_signal_backend")));
diff --git a/src/backend/storage/ipc/signalfuncs.c b/src/backend/storage/ipc/signalfuncs.c
index 69fe23a2563..8b55ff6e76b 100644
--- a/src/backend/storage/ipc/signalfuncs.c
+++ b/src/backend/storage/ipc/signalfuncs.c
@@ -74,7 +74,7 @@ pg_signal_backend(int pid, int sig)
/* Users can signal backends they have role membership in. */
if (!has_privs_of_role(GetUserId(), proc->roleId) &&
- !has_privs_of_role(GetUserId(), DEFAULT_ROLE_SIGNAL_BACKENDID))
+ !has_privs_of_role(GetUserId(), ROLE_PG_SIGNAL_BACKEND))
return SIGNAL_BACKEND_NOPERMISSION;
/*
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c
index 6a8c6a20eea..ebf113074a9 100644
--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@@ -4741,7 +4741,7 @@ roles_is_member_of(Oid roleid, enum RoleRecurseType type,
/*
* Role expansion happens in a non-database backend when guc.c checks
- * DEFAULT_ROLE_READ_ALL_SETTINGS for a physical walsender SHOW command.
+ * ROLE_READ_ALL_SETTINGS for a physical walsender SHOW command.
* In that case, no role gets pg_database_owner.
*/
if (!OidIsValid(MyDatabaseId))
@@ -4808,7 +4808,7 @@ roles_is_member_of(Oid roleid, enum RoleRecurseType type,
/* implement pg_database_owner implicit membership */
if (memberid == dba && OidIsValid(dba))
roles_list = list_append_unique_oid(roles_list,
- DEFAULT_ROLE_DATABASE_OWNER);
+ ROLE_DATABASE_OWNER);
}
/*
diff --git a/src/backend/utils/adt/dbsize.c b/src/backend/utils/adt/dbsize.c
index 64cdaa4134b..da1a879f1f6 100644
--- a/src/backend/utils/adt/dbsize.c
+++ b/src/backend/utils/adt/dbsize.c
@@ -95,7 +95,7 @@ calculate_database_size(Oid dbOid)
*/
aclresult = pg_database_aclcheck(dbOid, GetUserId(), ACL_CONNECT);
if (aclresult != ACLCHECK_OK &&
- !is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
+ !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
{
aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(dbOid));
@@ -179,7 +179,7 @@ calculate_tablespace_size(Oid tblspcOid)
* is default for current database.
*/
if (tblspcOid != MyDatabaseTableSpace &&
- !is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
+ !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
{
aclresult = pg_tablespace_aclcheck(tblspcOid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
diff --git a/src/backend/utils/adt/genfile.c b/src/backend/utils/adt/genfile.c
index 7cf9a0efbec..322152ebd97 100644
--- a/src/backend/utils/adt/genfile.c
+++ b/src/backend/utils/adt/genfile.c
@@ -62,10 +62,13 @@ convert_and_check_filename(text *arg)
* files on the server as the PG user, so no need to do any further checks
* here.
*/
- if (is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_SERVER_FILES))
+ if (is_member_of_role(GetUserId(), ROLE_PG_READ_SERVER_FILES))
return filename;
- /* User isn't a member of the default role, so check if it's allowable */
+ /*
+ * User isn't a member of the pg_read_server_files role, so check if it's
+ * allowable
+ */
if (is_absolute_path(filename))
{
/* Disallow '/a/b/data/..' */
diff --git a/src/backend/utils/adt/pgstatfuncs.c b/src/backend/utils/adt/pgstatfuncs.c
index 5102227a607..9ffbca685cd 100644
--- a/src/backend/utils/adt/pgstatfuncs.c
+++ b/src/backend/utils/adt/pgstatfuncs.c
@@ -33,7 +33,7 @@
#define UINT32_ACCESS_ONCE(var) ((uint32)(*((volatile uint32 *)&(var))))
-#define HAS_PGSTAT_PERMISSIONS(role) (is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role))
+#define HAS_PGSTAT_PERMISSIONS(role) (is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role))
/* Global bgwriter statistics, from bgwriter.c */
extern PgStat_MsgBgWriter bgwriterStats;
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 03daec9a085..130374789ea 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -7985,7 +7985,7 @@ GetConfigOption(const char *name, bool missing_ok, bool restrict_privileged)
}
if (restrict_privileged &&
(record->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_SETTINGS))
+ !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser or a member of pg_read_all_settings to examine \"%s\"",
@@ -8035,7 +8035,7 @@ GetConfigOptionResetString(const char *name)
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("unrecognized configuration parameter \"%s\"", name)));
if ((record->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_SETTINGS))
+ !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser or a member of pg_read_all_settings to examine \"%s\"",
@@ -9294,7 +9294,7 @@ ShowAllGUCConfig(DestReceiver *dest)
if ((conf->flags & GUC_NO_SHOW_ALL) ||
((conf->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_SETTINGS)))
+ !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)))
continue;
/* assign to the values array */
@@ -9361,7 +9361,7 @@ get_explain_guc_options(int *num)
/* return only options visible to the current user */
if ((conf->flags & GUC_NO_SHOW_ALL) ||
((conf->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_SETTINGS)))
+ !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)))
continue;
/* return only options that are different from their boot values */
@@ -9450,7 +9450,7 @@ GetConfigOptionByName(const char *name, const char **varname, bool missing_ok)
}
if ((record->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_SETTINGS))
+ !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser or a member of pg_read_all_settings to examine \"%s\"",
@@ -9481,7 +9481,7 @@ GetConfigOptionByNum(int varnum, const char **values, bool *noshow)
{
if ((conf->flags & GUC_NO_SHOW_ALL) ||
((conf->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_SETTINGS)))
+ !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)))
*noshow = true;
else
*noshow = false;
@@ -9676,7 +9676,7 @@ GetConfigOptionByNum(int varnum, const char **values, bool *noshow)
* insufficiently-privileged users.
*/
if (conf->source == PGC_S_FILE &&
- is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_SETTINGS))
+ is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
{
values[14] = conf->sourcefile;
snprintf(buffer, sizeof(buffer), "%d", conf->sourceline);
diff --git a/src/include/catalog/pg_authid.dat b/src/include/catalog/pg_authid.dat
index 4c2bf972ecc..65795a965b6 100644
--- a/src/include/catalog/pg_authid.dat
+++ b/src/include/catalog/pg_authid.dat
@@ -24,47 +24,47 @@
rolcreaterole => 't', rolcreatedb => 't', rolcanlogin => 't',
rolreplication => 't', rolbypassrls => 't', rolconnlimit => '-1',
rolpassword => '_null_', rolvaliduntil => '_null_' },
-{ oid => '8778', oid_symbol => 'DEFAULT_ROLE_DATABASE_OWNER',
+{ oid => '8778', oid_symbol => 'ROLE_DATABASE_OWNER',
rolname => 'pg_database_owner', rolsuper => 'f', rolinherit => 't',
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
rolpassword => '_null_', rolvaliduntil => '_null_' },
-{ oid => '3373', oid_symbol => 'DEFAULT_ROLE_MONITOR',
+{ oid => '3373', oid_symbol => 'ROLE_PG_MONITOR',
rolname => 'pg_monitor', rolsuper => 'f', rolinherit => 't',
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
rolpassword => '_null_', rolvaliduntil => '_null_' },
-{ oid => '3374', oid_symbol => 'DEFAULT_ROLE_READ_ALL_SETTINGS',
+{ oid => '3374', oid_symbol => 'ROLE_PG_READ_ALL_SETTINGS',
rolname => 'pg_read_all_settings', rolsuper => 'f', rolinherit => 't',
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
rolpassword => '_null_', rolvaliduntil => '_null_' },
-{ oid => '3375', oid_symbol => 'DEFAULT_ROLE_READ_ALL_STATS',
+{ oid => '3375', oid_symbol => 'ROLE_PG_READ_ALL_STATS',
rolname => 'pg_read_all_stats', rolsuper => 'f', rolinherit => 't',
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
rolpassword => '_null_', rolvaliduntil => '_null_' },
-{ oid => '3377', oid_symbol => 'DEFAULT_ROLE_STAT_SCAN_TABLES',
+{ oid => '3377', oid_symbol => 'ROLE_PG_STAT_SCAN_TABLES',
rolname => 'pg_stat_scan_tables', rolsuper => 'f', rolinherit => 't',
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
rolpassword => '_null_', rolvaliduntil => '_null_' },
-{ oid => '4569', oid_symbol => 'DEFAULT_ROLE_READ_SERVER_FILES',
+{ oid => '4569', oid_symbol => 'ROLE_PG_READ_SERVER_FILES',
rolname => 'pg_read_server_files', rolsuper => 'f', rolinherit => 't',
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
rolpassword => '_null_', rolvaliduntil => '_null_' },
-{ oid => '4570', oid_symbol => 'DEFAULT_ROLE_WRITE_SERVER_FILES',
+{ oid => '4570', oid_symbol => 'ROLE_PG_WRITE_SERVER_FILES',
rolname => 'pg_write_server_files', rolsuper => 'f', rolinherit => 't',
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
rolpassword => '_null_', rolvaliduntil => '_null_' },
-{ oid => '4571', oid_symbol => 'DEFAULT_ROLE_EXECUTE_SERVER_PROGRAM',
+{ oid => '4571', oid_symbol => 'ROLE_PG_EXECUTE_SERVER_PROGRAM',
rolname => 'pg_execute_server_program', rolsuper => 'f', rolinherit => 't',
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
rolpassword => '_null_', rolvaliduntil => '_null_' },
-{ oid => '4200', oid_symbol => 'DEFAULT_ROLE_SIGNAL_BACKENDID',
+{ oid => '4200', oid_symbol => 'ROLE_PG_SIGNAL_BACKEND',
rolname => 'pg_signal_backend', rolsuper => 'f', rolinherit => 't',
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-20 14:34:58 +0000