From 9b8aff8c192e2f313f90395d114c58a9ef84f97f Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Wed, 29 Dec 2010 11:05:03 +0100 Subject: Add REPLICATION privilege for ROLEs This privilege is required to do Streaming Replication, instead of superuser, making it possible to set up a SR slave that doesn't have write permissions on the master. Superuser privileges do NOT override this check, so in order to use the default superuser account for replication it must be explicitly granted the REPLICATION permissions. This is backwards incompatible change, in the interest of higher default security. --- src/backend/utils/init/miscinit.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'src/backend/utils/init/miscinit.c') diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index d74b5ccb30d..0d5ffb0a8e5 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -231,6 +231,7 @@ static int SecurityRestrictionContext = 0; static bool SetRoleIsActive = false; + /* * GetUserId - get the current effective user ID. * @@ -388,6 +389,24 @@ SetUserIdAndContext(Oid userid, bool sec_def_context) } +/* + * Check if the authenticated user is a replication role + */ +bool +is_authenticated_user_replication_role(void) +{ + bool result = false; + HeapTuple utup; + + utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(AuthenticatedUserId)); + if (HeapTupleIsValid(utup)) + { + result = ((Form_pg_authid) GETSTRUCT(utup))->rolreplication; + ReleaseSysCache(utup); + } + return result; +} + /* * Initialize user identity during normal backend startup */ -- cgit v1.2.3