NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit2930078

committed

Reserve the "pg_" namespace for roles

This will prevent users from creating roles which begin with "pg_" andwill check for those roles before allowing an upgrade using pg_upgrade.This will allow for default roles to be provided at initdb time.Reviews by José Luis Tallón and Robert Haas

1 parentfa6075e commit2930078Copy full SHA for 2930078

File tree

21 files changed

+226

-13

lines changed

doc/src/sgml/ref
- psql-ref.sgml
src
- backend
  - catalog
    - aclchk.c
    - catalog.c
  - commands
  - utils/adt
    - acl.c
- bin
  - pg_dump
    - pg_dumpall.c
  - pg_upgrade
    - check.c
  - psql
- include/utils
  - acl.h
- test/regress
  - expected
    - rolenames.out
  - sql
    - rolenames.sql

21 files changed

+226

-13

lines changed

`‎doc/src/sgml/ref/psql-ref.sgml`

Lines changed: 6 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1365,13 +1365,15 @@ testdb=>`
`1365`	`1365`
`1366`	`1366`
`1367`	`1367`	`<varlistentry>`
`1368`		`- <term><literal>\dg[+] [ <link linkend="APP-PSQL-patterns"><replaceable class="parameter">pattern</replaceable></link> ]</literal></term>`
	`1368`	`+ <term><literal>\dg[S+] [ <link linkend="APP-PSQL-patterns"><replaceable class="parameter">pattern</replaceable></link> ]</literal></term>`
`1369`	`1369`	`<listitem>`
`1370`	`1370`	`<para>`
`1371`	`1371`	`Lists database roles.`
`1372`	`1372`	`(Since the concepts of <quote>users</> and <quote>groups</> have been`
`1373`	`1373`	`unified into <quote>roles</>, this command is now equivalent to`
`1374`	`1374`	`<literal>\du</literal>.)`
	`1375`	`+ By default, only user-created roles are shown; supply the`
	`1376`	`+ <literal>S</literal> modifier to include system roles.`
`1375`	`1377`	`If <replaceable class="parameter">pattern</replaceable> is specified,`
`1376`	`1378`	`only those roles whose names match the pattern are listed.`
`1377`	`1379`	`If the form <literal>\dg+</literal> is used, additional information`
`@@ -1525,13 +1527,15 @@ testdb=>`
`1525`	`1527`	`</varlistentry>`
`1526`	`1528`
`1527`	`1529`	`<varlistentry>`
`1528`		`- <term><literal>\du[+] [ <link linkend="APP-PSQL-patterns"><replaceable class="parameter">pattern</replaceable></link> ]</literal></term>`
	`1530`	`+ <term><literal>\du[S+] [ <link linkend="APP-PSQL-patterns"><replaceable class="parameter">pattern</replaceable></link> ]</literal></term>`
`1529`	`1531`	`<listitem>`
`1530`	`1532`	`<para>`
`1531`	`1533`	`Lists database roles.`
`1532`	`1534`	`(Since the concepts of <quote>users</> and <quote>groups</> have been`
`1533`	`1535`	`unified into <quote>roles</>, this command is now equivalent to`
`1534`	`1536`	`<literal>\dg</literal>.)`
	`1537`	`+ By default, only user-created roles are shown; supply the`
	`1538`	`+ <literal>S</literal> modifier to include system roles.`
`1535`	`1539`	`If <replaceable class="parameter">pattern</replaceable> is specified,`
`1536`	`1540`	`only those roles whose names match the pattern are listed.`
`1537`	`1541`	`If the form <literal>\du+</literal> is used, additional information`

`‎src/backend/catalog/aclchk.c`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -423,6 +423,9 @@ ExecuteGrantStmt(GrantStmt *stmt)`
`423`	`423`	`grantee_uid=ACL_ID_PUBLIC;`
`424`	`424`	`break;`
`425`	`425`	`default:`
	`426`	`+if (!IsBootstrapProcessingMode())`
	`427`	`+check_rolespec_name((Node*)grantee,`
	`428`	`+"Cannot GRANT or REVOKE privileges to or from a reserved role.");`
`426`	`429`	`grantee_uid=get_rolespec_oid((Node*)grantee, false);`
`427`	`430`	`break;`
`428`	`431`	`}`
`@@ -918,6 +921,8 @@ ExecAlterDefaultPrivilegesStmt(AlterDefaultPrivilegesStmt *stmt)`
`918`	`921`	`grantee_uid=ACL_ID_PUBLIC;`
`919`	`922`	`break;`
`920`	`923`	`default:`
	`924`	`+check_rolespec_name((Node*)grantee,`
	`925`	`+"Cannot GRANT or REVOKE default privileges to or from a reserved role.");`
`921`	`926`	`grantee_uid=get_rolespec_oid((Node*)grantee, false);`
`922`	`927`	`break;`
`923`	`928`	`}`
`@@ -1008,6 +1013,8 @@ ExecAlterDefaultPrivilegesStmt(AlterDefaultPrivilegesStmt *stmt)`
`1008`	`1013`	`{`
`1009`	`1014`	`RoleSpec*rolespec=lfirst(rolecell);`
`1010`	`1015`
	`1016`	`+check_rolespec_name((Node*)rolespec,`
	`1017`	`+"Cannot alter default privileges for reserved role.");`
`1011`	`1018`	`iacls.roleid=get_rolespec_oid((Node*)rolespec, false);`
`1012`	`1019`
`1013`	`1020`	`/*`

`‎src/backend/catalog/catalog.c`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -184,8 +184,9 @@ IsToastNamespace(Oid namespaceId)`
`184`	`184`	`*True iff name starts with the pg_ prefix.`
`185`	`185`	`*`
`186`	`186`	`*For some classes of objects, the prefix pg_ is reserved for`
`187`		`- *system objects only. As of 8.0, this is only true for`
`188`		`- *schema and tablespace names.`
	`187`	`+ *system objects only. As of 8.0, this was only true for`
	`188`	`+ *schema and tablespace names. With 9.6, this is also true`
	`189`	`+ *for roles.`
`189`	`190`	`*/`
`190`	`191`	`bool`
`191`	`192`	`IsReservedName(constchar*name)`

`‎src/backend/commands/alter.c`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -747,6 +747,9 @@ ExecAlterOwnerStmt(AlterOwnerStmt *stmt)`
`747`	`747`	`{`
`748`	`748`	`Oidnewowner=get_rolespec_oid(stmt->newowner, false);`
`749`	`749`
	`750`	`+check_rolespec_name(stmt->newowner,`
	`751`	`+"Cannot make reserved roles owners of objects.");`
	`752`	`+`
`750`	`753`	`switch (stmt->objectType)`
`751`	`754`	`{`
`752`	`755`	`caseOBJECT_DATABASE:`

`‎src/backend/commands/foreigncmds.c`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1148,6 +1148,10 @@ CreateUserMapping(CreateUserMappingStmt *stmt)`
`1148`	`1148`	`else`
`1149`	`1149`	`useId=get_rolespec_oid(stmt->user, false);`
`1150`	`1150`
	`1151`	`+/* Additional check to protect reserved role names */`
	`1152`	`+check_rolespec_name(stmt->user,`
	`1153`	`+"Cannot specify reserved role as mapping user.");`
	`1154`	`+`
`1151`	`1155`	`/* Check that the server exists. */`
`1152`	`1156`	`srv=GetForeignServerByName(stmt->servername, false);`
`1153`	`1157`
`@@ -1248,6 +1252,10 @@ AlterUserMapping(AlterUserMappingStmt *stmt)`
`1248`	`1252`	`else`
`1249`	`1253`	`useId=get_rolespec_oid(stmt->user, false);`
`1250`	`1254`
	`1255`	`+/* Additional check to protect reserved role names */`
	`1256`	`+check_rolespec_name(stmt->user,`
	`1257`	`+"Cannot alter reserved role mapping user.");`
	`1258`	`+`
`1251`	`1259`	`srv=GetForeignServerByName(stmt->servername, false);`
`1252`	`1260`
`1253`	`1261`	`umId=GetSysCacheOid2(USERMAPPINGUSERSERVER,`
`@@ -1337,6 +1345,11 @@ RemoveUserMapping(DropUserMappingStmt *stmt)`
`1337`	`1345`	`else`
`1338`	`1346`	`{`
`1339`	`1347`	`useId=get_rolespec_oid(stmt->user,stmt->missing_ok);`
	`1348`	`+`
	`1349`	`+/* Additional check to protect reserved role names */`
	`1350`	`+check_rolespec_name(stmt->user,`
	`1351`	`+"Cannot remove reserved role mapping user.");`
	`1352`	`+`
`1340`	`1353`	`if (!OidIsValid(useId))`
`1341`	`1354`	`{`
`1342`	`1355`	`/*`

`‎src/backend/commands/policy.c`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -176,8 +176,13 @@ policy_role_list_to_array(List roles, int num_roles)`
`176`	`176`	`returnrole_oids;`
`177`	`177`	`}`
`178`	`178`	`else`
	`179`	`+{`
	`180`	`+/* Additional check to protect reserved role names */`
	`181`	`+check_rolespec_name((Node*)spec,`
	`182`	`+"Cannot specify reserved role as policy target");`
`179`	`183`	`role_oids[i++]=`
`180`	`184`	`ObjectIdGetDatum(get_rolespec_oid((Node*)spec, false));`
	`185`	`+}`
`181`	`186`	`}`
`182`	`187`
`183`	`188`	`returnrole_oids;`

`‎src/backend/commands/schemacmds.c`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,10 @@ CreateSchemaCommand(CreateSchemaStmt stmt, const char queryString)`
`65`	`65`	`else`
`66`	`66`	`owner_uid=saved_uid;`
`67`	`67`
	`68`	`+/* Additional check to protect reserved role names */`
	`69`	`+check_rolespec_name(stmt->authrole,`
	`70`	`+"Cannot specify reserved role as owner.");`
	`71`	`+`
`68`	`72`	`/* fill schema name with the user name if not specified */`
`69`	`73`	`if (!schemaName)`
`70`	`74`	`{`

`‎src/backend/commands/tablecmds.c`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3566,6 +3566,8 @@ ATExecCmd(List *wqueue, AlteredTableInfo tab, Relation rel,`
`3566`	`3566`	`(List*)cmd->def,lockmode);`
`3567`	`3567`	`break;`
`3568`	`3568`	`caseAT_ChangeOwner:/* ALTER OWNER */`
	`3569`	`+check_rolespec_name(cmd->newowner,`
	`3570`	`+"Cannot specify reserved role as owner.");`
`3569`	`3571`	`ATExecChangeOwner(RelationGetRelid(rel),`
`3570`	`3572`	`get_rolespec_oid(cmd->newowner, false),`
`3571`	`3573`	`false,lockmode);`

`‎src/backend/commands/tablespace.c`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -256,6 +256,10 @@ CreateTableSpace(CreateTableSpaceStmt *stmt)`
`256`	`256`	`else`
`257`	`257`	`ownerId=GetUserId();`
`258`	`258`
	`259`	`+/* Additional check to protect reserved role names */`
	`260`	`+check_rolespec_name(stmt->owner,`
	`261`	`+"Cannot specify reserved role as owner.");`
	`262`	`+`
`259`	`263`	`/* Unix-ify the offered path, and strip any trailing slashes */`
`260`	`264`	`location=pstrdup(stmt->location);`
`261`	`265`	`canonicalize_path(location);`

`‎src/backend/commands/user.c`

Lines changed: 49 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@`
`17`	`17`	`#include"access/htup_details.h"`
`18`	`18`	`#include"access/xact.h"`
`19`	`19`	`#include"catalog/binary_upgrade.h"`
	`20`	`+#include"catalog/catalog.h"`
`20`	`21`	`#include"catalog/dependency.h"`
`21`	`22`	`#include"catalog/indexing.h"`
`22`	`23`	`#include"catalog/objectaccess.h"`
`@@ -311,6 +312,17 @@ CreateRole(CreateRoleStmt *stmt)`
`311`	`312`	`errmsg("permission denied to create role")));`
`312`	`313`	`}`
`313`	`314`
	`315`	`+/*`
	`316`	`+ * Check that the user is not trying to create a role in the reserved`
	`317`	`+ * "pg_" namespace.`
	`318`	`+ */`
	`319`	`+if (IsReservedName(stmt->role))`
	`320`	`+ereport(ERROR,`
	`321`	`+(errcode(ERRCODE_RESERVED_NAME),`
	`322`	`+errmsg("role name \"%s\" is reserved",`
	`323`	`+stmt->role),`
	`324`	`+errdetail("Role names starting with \"pg_\" are reserved.")));`
	`325`	`+`
`314`	`326`	`/*`
`315`	`327`	`* Check the pg_authid relation to be certain the role doesn't already`
`316`	`328`	`* exist.`
`@@ -507,6 +519,9 @@ AlterRole(AlterRoleStmt *stmt)`
`507`	`519`	`DefElem*dbypassRLS=NULL;`
`508`	`520`	`Oidroleid;`
`509`	`521`
	`522`	`+check_rolespec_name(stmt->role,`
	`523`	`+"Cannot alter reserved roles.");`
	`524`	`+`
`510`	`525`	`/* Extract options from the statement node tree */`
`511`	`526`	`foreach(option,stmt->options)`
`512`	`527`	`{`
`@@ -857,6 +872,9 @@ AlterRoleSet(AlterRoleSetStmt *stmt)`
`857`	`872`
`858`	`873`	`if (stmt->role)`
`859`	`874`	`{`
	`875`	`+check_rolespec_name(stmt->role,`
	`876`	`+"Cannot alter reserved roles.");`
	`877`	`+`
`860`	`878`	`roletuple=get_rolespec_tuple(stmt->role);`
`861`	`879`	`roleid=HeapTupleGetOid(roletuple);`
`862`	`880`
`@@ -1117,6 +1135,7 @@ RenameRole(const char oldname, const char newname)`
`1117`	`1135`	`inti;`
`1118`	`1136`	`Oidroleid;`
`1119`	`1137`	`ObjectAddressaddress;`
	`1138`	`+Form_pg_authidauthform;`
`1120`	`1139`
`1121`	`1140`	`rel=heap_open(AuthIdRelationId,RowExclusiveLock);`
`1122`	`1141`	`dsc=RelationGetDescr(rel);`
`@@ -1136,6 +1155,7 @@ RenameRole(const char oldname, const char newname)`
`1136`	`1155`	`*/`
`1137`	`1156`
`1138`	`1157`	`roleid=HeapTupleGetOid(oldtuple);`
	`1158`	`+authform= (Form_pg_authid)GETSTRUCT(oldtuple);`
`1139`	`1159`
`1140`	`1160`	`if (roleid==GetSessionUserId())`
`1141`	`1161`	`ereport(ERROR,`
`@@ -1146,6 +1166,24 @@ RenameRole(const char oldname, const char newname)`
`1146`	`1166`	`(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),`
`1147`	`1167`	`errmsg("current user cannot be renamed")));`
`1148`	`1168`
	`1169`	`+/*`
	`1170`	`+ * Check that the user is not trying to rename a system role and`
	`1171`	`+ * not trying to rename a role into the reserved "pg_" namespace.`
	`1172`	`+ */`
	`1173`	`+if (IsReservedName(NameStr(authform->rolname)))`
	`1174`	`+ereport(ERROR,`
	`1175`	`+(errcode(ERRCODE_RESERVED_NAME),`
	`1176`	`+errmsg("role name \"%s\" is reserved",`
	`1177`	`+NameStr(authform->rolname)),`
	`1178`	`+errdetail("Role names starting with \"pg_\" are reserved.")));`
	`1179`	`+`
	`1180`	`+if (IsReservedName(newname))`
	`1181`	`+ereport(ERROR,`
	`1182`	`+(errcode(ERRCODE_RESERVED_NAME),`
	`1183`	`+errmsg("role name \"%s\" is reserved",`
	`1184`	`+newname),`
	`1185`	`+errdetail("Role names starting with \"pg_\" are reserved.")));`
	`1186`	`+`
`1149`	`1187`	`/* make sure the new name doesn't exist */`
`1150`	`1188`	`if (SearchSysCacheExists1(AUTHNAME,CStringGetDatum(newname)))`
`1151`	`1189`	`ereport(ERROR,`
`@@ -1224,10 +1262,18 @@ GrantRole(GrantRoleStmt *stmt)`
`1224`	`1262`	`ListCell*item;`
`1225`	`1263`
`1226`	`1264`	`if (stmt->grantor)`
	`1265`	`+{`
	`1266`	`+check_rolespec_name(stmt->grantor,`
	`1267`	`+"Cannot specify reserved role as grantor.");`
`1227`	`1268`	`grantor=get_rolespec_oid(stmt->grantor, false);`
	`1269`	`+}`
`1228`	`1270`	`else`
`1229`	`1271`	`grantor=GetUserId();`
`1230`	`1272`
	`1273`	`+foreach(item,stmt->grantee_roles)`
	`1274`	`+check_rolespec_name(lfirst(item),`
	`1275`	`+"Cannot GRANT roles to a reserved role.");`
	`1276`	`+`
`1231`	`1277`	`grantee_ids=roleSpecsToIds(stmt->grantee_roles);`
`1232`	`1278`
`1233`	`1279`	`/* AccessShareLock is enough since we aren't modifying pg_authid */`
`@@ -1318,6 +1364,9 @@ ReassignOwnedObjects(ReassignOwnedStmt *stmt)`
`1318`	`1364`	`errmsg("permission denied to reassign objects")));`
`1319`	`1365`	`}`
`1320`	`1366`
	`1367`	`+check_rolespec_name(stmt->newrole,`
	`1368`	`+"Cannot specify reserved role as owner.");`
	`1369`	`+`
`1321`	`1370`	`/* Must have privileges on the receiving side too */`
`1322`	`1371`	`newrole=get_rolespec_oid(stmt->newrole, false);`
`1323`	`1372`

`‎src/backend/commands/variable.c`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -854,6 +854,9 @@ check_role(char newval, void extra, GucSource source)`
`854`	`854`	`roleid=InvalidOid;`
`855`	`855`	`is_superuser= false;`
`856`	`856`	`}`
	`857`	`+/* Do not allow setting role to a reserved role. */`
	`858`	`+elseif (strncmp(*newval,"pg_",3)==0)`
	`859`	`+return false;`
`857`	`860`	`else`
`858`	`861`	`{`
`859`	`862`	`if (!IsTransactionState())`

`‎src/backend/utils/adt/acl.c`

Lines changed: 39 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@`
`17`	`17`	`#include<ctype.h>`
`18`	`18`
`19`	`19`	`#include"access/htup_details.h"`
	`20`	`+#include"catalog/catalog.h"`
`20`	`21`	`#include"catalog/namespace.h"`
`21`	`22`	`#include"catalog/pg_authid.h"`
`22`	`23`	`#include"catalog/pg_auth_members.h"`
`@@ -5247,3 +5248,41 @@ get_rolespec_name(const Node *node)`
`5247`	`5248`
`5248`	`5249`	`returnrolename;`
`5249`	`5250`	`}`
	`5251`	`+`
	`5252`	`+/*`
	`5253`	`+ * Given a RoleSpec, throw an error if the name is reserved, using detail_msg,`
	`5254`	`+ * if provided.`
	`5255`	`+ *`
	`5256`	`+ * If node is NULL, no error is thrown. If detail_msg is NULL then no detail`
	`5257`	`+ * message is provided.`
	`5258`	`+ */`
	`5259`	`+void`
	`5260`	`+check_rolespec_name(constNodenode,constchardetail_msg)`
	`5261`	`+{`
	`5262`	`+RoleSpec*role;`
	`5263`	`+`
	`5264`	`+if (!node)`
	`5265`	`+return;`
	`5266`	`+`
	`5267`	`+role= (RoleSpec*)node;`
	`5268`	`+`
	`5269`	`+Assert(IsA(node,RoleSpec));`
	`5270`	`+`
	`5271`	`+if (role->roletype!=ROLESPEC_CSTRING)`
	`5272`	`+return;`
	`5273`	`+`
	`5274`	`+if (IsReservedName(role->rolename))`
	`5275`	`+{`
	`5276`	`+if (detail_msg)`
	`5277`	`+ereport(ERROR,`
	`5278`	`+(errcode(ERRCODE_RESERVED_NAME),`
	`5279`	`+errmsg("role \"%s\" is reserved",`
	`5280`	`+role->rolename),`
	`5281`	`+errdetail("%s",detail_msg)));`
	`5282`	`+else`
	`5283`	`+ereport(ERROR,`
	`5284`	`+(errcode(ERRCODE_RESERVED_NAME),`
	`5285`	`+errmsg("role \"%s\" is reserved",`
	`5286`	`+role->rolename)));`
	`5287`	`+}`
	`5288`	`+}`

`‎src/bin/pg_dump/pg_dumpall.c`

Lines changed: 10 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -665,7 +665,7 @@ dumpRoles(PGconn *conn)`
`665`	`665`	`inti;`
`666`	`666`
`667`	`667`	`/* note: rolconfig is dumped later */`
`668`		`-if (server_version >=90500)`
	`668`	`+if (server_version >=90600)`
`669`	`669`	`printfPQExpBuffer(buf,`
`670`	`670`	`"SELECT oid, rolname, rolsuper, rolinherit, "`
`671`	`671`	`"rolcreaterole, rolcreatedb, "`
`@@ -674,6 +674,7 @@ dumpRoles(PGconn *conn)`
`674`	`674`	`"pg_catalog.shobj_description(oid, 'pg_authid') as rolcomment, "`
`675`	`675`	`"rolname = current_user AS is_current_user "`
`676`	`676`	`"FROM pg_authid "`
	`677`	`+"WHERE rolname !~ '^pg_' "`
`677`	`678`	`"ORDER BY 2");`
`678`	`679`	`elseif (server_version >=90100)`
`679`	`680`	`printfPQExpBuffer(buf,`
`@@ -771,6 +772,13 @@ dumpRoles(PGconn *conn)`
`771`	`772`	`auth_oid=atooid(PQgetvalue(res,i,i_oid));`
`772`	`773`	`rolename=PQgetvalue(res,i,i_rolname);`
`773`	`774`
	`775`	`+if (strncmp(rolename,"pg_",3)==0)`
	`776`	`+{`
	`777`	`+fprintf(stderr,_("%s: role name starting with 'pg_' skipped (%s)\n"),`
	`778`	`+progname,rolename);`
	`779`	`+continue;`
	`780`	`+}`
	`781`	`+`
`774`	`782`	`resetPQExpBuffer(buf);`
`775`	`783`
`776`	`784`	`if (binary_upgrade)`
`@@ -896,6 +904,7 @@ dumpRoleMembership(PGconn *conn)`
`896`	`904`	`"LEFT JOIN pg_authid ur on ur.oid = a.roleid "`
`897`	`905`	`"LEFT JOIN pg_authid um on um.oid = a.member "`
`898`	`906`	`"LEFT JOIN pg_authid ug on ug.oid = a.grantor "`
	`907`	`+"WHERE NOT (ur.rolname ~ '^pg_' AND um.rolname ~ '^pg_')"`
`899`	`908`	`"ORDER BY 1,2,3");`
`900`	`909`
`901`	`910`	`if (PQntuples(res)>0)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2930078

File tree

21 files changed

21 files changed

`‎doc/src/sgml/ref/psql-ref.sgml`

`‎src/backend/catalog/aclchk.c`

`‎src/backend/catalog/catalog.c`

`‎src/backend/commands/alter.c`

`‎src/backend/commands/foreigncmds.c`

`‎src/backend/commands/policy.c`

`‎src/backend/commands/schemacmds.c`

`‎src/backend/commands/tablecmds.c`

`‎src/backend/commands/tablespace.c`

`‎src/backend/commands/user.c`

`‎src/backend/commands/variable.c`

`‎src/backend/utils/adt/acl.c`

`‎src/bin/pg_dump/pg_dumpall.c`

0 commit comments