NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit3d2aed6

committed

Avoid using unsafe search_path settings during dump and restore.

Historically, pg_dump has "set search_path = foo, pg_catalog" whendumping an object in schema "foo", and has also caused that settingto be used while restoring the object. This is problematic becausefunctions and operators in schema "foo" could capture references meantto refer to pg_catalog entries, both in the queries issued by pg_dumpand those issued during the subsequent restore run. That couldresult in dump/restore misbehavior, or in privilege escalation if anefarious user installs trojan-horse functions or operators.This patch changes pg_dump so that it does not change the search_pathdynamically. The emitted restore script sets the search_path to whatwas used at dump time, and then leaves it alone thereafter. Createdobjects are placed in the correct schema, regardless of the activesearch_path, by dint of schema-qualifying their names in the CREATEcommands, as well as in subsequent ALTER and ALTER-like commands.Since this change requires a change in the behavior of pg_restorewhen processing an archive file made according to this new convention,bump the archive file version number; old versions of pg_restore willtherefore refuse to process files made with new versions of pg_dump.Security:CVE-2018-1058

1 parent3bf05e0 commit3d2aed6Copy full SHA for 3d2aed6

File tree

16 files changed

+1166

-1492

lines changed

src
- backend/utils/adt
  - ruleutils.c
- bin/pg_dump
- test
  - modules/test_pg_dump/t
    - 001_base.pl
  - regress/expected

16 files changed

+1166

-1492

lines changed

`‎src/backend/utils/adt/ruleutils.c`

Lines changed: 32 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -86,15 +86,17 @@`
`86`	`86`	`#definePRETTYINDENT_LIMIT40/* wrap limit */`
`87`	`87`
`88`	`88`	`/* Pretty flags */`
`89`		`-#definePRETTYFLAG_PAREN1`
`90`		`-#definePRETTYFLAG_INDENT2`
	`89`	`+#definePRETTYFLAG_PAREN0x0001`
	`90`	`+#definePRETTYFLAG_INDENT0x0002`
	`91`	`+#definePRETTYFLAG_SCHEMA0x0004`
`91`	`92`
`92`	`93`	`/* Default line length for pretty-print wrapping: 0 means wrap always */`
`93`	`94`	`#defineWRAP_COLUMN_DEFAULT0`
`94`	`95`
`95`		`-/macro to test if pretty action needed /`
	`96`	`+/macros to test if pretty action needed /`
`96`	`97`	`#definePRETTY_PAREN(context)((context)->prettyFlags & PRETTYFLAG_PAREN)`
`97`	`98`	`#definePRETTY_INDENT(context)((context)->prettyFlags & PRETTYFLAG_INDENT)`
	`99`	`+#definePRETTY_SCHEMA(context)((context)->prettyFlags & PRETTYFLAG_SCHEMA)`
`98`	`100`
`99`	`101`
`100`	`102`	`/* ----------`
`@@ -499,7 +501,7 @@ pg_get_ruledef_ext(PG_FUNCTION_ARGS)`
`499`	`501`	`intprettyFlags;`
`500`	`502`	`char*res;`
`501`	`503`
`502`		`-prettyFlags=pretty ?PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT :PRETTYFLAG_INDENT;`
	`504`	`+prettyFlags=pretty ?(PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT \|PRETTYFLAG_SCHEMA) :PRETTYFLAG_INDENT;`
`503`	`505`
`504`	`506`	`res=pg_get_ruledef_worker(ruleoid,prettyFlags);`
`505`	`507`
`@@ -620,7 +622,7 @@ pg_get_viewdef_ext(PG_FUNCTION_ARGS)`
`620`	`622`	`intprettyFlags;`
`621`	`623`	`char*res;`
`622`	`624`
`623`		`-prettyFlags=pretty ?PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT :PRETTYFLAG_INDENT;`
	`625`	`+prettyFlags=pretty ?(PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT \|PRETTYFLAG_SCHEMA) :PRETTYFLAG_INDENT;`
`624`	`626`
`625`	`627`	`res=pg_get_viewdef_worker(viewoid,prettyFlags,WRAP_COLUMN_DEFAULT);`
`626`	`628`
`@@ -640,7 +642,7 @@ pg_get_viewdef_wrap(PG_FUNCTION_ARGS)`
`640`	`642`	`char*res;`
`641`	`643`
`642`	`644`	`/* calling this implies we want pretty printing */`
`643`		`-prettyFlags=PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT;`
	`645`	`+prettyFlags=PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT \|PRETTYFLAG_SCHEMA;`
`644`	`646`
`645`	`647`	`res=pg_get_viewdef_worker(viewoid,prettyFlags,wrap);`
`646`	`648`
`@@ -686,7 +688,7 @@ pg_get_viewdef_name_ext(PG_FUNCTION_ARGS)`
`686`	`688`	`Oidviewoid;`
`687`	`689`	`char*res;`
`688`	`690`
`689`		`-prettyFlags=pretty ?PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT :PRETTYFLAG_INDENT;`
	`691`	`+prettyFlags=pretty ?(PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT \|PRETTYFLAG_SCHEMA) :PRETTYFLAG_INDENT;`
`690`	`692`
`691`	`693`	`/* Look up view name. Can't lock it - we might not have privileges. */`
`692`	`694`	`viewrel=makeRangeVarFromNameList(textToQualifiedNameList(viewname));`
`@@ -922,8 +924,15 @@ pg_get_triggerdef_worker(Oid trigid, bool pretty)`
`922`	`924`	`appendStringInfoString(&buf," TRUNCATE");`
`923`	`925`	`findx++;`
`924`	`926`	`}`
	`927`	`+`
	`928`	`+/*`
	`929`	`+ * In non-pretty mode, always schema-qualify the target table name for`
	`930`	`+ * safety. In pretty mode, schema-qualify only if not visible.`
	`931`	`+ */`
`925`	`932`	`appendStringInfo(&buf," ON %s ",`
`926`		`-generate_relation_name(trigrec->tgrelid,NIL));`
	`933`	`+pretty ?`
	`934`	`+generate_relation_name(trigrec->tgrelid,NIL) :`
	`935`	`+generate_qualified_relation_name(trigrec->tgrelid));`
`927`	`936`
`928`	`937`	`if (OidIsValid(trigrec->tgconstraint))`
`929`	`938`	`{`
`@@ -1017,7 +1026,7 @@ pg_get_triggerdef_worker(Oid trigid, bool pretty)`
`1017`	`1026`	`context.windowClause=NIL;`
`1018`	`1027`	`context.windowTList=NIL;`
`1019`	`1028`	`context.varprefix= true;`
`1020`		`-context.prettyFlags=pretty ?PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT :PRETTYFLAG_INDENT;`
	`1029`	`+context.prettyFlags=pretty ?(PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT \|PRETTYFLAG_SCHEMA) :PRETTYFLAG_INDENT;`
`1021`	`1030`	`context.wrapColumn=WRAP_COLUMN_DEFAULT;`
`1022`	`1031`	`context.indentLevel=PRETTYINDENT_STD;`
`1023`	`1032`	`context.special_exprkind=EXPR_KIND_NONE;`
`@@ -1104,7 +1113,7 @@ pg_get_indexdef_ext(PG_FUNCTION_ARGS)`
`1104`	`1113`	`intprettyFlags;`
`1105`	`1114`	`char*res;`
`1106`	`1115`
`1107`		`-prettyFlags=pretty ?PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT :PRETTYFLAG_INDENT;`
	`1116`	`+prettyFlags=pretty ?(PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT \|PRETTYFLAG_SCHEMA) :PRETTYFLAG_INDENT;`
`1108`	`1117`
`1109`	`1118`	`res=pg_get_indexdef_worker(indexrelid,colno,NULL,colno!=0, false,`
`1110`	`1119`	`false,prettyFlags, true);`
`@@ -1132,7 +1141,8 @@ pg_get_indexdef_columns(Oid indexrelid, bool pretty)`
`1132`	`1141`	`{`
`1133`	`1142`	`intprettyFlags;`
`1134`	`1143`
`1135`		`-prettyFlags=pretty ?PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT :PRETTYFLAG_INDENT;`
	`1144`	`+prettyFlags=pretty ? (PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT \|PRETTYFLAG_SCHEMA) :PRETTYFLAG_INDENT;`
	`1145`	`+`
`1136`	`1146`	`returnpg_get_indexdef_worker(indexrelid,0,NULL, true, false, false,`
`1137`	`1147`	`prettyFlags, false);`
`1138`	`1148`	`}`
`@@ -1264,7 +1274,9 @@ pg_get_indexdef_worker(Oid indexrelid, int colno,`
`1264`	`1274`	`quote_identifier(NameStr(idxrelrec->relname)),`
`1265`	`1275`	`idxrelrec->relkind==RELKIND_PARTITIONED_INDEX`
`1266`	`1276`	`&& !inherits ?"ONLY " :"",`
`1267`		`-generate_relation_name(indrelid,NIL),`
	`1277`	`+ (prettyFlags&PRETTYFLAG_SCHEMA) ?`
	`1278`	`+generate_relation_name(indrelid,NIL) :`
	`1279`	`+generate_qualified_relation_name(indrelid),`
`1268`	`1280`	`quote_identifier(NameStr(amrec->amname)));`
`1269`	`1281`	`else/* currently, must be EXCLUDE constraint */`
`1270`	`1282`	`appendStringInfo(&buf,"EXCLUDE USING %s (",`
`@@ -1575,7 +1587,8 @@ pg_get_partkeydef_columns(Oid relid, bool pretty)`
`1575`	`1587`	`{`
`1576`	`1588`	`intprettyFlags;`
`1577`	`1589`
`1578`		`-prettyFlags=pretty ?PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT :PRETTYFLAG_INDENT;`
	`1590`	`+prettyFlags=pretty ? (PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT \|PRETTYFLAG_SCHEMA) :PRETTYFLAG_INDENT;`
	`1591`	`+`
`1579`	`1592`	`returnpg_get_partkeydef_worker(relid,prettyFlags, true, false);`
`1580`	`1593`	`}`
`1581`	`1594`
`@@ -1803,7 +1816,7 @@ pg_get_constraintdef_ext(PG_FUNCTION_ARGS)`
`1803`	`1816`	`intprettyFlags;`
`1804`	`1817`	`char*res;`
`1805`	`1818`
`1806`		`-prettyFlags=pretty ?PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT :PRETTYFLAG_INDENT;`
	`1819`	`+prettyFlags=pretty ?(PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT \|PRETTYFLAG_SCHEMA) :PRETTYFLAG_INDENT;`
`1807`	`1820`
`1808`	`1821`	`res=pg_get_constraintdef_worker(constraintId, false,prettyFlags, true);`
`1809`	`1822`
`@@ -2258,7 +2271,7 @@ pg_get_expr_ext(PG_FUNCTION_ARGS)`
`2258`	`2271`	`intprettyFlags;`
`2259`	`2272`	`char*relname;`
`2260`	`2273`
`2261`		`-prettyFlags=pretty ?PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT :PRETTYFLAG_INDENT;`
	`2274`	`+prettyFlags=pretty ?(PRETTYFLAG_PAREN \|PRETTYFLAG_INDENT \|PRETTYFLAG_SCHEMA) :PRETTYFLAG_INDENT;`
`2262`	`2275`
`2263`	`2276`	`if (OidIsValid(relid))`
`2264`	`2277`	`{`
`@@ -4709,7 +4722,10 @@ make_ruledef(StringInfo buf, HeapTuple ruletup, TupleDesc rulettc,`
`4709`	`4722`	`}`
`4710`	`4723`
`4711`	`4724`	`/* The relation the rule is fired on */`
`4712`		`-appendStringInfo(buf," TO %s",generate_relation_name(ev_class,NIL));`
	`4725`	`+appendStringInfo(buf," TO %s",`
	`4726`	`+ (prettyFlags&PRETTYFLAG_SCHEMA) ?`
	`4727`	`+generate_relation_name(ev_class,NIL) :`
	`4728`	`+generate_qualified_relation_name(ev_class));`
`4713`	`4729`
`4714`	`4730`	`/* If the rule has an event qualification, add it */`
`4715`	`4731`	`if (ev_qual==NULL)`

`‎src/bin/pg_dump/dumputils.c`

Lines changed: 71 additions & 29 deletions

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@ static void AddAcl(PQExpBuffer aclbuf, const char *keyword,`
`32`	`32`	`*`
`33`	`33`	`*name: the object name, in the form to use in the commands (already quoted)`
`34`	`34`	`*subname: the sub-object name, if any (already quoted); NULL if none`
	`35`	`+ *nspname: the namespace the object is in (NULL if none); not pre-quoted`
`35`	`36`	`*type: the object type (as seen in GRANT command: must be one of`
`36`	`37`	`*TABLE, SEQUENCE, FUNCTION, PROCEDURE, LANGUAGE, SCHEMA, DATABASE, TABLESPACE,`
`37`	`38`	`*FOREIGN DATA WRAPPER, SERVER, or LARGE OBJECT)`
`@@ -52,7 +53,7 @@ static void AddAcl(PQExpBuffer aclbuf, const char *keyword,`
`52`	`53`	`* since this routine uses fmtId() internally.`
`53`	`54`	`*/`
`54`	`55`	`bool`
`55`		`-buildACLCommands(constcharname,constcharsubname,`
	`56`	`+buildACLCommands(constcharname,constcharsubname,constchar*nspname,`
`56`	`57`	`constchartype,constcharacls,constchar*racls,`
`57`	`58`	`constcharowner,constcharprefix,intremoteVersion,`
`58`	`59`	`PQExpBuffersql)`
`@@ -152,7 +153,10 @@ buildACLCommands(const char name, const char subname,`
`152`	`153`	`appendPQExpBuffer(firstsql,"%sREVOKE ALL",prefix);`
`153`	`154`	`if (subname)`
`154`	`155`	`appendPQExpBuffer(firstsql,"(%s)",subname);`
`155`		`-appendPQExpBuffer(firstsql," ON %s %s FROM PUBLIC;\n",type,name);`
	`156`	`+appendPQExpBuffer(firstsql," ON %s ",type);`
	`157`	`+if (nspname&&*nspname)`
	`158`	`+appendPQExpBuffer(firstsql,"%s.",fmtId(nspname));`
	`159`	`+appendPQExpBuffer(firstsql,"%s FROM PUBLIC;\n",name);`
`156`	`160`	`}`
`157`	`161`	`else`
`158`	`162`	`{`
`@@ -170,8 +174,11 @@ buildACLCommands(const char name, const char subname,`
`170`	`174`	`{`
`171`	`175`	`if (privs->len>0)`
`172`	`176`	`{`
`173`		`-appendPQExpBuffer(firstsql,"%sREVOKE %s ON %s %s FROM ",`
`174`		`-prefix,privs->data,type,name);`
	`177`	`+appendPQExpBuffer(firstsql,"%sREVOKE %s ON %s ",`
	`178`	`+prefix,privs->data,type);`
	`179`	`+if (nspname&&*nspname)`
	`180`	`+appendPQExpBuffer(firstsql,"%s.",fmtId(nspname));`
	`181`	`+appendPQExpBuffer(firstsql,"%s FROM ",name);`
`175`	`182`	`if (grantee->len==0)`
`176`	`183`	`appendPQExpBufferStr(firstsql,"PUBLIC;\n");`
`177`	`184`	`elseif (strncmp(grantee->data,"group ",`
`@@ -185,8 +192,11 @@ buildACLCommands(const char name, const char subname,`
`185`	`192`	`if (privswgo->len>0)`
`186`	`193`	`{`
`187`	`194`	`appendPQExpBuffer(firstsql,`
`188`		`-"%sREVOKE GRANT OPTION FOR %s ON %s %s FROM ",`
`189`		`-prefix,privswgo->data,type,name);`
	`195`	`+"%sREVOKE GRANT OPTION FOR %s ON %s ",`
	`196`	`+prefix,privswgo->data,type);`
	`197`	`+if (nspname&&*nspname)`
	`198`	`+appendPQExpBuffer(firstsql,"%s.",fmtId(nspname));`
	`199`	`+appendPQExpBuffer(firstsql,"%s FROM ",name);`
`190`	`200`	`if (grantee->len==0)`
`191`	`201`	`appendPQExpBufferStr(firstsql,"PUBLIC");`
`192`	`202`	`elseif (strncmp(grantee->data,"group ",`
`@@ -251,18 +261,33 @@ buildACLCommands(const char name, const char subname,`
`251`	`261`	`appendPQExpBuffer(firstsql,"%sREVOKE ALL",prefix);`
`252`	`262`	`if (subname)`
`253`	`263`	`appendPQExpBuffer(firstsql,"(%s)",subname);`
`254`		`-appendPQExpBuffer(firstsql," ON %s %s FROM %s;\n",`
`255`		`-type,name,fmtId(grantee->data));`
	`264`	`+appendPQExpBuffer(firstsql," ON %s ",type);`
	`265`	`+if (nspname&&*nspname)`
	`266`	`+appendPQExpBuffer(firstsql,"%s.",fmtId(nspname));`
	`267`	`+appendPQExpBuffer(firstsql,"%s FROM %s;\n",`
	`268`	`+name,fmtId(grantee->data));`
`256`	`269`	`if (privs->len>0)`
	`270`	`+{`
`257`	`271`	`appendPQExpBuffer(firstsql,`
`258`		`-"%sGRANT %s ON %s %s TO %s;\n",`
`259`		`-prefix,privs->data,type,name,`
`260`		`-fmtId(grantee->data));`
	`272`	`+"%sGRANT %s ON %s ",`
	`273`	`+prefix,privs->data,type);`
	`274`	`+if (nspname&&*nspname)`
	`275`	`+appendPQExpBuffer(firstsql,"%s.",fmtId(nspname));`
	`276`	`+appendPQExpBuffer(firstsql,`
	`277`	`+"%s TO %s;\n",`
	`278`	`+name,fmtId(grantee->data));`
	`279`	`+}`
`261`	`280`	`if (privswgo->len>0)`
	`281`	`+{`
`262`	`282`	`appendPQExpBuffer(firstsql,`
`263`		`-"%sGRANT %s ON %s %s TO %s WITH GRANT OPTION;\n",`
`264`		`-prefix,privswgo->data,type,name,`
`265`		`-fmtId(grantee->data));`
	`283`	`+"%sGRANT %s ON %s ",`
	`284`	`+prefix,privswgo->data,type);`
	`285`	`+if (nspname&&*nspname)`
	`286`	`+appendPQExpBuffer(firstsql,"%s.",fmtId(nspname));`
	`287`	`+appendPQExpBuffer(firstsql,`
	`288`	`+"%s TO %s WITH GRANT OPTION;\n",`
	`289`	`+name,fmtId(grantee->data));`
	`290`	`+}`
`266`	`291`	`}`
`267`	`292`	`}`
`268`	`293`	`else`
`@@ -284,8 +309,11 @@ buildACLCommands(const char name, const char subname,`
`284`	`309`
`285`	`310`	`if (privs->len>0)`
`286`	`311`	`{`
`287`		`-appendPQExpBuffer(secondsql,"%sGRANT %s ON %s %s TO ",`
`288`		`-prefix,privs->data,type,name);`
	`312`	`+appendPQExpBuffer(secondsql,"%sGRANT %s ON %s ",`
	`313`	`+prefix,privs->data,type);`
	`314`	`+if (nspname&&*nspname)`
	`315`	`+appendPQExpBuffer(secondsql,"%s.",fmtId(nspname));`
	`316`	`+appendPQExpBuffer(secondsql,"%s TO ",name);`
`289`	`317`	`if (grantee->len==0)`
`290`	`318`	`appendPQExpBufferStr(secondsql,"PUBLIC;\n");`
`291`	`319`	`elseif (strncmp(grantee->data,"group ",`
`@@ -297,8 +325,11 @@ buildACLCommands(const char name, const char subname,`
`297`	`325`	`}`
`298`	`326`	`if (privswgo->len>0)`
`299`	`327`	`{`
`300`		`-appendPQExpBuffer(secondsql,"%sGRANT %s ON %s %s TO ",`
`301`		`-prefix,privswgo->data,type,name);`
	`328`	`+appendPQExpBuffer(secondsql,"%sGRANT %s ON %s ",`
	`329`	`+prefix,privswgo->data,type);`
	`330`	`+if (nspname&&*nspname)`
	`331`	`+appendPQExpBuffer(secondsql,"%s.",fmtId(nspname));`
	`332`	`+appendPQExpBuffer(secondsql,"%s TO ",name);`
`302`	`333`	`if (grantee->len==0)`
`303`	`334`	`appendPQExpBufferStr(secondsql,"PUBLIC");`
`304`	`335`	`elseif (strncmp(grantee->data,"group ",`
`@@ -328,8 +359,11 @@ buildACLCommands(const char name, const char subname,`
`328`	`359`	`appendPQExpBuffer(firstsql,"%sREVOKE ALL",prefix);`
`329`	`360`	`if (subname)`
`330`	`361`	`appendPQExpBuffer(firstsql,"(%s)",subname);`
`331`		`-appendPQExpBuffer(firstsql," ON %s %s FROM %s;\n",`
`332`		`-type,name,fmtId(owner));`
	`362`	`+appendPQExpBuffer(firstsql," ON %s ",type);`
	`363`	`+if (nspname&&*nspname)`
	`364`	`+appendPQExpBuffer(firstsql,"%s.",fmtId(nspname));`
	`365`	`+appendPQExpBuffer(firstsql,"%s FROM %s;\n",`
	`366`	`+name,fmtId(owner));`
`333`	`367`	`}`
`334`	`368`
`335`	`369`	`destroyPQExpBuffer(grantee);`
`@@ -388,7 +422,8 @@ buildDefaultACLCommands(const char type, const char nspname,`
`388`	`422`	`if (strlen(initacls)!=0\|\|strlen(initracls)!=0)`
`389`	`423`	`{`
`390`	`424`	`appendPQExpBuffer(sql,"SELECT pg_catalog.binary_upgrade_set_record_init_privs(true);\n");`
`391`		`-if (!buildACLCommands("",NULL,type,initacls,initracls,owner,`
	`425`	`+if (!buildACLCommands("",NULL,NULL,type,`
	`426`	`+initacls,initracls,owner,`
`392`	`427`	`prefix->data,remoteVersion,sql))`
`393`	`428`	`{`
`394`	`429`	`destroyPQExpBuffer(prefix);`
`@@ -397,7 +432,8 @@ buildDefaultACLCommands(const char type, const char nspname,`
`397`	`432`	`appendPQExpBuffer(sql,"SELECT pg_catalog.binary_upgrade_set_record_init_privs(false);\n");`
`398`	`433`	`}`
`399`	`434`
`400`		`-if (!buildACLCommands("",NULL,type,acls,racls,owner,`
	`435`	`+if (!buildACLCommands("",NULL,NULL,type,`
	`436`	`+acls,racls,owner,`
`401`	`437`	`prefix->data,remoteVersion,sql))`
`402`	`438`	`{`
`403`	`439`	`destroyPQExpBuffer(prefix);`
`@@ -641,26 +677,32 @@ AddAcl(PQExpBuffer aclbuf, const char keyword, const char subname)`
`641`	`677`	`* buildShSecLabelQuery`
`642`	`678`	`*`
`643`	`679`	`* Build a query to retrieve security labels for a shared object.`
	`680`	`+ * The object is identified by its OID plus the name of the catalog`
	`681`	`+ * it can be found in (e.g., "pg_database" for database names).`
	`682`	`+ * The query is appended to "sql". (We don't execute it here so as to`
	`683`	`+ * keep this file free of assumptions about how to deal with SQL errors.)`
`644`	`684`	`*/`
`645`	`685`	`void`
`646`		`-buildShSecLabelQuery(PGconnconn,constcharcatalog_name,uint32objectId,`
	`686`	`+buildShSecLabelQuery(PGconnconn,constcharcatalog_name,OidobjectId,`
`647`	`687`	`PQExpBuffersql)`
`648`	`688`	`{`
`649`	`689`	`appendPQExpBuffer(sql,`
`650`	`690`	`"SELECT provider, label FROM pg_catalog.pg_shseclabel "`
`651`		`-"WHERE classoid = '%s'::pg_catalog.regclass AND "`
`652`		`-"objoid =%u",catalog_name,objectId);`
	`691`	`+"WHERE classoid = 'pg_catalog.%s'::pg_catalog.regclass "`
	`692`	`+"ANDobjoid ='%u'",catalog_name,objectId);`
`653`	`693`	`}`
`654`	`694`
`655`	`695`	`/*`
`656`	`696`	`* emitShSecLabels`
`657`	`697`	`*`
`658`		`- * Format security label data retrieved by the query generated in`
`659`		`- * buildShSecLabelQuery.`
	`698`	`+ * Construct SECURITY LABEL commands using the data retrieved by the query`
	`699`	`+ * generated by buildShSecLabelQuery, and append them to "buffer".`
	`700`	`+ * Here, the target object is identified by its type name (e.g. "DATABASE")`
	`701`	`+ * and its name (not pre-quoted).`
`660`	`702`	`*/`
`661`	`703`	`void`
`662`	`704`	`emitShSecLabels(PGconnconn,PGresultres,PQExpBufferbuffer,`
`663`		`-constchartarget,constcharobjname)`
	`705`	`+constcharobjtype,constcharobjname)`
`664`	`706`	`{`
`665`	`707`	`inti;`
`666`	`708`
`@@ -672,7 +714,7 @@ emitShSecLabels(PGconn conn, PGresult res, PQExpBuffer buffer,`
`672`	`714`	`/* must use fmtId result before calling it again */`
`673`	`715`	`appendPQExpBuffer(buffer,`
`674`	`716`	`"SECURITY LABEL FOR %s ON %s",`
`675`		`-fmtId(provider),target);`
	`717`	`+fmtId(provider),objtype);`
`676`	`718`	`appendPQExpBuffer(buffer,`
`677`	`719`	`" %s IS ",`
`678`	`720`	`fmtId(objname));`

`‎src/bin/pg_dump/dumputils.h`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@`
`36`	`36`	`#endif`
`37`	`37`
`38`	`38`
`39`		`-externboolbuildACLCommands(constcharname,constcharsubname,`
	`39`	`+externboolbuildACLCommands(constcharname,constcharsubname,constchar*nspname,`
`40`	`40`	`constchartype,constcharacls,constchar*racls,`
`41`	`41`	`constcharowner,constcharprefix,intremoteVersion,`
`42`	`42`	`PQExpBuffersql);`
`@@ -47,9 +47,9 @@ extern bool buildDefaultACLCommands(const char type, const char nspname,`
`47`	`47`	`intremoteVersion,`
`48`	`48`	`PQExpBuffersql);`
`49`	`49`	`externvoidbuildShSecLabelQuery(PGconnconn,constcharcatalog_name,`
`50`		`-uint32objectId,PQExpBuffersql);`
	`50`	`+OidobjectId,PQExpBuffersql);`
`51`	`51`	`externvoidemitShSecLabels(PGconnconn,PGresultres,`
`52`		`-PQExpBufferbuffer,constchartarget,constcharobjname);`
	`52`	`+PQExpBufferbuffer,constcharobjtype,constcharobjname);`
`53`	`53`
`54`	`54`	`externvoidbuildACLQueries(PQExpBufferacl_subquery,PQExpBufferracl_subquery,`
`55`	`55`	`PQExpBufferinit_acl_subquery,PQExpBufferinit_racl_subquery,`

`‎src/bin/pg_dump/pg_backup.h`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -197,6 +197,9 @@ typedef struct Archive`
`197`	`197`	`/* info needed for string escaping */`
`198`	`198`	`intencoding;/* libpq code for client_encoding */`
`199`	`199`	`boolstd_strings;/* standard_conforming_strings */`
	`200`	`+`
	`201`	`+/* other important stuff */`
	`202`	`+charsearchpath;/ search_path to set during restore */`
`200`	`203`	`charuse_role;/ Issue SET ROLE to this */`
`201`	`204`
`202`	`205`	`/* error handling */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit3d2aed6

File tree

16 files changed

16 files changed

`‎src/backend/utils/adt/ruleutils.c`

`‎src/bin/pg_dump/dumputils.c`

`‎src/bin/pg_dump/dumputils.h`

`‎src/bin/pg_dump/pg_backup.h`

0 commit comments