NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit6aba85a

committed

Restrict accesses to non-system views and foreign tables during pg_dump.

When pg_dump retrieves the list of database objects and performs thedata dump, there was possibility that objects are replaced with othersof the same name, such as views, and access them. This vulnerabilitycould result in code execution with superuser privileges during thepg_dump process.This issue can arise when dumping data of sequences, foreigntables (only 13 or later), or tables registered with a WHERE clause inthe extension configuration table.To address this, pg_dump now utilizes the newly introducedrestrict_nonsystem_relation_kind GUC parameter to restrict theaccesses to non-system views and foreign tables during the dumpprocess. This new GUC parameter is added to back branches too, butthese changes do not require cluster recreation.Back-patch to all supported branches.Reviewed-by: Noah MischSecurity:CVE-2024-7348Backpatch-through: 12

1 parentd031106 commit6aba85aCopy full SHA for 6aba85a

File tree

15 files changed

+255

-1

lines changed

contrib/postgres_fdw
- expected
  - postgres_fdw.out
- sql
  - postgres_fdw.sql
doc/src/sgml
- config.sgml
- ref
  - pg_dump.sgml
src
- backend
  - foreign
    - foreign.c
  - optimizer
    - plan
      - createplan.c
    - util
      - plancat.c
  - rewrite
    - rewriteHandler.c
  - tcop
    - postgres.c
  - utils/misc
    - guc_tables.c
- bin/pg_dump
  - pg_dump.c
- include
  - tcop
    - tcopprot.h
  - utils
    - guc_hooks.h
- test/regress
  - expected
    - create_view.out
  - sql
    - create_view.sql

15 files changed

+255

-1

lines changed

`‎contrib/postgres_fdw/expected/postgres_fdw.out`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -637,6 +637,17 @@ EXPLAIN (VERBOSE, COSTS OFF) SELECT * FROM ft_empty ORDER BY c1;`
`637`	`637`	`Remote SQL: SELECT c1, c2 FROM public.loct_empty ORDER BY c1 ASC NULLS LAST`
`638`	`638`	`(3 rows)`
`639`	`639`
	`640`	`+-- test restriction on non-system foreign tables.`
	`641`	`+SET restrict_nonsystem_relation_kind TO 'foreign-table';`
	`642`	`+SELECT * from ft1 where c1 < 1; -- ERROR`
	`643`	`+ERROR: access to non-system foreign table is restricted`
	`644`	`+INSERT INTO ft1 (c1) VALUES (1); -- ERROR`
	`645`	`+ERROR: access to non-system foreign table is restricted`
	`646`	`+DELETE FROM ft1 WHERE c1 = 1; -- ERROR`
	`647`	`+ERROR: access to non-system foreign table is restricted`
	`648`	`+TRUNCATE ft1; -- ERROR`
	`649`	`+ERROR: access to non-system foreign table is restricted`
	`650`	`+RESET restrict_nonsystem_relation_kind;`
`640`	`651`	`-- ===================================================================`
`641`	`652`	`-- WHERE with remotely-executable conditions`
`642`	`653`	`-- ===================================================================`

`‎contrib/postgres_fdw/sql/postgres_fdw.sql`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -327,6 +327,14 @@ DELETE FROM loct_empty;`
`327`	`327`	`ANALYZE ft_empty;`
`328`	`328`	`EXPLAIN (VERBOSE, COSTS OFF)SELECT*FROM ft_emptyORDER BY c1;`
`329`	`329`
	`330`	`+-- test restriction on non-system foreign tables.`
	`331`	`+SET restrict_nonsystem_relation_kind TO'foreign-table';`
	`332`	`+SELECT*from ft1where c1<1;-- ERROR`
	`333`	`+INSERT INTO ft1 (c1)VALUES (1);-- ERROR`
	`334`	`+DELETEFROM ft1WHERE c1=1;-- ERROR`
	`335`	`+TRUNCATE ft1;-- ERROR`
	`336`	`+RESET restrict_nonsystem_relation_kind;`
	`337`	`+`
`330`	`338`	`-- ===================================================================`
`331`	`339`	`-- WHERE with remotely-executable conditions`
`332`	`340`	`-- ===================================================================`

`‎doc/src/sgml/config.sgml`

Lines changed: 17 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -9564,6 +9564,23 @@ SET XML OPTION { DOCUMENT \| CONTENT };`
`9564`	`9564`	`</listitem>`
`9565`	`9565`	`</varlistentry>`
`9566`	`9566`
	`9567`	`+ <varlistentry id="guc-restrict-nonsystem-relation-kind" xreflabel="restrict_nonsystem_relation_kind">`
	`9568`	`+ <term><varname>restrict_nonsystem_relation_kind</varname> (<type>string</type>)`
	`9569`	`+ <indexterm>`
	`9570`	`+ <primary><varname>restrict_nonsystem_relation_kind</varname></primary>`
	`9571`	`+ <secondary>configuration parameter</secondary>`
	`9572`	`+ </indexterm>`
	`9573`	`+ </term>`
	`9574`	`+ <listitem>`
	`9575`	`+ <para>`
	`9576`	`+ This variable specifies relation kind to which access is restricted.`
	`9577`	`+ It contains a comma-separated list of relation kind. Currently, the`
	`9578`	`+ supported relation kinds are <literal>view</literal> and`
	`9579`	`+ <literal>foreign-table</literal>.`
	`9580`	`+ </para>`
	`9581`	`+ </listitem>`
	`9582`	`+ </varlistentry>`
	`9583`	`+`
`9567`	`9584`	`</variablelist>`
`9568`	`9585`	`</sect2>`
`9569`	`9586`	`<sect2 id="runtime-config-client-format">`

`‎doc/src/sgml/ref/pg_dump.sgml`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -868,6 +868,14 @@ PostgreSQL documentation`
`868`	`868`	`The only exception is that an empty pattern is disallowed.`
`869`	`869`	`</para>`
`870`	`870`
	`871`	`+ <note>`
	`872`	`+ <para>`
	`873`	`+ Using wildcards in <option>--include-foreign-data</option> may result`
	`874`	`+ in access to unexpected foreign servers. Also, to use this option securely,`
	`875`	`+ make sure that the named server must have a trusted owner.`
	`876`	`+ </para>`
	`877`	`+ </note>`
	`878`	`+`
`871`	`879`	`<note>`
`872`	`880`	`<para>`
`873`	`881`	`When <option>--include-foreign-data</option> is specified,`

`‎src/backend/foreign/foreign.c`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@`
`23`	`23`	`#include"funcapi.h"`
`24`	`24`	`#include"lib/stringinfo.h"`
`25`	`25`	`#include"miscadmin.h"`
	`26`	`+#include"tcop/tcopprot.h"`
`26`	`27`	`#include"utils/builtins.h"`
`27`	`28`	`#include"utils/memutils.h"`
`28`	`29`	`#include"utils/rel.h"`
`@@ -323,6 +324,15 @@ GetFdwRoutine(Oid fdwhandler)`
`323`	`324`	`Datumdatum;`
`324`	`325`	`FdwRoutine*routine;`
`325`	`326`
	`327`	`+/* Check if the access to foreign tables is restricted */`
	`328`	`+if (unlikely((restrict_nonsystem_relation_kind&RESTRICT_RELKIND_FOREIGN_TABLE)!=0))`
	`329`	`+{`
	`330`	`+/* there must not be built-in FDW handler */`
	`331`	`+ereport(ERROR,`
	`332`	`+(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),`
	`333`	`+errmsg("access to non-system foreign table is restricted")));`
	`334`	`+}`
	`335`	`+`
`326`	`336`	`datum=OidFunctionCall0(fdwhandler);`
`327`	`337`	`routine= (FdwRoutine*)DatumGetPointer(datum);`
`328`	`338`

`‎src/backend/optimizer/plan/createplan.c`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@`
`40`	`40`	`#include"parser/parse_clause.h"`
`41`	`41`	`#include"parser/parsetree.h"`
`42`	`42`	`#include"partitioning/partprune.h"`
	`43`	`+#include"tcop/tcopprot.h"`
`43`	`44`	`#include"utils/lsyscache.h"`
`44`	`45`
`45`	`46`
`@@ -7090,7 +7091,19 @@ make_modifytable(PlannerInfo root, Plan subplan,`
`7090`	`7091`
`7091`	`7092`	`if (rte->rtekind==RTE_RELATION&&`
`7092`	`7093`	`rte->relkind==RELKIND_FOREIGN_TABLE)`
	`7094`	`+{`
	`7095`	`+/* Check if the access to foreign tables is restricted */`
	`7096`	`+if (unlikely((restrict_nonsystem_relation_kind&RESTRICT_RELKIND_FOREIGN_TABLE)!=0))`
	`7097`	`+{`
	`7098`	`+/* there must not be built-in foreign tables */`
	`7099`	`+Assert(rte->relid >=FirstNormalObjectId);`
	`7100`	`+ereport(ERROR,`
	`7101`	`+(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),`
	`7102`	`+errmsg("access to non-system foreign table is restricted")));`
	`7103`	`+}`
	`7104`	`+`
`7093`	`7105`	`fdwroutine=GetFdwRoutineByRelId(rte->relid);`
	`7106`	`+}`
`7094`	`7107`	`else`
`7095`	`7108`	`fdwroutine=NULL;`
`7096`	`7109`	`}`

`‎src/backend/optimizer/util/plancat.c`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@`
`47`	`47`	`#include"rewrite/rewriteManip.h"`
`48`	`48`	`#include"statistics/statistics.h"`
`49`	`49`	`#include"storage/bufmgr.h"`
	`50`	`+#include"tcop/tcopprot.h"`
`50`	`51`	`#include"utils/builtins.h"`
`51`	`52`	`#include"utils/lsyscache.h"`
`52`	`53`	`#include"utils/partcache.h"`
`@@ -500,6 +501,17 @@ get_relation_info(PlannerInfo *root, Oid relationObjectId, bool inhparent,`
`500`	`501`	`/* Grab foreign-table info using the relcache, while we have it */`
`501`	`502`	`if (relation->rd_rel->relkind==RELKIND_FOREIGN_TABLE)`
`502`	`503`	`{`
	`504`	`+/* Check if the access to foreign tables is restricted */`
	`505`	`+if (unlikely((restrict_nonsystem_relation_kind&RESTRICT_RELKIND_FOREIGN_TABLE)!=0))`
	`506`	`+{`
	`507`	`+/* there must not be built-in foreign tables */`
	`508`	`+Assert(RelationGetRelid(relation) >=FirstNormalObjectId);`
	`509`	`+`
	`510`	`+ereport(ERROR,`
	`511`	`+(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),`
	`512`	`+errmsg("access to non-system foreign table is restricted")));`
	`513`	`+}`
	`514`	`+`
`503`	`515`	`rel->serverid=GetForeignServerIdByRelId(RelationGetRelid(relation));`
`504`	`516`	`rel->fdwroutine=GetFdwRoutineForRelation(relation, true);`
`505`	`517`	`}`

`‎src/backend/rewrite/rewriteHandler.c`

Lines changed: 17 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@`
`41`	`41`	`#include"rewrite/rewriteManip.h"`
`42`	`42`	`#include"rewrite/rewriteSearchCycle.h"`
`43`	`43`	`#include"rewrite/rowsecurity.h"`
	`44`	`+#include"tcop/tcopprot.h"`
`44`	`45`	`#include"utils/builtins.h"`
`45`	`46`	`#include"utils/lsyscache.h"`
`46`	`47`	`#include"utils/rel.h"`
`@@ -1740,6 +1741,14 @@ ApplyRetrieveRule(Query *parsetree,`
`1740`	`1741`	`if (rule->qual!=NULL)`
`1741`	`1742`	`elog(ERROR,"cannot handle qualified ON SELECT rule");`
`1742`	`1743`
	`1744`	`+/* Check if the expansion of non-system views are restricted */`
	`1745`	`+if (unlikely((restrict_nonsystem_relation_kind&RESTRICT_RELKIND_VIEW)!=0&&`
	`1746`	`+RelationGetRelid(relation) >=FirstNormalObjectId))`
	`1747`	`+ereport(ERROR,`
	`1748`	`+(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),`
	`1749`	`+errmsg("access to non-system view \"%s\" is restricted",`
	`1750`	`+RelationGetRelationName(relation))));`
	`1751`	`+`
`1743`	`1752`	`if (rt_index==parsetree->resultRelation)`
`1744`	`1753`	`{`
`1745`	`1754`	`/*`
`@@ -3108,6 +3117,14 @@ rewriteTargetView(Query *parsetree, Relation view)`
`3108`	`3117`	`}`
`3109`	`3118`	`}`
`3110`	`3119`
	`3120`	`+/* Check if the expansion of non-system views are restricted */`
	`3121`	`+if (unlikely((restrict_nonsystem_relation_kind&RESTRICT_RELKIND_VIEW)!=0&&`
	`3122`	`+RelationGetRelid(view) >=FirstNormalObjectId))`
	`3123`	`+ereport(ERROR,`
	`3124`	`+(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),`
	`3125`	`+errmsg("access to non-system view \"%s\" is restricted",`
	`3126`	`+RelationGetRelationName(view))));`
	`3127`	`+`
`3111`	`3128`	`/*`
`3112`	`3129`	`* For INSERT/UPDATE the modified columns must all be updatable.`
`3113`	`3130`	`*/`

`‎src/backend/tcop/postgres.c`

Lines changed: 64 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -77,6 +77,7 @@`
`77`	`77`	`#include"utils/snapmgr.h"`
`78`	`78`	`#include"utils/timeout.h"`
`79`	`79`	`#include"utils/timestamp.h"`
	`80`	`+#include"utils/varlena.h"`
`80`	`81`
`81`	`82`	`/* ----------------`
`82`	`83`	`*global variables`
`@@ -101,6 +102,9 @@ intPostAuthDelay = 0;`
`101`	`102`	`/* Time between checks that the client is still connected. */`
`102`	`103`	`intclient_connection_check_interval=0;`
`103`	`104`
	`105`	`+/* flags for non-system relation kinds to restrict use */`
	`106`	`+intrestrict_nonsystem_relation_kind;`
	`107`	`+`
`104`	`108`	`/* ----------------`
`105`	`109`	`*private typedefs etc`
`106`	`110`	`* ----------------`
`@@ -3628,6 +3632,66 @@ check_log_stats(bool newval, void *extra, GucSource source)`
`3628`	`3632`	`return true;`
`3629`	`3633`	`}`
`3630`	`3634`
	`3635`	`+/*`
	`3636`	`+ * GUC check_hook for restrict_nonsystem_relation_kind`
	`3637`	`+ */`
	`3638`	`+bool`
	`3639`	`+check_restrict_nonsystem_relation_kind(charnewval,voidextra,GucSourcesource)`
	`3640`	`+{`
	`3641`	`+char*rawstring;`
	`3642`	`+List*elemlist;`
	`3643`	`+ListCell*l;`
	`3644`	`+intflags=0;`
	`3645`	`+`
	`3646`	`+/* Need a modifiable copy of string */`
	`3647`	`+rawstring=pstrdup(*newval);`
	`3648`	`+`
	`3649`	`+if (!SplitIdentifierString(rawstring,',',&elemlist))`
	`3650`	`+{`
	`3651`	`+/* syntax error in list */`
	`3652`	`+GUC_check_errdetail("List syntax is invalid.");`
	`3653`	`+pfree(rawstring);`
	`3654`	`+list_free(elemlist);`
	`3655`	`+return false;`
	`3656`	`+}`
	`3657`	`+`
	`3658`	`+foreach(l,elemlist)`
	`3659`	`+{`
	`3660`	`+chartok= (char)lfirst(l);`
	`3661`	`+`
	`3662`	`+if (pg_strcasecmp(tok,"view")==0)`
	`3663`	`+flags \|=RESTRICT_RELKIND_VIEW;`
	`3664`	`+elseif (pg_strcasecmp(tok,"foreign-table")==0)`
	`3665`	`+flags \|=RESTRICT_RELKIND_FOREIGN_TABLE;`
	`3666`	`+else`
	`3667`	`+{`
	`3668`	`+GUC_check_errdetail("Unrecognized key word: \"%s\".",tok);`
	`3669`	`+pfree(rawstring);`
	`3670`	`+list_free(elemlist);`
	`3671`	`+return false;`
	`3672`	`+}`
	`3673`	`+}`
	`3674`	`+`
	`3675`	`+pfree(rawstring);`
	`3676`	`+list_free(elemlist);`
	`3677`	`+`
	`3678`	`+/* Save the flags in extra, for use by the assign function /`
	`3679`	`+*extra=guc_malloc(ERROR,sizeof(int));`
	`3680`	`+((int)*extra)=flags;`
	`3681`	`+`
	`3682`	`+return true;`
	`3683`	`+}`
	`3684`	`+`
	`3685`	`+/*`
	`3686`	`+ * GUC assign_hook for restrict_nonsystem_relation_kind`
	`3687`	`+ */`
	`3688`	`+void`
	`3689`	`+assign_restrict_nonsystem_relation_kind(constcharnewval,voidextra)`
	`3690`	`+{`
	`3691`	`+intflags= (int)extra;`
	`3692`	`+`
	`3693`	`+restrict_nonsystem_relation_kind=*flags;`
	`3694`	`+}`
`3631`	`3695`
`3632`	`3696`	`/*`
`3633`	`3697`	`* set_debug_options --- apply "-d N" command line option`

`‎src/backend/utils/misc/guc_tables.c`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -564,6 +564,7 @@ static char *server_encoding_string;`
`564`	`564`	`staticchar*server_version_string;`
`565`	`565`	`staticintserver_version_num;`
`566`	`566`	`staticchar*debug_io_direct_string;`
	`567`	`+staticchar*restrict_nonsystem_relation_kind_string;`
`567`	`568`
`568`	`569`	`#ifdefHAVE_SYSLOG`
`569`	`570`	`#defineDEFAULT_SYSLOG_FACILITY LOG_LOCAL0`
`@@ -4549,6 +4550,17 @@ struct config_string ConfigureNamesString[] =`
`4549`	`4550`	`check_debug_io_direct,assign_debug_io_direct,NULL`
`4550`	`4551`	`},`
`4551`	`4552`
	`4553`	`+{`
	`4554`	`+{"restrict_nonsystem_relation_kind",PGC_USERSET,CLIENT_CONN_STATEMENT,`
	`4555`	`+gettext_noop("Sets relation kinds of non-system relation to restrict use"),`
	`4556`	`+NULL,`
	`4557`	`+GUC_LIST_INPUT \|GUC_NOT_IN_SAMPLE`
	`4558`	`+},`
	`4559`	`+&restrict_nonsystem_relation_kind_string,`
	`4560`	`+"",`
	`4561`	`+check_restrict_nonsystem_relation_kind,assign_restrict_nonsystem_relation_kind,NULL`
	`4562`	`+},`
	`4563`	`+`
`4552`	`4564`	`/* End-of-list marker */`
`4553`	`4565`	`{`
`4554`	`4566`	`{NULL,0,0,NULL,NULL},NULL,NULL,NULL,NULL,NULL`

`‎src/bin/pg_dump/pg_dump.c`

Lines changed: 47 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -324,6 +324,7 @@ static bool nonemptyReloptions(const char *reloptions);`
`324`	`324`	`static void appendReloptionsArrayAH(PQExpBuffer buffer, const char *reloptions,`
`325`	`325`	`const char prefix, Archive fout);`
`326`	`326`	`static char get_synchronized_snapshot(Archive fout);`
	`327`	`+static void set_restrict_relation_kind(Archive AH, const char value);`
`327`	`328`	`static void setupDumpWorker(Archive *AH);`
`328`	`329`	`static TableInfo getRootTableInfo(const TableInfo tbinfo);`
`329`	`330`	`static bool forcePartitionRootLoad(const TableInfo *tbinfo);`
`@@ -1252,6 +1253,13 @@ setup_connection(Archive AH, const char dumpencoding,`
`1252`	`1253`	`ExecuteSqlStatement(AH, "SET row_security = off");`
`1253`	`1254`	`}`
`1254`	`1255`
	`1256`	`+/*`
	`1257`	`+ * For security reasons, we restrict the expansion of non-system views and`
	`1258`	`+ * access to foreign tables during the pg_dump process. This restriction`
	`1259`	`+ * is adjusted when dumping foreign table data.`
	`1260`	`+ */`
	`1261`	`+set_restrict_relation_kind(AH, "view, foreign-table");`
	`1262`	`+`
`1255`	`1263`	`/*`
`1256`	`1264`	`* Initialize prepared-query state to "nothing prepared". We do this here`
`1257`	`1265`	`* so that a parallel dump worker will have its own state.`
`@@ -2114,6 +2122,10 @@ dumpTableData_copy(Archive fout, const void dcontext)`
`2114`	`2122`	`*/`
`2115`	`2123`	`if (tdinfo->filtercond \|\| tbinfo->relkind == RELKIND_FOREIGN_TABLE)`
`2116`	`2124`	`{`
	`2125`	`+/* Temporary allows to access to foreign tables to dump data */`
	`2126`	`+if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)`
	`2127`	`+set_restrict_relation_kind(fout, "view");`
	`2128`	`+`
`2117`	`2129`	`appendPQExpBufferStr(q, "COPY (SELECT ");`
`2118`	`2130`	`/* klugery to get rid of parens in column list */`
`2119`	`2131`	`if (strlen(column_list) > 2)`
`@@ -2225,6 +2237,11 @@ dumpTableData_copy(Archive fout, const void dcontext)`
`2225`	`2237`	`classname);`
`2226`	`2238`
`2227`	`2239`	`destroyPQExpBuffer(q);`
	`2240`	`+`
	`2241`	`+/* Revert back the setting */`
	`2242`	`+if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)`
	`2243`	`+set_restrict_relation_kind(fout, "view, foreign-table");`
	`2244`	`+`
`2228`	`2245`	`return 1;`
`2229`	`2246`	`}`
`2230`	`2247`
`@@ -2251,6 +2268,10 @@ dumpTableData_insert(Archive fout, const void dcontext)`
`2251`	`2268`	`introws_per_statement = dopt->dump_inserts;`
`2252`	`2269`	`introws_this_statement = 0;`
`2253`	`2270`
	`2271`	`+/* Temporary allows to access to foreign tables to dump data */`
	`2272`	`+if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)`
	`2273`	`+set_restrict_relation_kind(fout, "view");`
	`2274`	`+`
`2254`	`2275`	`/*`
`2255`	`2276`	`* If we're going to emit INSERTs with column names, the most efficient`
`2256`	`2277`	`* way to deal with generated columns is to exclude them entirely. For`
`@@ -2490,6 +2511,10 @@ dumpTableData_insert(Archive fout, const void dcontext)`
`2490`	`2511`	`destroyPQExpBuffer(insertStmt);`
`2491`	`2512`	`free(attgenerated);`
`2492`	`2513`
	`2514`	`+/* Revert back the setting */`
	`2515`	`+if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)`
	`2516`	`+set_restrict_relation_kind(fout, "view, foreign-table");`
	`2517`	`+`
`2493`	`2518`	`return 1;`
`2494`	`2519`	`}`
`2495`	`2520`
`@@ -4590,6 +4615,28 @@ is_superuser(Archive *fout)`
`4590`	`4615`	`return false;`
`4591`	`4616`	`}`
`4592`	`4617`
	`4618`	`+/*`
	`4619`	`+ * Set the given value to restrict_nonsystem_relation_kind value. Since`
	`4620`	`+ * restrict_nonsystem_relation_kind is introduced in minor version releases,`
	`4621`	`+ * the setting query is effective only where available.`
	`4622`	`+ */`
	`4623`	`+static void`
	`4624`	`+set_restrict_relation_kind(Archive AH, const char value)`
	`4625`	`+{`
	`4626`	`+PQExpBuffer query = createPQExpBuffer();`
	`4627`	`+PGresult *res;`
	`4628`	`+`
	`4629`	`+appendPQExpBuffer(query,`
	`4630`	`+ "SELECT set_config(name, '%s', false) "`
	`4631`	`+ "FROM pg_settings "`
	`4632`	`+ "WHERE name = 'restrict_nonsystem_relation_kind'",`
	`4633`	`+ value);`
	`4634`	`+res = ExecuteSqlQuery(AH, query->data, PGRES_TUPLES_OK);`
	`4635`	`+`
	`4636`	`+PQclear(res);`
	`4637`	`+destroyPQExpBuffer(query);`
	`4638`	`+}`
	`4639`	`+`
`4593`	`4640`	`/*`
`4594`	`4641`	`* getSubscriptions`
`4595`	`4642`	`* get information about subscriptions`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6aba85a

File tree

15 files changed

15 files changed

`‎contrib/postgres_fdw/expected/postgres_fdw.out`

`‎contrib/postgres_fdw/sql/postgres_fdw.sql`

`‎doc/src/sgml/config.sgml`

`‎doc/src/sgml/ref/pg_dump.sgml`

`‎src/backend/foreign/foreign.c`

`‎src/backend/optimizer/plan/createplan.c`

`‎src/backend/optimizer/util/plancat.c`

`‎src/backend/rewrite/rewriteHandler.c`

`‎src/backend/tcop/postgres.c`

`‎src/backend/utils/misc/guc_tables.c`

`‎src/bin/pg_dump/pg_dump.c`

0 commit comments