|
20 | 20 | #include"xact_handling.h" |
21 | 21 |
|
22 | 22 | #include"access/transam.h" |
| 23 | +#include"catalog/pg_authid.h" |
23 | 24 | #include"miscadmin.h" |
24 | 25 | #include"optimizer/cost.h" |
25 | 26 | #include"optimizer/restrictinfo.h" |
@@ -556,14 +557,33 @@ pathman_post_parse_analysis_hook(ParseState *pstate, Query *query) |
556 | 557 | /* Check that pg_pathman is the last extension loaded */ |
557 | 558 | if (post_parse_analyze_hook!=pathman_post_parse_analysis_hook) |
558 | 559 | { |
559 | | -char*spl_value;/* value of "shared_preload_libraries" GUC */ |
| 560 | +Oidsave_userid; |
| 561 | +intsave_sec_context; |
| 562 | +boolneed_priv_escalation= !superuser();/* we might be a SU */ |
| 563 | +char*spl_value;/* value of "shared_preload_libraries" GUC */ |
560 | 564 |
|
| 565 | +/* Do we have to escalate privileges? */ |
| 566 | +if (need_priv_escalation) |
| 567 | +{ |
| 568 | +/* Get current user's Oid and security context */ |
| 569 | +GetUserIdAndSecContext(&save_userid,&save_sec_context); |
| 570 | + |
| 571 | +/* Become superuser in order to bypass sequence ACL checks */ |
| 572 | +SetUserIdAndSecContext(BOOTSTRAP_SUPERUSERID, |
| 573 | +save_sec_context |SECURITY_LOCAL_USERID_CHANGE); |
| 574 | +} |
| 575 | + |
| 576 | +/* Only SU can read this GUC */ |
561 | 577 | #ifPG_VERSION_NUM >=90600 |
562 | 578 | spl_value=GetConfigOptionByName("shared_preload_libraries",NULL, false); |
563 | 579 | #else |
564 | 580 | spl_value=GetConfigOptionByName("shared_preload_libraries",NULL); |
565 | 581 | #endif |
566 | 582 |
|
| 583 | +/* Restore user's privileges */ |
| 584 | +if (need_priv_escalation) |
| 585 | +SetUserIdAndSecContext(save_userid,save_sec_context); |
| 586 | + |
567 | 587 | ereport(ERROR, |
568 | 588 | (errmsg("extension conflict has been detected"), |
569 | 589 | errdetail("shared_preload_libraries = \"%s\"",spl_value), |
|